diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml deleted file mode 100644 index 014404e150..0000000000 --- a/.github/release-drafter.yml +++ /dev/null @@ -1,65 +0,0 @@ -# Configuration for Release Drafter: https://github.com/toolmantim/release-drafter -name-template: $NEXT_PATCH_VERSION -tag-template: cyclonedx-core-java-$NEXT_MINOR_VERSION -version-template: $MAJOR.$MINOR.$PATCH - -# Emoji reference: https://gitmoji.carloscuesta.me/ -categories: - - title: ":boom: Breaking changes" - labels: - - breaking - - title: 🚨 Removed - label: removed - - title: ":tada: Major features and improvements" - labels: - - major-enhancement - - major-rfe - - title: 🐛 Major bug fixes - labels: - - major-bug - - title: ⚠ī¸ Deprecated - label: deprecated - - title: 🚀 New features and improvements - labels: - - enhancement - - feature - - rfe - - title: 🐛 Bug Fixes - labels: - - bug - - fix - - bugfix - - regression - - title: ":construction_worker: Changes for plugin developers" - labels: - - developer - # Default label used by Dependabot - - title: đŸ“Ļ Dependency updates - label: - - dependencies - - dependency - - dependency-upgrade - - title: 📝 Documentation updates - label: documentation - - title: đŸ‘ģ Maintenance - labels: - - chore - - internal - - maintenance - - title: 🔧 Build - label: build - - title: đŸšĻ Tests - labels: - - test - - tests -exclude-labels: - - reverted - - no-changelog - - skip-changelog - - invalid - -change-template: '- $TITLE ([#$NUMBER]($URL)) @$AUTHOR' - -template: | - - $CHANGES diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 0000000000..33255a5d89 --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,20 @@ +changelog: + categories: + - title: Breaking Changes 🚨 + labels: + - breaking change + - title: Enhancements 🚀 + labels: + - enhancement + - title: Bug Fixes 🐛 + labels: + - bug + - title: Dependency Updates 🤖 + labels: + - dependencies + - title: Documentation 📃 + labels: + - documentation + - title: Other Changes + labels: + - "*" \ No newline at end of file diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 016667d0cc..8a755ee324 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -2,65 +2,39 @@ name: "CodeQL" on: push: - branches: [master] + branches: + - master pull_request: - # The branches below must be a subset of the branches above - branches: [master] + branches: + - master schedule: - - cron: '0 9 * * 5' + - cron: '0 9 * * 5' + +permissions: { } jobs: analyze: name: Analyze runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - # Override automatic language detection by changing the below list - # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] - language: ['java'] - # Learn more... - # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection - + permissions: + security-events: write steps: - name: Checkout repository - uses: actions/checkout@v4.1.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2 with: # We must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head. fetch-depth: 2 - # If this run was triggered by a pull request event, then checkout # the head of the pull request instead of the merge commit. - run: git checkout HEAD^2 if: ${{ github.event_name == 'pull_request' }} - # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # tag=v3.29.2 with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) + languages: java - name: Autobuild - uses: github/codeql-action/autobuild@v3 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - + uses: github/codeql-action/autobuild@181d5eefc20863364f96762470ba6f862bdef56b # tag=v3.29.2 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # tag=v3.29.2 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index cf996370eb..9e1af1e4a6 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -6,24 +6,26 @@ on: - master workflow_dispatch: +permissions: { } + jobs: build-documentation: name: "Build documentation" runs-on: ubuntu-latest + permissions: + contents: write # Required to push commits to gh-pages branch timeout-minutes: 30 steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2 - name: Set up JDK 8 - uses: actions/setup-java@v4 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # tag=v4.7.1 with: distribution: temurin java-version: 8 - name: Build with Maven - run: mvn package --file pom.xml - + run: mvn -B --no-transfer-progress package - name: Deploy documentation - uses: JamesIves/github-pages-deploy-action@releases/v3 + uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8 # tag=v4.7.3 with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - BRANCH: gh-pages - FOLDER: target/apidocs + branch: gh-pages + folder: target/reports/apidocs diff --git a/.github/workflows/java-maven.yml b/.github/workflows/java-maven.yml index 09af591e21..0e43c224a1 100644 --- a/.github/workflows/java-maven.yml +++ b/.github/workflows/java-maven.yml @@ -15,9 +15,9 @@ jobs: group: ${{ github.workflow }}-${{ github.ref }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Set up JDK 8 - uses: actions/setup-java@v2 + uses: actions/setup-java@v4 with: distribution: adopt java-version: 8 diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index a4f8f2a10d..53aab1c8ea 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -1,22 +1,47 @@ name: Maven CI -on: [push, pull_request] +on: + push: + branches: + - master + pull_request: + branches: + - master + +permissions: { } jobs: - build: + test: + name: Test strategy: matrix: - os: [ ubuntu-latest ] - java-version: [ 8 ] - distro: [ 'zulu', 'temurin' ] - runs-on: ${{ matrix.os }} - + java-version: [ 8, 11, 17, 21 ] + runs-on: ubuntu-latest + timeout-minutes: 5 steps: - - uses: actions/checkout@v4.1.1 + - name: Checkout Repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2 - name: Set up JDK ${{ matrix.java-version }} - uses: actions/setup-java@v4 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # tag=v4.7.1 with: - distribution: ${{ matrix.distro }} + distribution: temurin java-version: ${{ matrix.java-version }} - - name: Build with Maven - run: mvn package --file pom.xml + cache: maven + - name: Test + run: mvn -B --no-transfer-progress clean verify + # Publishing coverage to Codacy is only possible for builds of push events. + # PRs from forks do not get access to repository secrets. + # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ + - name: Publish test coverage + if: ${{ github.event_name != 'pull_request' && github.repository_owner == 'CycloneDX' && matrix.java-version == '21' }} + uses: codacy/codacy-coverage-reporter-action@89d6c85cfafaec52c72b6c5e8b2878d33104c699 # tag=v1.3.0 + with: + project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} + language: Java + coverage-reports: target/site/jacoco/jacoco.xml + - name: Upload PR test coverage report + if: ${{ github.event_name == 'pull_request' }} + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # tag=v4.6.2 + with: + name: pr-test-coverage-report-java-${{ matrix.java-version }} + path: target/site/jacoco/jacoco.xml \ No newline at end of file diff --git a/.github/workflows/pr-test-coverage.yml b/.github/workflows/pr-test-coverage.yml new file mode 100644 index 0000000000..3e63f03a47 --- /dev/null +++ b/.github/workflows/pr-test-coverage.yml @@ -0,0 +1,32 @@ +name: Report PR Test Coverage + +on: + workflow_run: + workflows: + - Maven CI + types: + - completed + +permissions: { } + +jobs: + publish: + name: Report Coverage + runs-on: ubuntu-latest + if: |- + github.event.workflow_run.event == 'pull_request' + && github.event.workflow_run.conclusion == 'success' + steps: + - name: Download PR test coverage report + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # tag=v4.3.0 + with: + name: pr-test-coverage-report-java-21 + github-token: ${{ secrets.GITHUB_TOKEN }} + run-id: ${{ github.event.workflow_run.id }} + - name: Report Coverage to Codacy + run: |- + bash <(curl -Ls https://coverage.codacy.com/get.sh) report \ + --project-token ${{ secrets.CODACY_PROJECT_TOKEN }} \ + --commit-uuid ${{ github.event.workflow_run.head_sha }} \ + --coverage-reports ./jacoco.xml \ + --language Java diff --git a/.github/workflows/publish-snapshot.yml b/.github/workflows/publish-snapshot.yml new file mode 100644 index 0000000000..69952b9f25 --- /dev/null +++ b/.github/workflows/publish-snapshot.yml @@ -0,0 +1,29 @@ +name: Maven Publish Snapshot + +on: [workflow_dispatch] + +permissions: {} + +jobs: + build: + + runs-on: ubuntu-latest + + permissions: + contents: write # for git-push after version modifications + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2 + - name: Set up JDK 8 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # tag=v4.7.1 + with: + java-version: '8' + distribution: 'temurin' + server-id: ossrh + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + - name: Publish snapshot + run: mvn -B deploy + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml deleted file mode 100644 index 5ccdbd7cfb..0000000000 --- a/.github/workflows/release-drafter.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: Release Drafter -on: - push: - branches: - - master - -permissions: - contents: read - -jobs: - update_release_draft: - permissions: - # write permission is required to create a github release - contents: write - runs-on: ubuntu-latest - steps: - - uses: release-drafter/release-drafter@v5 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000000..72c8afb608 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,76 @@ +name: Maven Release + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Perform a dry run of the Maven release' + required: true + default: false + type: boolean + +permissions: {} + +jobs: + build: + runs-on: ubuntu-latest + + permissions: + contents: write # for git-push after version modifications + + steps: + - name: Checkout code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2 + + - name: Set up JDK 8 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # tag=v4.7.1 + with: + java-version: '8' + distribution: 'temurin' + server-id: ossrh + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + # Export the gpg private key using the following command and add the contents of that file to the GitHub secret + # gpg --armor --export-secret-keys > gpg_key.asc + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + + - name: Set up git + run: | + git config --global user.email "info@cyclonedx.org" + git config --global user.name "CycloneDX Automation" + git config --global credential.helper 'store --file ~/.git-credentials' + echo "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com" > ~/.git-credentials + + - name: Set Maven options + id: maven_options + run: | + # Set the Maven options based on the 'dry_run' input + if ${{ github.event.inputs.dry_run }}; then + echo "options=release:prepare -DdryRun=true -Prelease" >> $GITHUB_ENV + else + echo "options=release:clean release:prepare release:perform -Prelease" >> $GITHUB_ENV + fi + + - name: Run Maven command + # This requires the connection and developerConnection elements in the scm section of the pom + # to be set to "scm:git:https:...." thus preventing the release plugin from using SSH. + run: | + mvn -B ${{ env.options }} + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + continue-on-error: ${{ github.event.inputs.dry_run == false }} + + - name: Rollback if release fails + if: failure() && github.event.inputs.dry_run == false + run: | + echo "Release failed. Rolling back..." + mvn -B release:rollback -Prelease + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000000..a1cbb9a1eb --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +* @CycloneDX/java-maintainers diff --git a/README.md b/README.md index d5e04421ac..cdbe94a21c 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Maven Usage org.cyclonedx cyclonedx-core-java - 8.0.3 + 10.1.0 ``` @@ -31,16 +31,18 @@ The following table provides information on the version of this node module, the as well as the output format options. Use the latest possible version of this library that is the compatible with the CycloneDX version supported by the target system. -| Version | Schema Version | Format(s) | -|---------|----------------|-----------| -| 8.x | CycloneDX v1.5 | XML/JSON | -| 7.x | CycloneDX v1.4 | XML/JSON | -| 6.x | CycloneDX v1.4 | XML/JSON | -| 5.x | CycloneDX v1.3 | XML/JSON | -| 4.x | CycloneDX v1.2 | XML/JSON | -| 3.x | CycloneDX v1.2 | XML/JSON | -| 2.x | CycloneDX v1.1 | XML | -| 1.x | CycloneDX v1.0 | XML | +| Version | Schema Version | Format(s) | +|---------|------------------|-----------| +| 10.x | CycloneDX v1.6.1 | XML/JSON | +| 9.x | CycloneDX v1.6 | XML/JSON | +| 8.x | CycloneDX v1.5 | XML/JSON | +| 7.x | CycloneDX v1.4 | XML/JSON | +| 6.x | CycloneDX v1.4 | XML/JSON | +| 5.x | CycloneDX v1.3 | XML/JSON | +| 4.x | CycloneDX v1.2 | XML/JSON | +| 3.x | CycloneDX v1.2 | XML/JSON | +| 2.x | CycloneDX v1.1 | XML | +| 1.x | CycloneDX v1.0 | XML | ## Library API Documentation diff --git a/pom.xml b/pom.xml index 7d7710795f..7b92e849c9 100644 --- a/pom.xml +++ b/pom.xml @@ -24,7 +24,7 @@ com.github.roche_csi.cyclonedx_core_java cyclonedx-core-java jar - 8.0.4-SNAPSHOT + 11.0.0-SNAPSHOT CycloneDX Core (Java) The CycloneDX core module provides a model representation of the BOM along with utilities to assist in creating, parsing, and validating BOMs. @@ -84,12 +84,12 @@ UTF-8 UTF-8 - 2.7.10 - 3.6.3 - 3.3.0 - 3.3.0 + 2.9.1 + 3.11.2 + 3.3.1 + 3.4.2 1.6.0 - 2023-10-25T16:32:28Z + 2025-03-12T01:44:22Z @@ -161,17 +161,23 @@ commons-codec commons-codec - 1.16.0 + 1.18.0 commons-io commons-io - 2.15.1 + 2.19.0 org.apache.commons commons-lang3 - 3.14.0 + 3.18.0 + + + + org.apache.commons + commons-collections4 + 4.5.0 @@ -187,7 +193,7 @@ com.fasterxml.jackson.dataformat jackson-dataformat-xml - 2.16.1 + 2.19.1 @@ -195,7 +201,7 @@ com.networknt json-schema-validator - 1.0.87 + 1.5.8 @@ -203,14 +209,21 @@ org.assertj assertj-core - 3.24.2 + 3.27.3 test org.junit.jupiter junit-jupiter-engine - 5.10.1 + 5.13.3 + test + + + + org.junit.jupiter + junit-jupiter-params + 5.13.3 test @@ -246,6 +259,26 @@ + + org.jacoco + jacoco-maven-plugin + 0.8.13 + + + default-prepare-agent + + prepare-agent + + + + report + verify + + report + + + + org.cyclonedx cyclonedx-maven-plugin @@ -286,12 +319,12 @@ org.apache.maven.plugins maven-release-plugin - 3.0.1 + 3.1.1 org.apache.maven.plugins maven-surefire-plugin - 3.2.2 + 3.5.3 @@ -308,7 +341,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.4.1 + 3.6.0 enforce-java @@ -328,7 +361,7 @@ org.apache.maven.plugins maven-gpg-plugin - 3.1.0 + 3.2.8 sign-artifacts diff --git a/src/main/java/org/cyclonedx/BomGeneratorFactory.java b/src/main/java/org/cyclonedx/BomGeneratorFactory.java deleted file mode 100644 index 1af0959b86..0000000000 --- a/src/main/java/org/cyclonedx/BomGeneratorFactory.java +++ /dev/null @@ -1,74 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx; - -import org.cyclonedx.generators.json.BomJsonGenerator12; -import org.cyclonedx.generators.json.BomJsonGenerator13; -import org.cyclonedx.generators.json.BomJsonGenerator14; -import org.cyclonedx.generators.json.BomJsonGenerator15; -import org.cyclonedx.generators.xml.BomXmlGenerator; -import org.cyclonedx.generators.xml.BomXmlGenerator10; -import org.cyclonedx.generators.xml.BomXmlGenerator11; -import org.cyclonedx.generators.xml.BomXmlGenerator12; -import org.cyclonedx.generators.xml.BomXmlGenerator13; -import org.cyclonedx.generators.xml.BomXmlGenerator14; -import org.cyclonedx.generators.xml.BomXmlGenerator15; -import org.cyclonedx.model.Bom; -import org.cyclonedx.generators.json.BomJsonGenerator; - -public class BomGeneratorFactory { - - private BomGeneratorFactory() { - } - - @Deprecated - public static BomXmlGenerator create(CycloneDxSchema.Version version, Bom bom) { - return createXml(version, bom); - } - - public static BomXmlGenerator createXml(CycloneDxSchema.Version version, Bom bom) { - switch (version) { - case VERSION_10: - return new BomXmlGenerator10(bom); - case VERSION_11: - return new BomXmlGenerator11(bom); - case VERSION_12: - return new BomXmlGenerator12(bom); - case VERSION_13: - return new BomXmlGenerator13(bom); - case VERSION_14: - return new BomXmlGenerator14(bom); - default: - return new BomXmlGenerator15(bom); - } - } - - public static BomJsonGenerator createJson(final CycloneDxSchema.Version version, Bom bom) { - switch (version) { - case VERSION_12: - return new BomJsonGenerator12(bom); - case VERSION_13: - return new BomJsonGenerator13(bom); - case VERSION_14: - return new BomJsonGenerator14(bom); - default: - return new BomJsonGenerator15(bom); - } - } -} diff --git a/src/main/java/org/cyclonedx/CycloneDxMediaType.java b/src/main/java/org/cyclonedx/CycloneDxMediaType.java index c596f7976b..e5aff4019f 100644 --- a/src/main/java/org/cyclonedx/CycloneDxMediaType.java +++ b/src/main/java/org/cyclonedx/CycloneDxMediaType.java @@ -18,21 +18,20 @@ */ package org.cyclonedx; +@Deprecated public class CycloneDxMediaType { private CycloneDxMediaType() { } /** * Official CycloneDX XML media type assigned by IANA. - * - * https://www.iana.org/assignments/media-types/application/vnd.cyclonedx+xml + * ... */ public static final String APPLICATION_CYCLONEDX_XML = "application/vnd.cyclonedx+xml"; /** * Official CycloneDX JSON media type assigned by IANA. - * - * https://www.iana.org/assignments/media-types/application/vnd.cyclonedx+json + * ... */ public static final String APPLICATION_CYCLONEDX_JSON = "application/vnd.cyclonedx+json"; diff --git a/src/main/java/org/cyclonedx/CycloneDxSchema.java b/src/main/java/org/cyclonedx/CycloneDxSchema.java index afe33c131e..94a796ad8a 100644 --- a/src/main/java/org/cyclonedx/CycloneDxSchema.java +++ b/src/main/java/org/cyclonedx/CycloneDxSchema.java @@ -24,6 +24,7 @@ import com.networknt.schema.JsonSchemaFactory; import com.networknt.schema.SchemaValidatorsConfig; import com.networknt.schema.SpecVersionDetector; +import com.networknt.schema.resource.MapSchemaMapper; import org.cyclonedx.generators.json.BomJsonGenerator; import org.cyclonedx.generators.xml.BomXmlGenerator; import org.xml.sax.SAXException; @@ -61,48 +62,17 @@ public abstract class CycloneDxSchema public static final String NS_BOM_15 = "http://cyclonedx.org/schema/bom/1.5"; + public static final String NS_BOM_16 = "http://cyclonedx.org/schema/bom/1.6"; + + @Deprecated public static final String NS_DEPENDENCY_GRAPH_10 = "http://cyclonedx.org/schema/ext/dependency-graph/1.0"; - public static final String NS_BOM_LATEST = NS_BOM_15; + public static final String NS_BOM_LATEST = NS_BOM_16; - public static final Version VERSION_LATEST = Version.VERSION_15; + public static final Version VERSION_LATEST = Version.VERSION_16; public static final List ALL_VERSIONS = Arrays.asList(Version.values()); - public enum Version - { - VERSION_10(CycloneDxSchema.NS_BOM_10, "1.0", 1.0), - VERSION_11(CycloneDxSchema.NS_BOM_11, "1.1", 1.1), - VERSION_12(CycloneDxSchema.NS_BOM_12, "1.2", 1.2), - VERSION_13(CycloneDxSchema.NS_BOM_13, "1.3", 1.3), - VERSION_14(CycloneDxSchema.NS_BOM_14, "1.4", 1.4), - VERSION_15(CycloneDxSchema.NS_BOM_15, "1.5", 1.5); - - private final String namespace; - - private final String versionString; - - private final double version; - - public String getNamespace() { - return this.namespace; - } - - public String getVersionString() { - return versionString; - } - - public double getVersion() { - return version; - } - - Version(String namespace, String versionString, double version) { - this.namespace = namespace; - this.versionString = versionString; - this.version = version; - } - } - /** * Returns the CycloneDX JsonSchema for the specified schema version. * @@ -112,14 +82,18 @@ public double getVersion() { * @throws IOException when errors are encountered * @since 6.0.0 */ - public JsonSchema getJsonSchema(CycloneDxSchema.Version schemaVersion, final ObjectMapper mapper) + public JsonSchema getJsonSchema(Version schemaVersion, final ObjectMapper mapper) throws IOException { final InputStream spdxInstream = getJsonSchemaAsStream(schemaVersion); final SchemaValidatorsConfig config = new SchemaValidatorsConfig(); + config.setPreloadJsonSchema(false); + final Map offlineMappings = new HashMap<>(); offlineMappings.put("http://cyclonedx.org/schema/spdx.schema.json", getClass().getClassLoader().getResource("spdx.schema.json").toExternalForm()); + offlineMappings.put("http://cyclonedx.org/schema/jsf-0.82.schema.json", + getClass().getClassLoader().getResource("jsf-0.82.schema.json").toExternalForm()); offlineMappings.put("http://cyclonedx.org/schema/bom-1.2.schema.json", getClass().getClassLoader().getResource("bom-1.2-strict.schema.json").toExternalForm()); offlineMappings.put("http://cyclonedx.org/schema/bom-1.3.schema.json", @@ -128,25 +102,34 @@ public JsonSchema getJsonSchema(CycloneDxSchema.Version schemaVersion, final Obj getClass().getClassLoader().getResource("bom-1.4.schema.json").toExternalForm()); offlineMappings.put("http://cyclonedx.org/schema/bom-1.5.schema.json", getClass().getClassLoader().getResource("bom-1.5.schema.json").toExternalForm()); - config.setUriMappings(offlineMappings); + offlineMappings.put("http://cyclonedx.org/schema/bom-1.6.schema.json", + getClass().getClassLoader().getResource("bom-1.6.schema.json").toExternalForm()); + JsonNode schemaNode = mapper.readTree(spdxInstream); - JsonSchemaFactory factory = JsonSchemaFactory.getInstance(SpecVersionDetector.detect(schemaNode)); + final MapSchemaMapper offlineSchemaMapper = new MapSchemaMapper(offlineMappings); + JsonSchemaFactory factory = JsonSchemaFactory.builder(JsonSchemaFactory.getInstance(SpecVersionDetector.detect(schemaNode))) + .jsonMapper(mapper) + .schemaMappers(s -> s.add(offlineSchemaMapper)) + .build(); return factory.getSchema(schemaNode, config); } - private InputStream getJsonSchemaAsStream(final CycloneDxSchema.Version schemaVersion) { - if (CycloneDxSchema.Version.VERSION_12 == schemaVersion) { + private InputStream getJsonSchemaAsStream(final Version schemaVersion) { + if (Version.VERSION_12 == schemaVersion) { return this.getClass().getClassLoader().getResourceAsStream("bom-1.2-strict.schema.json"); } - else if (CycloneDxSchema.Version.VERSION_13 == schemaVersion) { + else if (Version.VERSION_13 == schemaVersion) { return this.getClass().getClassLoader().getResourceAsStream("bom-1.3-strict.schema.json"); } - else if (CycloneDxSchema.Version.VERSION_14 == schemaVersion) { + else if (Version.VERSION_14 == schemaVersion) { return this.getClass().getClassLoader().getResourceAsStream("bom-1.4.schema.json"); } - else { + else if(Version.VERSION_15 == schemaVersion){ return this.getClass().getClassLoader().getResourceAsStream("bom-1.5.schema.json"); } + else { + return this.getClass().getClassLoader().getResourceAsStream("bom-1.6.schema.json"); + } } /** @@ -157,25 +140,28 @@ else if (CycloneDxSchema.Version.VERSION_14 == schemaVersion) { * @throws SAXException a SAXException * @since 2.0.0 */ - public Schema getXmlSchema(CycloneDxSchema.Version schemaVersion) throws SAXException { - if (CycloneDxSchema.Version.VERSION_10 == schemaVersion) { + public Schema getXmlSchema(Version schemaVersion) throws SAXException { + if (Version.VERSION_10 == schemaVersion) { return getXmlSchema10(); } - else if (CycloneDxSchema.Version.VERSION_11 == schemaVersion) { + else if (Version.VERSION_11 == schemaVersion) { return getXmlSchema11(); } - else if (CycloneDxSchema.Version.VERSION_12 == schemaVersion) { + else if (Version.VERSION_12 == schemaVersion) { return getXmlSchema12(); } - else if (CycloneDxSchema.Version.VERSION_13 == schemaVersion) { + else if (Version.VERSION_13 == schemaVersion) { return getXmlSchema13(); } - else if (CycloneDxSchema.Version.VERSION_14 == schemaVersion) { + else if (Version.VERSION_14 == schemaVersion) { return getXmlSchema14(); } - else { + else if (Version.VERSION_15 == schemaVersion) { return getXmlSchema15(); } + else { + return getXmlSchema16(); + } } /** @@ -258,7 +244,7 @@ private Schema getXmlSchema14() throws SAXException { * * @return a Schema * @throws SAXException a SAXException - * @since TBD + * @since 8.0.1 */ private Schema getXmlSchema15() throws SAXException { // Use local copies of schemas rather than resolving from the net. It's faster, and less prone to errors. @@ -268,6 +254,21 @@ private Schema getXmlSchema15() throws SAXException { ); } + /** + * Returns the CycloneDX XML Schema from the specifications XSD. + * + * @return a Schema + * @throws SAXException a SAXException + * @since 8.1.0 + */ + private Schema getXmlSchema16() throws SAXException { + // Use local copies of schemas rather than resolving from the net. It's faster, and less prone to errors. + return getXmlSchema( + this.getClass().getClassLoader().getResourceAsStream("spdx.xsd"), + this.getClass().getClassLoader().getResourceAsStream("bom-1.6.xsd") + ); + } + public Schema getXmlSchema(InputStream... inputStreams) throws SAXException { final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); final Source[] schemaFiles = new Source[inputStreams.length]; diff --git a/src/main/java/org/cyclonedx/Format.java b/src/main/java/org/cyclonedx/Format.java new file mode 100644 index 0000000000..9f55da7b09 --- /dev/null +++ b/src/main/java/org/cyclonedx/Format.java @@ -0,0 +1,49 @@ +package org.cyclonedx; + +public enum Format { + XML("xml", "application/vnd.cyclonedx+xml"), + JSON("json", "application/vnd.cyclonedx+json"); + + private final String extension; + private final String mediaType; + + Format(String extension, String mediaType) { + this.extension = extension; + this.mediaType = mediaType; + } + + /** + * The file extension associated to this format. + * + * @return The file extension, excluding the dot. + */ + public String getExtension() { + return extension; + } + + /** + * The official CycloneDX media type assigned by IANA for this format, see + * .... + * + * @return The identifier for the media type. + */ + public String getMediaType() { + return mediaType; + } + + /** + * Returns the format based on the given file extension. + * + * @param extension The file extension. + * @return The format or null if not found. + */ + public static Format fromExtension(String extension) { + if (extension != null) { + switch (extension) { + case "xml": return XML; + case "json": return JSON; + } + } + return null; + } +} diff --git a/src/main/java/org/cyclonedx/Version.java b/src/main/java/org/cyclonedx/Version.java new file mode 100644 index 0000000000..5452c43982 --- /dev/null +++ b/src/main/java/org/cyclonedx/Version.java @@ -0,0 +1,68 @@ +package org.cyclonedx; + +import java.util.EnumSet; + +import static org.cyclonedx.Format.*; + +public enum Version +{ + VERSION_10(CycloneDxSchema.NS_BOM_10, "1.0", 1.0, EnumSet.of(XML)), + VERSION_11(CycloneDxSchema.NS_BOM_11, "1.1", 1.1, EnumSet.of(XML)), + VERSION_12(CycloneDxSchema.NS_BOM_12, "1.2", 1.2, EnumSet.of(XML, JSON)), + VERSION_13(CycloneDxSchema.NS_BOM_13, "1.3", 1.3, EnumSet.of(XML, JSON)), + VERSION_14(CycloneDxSchema.NS_BOM_14, "1.4", 1.4, EnumSet.of(XML, JSON)), + VERSION_15(CycloneDxSchema.NS_BOM_15, "1.5", 1.5, EnumSet.of(XML, JSON)), + VERSION_16(CycloneDxSchema.NS_BOM_16, "1.6", 1.6, EnumSet.of(XML, JSON)); + + private final String namespace; + + private final String versionString; + + private final double version; + + private final EnumSet formats; + + public String getNamespace() { + return this.namespace; + } + + public String getVersionString() { + return versionString; + } + + public double getVersion() { + return version; + } + + public EnumSet getFormats() { + return formats; + } + + Version(String namespace, String versionString, double version, EnumSet formats) { + this.namespace = namespace; + this.versionString = versionString; + this.version = version; + this.formats = formats; + } + + /** + * Returns the version based on the given version string. + * + * @param versionString The version string. + * @return The version or null if not found. + */ + public static Version fromVersionString(String versionString) { + if (versionString != null) { + switch (versionString) { + case "1.0": return VERSION_10; + case "1.1": return VERSION_11; + case "1.2": return VERSION_12; + case "1.3": return VERSION_13; + case "1.4": return VERSION_14; + case "1.5": return VERSION_15; + case "1.6": return VERSION_16; + } + } + return null; + } +} diff --git a/src/main/java/org/cyclonedx/generators/AbstractBomGenerator.java b/src/main/java/org/cyclonedx/generators/AbstractBomGenerator.java new file mode 100644 index 0000000000..6dcc2c4f5a --- /dev/null +++ b/src/main/java/org/cyclonedx/generators/AbstractBomGenerator.java @@ -0,0 +1,100 @@ +package org.cyclonedx.generators; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.module.SimpleModule; +import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.Format; +import org.cyclonedx.Version; +import org.cyclonedx.model.Bom; +import org.cyclonedx.util.serializer.CustomSerializerModifier; +import org.cyclonedx.util.serializer.EvidenceSerializer; +import org.cyclonedx.util.serializer.ExternalReferenceSerializer; +import org.cyclonedx.util.serializer.HashSerializer; +import org.cyclonedx.util.serializer.InputTypeSerializer; +import org.cyclonedx.util.serializer.LicenseChoiceSerializer; +import org.cyclonedx.util.serializer.LifecycleSerializer; +import org.cyclonedx.util.serializer.MetadataSerializer; +import org.cyclonedx.util.serializer.OutputTypeSerializer; +import org.cyclonedx.util.serializer.SignatorySerializer; + +public abstract class AbstractBomGenerator extends CycloneDxSchema +{ + protected ObjectMapper mapper; + + protected final Version version; + + protected Bom bom; + + protected final Format format; + + public AbstractBomGenerator(final Version version, final Bom bom, final Format format) { + this.mapper = new ObjectMapper(); + this.version = version; + this.bom = bom; + this.format = format; + + if (!version.getFormats().contains(format)) { + throw new IllegalArgumentException( + "CycloneDX version " + version.getVersionString() + " does not support the " + format + " format" + ); + } + } + + /** + * Returns the version of the CycloneDX schema used by this instance + * @return a CycloneDxSchemaVersion enum + */ + public Version getSchemaVersion() { + return version; + } + + /** + * Returns the format that this generator creates. + * @return a Format enum + */ + public Format getFormat() { + return format; + } + + protected void setupObjectMapper(boolean isXml) { + SimpleModule licenseModule = new SimpleModule(); + licenseModule.addSerializer(new LicenseChoiceSerializer(isXml, version)); + mapper.registerModule(licenseModule); + + SimpleModule lifecycleModule = new SimpleModule(); + lifecycleModule.addSerializer(new LifecycleSerializer(isXml)); + mapper.registerModule(lifecycleModule); + + SimpleModule metadataModule = new SimpleModule(); + metadataModule.addSerializer(new MetadataSerializer(isXml, getSchemaVersion())); + mapper.registerModule(metadataModule); + + SimpleModule inputTypeModule = new SimpleModule(); + inputTypeModule.addSerializer(new InputTypeSerializer(isXml)); + mapper.registerModule(inputTypeModule); + + SimpleModule outputTypeModule = new SimpleModule(); + outputTypeModule.addSerializer(new OutputTypeSerializer(isXml)); + mapper.registerModule(outputTypeModule); + + SimpleModule evidenceModule = new SimpleModule(); + evidenceModule.addSerializer(new EvidenceSerializer(isXml, getSchemaVersion())); + mapper.registerModule(evidenceModule); + + SimpleModule signatoryModule = new SimpleModule(); + signatoryModule.addSerializer(new SignatorySerializer(isXml)); + mapper.registerModule(signatoryModule); + + SimpleModule externalSerializer = new SimpleModule(); + externalSerializer.addSerializer(new ExternalReferenceSerializer(getSchemaVersion())); + mapper.registerModule(externalSerializer); + + SimpleModule hash1Module = new SimpleModule(); + hash1Module.addSerializer(new HashSerializer(version)); + mapper.registerModule(hash1Module); + + SimpleModule propertiesModule = new SimpleModule(); + propertiesModule.setSerializerModifier(new CustomSerializerModifier(isXml, version)); + mapper.registerModule(propertiesModule); + } +} diff --git a/src/main/java/org/cyclonedx/generators/BomGeneratorFactory.java b/src/main/java/org/cyclonedx/generators/BomGeneratorFactory.java new file mode 100644 index 0000000000..0fdd456a7b --- /dev/null +++ b/src/main/java/org/cyclonedx/generators/BomGeneratorFactory.java @@ -0,0 +1,47 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.generators; + +import org.cyclonedx.Format; +import org.cyclonedx.Version; +import org.cyclonedx.generators.xml.BomXmlGenerator; +import org.cyclonedx.model.Bom; +import org.cyclonedx.generators.json.BomJsonGenerator; + +public class BomGeneratorFactory { + public static AbstractBomGenerator create(Version version, Bom bom, Format format) { + AbstractBomGenerator generator; + + switch (format) { + case XML: generator = createXml(version, bom); break; + case JSON: generator = createJson(version, bom); break; + default: throw new IllegalArgumentException("Unsupported format " + format); + } + + return generator; + } + + public static BomXmlGenerator createXml(Version version, Bom bom) { + return new BomXmlGenerator(bom, version); + } + + public static BomJsonGenerator createJson(Version version, Bom bom) { + return new BomJsonGenerator(bom, version); + } +} diff --git a/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java b/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java deleted file mode 100644 index 9ddad9446c..0000000000 --- a/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java +++ /dev/null @@ -1,132 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.generators.json; - -import java.lang.reflect.Field; - -import org.cyclonedx.CycloneDxSchema; -import org.cyclonedx.exception.GeneratorException; -import org.cyclonedx.model.Bom; -import org.cyclonedx.model.BomReference; -import org.cyclonedx.util.serializer.ComponentWrapperSerializer; -import org.cyclonedx.util.serializer.InputTypeSerializer; -import org.cyclonedx.util.serializer.LicenseChoiceSerializer; -import org.cyclonedx.util.serializer.MetadataSerializer; -import org.cyclonedx.util.serializer.OutputTypeSerializer; -import org.cyclonedx.util.serializer.TrimStringSerializer; -import org.cyclonedx.util.serializer.LifecycleSerializer; -import org.cyclonedx.util.VersionJsonAnnotationIntrospector; -import org.cyclonedx.util.serializer.DependencySerializer; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.core.util.DefaultIndenter; -import com.fasterxml.jackson.core.util.DefaultPrettyPrinter; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.module.SimpleModule; -import org.cyclonedx.util.mixin.MixInBomReference; - -public abstract class AbstractBomJsonGenerator extends CycloneDxSchema implements BomJsonGenerator { - - protected final ObjectMapper mapper; - - private final DefaultPrettyPrinter prettyPrinter; - - public AbstractBomJsonGenerator() { - this.mapper = new ObjectMapper(); - this.prettyPrinter = new DefaultPrettyPrinter(); - - setupObjectMapper(this.mapper); - setupPrettyPrinter(this.prettyPrinter); - } - - public ObjectMapper getMapper() { - return mapper; - } - - private void setupPrettyPrinter(final DefaultPrettyPrinter prettyPrinter) { - prettyPrinter.indentArraysWith(DefaultIndenter.SYSTEM_LINEFEED_INSTANCE); - } - - private void setupObjectMapper(final ObjectMapper mapper) { - mapper.setAnnotationIntrospector( - new VersionJsonAnnotationIntrospector( - String.valueOf(this.getSchemaVersion().getVersion()))); - - SimpleModule licenseModule = new SimpleModule(); - SimpleModule depModule = new SimpleModule(); - SimpleModule componentWrapperModule = new SimpleModule(); - - SimpleModule stringModule = new SimpleModule(); - stringModule.addSerializer(new TrimStringSerializer()); - mapper.registerModule(stringModule); - - licenseModule.addSerializer(new LicenseChoiceSerializer()); - mapper.registerModule(licenseModule); - - SimpleModule lifecycleModule = new SimpleModule(); - lifecycleModule.addSerializer(new LifecycleSerializer(false)); - mapper.registerModule(lifecycleModule); - - SimpleModule metadataModule = new SimpleModule(); - metadataModule.addSerializer(new MetadataSerializer(false, getSchemaVersion())); - mapper.registerModule(metadataModule); - - SimpleModule inputTypeModule = new SimpleModule(); - inputTypeModule.addSerializer(new InputTypeSerializer(false)); - mapper.registerModule(inputTypeModule); - - SimpleModule outputTypeModule = new SimpleModule(); - outputTypeModule.addSerializer(new OutputTypeSerializer(false)); - mapper.registerModule(outputTypeModule); - - depModule.addSerializer(new DependencySerializer(false, null)); - mapper.registerModule(depModule); - - componentWrapperModule.addSerializer(new ComponentWrapperSerializer(mapper)); - - mapper.registerModule(componentWrapperModule); - } - - String toJson(final Bom bom, final boolean prettyPrint) throws GeneratorException { - try { - mapper.addMixIn(BomReference.class, MixInBomReference.class); - if (prettyPrint) { - return mapper.writer(prettyPrinter).writeValueAsString(bom); - } - return mapper.writeValueAsString(bom); - } - catch (JsonProcessingException e) { - throw new GeneratorException(e); - } - } - - Bom injectBomFormatAndSpecVersion(Bom bom) throws GeneratorException { - try { - Field field; - field = Bom.class.getDeclaredField("bomFormat"); - field.setAccessible(true); - field.set(bom, "CycloneDX"); - field = Bom.class.getDeclaredField("specVersion"); - field.setAccessible(true); - field.set(bom, getSchemaVersion().getVersionString()); - return bom; - } catch (NoSuchFieldException | IllegalAccessException e) { - throw new GeneratorException(e); - } - } -} diff --git a/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator.java b/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator.java index aee9992dd5..e7b975acad 100644 --- a/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator.java +++ b/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator.java @@ -18,17 +18,137 @@ */ package org.cyclonedx.generators.json; +import java.lang.reflect.Field; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.core.util.DefaultIndenter; +import com.fasterxml.jackson.core.util.DefaultPrettyPrinter; import com.fasterxml.jackson.databind.JsonNode; -import org.cyclonedx.CycloneDxSchema; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.module.SimpleModule; +import org.cyclonedx.Format; +import org.cyclonedx.Version; +import org.cyclonedx.exception.GeneratorException; +import org.cyclonedx.generators.AbstractBomGenerator; +import org.cyclonedx.model.Bom; +import org.cyclonedx.model.BomReference; +import org.cyclonedx.util.introspector.VersionJsonAnnotationIntrospector; +import org.cyclonedx.util.mixin.MixInBomReference; +import org.cyclonedx.util.serializer.ComponentWrapperSerializer; +import org.cyclonedx.util.serializer.DependencySerializer; +import org.cyclonedx.util.serializer.TrimStringSerializer; + +public class BomJsonGenerator extends AbstractBomGenerator +{ + private final DefaultPrettyPrinter prettyPrinter; + + /** + * Constructs a new BomGenerator object. + * @param bom the BOM to generate + * @param version the version of the CycloneDX schema to use. + */ + public BomJsonGenerator(Bom bom, final Version version) { + super(version, bom, Format.JSON); + Bom modifiedBom = null; + try { + modifiedBom = injectBomFormatAndSpecVersion(bom); + } + catch (GeneratorException e) { + } + this.bom = modifiedBom != null ? modifiedBom : bom; + this.prettyPrinter = new DefaultPrettyPrinter(); + + setupPrettyPrinter(this.prettyPrinter); + + this.mapper = new ObjectMapper(); + setupObjectMapper(); + } + + private void setupObjectMapper() { + mapper.setAnnotationIntrospector(new VersionJsonAnnotationIntrospector(version)); + + super.setupObjectMapper(false); + + SimpleModule depModule = new SimpleModule(); + SimpleModule componentWrapperModule = new SimpleModule(); + + SimpleModule stringModule = new SimpleModule(); + stringModule.addSerializer(new TrimStringSerializer()); + mapper.registerModule(stringModule); + + depModule.addSerializer(new DependencySerializer(false, null)); + mapper.registerModule(depModule); + + componentWrapperModule.addSerializer(new ComponentWrapperSerializer(mapper)); + mapper.registerModule(componentWrapperModule); + } + + private void setupPrettyPrinter(final DefaultPrettyPrinter prettyPrinter) { + prettyPrinter.indentArraysWith(DefaultIndenter.SYSTEM_LINEFEED_INSTANCE); + } -public interface BomJsonGenerator { + private Bom injectBomFormatAndSpecVersion(Bom bom) throws GeneratorException { + try { + Field field; + field = Bom.class.getDeclaredField("bomFormat"); + field.setAccessible(true); + field.set(bom, "CycloneDX"); + field = Bom.class.getDeclaredField("specVersion"); + field.setAccessible(true); + field.set(bom, getSchemaVersion().getVersionString()); + return bom; + } catch (NoSuchFieldException | IllegalAccessException e) { + throw new GeneratorException(e); + } + } - CycloneDxSchema.Version getSchemaVersion(); + /** + * Creates a CycloneDX BOM from a set of Components. + * @return an JSON Document representing a CycloneDX BoM + * @since 7.0.0 + */ + public JsonNode toJsonNode() { + try { + return mapper.readTree(toJson(bom, false)); + } catch (GeneratorException | JsonProcessingException e) { + return null; + } + } - JsonNode toJsonNode(); + public String toJsonString() throws GeneratorException { + return toJson(bom, true); + } - String toJsonString(); + public String toJsonString(boolean prettyPrint) throws GeneratorException { + return toJson(bom, prettyPrint); + } - String toString(); + /** + * Creates a text representation of a CycloneDX BoM Document. This method calls {@link #toJsonString()} and will return + * an empty string if {@link #toJsonString()} throws an exception. It's preferred to call {@link #toJsonString()} + * directly so that exceptions can be caught. + * + * @return a String of the BoM + */ + @Override + public String toString() { + try { + return toJson(bom, true); + } catch (GeneratorException e) { + return ""; + } + } + String toJson(final Bom bom, final boolean prettyPrint) throws GeneratorException { + try { + mapper.addMixIn(BomReference.class, MixInBomReference.class); + if (prettyPrint) { + return mapper.writer(prettyPrinter).writeValueAsString(bom); + } + return mapper.writeValueAsString(bom); + } + catch (JsonProcessingException e) { + throw new GeneratorException(e); + } + } } diff --git a/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator12.java b/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator12.java deleted file mode 100644 index bf4b680195..0000000000 --- a/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator12.java +++ /dev/null @@ -1,89 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.generators.json; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.JsonNode; -import org.cyclonedx.CycloneDxSchema; -import org.cyclonedx.exception.GeneratorException; -import org.cyclonedx.model.Bom; -import org.cyclonedx.model.Component; - -/** - * BomGenerator creates a CycloneDX bill-of-material document from a set of - * {@link Component}s. - * @since 3.0.0 - */ -public class BomJsonGenerator12 extends AbstractBomJsonGenerator implements BomJsonGenerator { - - private final Bom bom; - - /** - * Constructs a new BomGenerator object. - * @param bom the BOM to generate - */ - public BomJsonGenerator12(final Bom bom) { - Bom modifiedBom = null; - try { - modifiedBom = injectBomFormatAndSpecVersion(bom); - } - catch (GeneratorException e) { - } - this.bom = modifiedBom != null ? modifiedBom : bom; - } - - /** - * Returns the version of the CycloneDX schema used by this instance - * @return a CycloneDxSchemaVersion enum - */ - public Version getSchemaVersion() { - return CycloneDxSchema.Version.VERSION_12; - } - - /** - * Creates a CycloneDX BOM from a set of Components. - * @return an JSON Document representing a CycloneDX BoM - * @since 7.0.0 - */ - public JsonNode toJsonNode() { - try { - return mapper.readTree(toJson(this.bom, false)); - } catch (GeneratorException | JsonProcessingException e) { - return null; - } - } - - @Override - public String toJsonString() { - try { - return toJson(this.bom, true); - } catch (GeneratorException e) { - return ""; - } - } - - @Override - public String toString() { - try { - return toJson(this.bom, false); - } catch (GeneratorException e) { - return ""; - } - } -} diff --git a/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator13.java b/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator13.java deleted file mode 100644 index ff1bf6bb97..0000000000 --- a/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator13.java +++ /dev/null @@ -1,91 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.generators.json; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.JsonNode; -import org.cyclonedx.CycloneDxSchema; -import org.cyclonedx.exception.GeneratorException; -import org.cyclonedx.model.Bom; -import org.cyclonedx.model.Component; - -/** - * BomGenerator creates a CycloneDX bill-of-material document from a set of - * {@link Component}s. - * @since 5.0.0 - */ -public class BomJsonGenerator13 extends AbstractBomJsonGenerator implements BomJsonGenerator { - - private final Bom bom; - - /** - * Constructs a new BomGenerator object. - * @param bom the BOM to generate - */ - public BomJsonGenerator13(final Bom bom) { - Bom modifiedBom = null; - try { - modifiedBom = injectBomFormatAndSpecVersion(bom); - } - catch (GeneratorException e) { - } - this.bom = modifiedBom != null ? modifiedBom : bom; - } - - /** - * Returns the version of the CycloneDX schema used by this instance - * @return a CycloneDxSchemaVersion enum - */ - public Version getSchemaVersion() { - return CycloneDxSchema.Version.VERSION_13; - } - - /** - * Creates a CycloneDX BOM from a set of Components. - * @return an JSON Document representing a CycloneDX BoM - * @since 7.0.0 - */ - public JsonNode toJsonNode() { - try { - return mapper.readTree(toJson(this.bom, false)); - } catch (GeneratorException | JsonProcessingException e) { - return null; - } - } - - @Override - public String toJsonString() { - try { - return toJson(this.bom, true); - } - catch (GeneratorException e) { - return ""; - } - } - - @Override - public String toString() { - try { - return toJson(this.bom, false); - } - catch (GeneratorException e) { - return ""; - } - } -} diff --git a/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator14.java b/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator14.java deleted file mode 100644 index 290b7721cc..0000000000 --- a/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator14.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.generators.json; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.JsonNode; -import org.cyclonedx.exception.GeneratorException; -import org.cyclonedx.model.Bom; -import org.cyclonedx.model.Component; - -/** - * BomGenerator creates a CycloneDX bill-of-material document from a set of - * {@link Component}s. - * @since 6.0.0 - */ -public class BomJsonGenerator14 extends AbstractBomJsonGenerator implements BomJsonGenerator { - - private final Bom bom; - - /** - * Constructs a new BomGenerator object. - * @param bom the BOM to generate - */ - public BomJsonGenerator14(final Bom bom) { - Bom modifiedBom = null; - try { - modifiedBom = injectBomFormatAndSpecVersion(bom); - } - catch (GeneratorException e) { - } - this.bom = modifiedBom != null ? modifiedBom : bom; - } - - /** - * Returns the version of the CycloneDX schema used by this instance - * @return a CycloneDxSchemaVersion enum - */ - public Version getSchemaVersion() { - return Version.VERSION_14; - } - - /** - * Creates a CycloneDX BOM from a set of Components. - * @return an JSON Document representing a CycloneDX BoM - * @since 7.0.0 - */ - public JsonNode toJsonNode() { - try { - return mapper.readTree(toJson(this.bom, false)); - } catch (GeneratorException | JsonProcessingException e) { - return null; - } - } - - @Override - public String toJsonString() { - try { - return toJson(this.bom, true); - } - catch (GeneratorException e) { - return ""; - } - } - - @Override - public String toString() { - try { - return toJson(this.bom, false); - } - catch (GeneratorException e) { - return ""; - } - } -} diff --git a/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator15.java b/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator15.java deleted file mode 100644 index 3a0138b134..0000000000 --- a/src/main/java/org/cyclonedx/generators/json/BomJsonGenerator15.java +++ /dev/null @@ -1,95 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.generators.json; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.JsonNode; -import org.cyclonedx.exception.GeneratorException; -import org.cyclonedx.model.Bom; -import org.cyclonedx.model.Component; - -/** - * BomGenerator creates a CycloneDX bill-of-material document from a set of {@link Component}s. - * - * @since 8.0.0 - */ -public class BomJsonGenerator15 - extends AbstractBomJsonGenerator - implements BomJsonGenerator -{ - private final Bom bom; - - /** - * Constructs a new BomGenerator object. - * - * @param bom the BOM to generate - */ - public BomJsonGenerator15(final Bom bom) { - Bom modifiedBom = null; - try { - modifiedBom = injectBomFormatAndSpecVersion(bom); - } - catch (GeneratorException e) { - } - this.bom = modifiedBom != null ? modifiedBom : bom; - } - - /** - * Returns the version of the CycloneDX schema used by this instance - * - * @return a CycloneDxSchemaVersion enum - */ - public Version getSchemaVersion() { - return Version.VERSION_15; - } - - /** - * Creates a CycloneDX BOM from a set of Components. - * - * @return an JSON Document representing a CycloneDX BoM - */ - public JsonNode toJsonNode() { - try { - return mapper.readTree(toJson(this.bom, false)); - } - catch (GeneratorException | JsonProcessingException e) { - return null; - } - } - - @Override - public String toJsonString() { - try { - return toJson(this.bom, true); - } - catch (GeneratorException e) { - return ""; - } - } - - @Override - public String toString() { - try { - return toJson(this.bom, false); - } - catch (GeneratorException e) { - return ""; - } - } -} diff --git a/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java b/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java deleted file mode 100644 index 14ba14e2a5..0000000000 --- a/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java +++ /dev/null @@ -1,161 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.generators.xml; - -import java.io.IOException; -import java.io.StringReader; -import javax.xml.XMLConstants; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import org.cyclonedx.CycloneDxSchema; -import org.cyclonedx.exception.GeneratorException; -import org.cyclonedx.model.Bom; -import org.cyclonedx.util.serializer.DependencySerializer; -import org.cyclonedx.util.serializer.InputTypeSerializer; -import org.cyclonedx.util.serializer.LifecycleSerializer; -import org.cyclonedx.util.VersionXmlAnnotationIntrospector; -import org.cyclonedx.util.serializer.MetadataSerializer; -import org.cyclonedx.util.serializer.OutputTypeSerializer; -import org.w3c.dom.Document; -import org.xml.sax.InputSource; -import org.xml.sax.SAXException; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.module.SimpleModule; -import com.fasterxml.jackson.dataformat.xml.XmlMapper; -import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; -import com.fasterxml.jackson.dataformat.xml.util.DefaultXmlPrettyPrinter; - -public abstract class AbstractBomXmlGenerator extends CycloneDxSchema implements BomXmlGenerator { - - private final ObjectMapper mapper; - - private final DefaultXmlPrettyPrinter prettyPrinter; - - public AbstractBomXmlGenerator() { - mapper = new XmlMapper(); - // Roche-CSI: Use XML 1.1 to handle extended characters in linux copyright files - ((XmlMapper) mapper).configure(ToXmlGenerator.Feature.WRITE_XML_1_1, true); - prettyPrinter = new DefaultXmlPrettyPrinter(); - setupObjectMapper(mapper); - } - - public ObjectMapper getMapper() { - return mapper; - } - - Document doc; - - private void setupObjectMapper(final ObjectMapper mapper) { - mapper.setAnnotationIntrospector( - new VersionXmlAnnotationIntrospector(String.valueOf(this.getSchemaVersion().getVersion()))); - - if (this.getSchemaVersion().getVersion() == 1.0) { - // NO-OP - } - else { - boolean useNamespace = this.getSchemaVersion().getVersion() == 1.1; - registerDependencyModule(mapper, useNamespace); - } - - SimpleModule lifecycleModule = new SimpleModule(); - lifecycleModule.addSerializer(new LifecycleSerializer(true)); - mapper.registerModule(lifecycleModule); - - SimpleModule metadataModule = new SimpleModule(); - metadataModule.addSerializer(new MetadataSerializer(true, getSchemaVersion())); - mapper.registerModule(metadataModule); - - SimpleModule inputTypeModule = new SimpleModule(); - inputTypeModule.addSerializer(new InputTypeSerializer(true)); - mapper.registerModule(inputTypeModule); - - SimpleModule outputTypeModule = new SimpleModule(); - outputTypeModule.addSerializer(new OutputTypeSerializer(false)); - mapper.registerModule(outputTypeModule); - } - - private void registerDependencyModule(final ObjectMapper mapper, final boolean useNamespace) { - SimpleModule depModule = new SimpleModule(); - - depModule.addSerializer(new DependencySerializer(useNamespace, null)); - mapper.registerModule(depModule); - } - - /** - * Constructs a new document builder with security features enabled. - * - * @return a new document builder - * @throws javax.xml.parsers.ParserConfigurationException thrown if there is - * a parser configuration exception - */ - public DocumentBuilder buildSecureDocumentBuilder() throws ParserConfigurationException { - final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); - factory.setFeature("http://xml.org/sax/features/external-general-entities", false); - factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - factory.setNamespaceAware(true); - return factory.newDocumentBuilder(); - } - - protected Document generateDocument(final Bom bom) - throws ParserConfigurationException - { - try { - final DocumentBuilder docBuilder = buildSecureDocumentBuilder(); - - this.doc = docBuilder.parse(new InputSource(new StringReader(toXML(bom, false)))); - - this.doc.setXmlStandalone(true); - - return this.doc; - } catch (SAXException | ParserConfigurationException | IOException | GeneratorException ex) { - throw new ParserConfigurationException(ex.toString()); - } - } - - String toXML(final Bom bom, final boolean prettyPrint) throws GeneratorException { - try { - if (prettyPrint) { - return mapper.writer(prettyPrinter).writeValueAsString(bom); - } - return mapper.writeValueAsString(bom); - } catch (JsonProcessingException ex) { - throw new GeneratorException(ex); - } - } - - /** - * Creates a text representation of a CycloneDX BoM Document. This method - * calls {@link #toXmlString()} and will return an empty string if {@link #toXmlString()} - * throws an exception. It's preferred to call {@link #toXmlString()} directly - * so that exceptions can be caught. - * @return a String of the BoM - * @since 1.1.0 - */ - @Override - public String toString() { - try { - return toXmlString(); - } catch (Exception e) { - return ""; - } - } -} diff --git a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator.java b/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator.java index 39058396a4..133ea8cfb8 100644 --- a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator.java +++ b/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator.java @@ -18,19 +18,141 @@ */ package org.cyclonedx.generators.xml; -import org.cyclonedx.CycloneDxSchema; +import java.io.IOException; +import java.io.StringReader; + +import javax.xml.XMLConstants; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.cyclonedx.Format; +import org.cyclonedx.Version; import org.cyclonedx.exception.GeneratorException; +import org.cyclonedx.generators.AbstractBomGenerator; +import org.cyclonedx.model.Bom; +import org.cyclonedx.util.introspector.VersionXmlAnnotationIntrospector; +import org.cyclonedx.util.serializer.DependencySerializer; import org.w3c.dom.Document; -import javax.xml.parsers.ParserConfigurationException; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.module.SimpleModule; +import com.fasterxml.jackson.dataformat.xml.XmlMapper; +import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import com.fasterxml.jackson.dataformat.xml.util.DefaultXmlPrettyPrinter; + +public class BomXmlGenerator extends AbstractBomGenerator +{ + private final DefaultXmlPrettyPrinter prettyPrinter; + + /** + * Constructs a new BomXmlGenerator object. + * @param bom the BOM to generate + * @param version the version of the CycloneDX schema to use. + */ + public BomXmlGenerator(final Bom bom, final Version version) { + super(version, bom, Format.XML); + + mapper = new XmlMapper(); + // Roche-CSI: Use XML 1.1 to handle extended characters in linux copyright files + ((XmlMapper) mapper).configure(ToXmlGenerator.Feature.WRITE_XML_1_1, true); + prettyPrinter = new DefaultXmlPrettyPrinter(); + setupObjectMapper(); + bom.setXmlns(version.getNamespace()); + } + + private void setupObjectMapper() { + mapper.setAnnotationIntrospector(new VersionXmlAnnotationIntrospector(getSchemaVersion())); + + if (version.getVersion() != 1.0) { + boolean useNamespace = version.getVersion() == 1.1; + registerDependencyModule(mapper, useNamespace); + } + super.setupObjectMapper(true); + } + + private void registerDependencyModule(final ObjectMapper mapper, final boolean useNamespace) { + SimpleModule depModule = new SimpleModule(); + depModule.addSerializer(new DependencySerializer(useNamespace, null)); + mapper.registerModule(depModule); + } + + /** + * Constructs a new document builder with security features enabled. + * + * @return a new document builder + * @throws javax.xml.parsers.ParserConfigurationException thrown if there is a parser configuration exception + */ + private DocumentBuilder buildSecureDocumentBuilder() throws ParserConfigurationException { + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + factory.setFeature("http://xml.org/sax/features/external-general-entities", false); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + factory.setNamespaceAware(true); + return factory.newDocumentBuilder(); + } -public interface BomXmlGenerator { + protected Document generateDocument(final Bom bom) + throws ParserConfigurationException + { + try { + final DocumentBuilder docBuilder = buildSecureDocumentBuilder(); + final String string = toXML(bom, false); + final Document doc = docBuilder.parse(new InputSource(new StringReader(string))); + doc.setXmlStandalone(true); + return doc; + } + catch (SAXException | ParserConfigurationException | IOException | GeneratorException ex) { + throw new ParserConfigurationException(ex.toString()); + } + } - CycloneDxSchema.Version getSchemaVersion(); + String toXML(final Bom bom, final boolean prettyPrint) throws GeneratorException { + try { + if (prettyPrint) { + return mapper.writer(prettyPrinter).writeValueAsString(bom); + } + return mapper.writeValueAsString(bom); + } + catch (JsonProcessingException ex) { + throw new GeneratorException(ex); + } + } - Document generate() throws ParserConfigurationException; + /** + * Creates a CycloneDX BoM from a set of Components. + * @return an XML Document representing a CycloneDX BoM + * @since 1.1.0 + * @throws ParserConfigurationException if an error occurs + */ + public Document generate() throws ParserConfigurationException { + return generateDocument(bom); + } - String toXmlString() throws GeneratorException; - String toString(); + public String toXmlString() throws GeneratorException { + return toXML(bom, true); + } + /** + * Creates a text representation of a CycloneDX BoM Document. This method calls {@link #toXmlString()} and will return + * an empty string if {@link #toXmlString()} throws an exception. It's preferred to call {@link #toXmlString()} + * directly so that exceptions can be caught. + * + * @return a String of the BoM + * @since 1.1.0 + * + */ + @Override + public String toString() { + try { + return toXML(bom, true); + } + catch (GeneratorException e) { + return ""; + } + } } diff --git a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator10.java b/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator10.java deleted file mode 100644 index f0e0ab386c..0000000000 --- a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator10.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.generators.xml; - -import org.cyclonedx.CycloneDxSchema; -import org.cyclonedx.exception.GeneratorException; -import org.cyclonedx.model.Bom; -import org.cyclonedx.model.Component; -import org.w3c.dom.Document; -import javax.xml.parsers.ParserConfigurationException; - -/** - * BomGenerator creates a CycloneDX bill-of-material document from a set of - * {@link Component}s. Proper usage assumes {@link #generate()} is called after - * construction and optionally followed by {@link #toXmlString()}. - * @since 1.1.0 - */ -public class BomXmlGenerator10 extends AbstractBomXmlGenerator implements BomXmlGenerator { - - private final Bom bom; - - /** - * Constructs a new BomGenerator object. - * @param bom the BOM to generate - */ - public BomXmlGenerator10(final Bom bom) { - bom.setXmlns(CycloneDxSchema.NS_BOM_10); - - this.bom = bom; - } - - /** - * Returns the version of the CycloneDX schema used by this instance - * @return a CycloneDxSchemaVersion enum - */ - public Version getSchemaVersion() { - return CycloneDxSchema.Version.VERSION_10; - } - - /** - * Creates a CycloneDX BoM from a set of Components. - * @return an XML Document representing a CycloneDX BoM - * @since 1.1.0 - */ - public Document generate() throws ParserConfigurationException { - return generateDocument(this.bom); - } - - public String toXmlString() throws GeneratorException { - return toXML(this.bom, true); - } -} diff --git a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator11.java b/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator11.java deleted file mode 100644 index 1a1c386585..0000000000 --- a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator11.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.generators.xml; - -import org.cyclonedx.CycloneDxSchema; -import org.cyclonedx.exception.GeneratorException; -import org.cyclonedx.model.Bom; -import org.cyclonedx.model.Component; -import org.w3c.dom.Document; -import javax.xml.parsers.ParserConfigurationException; - -/** - * BomGenerator creates a CycloneDX bill-of-material document from a set of - * {@link Component}s. Proper usage assumes {@link #generate()} is called after - * construction and optionally followed by {@link #toXmlString()}. - * @since 2.0.0 - */ -public class BomXmlGenerator11 extends AbstractBomXmlGenerator implements BomXmlGenerator { - - private final Bom bom; - - /** - * Constructs a new BomGenerator object. - * @param bom the BOM to generate - */ - public BomXmlGenerator11(final Bom bom) { - bom.setXmlns(CycloneDxSchema.NS_BOM_11); - - this.bom = bom; - } - - /** - * Returns the version of the CycloneDX schema used by this instance - * @return a CycloneDxSchemaVersion enum - */ - public Version getSchemaVersion() { - return CycloneDxSchema.Version.VERSION_11; - } - - /** - * Creates a CycloneDX BoM from a set of Components. - * @return an XML Document representing a CycloneDX BoM - * @since 2.0.0 - */ - public Document generate() throws ParserConfigurationException { - return generateDocument(this.bom); - } - - public String toXmlString() throws GeneratorException { - return toXML(this.bom, true); - } -} diff --git a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator12.java b/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator12.java deleted file mode 100644 index ce01e35b61..0000000000 --- a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator12.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.generators.xml; - -import org.cyclonedx.CycloneDxSchema; -import org.cyclonedx.exception.GeneratorException; -import org.cyclonedx.model.Bom; -import org.cyclonedx.model.Component; -import org.w3c.dom.Document; -import javax.xml.parsers.ParserConfigurationException; - -/** - * BomGenerator creates a CycloneDX bill-of-material document from a set of - * {@link Component}s. Proper usage assumes {@link #generate()} is called after - * construction and optionally followed by {@link #toXmlString()}. - * @since 3.0.0 - */ -public class BomXmlGenerator12 extends AbstractBomXmlGenerator implements BomXmlGenerator { - - private final Bom bom; - - /** - * Constructs a new BomGenerator object. - * @param bom the BOM to generate - */ - public BomXmlGenerator12(final Bom bom) { - bom.setXmlns(CycloneDxSchema.NS_BOM_12); - - this.bom = bom; - } - - /** - * Returns the version of the CycloneDX schema used by this instance - * @return a CycloneDxSchemaVersion enum - */ - public Version getSchemaVersion() { - return CycloneDxSchema.Version.VERSION_12; - } - - /** - * Creates a CycloneDX BoM from a set of Components. - * @return an XML Document representing a CycloneDX BoM - * @since 2.0.0 - */ - public Document generate() throws ParserConfigurationException { - return generateDocument(this.bom); - } - - public String toXmlString() throws GeneratorException { - return toXML(this.bom, true); - } -} diff --git a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator13.java b/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator13.java deleted file mode 100644 index f27effdf8b..0000000000 --- a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator13.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.generators.xml; - -import org.cyclonedx.CycloneDxSchema; -import org.cyclonedx.exception.GeneratorException; -import org.cyclonedx.model.Bom; -import org.cyclonedx.model.Component; -import org.w3c.dom.Document; -import javax.xml.parsers.ParserConfigurationException; - -/** - * BomGenerator creates a CycloneDX bill-of-material document from a set of - * {@link Component}s. Proper usage assumes {@link #generate()} is called after - * construction and optionally followed by {@link #toXmlString()}. - * @since 5.0.0 - */ -public class BomXmlGenerator13 extends AbstractBomXmlGenerator implements BomXmlGenerator { - - private final Bom bom; - - /** - * Constructs a new BomGenerator object. - * @param bom the BOM to generate - */ - public BomXmlGenerator13(final Bom bom) { - bom.setXmlns(CycloneDxSchema.NS_BOM_13); - - this.bom = bom; - } - - /** - * Returns the version of the CycloneDX schema used by this instance - * @return a CycloneDxSchemaVersion enum - */ - public Version getSchemaVersion() { - return CycloneDxSchema.Version.VERSION_13; - } - - /** - * Creates a CycloneDX BoM from a set of Components. - * @return an XML Document representing a CycloneDX BoM - * @since 5.0.0 - */ - public Document generate() throws ParserConfigurationException { - return generateDocument(this.bom); - } - - public String toXmlString() throws GeneratorException { - return toXML(this.bom, true); - } -} diff --git a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator14.java b/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator14.java deleted file mode 100644 index 877d7c6be2..0000000000 --- a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator14.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.generators.xml; - -import org.cyclonedx.CycloneDxSchema; -import org.cyclonedx.exception.GeneratorException; -import org.cyclonedx.model.Bom; -import org.cyclonedx.model.Component; -import org.w3c.dom.Document; - -import javax.xml.parsers.ParserConfigurationException; - -/** - * BomGenerator creates a CycloneDX bill-of-material document from a set of - * {@link Component}s. Proper usage assumes {@link #generate()} is called after - * construction and optionally followed by {@link #toXmlString()}. - * @since 6.0.0 - */ -public class BomXmlGenerator14 extends AbstractBomXmlGenerator implements BomXmlGenerator { - - private final Bom bom; - - /** - * Constructs a new BomGenerator object. - * @param bom the BOM to generate - */ - public BomXmlGenerator14(final Bom bom) { - bom.setXmlns(CycloneDxSchema.NS_BOM_14); - - this.bom = bom; - } - - /** - * Returns the version of the CycloneDX schema used by this instance - * @return a CycloneDxSchemaVersion enum - */ - public Version getSchemaVersion() { - return Version.VERSION_14; - } - - /** - * Creates a CycloneDX BoM from a set of Components. - * @return an XML Document representing a CycloneDX BoM - * @since 6.0.0 - */ - public Document generate() throws ParserConfigurationException { - return generateDocument(this.bom); - } - - public String toXmlString() throws GeneratorException { - return toXML(this.bom, true); - } -} diff --git a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator15.java b/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator15.java deleted file mode 100644 index db1e28e94c..0000000000 --- a/src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator15.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.generators.xml; - -import javax.xml.parsers.ParserConfigurationException; - -import org.cyclonedx.CycloneDxSchema; -import org.cyclonedx.exception.GeneratorException; -import org.cyclonedx.model.Bom; -import org.cyclonedx.model.Component; -import org.w3c.dom.Document; - -/** - * BomGenerator creates a CycloneDX bill-of-material document from a set of {@link Component}s. Proper usage assumes - * {@link #generate()} is called after construction and optionally followed by {@link #toXmlString()}. - * - * @since 8.0.0 - */ -public class BomXmlGenerator15 - extends AbstractBomXmlGenerator - implements BomXmlGenerator -{ - private final Bom bom; - - /** - * Constructs a new BomGenerator object. - * - * @param bom the BOM to generate - */ - public BomXmlGenerator15(final Bom bom) { - bom.setXmlns(CycloneDxSchema.NS_BOM_15); - - this.bom = bom; - } - - /** - * Returns the version of the CycloneDX schema used by this instance - * - * @return a CycloneDxSchemaVersion enum - */ - public Version getSchemaVersion() { - return Version.VERSION_15; - } - - /** - * Creates a CycloneDX BoM from a set of Components. - * - * @return an XML Document representing a CycloneDX BoM - */ - public Document generate() throws ParserConfigurationException { - return generateDocument(this.bom); - } - - public String toXmlString() throws GeneratorException { - return toXML(this.bom, true); - } -} diff --git a/src/main/java/org/cyclonedx/model/Annotation.java b/src/main/java/org/cyclonedx/model/Annotation.java index ad96984052..4cfa8a362e 100644 --- a/src/main/java/org/cyclonedx/model/Annotation.java +++ b/src/main/java/org/cyclonedx/model/Annotation.java @@ -58,6 +58,8 @@ public class Annotation extends ExtensibleElement private String text; + @JsonOnly + @JsonProperty("signature") private Signature signature; public String getBomRef() { diff --git a/src/main/java/org/cyclonedx/model/AttachmentText.java b/src/main/java/org/cyclonedx/model/AttachmentText.java index ee8fa39b8f..647941f995 100644 --- a/src/main/java/org/cyclonedx/model/AttachmentText.java +++ b/src/main/java/org/cyclonedx/model/AttachmentText.java @@ -31,6 +31,7 @@ @SuppressWarnings("unused") @JsonPropertyOrder({ + "contentType", "content-type", "encoding"}) @JsonInclude(JsonInclude.Include.NON_NULL) diff --git a/src/main/java/org/cyclonedx/model/Attribute.java b/src/main/java/org/cyclonedx/model/Attribute.java index 31016b1693..924a989b89 100644 --- a/src/main/java/org/cyclonedx/model/Attribute.java +++ b/src/main/java/org/cyclonedx/model/Attribute.java @@ -18,6 +18,8 @@ */ package org.cyclonedx.model; +import java.util.Objects; + public class Attribute { private final String key; @@ -36,4 +38,20 @@ public String getValue() { return this.value; } + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Attribute)) { + return false; + } + Attribute attribute = (Attribute) object; + return Objects.equals(key, attribute.key) && Objects.equals(value, attribute.value); + } + + @Override + public int hashCode() { + return Objects.hash(key, value); + } } diff --git a/src/main/java/org/cyclonedx/model/Bom.java b/src/main/java/org/cyclonedx/model/Bom.java index 9fba6c692b..57327c8b67 100644 --- a/src/main/java/org/cyclonedx/model/Bom.java +++ b/src/main/java/org/cyclonedx/model/Bom.java @@ -29,6 +29,9 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; +import org.cyclonedx.Version; +import org.cyclonedx.model.attestation.Declarations; +import org.cyclonedx.model.definition.Definition; import org.cyclonedx.model.formulation.Formula; import org.cyclonedx.model.vulnerability.Vulnerability; import org.cyclonedx.util.deserializer.DependencyDeserializer; @@ -54,6 +57,8 @@ "vulnerabilities", "annotations", "formulation", + "declarations", + "definitions", "signature" }) public class Bom extends ExtensibleElement { @@ -62,41 +67,47 @@ public class Bom extends ExtensibleElement { @JacksonXmlProperty(isAttribute = true) private String xmlns; - @VersionFilter(versions = { "1.0", "1.1" }) + @VersionFilter(Version.VERSION_12) private Metadata metadata; private List components; - @VersionFilter(versions = {"1.0", "1.1"}) + @VersionFilter(Version.VERSION_12) private List services; - @VersionFilter(versions = {"1.0"}) + @VersionFilter(Version.VERSION_11) private DependencyList dependencies; - @VersionFilter(versions = {"1.0"}) - @JsonDeserialize(using = ExternalReferencesDeserializer.class) + @VersionFilter(Version.VERSION_11) private List externalReferences; - @VersionFilter(versions = {"1.0", "1.1", "1.2"}) + @VersionFilter(Version.VERSION_13) private List compositions; - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(Version.VERSION_15) private List formulation; - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) + @VersionFilter(Version.VERSION_16) + private Definition definitions; + + @VersionFilter(Version.VERSION_16) + private Declarations declarations; + + @VersionFilter(Version.VERSION_14) @JsonDeserialize(using = VulnerabilityDeserializer.class) private List vulnerabilities; - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(Version.VERSION_15) private List annotations; - @VersionFilter(versions = {"1.0", "1.1", "1.2"}) + @JsonInclude(JsonInclude.Include.NON_EMPTY) private List properties; @JacksonXmlProperty(isAttribute = true) private int version = 1; @JacksonXmlProperty(isAttribute = true) + @VersionFilter(Version.VERSION_11) private String serialNumber; @JsonOnly @@ -106,7 +117,7 @@ public class Bom extends ExtensibleElement { private String bomFormat; @JsonOnly - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) + @VersionFilter(Version.VERSION_14) private Signature signature; public Metadata getMetadata() { @@ -136,6 +147,7 @@ public void addComponent(Component component) { @JacksonXmlElementWrapper(localName = "services") @JacksonXmlProperty(localName = "service") + @VersionFilter(Version.VERSION_12) public List getServices() { return services; } @@ -153,6 +165,7 @@ public void addService(Service service) { @JacksonXmlElementWrapper(useWrapping = false) @JsonDeserialize(using = DependencyDeserializer.class) + @VersionFilter(Version.VERSION_11) public List getDependencies() { return dependencies; } @@ -168,6 +181,9 @@ public void addDependency(Dependency dependency) { dependencies.add(dependency); } + @JacksonXmlElementWrapper(localName = "externalReferences") + @JacksonXmlProperty(localName = "reference") + @JsonDeserialize(using = ExternalReferencesDeserializer.class) public List getExternalReferences() { return externalReferences; } @@ -185,6 +201,7 @@ public void setExternalReferences(List externalReferences) { @JacksonXmlElementWrapper(localName = "compositions") @JacksonXmlProperty(localName = "composition") + @VersionFilter(Version.VERSION_13) public List getCompositions() { return compositions; } @@ -195,6 +212,7 @@ public void setCompositions(List compositions) { @JacksonXmlElementWrapper(localName = "formulation") @JacksonXmlProperty(localName = "formula") + @VersionFilter(Version.VERSION_15) public List getFormulation() { return formulation; } @@ -205,12 +223,14 @@ public void setFormulation(final List formulation) { @JacksonXmlElementWrapper(localName = "vulnerabilities") @JacksonXmlProperty(localName = "vulnerability") + @VersionFilter(Version.VERSION_14) public List getVulnerabilities() { return vulnerabilities; } public void setVulnerabilities(List vulnerabilities) { this.vulnerabilities = vulnerabilities; } @JacksonXmlElementWrapper(localName = "annotations") @JacksonXmlProperty(localName = "annotation") + @VersionFilter(Version.VERSION_15) public List getAnnotations() { return annotations; } @@ -221,6 +241,8 @@ public void setAnnotations(List annotations) { @JacksonXmlElementWrapper(localName = "properties") @JacksonXmlProperty(localName = "property") + @JsonInclude(JsonInclude.Include.NON_EMPTY) + @VersionFilter(Version.VERSION_13) public List getProperties() { return properties; } @@ -236,6 +258,22 @@ public void addProperty(Property property) { this.properties.add(property); } + public Declarations getDeclarations() { + return declarations; + } + + public void setDeclarations(final Declarations declarations) { + this.declarations = declarations; + } + + public Definition getDefinitions() { + return definitions; + } + + public void setDefinitions(final Definition definitions) { + this.definitions = definitions; + } + public int getVersion() { return version; } diff --git a/src/main/java/org/cyclonedx/model/Component.java b/src/main/java/org/cyclonedx/model/Component.java index 7ae2df3aed..37c1f184a8 100644 --- a/src/main/java/org/cyclonedx/model/Component.java +++ b/src/main/java/org/cyclonedx/model/Component.java @@ -22,8 +22,13 @@ import java.util.List; import java.util.Objects; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonUnwrapped; +import org.cyclonedx.Version; import org.cyclonedx.model.component.ModelCard; -import org.cyclonedx.model.component.modelCard.ComponentData; +import org.cyclonedx.model.component.crypto.CryptoProperties; +import org.cyclonedx.model.component.Tags; +import org.cyclonedx.model.component.data.ComponentData; import org.cyclonedx.util.deserializer.ExternalReferencesDeserializer; import org.cyclonedx.util.deserializer.HashesDeserializer; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; @@ -35,6 +40,7 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; import com.github.packageurl.PackageURL; +import org.cyclonedx.util.deserializer.LicenseDeserializer; import org.cyclonedx.util.deserializer.PropertiesDeserializer; @SuppressWarnings("unused") @@ -42,7 +48,12 @@ @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder( - {"supplier", + { + "type", + "bom-ref", + "supplier", + "manufacturer", + "authors", "author", "publisher", "group", @@ -55,6 +66,8 @@ "copyright", "cpe", "purl", + "omniborId", + "swhid", "swid", "modified", "pedigree", @@ -65,7 +78,9 @@ "releaseNotes", "modelCard", "data", - "signature" + "cryptoProperties", + "signature", + "provides" }) public class Component extends ExtensibleElement { @@ -93,7 +108,10 @@ public enum Type { @JsonProperty("machine-learning-model") MACHINE_LEARNING_MODEL("machine-learning-model"), @JsonProperty("data") - DATA("data"); + DATA("data"), + @VersionFilter(Version.VERSION_16) + @JsonProperty("cryptographic-asset") + CRYPTOGRAPHIC_ASSET("cryptographic-asset"); private final String name; @@ -127,15 +145,24 @@ public String getScopeName() { @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") @JsonProperty("bom-ref") + @VersionFilter(Version.VERSION_11) private String bomRef; + @JacksonXmlProperty(isAttribute = true, localName = "mime-type") @JsonProperty("mime-type") private String mimeType; - @VersionFilter(versions = {"1.0", "1.1"}) + + @JacksonXmlProperty(isAttribute = true) + private Type type; + + @VersionFilter(Version.VERSION_12) private OrganizationalEntity supplier; - @VersionFilter(versions = {"1.0", "1.1"}) + + @Deprecated + @VersionFilter(Version.VERSION_12) private String author; - @VersionFilter(versions = {"1.0"}) + + @VersionFilter(Version.VERSION_11) private String publisher; private String group; private String name; @@ -143,37 +170,67 @@ public String getScopeName() { private String description; private Scope scope; private List hashes; - private LicenseChoice license; + private LicenseChoice licenses; private String copyright; private String cpe; private String purl; - @VersionFilter(versions = {"1.0", "1.1"}) + + @VersionFilter(Version.VERSION_16) + private List omniborId; + + @VersionFilter(Version.VERSION_16) + private List swhid; + @VersionFilter(Version.VERSION_12) private Swid swid; + private Boolean modified; - @VersionFilter(versions = {"1.0"}) + + @VersionFilter(Version.VERSION_11) private Pedigree pedigree; - @VersionFilter(versions = {"1.0"}) + + @VersionFilter(Version.VERSION_11) private List externalReferences; - @VersionFilter(versions = {"1.0", "1.1", "1.2"}) + + @VersionFilter(Version.VERSION_13) private List properties; + private List components; - @VersionFilter(versions = {"1.0", "1.1", "1.2"}) + + @VersionFilter(Version.VERSION_13) private Evidence evidence; - @JacksonXmlProperty(isAttribute = true) - private Type type; - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) + + @VersionFilter(Version.VERSION_14) private ReleaseNotes releaseNotes; - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(Version.VERSION_15) @JsonProperty("modelCard") private ModelCard modelCard; - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) - @JsonProperty("data") - private ComponentData data; + @VersionFilter(Version.VERSION_15) + private List data; + + @VersionFilter(Version.VERSION_16) + @JsonProperty("cryptoProperties") + private CryptoProperties cryptoProperties; + + @VersionFilter(Version.VERSION_16) + @JsonProperty("provides") + private List provides; + + @VersionFilter(Version.VERSION_16) + @JsonUnwrapped + private Tags tags; + + @VersionFilter(Version.VERSION_16) + @JsonProperty("authors") + private List authors; + + @VersionFilter(Version.VERSION_16) + @JsonProperty("manufacturer") + private OrganizationalEntity manufacturer; @JsonOnly - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) + @VersionFilter(Version.VERSION_14) private Signature signature; public String getBomRef() { @@ -274,14 +331,25 @@ public void addHash(Hash hash) { this.hashes.add(hash); } - @JacksonXmlProperty(localName = "licenses") - @JsonProperty("licenses") + @JsonDeserialize(using = LicenseDeserializer.class) + public LicenseChoice getLicenses() { + return licenses; + } + + @JacksonXmlElementWrapper (useWrapping = false) + public void setLicenses(LicenseChoice licenses) { + this.licenses = licenses; + } + + @Deprecated public LicenseChoice getLicenseChoice() { - return license; + return getLicenses(); } + @Deprecated + @JsonIgnore public void setLicenseChoice(LicenseChoice licenseChoice) { - this.license = licenseChoice; + setLicenses(licenseChoice); } public String getCopyright() { @@ -348,6 +416,7 @@ public void setPedigree(Pedigree pedigree) { @JacksonXmlElementWrapper(localName = "externalReferences") @JacksonXmlProperty(localName = "reference") @JsonDeserialize(using = ExternalReferencesDeserializer.class) + @VersionFilter(Version.VERSION_11) public List getExternalReferences() { return externalReferences; } @@ -430,18 +499,81 @@ public void setModelCard(final ModelCard modelCard) { this.modelCard = modelCard; } - public ComponentData getData() { + @JsonProperty("data") + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "data") + public List getData() { return data; } - public void setData(final ComponentData data) { + public void setData(final List data) { this.data = data; } + @JacksonXmlElementWrapper(useWrapping = false) + @VersionFilter(Version.VERSION_16) + public List getOmniborId() { + return omniborId; + } + + public void setOmniborId(final List omniborId) { + this.omniborId = omniborId; + } + + @JacksonXmlElementWrapper(useWrapping = false) + @VersionFilter(Version.VERSION_16) + public List getSwhid() { + return swhid; + } + + public void setSwhid(final List swhid) { + this.swhid = swhid; + } + + public CryptoProperties getCryptoProperties() { + return cryptoProperties; + } + + public void setCryptoProperties(final CryptoProperties cryptoProperties) { + this.cryptoProperties = cryptoProperties; + } + + public List getProvides() { + return provides; + } + + public void setProvides(final List provides) { + this.provides = provides; + } + + public Tags getTags() { + return tags; + } + + public void setTags(final Tags tags) { + this.tags = tags; + } + + public List getAuthors() { + return authors; + } + + public void setAuthors(final List authors) { + this.authors = authors; + } + + public OrganizationalEntity getManufacturer() { + return manufacturer; + } + + public void setManufacturer(final OrganizationalEntity manufacturer) { + this.manufacturer = manufacturer; + } + @Override public int hashCode() { - return Objects.hash(author, publisher, group, name, version, description, scope, hashes, license, copyright, - cpe, purl, swid, modified, components, evidence, releaseNotes, type, modelCard, data); + return Objects.hash(author, publisher, group, name, version, description, scope, hashes, licenses, copyright, + cpe, purl, omniborId, swhid, swid, modified, components, evidence, releaseNotes, type, modelCard, data); } @Override @@ -459,11 +591,13 @@ public boolean equals(Object o) { Objects.equals(description, component.description) && Objects.equals(scope, component.scope) && Objects.equals(hashes, component.hashes) && - Objects.equals(license, component.license) && + Objects.equals(licenses, component.licenses) && Objects.equals(copyright, component.copyright) && Objects.equals(cpe, component.cpe) && Objects.equals(purl, component.purl) && Objects.equals(swid, component.swid) && + Objects.equals(swhid, component.swhid) && + Objects.equals(omniborId, component.omniborId) && Objects.equals(components, component.components) && Objects.equals(evidence, component.evidence) && Objects.equals(mimeType, component.mimeType) && diff --git a/src/main/java/org/cyclonedx/model/ComponentWrapper.java b/src/main/java/org/cyclonedx/model/ComponentWrapper.java index 3beee2f95b..84ca5e2d45 100644 --- a/src/main/java/org/cyclonedx/model/ComponentWrapper.java +++ b/src/main/java/org/cyclonedx/model/ComponentWrapper.java @@ -26,7 +26,7 @@ /** * Helper class for Jackson serializing/deserializing lists that have same localname, but different wrapper name. * Currently used by Ancestors, Descendants and Variants - * Workaround for: https://github.com/FasterXML/jackson-dataformat-xml/issues/192 + * Workaround for: ... * @since 4.0.0 */ public abstract class ComponentWrapper { diff --git a/src/main/java/org/cyclonedx/model/Composition.java b/src/main/java/org/cyclonedx/model/Composition.java index 4fa8156acb..ce611f4db9 100644 --- a/src/main/java/org/cyclonedx/model/Composition.java +++ b/src/main/java/org/cyclonedx/model/Composition.java @@ -25,9 +25,11 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.Version; import java.util.ArrayList; import java.util.List; +import java.util.Objects; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(Include.NON_EMPTY) @@ -69,14 +71,14 @@ public String getAggregateName() { @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") @JsonProperty("bom-ref") - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(Version.VERSION_15) private String bomRef; private Aggregate aggregate; private List assemblies; private List dependencies; - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(Version.VERSION_15) private List vulnerabilities; public String getBomRef() { @@ -131,6 +133,7 @@ public void addDependency(BomReference dependency) { @JacksonXmlElementWrapper(localName = "vulnerabilities") @JacksonXmlProperty(localName = "vulnerability") + @VersionFilter(Version.VERSION_15) public List getVulnerabilities() { return vulnerabilities; } public void setVulnerabilities(List vulnerabilities) { this.vulnerabilities = vulnerabilities; } @@ -141,4 +144,24 @@ public void addVulnerability(BomReference vulnerability) { } vulnerabilities.add(vulnerability); } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Composition)) { + return false; + } + Composition that = (Composition) object; + return Objects.equals(bomRef, that.bomRef) && aggregate == that.aggregate && + Objects.equals(assemblies, that.assemblies) && + Objects.equals(dependencies, that.dependencies) && + Objects.equals(vulnerabilities, that.vulnerabilities); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, aggregate, assemblies, dependencies, vulnerabilities); + } } diff --git a/src/main/java/org/cyclonedx/model/Copyright.java b/src/main/java/org/cyclonedx/model/Copyright.java index 0066414a6d..66003a2493 100644 --- a/src/main/java/org/cyclonedx/model/Copyright.java +++ b/src/main/java/org/cyclonedx/model/Copyright.java @@ -18,6 +18,15 @@ */ package org.cyclonedx.model; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JacksonXmlRootElement(localName = "copyright") public class Copyright { private String text; @@ -35,4 +44,21 @@ public String getText() { public void setText(String text) { this.text = text; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Copyright)) { + return false; + } + Copyright copyright = (Copyright) object; + return Objects.equals(text, copyright.text); + } + + @Override + public int hashCode() { + return Objects.hashCode(text); + } } diff --git a/src/main/java/org/cyclonedx/model/Diff.java b/src/main/java/org/cyclonedx/model/Diff.java index d3bd37c39e..3724db1d5e 100644 --- a/src/main/java/org/cyclonedx/model/Diff.java +++ b/src/main/java/org/cyclonedx/model/Diff.java @@ -18,6 +18,8 @@ */ package org.cyclonedx.model; +import java.util.Objects; + public class Diff { private AttachmentText text; @@ -38,4 +40,21 @@ public String getUrl() { public void setUrl(final String url) { this.url = url; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Diff)) { + return false; + } + Diff diff = (Diff) object; + return Objects.equals(text, diff.text) && Objects.equals(url, diff.url); + } + + @Override + public int hashCode() { + return Objects.hash(text, url); + } } diff --git a/src/main/java/org/cyclonedx/model/Evidence.java b/src/main/java/org/cyclonedx/model/Evidence.java index 3d1fc8d01f..8b4eb5327d 100644 --- a/src/main/java/org/cyclonedx/model/Evidence.java +++ b/src/main/java/org/cyclonedx/model/Evidence.java @@ -18,6 +18,7 @@ */ package org.cyclonedx.model; +import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; @@ -25,13 +26,16 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.Version; import org.cyclonedx.model.component.evidence.Callstack; import org.cyclonedx.model.component.evidence.Identity; import org.cyclonedx.model.component.evidence.Occurrence; +import org.cyclonedx.util.deserializer.IdentityDeserializer; import org.cyclonedx.util.deserializer.LicenseDeserializer; import java.util.ArrayList; import java.util.List; +import java.util.Objects; @SuppressWarnings("unused") @JsonIgnoreProperties(ignoreUnknown = true) @@ -40,31 +44,43 @@ public class Evidence extends ExtensibleElement { - private LicenseChoice license; + private LicenseChoice licenses; private List copyright; - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) - private Identity identity; + @VersionFilter(Version.VERSION_15) + private List identities; - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(Version.VERSION_15) private List occurrences; - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(Version.VERSION_15) private Callstack callstack; - @JacksonXmlProperty(localName = "licenses") - @JsonProperty("licenses") - @JsonDeserialize(using = LicenseDeserializer.class) + @Deprecated public LicenseChoice getLicenseChoice() { - return license; + return getLicenses(); } + @Deprecated + @JsonIgnore public void setLicenseChoice(LicenseChoice licenseChoice) { - this.license = licenseChoice; + setLicenses(licenseChoice); } - @JacksonXmlElementWrapper(useWrapping = false) + @JsonDeserialize(using = LicenseDeserializer.class) + public LicenseChoice getLicenses() { + return licenses; + } + + @JacksonXmlElementWrapper (useWrapping = false) + public void setLicenses(LicenseChoice licenses) { + this.licenses = licenses; + } + + @JacksonXmlElementWrapper(localName = "copyright") + @JacksonXmlProperty(localName = "text") + @JsonProperty("copyright") public List getCopyright() { return copyright; } @@ -80,17 +96,10 @@ public void addCopyright(Copyright copyright) { this.copyright.add(copyright); } - public Identity getIdentity() { - return identity; - } - - public void setIdentity(final Identity identity) { - this.identity = identity; - } - @JsonProperty("occurrences") @JacksonXmlElementWrapper(localName = "occurrences") @JacksonXmlProperty(localName = "occurrence") + @VersionFilter(Version.VERSION_15) public List getOccurrences() { return occurrences; } @@ -99,6 +108,13 @@ public void setOccurrences(final List occurrences) { this.occurrences = occurrences; } + public void addOccurrence(Occurrence occurrence) { + if (this.occurrences == null) { + this.occurrences = new ArrayList<>(); + } + this.occurrences.add(occurrence); + } + public Callstack getCallstack() { return callstack; } @@ -106,4 +122,38 @@ public Callstack getCallstack() { public void setCallstack(final Callstack callstack) { this.callstack = callstack; } + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "identity") + @JsonProperty("identity") + @JsonDeserialize(using = IdentityDeserializer.class) + @VersionFilter(Version.VERSION_15) + public List getIdentities() { + return identities; + } + + public void setIdentities(final List identities) { + this.identities = identities; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Evidence)) { + return false; + } + Evidence evidence = (Evidence) object; + return Objects.equals(licenses, evidence.licenses) && + Objects.equals(copyright, evidence.copyright) && + Objects.equals(identities, evidence.identities) && + Objects.equals(occurrences, evidence.occurrences) && + Objects.equals(callstack, evidence.callstack); + } + + @Override + public int hashCode() { + return Objects.hash(licenses, copyright, identities, occurrences, callstack); + } } diff --git a/src/main/java/org/cyclonedx/model/ExtensibleElement.java b/src/main/java/org/cyclonedx/model/ExtensibleElement.java index 0020320689..9d35177037 100644 --- a/src/main/java/org/cyclonedx/model/ExtensibleElement.java +++ b/src/main/java/org/cyclonedx/model/ExtensibleElement.java @@ -29,7 +29,6 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; -import org.apache.commons.lang3.StringUtils; import org.cyclonedx.util.serializer.ExtensibleTypesSerializer; import org.cyclonedx.util.deserializer.ExtensionDeserializer; diff --git a/src/main/java/org/cyclonedx/model/ExtensibleType.java b/src/main/java/org/cyclonedx/model/ExtensibleType.java index 62ec53f555..71192c60b5 100644 --- a/src/main/java/org/cyclonedx/model/ExtensibleType.java +++ b/src/main/java/org/cyclonedx/model/ExtensibleType.java @@ -68,7 +68,7 @@ public List getAttributes() { } public String getValue() { - if (super.getExtensibleTypes() != null && super.getExtensibleTypes().size() > 0) { + if (super.getExtensibleTypes() != null && !super.getExtensibleTypes().isEmpty()) { return null; } else { return value; diff --git a/src/main/java/org/cyclonedx/model/ExternalReference.java b/src/main/java/org/cyclonedx/model/ExternalReference.java index 684e0688df..816d90aba8 100644 --- a/src/main/java/org/cyclonedx/model/ExternalReference.java +++ b/src/main/java/org/cyclonedx/model/ExternalReference.java @@ -25,15 +25,13 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; -import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import org.cyclonedx.util.serializer.ExternalReferenceSerializer; +import org.cyclonedx.Version; @SuppressWarnings("unused") @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_NULL) -@JsonSerialize(using = ExternalReferenceSerializer.class) @JsonPropertyOrder({"url", "comment", "hashes"}) public class ExternalReference { @@ -58,6 +56,8 @@ public enum Type { DOCUMENTATION("documentation"), @JsonProperty("support") SUPPORT("support"), + @JsonProperty("source-distribution") + SOURCE_DISTRIBUTION("source-distribution"), @JsonProperty("distribution") DISTRIBUTION("distribution"), @JsonProperty("distribution-intake") @@ -70,6 +70,7 @@ public enum Type { BUILD_SYSTEM("build-system"), @JsonProperty("release-notes") RELEASE_NOTES("release-notes"), + @VersionFilter(Version.VERSION_15) @JsonProperty("security-contact") SECURITY_CONTACT("security-contact"), @JsonProperty("model_card") @@ -112,6 +113,14 @@ public enum Type { EVIDENCE("evidence"), @JsonProperty("formulation") FORMULATION("formulation"), + @JsonProperty("rfc-9116") + RFC_9116("rfc-9116"), + @VersionFilter(Version.VERSION_16) + @JsonProperty("electronic-signature") + ELECTRONIC_SIGNATURE("electronic-signature"), + @VersionFilter(Version.VERSION_16) + @JsonProperty("digital-signature") + DIGITAL_SIGNATURE("digital-signature"), @JsonProperty("other") OTHER("other"); @@ -140,7 +149,7 @@ public static Type fromString(String text) { private Type type; private String comment; - @VersionFilter(versions = {"1.0", "1.1", "1.2"}) + @VersionFilter(Version.VERSION_13) private List hashes; public String getUrl() { @@ -169,6 +178,7 @@ public void setComment(String comment) { @JacksonXmlElementWrapper(localName = "hashes") @JacksonXmlProperty(localName = "hash") + @VersionFilter(Version.VERSION_13) public List getHashes() { return hashes; } diff --git a/src/main/java/org/cyclonedx/model/Hash.java b/src/main/java/org/cyclonedx/model/Hash.java index d1977e1994..06cf68cd45 100644 --- a/src/main/java/org/cyclonedx/model/Hash.java +++ b/src/main/java/org/cyclonedx/model/Hash.java @@ -23,6 +23,8 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlText; +import org.cyclonedx.Version; + import java.util.Objects; @SuppressWarnings("unused") @@ -37,11 +39,16 @@ public enum Algorithm { SHA_384("SHA-384"), SHA_512("SHA-512"), SHA3_256("SHA3-256"), - SHA3_384("SHA3-384"), SHA3_512("SHA3-512"), + @VersionFilter(Version.VERSION_12) + SHA3_384("SHA3-384"), + @VersionFilter(Version.VERSION_12) BLAKE2b_256("BLAKE2b-256"), + @VersionFilter(Version.VERSION_12) BLAKE2b_384("BLAKE2b-384"), + @VersionFilter(Version.VERSION_12) BLAKE2b_512("BLAKE2b-512"), + @VersionFilter(Version.VERSION_12) BLAKE3("BLAKE3"); private final String spec; @@ -53,6 +60,15 @@ public enum Algorithm { public String getSpec() { return spec; } + + public static Algorithm fromSpec(String spec) { + for (Algorithm algorithm : values()) { + if (algorithm.spec.equalsIgnoreCase(spec)) { + return algorithm; + } + } + throw new IllegalArgumentException("No enum constant with spec " + spec); + } } @JacksonXmlProperty(localName = "alg", isAttribute = true) diff --git a/src/main/java/org/cyclonedx/model/Issue.java b/src/main/java/org/cyclonedx/model/Issue.java index 42e042c486..1ad19c8c37 100644 --- a/src/main/java/org/cyclonedx/model/Issue.java +++ b/src/main/java/org/cyclonedx/model/Issue.java @@ -27,10 +27,11 @@ import java.net.URI; import java.util.ArrayList; import java.util.List; +import java.util.Objects; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) -@JsonPropertyOrder({"id", "name", "description", "source", "reference"}) +@JsonPropertyOrder({"id", "name", "description", "source", "references"}) public class Issue { public enum Type { @@ -123,4 +124,23 @@ public Type getType() { public void setType(Type type) { this.type = type; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Issue)) { + return false; + } + Issue issue = (Issue) object; + return Objects.equals(id, issue.id) && Objects.equals(name, issue.name) && + Objects.equals(description, issue.description) && Objects.equals(source, issue.source) && + Objects.equals(references, issue.references) && type == issue.type; + } + + @Override + public int hashCode() { + return Objects.hash(id, name, description, source, references, type); + } } diff --git a/src/main/java/org/cyclonedx/model/License.java b/src/main/java/org/cyclonedx/model/License.java index 98c2d80643..46dc30c731 100644 --- a/src/main/java/org/cyclonedx/model/License.java +++ b/src/main/java/org/cyclonedx/model/License.java @@ -18,26 +18,30 @@ */ package org.cyclonedx.model; +import java.util.ArrayList; import java.util.List; import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonInclude.Include; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.annotation.JsonRootName; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.Version; +import org.cyclonedx.model.license.Acknowledgement; import org.cyclonedx.util.deserializer.PropertiesDeserializer; @SuppressWarnings("unused") @JsonIgnoreProperties(ignoreUnknown = true) -@JsonInclude(JsonInclude.Include.NON_NULL) -@JsonPropertyOrder({"id", "name", "licensing", "text", "url", "properties"}) +@JsonInclude(Include.NON_EMPTY) +@JsonPropertyOrder({"bom-ref", "id", "name", "acknowledgement", "licensing", "text", "url", "properties"}) @JsonRootName("license") public class License extends ExtensibleElement { - @VersionFilter(versions = {"1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(Version.VERSION_15) @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") @JsonProperty("bom-ref") private String bomRef; @@ -46,15 +50,23 @@ public class License extends ExtensibleElement { private String id; private String name; - @VersionFilter(versions = {"1.1", "1.2", "1.3", "1.4"}) + @JacksonXmlProperty(isAttribute = true, localName = "acknowledgement") + @JsonProperty("acknowledgement") + @VersionFilter(Version.VERSION_16) + private Acknowledgement acknowledgement; + + @VersionFilter(Version.VERSION_15) private Licensing licensing; @JacksonXmlProperty(localName = "text") @JsonProperty("text") + @VersionFilter(Version.VERSION_11) private AttachmentText attachmentText; + + @VersionFilter(Version.VERSION_11) private String url; - @VersionFilter(versions = {"1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(Version.VERSION_15) private List properties; public String getBomRef() { @@ -89,10 +101,12 @@ public void setLicensing(final Licensing licensing) { this.licensing = licensing; } + @VersionFilter(Version.VERSION_11) public String getUrl() { return url; } + @VersionFilter(Version.VERSION_11) public void setUrl(String url) { this.url = url; } @@ -108,6 +122,13 @@ public void setProperties(final List properties) { this.properties = properties; } + public void addProperty(Property property) { + if(this.properties == null) { + this.properties = new ArrayList<>(); + } + this.properties.add(property); + } + public AttachmentText getAttachmentText() { return attachmentText; } @@ -116,6 +137,14 @@ public void setLicenseText(AttachmentText attachmentText) { this.attachmentText = attachmentText; } + public Acknowledgement getAcknowledgement() { + return acknowledgement; + } + + public void setAcknowledgement(final Acknowledgement acknowledgement) { + this.acknowledgement = acknowledgement; + } + @Override public boolean equals(Object o) { if (this == o) return true; @@ -126,11 +155,12 @@ public boolean equals(Object o) { Objects.equals(url, license.url) && Objects.equals(attachmentText, license.attachmentText) && Objects.equals(licensing, license.licensing) && + Objects.equals(acknowledgement, license.acknowledgement) && Objects.equals(properties, license.properties); } @Override public int hashCode() { - return Objects.hash(id, name, url, attachmentText, properties, licensing); + return Objects.hash(id, name, url, attachmentText, properties, licensing, acknowledgement); } } diff --git a/src/main/java/org/cyclonedx/model/LicenseChoice.java b/src/main/java/org/cyclonedx/model/LicenseChoice.java index 5f60fc1b54..c3618d095f 100644 --- a/src/main/java/org/cyclonedx/model/LicenseChoice.java +++ b/src/main/java/org/cyclonedx/model/LicenseChoice.java @@ -26,6 +26,7 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.license.Expression; import org.cyclonedx.util.deserializer.LicenseDeserializer; @JsonIgnoreProperties(ignoreUnknown = true) @@ -33,11 +34,11 @@ @JsonDeserialize(using = LicenseDeserializer.class) public class LicenseChoice { + @JacksonXmlElementWrapper(useWrapping = false) private List license; - private String expression; + private Expression expression; @JacksonXmlProperty(localName = "license") - @JacksonXmlElementWrapper(useWrapping = false) public List getLicenses() { return license; } @@ -55,11 +56,12 @@ public void addLicense(License license) { this.expression = null; } - public String getExpression() { + @JacksonXmlProperty(localName = "expression") + public Expression getExpression() { return expression; } - public void setExpression(String expression) { + public void setExpression(Expression expression) { this.expression = expression; this.license = null; } diff --git a/src/main/java/org/cyclonedx/model/LifecycleChoice.java b/src/main/java/org/cyclonedx/model/LifecycleChoice.java index 568ba2d2fc..28e5b0b3fe 100644 --- a/src/main/java/org/cyclonedx/model/LifecycleChoice.java +++ b/src/main/java/org/cyclonedx/model/LifecycleChoice.java @@ -18,6 +18,8 @@ */ package org.cyclonedx.model; +import java.util.Objects; + import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; @@ -99,4 +101,22 @@ public Phase getPhase() { public void setPhase(final Phase phase) { this.phase = phase; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof LifecycleChoice)) { + return false; + } + LifecycleChoice choice = (LifecycleChoice) object; + return phase == choice.phase && Objects.equals(name, choice.name) && + Objects.equals(description, choice.description); + } + + @Override + public int hashCode() { + return Objects.hash(phase, name, description); + } } diff --git a/src/main/java/org/cyclonedx/model/Lifecycles.java b/src/main/java/org/cyclonedx/model/Lifecycles.java index f705c8e1ca..3222b64bf3 100644 --- a/src/main/java/org/cyclonedx/model/Lifecycles.java +++ b/src/main/java/org/cyclonedx/model/Lifecycles.java @@ -19,6 +19,7 @@ package org.cyclonedx.model; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; @@ -36,4 +37,21 @@ public List getLifecycleChoice() { public void setLifecycleChoice(final List lifecycleChoice) { this.lifecycleChoice = lifecycleChoice; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Lifecycles)) { + return false; + } + Lifecycles that = (Lifecycles) object; + return Objects.equals(lifecycleChoice, that.lifecycleChoice); + } + + @Override + public int hashCode() { + return Objects.hashCode(lifecycleChoice); + } } diff --git a/src/main/java/org/cyclonedx/model/Metadata.java b/src/main/java/org/cyclonedx/model/Metadata.java index b2fd8956fb..4d57fe9192 100644 --- a/src/main/java/org/cyclonedx/model/Metadata.java +++ b/src/main/java/org/cyclonedx/model/Metadata.java @@ -27,6 +27,8 @@ import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.Version; +import org.cyclonedx.util.deserializer.LicenseDeserializer; import org.cyclonedx.util.deserializer.LifecycleDeserializer; import org.cyclonedx.util.deserializer.MetadataDeserializer; import org.cyclonedx.util.serializer.CustomDateSerializer; @@ -39,7 +41,8 @@ @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder({ - "timestamp", "lifecycles", "tools", "authors", "component", "manufacture", "supplier", "licenses", "properties" + "timestamp", "lifecycles", "tools", "authors", "component", "manufacturer", "manufacture", "supplier", "licenses", + "properties" }) @JsonDeserialize(using = MetadataDeserializer.class) public class Metadata @@ -47,41 +50,46 @@ public class Metadata { @JsonSerialize(using = CustomDateSerializer.class) - @VersionFilter(versions = {"1.0", "1.1"}) + @VersionFilter(Version.VERSION_12) private Date timestamp = new Date(); - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(Version.VERSION_15) @JsonProperty("lifecycles") @JsonDeserialize(using = LifecycleDeserializer.class) @JacksonXmlElementWrapper(localName = "lifecycles") @JacksonXmlProperty(localName = "lifecycle") private Lifecycles lifecycles; - @VersionFilter(versions = {"1.0", "1.1"}) + @VersionFilter(Version.VERSION_12) @Deprecated private List tools; @JacksonXmlElementWrapper(localName = "tools") @JacksonXmlProperty(localName = "tool") - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(Version.VERSION_15) private ToolInformation toolInformation; - @VersionFilter(versions = {"1.0", "1.1"}) + @VersionFilter(Version.VERSION_12) private List authors; - @VersionFilter(versions = {"1.0", "1.1"}) + @VersionFilter(Version.VERSION_12) private Component component; - @VersionFilter(versions = {"1.0", "1.1"}) + @VersionFilter(Version.VERSION_16) + @JsonProperty("manufacturer") + private OrganizationalEntity manufacturer; + + @Deprecated + @VersionFilter(Version.VERSION_12) private OrganizationalEntity manufacture; - @VersionFilter(versions = {"1.0", "1.1"}) + @VersionFilter(Version.VERSION_12) private OrganizationalEntity supplier; - @VersionFilter(versions = {"1.0", "1.1", "1.2"}) - private LicenseChoice license; + @VersionFilter(Version.VERSION_13) + private LicenseChoice licenses; - @VersionFilter(versions = {"1.0", "1.1", "1.2"}) + @VersionFilter(Version.VERSION_13) private List properties; public Date getTimestamp() { @@ -135,10 +143,12 @@ public void setComponent(Component component) { this.component = component; } + @Deprecated public OrganizationalEntity getManufacture() { return manufacture; } + @Deprecated public void setManufacture(OrganizationalEntity manufacture) { this.manufacture = manufacture; } @@ -151,14 +161,25 @@ public void setSupplier(OrganizationalEntity supplier) { this.supplier = supplier; } - @JacksonXmlProperty(localName = "licenses") - @JsonProperty("licenses") + @Deprecated public LicenseChoice getLicenseChoice() { - return license; + return getLicenses(); } + @Deprecated + @JsonIgnore public void setLicenseChoice(LicenseChoice licenseChoice) { - this.license = licenseChoice; + setLicenses(licenseChoice); + } + + @JsonDeserialize(using = LicenseDeserializer.class) + public LicenseChoice getLicenses() { + return licenses; + } + + @JacksonXmlElementWrapper (useWrapping = false) + public void setLicenses(LicenseChoice licenses) { + this.licenses = licenses; } @JacksonXmlElementWrapper(localName = "properties") @@ -196,6 +217,14 @@ public void setToolChoice(final ToolInformation toolInformation) { this.toolInformation = toolInformation; } + public OrganizationalEntity getManufacturer() { + return manufacturer; + } + + public void setManufacturer(final OrganizationalEntity manufacturer) { + this.manufacturer = manufacturer; + } + @Override public boolean equals(Object o) { if (this == o) return true; @@ -206,7 +235,7 @@ public boolean equals(Object o) { Objects.equals(component, metadata.component) && Objects.equals(manufacture, metadata.manufacture) && Objects.equals(supplier, metadata.supplier) && - Objects.equals(license, metadata.license) && + Objects.equals(licenses, metadata.licenses) && Objects.equals(lifecycles, metadata.lifecycles) && Objects.equals(toolInformation, metadata.toolInformation) && Objects.equals(properties, metadata.properties); @@ -214,7 +243,7 @@ public boolean equals(Object o) { @Override public int hashCode() { - return Objects.hash(timestamp, toolInformation, authors, component, manufacture, supplier, license, properties, + return Objects.hash(timestamp, toolInformation, authors, component, manufacture, supplier, licenses, properties, lifecycles); } } diff --git a/src/main/java/org/cyclonedx/model/OrganizationalContact.java b/src/main/java/org/cyclonedx/model/OrganizationalContact.java index 631b9f4095..adecd83f8d 100644 --- a/src/main/java/org/cyclonedx/model/OrganizationalContact.java +++ b/src/main/java/org/cyclonedx/model/OrganizationalContact.java @@ -24,6 +24,7 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.Version; import java.util.Objects; @@ -34,7 +35,7 @@ public class OrganizationalContact { @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") @JsonProperty("bom-ref") - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(Version.VERSION_15) private String bomRef; private String name; private String email; diff --git a/src/main/java/org/cyclonedx/model/OrganizationalEntity.java b/src/main/java/org/cyclonedx/model/OrganizationalEntity.java index dbcb5358c9..3f65764e44 100644 --- a/src/main/java/org/cyclonedx/model/OrganizationalEntity.java +++ b/src/main/java/org/cyclonedx/model/OrganizationalEntity.java @@ -30,21 +30,26 @@ import java.util.List; import java.util.Objects; +import org.cyclonedx.Version; +import org.cyclonedx.model.organization.PostalAddress; import org.cyclonedx.util.deserializer.OrganizationalEntityDeserializer; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) -@JsonPropertyOrder({"name", "url", "contact"}) +@JsonPropertyOrder({"name", "address", "url", "contact"}) @JsonDeserialize(using = OrganizationalEntityDeserializer.class) public class OrganizationalEntity { @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") @JsonProperty("bom-ref") - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(Version.VERSION_15) private String bomRef; private String name; + @VersionFilter(Version.VERSION_16) + private PostalAddress address; + private List url; @JsonProperty("contact") private List contact; @@ -94,6 +99,14 @@ public void setBomRef(final String bomRef) { this.bomRef = bomRef; } + public PostalAddress getAddress() { + return address; + } + + public void setAddress(final PostalAddress address) { + this.address = address; + } + @Override public boolean equals(Object o) { if (this == o) return true; @@ -102,11 +115,12 @@ public boolean equals(Object o) { return Objects.equals(name, that.name) && Objects.equals(url, that.url) && Objects.equals(contact, that.contact) && + Objects.equals(address, that.address) && Objects.equals(bomRef, that.bomRef); } @Override public int hashCode() { - return Objects.hash(name, url, contact, bomRef); + return Objects.hash(name, url, contact, bomRef, address); } } diff --git a/src/main/java/org/cyclonedx/model/Patch.java b/src/main/java/org/cyclonedx/model/Patch.java index b21108d8a3..43c6aff385 100644 --- a/src/main/java/org/cyclonedx/model/Patch.java +++ b/src/main/java/org/cyclonedx/model/Patch.java @@ -19,6 +19,8 @@ package org.cyclonedx.model; import java.util.List; +import java.util.Objects; + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; @@ -83,4 +85,22 @@ public Type getType() { public void setType(Type type) { this.type = type; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Patch)) { + return false; + } + Patch patch = (Patch) object; + return type == patch.type && Objects.equals(diff, patch.diff) && + Objects.equals(resolves, patch.resolves); + } + + @Override + public int hashCode() { + return Objects.hash(type, diff, resolves); + } } diff --git a/src/main/java/org/cyclonedx/model/Pedigree.java b/src/main/java/org/cyclonedx/model/Pedigree.java index 58118bf217..6d1af51240 100644 --- a/src/main/java/org/cyclonedx/model/Pedigree.java +++ b/src/main/java/org/cyclonedx/model/Pedigree.java @@ -26,6 +26,7 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.Version; import org.cyclonedx.util.deserializer.ComponentWrapperDeserializer; @SuppressWarnings("unused") @@ -45,7 +46,7 @@ public class Pedigree extends ExtensibleElement { private List commits; - @VersionFilter(versions = {"1.0", "1.1"}) + @VersionFilter(Version.VERSION_12) private List patches; private String notes; diff --git a/src/main/java/org/cyclonedx/model/Property.java b/src/main/java/org/cyclonedx/model/Property.java index ff759eeda5..b9ba6425f9 100644 --- a/src/main/java/org/cyclonedx/model/Property.java +++ b/src/main/java/org/cyclonedx/model/Property.java @@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonInclude.Include; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; @@ -29,7 +30,7 @@ import java.util.Objects; @JsonIgnoreProperties(ignoreUnknown = true) -@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonInclude(Include.NON_EMPTY) @JsonPropertyOrder({"name", "value"}) @JsonDeserialize(using = PropertyDeserializer.class) public class Property extends ExtensibleElement { @@ -40,6 +41,13 @@ public class Property extends ExtensibleElement { @JacksonXmlText private String value; + public Property() { + } + public Property(String name, String value) { + this.name = name; + this.value = value; + } + public String getName() { return name; } diff --git a/src/main/java/org/cyclonedx/model/ReleaseNotes.java b/src/main/java/org/cyclonedx/model/ReleaseNotes.java index 1942cdce62..1e4982aba3 100644 --- a/src/main/java/org/cyclonedx/model/ReleaseNotes.java +++ b/src/main/java/org/cyclonedx/model/ReleaseNotes.java @@ -20,15 +20,19 @@ import java.util.Date; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonUnwrapped; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.Version; +import org.cyclonedx.model.component.Tags; import org.cyclonedx.util.deserializer.NotesDeserializer; import org.cyclonedx.util.deserializer.PropertiesDeserializer; import org.cyclonedx.util.deserializer.ResolvesDeserializer; @@ -63,10 +67,11 @@ public ReleaseNotes() {} private String socialImage; private String description; @JsonSerialize(using = CustomDateSerializer.class) - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) + @VersionFilter(Version.VERSION_14) private Date timestamp; private List aliases; - private List tags; + @JsonUnwrapped + private Tags tags; private List resolves; private List notes; private List properties; @@ -130,14 +135,11 @@ public void setAliases(final List aliases) { this.aliases = aliases; } - @JacksonXmlElementWrapper(localName = "tags") - @JacksonXmlProperty(localName = "tag") - @JsonDeserialize(using = StringListDeserializer.class) - public List getTags() { + public Tags getTags() { return tags; } - public void setTags(final List tags) { + public void setTags(final Tags tags) { this.tags = tags; } @@ -288,4 +290,28 @@ public void setText(final AttachmentText text) { this.text = text; } } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof ReleaseNotes)) { + return false; + } + ReleaseNotes that = (ReleaseNotes) object; + return Objects.equals(type, that.type) && Objects.equals(title, that.title) && + Objects.equals(featuredImage, that.featuredImage) && + Objects.equals(socialImage, that.socialImage) && + Objects.equals(description, that.description) && Objects.equals(timestamp, that.timestamp) && + Objects.equals(aliases, that.aliases) && Objects.equals(tags, that.tags) && + Objects.equals(resolves, that.resolves) && Objects.equals(notes, that.notes) && + Objects.equals(properties, that.properties); + } + + @Override + public int hashCode() { + return Objects.hash(type, title, featuredImage, socialImage, description, timestamp, aliases, tags, resolves, notes, + properties); + } } diff --git a/src/main/java/org/cyclonedx/model/Service.java b/src/main/java/org/cyclonedx/model/Service.java index 90d0d58b2b..69f1fe8c7b 100644 --- a/src/main/java/org/cyclonedx/model/Service.java +++ b/src/main/java/org/cyclonedx/model/Service.java @@ -18,23 +18,30 @@ */ package org.cyclonedx.model; +import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.annotation.JsonUnwrapped; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.Version; +import org.cyclonedx.model.component.Tags; import org.cyclonedx.util.deserializer.ExternalReferencesDeserializer; +import org.cyclonedx.util.deserializer.LicenseDeserializer; import org.cyclonedx.util.deserializer.StringListDeserializer; import java.util.ArrayList; import java.util.List; +import java.util.Objects; @SuppressWarnings("unused") @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder({ + "bom-ref", "provider", "group", "name", @@ -43,10 +50,12 @@ "endpoints", "authenticated", "xTrustBoundary", + "trustZone", "data", "licenses", "externalReferences", "properties", + "tags", "services", "releaseNotes", "signature" @@ -66,15 +75,20 @@ public class Service extends ExtensibleElement { @JacksonXmlProperty(localName = "x-trust-boundary") @JsonProperty("x-trust-boundary") private Boolean xTrustBoundary; + @VersionFilter(Version.VERSION_15) + private String trustZone; private List data; - private LicenseChoice license; + private LicenseChoice licenses; private List externalReferences; - @VersionFilter(versions = {"1.0", "1.1", "1.2"}) + @VersionFilter(Version.VERSION_13) private List properties; + @VersionFilter(Version.VERSION_16) + @JsonUnwrapped + private Tags tags; private List services; private ReleaseNotes releaseNotes; @JsonOnly - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) + @VersionFilter(Version.VERSION_14) private Signature signature; public String getBomRef() { @@ -176,14 +190,25 @@ public void setData(List data) { this.data = data; } - @JacksonXmlProperty(localName = "licenses") - @JsonProperty("licenses") + @Deprecated public LicenseChoice getLicense() { - return license; + return getLicenses(); } - public void setLicense(LicenseChoice license) { - this.license = license; + @Deprecated + @JsonIgnore + public void setLicense(LicenseChoice licenseChoice) { + setLicenses(licenseChoice); + } + + @JsonDeserialize(using = LicenseDeserializer.class) + public LicenseChoice getLicenses() { + return licenses; + } + + @JacksonXmlElementWrapper (useWrapping = false) + public void setLicenses(LicenseChoice licenses) { + this.licenses = licenses; } @JacksonXmlElementWrapper(localName = "externalReferences") @@ -238,4 +263,51 @@ public void setServices(List services) { public Signature getSignature() { return signature; } public void setSignature(Signature signature) { this.signature = signature; } + + public Tags getTags() { + return tags; + } + + public void setTags(final Tags tags) { + this.tags = tags; + } + + public String getTrustZone() { + return trustZone; + } + + public void setTrustZone(final String trustZone) { + this.trustZone = trustZone; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Service)) { + return false; + } + Service service = (Service) object; + return Objects.equals(bomRef, service.bomRef) && Objects.equals(provider, service.provider) && + Objects.equals(group, service.group) && Objects.equals(name, service.name) && + Objects.equals(version, service.version) && + Objects.equals(description, service.description) && + Objects.equals(endpoints, service.endpoints) && + Objects.equals(authenticated, service.authenticated) && + Objects.equals(xTrustBoundary, service.xTrustBoundary) && + Objects.equals(data, service.data) && Objects.equals(licenses, service.licenses) && + Objects.equals(externalReferences, service.externalReferences) && + Objects.equals(properties, service.properties) && Objects.equals(tags, service.tags) && + Objects.equals(services, service.services) && + Objects.equals(releaseNotes, service.releaseNotes) && + Objects.equals(trustZone, service.trustZone) && + Objects.equals(signature, service.signature); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, provider, group, name, version, description, endpoints, authenticated, signature, + xTrustBoundary, trustZone, data, licenses, externalReferences, properties, tags, services, releaseNotes); + } } diff --git a/src/main/java/org/cyclonedx/model/ServiceData.java b/src/main/java/org/cyclonedx/model/ServiceData.java index 5018ebe44c..66efe098ef 100644 --- a/src/main/java/org/cyclonedx/model/ServiceData.java +++ b/src/main/java/org/cyclonedx/model/ServiceData.java @@ -20,14 +20,20 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonInclude.Include; import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlText; import java.util.Objects; @SuppressWarnings("unused") @JsonIgnoreProperties(ignoreUnknown = true) -@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonInclude(Include.NON_EMPTY) +@JsonPropertyOrder({ + "classification", + "flow" +}) public class ServiceData { public enum Flow { diff --git a/src/main/java/org/cyclonedx/model/Source.java b/src/main/java/org/cyclonedx/model/Source.java index 3f39f9cbd7..76f0d491af 100644 --- a/src/main/java/org/cyclonedx/model/Source.java +++ b/src/main/java/org/cyclonedx/model/Source.java @@ -19,6 +19,8 @@ package org.cyclonedx.model; import java.net.URL; +import java.util.Objects; + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonPropertyOrder; @@ -49,4 +51,21 @@ public String getName() { public void setName(final String name) { this.name = name; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Source)) { + return false; + } + Source source = (Source) object; + return Objects.equals(name, source.name) && Objects.equals(url, source.url); + } + + @Override + public int hashCode() { + return Objects.hash(name, url); + } } diff --git a/src/main/java/org/cyclonedx/model/Swid.java b/src/main/java/org/cyclonedx/model/Swid.java index 41083e92d7..8ddc2a9a92 100644 --- a/src/main/java/org/cyclonedx/model/Swid.java +++ b/src/main/java/org/cyclonedx/model/Swid.java @@ -38,10 +38,10 @@ public class Swid { private String version; @JacksonXmlProperty(isAttribute = true) - private int tagVersion; + private Integer tagVersion; @JacksonXmlProperty(isAttribute = true) - private boolean patch; + private Boolean patch; @JacksonXmlProperty(localName = "text") @JsonProperty("text") @@ -71,19 +71,19 @@ public void setVersion(String version) { this.version = version; } - public int getTagVersion() { + public Integer getTagVersion() { return tagVersion; } - public void setTagVersion(int tagVersion) { + public void setTagVersion(Integer tagVersion) { this.tagVersion = tagVersion; } - public boolean isPatch() { + public Boolean isPatch() { return patch; } - public void setPatch(boolean patch) { + public void setPatch(Boolean patch) { this.patch = patch; } diff --git a/src/main/java/org/cyclonedx/model/VersionFilter.java b/src/main/java/org/cyclonedx/model/VersionFilter.java index 1f6bb5ced1..5807e32584 100644 --- a/src/main/java/org/cyclonedx/model/VersionFilter.java +++ b/src/main/java/org/cyclonedx/model/VersionFilter.java @@ -23,9 +23,11 @@ import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; +import org.cyclonedx.Version; + @Retention(RetentionPolicy.RUNTIME) -@Target(ElementType.FIELD) +@Target({ElementType.METHOD, ElementType.FIELD}) public @interface VersionFilter { - //Versions that are excluded by the filter - String[] versions(); + //Version where the attribute was introduced + Version value(); } diff --git a/src/main/java/org/cyclonedx/model/attestation/Assessor.java b/src/main/java/org/cyclonedx/model/attestation/Assessor.java new file mode 100644 index 0000000000..254a23f0e1 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/attestation/Assessor.java @@ -0,0 +1,70 @@ +package org.cyclonedx.model.attestation; + +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.OrganizationalEntity; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "thirdParty", + "organization" +}) +public class Assessor +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; + + private Boolean thirdParty; + + private OrganizationalEntity organization; + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public Boolean getThirdParty() { + return thirdParty; + } + + public void setThirdParty(final Boolean thirdParty) { + this.thirdParty = thirdParty; + } + + public OrganizationalEntity getOrganization() { + return organization; + } + + public void setOrganization(final OrganizationalEntity organization) { + this.organization = organization; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Assessor)) { + return false; + } + Assessor assessor = (Assessor) object; + return Objects.equals(bomRef, assessor.bomRef) && + Objects.equals(thirdParty, assessor.thirdParty) && + Objects.equals(organization, assessor.organization); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, thirdParty, organization); + } +} diff --git a/src/main/java/org/cyclonedx/model/attestation/Attestation.java b/src/main/java/org/cyclonedx/model/attestation/Attestation.java new file mode 100644 index 0000000000..27dd01dc2e --- /dev/null +++ b/src/main/java/org/cyclonedx/model/attestation/Attestation.java @@ -0,0 +1,87 @@ +package org.cyclonedx.model.attestation; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.JsonOnly; +import org.cyclonedx.model.Signature; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "summary", + "assessor", + "map", + "signature" +}) +public class Attestation extends ExtensibleElement +{ + private String summary; + + private String assessor; + + private List map; + + @JsonProperty("signature") + @JsonOnly + private Signature signature; + + public String getSummary() { + return summary; + } + + public void setSummary(final String summary) { + this.summary = summary; + } + + public String getAssessor() { + return assessor; + } + + public void setAssessor(final String assessor) { + this.assessor = assessor; + } + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "map") + public List getMap() { + return map; + } + + public void setMap(final List map) { + this.map = map; + } + + public Signature getSignature() { + return signature; + } + + public void setSignature(final Signature signature) { + this.signature = signature; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Attestation)) { + return false; + } + Attestation that = (Attestation) object; + return Objects.equals(summary, that.summary) && Objects.equals(assessor, that.assessor) && + Objects.equals(map, that.map) && Objects.equals(signature, that.signature); + } + + @Override + public int hashCode() { + return Objects.hash(summary, assessor, map, signature); + } +} diff --git a/src/main/java/org/cyclonedx/model/attestation/AttestationMap.java b/src/main/java/org/cyclonedx/model/attestation/AttestationMap.java new file mode 100644 index 0000000000..d5b3d2a8fb --- /dev/null +++ b/src/main/java/org/cyclonedx/model/attestation/AttestationMap.java @@ -0,0 +1,95 @@ +package org.cyclonedx.model.attestation; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "requirement", + "claims", + "counterClaims", + "conformance", + "confidence" +}) +public class AttestationMap +{ + private String requirement; + + private List claims; + + private List counterClaims; + + private Conformance conformance; + + private Confidence confidence; + + public String getRequirement() { + return requirement; + } + + public void setRequirement(final String requirement) { + this.requirement = requirement; + } + + @JacksonXmlElementWrapper(localName = "claims") + @JacksonXmlProperty(localName = "claim") + public List getClaims() { + return claims; + } + + public void setClaims(final List claims) { + this.claims = claims; + } + + @JacksonXmlElementWrapper(localName = "counterClaims") + @JacksonXmlProperty(localName = "counterClaim") + public List getCounterClaims() { + return counterClaims; + } + + public void setCounterClaims(final List counterClaims) { + this.counterClaims = counterClaims; + } + + public Conformance getConformance() { + return conformance; + } + + public void setConformance(final Conformance conformance) { + this.conformance = conformance; + } + + public Confidence getConfidence() { + return confidence; + } + + public void setConfidence(final Confidence confidence) { + this.confidence = confidence; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof AttestationMap)) { + return false; + } + AttestationMap that = (AttestationMap) object; + return Objects.equals(requirement, that.requirement) && Objects.equals(claims, that.claims) && + Objects.equals(counterClaims, that.counterClaims) && + Objects.equals(conformance, that.conformance) && Objects.equals(confidence, that.confidence); + } + + @Override + public int hashCode() { + return Objects.hash(requirement, claims, counterClaims, conformance, confidence); + } +} diff --git a/src/main/java/org/cyclonedx/model/attestation/Claim.java b/src/main/java/org/cyclonedx/model/attestation/Claim.java new file mode 100644 index 0000000000..d16d1bae5a --- /dev/null +++ b/src/main/java/org/cyclonedx/model/attestation/Claim.java @@ -0,0 +1,157 @@ +package org.cyclonedx.model.attestation; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.model.JsonOnly; +import org.cyclonedx.model.Signature; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "target", + "predicate", + "mitigationStrategies", + "reasoning", + "evidence", + "counterEvidence", + "externalReferences", + "signature" +}) +public class Claim extends ExtensibleElement +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; + + private String target; + + private String predicate; + + private List mitigationStrategies; + + private String reasoning; + + private List evidence; + + private List counterEvidence; + + private List externalReferences; + + @JsonOnly + private Signature signature; + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public String getTarget() { + return target; + } + + public void setTarget(final String target) { + this.target = target; + } + + public String getPredicate() { + return predicate; + } + + public void setPredicate(final String predicate) { + this.predicate = predicate; + } + + @JacksonXmlElementWrapper(localName = "mitigationStrategies") + @JacksonXmlProperty(localName = "mitigationStrategy") + public List getMitigationStrategies() { + return mitigationStrategies; + } + + public void setMitigationStrategies(final List mitigationStrategies) { + this.mitigationStrategies = mitigationStrategies; + } + + public String getReasoning() { + return reasoning; + } + + public void setReasoning(final String reasoning) { + this.reasoning = reasoning; + } + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "evidence") + @JsonProperty("evidence") + public List getEvidence() { + return evidence; + } + + public void setEvidence(final List evidence) { + this.evidence = evidence; + } + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "counterEvidence") + @JsonProperty("counterEvidence") + public List getCounterEvidence() { + return counterEvidence; + } + + public void setCounterEvidence(final List counterEvidence) { + this.counterEvidence = counterEvidence; + } + + @JacksonXmlElementWrapper(localName = "externalReferences") + @JacksonXmlProperty(localName = "reference") + public List getExternalReferences() { + return externalReferences; + } + + public void setExternalReferences(final List externalReferences) { + this.externalReferences = externalReferences; + } + + public Signature getSignature() { + return signature; + } + + public void setSignature(final Signature signature) { + this.signature = signature; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Claim)) { + return false; + } + Claim claim = (Claim) object; + return Objects.equals(bomRef, claim.bomRef) && Objects.equals(target, claim.target) && + Objects.equals(predicate, claim.predicate) && + Objects.equals(mitigationStrategies, claim.mitigationStrategies) && + Objects.equals(reasoning, claim.reasoning) && Objects.equals(evidence, claim.evidence) && + Objects.equals(counterEvidence, claim.counterEvidence) && + Objects.equals(externalReferences, claim.externalReferences) && + Objects.equals(signature, claim.signature); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, target, predicate, mitigationStrategies, reasoning, evidence, counterEvidence, + externalReferences, signature); + } +} diff --git a/src/main/java/org/cyclonedx/model/attestation/Confidence.java b/src/main/java/org/cyclonedx/model/attestation/Confidence.java new file mode 100644 index 0000000000..ef6c16b176 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/attestation/Confidence.java @@ -0,0 +1,55 @@ +package org.cyclonedx.model.attestation; + + +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "score", + "rationale" +}) +public class Confidence +{ + private Double score; + + private String rationale; + + + public Double getScore() { + return score; + } + + public void setScore(final Double score) { + this.score = score; + } + + public String getRationale() { + return rationale; + } + + public void setRationale(final String rationale) { + this.rationale = rationale; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Confidence)) { + return false; + } + Confidence that = (Confidence) object; + return Objects.equals(score, that.score) && Objects.equals(rationale, that.rationale); + } + + @Override + public int hashCode() { + return Objects.hash(score, rationale); + } +} diff --git a/src/main/java/org/cyclonedx/model/attestation/Conformance.java b/src/main/java/org/cyclonedx/model/attestation/Conformance.java new file mode 100644 index 0000000000..552bfaec6b --- /dev/null +++ b/src/main/java/org/cyclonedx/model/attestation/Conformance.java @@ -0,0 +1,69 @@ +package org.cyclonedx.model.attestation; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "score", + "rationale", + "mitigationStrategies" +}) +public class Conformance +{ + private Double score; + + private String rationale; + + private List mitigationStrategies; + + public Double getScore() { + return score; + } + + public void setScore(final Double score) { + this.score = score; + } + + public String getRationale() { + return rationale; + } + + public void setRationale(final String rationale) { + this.rationale = rationale; + } + @JacksonXmlElementWrapper(localName = "mitigationStrategies") + @JacksonXmlProperty(localName = "mitigationStrategy") + public List getMitigationStrategies() { + return mitigationStrategies; + } + + public void setMitigationStrategies(final List mitigationStrategies) { + this.mitigationStrategies = mitigationStrategies; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Conformance)) { + return false; + } + Conformance that = (Conformance) object; + return Objects.equals(score, that.score) && Objects.equals(rationale, that.rationale) && + Objects.equals(mitigationStrategies, that.mitigationStrategies); + } + + @Override + public int hashCode() { + return Objects.hash(score, rationale, mitigationStrategies); + } +} diff --git a/src/main/java/org/cyclonedx/model/attestation/Declarations.java b/src/main/java/org/cyclonedx/model/attestation/Declarations.java new file mode 100644 index 0000000000..c1da306bf5 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/attestation/Declarations.java @@ -0,0 +1,128 @@ +package org.cyclonedx.model.attestation; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.JsonOnly; +import org.cyclonedx.model.Signature; +import org.cyclonedx.model.attestation.affirmation.Affirmation; +import org.cyclonedx.model.attestation.evidence.Evidence; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "assessors", + "attestations", + "claims", + "evidence", + "targets", + "affirmation", + "signature" +}) +public class Declarations extends ExtensibleElement +{ + private List assessors; + + private List attestations; + + private List claims; + + private List evidence; + + private Targets targets; + + private Affirmation affirmation; + + @JsonOnly + private Signature signature; + + @JacksonXmlElementWrapper(localName = "assessors") + @JacksonXmlProperty(localName = "assessor") + public List getAssessors() { + return assessors; + } + + public void setAssessors(final List assessors) { + this.assessors = assessors; + } + + @JacksonXmlElementWrapper(localName = "attestations") + @JacksonXmlProperty(localName = "attestation") + public List getAttestations() { + return attestations; + } + + public void setAttestations(final List attestations) { + this.attestations = attestations; + } + + @JacksonXmlElementWrapper(localName = "claims") + @JacksonXmlProperty(localName = "claim") + public List getClaims() { + return claims; + } + + public void setClaims(final List claims) { + this.claims = claims; + } + + @JacksonXmlElementWrapper(localName = "evidence") + @JacksonXmlProperty(localName = "evidence") + public List getEvidence() { + return evidence; + } + + public void setEvidence(final List evidence) { + this.evidence = evidence; + } + + public Targets getTargets() { + return targets; + } + + public void setTargets(final Targets targets) { + this.targets = targets; + } + + public Affirmation getAffirmation() { + return affirmation; + } + + public void setAffirmation(final Affirmation affirmation) { + this.affirmation = affirmation; + } + + public Signature getSignature() { + return signature; + } + + public void setSignature(final Signature signature) { + this.signature = signature; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Declarations)) { + return false; + } + Declarations that = (Declarations) object; + return Objects.equals(assessors, that.assessors) && + Objects.equals(attestations, that.attestations) && Objects.equals(claims, that.claims) && + Objects.equals(evidence, that.evidence) && Objects.equals(targets, that.targets) && + Objects.equals(affirmation, that.affirmation) && Objects.equals(signature, that.signature); + } + + @Override + public int hashCode() { + return Objects.hash(assessors, attestations, claims, evidence, targets, affirmation, signature); + } +} diff --git a/src/main/java/org/cyclonedx/model/attestation/Targets.java b/src/main/java/org/cyclonedx/model/attestation/Targets.java new file mode 100644 index 0000000000..0217d98460 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/attestation/Targets.java @@ -0,0 +1,77 @@ +package org.cyclonedx.model.attestation; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.Component; +import org.cyclonedx.model.OrganizationalEntity; +import org.cyclonedx.model.Service; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "organizations", + "components", + "services" +}) +public class Targets +{ + private List organizations; + + private List components; + + private List services; + + @JacksonXmlElementWrapper(localName = "organizations") + @JacksonXmlProperty(localName = "organization") + public List getOrganizations() { + return organizations; + } + + public void setOrganizations(final List organizations) { + this.organizations = organizations; + } + + @JacksonXmlElementWrapper(localName = "components") + @JacksonXmlProperty(localName = "component") + public List getComponents() { + return components; + } + + public void setComponents(final List components) { + this.components = components; + } + + @JacksonXmlElementWrapper(localName = "services") + @JacksonXmlProperty(localName = "service") + public List getServices() { + return services; + } + + public void setServices(final List services) { + this.services = services; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Targets)) { + return false; + } + Targets targets = (Targets) object; + return Objects.equals(organizations, targets.organizations) && + Objects.equals(components, targets.components) && Objects.equals(services, targets.services); + } + + @Override + public int hashCode() { + return Objects.hash(organizations, components, services); + } +} diff --git a/src/main/java/org/cyclonedx/model/attestation/affirmation/Affirmation.java b/src/main/java/org/cyclonedx/model/attestation/affirmation/Affirmation.java new file mode 100644 index 0000000000..39dc42f2b3 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/attestation/affirmation/Affirmation.java @@ -0,0 +1,74 @@ +package org.cyclonedx.model.attestation.affirmation; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.JsonOnly; +import org.cyclonedx.model.Signature; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "statement", + "signatories", + "signature" +}) +public class Affirmation extends ExtensibleElement +{ + private String statement; + + private List signatories; + + @JsonOnly + private Signature signature; + + public String getStatement() { + return statement; + } + + public void setStatement(final String statement) { + this.statement = statement; + } + + @JacksonXmlProperty(localName = "signatory") + @JacksonXmlElementWrapper(localName = "signatories") + public List getSignatories() { + return signatories; + } + + public void setSignatories(final List signatories) { + this.signatories = signatories; + } + + public Signature getSignature() { + return signature; + } + + public void setSignature(final Signature signature) { + this.signature = signature; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Affirmation)) { + return false; + } + Affirmation that = (Affirmation) object; + return Objects.equals(statement, that.statement) && + Objects.equals(signatories, that.signatories) && Objects.equals(signature, that.signature); + } + + @Override + public int hashCode() { + return Objects.hash(statement, signatories, signature); + } +} diff --git a/src/main/java/org/cyclonedx/model/attestation/affirmation/Signatory.java b/src/main/java/org/cyclonedx/model/attestation/affirmation/Signatory.java new file mode 100644 index 0000000000..5e66edbf61 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/attestation/affirmation/Signatory.java @@ -0,0 +1,109 @@ +package org.cyclonedx.model.attestation.affirmation; + +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.model.JsonOnly; +import org.cyclonedx.model.OrganizationalEntity; +import org.cyclonedx.model.Signature; +import org.cyclonedx.util.deserializer.SignatoryDeserializer; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({"name", "role", "signature", "organization", "externalReference"}) +@JsonDeserialize(using = SignatoryDeserializer.class) +public class Signatory extends ExtensibleElement +{ + private String name; + + private String role; + + @JsonOnly + private Signature signature; + + private OrganizationalEntity organization; + private ExternalReference externalReference; + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } + + public String getRole() { + return role; + } + + public void setRole(final String role) { + this.role = role; + } + + public Signature getSignature() { + return signature; + } + + public void setSignature(final Signature signature) { + this.signature = signature; + + //If Signature is present organization and external reference are not allowed + organization = null; + externalReference = null; + } + + public OrganizationalEntity getOrganization() { + return organization; + } + + public void setOrganization(final OrganizationalEntity organization) { + this.organization = organization; + //if organization and external reference are present signature is not allowed + signature = null; + } + + public ExternalReference getExternalReference() { + return externalReference; + } + + public void setExternalReference(final ExternalReference externalReference) { + this.externalReference = externalReference; + //if organization and external reference are present signature is not allowed + signature = null; + } + + public void setExternalReferenceAndOrganization( + final ExternalReference externalReference, + final OrganizationalEntity organization) + { + this.organization = organization; + this.externalReference = externalReference; + //if organization and external reference are present signature is not allowed + signature = null; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Signatory)) { + return false; + } + Signatory signatory = (Signatory) object; + return Objects.equals(name, signatory.name) && Objects.equals(role, signatory.role) && + Objects.equals(signature, signatory.signature) && + Objects.equals(organization, signatory.organization) && + Objects.equals(externalReference, signatory.externalReference); + } + + @Override + public int hashCode() { + return Objects.hash(name, role, signature, organization, externalReference); + } +} diff --git a/src/main/java/org/cyclonedx/model/attestation/evidence/Contents.java b/src/main/java/org/cyclonedx/model/attestation/evidence/Contents.java new file mode 100644 index 0000000000..94572a948c --- /dev/null +++ b/src/main/java/org/cyclonedx/model/attestation/evidence/Contents.java @@ -0,0 +1,54 @@ +package org.cyclonedx.model.attestation.evidence; + +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import org.cyclonedx.model.AttachmentText; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "attachment", + "url", +}) +public class Contents +{ + private AttachmentText attachment; + + private String url; + + public AttachmentText getAttachment() { + return attachment; + } + + public void setAttachment(final AttachmentText attachment) { + this.attachment = attachment; + } + + public String getUrl() { + return url; + } + + public void setUrl(final String url) { + this.url = url; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Contents)) { + return false; + } + Contents contents = (Contents) object; + return Objects.equals(attachment, contents.attachment) && Objects.equals(url, contents.url); + } + + @Override + public int hashCode() { + return Objects.hash(attachment, url); + } +} diff --git a/src/main/java/org/cyclonedx/model/attestation/evidence/Data.java b/src/main/java/org/cyclonedx/model/attestation/evidence/Data.java new file mode 100644 index 0000000000..9f8a2afbca --- /dev/null +++ b/src/main/java/org/cyclonedx/model/attestation/evidence/Data.java @@ -0,0 +1,96 @@ +package org.cyclonedx.model.attestation.evidence; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.component.data.Governance; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "name", + "contents", + "classification", + "sensitiveData", + "governance" +}) +public class Data +{ + private String name; + + private Contents contents; + + private String classification; + + private List sensitiveData; + + private Governance governance; + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } + + + public Contents getContents() { + return contents; + } + + public void setContents(final Contents contents) { + this.contents = contents; + } + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "sensitiveData") + public List getSensitiveData() { + return sensitiveData; + } + + public void setSensitiveData(final List sensitiveData) { + this.sensitiveData = sensitiveData; + } + + public Governance getGovernance() { + return governance; + } + + public void setGovernance(final Governance governance) { + this.governance = governance; + } + + public String getClassification() { + return classification; + } + + public void setClassification(final String classification) { + this.classification = classification; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Data)) { + return false; + } + Data data = (Data) object; + return Objects.equals(name, data.name) && Objects.equals(contents, data.contents) && + Objects.equals(classification, data.classification) && + Objects.equals(sensitiveData, data.sensitiveData) && + Objects.equals(governance, data.governance); + } + + @Override + public int hashCode() { + return Objects.hash(name, contents, classification, sensitiveData, governance); + } +} diff --git a/src/main/java/org/cyclonedx/model/attestation/evidence/Evidence.java b/src/main/java/org/cyclonedx/model/attestation/evidence/Evidence.java new file mode 100644 index 0000000000..f3baa324a5 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/attestation/evidence/Evidence.java @@ -0,0 +1,154 @@ +package org.cyclonedx.model.attestation.evidence; + +import java.util.Date; +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.JsonOnly; +import org.cyclonedx.model.OrganizationalContact; +import org.cyclonedx.model.Signature; +import org.cyclonedx.util.serializer.CustomDateSerializer; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "propertyName", + "description", + "data", + "created", + "expires", + "author", + "reviewer", + "signature" +}) +public class Evidence extends ExtensibleElement +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; + + private String propertyName; + + private String description; + + private List data; + + @JsonSerialize(using = CustomDateSerializer.class) + private Date created; + + @JsonSerialize(using = CustomDateSerializer.class) + private Date expires; + + private OrganizationalContact author; + + private OrganizationalContact reviewer; + + @JsonOnly + private Signature signature; + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public String getPropertyName() { + return propertyName; + } + + public void setPropertyName(final String propertyName) { + this.propertyName = propertyName; + } + + public String getDescription() { + return description; + } + + public void setDescription(final String description) { + this.description = description; + } + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "data") + //@JsonDeserialize(using = DataDeserializer.class) + @JsonProperty("data") + public List getData() { + return data; + } + + public void setData(final List data) { + this.data = data; + } + + public Date getCreated() { + return created; + } + + public void setCreated(final Date created) { + this.created = created; + } + + public Date getExpires() { + return expires; + } + + public void setExpires(final Date expires) { + this.expires = expires; + } + + public OrganizationalContact getAuthor() { + return author; + } + + public void setAuthor(final OrganizationalContact author) { + this.author = author; + } + + public OrganizationalContact getReviewer() { + return reviewer; + } + + public void setReviewer(final OrganizationalContact reviewer) { + this.reviewer = reviewer; + } + + public Signature getSignature() { + return signature; + } + + public void setSignature(final Signature signature) { + this.signature = signature; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Evidence)) { + return false; + } + Evidence evidence = (Evidence) object; + return Objects.equals(bomRef, evidence.bomRef) && + Objects.equals(propertyName, evidence.propertyName) && + Objects.equals(description, evidence.description) && Objects.equals(data, evidence.data) && + Objects.equals(created, evidence.created) && Objects.equals(expires, evidence.expires) && + Objects.equals(author, evidence.author) && Objects.equals(reviewer, evidence.reviewer) && + Objects.equals(signature, evidence.signature); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, propertyName, description, data, created, expires, author, reviewer, signature); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/ModelCard.java b/src/main/java/org/cyclonedx/model/component/ModelCard.java index 64ac3bd8d9..7f659e8c92 100644 --- a/src/main/java/org/cyclonedx/model/component/ModelCard.java +++ b/src/main/java/org/cyclonedx/model/component/ModelCard.java @@ -1,6 +1,7 @@ package org.cyclonedx.model.component; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; @@ -70,4 +71,25 @@ public List getProperties() { public void setProperties(final List properties) { this.properties = properties; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof ModelCard)) { + return false; + } + ModelCard modelCard = (ModelCard) object; + return Objects.equals(bomRef, modelCard.bomRef) && + Objects.equals(modelParameters, modelCard.modelParameters) && + Objects.equals(quantitativeAnalysis, modelCard.quantitativeAnalysis) && + Objects.equals(considerations, modelCard.considerations) && + Objects.equals(properties, modelCard.properties); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, modelParameters, quantitativeAnalysis, considerations, properties); + } } diff --git a/src/main/java/org/cyclonedx/model/component/Tags.java b/src/main/java/org/cyclonedx/model/component/Tags.java new file mode 100644 index 0000000000..89ae0a004b --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/Tags.java @@ -0,0 +1,54 @@ +package org.cyclonedx.model.component; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonInclude.Include; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.util.deserializer.TagsDeserializer; + +@JsonInclude(Include.NON_EMPTY) +@JsonDeserialize(using = TagsDeserializer.class) +public class Tags +{ + private List tags; + + public Tags() { + } + + public Tags(List tags){ + this.tags = tags; + } + + @JacksonXmlElementWrapper(localName = "tags") + @JacksonXmlProperty(localName = "tag") + @JsonProperty("tags") + public List getTags() { + return tags; + } + + public void setTags(final List tags) { + this.tags = tags; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Tags)) { + return false; + } + Tags tags1 = (Tags) object; + return Objects.equals(tags, tags1.tags); + } + + @Override + public int hashCode() { + return Objects.hashCode(tags); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/AlgorithmProperties.java b/src/main/java/org/cyclonedx/model/component/crypto/AlgorithmProperties.java new file mode 100644 index 0000000000..8173f288dd --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/AlgorithmProperties.java @@ -0,0 +1,174 @@ +package org.cyclonedx.model.component.crypto; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.component.crypto.enums.CertificationLevel; +import org.cyclonedx.model.component.crypto.enums.CryptoFunction; +import org.cyclonedx.model.component.crypto.enums.ExecutionEnvironment; +import org.cyclonedx.model.component.crypto.enums.ImplementationPlatform; +import org.cyclonedx.model.component.crypto.enums.Mode; +import org.cyclonedx.model.component.crypto.enums.Padding; +import org.cyclonedx.model.component.crypto.enums.Primitive; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "primitive", + "parameterSetIdentifier", + "curve", + "executionEnvironment", + "implementationPlatform", + "certificationLevel", + "mode", + "padding", + "cryptoFunctions", + "classicalSecurityLevel", + "nistQuantumSecurityLevel" +}) +public class AlgorithmProperties +{ + private Primitive primitive; + + private String parameterSetIdentifier; + + private String curve; + + private ExecutionEnvironment executionEnvironment; + + private ImplementationPlatform implementationPlatform; + + private List certificationLevel; + + private Mode mode; + + private Padding padding; + + private List cryptoFunctions; + + private Integer classicalSecurityLevel; + + private Integer nistQuantumSecurityLevel; + + public Primitive getPrimitive() { + return primitive; + } + + public void setPrimitive(final Primitive primitive) { + this.primitive = primitive; + } + + public String getParameterSetIdentifier() { + return parameterSetIdentifier; + } + + public void setParameterSetIdentifier(final String parameterSetIdentifier) { + this.parameterSetIdentifier = parameterSetIdentifier; + } + + public String getCurve() { + return curve; + } + + public void setCurve(final String curve) { + this.curve = curve; + } + + public ExecutionEnvironment getExecutionEnvironment() { + return executionEnvironment; + } + + public void setExecutionEnvironment(final ExecutionEnvironment executionEnvironment) { + this.executionEnvironment = executionEnvironment; + } + + public ImplementationPlatform getImplementationPlatform() { + return implementationPlatform; + } + + public void setImplementationPlatform(final ImplementationPlatform implementationPlatform) { + this.implementationPlatform = implementationPlatform; + } + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "certificationLevel") + @JsonProperty("certificationLevel") + public List getCertificationLevel() { + return certificationLevel; + } + + public void setCertificationLevel(final List certificationLevel) { + this.certificationLevel = certificationLevel; + } + + public Mode getMode() { + return mode; + } + + public void setMode(final Mode mode) { + this.mode = mode; + } + + public Padding getPadding() { + return padding; + } + + public void setPadding(final Padding padding) { + this.padding = padding; + } + + @JacksonXmlElementWrapper(localName = "cryptoFunctions") + @JacksonXmlProperty(localName = "cryptoFunction") + public List getCryptoFunctions() { + return cryptoFunctions; + } + + public void setCryptoFunctions(final List cryptoFunctions) { + this.cryptoFunctions = cryptoFunctions; + } + + public Integer getClassicalSecurityLevel() { + return classicalSecurityLevel; + } + + public void setClassicalSecurityLevel(final Integer classicalSecurityLevel) { + this.classicalSecurityLevel = classicalSecurityLevel; + } + + public Integer getNistQuantumSecurityLevel() { + return nistQuantumSecurityLevel; + } + + public void setNistQuantumSecurityLevel(final Integer nistQuantumSecurityLevel) { + this.nistQuantumSecurityLevel = nistQuantumSecurityLevel; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof AlgorithmProperties)) { + return false; + } + AlgorithmProperties that = (AlgorithmProperties) object; + return primitive == that.primitive && Objects.equals(parameterSetIdentifier, that.parameterSetIdentifier) && + Objects.equals(curve, that.curve) && executionEnvironment == that.executionEnvironment && + implementationPlatform == that.implementationPlatform && certificationLevel == that.certificationLevel && + mode == that.mode && padding == that.padding && Objects.equals(cryptoFunctions, that.cryptoFunctions) && + Objects.equals(classicalSecurityLevel, that.classicalSecurityLevel) && + Objects.equals(nistQuantumSecurityLevel, that.nistQuantumSecurityLevel); + } + + @Override + public int hashCode() { + return Objects.hash(primitive, parameterSetIdentifier, curve, executionEnvironment, implementationPlatform, + certificationLevel, mode, padding, cryptoFunctions, classicalSecurityLevel, nistQuantumSecurityLevel); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/CertificateProperties.java b/src/main/java/org/cyclonedx/model/component/crypto/CertificateProperties.java new file mode 100644 index 0000000000..ac14144e45 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/CertificateProperties.java @@ -0,0 +1,127 @@ +package org.cyclonedx.model.component.crypto; + +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "subjectName", + "issuerName", + "notValidBefore", + "notValidAfter", + "signatureAlgorithmRef", + "subjectPublicKeyRef", + "certificateFormat", + "certificateExtension" + }) +public class CertificateProperties +{ + private String subjectName; + + private String issuerName; + + private String notValidBefore; + + private String notValidAfter; + + private String signatureAlgorithmRef; + + private String subjectPublicKeyRef; + + private String certificateFormat; + + private String certificateExtension; + + public String getSubjectName() { + return subjectName; + } + + public void setSubjectName(final String subjectName) { + this.subjectName = subjectName; + } + + public String getIssuerName() { + return issuerName; + } + + public void setIssuerName(final String issuerName) { + this.issuerName = issuerName; + } + + public String getNotValidBefore() { + return notValidBefore; + } + + public void setNotValidBefore(final String notValidBefore) { + this.notValidBefore = notValidBefore; + } + + public String getNotValidAfter() { + return notValidAfter; + } + + public void setNotValidAfter(final String notValidAfter) { + this.notValidAfter = notValidAfter; + } + + public String getSignatureAlgorithmRef() { + return signatureAlgorithmRef; + } + + public void setSignatureAlgorithmRef(final String signatureAlgorithmRef) { + this.signatureAlgorithmRef = signatureAlgorithmRef; + } + + public String getSubjectPublicKeyRef() { + return subjectPublicKeyRef; + } + + public void setSubjectPublicKeyRef(final String subjectPublicKeyRef) { + this.subjectPublicKeyRef = subjectPublicKeyRef; + } + + public String getCertificateFormat() { + return certificateFormat; + } + + public void setCertificateFormat(final String certificateFormat) { + this.certificateFormat = certificateFormat; + } + + public String getCertificateExtension() { + return certificateExtension; + } + + public void setCertificateExtension(final String certificateExtension) { + this.certificateExtension = certificateExtension; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof CertificateProperties)) { + return false; + } + CertificateProperties that = (CertificateProperties) object; + return Objects.equals(subjectName, that.subjectName) && + Objects.equals(issuerName, that.issuerName) && + Objects.equals(notValidBefore, that.notValidBefore) && + Objects.equals(notValidAfter, that.notValidAfter) && + Objects.equals(signatureAlgorithmRef, that.signatureAlgorithmRef) && + Objects.equals(subjectPublicKeyRef, that.subjectPublicKeyRef) && + Objects.equals(certificateFormat, that.certificateFormat) && + Objects.equals(certificateExtension, that.certificateExtension); + } + + @Override + public int hashCode() { + return Objects.hash(subjectName, issuerName, notValidBefore, notValidAfter, signatureAlgorithmRef, + subjectPublicKeyRef, certificateFormat, certificateExtension); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/CipherSuite.java b/src/main/java/org/cyclonedx/model/component/crypto/CipherSuite.java new file mode 100644 index 0000000000..d66f0b5fb2 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/CipherSuite.java @@ -0,0 +1,69 @@ +package org.cyclonedx.model.component.crypto; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({"name", "algorithms", "identifiers"}) +public class CipherSuite +{ + + private String name; + + private List algorithms; + + private List identifiers; + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } + + @JacksonXmlElementWrapper(localName = "algorithms") + @JacksonXmlProperty(localName = "algorithm") + public List getAlgorithms() { + return algorithms; + } + + public void setAlgorithms(final List algorithms) { + this.algorithms = algorithms; + } + + @JacksonXmlElementWrapper(localName = "identifiers") + @JacksonXmlProperty(localName = "identifier") + public List getIdentifiers() { + return identifiers; + } + + public void setIdentifiers(final List identifiers) { + this.identifiers = identifiers; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof CipherSuite)) { + return false; + } + CipherSuite that = (CipherSuite) object; + return Objects.equals(name, that.name) && Objects.equals(algorithms, that.algorithms) && + Objects.equals(identifiers, that.identifiers); + } + + @Override + public int hashCode() { + return Objects.hash(name, algorithms, identifiers); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/CryptoProperties.java b/src/main/java/org/cyclonedx/model/component/crypto/CryptoProperties.java new file mode 100644 index 0000000000..66cc8e19e5 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/CryptoProperties.java @@ -0,0 +1,103 @@ +package org.cyclonedx.model.component.crypto; + +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import org.cyclonedx.model.component.crypto.enums.AssetType; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "assetType", + "algorithmProperties", + "certificateProperties", + "relatedCryptoMaterialProperties", + "protocolProperties", + "oid" +}) +public class CryptoProperties +{ + + private AssetType assetType; + + private AlgorithmProperties algorithmProperties; + + private CertificateProperties certificateProperties; + + private RelatedCryptoMaterialProperties relatedCryptoMaterialProperties; + + private ProtocolProperties protocolProperties; + + private String oid; + + public AssetType getAssetType() { + return assetType; + } + + public void setAssetType(final AssetType assetType) { + this.assetType = assetType; + } + + public AlgorithmProperties getAlgorithmProperties() { + return algorithmProperties; + } + + public void setAlgorithmProperties(final AlgorithmProperties algorithmProperties) { + this.algorithmProperties = algorithmProperties; + } + + public CertificateProperties getCertificateProperties() { + return certificateProperties; + } + + public void setCertificateProperties(final CertificateProperties certificateProperties) { + this.certificateProperties = certificateProperties; + } + + public RelatedCryptoMaterialProperties getRelatedCryptoMaterialProperties() { + return relatedCryptoMaterialProperties; + } + + public void setRelatedCryptoMaterialProperties(final RelatedCryptoMaterialProperties relatedCryptoMaterialProperties) { + this.relatedCryptoMaterialProperties = relatedCryptoMaterialProperties; + } + + public ProtocolProperties getProtocolProperties() { + return protocolProperties; + } + + public void setProtocolProperties(final ProtocolProperties protocolProperties) { + this.protocolProperties = protocolProperties; + } + + public String getOid() { + return oid; + } + + public void setOid(final String oid) { + this.oid = oid; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof CryptoProperties)) { + return false; + } + CryptoProperties that = (CryptoProperties) object; + return assetType == that.assetType && Objects.equals(algorithmProperties, that.algorithmProperties) && + Objects.equals(certificateProperties, that.certificateProperties) && + Objects.equals(relatedCryptoMaterialProperties, that.relatedCryptoMaterialProperties) && + Objects.equals(protocolProperties, that.protocolProperties) && Objects.equals(oid, that.oid); + } + + @Override + public int hashCode() { + return Objects.hash(assetType, algorithmProperties, certificateProperties, relatedCryptoMaterialProperties, + protocolProperties, oid); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/Ikev2TransformTypes.java b/src/main/java/org/cyclonedx/model/component/crypto/Ikev2TransformTypes.java new file mode 100644 index 0000000000..50cff8bc38 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/Ikev2TransformTypes.java @@ -0,0 +1,90 @@ +package org.cyclonedx.model.component.crypto; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; + +import java.util.List; + +public class Ikev2TransformTypes { + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "encr") + @JsonProperty("encr") + private List encr; + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "prf") + @JsonProperty("prf") + private List prf; + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "integ") + @JsonProperty("integ") + private List integ; + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "ke") + @JsonProperty("ke") + private List ke; + + @JsonProperty("esn") + private Boolean esn; + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "auth") + @JsonProperty("auth") + private List auth; + + public Ikev2TransformTypes() { + } + + public List getEncr() { + return encr; + } + + public void setEncr(List encr) { + this.encr = encr; + } + + public List getPrf() { + return prf; + } + + public void setPrf(List prf) { + this.prf = prf; + } + + public List getInteg() { + return integ; + } + + public void setInteg(List integ) { + this.integ = integ; + } + + public List getKe() { + return ke; + } + + public void setKe(List ke) { + this.ke = ke; + } + + public Boolean getEsn() { + return esn; + } + + public void setEsn(Boolean esn) { + this.esn = esn; + } + + public List getAuth() { + return auth; + } + + public void setAuth(List auth) { + this.auth = auth; + } +} + diff --git a/src/main/java/org/cyclonedx/model/component/crypto/ProtocolProperties.java b/src/main/java/org/cyclonedx/model/component/crypto/ProtocolProperties.java new file mode 100644 index 0000000000..24926356ac --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/ProtocolProperties.java @@ -0,0 +1,95 @@ +package org.cyclonedx.model.component.crypto; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.component.crypto.enums.ProtocolType; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({"type", "version", "cipherSuites", "ikev2TransformTypes", "cryptoRefArray"}) +public class ProtocolProperties +{ + private ProtocolType type; + + private String version; + + private List cipherSuites; + + @JsonProperty("ikev2TransformTypes") + private Ikev2TransformTypes ikev2TransformTypes; + + private List cryptoRefArray; + + public ProtocolType getType() { + return type; + } + + public void setType(final ProtocolType type) { + this.type = type; + } + + public String getVersion() { + return version; + } + + public void setVersion(final String version) { + this.version = version; + } + + @JacksonXmlElementWrapper(localName = "cipherSuites") + @JacksonXmlProperty(localName = "cipherSuite") + @JsonProperty("cipherSuites") + public List getCipherSuites() { + return cipherSuites; + } + + public void setCipherSuites(final List cipherSuites) { + this.cipherSuites = cipherSuites; + } + + public Ikev2TransformTypes getIkev2TransformTypes() { + return ikev2TransformTypes; + } + + public void setIkev2TransformTypes(final Ikev2TransformTypes ikev2TransformTypes) { + this.ikev2TransformTypes = ikev2TransformTypes; + } + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "cryptoRef") + @JsonProperty("cryptoRefArray") + public List getCryptoRefArray() { + return cryptoRefArray; + } + + public void setCryptoRefArray(final List cryptoRefArray) { + this.cryptoRefArray = cryptoRefArray; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof ProtocolProperties)) { + return false; + } + ProtocolProperties that = (ProtocolProperties) object; + return type == that.type && Objects.equals(version, that.version) && + Objects.equals(cipherSuites, that.cipherSuites) && + Objects.equals(ikev2TransformTypes, that.ikev2TransformTypes) && + Objects.equals(cryptoRefArray, that.cryptoRefArray); + } + + @Override + public int hashCode() { + return Objects.hash(type, version, cipherSuites, ikev2TransformTypes, cryptoRefArray); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/RelatedCryptoMaterialProperties.java b/src/main/java/org/cyclonedx/model/component/crypto/RelatedCryptoMaterialProperties.java new file mode 100644 index 0000000000..0a34b2e2ea --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/RelatedCryptoMaterialProperties.java @@ -0,0 +1,153 @@ +package org.cyclonedx.model.component.crypto; + +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import org.cyclonedx.model.component.crypto.enums.RelatedCryptoMaterialType; +import org.cyclonedx.model.component.crypto.enums.State; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "type", "id", "state", "algorithmRef", "creationDate", + "activationDate", "updateDate", "expirationDate", "value", + "size", "format", "securedBy" +}) +public class RelatedCryptoMaterialProperties +{ + private RelatedCryptoMaterialType type; + private String id; + private State state; + private String algorithmRef; + private String creationDate; + private String activationDate; + private String updateDate; + private String expirationDate; + private String value; + private Integer size; + private String format; + private SecuredBy securedBy; + + public RelatedCryptoMaterialType getType() { + return type; + } + + public void setType(final RelatedCryptoMaterialType type) { + this.type = type; + } + + public String getId() { + return id; + } + + public void setId(final String id) { + this.id = id; + } + + public State getState() { + return state; + } + + public void setState(final State state) { + this.state = state; + } + + public String getAlgorithmRef() { + return algorithmRef; + } + + public void setAlgorithmRef(final String algorithmRef) { + this.algorithmRef = algorithmRef; + } + + public String getCreationDate() { + return creationDate; + } + + public void setCreationDate(final String creationDate) { + this.creationDate = creationDate; + } + + public String getActivationDate() { + return activationDate; + } + + public void setActivationDate(final String activationDate) { + this.activationDate = activationDate; + } + + public String getUpdateDate() { + return updateDate; + } + + public void setUpdateDate(final String updateDate) { + this.updateDate = updateDate; + } + + public String getExpirationDate() { + return expirationDate; + } + + public void setExpirationDate(final String expirationDate) { + this.expirationDate = expirationDate; + } + + public String getValue() { + return value; + } + + public void setValue(final String value) { + this.value = value; + } + + public Integer getSize() { + return size; + } + + public void setSize(final Integer size) { + this.size = size; + } + + public String getFormat() { + return format; + } + + public void setFormat(final String format) { + this.format = format; + } + + public SecuredBy getSecuredBy() { + return securedBy; + } + + public void setSecuredBy(final SecuredBy securedBy) { + this.securedBy = securedBy; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof RelatedCryptoMaterialProperties)) { + return false; + } + RelatedCryptoMaterialProperties that = (RelatedCryptoMaterialProperties) object; + return type == that.type && Objects.equals(id, that.id) && state == that.state && + Objects.equals(algorithmRef, that.algorithmRef) && + Objects.equals(creationDate, that.creationDate) && + Objects.equals(activationDate, that.activationDate) && + Objects.equals(updateDate, that.updateDate) && + Objects.equals(expirationDate, that.expirationDate) && Objects.equals(value, that.value) && + Objects.equals(size, that.size) && Objects.equals(format, that.format) && + Objects.equals(securedBy, that.securedBy); + } + + @Override + public int hashCode() { + return Objects.hash(type, id, state, algorithmRef, creationDate, activationDate, updateDate, expirationDate, value, + size, format, securedBy); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/SecuredBy.java b/src/main/java/org/cyclonedx/model/component/crypto/SecuredBy.java new file mode 100644 index 0000000000..56a1610934 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/SecuredBy.java @@ -0,0 +1,51 @@ +package org.cyclonedx.model.component.crypto; + +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({"", "mechanism", "algorithmRef"}) +public class SecuredBy +{ + private String mechanism; + + private String algorithmRef; + + public String getMechanism() { + return mechanism; + } + + public void setMechanism(final String mechanism) { + this.mechanism = mechanism; + } + + public String getAlgorithmRef() { + return algorithmRef; + } + + public void setAlgorithmRef(final String algorithmRef) { + this.algorithmRef = algorithmRef; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof SecuredBy)) { + return false; + } + SecuredBy securedBy = (SecuredBy) object; + return Objects.equals(mechanism, securedBy.mechanism) && + Objects.equals(algorithmRef, securedBy.algorithmRef); + } + + @Override + public int hashCode() { + return Objects.hash(mechanism, algorithmRef); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/AssetType.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/AssetType.java new file mode 100644 index 0000000000..196f7a8bfd --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/AssetType.java @@ -0,0 +1,24 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum AssetType { + @JsonProperty("algorithm") + ALGORITHM("algorithm"), + @JsonProperty("certificate") + CERTIFICATE("certificate"), + @JsonProperty("protocol") + PROTOCOL("protocol"), + @JsonProperty("related-crypto-material") + RELATED_CRYPTO_MATERIAL("related-crypto-material"); + + private final String name; + + AssetType(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/CertificationLevel.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/CertificationLevel.java new file mode 100644 index 0000000000..d71801e47d --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/CertificationLevel.java @@ -0,0 +1,86 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum CertificationLevel +{ + @JsonProperty("none") + NONE("none"), + @JsonProperty("fips140-1-l1") + FIPS140_1_L1("fips140-1-l1"), + @JsonProperty("fips140-1-l2") + FIPS140_1_L2("fips140-1-l2"), + @JsonProperty("fips140-1-l3") + FIPS140_1_L3("fips140-1-l3"), + @JsonProperty("fips140-1-l4") + FIPS140_1_L4("fips140-1-l4"), + @JsonProperty("fips140-2-l1") + FIPS140_2_L1("fips140-2-l1"), + @JsonProperty("fips140-2-l2") + FIPS140_2_L2("fips140-2-l2"), + @JsonProperty("fips140-2-l3") + FIPS140_2_L3("fips140-2-l3"), + @JsonProperty("fips140-2-l4") + FIPS140_2_L4("fips140-2-l4"), + @JsonProperty("fips140-3-l1") + FIPS140_3_L1("fips140-3-l1"), + @JsonProperty("fips140-3-l2") + FIPS140_3_L2("fips140-3-l2"), + @JsonProperty("fips140-3-l3") + FIPS140_3_L3("fips140-3-l3"), + @JsonProperty("fips140-3-l4") + FIPS140_3_L4("fips140-3-l4"), + @JsonProperty("cc-eal1") + CC_EAL1("cc-eal1"), + @JsonProperty("cc-eal1+") + CC_EAL1_PLUS("cc-eal1+"), + @JsonProperty("cc-eal2") + CC_EAL2("cc-eal2"), + @JsonProperty("cc-eal2+") + CC_EAL2_PLUS("cc-eal2+"), + @JsonProperty("cc-eal3") + CC_EAL3("cc-eal3"), + @JsonProperty("cc-eal3+") + CC_EAL3_PLUS("cc-eal3+"), + @JsonProperty("cc-eal4") + CC_EAL4("cc-eal4"), + @JsonProperty("cc-eal4+") + CC_EAL4_PLUS("cc-eal4+"), + @JsonProperty("cc-eal5") + CC_EAL5("cc-eal5"), + @JsonProperty("cc-eal5+") + CC_EAL5_PLUS("cc-eal5+"), + @JsonProperty("cc-eal6") + CC_EAL6("cc-eal6"), + @JsonProperty("cc-eal6+") + CC_EAL6_PLUS("cc-eal6+"), + @JsonProperty("cc-eal7") + CC_EAL7("cc-eal7"), + @JsonProperty("cc-eal7+") + CC_EAL7_PLUS("cc-eal7+"), + @JsonProperty("other") + OTHER("other"), + @JsonProperty("unknown") + UNKNOWN("unknown"); + + private final String name; + + CertificationLevel(String name) { + this.name = name; + } + + @JsonCreator + public static CertificationLevel fromString(String value) { + for (CertificationLevel level : CertificationLevel.values()) { + if (level.name.equalsIgnoreCase(value)) { + return level; + } + } + throw new IllegalArgumentException("Invalid level: " + value); + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/CryptoFunction.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/CryptoFunction.java new file mode 100644 index 0000000000..60ed1deb15 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/CryptoFunction.java @@ -0,0 +1,43 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum CryptoFunction +{ + @JsonProperty("generate") + GENERATE("generate"), + @JsonProperty("keygen") + KEYGEN("keygen"), + @JsonProperty("encrypt") + ENCRYPT("encrypt"), + @JsonProperty("decrypt") + DECRYPT("decrypt"), + @JsonProperty("digest") + DIGEST("digest"), + @JsonProperty("tag") + TAG("tag"), + @JsonProperty("keyderive") + KEYDERIVE("keyderive"), + @JsonProperty("sign") + SIGN("sign"), + @JsonProperty("verify") + VERIFY("verify"), + @JsonProperty("encapsulate") + ENCAPSULATE("encapsulate"), + @JsonProperty("decapsulate") + DECAPSULATE("decapsulate"), + @JsonProperty("other") + OTHER("other"), + @JsonProperty("unknown") + UNKNOWN("unknown"); + + private final String name; + + CryptoFunction(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/ExecutionEnvironment.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/ExecutionEnvironment.java new file mode 100644 index 0000000000..4f3b4c0afb --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/ExecutionEnvironment.java @@ -0,0 +1,30 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum ExecutionEnvironment +{ + @JsonProperty("software-plain-ram") + SOFTWARE_PLAIN_RAM("software-plain-ram"), + @JsonProperty("software-encrypted-ram") + SOFTWARE_ENCRYPTED_RAM("software-encrypted-ram"), + @JsonProperty("software-tee") + SOFTWARE_TEE("software-tee"), + @JsonProperty("hardware") + HARDWARE("hardware"), + @JsonProperty("other") + OTHER("other"), + @JsonProperty("unknown") + UNKNOWN("unknown"); + + + private final String name; + + ExecutionEnvironment(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/FipsLevel.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/FipsLevel.java new file mode 100644 index 0000000000..df0ec509de --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/FipsLevel.java @@ -0,0 +1,43 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum FipsLevel +{ + @JsonProperty("none") + NONE("none"), + @JsonProperty("fips140-1-l1") + FIPS140_1_L1("fips140-1-l1"), + @JsonProperty("fips140-1-l2") + FIPS140_1_L2("fips140-1-l2"), + @JsonProperty("fips140-1-l3") + FIPS140_1_L3("fips140-1-l3"), + @JsonProperty("fips140-1-l4") + FIPS140_1_L4("fips140-1-l4"), + @JsonProperty("fips140-2-l1") + FIPS140_2_L1("fips140-2-l1"), + @JsonProperty("fips140-2-l2") + FIPS140_2_L2("fips140-2-l2"), + @JsonProperty("fips140-2-l3") + FIPS140_2_L3("fips140-2-l3"), + @JsonProperty("fips140-2-l4") + FIPS140_2_L4("fips140-2-l4"), + @JsonProperty("fips140-3-l1") + FIPS140_3_L1("fips140-3-l1"), + @JsonProperty("fips140-3-l2") + FIPS140_3_L2("fips140-3-l2"), + @JsonProperty("fips140-3-l3") + FIPS140_3_L3("fips140-3-l3"), + @JsonProperty("fips140-3-l4") + FIPS140_3_L4("fips140-3-l4"); + + private final String name; + + FipsLevel(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/ImplementationPlatform.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/ImplementationPlatform.java new file mode 100644 index 0000000000..b1f1a0607f --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/ImplementationPlatform.java @@ -0,0 +1,45 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum ImplementationPlatform +{ + @JsonProperty("generic") + GENERIC("generic"), + @JsonProperty("x86_32") + X86_32("x86_32"), + @JsonProperty("x86_64") + X86_64("x86_64"), + @JsonProperty("armv7-a") + ARMV7_A("armv7-a"), + @JsonProperty("armv7-m") + ARMV7_M("armv7-m"), + @JsonProperty("armv8-a") + ARMV8_A("armv8-a"), + @JsonProperty("armv8-m") + ARMV8_M("armv8-m"), + @JsonProperty("armv9-a") + ARMV9_A("armv9-a"), + @JsonProperty("armv9-m") + ARMV9_M("armv9-m"), + @JsonProperty("s390x") + S390X("s390x"), + @JsonProperty("ppc64") + PPC64("ppc64"), + @JsonProperty("ppc64le") + PPC64LE("ppc64le"), + @JsonProperty("other") + OTHER("other"), + @JsonProperty("unknown") + UNKNOWN("unknown"); + + private final String name; + + ImplementationPlatform(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/Mechanism.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/Mechanism.java new file mode 100644 index 0000000000..4e0adcc65e --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/Mechanism.java @@ -0,0 +1,27 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum Mechanism +{ + @JsonProperty("HSM") + HSM("HSM"), + @JsonProperty("TPM") + TPM("TPM"), + @JsonProperty("SGX") + SGX("SGX"), + @JsonProperty("Software") + SOFTWARE("Software"), + @JsonProperty("None") + NONE("None"); + + private final String name; + + Mechanism(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/MemoryType.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/MemoryType.java new file mode 100644 index 0000000000..99889c3e44 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/MemoryType.java @@ -0,0 +1,29 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum MemoryType +{ + @JsonProperty("rom") + ROM("rom"), + @JsonProperty("flash") + FLASH("flash"), + @JsonProperty("eeprom") + EEPROM("eeprom"), + @JsonProperty("ram") + RAM("ram"), + @JsonProperty("other") + OTHER("other"), + @JsonProperty("unknown") + UNKNOWN("unknown"); + + private final String name; + + MemoryType(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/Mode.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/Mode.java new file mode 100644 index 0000000000..ffc870859d --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/Mode.java @@ -0,0 +1,35 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum Mode +{ + @JsonProperty("cbc") + CBC("cbc"), + @JsonProperty("ecb") + ECB("ecb"), + @JsonProperty("ccm") + CCM("ccm"), + @JsonProperty("gcm") + GCM("gcm"), + @JsonProperty("cfb") + CFB("cfb"), + @JsonProperty("ofb") + OFB("ofb"), + @JsonProperty("ctr") + CTR("ctr"), + @JsonProperty("other") + OTHER("other"), + @JsonProperty("unknown") + UNKNOWN("unknown"); + + private final String name; + + Mode(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/Padding.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/Padding.java new file mode 100644 index 0000000000..a79286b2b6 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/Padding.java @@ -0,0 +1,31 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum Padding +{ + @JsonProperty("pkcs5") + PKCS5("pkcs5"), + @JsonProperty("pkcs7") + PKCS7("pkcs7"), + @JsonProperty("pkcs1v15") + PKCS1V15("pkcs1v15"), + @JsonProperty("oaep") + OAEP("oaep"), + @JsonProperty("raw") + RAW("raw"), + @JsonProperty("other") + OTHER("other"), + @JsonProperty("unknown") + UNKNOWN("unknown"); + + private final String name; + + Padding(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/Primitive.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/Primitive.java new file mode 100644 index 0000000000..47971e6b93 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/Primitive.java @@ -0,0 +1,47 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum Primitive +{ + @JsonProperty("drbg") + DRBG("drbg"), + @JsonProperty("mac") + MAC("mac"), + @JsonProperty("block-cipher") + BLOCK_CIPHER("block-cipher"), + @JsonProperty("stream-cipher") + STREAM_CIPHER("stream-cipher"), + @JsonProperty("signature") + SIGNATURE("signature"), + @JsonProperty("hash") + HASH("hash"), + @JsonProperty("pke") + PKE("pke"), + @JsonProperty("xof") + XOF("xof"), + @JsonProperty("kdf") + KDF("kdf"), + @JsonProperty("key-agree") + KEY_AGREE("key-agree"), + @JsonProperty("kem") + KEM("kem"), + @JsonProperty("ae") + AE("ae"), + @JsonProperty("combiner") + COMBINER("combiner"), + @JsonProperty("other") + OTHER("other"), + @JsonProperty("unknown") + UNKNOWN("unknown"); + + private final String name; + + Primitive(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/ProtocolType.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/ProtocolType.java new file mode 100644 index 0000000000..d94c8f694f --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/ProtocolType.java @@ -0,0 +1,39 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum ProtocolType +{ + @JsonProperty("tls") + TLS("tls", "Transport Layer Security"), + @JsonProperty("ssh") + SSH("ssh", "Secure Shell"), + @JsonProperty("ipsec") + IPSEC("ipsec", "Internet Protocol Security"), + @JsonProperty("ike") + IKE("ike", "Internet Key Exchange"), + @JsonProperty("sstp") + SSTP("sstp", "Secure Socket Tunneling Protocol"), + @JsonProperty("wpa") + WPA("wpa", "Wi-Fi Protected Access"), + @JsonProperty("other") + OTHER("other", "Another protocol type"), + @JsonProperty("unknown") + UNKNOWN("unknown", "The protocol type is not known"); + + private final String name; + private final String description; + + ProtocolType(String name, String description) { + this.name = name; + this.description = description; + } + + public String getName() { + return name; + } + + public String getDescription() { + return description; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/RelatedCryptoMaterialType.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/RelatedCryptoMaterialType.java new file mode 100644 index 0000000000..cacce92434 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/RelatedCryptoMaterialType.java @@ -0,0 +1,61 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum RelatedCryptoMaterialType +{ + @JsonProperty("private-key") + PRIVATE_KEY("private-key", "The type for the related cryptographic material: Private Key"), + @JsonProperty("public-key") + PUBLIC_KEY("public-key", "The type for the related cryptographic material: Public Key"), + @JsonProperty("secret-key") + SECRET_KEY("secret-key", "The type for the related cryptographic material: Secret Key"), + @JsonProperty("key") + KEY("key", "The type for the related cryptographic material: Key"), + @JsonProperty("ciphertext") + CIPHERTEXT("ciphertext", "The type for the related cryptographic material: Ciphertext"), + @JsonProperty("signature") + SIGNATURE("signature", "The type for the related cryptographic material: Signature"), + @JsonProperty("digest") + DIGEST("digest", "The type for the related cryptographic material: Digest"), + @JsonProperty("initialization-vector") + INITIALIZATION_VECTOR("initialization-vector", "The type for the related cryptographic material: Initialization Vector"), + @JsonProperty("nonce") + NONCE("nonce", "The type for the related cryptographic material: Nonce"), + @JsonProperty("seed") + SEED("seed", "The type for the related cryptographic material: Seed"), + @JsonProperty("salt") + SALT("salt", "The type for the related cryptographic material: Salt"), + @JsonProperty("shared-secret") + SHARED_SECRET("shared-secret", "The type for the related cryptographic material: Shared Secret"), + @JsonProperty("tag") + TAG("tag", "The type for the related cryptographic material: Tag"), + @JsonProperty("additional-data") + ADDITIONAL_DATA("additional-data", "The type for the related cryptographic material: Additional Data"), + @JsonProperty("password") + PASSWORD("password", "The type for the related cryptographic material: Password"), + @JsonProperty("credential") + CREDENTIAL("credential", "The type for the related cryptographic material: Credential"), + @JsonProperty("token") + TOKEN("token", "The type for the related cryptographic material: Token"), + @JsonProperty("other") + OTHER("other", "The type for the related cryptographic material: Other"), + @JsonProperty("unknown") + UNKNOWN("unknown", "The type for the related cryptographic material: Unknown"); + + private final String name; + private final String description; + + RelatedCryptoMaterialType(String name, String description) { + this.name = name; + this.description = description; + } + + public String getName() { + return name; + } + + public String getDescription() { + return description; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/crypto/enums/State.java b/src/main/java/org/cyclonedx/model/component/crypto/enums/State.java new file mode 100644 index 0000000000..8d38f656f1 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/crypto/enums/State.java @@ -0,0 +1,35 @@ +package org.cyclonedx.model.component.crypto.enums; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum State +{ + @JsonProperty("pre-activation") +PRE_ACTIVATION("pre-activation", "Key state: Pre-activation"), + @JsonProperty("active") + ACTIVE("active", "Key state: Active"), + @JsonProperty("suspended") + SUSPENDED("suspended", "Key state: Suspended"), + @JsonProperty("deactivated") + DEACTIVATED("deactivated", "Key state: Deactivated"), + @JsonProperty("compromised") + COMPROMISED("compromised", "Key state: Compromised"), + @JsonProperty("destroyed") + DESTROYED("destroyed", "Key state: Destroyed"); + + private final String name; + private final String description; + + State(String name, String description) { + this.name = name; + this.description = description; + } + + public String getName() { + return name; + } + + public String getDescription() { + return description; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/ComponentData.java b/src/main/java/org/cyclonedx/model/component/data/ComponentData.java similarity index 74% rename from src/main/java/org/cyclonedx/model/component/modelCard/ComponentData.java rename to src/main/java/org/cyclonedx/model/component/data/ComponentData.java index 1d3c845dc2..20af2c0ec2 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/ComponentData.java +++ b/src/main/java/org/cyclonedx/model/component/data/ComponentData.java @@ -1,15 +1,13 @@ -package org.cyclonedx.model.component.modelCard; +package org.cyclonedx.model.component.data; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import org.cyclonedx.model.ExtensibleElement; -import org.cyclonedx.model.component.modelCard.data.Content; -import org.cyclonedx.model.component.modelCard.data.Governance; -import org.cyclonedx.model.component.modelCard.data.Graphics; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @@ -129,4 +127,26 @@ public String getName() { public void setName(final String name) { this.name = name; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof ComponentData)) { + return false; + } + ComponentData that = (ComponentData) object; + return Objects.equals(bomRef, that.bomRef) && type == that.type && + Objects.equals(name, that.name) && Objects.equals(contents, that.contents) && + Objects.equals(classification, that.classification) && + Objects.equals(sensitiveData, that.sensitiveData) && + Objects.equals(graphics, that.graphics) && Objects.equals(description, that.description) && + Objects.equals(governance, that.governance); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, type, name, contents, classification, sensitiveData, graphics, description, governance); + } } diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/data/Content.java b/src/main/java/org/cyclonedx/model/component/data/Content.java similarity index 51% rename from src/main/java/org/cyclonedx/model/component/modelCard/data/Content.java rename to src/main/java/org/cyclonedx/model/component/data/Content.java index 63d38ed26b..81853c5a63 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/data/Content.java +++ b/src/main/java/org/cyclonedx/model/component/data/Content.java @@ -1,13 +1,16 @@ -package org.cyclonedx.model.component.modelCard.data; +package org.cyclonedx.model.component.data; import java.util.List; -import java.util.Properties; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import org.cyclonedx.model.AttachmentText; +import org.cyclonedx.model.Property; +import org.cyclonedx.util.deserializer.PropertiesDeserializer; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @@ -17,7 +20,7 @@ public class Content private String url; - private List properties; + private List properties; public AttachmentText getAttachment() { return attachment; @@ -37,11 +40,30 @@ public void setUrl(final String url) { @JacksonXmlElementWrapper(localName = "properties") @JacksonXmlProperty(localName = "property") - public List getProperties() { + @JsonDeserialize(using = PropertiesDeserializer.class) + public List getProperties() { return properties; } - public void setProperties(final List properties) { + public void setProperties(final List properties) { this.properties = properties; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Content)) { + return false; + } + Content content = (Content) object; + return Objects.equals(attachment, content.attachment) && Objects.equals(url, content.url) && + Objects.equals(properties, content.properties); + } + + @Override + public int hashCode() { + return Objects.hash(attachment, url, properties); + } } diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/DatasetChoice.java b/src/main/java/org/cyclonedx/model/component/data/DatasetChoice.java similarity index 63% rename from src/main/java/org/cyclonedx/model/component/modelCard/DatasetChoice.java rename to src/main/java/org/cyclonedx/model/component/data/DatasetChoice.java index cd6e255dc8..9866e982a2 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/DatasetChoice.java +++ b/src/main/java/org/cyclonedx/model/component/data/DatasetChoice.java @@ -1,4 +1,6 @@ -package org.cyclonedx.model.component.modelCard; +package org.cyclonedx.model.component.data; + +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; @@ -30,4 +32,21 @@ public ComponentData getComponentData() { public void setComponentData(final ComponentData componentData) { this.componentData = componentData; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof DatasetChoice)) { + return false; + } + DatasetChoice that = (DatasetChoice) object; + return Objects.equals(ref, that.ref) && Objects.equals(componentData, that.componentData); + } + + @Override + public int hashCode() { + return Objects.hash(ref, componentData); + } } diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/data/Governance.java b/src/main/java/org/cyclonedx/model/component/data/Governance.java similarity index 75% rename from src/main/java/org/cyclonedx/model/component/modelCard/data/Governance.java rename to src/main/java/org/cyclonedx/model/component/data/Governance.java index 87738880fd..4e18412b8a 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/data/Governance.java +++ b/src/main/java/org/cyclonedx/model/component/data/Governance.java @@ -1,6 +1,7 @@ -package org.cyclonedx.model.component.modelCard.data; +package org.cyclonedx.model.component.data; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; @@ -63,4 +64,22 @@ public List getOwners() { public void setOwners(final List owners) { this.owners = owners; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Governance)) { + return false; + } + Governance that = (Governance) object; + return Objects.equals(custodians, that.custodians) && Objects.equals(stewards, that.stewards) && + Objects.equals(owners, that.owners); + } + + @Override + public int hashCode() { + return Objects.hash(custodians, stewards, owners); + } } diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/data/Graphics.java b/src/main/java/org/cyclonedx/model/component/data/Graphics.java similarity index 72% rename from src/main/java/org/cyclonedx/model/component/modelCard/data/Graphics.java rename to src/main/java/org/cyclonedx/model/component/data/Graphics.java index 41254da11f..9edc7c671e 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/data/Graphics.java +++ b/src/main/java/org/cyclonedx/model/component/data/Graphics.java @@ -1,6 +1,7 @@ -package org.cyclonedx.model.component.modelCard.data; +package org.cyclonedx.model.component.data; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; @@ -55,4 +56,22 @@ public List getCollection() { public void setCollection(final List collection) { this.collection = collection; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Graphics)) { + return false; + } + Graphics graphics = (Graphics) object; + return Objects.equals(description, graphics.description) && + Objects.equals(collection, graphics.collection); + } + + @Override + public int hashCode() { + return Objects.hash(description, collection); + } } diff --git a/src/main/java/org/cyclonedx/model/component/evidence/Callstack.java b/src/main/java/org/cyclonedx/model/component/evidence/Callstack.java index 1681a61f5b..01f3618b9a 100644 --- a/src/main/java/org/cyclonedx/model/component/evidence/Callstack.java +++ b/src/main/java/org/cyclonedx/model/component/evidence/Callstack.java @@ -1,6 +1,7 @@ package org.cyclonedx.model.component.evidence; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; @@ -24,4 +25,21 @@ public List getFrames() { public void setFrames(final List frames) { this.frames = frames; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Callstack)) { + return false; + } + Callstack callstack = (Callstack) object; + return Objects.equals(frames, callstack.frames); + } + + @Override + public int hashCode() { + return Objects.hashCode(frames); + } } \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/component/evidence/Frame.java b/src/main/java/org/cyclonedx/model/component/evidence/Frame.java index 2f0c6a7db2..1c3569ba33 100644 --- a/src/main/java/org/cyclonedx/model/component/evidence/Frame.java +++ b/src/main/java/org/cyclonedx/model/component/evidence/Frame.java @@ -1,18 +1,22 @@ package org.cyclonedx.model.component.evidence; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import org.cyclonedx.model.ExtensibleElement; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({"package", "module", "function", "parameters", "line", "column", "fullFilename"}) public class Frame extends ExtensibleElement { + @JsonProperty("package") private String packageFrame; private String module; @@ -85,4 +89,24 @@ public String getFullFilename() { public void setFullFilename(final String fullFilename) { this.fullFilename = fullFilename; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Frame)) { + return false; + } + Frame frame = (Frame) object; + return Objects.equals(packageFrame, frame.packageFrame) && Objects.equals(module, frame.module) && + Objects.equals(function, frame.function) && Objects.equals(parameters, frame.parameters) && + Objects.equals(line, frame.line) && Objects.equals(column, frame.column) && + Objects.equals(fullFilename, frame.fullFilename); + } + + @Override + public int hashCode() { + return Objects.hash(packageFrame, module, function, parameters, line, column, fullFilename); + } } \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/component/evidence/Identity.java b/src/main/java/org/cyclonedx/model/component/evidence/Identity.java index 11bac246cb..0ca976a56b 100644 --- a/src/main/java/org/cyclonedx/model/component/evidence/Identity.java +++ b/src/main/java/org/cyclonedx/model/component/evidence/Identity.java @@ -1,6 +1,7 @@ package org.cyclonedx.model.component.evidence; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; @@ -8,21 +9,26 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.Version; import org.cyclonedx.model.BomReference; import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.VersionFilter; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) -@JsonPropertyOrder({"field", "confidence", "methods", "tools"}) +@JsonPropertyOrder({"field", "confidence", "concludedValue", "methods", "tools"}) public class Identity extends ExtensibleElement { - public Field field; + private Field field; - public Double confidence; + private Double confidence; - public List methods; + @VersionFilter(Version.VERSION_16) + private String concludedValue; - public List tools; + private List methods; + + private List tools; public enum Field { @JsonProperty("group") @@ -88,4 +94,31 @@ public List getTools() { public void setTools(final List tools) { this.tools = tools; } + + public String getConcludedValue() { + return concludedValue; + } + + public void setConcludedValue(final String concludedValue) { + this.concludedValue = concludedValue; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Identity)) { + return false; + } + Identity identity = (Identity) object; + return field == identity.field && Objects.equals(confidence, identity.confidence) && + Objects.equals(concludedValue, identity.concludedValue) && + Objects.equals(methods, identity.methods) && Objects.equals(tools, identity.tools); + } + + @Override + public int hashCode() { + return Objects.hash(field, confidence, concludedValue, methods, tools); + } } diff --git a/src/main/java/org/cyclonedx/model/component/evidence/Method.java b/src/main/java/org/cyclonedx/model/component/evidence/Method.java index c6c3626777..16b9dd150c 100644 --- a/src/main/java/org/cyclonedx/model/component/evidence/Method.java +++ b/src/main/java/org/cyclonedx/model/component/evidence/Method.java @@ -1,18 +1,19 @@ package org.cyclonedx.model.component.evidence; +import java.util.Objects; + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; -import org.cyclonedx.model.ExtensibleElement; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder({"technique", "confidence", "value"}) +@JacksonXmlRootElement(localName = "method") public class Method - extends ExtensibleElement { - private Technique technique; private Double confidence; @@ -76,4 +77,22 @@ public String getTypeName() { this.name = name; } } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Method)) { + return false; + } + Method method = (Method) object; + return technique == method.technique && Objects.equals(confidence, method.confidence) && + Objects.equals(value, method.value); + } + + @Override + public int hashCode() { + return Objects.hash(technique, confidence, value); + } } \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/component/evidence/Occurrence.java b/src/main/java/org/cyclonedx/model/component/evidence/Occurrence.java index 895f0ca350..48b396a6cb 100644 --- a/src/main/java/org/cyclonedx/model/component/evidence/Occurrence.java +++ b/src/main/java/org/cyclonedx/model/component/evidence/Occurrence.java @@ -1,21 +1,42 @@ package org.cyclonedx.model.component.evidence; +import java.util.Objects; + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; +import org.cyclonedx.Version; import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.VersionFilter; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) +@JacksonXmlRootElement(localName = "occurrence") +@JsonPropertyOrder({"bom-ref", "location", "line", "offset", "symbol", "additionalContext"}) public class Occurrence extends ExtensibleElement { @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") @JsonProperty("bom-ref") private String bomRef; + @JsonProperty("location") private String location; + @VersionFilter(Version.VERSION_16) + private Integer line; + + @VersionFilter(Version.VERSION_16) + private Integer offset; + + @VersionFilter(Version.VERSION_16) + private String symbol; + + @VersionFilter(Version.VERSION_16) + private String additionalContext; + public String getBomRef() { return bomRef; } @@ -31,4 +52,56 @@ public String getLocation() { public void setLocation(final String location) { this.location = location; } + + public Integer getLine() { + return line; + } + + public void setLine(final Integer line) { + this.line = line; + } + + public Integer getOffset() { + return offset; + } + + public void setOffset(final Integer offset) { + this.offset = offset; + } + + public String getSymbol() { + return symbol; + } + + public void setSymbol(final String symbol) { + this.symbol = symbol; + } + + public String getAdditionalContext() { + return additionalContext; + } + + public void setAdditionalContext(final String additionalContext) { + this.additionalContext = additionalContext; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Occurrence)) { + return false; + } + Occurrence that = (Occurrence) object; + return Objects.equals(bomRef, that.bomRef) && Objects.equals(location, that.location) && + Objects.equals(line, that.line) && Objects.equals(offset, that.offset) && + Objects.equals(symbol, that.symbol) && + Objects.equals(additionalContext, that.additionalContext); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, location, line, offset, symbol, additionalContext); + } } diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/Considerations.java b/src/main/java/org/cyclonedx/model/component/modelCard/Considerations.java index e8f02bc7f3..6cf9582876 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/Considerations.java +++ b/src/main/java/org/cyclonedx/model/component/modelCard/Considerations.java @@ -1,12 +1,16 @@ package org.cyclonedx.model.component.modelCard; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.Version; import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.VersionFilter; +import org.cyclonedx.model.component.modelCard.consideration.EnvironmentalConsideration; import org.cyclonedx.model.component.modelCard.consideration.FairnessAssessment; import org.cyclonedx.model.component.modelCard.consideration.Risk; @@ -24,6 +28,8 @@ public class Considerations extends ExtensibleElement private List ethicalConsiderations; + @VersionFilter(Version.VERSION_16) + private EnvironmentalConsideration environmentalConsiderations; private List fairnessAssessments; @@ -86,4 +92,35 @@ public List getFairnessAssessments() { public void setFairnessAssessments(final List fairnessAssessments) { this.fairnessAssessments = fairnessAssessments; } + + public EnvironmentalConsideration getEnvironmentalConsiderations() { + return environmentalConsiderations; + } + + public void setEnvironmentalConsiderations(final EnvironmentalConsideration environmentalConsiderations) { + this.environmentalConsiderations = environmentalConsiderations; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Considerations)) { + return false; + } + Considerations that = (Considerations) object; + return Objects.equals(users, that.users) && Objects.equals(useCases, that.useCases) && + Objects.equals(technicalLimitations, that.technicalLimitations) && + Objects.equals(performanceTradeoffs, that.performanceTradeoffs) && + Objects.equals(ethicalConsiderations, that.ethicalConsiderations) && + Objects.equals(environmentalConsiderations, that.environmentalConsiderations) && + Objects.equals(fairnessAssessments, that.fairnessAssessments); + } + + @Override + public int hashCode() { + return Objects.hash(users, useCases, technicalLimitations, performanceTradeoffs, ethicalConsiderations, + environmentalConsiderations, fairnessAssessments); + } } diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/InputOutputParameter.java b/src/main/java/org/cyclonedx/model/component/modelCard/InputOutputParameter.java index effba19e98..241383002f 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/InputOutputParameter.java +++ b/src/main/java/org/cyclonedx/model/component/modelCard/InputOutputParameter.java @@ -1,5 +1,7 @@ package org.cyclonedx.model.component.modelCard; +import java.util.Objects; + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import org.cyclonedx.model.ExtensibleElement; @@ -17,4 +19,21 @@ public String getFormat() { public void setFormat(final String format) { this.format = format; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof InputOutputParameter)) { + return false; + } + InputOutputParameter that = (InputOutputParameter) object; + return Objects.equals(format, that.format); + } + + @Override + public int hashCode() { + return Objects.hashCode(format); + } } diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/ModelParameters.java b/src/main/java/org/cyclonedx/model/component/modelCard/ModelParameters.java index 6e46670809..6c8fcb91ce 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/ModelParameters.java +++ b/src/main/java/org/cyclonedx/model/component/modelCard/ModelParameters.java @@ -1,16 +1,20 @@ package org.cyclonedx.model.component.modelCard; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.component.data.DatasetChoice; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) +@JacksonXmlRootElement(localName = "modelParameters") public class ModelParameters extends ExtensibleElement { private Approach approach; @@ -125,4 +129,25 @@ public List getOutputs() { public void setOutputs(final List outputs) { this.outputs = outputs; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof ModelParameters)) { + return false; + } + ModelParameters that = (ModelParameters) object; + return Objects.equals(approach, that.approach) && Objects.equals(task, that.task) && + Objects.equals(architectureFamily, that.architectureFamily) && + Objects.equals(modelArchitecture, that.modelArchitecture) && + Objects.equals(datasets, that.datasets) && Objects.equals(inputs, that.inputs) && + Objects.equals(outputs, that.outputs); + } + + @Override + public int hashCode() { + return Objects.hash(approach, task, architectureFamily, modelArchitecture, datasets, inputs, outputs); + } } diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/PerformanceMetric.java b/src/main/java/org/cyclonedx/model/component/modelCard/PerformanceMetric.java index 47dedc50da..52be7a2b8a 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/PerformanceMetric.java +++ b/src/main/java/org/cyclonedx/model/component/modelCard/PerformanceMetric.java @@ -1,5 +1,7 @@ package org.cyclonedx.model.component.modelCard; +import java.util.Objects; + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; @@ -74,4 +76,23 @@ public ConfidenceInterval getConfidenceInterval() { public void setConfidenceInterval(final ConfidenceInterval confidenceInterval) { this.confidenceInterval = confidenceInterval; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof PerformanceMetric)) { + return false; + } + PerformanceMetric that = (PerformanceMetric) object; + return Objects.equals(type, that.type) && Objects.equals(value, that.value) && + Objects.equals(slice, that.slice) && + Objects.equals(confidenceInterval, that.confidenceInterval); + } + + @Override + public int hashCode() { + return Objects.hash(type, value, slice, confidenceInterval); + } } diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/QuantitativeAnalysis.java b/src/main/java/org/cyclonedx/model/component/modelCard/QuantitativeAnalysis.java index 23378c66db..bd05995e3e 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/QuantitativeAnalysis.java +++ b/src/main/java/org/cyclonedx/model/component/modelCard/QuantitativeAnalysis.java @@ -1,6 +1,7 @@ package org.cyclonedx.model.component.modelCard; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; @@ -8,7 +9,8 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import org.cyclonedx.model.ExtensibleElement; -import org.cyclonedx.model.component.modelCard.data.Graphics; +import org.cyclonedx.model.component.data.Graphics; + @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder({"performanceMetrics", "graphics"}) @@ -35,4 +37,22 @@ public Graphics getGraphics() { public void setGraphics(final Graphics graphics) { this.graphics = graphics; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof QuantitativeAnalysis)) { + return false; + } + QuantitativeAnalysis that = (QuantitativeAnalysis) object; + return Objects.equals(performanceMetrics, that.performanceMetrics) && + Objects.equals(graphics, that.graphics); + } + + @Override + public int hashCode() { + return Objects.hash(performanceMetrics, graphics); + } } diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/EnvironmentalConsideration.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/EnvironmentalConsideration.java new file mode 100644 index 0000000000..f4ebb09251 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/EnvironmentalConsideration.java @@ -0,0 +1,58 @@ +package org.cyclonedx.model.component.modelCard.consideration; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.component.modelCard.consideration.consumption.EnergyConsumption; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class EnvironmentalConsideration +{ + private List energyConsumptions; + + private List properties; + + @JacksonXmlElementWrapper(localName = "energyConsumptions") + @JacksonXmlProperty(localName = "energyConsumption") + public List getEnergyConsumptions() { + return energyConsumptions; + } + + public void setEnergyConsumptions(final List energyConsumptions) { + this.energyConsumptions = energyConsumptions; + } + + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof EnvironmentalConsideration)) { + return false; + } + EnvironmentalConsideration that = (EnvironmentalConsideration) object; + return Objects.equals(energyConsumptions, that.energyConsumptions) && + Objects.equals(properties, that.properties); + } + + @Override + public int hashCode() { + return Objects.hash(energyConsumptions, properties); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/FairnessAssessment.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/FairnessAssessment.java index 6bff1a7679..f3ff27774c 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/FairnessAssessment.java +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/FairnessAssessment.java @@ -1,5 +1,7 @@ package org.cyclonedx.model.component.modelCard.consideration; +import java.util.Objects; + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import org.cyclonedx.model.ExtensibleElement; @@ -47,4 +49,23 @@ public String getMitigationStrategy() { public void setMitigationStrategy(final String mitigationStrategy) { this.mitigationStrategy = mitigationStrategy; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof FairnessAssessment)) { + return false; + } + FairnessAssessment that = (FairnessAssessment) object; + return Objects.equals(groupAtRisk, that.groupAtRisk) && Objects.equals(benefits, that.benefits) && + Objects.equals(harms, that.harms) && + Objects.equals(mitigationStrategy, that.mitigationStrategy); + } + + @Override + public int hashCode() { + return Objects.hash(groupAtRisk, benefits, harms, mitigationStrategy); + } } diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/Risk.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/Risk.java index d654ef8f90..c45cb46987 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/Risk.java +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/Risk.java @@ -1,5 +1,7 @@ package org.cyclonedx.model.component.modelCard.consideration; +import java.util.Objects; + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; @@ -29,4 +31,22 @@ public String getMitigationStrategy() { public void setMitigationStrategy(final String mitigationStrategy) { this.mitigationStrategy = mitigationStrategy; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Risk)) { + return false; + } + Risk risk = (Risk) object; + return Objects.equals(name, risk.name) && + Objects.equals(mitigationStrategy, risk.mitigationStrategy); + } + + @Override + public int hashCode() { + return Objects.hash(name, mitigationStrategy); + } } diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/Activity.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/Activity.java new file mode 100644 index 0000000000..547abfd04c --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/Activity.java @@ -0,0 +1,35 @@ +package org.cyclonedx.model.component.modelCard.consideration.consumption; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum Activity +{ + @JsonProperty("design") + DESIGN("design"), + @JsonProperty("data-collection") + DATA_COLLECTION("data-collection"), + @JsonProperty("data-preparation") + DATA_PREPARATION("data-preparation"), + @JsonProperty("training") + TRAINING("training"), + @JsonProperty("fine-tuning") + FINE_TUNING("fine-tuning"), + @JsonProperty("validation") + VALIDATION("validation"), + @JsonProperty("deployment") + DEPLOYMENT("deployment"), + @JsonProperty("inference") + INFERENCE("inference"), + @JsonProperty("other") + OTHER("other"); + + private final String name; + + Activity(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/EnergyConsumption.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/EnergyConsumption.java new file mode 100644 index 0000000000..23632e7cc3 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/EnergyConsumption.java @@ -0,0 +1,97 @@ +package org.cyclonedx.model.component.modelCard.consideration.consumption; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.component.modelCard.consideration.consumption.co2.CO2Measure; +import org.cyclonedx.model.component.modelCard.consideration.consumption.energy.EnergyMeasure; +import org.cyclonedx.model.component.modelCard.consideration.consumption.energy.EnergyProvider; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class EnergyConsumption +{ + private Activity activity; + private List energyProviders; + private EnergyMeasure activityEnergyCost; + private CO2Measure co2CostEquivalent; + private CO2Measure co2CostOffset; + private List properties; + + public Activity getActivity() { + return activity; + } + + public void setActivity(final Activity activity) { + this.activity = activity; + } + + @JacksonXmlElementWrapper(useWrapping = false) + public List getEnergyProviders() { + return energyProviders; + } + + public void setEnergyProviders(final List energyProviders) { + this.energyProviders = energyProviders; + } + + public EnergyMeasure getActivityEnergyCost() { + return activityEnergyCost; + } + + public void setActivityEnergyCost(final EnergyMeasure activityEnergyCost) { + this.activityEnergyCost = activityEnergyCost; + } + + public CO2Measure getCo2CostEquivalent() { + return co2CostEquivalent; + } + + public void setCo2CostEquivalent(final CO2Measure co2CostEquivalent) { + this.co2CostEquivalent = co2CostEquivalent; + } + + public CO2Measure getCo2CostOffset() { + return co2CostOffset; + } + + public void setCo2CostOffset(final CO2Measure co2CostOffset) { + this.co2CostOffset = co2CostOffset; + } + + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof EnergyConsumption)) { + return false; + } + EnergyConsumption that = (EnergyConsumption) object; + return activity == that.activity && Objects.equals(energyProviders, that.energyProviders) && + Objects.equals(activityEnergyCost, that.activityEnergyCost) && + Objects.equals(co2CostEquivalent, that.co2CostEquivalent) && + Objects.equals(co2CostOffset, that.co2CostOffset) && + Objects.equals(properties, that.properties); + } + + @Override + public int hashCode() { + return Objects.hash(activity, energyProviders, activityEnergyCost, co2CostEquivalent, co2CostOffset, properties); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/co2/CO2Measure.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/co2/CO2Measure.java new file mode 100644 index 0000000000..7e7d038f05 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/co2/CO2Measure.java @@ -0,0 +1,47 @@ +package org.cyclonedx.model.component.modelCard.consideration.consumption.co2; + +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class CO2Measure +{ + private double value; + private Unit unit; + + public double getValue() { + return value; + } + + public void setValue(final double value) { + this.value = value; + } + + public Unit getUnit() { + return unit; + } + + public void setUnit(final Unit unit) { + this.unit = unit; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof CO2Measure)) { + return false; + } + CO2Measure that = (CO2Measure) object; + return Double.compare(value, that.value) == 0 && unit == that.unit; + } + + @Override + public int hashCode() { + return Objects.hash(value, unit); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/co2/Unit.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/co2/Unit.java new file mode 100644 index 0000000000..bc2ccb88ac --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/co2/Unit.java @@ -0,0 +1,19 @@ +package org.cyclonedx.model.component.modelCard.consideration.consumption.co2; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum Unit +{ + @JsonProperty("tCO2eq") + TCO2EQ("tCO2eq"); + + private final String name; + + Unit(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/energy/EnergyMeasure.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/energy/EnergyMeasure.java new file mode 100644 index 0000000000..069b54fff0 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/energy/EnergyMeasure.java @@ -0,0 +1,47 @@ +package org.cyclonedx.model.component.modelCard.consideration.consumption.energy; + +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class EnergyMeasure +{ + private double value; + private Unit unit; + + public double getValue() { + return value; + } + + public void setValue(final double value) { + this.value = value; + } + + public Unit getUnit() { + return unit; + } + + public void setUnit(final Unit unit) { + this.unit = unit; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof EnergyMeasure)) { + return false; + } + EnergyMeasure that = (EnergyMeasure) object; + return Double.compare(value, that.value) == 0 && unit == that.unit; + } + + @Override + public int hashCode() { + return Objects.hash(value, unit); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/energy/EnergyProvider.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/energy/EnergyProvider.java new file mode 100644 index 0000000000..cd7292b2e3 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/energy/EnergyProvider.java @@ -0,0 +1,99 @@ +package org.cyclonedx.model.component.modelCard.consideration.consumption.energy; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.model.OrganizationalEntity; +import org.cyclonedx.util.deserializer.ExternalReferencesDeserializer; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class EnergyProvider +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; + private String description; + private OrganizationalEntity organization; + private EnergySource energySource; + private EnergyMeasure energyProvided; + private List externalReferences; + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public String getDescription() { + return description; + } + + public void setDescription(final String description) { + this.description = description; + } + + public OrganizationalEntity getOrganization() { + return organization; + } + + public void setOrganization(final OrganizationalEntity organization) { + this.organization = organization; + } + + public EnergySource getEnergySource() { + return energySource; + } + + public void setEnergySource(final EnergySource energySource) { + this.energySource = energySource; + } + + public EnergyMeasure getEnergyProvided() { + return energyProvided; + } + + public void setEnergyProvided(final EnergyMeasure energyProvided) { + this.energyProvided = energyProvided; + } + + @JacksonXmlElementWrapper(localName = "externalReferences") + @JacksonXmlProperty(localName = "reference") + @JsonDeserialize(using = ExternalReferencesDeserializer.class) + public List getExternalReferences() { + return externalReferences; + } + + public void setExternalReferences(final List externalReferences) { + this.externalReferences = externalReferences; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof EnergyProvider)) { + return false; + } + EnergyProvider that = (EnergyProvider) object; + return Objects.equals(bomRef, that.bomRef) && Objects.equals(description, that.description) && + Objects.equals(organization, that.organization) && energySource == that.energySource && + Objects.equals(energyProvided, that.energyProvided) && + Objects.equals(externalReferences, that.externalReferences); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, description, organization, energySource, energyProvided, externalReferences); + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/energy/EnergySource.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/energy/EnergySource.java new file mode 100644 index 0000000000..c7b690bccd --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/energy/EnergySource.java @@ -0,0 +1,39 @@ +package org.cyclonedx.model.component.modelCard.consideration.consumption.energy; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum EnergySource +{ + @JsonProperty("coal") + COAL("coal"), + @JsonProperty("oil") + OIL("oil"), + @JsonProperty("natural-gas") + NATURAL_GAS("natural-gas"), + @JsonProperty("nuclear") + NUCLEAR("nuclear"), + @JsonProperty("wind") + WIND("wind"), + @JsonProperty("solar") + SOLAR("solar"), + @JsonProperty("geothermal") + GEOTHERMAL("geothermal"), + @JsonProperty("hydropower") + HYDROPOWER("hydropower"), + @JsonProperty("biofuel") + BIOFUEL("biofuel"), + @JsonProperty("unknown") + UNKNOWN("unknown"), + @JsonProperty("other") + OTHER("other"); + + private final String name; + + EnergySource(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/energy/Unit.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/energy/Unit.java new file mode 100644 index 0000000000..ad2ff3c21c --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/energy/Unit.java @@ -0,0 +1,19 @@ +package org.cyclonedx.model.component.modelCard.consideration.consumption.energy; + +import com.fasterxml.jackson.annotation.JsonProperty; + +public enum Unit +{ + @JsonProperty("kWh") + KWH("kWh"); + + private final String name; + + Unit(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/org/cyclonedx/model/definition/Definition.java b/src/main/java/org/cyclonedx/model/definition/Definition.java new file mode 100644 index 0000000000..18e357ee56 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/definition/Definition.java @@ -0,0 +1,47 @@ +package org.cyclonedx.model.definition; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "standards" +}) +public class Definition +{ + private List standards; + + @JacksonXmlElementWrapper(localName = "standards") + @JacksonXmlProperty(localName = "standard") + public List getStandards() { + return standards; + } + + public void setStandards(final List standards) { + this.standards = standards; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Definition)) { + return false; + } + Definition that = (Definition) object; + return Objects.equals(standards, that.standards); + } + + @Override + public int hashCode() { + return Objects.hashCode(standards); + } +} diff --git a/src/main/java/org/cyclonedx/model/definition/Level.java b/src/main/java/org/cyclonedx/model/definition/Level.java new file mode 100644 index 0000000000..5cec39ae00 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/definition/Level.java @@ -0,0 +1,96 @@ +package org.cyclonedx.model.definition; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "identifier", + "title", + "text", + "description", + "requirements" +}) +public class Level +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; + + private String identifier; + + private String title; + + private String description; + + private List requirements; + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public String getIdentifier() { + return identifier; + } + + public void setIdentifier(final String identifier) { + this.identifier = identifier; + } + + public String getTitle() { + return title; + } + + public void setTitle(final String title) { + this.title = title; + } + + public String getDescription() { + return description; + } + + public void setDescription(final String description) { + this.description = description; + } + + @JacksonXmlElementWrapper(localName = "requirements") + @JacksonXmlProperty(localName = "requirement") + public List getRequirements() { + return requirements; + } + + public void setRequirements(final List requirements) { + this.requirements = requirements; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Level)) { + return false; + } + Level level = (Level) object; + return Objects.equals(bomRef, level.bomRef) && Objects.equals(identifier, level.identifier) && + Objects.equals(title, level.title) && Objects.equals(description, level.description) && + Objects.equals(requirements, level.requirements); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, identifier, title, description, requirements); + } +} diff --git a/src/main/java/org/cyclonedx/model/definition/Requirement.java b/src/main/java/org/cyclonedx/model/definition/Requirement.java new file mode 100644 index 0000000000..ca5564fdcb --- /dev/null +++ b/src/main/java/org/cyclonedx/model/definition/Requirement.java @@ -0,0 +1,148 @@ +package org.cyclonedx.model.definition; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.model.Property; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "identifier", + "title", + "text", + "descriptions", + "openCre", + "parent", + "properties", + "externalReferences" +}) +public class Requirement +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; + private String identifier; + + private String title; + + private String text; + + private List descriptions; + + private List openCre; + + private String parent; + + private List properties; + + private List externalReferences; + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public String getIdentifier() { + return identifier; + } + + public void setIdentifier(final String identifier) { + this.identifier = identifier; + } + + public String getTitle() { + return title; + } + + public void setTitle(final String title) { + this.title = title; + } + + public String getText() { + return text; + } + + public void setText(final String text) { + this.text = text; + } + + @JacksonXmlElementWrapper(localName = "descriptions") + @JacksonXmlProperty(localName = "description") + public List getDescriptions() { + return descriptions; + } + + public void setDescriptions(final List descriptions) { + this.descriptions = descriptions; + } + + @JacksonXmlElementWrapper(useWrapping = false) + @JacksonXmlProperty(localName = "openCre") + public List getOpenCre() { + return openCre; + } + + public void setOpenCre(final List openCre) { + this.openCre = openCre; + } + + public String getParent() { + return parent; + } + + public void setParent(final String parent) { + this.parent = parent; + } + + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } + + @JacksonXmlElementWrapper(localName = "externalReferences") + @JacksonXmlProperty(localName = "externalReference") + public List getExternalReferences() { + return externalReferences; + } + + public void setExternalReferences(final List externalReferences) { + this.externalReferences = externalReferences; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Requirement)) { + return false; + } + Requirement that = (Requirement) object; + return Objects.equals(bomRef, that.bomRef) && Objects.equals(identifier, that.identifier) && + Objects.equals(title, that.title) && Objects.equals(text, that.text) && + Objects.equals(descriptions, that.descriptions) && Objects.equals(openCre, that.openCre) && + Objects.equals(parent, that.parent) && Objects.equals(properties, that.properties) && + Objects.equals(externalReferences, that.externalReferences); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, identifier, title, text, descriptions, openCre, parent, properties, externalReferences); + } +} diff --git a/src/main/java/org/cyclonedx/model/definition/Standard.java b/src/main/java/org/cyclonedx/model/definition/Standard.java new file mode 100644 index 0000000000..834de47445 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/definition/Standard.java @@ -0,0 +1,148 @@ +package org.cyclonedx.model.definition; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.model.JsonOnly; +import org.cyclonedx.model.Signature; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "name", + "version", + "description", + "owner", + "requirements", + "levels", + "externalReferences", + "signature" +}) +public class Standard extends ExtensibleElement +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; + + private String name; + + private String version; + + private String description; + + private String owner; + + private List requirements; + + private List levels; + + private List externalReferences; + + @JsonOnly + private Signature signature; + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } + + public String getVersion() { + return version; + } + + public void setVersion(final String version) { + this.version = version; + } + + public String getDescription() { + return description; + } + + public void setDescription(final String description) { + this.description = description; + } + + public String getOwner() { + return owner; + } + + public void setOwner(final String owner) { + this.owner = owner; + } + + @JacksonXmlElementWrapper(localName = "requirements") + @JacksonXmlProperty(localName = "requirement") + public List getRequirements() { + return requirements; + } + + public void setRequirements(final List requirements) { + this.requirements = requirements; + } + + public List getLevels() { + return levels; + } + + public void setLevels(final List levels) { + this.levels = levels; + } + + public List getExternalReferences() { + return externalReferences; + } + + public void setExternalReferences(final List externalReferences) { + this.externalReferences = externalReferences; + } + + public Signature getSignature() { + return signature; + } + + public void setSignature(final Signature signature) { + this.signature = signature; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Standard)) { + return false; + } + Standard standard = (Standard) object; + return Objects.equals(bomRef, standard.bomRef) && Objects.equals(name, standard.name) && + Objects.equals(version, standard.version) && + Objects.equals(description, standard.description) && Objects.equals(owner, standard.owner) && + Objects.equals(requirements, standard.requirements) && + Objects.equals(levels, standard.levels) && + Objects.equals(externalReferences, standard.externalReferences) && + Objects.equals(signature, standard.signature); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, name, version, description, owner, requirements, levels, externalReferences, signature); + } +} diff --git a/src/main/java/org/cyclonedx/model/formulation/Formula.java b/src/main/java/org/cyclonedx/model/formulation/Formula.java index 0fde4cb11a..dca57a8abe 100644 --- a/src/main/java/org/cyclonedx/model/formulation/Formula.java +++ b/src/main/java/org/cyclonedx/model/formulation/Formula.java @@ -20,6 +20,7 @@ import java.util.ArrayList; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; @@ -35,7 +36,7 @@ @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder( - {"components", "services", "workflows", "properties"}) + {"bom-ref", "components", "services", "workflows", "properties"}) public class Formula extends ExtensibleElement { @@ -113,4 +114,23 @@ public List getWorkflows() { public void setWorkflows(final List workflows) { this.workflows = workflows; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Formula)) { + return false; + } + Formula formula = (Formula) object; + return Objects.equals(bomRef, formula.bomRef) && Objects.equals(components, formula.components) && + Objects.equals(services, formula.services) && Objects.equals(workflows, formula.workflows) && + Objects.equals(properties, formula.properties); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, components, services, workflows, properties); + } } diff --git a/src/main/java/org/cyclonedx/model/formulation/Workflow.java b/src/main/java/org/cyclonedx/model/formulation/Workflow.java index 6d5975264a..9f409052bf 100644 --- a/src/main/java/org/cyclonedx/model/formulation/Workflow.java +++ b/src/main/java/org/cyclonedx/model/formulation/Workflow.java @@ -13,8 +13,8 @@ @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder( { - "uid", "name", "description", "resourceReferences", "tasks", "taskDependencies", "taskTypes", "trigger", - "steps", "inputs", "outputs", "timeStart", "timeEnd", "workspaces", "runtimeTopology", "properties" + "bom-ref", "uid", "name", "description", "resourceReferences", "tasks", "taskDependencies", "taskTypes", + "trigger", "steps", "inputs", "outputs", "timeStart", "timeEnd", "workspaces", "runtimeTopology", "properties" }) public class Workflow extends FormulationCommon { diff --git a/src/main/java/org/cyclonedx/model/formulation/common/AbstractType.java b/src/main/java/org/cyclonedx/model/formulation/common/AbstractType.java index c537e169f9..8e2561898a 100644 --- a/src/main/java/org/cyclonedx/model/formulation/common/AbstractType.java +++ b/src/main/java/org/cyclonedx/model/formulation/common/AbstractType.java @@ -16,7 +16,7 @@ public abstract class AbstractType extends ExtensibleElement private ResourceReferenceChoice source; private ResourceReferenceChoice target; private ResourceReferenceChoice resource; - private List environmentVars; + private EnvironmentVars environmentVars; private AttachmentText data; private List properties; @@ -44,13 +44,12 @@ public void setResource(final ResourceReferenceChoice resource) { this.resource = resource; } - @JacksonXmlElementWrapper(localName = "environmentVars") - public List getEnvironmentVars() { + public EnvironmentVars getEnvironmentVars() { return environmentVars; } - public void setEnvironmentVars(final List environmentVars) { + public void setEnvironmentVars(final EnvironmentVars environmentVars) { this.environmentVars = environmentVars; } diff --git a/src/main/java/org/cyclonedx/model/formulation/common/EnvVariableChoice.java b/src/main/java/org/cyclonedx/model/formulation/common/EnvVariableChoice.java deleted file mode 100644 index 3e24cb85da..0000000000 --- a/src/main/java/org/cyclonedx/model/formulation/common/EnvVariableChoice.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.cyclonedx.model.formulation.common; - -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonInclude; -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; -import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import org.cyclonedx.model.Property; -import org.cyclonedx.util.deserializer.EnvVariableChoiceDeserializer; - -@JsonIgnoreProperties(ignoreUnknown = true) -@JsonInclude(JsonInclude.Include.NON_EMPTY) -@JsonDeserialize(using = EnvVariableChoiceDeserializer.class) -public class EnvVariableChoice -{ - @JacksonXmlProperty(localName = "value") - private String value; - - @JacksonXmlProperty(localName = "environmentVar") - private Property environmentVar; - - public String getValue() { - return value; - } - - public void setValue(final String value) { - this.value = value; - } - - public Property getEnvironmentVar() { - return environmentVar; - } - - public void setEnvironmentVar(final Property environmentVar) { - this.environmentVar = environmentVar; - } -} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/formulation/common/EnvironmentVars.java b/src/main/java/org/cyclonedx/model/formulation/common/EnvironmentVars.java new file mode 100644 index 0000000000..a9c3a03380 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/common/EnvironmentVars.java @@ -0,0 +1,26 @@ +package org.cyclonedx.model.formulation.common; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonTypeInfo; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import org.cyclonedx.util.deserializer.EnvironmentVarsDeserializer; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonTypeInfo(use = JsonTypeInfo.Id.NAME, property = "type") +@JsonDeserialize(using = EnvironmentVarsDeserializer.class) +public class EnvironmentVars +{ + private List choices; + + public List getChoices() { + return choices; + } + + public void setChoices(List choices) { + this.choices = choices; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/formulation/common/OutputType.java b/src/main/java/org/cyclonedx/model/formulation/common/OutputType.java index c746318326..52f4ac9076 100644 --- a/src/main/java/org/cyclonedx/model/formulation/common/OutputType.java +++ b/src/main/java/org/cyclonedx/model/formulation/common/OutputType.java @@ -10,7 +10,7 @@ @JsonDeserialize(using = OutputTypeDeserializer.class) @JsonIgnoreProperties(ignoreUnknown = true) -@JsonInclude(Include.NON_NULL) +@JsonInclude(Include.NON_EMPTY) public class OutputType extends AbstractType { diff --git a/src/main/java/org/cyclonedx/model/formulation/common/ResourceReferenceChoice.java b/src/main/java/org/cyclonedx/model/formulation/common/ResourceReferenceChoice.java index b27082ae6c..5d38b82c92 100644 --- a/src/main/java/org/cyclonedx/model/formulation/common/ResourceReferenceChoice.java +++ b/src/main/java/org/cyclonedx/model/formulation/common/ResourceReferenceChoice.java @@ -1,5 +1,7 @@ package org.cyclonedx.model.formulation.common; +import java.util.Objects; + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; @@ -28,4 +30,21 @@ public ExternalReference getExternalReference() { public void setExternalReference(final ExternalReference externalReference) { this.externalReference = externalReference; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof ResourceReferenceChoice)) { + return false; + } + ResourceReferenceChoice that = (ResourceReferenceChoice) object; + return Objects.equals(ref, that.ref) && Objects.equals(externalReference, that.externalReference); + } + + @Override + public int hashCode() { + return Objects.hash(ref, externalReference); + } } \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/formulation/task/Task.java b/src/main/java/org/cyclonedx/model/formulation/task/Task.java index 6b4e59c9eb..0f2042721e 100644 --- a/src/main/java/org/cyclonedx/model/formulation/task/Task.java +++ b/src/main/java/org/cyclonedx/model/formulation/task/Task.java @@ -12,8 +12,8 @@ @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder( { - "uid", "name", "description", "resourceReferences", "taskTypes", "trigger", "steps", "inputs", "outputs", - "timeStart", "timeEnd", "workspaces", "runtimeTopology", "taskDependencyGraph", "properties", + "bom-ref", "uid", "name", "description", "resourceReferences", "taskTypes", "trigger", "steps", "inputs", + "outputs", "timeStart", "timeEnd", "workspaces", "runtimeTopology", "taskDependencyGraph", "properties" }) public class Task extends FormulationCommon diff --git a/src/main/java/org/cyclonedx/model/formulation/trigger/Condition.java b/src/main/java/org/cyclonedx/model/formulation/trigger/Condition.java index 6c586e8548..2a3c813bbb 100644 --- a/src/main/java/org/cyclonedx/model/formulation/trigger/Condition.java +++ b/src/main/java/org/cyclonedx/model/formulation/trigger/Condition.java @@ -1,6 +1,7 @@ package org.cyclonedx.model.formulation.trigger; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; @@ -36,4 +37,23 @@ public List getProperties() { public void setProperties(final List properties) { this.properties = properties; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Condition)) { + return false; + } + Condition condition = (Condition) object; + return Objects.equals(description, condition.description) && + Objects.equals(expression, condition.expression) && + Objects.equals(properties, condition.properties); + } + + @Override + public int hashCode() { + return Objects.hash(description, expression, properties); + } } \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/formulation/trigger/Event.java b/src/main/java/org/cyclonedx/model/formulation/trigger/Event.java index 2cdb8bbf74..d481f128d7 100644 --- a/src/main/java/org/cyclonedx/model/formulation/trigger/Event.java +++ b/src/main/java/org/cyclonedx/model/formulation/trigger/Event.java @@ -1,20 +1,38 @@ package org.cyclonedx.model.formulation.trigger; import java.util.List; - +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonInclude.Include; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.annotation.JsonRootName; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import org.cyclonedx.model.AttachmentText; import org.cyclonedx.model.Property; import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(Include.NON_EMPTY) +@JsonPropertyOrder({"uid", "description", "timeReceived", "data", "source", "target", "properties"}) +@JsonRootName("event") public class Event { + private String uid; + private String description; + private String timeReceived; + private AttachmentText data; + private ResourceReferenceChoice source; + private ResourceReferenceChoice target; + private List properties; public String getUid() { @@ -41,6 +59,8 @@ public void setTimeReceived(final String timeReceived) { this.timeReceived = timeReceived; } + @JacksonXmlProperty(localName = "data") + @JsonProperty("data") public AttachmentText getData() { return data; } @@ -74,4 +94,24 @@ public List getProperties() { public void setProperties(final List properties) { this.properties = properties; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Event)) { + return false; + } + Event event = (Event) object; + return Objects.equals(uid, event.uid) && Objects.equals(description, event.description) && + Objects.equals(timeReceived, event.timeReceived) && Objects.equals(data, event.data) && + Objects.equals(source, event.source) && Objects.equals(target, event.target) && + Objects.equals(properties, event.properties); + } + + @Override + public int hashCode() { + return Objects.hash(uid, description, timeReceived, data, source, target, properties); + } } \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/formulation/trigger/Trigger.java b/src/main/java/org/cyclonedx/model/formulation/trigger/Trigger.java index d4b103cb6c..df093a2a3d 100644 --- a/src/main/java/org/cyclonedx/model/formulation/trigger/Trigger.java +++ b/src/main/java/org/cyclonedx/model/formulation/trigger/Trigger.java @@ -14,8 +14,8 @@ @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder({ - "uid", "name", "description", "resourceReferences", "type", "event", "conditions", "timeActivated", "inputs", - "outputs", "properties" + "bom-ref", "uid", "name", "description", "resourceReferences", "type", "event", "conditions", "timeActivated", + "inputs", "outputs", "properties" }) public class Trigger extends BasicDataAbstract diff --git a/src/main/java/org/cyclonedx/model/formulation/workspace/Workspace.java b/src/main/java/org/cyclonedx/model/formulation/workspace/Workspace.java index 639965310f..bd5ac13486 100644 --- a/src/main/java/org/cyclonedx/model/formulation/workspace/Workspace.java +++ b/src/main/java/org/cyclonedx/model/formulation/workspace/Workspace.java @@ -8,15 +8,13 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import org.cyclonedx.model.Property; import org.cyclonedx.model.formulation.common.BasicDataAbstract; -import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder({ - "uid", "name", "aliases", "description", "resourceReferences", "accessMode", "mountPath", "managedDataType", - "volumeRequest", "volume", "properties" + "bom-ref", "uid", "name", "aliases", "description", "resourceReferences", "accessMode", "mountPath", + "managedDataType", "volumeRequest", "volume", "properties" }) public class Workspace extends BasicDataAbstract { @@ -56,30 +54,6 @@ public String getAccessMode() { } } - public String getBomRef() { - return bomRef; - } - - public void setBomRef(final String bomRef) { - this.bomRef = bomRef; - } - - public String getUid() { - return uid; - } - - public void setUid(final String uid) { - this.uid = uid; - } - - public String getName() { - return name; - } - - public void setName(final String name) { - this.name = name; - } - @JacksonXmlElementWrapper(localName = "aliases") @JacksonXmlProperty(localName = "alias") public List getAliases() { @@ -90,24 +64,6 @@ public void setAliases(final List aliases) { this.aliases = aliases; } - public String getDescription() { - return description; - } - - public void setDescription(final String description) { - this.description = description; - } - - @JacksonXmlElementWrapper(localName = "resourceReferences") - @JacksonXmlProperty(localName = "resourceReference") - public List getResourceReferences() { - return resourceReferences; - } - - public void setResourceReferences(final List resourceReferences) { - this.resourceReferences = resourceReferences; - } - public AccessMode getAccessMode() { return accessMode; } @@ -147,14 +103,4 @@ public Volume getVolume() { public void setVolume(final Volume volume) { this.volume = volume; } - - @JacksonXmlElementWrapper(localName = "properties") - @JacksonXmlProperty(localName = "property") - public List getProperties() { - return properties; - } - - public void setProperties(final List properties) { - this.properties = properties; - } } diff --git a/src/main/java/org/cyclonedx/model/license/Acknowledgement.java b/src/main/java/org/cyclonedx/model/license/Acknowledgement.java new file mode 100644 index 0000000000..e317e0be97 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/license/Acknowledgement.java @@ -0,0 +1,31 @@ +package org.cyclonedx.model.license; + +import com.fasterxml.jackson.annotation.JsonProperty; +import org.cyclonedx.model.ExternalReference.Type; + +public enum Acknowledgement +{ + @JsonProperty("declared") + DECLARED("declared"), + @JsonProperty("concluded") + CONCLUDED("concluded"); + + private final String name; + + public String getValue() { + return this.name; + } + + Acknowledgement(String name) { + this.name = name; + } + + public static Acknowledgement fromString(String text) { + for (Acknowledgement t : Acknowledgement.values()) { + if (t.name.equals(text)) { + return t; + } + } + return null; + } +} diff --git a/src/main/java/org/cyclonedx/model/license/Expression.java b/src/main/java/org/cyclonedx/model/license/Expression.java new file mode 100644 index 0000000000..5ae298512d --- /dev/null +++ b/src/main/java/org/cyclonedx/model/license/Expression.java @@ -0,0 +1,85 @@ +package org.cyclonedx.model.license; + +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonInclude.Include; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlText; +import org.cyclonedx.Version; +import org.cyclonedx.model.VersionFilter; +import org.cyclonedx.util.deserializer.ExpressionDeserializer; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(Include.NON_EMPTY) +@JsonPropertyOrder({"value", "acknowledgement", "bom-ref"}) +@JsonDeserialize(using = ExpressionDeserializer.class) +public class Expression +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + @VersionFilter(Version.VERSION_16) + private String bomRef; + @JacksonXmlProperty(isAttribute = true, localName = "acknowledgement") + @JsonProperty("acknowledgement") + @VersionFilter(Version.VERSION_16) + private Acknowledgement acknowledgement; + + @JacksonXmlText + @JsonProperty("expression") + private String value; + + public Expression() { + + } + + public Expression(String value) { + this.value = value; + } + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public Acknowledgement getAcknowledgement() { + return acknowledgement; + } + + public void setAcknowledgement(final Acknowledgement acknowledgement) { + this.acknowledgement = acknowledgement; + } + + public String getValue() { + return value; + } + + public void setValue(final String value) { + this.value = value; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Expression)) { + return false; + } + Expression that = (Expression) object; + return Objects.equals(bomRef, that.bomRef) && + Objects.equals(acknowledgement, that.acknowledgement) && Objects.equals(value, that.value); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, acknowledgement, value); + } +} diff --git a/src/main/java/org/cyclonedx/model/metadata/ToolInformation.java b/src/main/java/org/cyclonedx/model/metadata/ToolInformation.java index 8e689c8eb3..b0d59fb8cd 100644 --- a/src/main/java/org/cyclonedx/model/metadata/ToolInformation.java +++ b/src/main/java/org/cyclonedx/model/metadata/ToolInformation.java @@ -1,22 +1,30 @@ package org.cyclonedx.model.metadata; +import java.util.ArrayList; import java.util.List; import java.util.Objects; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import org.cyclonedx.model.Component; import org.cyclonedx.model.Service; -import com.fasterxml.jackson.annotation.JsonInclude; - @JsonInclude(JsonInclude.Include.NON_EMPTY) public class ToolInformation { + @JacksonXmlElementWrapper(localName = "components") + @JacksonXmlProperty(localName = "component") private List components; + @JacksonXmlElementWrapper(localName = "services") + @JacksonXmlProperty(localName = "service") private List services; - public List getComponents() { + if(components==null) { + components = new ArrayList<>(); + } return components; } @@ -24,26 +32,31 @@ public void setComponents(final List components) { this.components = components; } - public List getServices() { + if(services==null) { + services = new ArrayList<>(); + } return services; } public void setServices(final List services) { this.services = services; } - + @Override - public int hashCode() { - return Objects.hash(components, services); + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof ToolInformation)) { + return false; + } + ToolInformation that = (ToolInformation) object; + return Objects.equals(components, that.components) && Objects.equals(services, that.services); } @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - ToolInformation other = (ToolInformation) o; - return Objects.equals(components, other.components) && - Objects.equals(services, other.services); + public int hashCode() { + return Objects.hash(components, services); } } diff --git a/src/main/java/org/cyclonedx/model/organization/PostalAddress.java b/src/main/java/org/cyclonedx/model/organization/PostalAddress.java new file mode 100644 index 0000000000..395e1c2b54 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/organization/PostalAddress.java @@ -0,0 +1,108 @@ +package org.cyclonedx.model.organization; + +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({"country", "region", "locality", "postOfficeBoxNumber", "postalCode", "streetAddress"}) +public class PostalAddress +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; + + private String country; + + private String region; + + private String locality; + + private String postOfficeBoxNumber; + + private String postalCode; + + private String streetAddress; + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public String getCountry() { + return country; + } + + public void setCountry(final String country) { + this.country = country; + } + + public String getRegion() { + return region; + } + + public void setRegion(final String region) { + this.region = region; + } + + public String getLocality() { + return locality; + } + + public void setLocality(final String locality) { + this.locality = locality; + } + + public String getPostOfficeBoxNumber() { + return postOfficeBoxNumber; + } + + public void setPostOfficeBoxNumber(final String postOfficeBoxNumber) { + this.postOfficeBoxNumber = postOfficeBoxNumber; + } + + public String getPostalCode() { + return postalCode; + } + + public void setPostalCode(final String postalCode) { + this.postalCode = postalCode; + } + + public String getStreetAddress() { + return streetAddress; + } + + public void setStreetAddress(final String streetAddress) { + this.streetAddress = streetAddress; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof PostalAddress)) { + return false; + } + PostalAddress that = (PostalAddress) object; + return Objects.equals(bomRef, that.bomRef) && Objects.equals(country, that.country) && + Objects.equals(region, that.region) && Objects.equals(locality, that.locality) && + Objects.equals(postOfficeBoxNumber, that.postOfficeBoxNumber) && + Objects.equals(postalCode, that.postalCode) && + Objects.equals(streetAddress, that.streetAddress); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef, country, region, locality, postOfficeBoxNumber, postalCode, streetAddress); + } +} diff --git a/src/main/java/org/cyclonedx/model/vulnerability/ProofOfConcept.java b/src/main/java/org/cyclonedx/model/vulnerability/ProofOfConcept.java new file mode 100644 index 0000000000..3bee978400 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/vulnerability/ProofOfConcept.java @@ -0,0 +1,74 @@ +package org.cyclonedx.model.vulnerability; + +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.AttachmentText; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonPropertyOrder({ + "reproductionSteps", + "environment", + "supportingMaterial" +}) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class ProofOfConcept +{ + private String reproductionSteps; + + private String environment; + + private List supportingMaterial; + + public String getEnvironment() { + return environment; + } + + public void setEnvironment(final String environment) { + this.environment = environment; + } + + @JacksonXmlElementWrapper(localName = "supportingMaterial") + @JacksonXmlProperty(localName = "attachment") + @JsonProperty("supportingMaterial") + public List getSupportingMaterial() { + return supportingMaterial; + } + + public void setSupportingMaterial(final List supportingMaterial) { + this.supportingMaterial = supportingMaterial; + } + + public String getReproductionSteps() { + return reproductionSteps; + } + + public void setReproductionSteps(final String reproductionSteps) { + this.reproductionSteps = reproductionSteps; + } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof ProofOfConcept)) { + return false; + } + ProofOfConcept that = (ProofOfConcept) object; + return Objects.equals(reproductionSteps, that.reproductionSteps) && + Objects.equals(environment, that.environment) && + Objects.equals(supportingMaterial, that.supportingMaterial); + } + + @Override + public int hashCode() { + return Objects.hash(reproductionSteps, environment, supportingMaterial); + } +} diff --git a/src/main/java/org/cyclonedx/model/vulnerability/Rating.java b/src/main/java/org/cyclonedx/model/vulnerability/Rating.java index cb00b4631e..3fa3dec68c 100644 --- a/src/main/java/org/cyclonedx/model/vulnerability/Rating.java +++ b/src/main/java/org/cyclonedx/model/vulnerability/Rating.java @@ -18,6 +18,8 @@ */ package org.cyclonedx.model.vulnerability; +import java.util.Objects; + import org.cyclonedx.model.vulnerability.Vulnerability10.Score; import org.cyclonedx.model.vulnerability.Vulnerability10.ScoreSource; import org.cyclonedx.model.vulnerability.Vulnerability10.Severity; @@ -63,4 +65,22 @@ public String getVector() { public void setVector(final String vector) { this.vector = vector; } + + @Override + public boolean equals(final Object object) { + if (this == object) { + return true; + } + if (!(object instanceof Rating)) { + return false; + } + Rating rating = (Rating) object; + return Objects.equals(score, rating.score) && severity == rating.severity && method == rating.method && + Objects.equals(vector, rating.vector); + } + + @Override + public int hashCode() { + return Objects.hash(score, severity, method, vector); + } } diff --git a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java index ac651aeb3d..dfd9654b2b 100644 --- a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java +++ b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java @@ -21,11 +21,13 @@ import java.util.ArrayList; import java.util.Date; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; @@ -34,6 +36,8 @@ import org.cyclonedx.model.Property; import org.cyclonedx.model.Tool; import org.cyclonedx.model.VersionFilter; +import org.cyclonedx.model.metadata.ToolInformation; +import org.cyclonedx.util.deserializer.VulnerabilityDeserializer; import org.cyclonedx.util.serializer.CustomDateSerializer; /** @@ -50,6 +54,8 @@ "description", "detail", "recommendation", + "workaround", + "proofOfConcept", "advisories", "created", "published", @@ -62,6 +68,7 @@ "properties" }) @JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonDeserialize(using = VulnerabilityDeserializer.class) public class Vulnerability { public Vulnerability() {} @@ -77,23 +84,34 @@ public Vulnerability() {} private String description; private String detail; private String recommendation; + + @VersionFilter(org.cyclonedx.Version.VERSION_15) + private String workaround; + + @VersionFilter(org.cyclonedx.Version.VERSION_15) + private ProofOfConcept proofOfConcept; + private List advisories; @JsonSerialize(using = CustomDateSerializer.class) - @VersionFilter(versions = { "1.0", "1.1", "1.2", "1.3"}) + @VersionFilter(org.cyclonedx.Version.VERSION_14) private Date created; @JsonSerialize(using = CustomDateSerializer.class) - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) + @VersionFilter(org.cyclonedx.Version.VERSION_14) private Date published; @JsonSerialize(using = CustomDateSerializer.class) - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) + @VersionFilter(org.cyclonedx.Version.VERSION_14) private Date updated; @JsonSerialize(using = CustomDateSerializer.class) - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(org.cyclonedx.Version.VERSION_15) private Date rejected; private Credits credits; @JacksonXmlElementWrapper(localName = "tools") @JacksonXmlProperty(localName = "tool") + @Deprecated private List tools; + @JacksonXmlProperty(localName = "tools") + @VersionFilter(org.cyclonedx.Version.VERSION_15) + private ToolInformation toolInformation; private Analysis analysis; private List affects; private List properties; @@ -132,6 +150,13 @@ public void setReferences(final List references) { this.references = references; } + public void addReference(Reference reference) { + if (references == null) { + references = new ArrayList<>(); + } + references.add(reference); + } + @JacksonXmlElementWrapper(localName = "ratings") @JacksonXmlProperty(localName = "rating") public List getRatings() { @@ -200,6 +225,13 @@ public void setAdvisories(final List advisories) { this.advisories = advisories; } + public void addAdvisory(Advisory advisory) { + if (advisories == null) { + advisories = new ArrayList<>(); + } + advisories.add(advisory); + } + public Date getCreated() { return created; } @@ -248,6 +280,17 @@ public void setTools(final List tools) { this.tools = tools; } + @JacksonXmlProperty(localName = "tools") + @JsonProperty("tools") + @VersionFilter(org.cyclonedx.Version.VERSION_15) + public ToolInformation getToolChoice() { + return toolInformation; + } + + public void setToolChoice(final ToolInformation toolInformation) { + this.toolInformation = toolInformation; + } + public Analysis getAnalysis() { return analysis; } @@ -266,6 +309,13 @@ public void setAffects(final List affects) { this.affects = affects; } + private void addAffect(Affect affect) { + if (affects == null) { + affects = new ArrayList<>(); + } + affects.add(affect); + } + @JacksonXmlElementWrapper(localName = "properties") @JacksonXmlProperty(localName = "property") public List getProperties() { @@ -276,6 +326,83 @@ public void setProperties(final List properties) { this.properties = properties; } + private void addProperty(Property property) { + if (properties == null) { + properties = new ArrayList<>(); + } + properties.add(property); + } + + public String getWorkaround() { + return workaround; + } + + public void setWorkaround(final String workaround) { + this.workaround = workaround; + } + + public ProofOfConcept getProofOfConcept() { + return proofOfConcept; + } + + public void setProofOfConcept(final ProofOfConcept proofOfConcept) { + this.proofOfConcept = proofOfConcept; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof Vulnerability)) return false; + Vulnerability rhs = (Vulnerability) o; + return Objects.equals(bomRef, rhs.bomRef) && + Objects.equals(id, rhs.id) && + Objects.equals(source, rhs.source) && + Objects.equals(references, rhs.references) && + Objects.equals(ratings, rhs.ratings) && + Objects.equals(cwes, rhs.cwes) && + Objects.equals(description, rhs.description) && + Objects.equals(detail, rhs.detail) && + Objects.equals(recommendation, rhs.recommendation) && + Objects.equals(advisories, rhs.advisories) && + Objects.equals(created, rhs.created) && + Objects.equals(published, rhs.published) && + Objects.equals(updated, rhs.updated) && + Objects.equals(rejected, rhs.rejected) && + Objects.equals(credits, rhs.credits) && + Objects.equals(tools, rhs.tools) && + Objects.equals(analysis, rhs.analysis) && + Objects.equals(affects, rhs.affects) && + Objects.equals(workaround, rhs.workaround) && + Objects.equals(proofOfConcept, rhs.proofOfConcept) && + Objects.equals(properties, rhs.properties); + } + + @Override + public int hashCode() { + return Objects.hash( + bomRef, + id, + source, + references, + ratings, + cwes, + description, + detail, + recommendation, + advisories, + created, + published, + updated, + rejected, + credits, + tools, + analysis, + affects, + workaround, + proofOfConcept, + properties); + } + @JsonInclude(JsonInclude.Include.NON_NULL) public static class Reference { private String id; @@ -296,6 +423,22 @@ public Source getSource() { public void setSource(final Source source) { this.source = source; } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof Reference)) return false; + Reference rhs = (Reference) o; + return Objects.equals(id, rhs.id) && + Objects.equals(source, rhs.source); + } + + @Override + public int hashCode() { + return Objects.hash( + id, + source); + } } @JsonInclude(JsonInclude.Include.NON_NULL) @@ -318,6 +461,22 @@ public String getUrl() { public void setUrl(final String url) { this.url = url; } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof Source)) return false; + Source rhs = (Source) o; + return Objects.equals(name, rhs.name) && + Objects.equals(url, rhs.url); + } + + @Override + public int hashCode() { + return Objects.hash( + name, + url); + } } @JsonInclude(JsonInclude.Include.NON_NULL) @@ -340,6 +499,22 @@ public String getUrl() { public void setUrl(final String url) { this.url = url; } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof Advisory)) return false; + Advisory rhs = (Advisory) o; + return Objects.equals(title, rhs.title) && + Objects.equals(url, rhs.url); + } + + @Override + public int hashCode() { + return Objects.hash( + title, + url); + } } @JsonInclude(JsonInclude.Include.NON_NULL) @@ -392,10 +567,12 @@ public enum Method { CVSSV3("CVSSv3"), @JsonProperty("CVSSv31") CVSSV31("CVSSv31"), + @VersionFilter(org.cyclonedx.Version.VERSION_15) @JsonProperty("CVSSv4") CVSSV4("CVSSv4"), @JsonProperty("OWASP") OWASP("OWASP"), + @VersionFilter(org.cyclonedx.Version.VERSION_15) @JsonProperty("SSVC") SSVC("SSVC"), @JsonProperty("other") @@ -472,6 +649,30 @@ public String getJustification() { public void setJustification(final String justification) { this.justification = justification; } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof Rating)) return false; + Rating rhs = (Rating) o; + return Objects.equals(source, rhs.source) && + Objects.equals(score, rhs.score) && + Objects.equals(severity, rhs.severity) && + Objects.equals(method, rhs.method) && + Objects.equals(vector, rhs.vector) && + Objects.equals(justification, rhs.justification); + } + + @Override + public int hashCode() { + return Objects.hash( + source, + score, + severity, + method, + vector, + justification); + } } @JsonInclude(JsonInclude.Include.NON_NULL) @@ -596,11 +797,11 @@ public static Analysis.Response fromString(String text) { private String detail; @JsonSerialize(using = CustomDateSerializer.class) - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(org.cyclonedx.Version.VERSION_15) private Date firstIssued; @JsonSerialize(using = CustomDateSerializer.class) - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(org.cyclonedx.Version.VERSION_15) private Date lastUpdated; public State getState() { @@ -630,6 +831,13 @@ public void setResponses(final List responses) { this.responses = responses; } + public void addResponse(Response response) { + if (this.responses == null) { + this.responses = new ArrayList<>(); + } + this.responses.add(response); + } + public String getDetail() { return detail; } @@ -653,6 +861,30 @@ public Date getLastUpdated() { public void setLastUpdated(final Date lastUpdated) { this.lastUpdated = lastUpdated; } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof Analysis)) return false; + Analysis rhs = (Analysis) o; + return Objects.equals(state, rhs.state) && + Objects.equals(justification, rhs.justification) && + Objects.equals(responses, rhs.responses) && + Objects.equals(detail, rhs.detail) && + Objects.equals(firstIssued, rhs.firstIssued) && + Objects.equals(lastUpdated, rhs.lastUpdated); + } + + @Override + public int hashCode() { + return Objects.hash( + state, + justification, + responses, + detail, + firstIssued, + lastUpdated); + } } @JsonInclude(JsonInclude.Include.NON_EMPTY) @@ -677,6 +909,29 @@ public List getVersions() { public void setVersions(final List versions) { this.versions = versions; } + + public void addVersion(Version version) { + if (versions == null) { + versions = new ArrayList<>(); + } + versions.add(version); + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof Affect)) return false; + Affect rhs = (Affect) o; + return Objects.equals(ref, rhs.ref) && + Objects.equals(versions, rhs.versions); + } + + @Override + public int hashCode() { + return Objects.hash( + ref, + versions); + } } @JsonInclude(JsonInclude.Include.NON_NULL) @@ -758,6 +1013,13 @@ public void setIndividuals(final List individuals) { this.individuals = individuals; } + public void addIndividual(OrganizationalContact individual) { + if (individuals == null) { + individuals = new ArrayList<>(); + } + individuals.add(individual); + } + public List getOrganizations() { return organizations; } @@ -765,5 +1027,28 @@ public List getOrganizations() { public void setOrganizations(final List organizations) { this.organizations = organizations; } + + public void addOrganization(OrganizationalEntity organization) { + if (this.organizations == null) { + this.organizations = new ArrayList<>(); + } + this.organizations.add(organization); + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof Credits)) return false; + Credits rhs = (Credits) o; + return Objects.equals(organizations, rhs.organizations) && + Objects.equals(individuals, rhs.individuals); + } + + @Override + public int hashCode() { + return Objects.hash( + organizations, + individuals); + } } } diff --git a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability10.java b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability10.java index beaebc0501..95c91a6a29 100644 --- a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability10.java +++ b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability10.java @@ -30,6 +30,7 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import org.cyclonedx.model.ExtensibleType; +@Deprecated @JsonRootName(Vulnerability10.NAME) public class Vulnerability10 extends ExtensibleType implements Serializable diff --git a/src/main/java/org/cyclonedx/BomParserFactory.java b/src/main/java/org/cyclonedx/parsers/BomParserFactory.java similarity index 98% rename from src/main/java/org/cyclonedx/BomParserFactory.java rename to src/main/java/org/cyclonedx/parsers/BomParserFactory.java index e4d8a3565c..c0bae141c9 100644 --- a/src/main/java/org/cyclonedx/BomParserFactory.java +++ b/src/main/java/org/cyclonedx/parsers/BomParserFactory.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx; +package org.cyclonedx.parsers; import org.apache.commons.io.IOUtils; import org.cyclonedx.exception.ParseException; diff --git a/src/main/java/org/cyclonedx/parsers/JsonParser.java b/src/main/java/org/cyclonedx/parsers/JsonParser.java index a7cc311681..67a75dce27 100644 --- a/src/main/java/org/cyclonedx/parsers/JsonParser.java +++ b/src/main/java/org/cyclonedx/parsers/JsonParser.java @@ -24,6 +24,8 @@ import org.apache.commons.io.FileUtils; import org.apache.commons.io.IOUtils; import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.Format; +import org.cyclonedx.Version; import org.cyclonedx.exception.ParseException; import org.cyclonedx.model.Bom; @@ -104,7 +106,7 @@ public List validate(final File file) throws IOException { /** * {@inheritDoc} */ - public List validate(final File file, final CycloneDxSchema.Version schemaVersion) throws IOException { + public List validate(final File file, final Version schemaVersion) throws IOException { return validate(FileUtils.readFileToString(file, StandardCharsets.UTF_8), schemaVersion); } @@ -118,7 +120,7 @@ public List validate(final byte[] bomBytes) throws IOException { /** * {@inheritDoc} */ - public List validate(final byte[] bomBytes, final CycloneDxSchema.Version schemaVersion) throws IOException { + public List validate(final byte[] bomBytes, final Version schemaVersion) throws IOException { return validate(new String(bomBytes), schemaVersion); } @@ -132,7 +134,7 @@ public List validate(final Reader reader) throws IOException { /** * {@inheritDoc} */ - public List validate(final Reader reader, final CycloneDxSchema.Version schemaVersion) throws IOException { + public List validate(final Reader reader, final Version schemaVersion) throws IOException { return validate(IOUtils.toString(reader), schemaVersion); } @@ -146,7 +148,7 @@ public List validate(final InputStream inputStream) throws IOExc /** * {@inheritDoc} */ - public List validate(final InputStream inputStream, final CycloneDxSchema.Version schemaVersion) throws IOException { + public List validate(final InputStream inputStream, final Version schemaVersion) throws IOException { return validate(IOUtils.toString(inputStream, StandardCharsets.UTF_8), schemaVersion); } @@ -154,11 +156,11 @@ public List validate(final InputStream inputStream, final Cyclon * Verifies a CycloneDX BOM conforms to the specification through JSON validation. * @param bomString the CycloneDX BOM to validate * @param schemaVersion the schema version to validate against - * @return true is the file is a valid BOM, false if not * @throws IOException when errors are encountered * @since 3.0.0 + * @return a list of exceptions encountered during validation */ - public List validate(final String bomString, final CycloneDxSchema.Version schemaVersion) throws IOException { + public List validate(final String bomString, final Version schemaVersion) throws IOException { return validate(mapper.readTree(bomString), schemaVersion); } @@ -166,16 +168,25 @@ public List validate(final String bomString, final CycloneDxSche * Verifies a CycloneDX BOM conforms to the specification through JSON validation. * @param bomJson the CycloneDX BOM to validate * @param schemaVersion the schema version to validate against - * @return true is the file is a valid BOM, false if not * @throws IOException when errors are encountered * @since 3.0.0 + * @return a list of exceptions encountered during validation */ - public List validate(final JsonNode bomJson, final CycloneDxSchema.Version schemaVersion) throws IOException { + public List validate(final JsonNode bomJson, final Version schemaVersion) throws IOException { final List exceptions = new ArrayList<>(); + + if (!schemaVersion.getFormats().contains(Format.JSON)) { + exceptions.add( + new ParseException("CycloneDX version " + schemaVersion.getVersionString() + + " does not support the JSON format") + ); + } + Set errors = getJsonSchema(schemaVersion, mapper).validate(mapper.readTree(bomJson.toString())); for (ValidationMessage message: errors) { exceptions.add(new ParseException(message.getMessage())); } + return exceptions; } @@ -189,7 +200,7 @@ public boolean isValid(final File file) throws IOException { /** * {@inheritDoc} */ - public boolean isValid(final File file, final CycloneDxSchema.Version schemaVersion) throws IOException { + public boolean isValid(final File file, final Version schemaVersion) throws IOException { return validate(file, schemaVersion).isEmpty(); } @@ -203,7 +214,7 @@ public boolean isValid(final byte[] bomBytes) throws IOException { /** * {@inheritDoc} */ - public boolean isValid(final byte[] bomBytes, final CycloneDxSchema.Version schemaVersion) throws IOException { + public boolean isValid(final byte[] bomBytes, final Version schemaVersion) throws IOException { return validate(bomBytes, schemaVersion).isEmpty(); } @@ -217,7 +228,7 @@ public boolean isValid(final Reader reader) throws IOException { /** * {@inheritDoc} */ - public boolean isValid(final Reader reader, final CycloneDxSchema.Version schemaVersion) throws IOException { + public boolean isValid(final Reader reader, final Version schemaVersion) throws IOException { return validate(reader, schemaVersion).isEmpty(); } @@ -231,7 +242,7 @@ public boolean isValid(final InputStream inputStream) throws IOException { /** * {@inheritDoc} */ - public boolean isValid(final InputStream inputStream, final CycloneDxSchema.Version schemaVersion) throws IOException { + public boolean isValid(final InputStream inputStream, final Version schemaVersion) throws IOException { return validate(inputStream, schemaVersion).isEmpty(); } } diff --git a/src/main/java/org/cyclonedx/parsers/Parser.java b/src/main/java/org/cyclonedx/parsers/Parser.java index 7ce11a6ab6..9554bb672b 100644 --- a/src/main/java/org/cyclonedx/parsers/Parser.java +++ b/src/main/java/org/cyclonedx/parsers/Parser.java @@ -18,7 +18,7 @@ */ package org.cyclonedx.parsers; -import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.Version; import org.cyclonedx.exception.ParseException; import org.cyclonedx.model.Bom; import java.io.File; @@ -82,7 +82,7 @@ public interface Parser { * @throws IOException when errors are encountered * @since 3.0.0 */ - List validate(File file, CycloneDxSchema.Version schemaVersion) throws IOException; + List validate(File file, Version schemaVersion) throws IOException; /** * Validates a CycloneDX BOM. @@ -101,7 +101,7 @@ public interface Parser { * @throws IOException when errors are encountered * @since 3.0.0 */ - List validate(byte[] bomBytes, CycloneDxSchema.Version schemaVersion) throws IOException; + List validate(byte[] bomBytes, Version schemaVersion) throws IOException; /** * Validates a CycloneDX BOM. @@ -120,7 +120,7 @@ public interface Parser { * @throws IOException when errors are encountered * @since 3.0.0 */ - List validate(Reader reader, CycloneDxSchema.Version schemaVersion) throws IOException; + List validate(Reader reader, Version schemaVersion) throws IOException; /** * Validates a CycloneDX BOM. @@ -139,7 +139,7 @@ public interface Parser { * @throws IOException when errors are encountered * @since 3.0.0 */ - List validate(InputStream inputStream, CycloneDxSchema.Version schemaVersion) throws IOException; + List validate(InputStream inputStream, Version schemaVersion) throws IOException; /** * Verifies a CycloneDX BOM conforms to the latest version of the specification. @@ -158,7 +158,7 @@ public interface Parser { * @throws IOException when errors are encountered * @since 3.0.0 */ - boolean isValid(File file, CycloneDxSchema.Version schemaVersion) throws IOException; + boolean isValid(File file, Version schemaVersion) throws IOException; /** * Verifies a CycloneDX BOM conforms to the latest version of the specification. @@ -177,7 +177,7 @@ public interface Parser { * @throws IOException when errors are encountered * @since 3.0.0 */ - boolean isValid(byte[] bomBytes, CycloneDxSchema.Version schemaVersion) throws IOException; + boolean isValid(byte[] bomBytes, Version schemaVersion) throws IOException; /** * Verifies a CycloneDX BOM conforms to the latest version of the specification. @@ -196,7 +196,7 @@ public interface Parser { * @throws IOException when errors are encountered * @since 3.0.0 */ - boolean isValid(Reader reader, CycloneDxSchema.Version schemaVersion) throws IOException; + boolean isValid(Reader reader, Version schemaVersion) throws IOException; /** * Verifies a CycloneDX BOM conforms to the latest version of the specification. @@ -215,6 +215,6 @@ public interface Parser { * @throws IOException when errors are encountered * @since 3.0.0 */ - boolean isValid(InputStream inputStream, CycloneDxSchema.Version schemaVersion) throws IOException; + boolean isValid(InputStream inputStream, Version schemaVersion) throws IOException; } diff --git a/src/main/java/org/cyclonedx/parsers/XmlParser.java b/src/main/java/org/cyclonedx/parsers/XmlParser.java index 79322dd06f..119e5fd697 100644 --- a/src/main/java/org/cyclonedx/parsers/XmlParser.java +++ b/src/main/java/org/cyclonedx/parsers/XmlParser.java @@ -21,23 +21,26 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.dataformat.xml.XmlMapper; import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.Version; import org.cyclonedx.exception.ParseException; import org.cyclonedx.model.Bom; +import org.w3c.dom.Document; +import org.w3c.dom.NamedNodeMap; import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.ErrorHandler; import org.xml.sax.InputSource; import org.xml.sax.SAXException; import org.xml.sax.SAXParseException; + +import javax.xml.XMLConstants; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.Source; import javax.xml.transform.stream.StreamSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import javax.xml.xpath.XPath; -import javax.xml.xpath.XPathConstants; -import javax.xml.xpath.XPathExpression; -import javax.xml.xpath.XPathExpressionException; -import javax.xml.xpath.XPathFactory; import java.io.ByteArrayInputStream; import java.io.File; import java.io.IOException; @@ -45,8 +48,11 @@ import java.io.Reader; import java.lang.reflect.Field; import java.nio.file.Files; +import java.util.ArrayList; +import java.util.HashMap; import java.util.LinkedList; import java.util.List; +import java.util.Map; /** * XmlParser is responsible for validating and parsing CycloneDX bill-of-material @@ -62,16 +68,23 @@ public XmlParser() { mapper = new XmlMapper(); } + private static final Map NAMESPACE_TO_VERSION_MAP = new HashMap<>(); + + static { + for (Version version : Version.values()) { + NAMESPACE_TO_VERSION_MAP.put(version.getNamespace(), version.getVersionString()); + } + } + /** * {@inheritDoc} */ public Bom parse(final File file) throws ParseException { try { - final String schemaVersion = identifySchemaVersion( - extractAllNamespaceDeclarations(new InputSource(Files.newInputStream(file.toPath())))); + final String schemaVersion = identifySchemaVersion(new InputSource(Files.newInputStream(file.toPath()))); return injectSchemaVersion(mapper.readValue(file, Bom.class), schemaVersion); - } catch (IOException | XPathExpressionException e) { + } catch (IOException | ParserConfigurationException | SAXException e) { throw new ParseException(e); } } @@ -81,11 +94,10 @@ public Bom parse(final File file) throws ParseException { */ public Bom parse(final byte[] bomBytes) throws ParseException { try { - final String schemaVersion = identifySchemaVersion( - extractAllNamespaceDeclarations(new InputSource(new ByteArrayInputStream(bomBytes)))); + final String schemaVersion = identifySchemaVersion(new InputSource(new ByteArrayInputStream(bomBytes))); return injectSchemaVersion(mapper.readValue(bomBytes, Bom.class), schemaVersion); - } catch (IOException | XPathExpressionException e) { + } catch (IOException | ParserConfigurationException | SAXException e) { throw new ParseException(e); } } @@ -143,7 +155,7 @@ public List validate(final File file) throws IOException { /** * {@inheritDoc} */ - public List validate(final File file, final CycloneDxSchema.Version schemaVersion) throws IOException { + public List validate(final File file, final Version schemaVersion) throws IOException { final Source source = new StreamSource(file); return validate(source, schemaVersion); } @@ -158,7 +170,7 @@ public List validate(final byte[] bomBytes) throws IOException { /** * {@inheritDoc} */ - public List validate(final byte[] bomBytes, final CycloneDxSchema.Version schemaVersion) throws IOException { + public List validate(final byte[] bomBytes, final Version schemaVersion) throws IOException { final Source source = new StreamSource(new ByteArrayInputStream(bomBytes)); return validate(source, schemaVersion); } @@ -173,7 +185,7 @@ public List validate(final Reader reader) throws IOException { /** * {@inheritDoc} */ - public List validate(final Reader reader, final CycloneDxSchema.Version schemaVersion) throws IOException { + public List validate(final Reader reader, final Version schemaVersion) throws IOException { final Source source = new StreamSource(reader); return validate(source, schemaVersion); } @@ -188,12 +200,12 @@ public List validate(final InputStream inputStream) throws IOExc /** * {@inheritDoc} */ - public List validate(final InputStream inputStream, final CycloneDxSchema.Version schemaVersion) throws IOException { + public List validate(final InputStream inputStream, final Version schemaVersion) throws IOException { final Source source = new StreamSource(inputStream); return validate(source, schemaVersion); } - public List validate(final Source source, final CycloneDxSchema.Version schemaVersion) throws IOException { + public List validate(final Source source, final Version schemaVersion) throws IOException { final List exceptions = new LinkedList<>(); try { final Schema schema = getXmlSchema(schemaVersion); @@ -231,7 +243,7 @@ public boolean isValid(final File file) throws IOException { /** * {@inheritDoc} */ - public boolean isValid(final File file, final CycloneDxSchema.Version schemaVersion) throws IOException { + public boolean isValid(final File file, final Version schemaVersion) throws IOException { return validate(file, schemaVersion).isEmpty(); } @@ -245,7 +257,7 @@ public boolean isValid(final byte[] bomBytes) throws IOException { /** * {@inheritDoc} */ - public boolean isValid(final byte[] bomBytes, final CycloneDxSchema.Version schemaVersion) throws IOException { + public boolean isValid(final byte[] bomBytes, final Version schemaVersion) throws IOException { return validate(bomBytes, schemaVersion).isEmpty(); } @@ -259,7 +271,7 @@ public boolean isValid(final Reader reader) throws IOException { /** * {@inheritDoc} */ - public boolean isValid(final Reader reader, final CycloneDxSchema.Version schemaVersion) throws IOException { + public boolean isValid(final Reader reader, final Version schemaVersion) throws IOException { return validate(reader, schemaVersion).isEmpty(); } @@ -273,26 +285,60 @@ public boolean isValid(final InputStream inputStream) throws IOException { /** * {@inheritDoc} */ - public boolean isValid(final InputStream inputStream, final CycloneDxSchema.Version schemaVersion) throws IOException { + public boolean isValid(final InputStream inputStream, final Version schemaVersion) throws IOException { return validate(inputStream, schemaVersion).isEmpty(); } - private String identifySchemaVersion(final NodeList nodeList) { - for (int i=0; i namespaces = extractAllNamespaceDeclarations(in); + + for (String namespaceUri : namespaces) { + String versionString = NAMESPACE_TO_VERSION_MAP.get(namespaceUri); + if (versionString != null) { + return versionString; } } return null; } - private NodeList extractAllNamespaceDeclarations(final InputSource in) throws XPathExpressionException { - final XPathFactory xPathFactory = XPathFactory.newInstance(); - final XPath xPath = xPathFactory.newXPath(); - final XPathExpression xPathExpression = xPath.compile("//namespace::*"); - return (NodeList) xPathExpression.evaluate(in, XPathConstants.NODESET); + private List extractAllNamespaceDeclarations(final InputSource in) + throws ParserConfigurationException, IOException, SAXException + { + Document doc = createSecureDocument(in); + + // Extract all namespaces, including the default namespace + Listnamespaces = new ArrayList<>(); + extractNamespaces(doc.getDocumentElement(), namespaces); + + return namespaces; + } + + private void extractNamespaces(Node node, List namespaces) { + if (node.getNodeType() == Node.ELEMENT_NODE) { + NamedNodeMap attributes = node.getAttributes(); + for (int i = 0; i < attributes.getLength(); i++) { + Node attr = attributes.item(i); + if (attr.getNodeName().equals("xmlns")) { + namespaces.add(attr.getNodeValue()); + } + } + } + NodeList children = node.getChildNodes(); + for (int i = 0; i < children.getLength(); i++) { + extractNamespaces(children.item(i), namespaces); + } + } + + private Document createSecureDocument(InputSource in) throws ParserConfigurationException, IOException, SAXException + { + //https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xpathexpression + DocumentBuilderFactory df = DocumentBuilderFactory.newInstance(); + df.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + df.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); + DocumentBuilder builder = df.newDocumentBuilder(); + return builder.parse(in); } } diff --git a/src/main/java/org/cyclonedx/util/BomLink.java b/src/main/java/org/cyclonedx/util/BomLink.java index c677f52c70..dfa40ca6f8 100644 --- a/src/main/java/org/cyclonedx/util/BomLink.java +++ b/src/main/java/org/cyclonedx/util/BomLink.java @@ -25,7 +25,7 @@ /** * Parses URNs that conform to the "cdx" namespace identifier - * as defined by https://www.iana.org/assignments/urn-formal/cdx + * as defined by ... * @since 7.1.4 */ public class BomLink { diff --git a/src/main/java/org/cyclonedx/util/BomUtils.java b/src/main/java/org/cyclonedx/util/BomUtils.java index 820ffac343..c096534f92 100644 --- a/src/main/java/org/cyclonedx/util/BomUtils.java +++ b/src/main/java/org/cyclonedx/util/BomUtils.java @@ -20,7 +20,7 @@ import org.apache.commons.codec.binary.Hex; import org.apache.commons.codec.digest.DigestUtils; -import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.Version; import org.cyclonedx.model.Hash; import java.io.BufferedInputStream; import java.io.File; @@ -52,7 +52,7 @@ private BomUtils() { * @throws IOException an IOException * @since 1.0.0 */ - public static List calculateHashes(final File file, final CycloneDxSchema.Version schemaVersion) throws IOException { + public static List calculateHashes(final File file, final Version schemaVersion) throws IOException { if (file == null || !file.exists() || !file.canRead() || !file.isFile()) { return null; } diff --git a/src/main/java/org/cyclonedx/util/LicenseResolver.java b/src/main/java/org/cyclonedx/util/LicenseResolver.java index 4bae960b97..4f6d6dcd26 100644 --- a/src/main/java/org/cyclonedx/util/LicenseResolver.java +++ b/src/main/java/org/cyclonedx/util/LicenseResolver.java @@ -19,10 +19,13 @@ package org.cyclonedx.util; import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.io.IOUtils; import org.cyclonedx.model.License; import org.cyclonedx.model.LicenseChoice; import org.cyclonedx.model.AttachmentText; +import org.cyclonedx.model.license.Expression; + import java.io.IOException; import java.io.InputStream; import java.nio.charset.Charset; @@ -109,7 +112,7 @@ private static LicenseChoice resolveLicenseString(String licenseString, LicenseT licenses = mapper.readValue(is, LicenseList.class); } - if (licenses != null && licenses.licenses != null && !licenses.licenses.isEmpty()) { + if (licenses != null && CollectionUtils.isNotEmpty(licenses.licenses)) { for (LicenseDetail licenseDetail : licenses.licenses) { final String primaryLicenseUrl = (licenseDetail.seeAlso != null && !licenseDetail.seeAlso.isEmpty()) ? licenseDetail.seeAlso.get(0) : null; @@ -159,15 +162,16 @@ private static LicenseChoice resolveFuzzyMatching(final String licenseString, fi final SpdxLicenseMapping[] mappings = mapper.readValue(is, SpdxLicenseMapping[].class); if (mappings != null) { - for(final SpdxLicenseMapping licenseMapping : mappings) { - if (licenseMapping.names != null && !licenseMapping.names.isEmpty()) { + for (final SpdxLicenseMapping licenseMapping : mappings) { + if (CollectionUtils.isNotEmpty(licenseMapping.names)) { for (final String name : licenseMapping.names) { if (licenseString.equalsIgnoreCase(name)) { if (licenseMapping.exp.startsWith("(") && licenseMapping.exp.endsWith(")")) { final LicenseChoice lc = new LicenseChoice(); - lc.setExpression(licenseMapping.exp); + lc.setExpression(new Expression(licenseMapping.exp)); return lc; - } else { + } + else { return createLicenseChoice(licenseMapping.exp, null, false, licenseTextSettings); } } @@ -197,7 +201,7 @@ private static LicenseChoice createLicenseChoice(String licenseId, String primar if (is != null) { final String text = IOUtils.toString(is, StandardCharsets.UTF_8); final AttachmentText attachment = new AttachmentText(); - attachment.setContentType("plain/text"); + attachment.setContentType("text/plain"); switch(licenseTextSettings.getEncoding()){ case NONE: attachment.setEncoding(null); diff --git a/src/main/java/org/cyclonedx/util/ObjectLocator.java b/src/main/java/org/cyclonedx/util/ObjectLocator.java index 4c11c08ea5..89f563ebd6 100644 --- a/src/main/java/org/cyclonedx/util/ObjectLocator.java +++ b/src/main/java/org/cyclonedx/util/ObjectLocator.java @@ -18,10 +18,12 @@ */ package org.cyclonedx.util; +import org.apache.commons.collections4.CollectionUtils; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; import org.cyclonedx.model.Service; import org.cyclonedx.model.vulnerability.Vulnerability; + import java.util.Collections; import java.util.List; @@ -66,26 +68,33 @@ public ObjectLocator locate() { // TODO is BOM-Link - if (this.bom.getMetadata() != null && this.bom.getMetadata().getComponent() != null) { - Component c = findComponent(Collections.singletonList(this.bom.getMetadata().getComponent()), this.bomRef); + final Component c = findComponent(Collections.singletonList(this.bom.getMetadata().getComponent()), this.bomRef); if (c != null) { this.isMetadataComponent = true; this.object = c; - } - c = findComponent(this.bom.getComponents(), this.bomRef); - if (c != null) { - this.object = c; - } - final Service s = findService(this.bom.getServices(), this.bomRef); - if (s != null) { - this.object = s; - } - final Vulnerability v = findVulnerability(this.bom.getVulnerabilities(), this.bomRef); - if (v != null) { - this.object = v; + return this; } } + + final Component c = findComponent(this.bom.getComponents(), this.bomRef); + if (c != null) { + this.object = c; + return this; + } + + final Service s = findService(this.bom.getServices(), this.bomRef); + if (s != null) { + this.object = s; + return this; + } + + final Vulnerability v = findVulnerability(this.bom.getVulnerabilities(), this.bomRef); + if (v != null) { + this.object = v; + return this; + } + return this; } @@ -94,7 +103,7 @@ private static Component findComponent(final List components, final S for (final Component component: components) { if (bomRef.equals(component.getBomRef())) { return component; - } else if (component.getComponents() != null) { + } else if (CollectionUtils.isNotEmpty(component.getComponents())) { final Component child = findComponent(component.getComponents(), bomRef); if (child != null) return child; } @@ -107,7 +116,7 @@ private static Service findService(final List services, final String bo for (final Service service: services) { if (bomRef.equals(service.getBomRef())) { return service; - } else if (service.getServices() != null) { + } else if (CollectionUtils.isNotEmpty(service.getServices())) { final Service child = findService(service.getServices(), bomRef); if (child != null) return child; } diff --git a/src/main/java/org/cyclonedx/util/TimestampUtils.java b/src/main/java/org/cyclonedx/util/TimestampUtils.java new file mode 100644 index 0000000000..fe1800d771 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/TimestampUtils.java @@ -0,0 +1,42 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util; + +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.time.ZonedDateTime; +import java.time.format.DateTimeFormatter; +import java.time.format.DateTimeParseException; +import java.util.Date; + +@SuppressWarnings("unused") +public final class TimestampUtils { + private static final DateTimeFormatter DATE_FORMAT = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss[.SSS][XXX]"); + + private TimestampUtils() {} + + public static Date parseTimestamp(String text) { + try { + ZonedDateTime zdt = ZonedDateTime.parse(text, DATE_FORMAT); + return Date.from(zdt.toInstant()); + } catch (DateTimeParseException | NullPointerException e) { + return null; + } + } +} diff --git a/src/main/java/org/cyclonedx/util/ToolsJsonParser.java b/src/main/java/org/cyclonedx/util/ToolsJsonParser.java new file mode 100644 index 0000000000..68d4159561 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/ToolsJsonParser.java @@ -0,0 +1,63 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonNode; +import org.cyclonedx.model.Tool; +import org.cyclonedx.model.metadata.ToolInformation; +import org.cyclonedx.util.deserializer.ToolInformationDeserializer; +import org.cyclonedx.util.deserializer.ToolsDeserializer; + +import java.io.IOException; +import java.util.List; + +public class ToolsJsonParser { + private final ToolInformationDeserializer toolInformationDeserializer = new ToolInformationDeserializer(); + private final ToolsDeserializer toolsDeserializer = new ToolsDeserializer(); + + private ToolInformation toolInformation; + private List tools; + + public ToolsJsonParser(JsonNode node, JsonParser parser, DeserializationContext context) throws IOException { + parse(node, parser, context); + } + + private void parse(JsonNode node, JsonParser parser, DeserializationContext context) throws IOException { + if (node.has("tools")) { + JsonNode toolsNode = node.get("tools"); + JsonParser toolsParser = toolsNode.traverse(parser.getCodec()); + toolsParser.nextToken(); + if (toolsNode.has("components") || toolsNode.has("services")) { + toolInformation = toolInformationDeserializer.deserialize(toolsParser, context); + } else { + tools = toolsDeserializer.deserialize(toolsParser, context); + } + } + } + + public List getTools() { + return tools; + } + + public ToolInformation getToolInformation() { + return toolInformation; + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/AbstractDataTypeDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/AbstractDataTypeDeserializer.java new file mode 100644 index 0000000000..5fa0b39fd3 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/AbstractDataTypeDeserializer.java @@ -0,0 +1,87 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.core.type.TypeReference; + +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.DeserializationContext; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.formulation.common.AbstractType; +import org.cyclonedx.model.formulation.common.EnvironmentVars; +import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; + +public abstract class AbstractDataTypeDeserializer + extends JsonDeserializer { + + protected final ObjectMapper objectMapper = new ObjectMapper(); + + private final EnvironmentVarsDeserializer environmentVarsDeserializer = new EnvironmentVarsDeserializer(); + + protected void setEnvironmentVars( + final JsonNode node, + AbstractType data, + JsonParser jsonParser, + DeserializationContext ctxt) throws IOException + { + JsonNode nodes = node.get("environmentVars"); + JsonParser nodeParser = nodes.traverse(jsonParser.getCodec()); + EnvironmentVars envVar = environmentVarsDeserializer.deserialize(nodeParser, ctxt); + data.setEnvironmentVars(envVar); + } + + protected void setReference(JsonNode node, String fieldName, AbstractType type) throws JsonProcessingException { + if (node.has(fieldName)) { + JsonNode fieldNode = node.get(fieldName); + ResourceReferenceChoice reference = objectMapper.treeToValue(fieldNode, ResourceReferenceChoice.class); + + if ("source".equals(fieldName)) { + type.setSource(reference); + } else if ("target".equals(fieldName)) { + type.setTarget(reference); + } + } + } + + protected void setSourceAndTarget(JsonNode node, AbstractType type) throws JsonProcessingException { + setReference(node, "source", type); + setReference(node, "target", type); + } + + protected void setResource(JsonNode node, AbstractType type) throws JsonProcessingException { + JsonNode resourceNode = node.get("resource"); + ResourceReferenceChoice resource = objectMapper.treeToValue(resourceNode, ResourceReferenceChoice.class); + type.setResource(resource); + } + + protected void setProperties(JsonNode node, AbstractType type) throws JsonProcessingException { + if(node.has("properties")) { + JsonNode propertiesNode = node.get("properties"); + List properties = objectMapper.convertValue(propertiesNode, new TypeReference>() {}); + type.setProperties(properties); + } + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/AffectDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/AffectDeserializer.java new file mode 100644 index 0000000000..6f6175d960 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/AffectDeserializer.java @@ -0,0 +1,70 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.ObjectCodec; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.cyclonedx.model.vulnerability.Vulnerability; + +import java.io.IOException; +import java.util.Collections; +import java.util.List; + +public class AffectDeserializer + extends JsonDeserializer +{ + private final ObjectMapper mapper = new ObjectMapper(); + + @Override + public Vulnerability.Affect deserialize(JsonParser parser, DeserializationContext context) throws IOException { + ObjectCodec codec = parser.getCodec(); + JsonNode node = codec.readTree(parser); + + Vulnerability.Affect affect = new Vulnerability.Affect(); + + JsonNode refNode = node.get("ref"); + if (refNode != null) { + affect.setRef(refNode.asText()); + } + + JsonNode versionsNode = node.get("versions"); + if (versionsNode != null) { + if (versionsNode.isArray()) { + List versions = mapper.convertValue(node.get("versions"), new TypeReference>() {}); + affect.setVersions(versions); + } else if (versionsNode.has("version")) { + JsonNode versionNode = versionsNode.get("version"); + if (versionNode.isArray()) { + List versions = mapper.convertValue(versionNode, new TypeReference>() {}); + affect.setVersions(versions); + } + else { + affect.addVersion(mapper.convertValue(versionNode, Vulnerability.Version.class)); + } + } + } + + return affect; + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/AffectsDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/AffectsDeserializer.java new file mode 100644 index 0000000000..b31e6263d8 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/AffectsDeserializer.java @@ -0,0 +1,61 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; +import org.cyclonedx.model.vulnerability.Vulnerability; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +public class AffectsDeserializer + extends JsonDeserializer> +{ + private final AffectDeserializer affectDeserializer = new AffectDeserializer(); + private final ObjectMapper objectMapper = new ObjectMapper(); + + @Override + public List deserialize(JsonParser p, DeserializationContext ctxt) throws IOException { + JsonNode node = p.getCodec().readTree(p); + return parseAffects(node.has("target") ? node.get("target") : node, p, ctxt); + } + + private List parseAffects(JsonNode node, JsonParser p, DeserializationContext ctxt) throws IOException { + List affects = new ArrayList<>(); + ArrayNode nodes = DeserializerUtils.getArrayNode(node, objectMapper); + + for (JsonNode affectNode : nodes) { + affects.add(parseAffect(affectNode, p, ctxt)); + } + + return affects; + } + + private Vulnerability.Affect parseAffect(JsonNode node, JsonParser p, DeserializationContext ctxt) throws IOException { + JsonParser affectParser = node.traverse(p.getCodec()); + affectParser.nextToken(); + return affectDeserializer.deserialize(affectParser, ctxt); + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/AttachmentTextDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/AttachmentTextDeserializer.java index f7e145d814..d2b0c0b278 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/AttachmentTextDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/AttachmentTextDeserializer.java @@ -26,27 +26,33 @@ public AttachmentText deserialize(JsonParser parser, DeserializationContext cont AttachmentText attachmentText = new AttachmentText(); - JsonNode textNode = node.get("content"); - if (textNode != null) { - attachmentText.setText(textNode.textValue()); - } - else if (node.has("")) { - attachmentText.setText( node.get("").asText()); + JsonNode contentNode = node.get("content"); + if (contentNode != null) { + attachmentText.setText(contentNode.asText()); + } else if (node.has("")) { + attachmentText.setText(node.get("").asText()); + } else if (node.isTextual()) { + attachmentText.setText(node.textValue()); } - JsonNode contentTypeNode = node.get("content-type"); - if (contentTypeNode == null || !contentTypeNode.isTextual()) { - contentTypeNode = node.get("contentType"); - } + JsonNode contentTypeNode = getContentTypeNode(node); if (contentTypeNode != null && contentTypeNode.isTextual()) { - attachmentText.setContentType(contentTypeNode.textValue()); + attachmentText.setContentType(contentTypeNode.asText()); } JsonNode encodingNode = node.get("encoding"); if (encodingNode != null && encodingNode.isTextual()) { - attachmentText.setEncoding(encodingNode.textValue()); + attachmentText.setEncoding(encodingNode.asText()); } return attachmentText; } + + private JsonNode getContentTypeNode(JsonNode node) { + JsonNode contentTypeNode = node.get("content-type"); + if (contentTypeNode == null || !contentTypeNode.isTextual()) { + contentTypeNode = node.get("contentType"); + } + return contentTypeNode; + } } \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/deserializer/ComponentWrapperDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/ComponentWrapperDeserializer.java index ecf6b59106..0f79cde79b 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/ComponentWrapperDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/ComponentWrapperDeserializer.java @@ -20,10 +20,15 @@ import java.io.IOException; import java.util.Arrays; +import java.util.Collections; +import java.util.List; import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.JsonToken; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.ObjectNode; import com.fasterxml.jackson.dataformat.xml.deser.FromXmlParser; import org.cyclonedx.model.Ancestors; import org.cyclonedx.model.Component; @@ -72,10 +77,27 @@ public ComponentWrapper deserialize( return null; } - Component[] components = parser.readValueAs(Component[].class); - - wrapper.setComponents(Arrays.asList(components)); - + List components = Collections.emptyList(); + JsonToken currentToken = parser.currentToken(); + if (currentToken == JsonToken.START_ARRAY) { + components = Arrays.asList(parser.readValueAs(Component[].class)); + } else if (currentToken == JsonToken.START_OBJECT) { + // This is possible for XML input when tree has been read, then parsed with token buffer parser + ObjectNode node = parser.readValueAs(ObjectNode.class); + if (node.has("component")) { + JsonNode component = node.get("component"); + try (JsonParser componentsParser = component.traverse(parser.getCodec())) { + if (component.isArray()) { + components = Arrays.asList(componentsParser.readValueAs(Component[].class)); + } + else { + components = Collections.singletonList(componentsParser.readValueAs(Component.class)); + } + } + } + } + wrapper.setComponents(components); return wrapper; + } } diff --git a/src/main/java/org/cyclonedx/util/deserializer/DatasetsChoiceDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/DatasetsChoiceDeserializer.java index a231667014..b0b92dd571 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/DatasetsChoiceDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/DatasetsChoiceDeserializer.java @@ -6,8 +6,8 @@ import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; -import org.cyclonedx.model.component.modelCard.ComponentData; -import org.cyclonedx.model.component.modelCard.DatasetChoice; +import org.cyclonedx.model.component.data.ComponentData; +import org.cyclonedx.model.component.data.DatasetChoice; import java.io.IOException; @@ -22,11 +22,9 @@ public DatasetChoice deserialize(JsonParser jsonParser, DeserializationContext d DatasetChoice datasetChoice = new DatasetChoice(); if (node.has("ref")) { - String ref = node.get("ref").asText(); - datasetChoice.setRef(ref); + datasetChoice.setRef(node.get("ref").asText()); } else { - ComponentData componentData = objectMapper.treeToValue(node, ComponentData.class); - datasetChoice.setComponentData(componentData); + datasetChoice.setComponentData(objectMapper.treeToValue(node, ComponentData.class)); } return datasetChoice; diff --git a/src/main/java/org/cyclonedx/util/deserializer/DeserializerUtils.java b/src/main/java/org/cyclonedx/util/deserializer/DeserializerUtils.java new file mode 100644 index 0000000000..712d78ae31 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/DeserializerUtils.java @@ -0,0 +1,17 @@ +package org.cyclonedx.util.deserializer; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; + +public class DeserializerUtils +{ + public static ArrayNode getArrayNode(JsonNode nodes, final ObjectMapper objectMapper) { + if (objectMapper != null) { + return nodes.isArray() ? (ArrayNode) nodes : new ArrayNode(objectMapper.getNodeFactory()).add(nodes); + } + else { + return nodes.isArray() ? (ArrayNode) nodes : new ArrayNode(null).add(nodes); + } + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/EnvVariableChoiceDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/EnvVariableChoiceDeserializer.java deleted file mode 100644 index d4ed8782ef..0000000000 --- a/src/main/java/org/cyclonedx/util/deserializer/EnvVariableChoiceDeserializer.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.util.deserializer; - -import java.io.IOException; - -import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.databind.DeserializationContext; -import com.fasterxml.jackson.databind.JsonDeserializer; -import com.fasterxml.jackson.databind.JsonNode; -import org.cyclonedx.model.Property; -import org.cyclonedx.model.formulation.common.EnvVariableChoice; - -public class EnvVariableChoiceDeserializer - extends JsonDeserializer -{ - @Override - public EnvVariableChoice deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { - JsonNode node = jsonParser.getCodec().readTree(jsonParser); - EnvVariableChoice envReferenceChoice = new EnvVariableChoice(); - - if (node.has("value")) { - String value = node.get("value").asText(); - envReferenceChoice.setValue(value); - } else if (node.has("environmentVar")) { - JsonNode envVarNode = node.get("environmentVar"); - Property prop = new Property(); - - if (envVarNode.has("name")) { - String name = envVarNode.get("name").asText(); - prop.setName(name); - } - if (envVarNode.has("")) { - String value = envVarNode.get("").asText(); - prop.setValue(value); - } - - envReferenceChoice.setEnvironmentVar(prop); - } - - return envReferenceChoice; - } -} diff --git a/src/main/java/org/cyclonedx/util/deserializer/EnvironmentVarsDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/EnvironmentVarsDeserializer.java new file mode 100644 index 0000000000..4a2ad90f82 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/EnvironmentVarsDeserializer.java @@ -0,0 +1,108 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonNode; +import org.cyclonedx.model.Property; + +import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import org.cyclonedx.model.formulation.common.EnvironmentVars; + +import java.util.ArrayList; +import java.util.List; + +public class EnvironmentVarsDeserializer extends StdDeserializer { + + public EnvironmentVarsDeserializer() { + this(null); + } + + public EnvironmentVarsDeserializer(Class vc) { + super(vc); + } + + @Override + public EnvironmentVars deserialize(JsonParser jp, DeserializationContext ctxt) + throws IOException{ + JsonNode node = jp.getCodec().readTree(jp); + EnvironmentVars environmentVars = new EnvironmentVars(); + List choices = new ArrayList<>(); + + if (node.isObject()) { + processObject(node, choices); + } + else if (node.isArray()) { + for (JsonNode n : node) { + processObject(n, choices); + } + } + else { + choices.add(node.asText()); + } + + environmentVars.setChoices(choices); + return environmentVars; + } + + private void processObject(JsonNode node, List choices ){ + if (node.has("environmentVar") && node.has("value")) { + JsonNode envVarNode = node.get("environmentVar"); + Property environmentVar = createProperty(envVarNode); + choices.add(environmentVar); + choices.add(node.get("value").asText()); + } + else if (node.has("value")) { + if (node.has("name")) { + Property environmentVar = createProperty(node); + choices.add(environmentVar); + } + else { + choices.add(node.get("value").asText()); + } + } + else if (node.has("environmentVar")) { + JsonNode envVarNode = node.get("environmentVar"); + Property environmentVar = createProperty(envVarNode); + choices.add(environmentVar); + } else if(node.isTextual()) { + choices.add(node.asText()); + } + } + + private Property createProperty(JsonNode envVarNode){ + Property prop = new Property(); + + if (envVarNode.has("name")) { + String name = envVarNode.get("name").asText(); + prop.setName(name); + } + if (envVarNode.has("")) { + String value = envVarNode.get("").asText(); + prop.setValue(value); + } else if (envVarNode.has("value")) { + String value = envVarNode.get("value").asText(); + prop.setValue(value); + } + return prop; + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/ExpressionDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/ExpressionDeserializer.java new file mode 100644 index 0000000000..40010e43ea --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/ExpressionDeserializer.java @@ -0,0 +1,70 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import org.cyclonedx.model.license.Acknowledgement; +import org.cyclonedx.model.license.Expression; + +public class ExpressionDeserializer + extends JsonDeserializer +{ + @Override + public Expression deserialize(final JsonParser p, final DeserializationContext ctxt) throws IOException { + JsonNode node = p.getCodec().readTree(p); + + if (node.has("expression") && node.get("expression").isObject()) { + node = node.get("expression"); + } + + if (node.isTextual()) { + return new Expression(node.asText().trim()); + } + else { + return parseExpressionNode(node); + } + } + + private Expression parseExpressionNode(JsonNode node) { + Expression expression = new Expression(); + + if (node.has("bom-ref")) { + expression.setBomRef(node.get("bom-ref").asText()); + } + + if (node.has("acknowledgement")) { + expression.setAcknowledgement(Acknowledgement.fromString(node.get("acknowledgement").asText())); + } + + JsonNode textNode = node.get("expression"); + if (textNode != null) { + expression.setValue(textNode.asText().trim()); + } + else if (node.has("")) { + expression.setValue(node.get("").asText().trim()); + } + + return expression; + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/ExternalReferencesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/ExternalReferencesDeserializer.java index 68f42f3f1c..d64dde5a25 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/ExternalReferencesDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/ExternalReferencesDeserializer.java @@ -45,7 +45,7 @@ public List deserialize(JsonParser parser, DeserializationCon private List parseExternalReferences(JsonNode node, JsonParser p, DeserializationContext ctxt) throws IOException { List references = new ArrayList<>(); - ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); + ArrayNode nodes = DeserializerUtils.getArrayNode(node, null); for (JsonNode resolvesNode : nodes) { ExternalReference type = parseExternalReference(resolvesNode, p, ctxt); references.add(type); diff --git a/src/main/java/org/cyclonedx/util/deserializer/HashesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/HashesDeserializer.java index 1f391550cf..dd638c12c7 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/HashesDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/HashesDeserializer.java @@ -18,12 +18,7 @@ public class HashesDeserializer @Override public List deserialize(JsonParser parser, DeserializationContext context) throws IOException { JsonNode node = parser.getCodec().readTree(parser); - if (node.has("hash")) { - return parseHashes(node.get("hash")); - } - else { - return parseHashes(node); - } + return parseHashes(node.has("hash") ? node.get("hash") : node); } private List parseHashes(JsonNode node) { @@ -31,30 +26,18 @@ private List parseHashes(JsonNode node) { return Collections.emptyList(); } + ArrayNode nodes = DeserializerUtils.getArrayNode(node, null); List hashes = new ArrayList<>(); - ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); - for (JsonNode resolvesNode : nodes) { - Hash hash = parseHash(resolvesNode); - hashes.add(hash); + for (JsonNode hashNode : nodes) { + hashes.add(parseHash(hashNode)); } return hashes; } private Hash parseHash(JsonNode node) { - String alg = null; - if (node.has("alg")) { - alg = node.get("alg").asText(); - } - - String value = null; - JsonNode valueNode = node.get("content"); - if (valueNode != null) { - value = valueNode.textValue(); - } - else if (node.has("")) { - value = node.get("").asText(); - } + String alg = node.has("alg") ? node.get("alg").asText() : null; + String value = node.has("content") ? node.get("content").asText() : node.has("") ? node.get("").asText() : null; return new Hash(alg, value); } diff --git a/src/main/java/org/cyclonedx/util/deserializer/IdentityDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/IdentityDeserializer.java new file mode 100644 index 0000000000..89931e4b2f --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/IdentityDeserializer.java @@ -0,0 +1,119 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; +import org.cyclonedx.model.BomReference; +import org.cyclonedx.model.component.evidence.Identity; +import org.cyclonedx.model.component.evidence.Identity.Field; +import org.cyclonedx.model.component.evidence.Method; + +public class IdentityDeserializer + extends JsonDeserializer> +{ + private final ObjectMapper mapper = new ObjectMapper(); + + @Override + public List deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) + throws IOException + { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + return parseIdentities(node); + } + + private List parseIdentities(JsonNode node) { + List identities = new ArrayList<>(); + + if (node.has("identity")) { + node = node.get("identity"); + } + + if (node.isArray()) { + for (JsonNode identityNode : node) { + identities.add(parseSingleIdentity(identityNode)); + } + } + else { + identities.add(parseSingleIdentity(node)); + } + + return identities; + } + + private Identity parseSingleIdentity(JsonNode node) { + Identity identity = new Identity(); + + if (node.has("field")) { + Field field = mapper.convertValue(node.get("field"), Field.class); + identity.setField(field); + } + + if (node.has("confidence")) { + identity.setConfidence(node.get("confidence").asDouble()); + } + + if (node.has("concludedValue")) { + identity.setConcludedValue(node.get("concludedValue").asText()); + } + + if (node.has("methods")) { + identity.setMethods(parseMethods(node.get("methods"))); + } + + if (node.has("tools")) { + identity.setTools(parseTools(node.get("tools"))); + } + + return identity; + } + + private List parseMethods(JsonNode methodsNode) { + if (methodsNode.has("method")) { + methodsNode = methodsNode.get("method"); + } + + List methods = new ArrayList<>(); + ArrayNode nodes = DeserializerUtils.getArrayNode(methodsNode, mapper); + for (JsonNode methodNode : nodes) { + methods.add(mapper.convertValue(methodNode, Method.class)); + } + return methods; + } + + private List parseTools(JsonNode toolsNode) { + if (toolsNode.has("tool")) { + toolsNode = toolsNode.get("tool"); + } + ArrayNode nodes = DeserializerUtils.getArrayNode(toolsNode, mapper); + List tools = new ArrayList<>(); + for (JsonNode toolNode : nodes) { + tools.add(mapper.convertValue(toolNode, BomReference.class)); + } + return tools; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/deserializer/InputTypeDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/InputTypeDeserializer.java index 6be7de5970..3d8e355e9a 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/InputTypeDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/InputTypeDeserializer.java @@ -19,26 +19,17 @@ package org.cyclonedx.util.deserializer; import java.io.IOException; -import java.util.ArrayList; import java.util.List; import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.core.type.TypeReference; -import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.DeserializationContext; -import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.node.ArrayNode; import org.cyclonedx.model.AttachmentText; -import org.cyclonedx.model.Property; -import org.cyclonedx.model.formulation.common.EnvVariableChoice; import org.cyclonedx.model.formulation.common.InputType; import org.cyclonedx.model.formulation.common.InputType.Parameter; -import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; -public class InputTypeDeserializer extends JsonDeserializer { - private final ObjectMapper objectMapper = new ObjectMapper(); +public class InputTypeDeserializer extends AbstractDataTypeDeserializer { @Override public InputType deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) @@ -47,49 +38,24 @@ public InputType deserialize(JsonParser jsonParser, DeserializationContext deser JsonNode node = jsonParser.getCodec().readTree(jsonParser); InputType inputType = new InputType(); - if(node.has("source")) { - JsonNode sourceNode = node.get("source"); - ResourceReferenceChoice source = objectMapper.treeToValue(sourceNode, ResourceReferenceChoice.class); - inputType.setSource(source); - } - - if(node.has("target")) { - JsonNode targetNode = node.get("target"); - ResourceReferenceChoice target = objectMapper.treeToValue(targetNode, ResourceReferenceChoice.class); - inputType.setTarget(target); - } - - createInputDataInfo(node, inputType); - - if(node.has("properties")) { - JsonNode propertiesNode = node.get("properties"); - List properties = objectMapper.convertValue(propertiesNode, new TypeReference>() {}); - inputType.setProperties(properties); - } + setSourceAndTarget(node, inputType); + createInputDataInfo(node, inputType, jsonParser, deserializationContext); + setProperties(node, inputType); return inputType; } - private void createInputDataInfo(JsonNode node, InputType inputType ) throws JsonProcessingException { + private void createInputDataInfo(JsonNode node, InputType inputType, JsonParser jsonParser, DeserializationContext ctxt) + throws IOException + { if (node.has("resource")) { - JsonNode resourceNode = node.get("resource"); - ResourceReferenceChoice resource = objectMapper.treeToValue(resourceNode, ResourceReferenceChoice.class); - inputType.setResource(resource); + setResource(node, inputType); } else if (node.has("parameters")) { JsonNode parametersNode = node.get("parameters"); List parameters = objectMapper.convertValue(parametersNode, new TypeReference>() {}); inputType.setParameters(parameters); } else if (node.has("environmentVars")) { - JsonNode nodes = node.get("environmentVars"); - List environmentVars = new ArrayList<>(); - - ArrayNode environmentVarsNode = (nodes.isArray() ? (ArrayNode) nodes : new ArrayNode(null).add(nodes)); - - for (JsonNode envVarNode : environmentVarsNode) { - EnvVariableChoice envVar = objectMapper.treeToValue(envVarNode, EnvVariableChoice.class); - environmentVars.add(envVar); - } - inputType.setEnvironmentVars(environmentVars); + setEnvironmentVars(node, inputType, jsonParser, ctxt); } else if (node.has("data")) { JsonNode dataNode = node.get("data"); AttachmentText data = objectMapper.treeToValue(dataNode, AttachmentText.class); diff --git a/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java index 5cdddeb66a..3c5a17609a 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java @@ -24,28 +24,45 @@ import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ArrayNode; +import com.fasterxml.jackson.dataformat.xml.XmlMapper; import org.cyclonedx.model.License; import org.cyclonedx.model.LicenseChoice; +import org.cyclonedx.model.license.Expression; public class LicenseDeserializer extends JsonDeserializer { + + final ExpressionDeserializer expressionDeserializer = new ExpressionDeserializer(); + @Override public LicenseChoice deserialize( final JsonParser p, final DeserializationContext ctxt) throws IOException { + ObjectMapper codec = (ObjectMapper) p.getCodec(); + boolean isXml = codec instanceof XmlMapper; JsonNode rootNode = p.getCodec().readTree(p); + if (!rootNode.isEmpty()) { - ArrayNode nodes = (rootNode.isArray() ? (ArrayNode) rootNode : new ArrayNode(null).add(rootNode)); + ArrayNode nodes = DeserializerUtils.getArrayNode(rootNode, null); LicenseChoice licenseChoice = new LicenseChoice(); for (JsonNode node : nodes) { - if (node.has("license")) { - processLicenseNode(p, node.get("license"), licenseChoice); - } - else if (node.has("expression")) { - licenseChoice.setExpression(node.get("expression").asText()); - return licenseChoice; + if(isXml) { + if (node.has("license")) { + processLicenseNode(p, node.get("license"), licenseChoice); + } + else { + processExpression(p, node, licenseChoice, ctxt); + } + } else { + if (node.has("expression")) { + processExpression(p, node, licenseChoice, ctxt); + } + else { + processLicenseNode(p, node, licenseChoice); + } } } return licenseChoice; @@ -54,11 +71,23 @@ else if (node.has("expression")) { } private void processLicenseNode(JsonParser p, JsonNode licenseNode, LicenseChoice licenseChoice) throws IOException { - ArrayNode licenseNodes = (licenseNode.isArray() ? (ArrayNode) licenseNode : new ArrayNode(null).add(licenseNode)); + ArrayNode licenseNodes = DeserializerUtils.getArrayNode(licenseNode, null); for (JsonNode license : licenseNodes) { License licenseObj = p.getCodec().treeToValue(license, License.class); licenseChoice.addLicense(licenseObj); } } + + private void processExpression( + final JsonParser p, + JsonNode node, + LicenseChoice licenseChoice, + DeserializationContext ctxt) throws IOException + { + JsonParser expressionParser = node.traverse(p.getCodec()); + expressionParser.nextToken(); + Expression expression = expressionDeserializer.deserialize(expressionParser, ctxt); + licenseChoice.setExpression(expression); + } } diff --git a/src/main/java/org/cyclonedx/util/deserializer/LicensingTypeDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/LicensingTypeDeserializer.java index e9ba0dea97..f879f3c44a 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/LicensingTypeDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/LicensingTypeDeserializer.java @@ -2,6 +2,7 @@ import java.io.IOException; import java.util.ArrayList; +import java.util.Collections; import java.util.List; import com.fasterxml.jackson.core.JsonParser; @@ -17,22 +18,19 @@ public class LicensingTypeDeserializer @Override public List deserialize(JsonParser parser, DeserializationContext ctxt) throws IOException { JsonNode node = parser.getCodec().readTree(parser); - if (node.has("licenseType")) { - return parseLicenseTypes(node.get("licenseType")); - } - else { - return parseLicenseTypes(node); - } + return parseLicenseTypes(node.has("licenseType") ? node.get("licenseType") : node); } private List parseLicenseTypes(JsonNode node) { List types = new ArrayList<>(); + ArrayNode nodes = DeserializerUtils.getArrayNode(node, null); - ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); + if (nodes.isEmpty()) { + return Collections.emptyList(); + } - for (JsonNode resolvesNode : nodes) { - LicensingType type = parseType(resolvesNode); - types.add(type); + for (JsonNode typeNode : nodes) { + types.add(parseType(typeNode)); } return types; diff --git a/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java index 5dfcbc84d3..e072ac1fcf 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java @@ -46,7 +46,7 @@ public Lifecycles deserialize(JsonParser jsonParser, DeserializationContext dese } if (node != null) { - ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); + ArrayNode nodes = DeserializerUtils.getArrayNode(node, null); for (JsonNode choiceNode : nodes) { LifecycleChoice choice = createLifecycleChoice(choiceNode); if (choice != null) { diff --git a/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java index f614c28abc..f0c5a756f2 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java @@ -1,15 +1,10 @@ package org.cyclonedx.util.deserializer; import java.io.IOException; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.List; import java.util.ArrayList; -import java.util.Collections; +import java.util.List; import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; @@ -21,20 +16,15 @@ import org.cyclonedx.model.OrganizationalContact; import org.cyclonedx.model.OrganizationalEntity; import org.cyclonedx.model.Property; -import org.cyclonedx.model.Service; -import org.cyclonedx.model.Tool; -import org.cyclonedx.model.metadata.ToolInformation; +import org.cyclonedx.util.TimestampUtils; +import org.cyclonedx.util.ToolsJsonParser; public class MetadataDeserializer extends JsonDeserializer { - private final ObjectMapper mapper = new ObjectMapper(); - - private final SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssX"); - private final LifecycleDeserializer lifecycleDeserializer = new LifecycleDeserializer(); - private final PropertiesDeserializer propertiesDeserializer = new PropertiesDeserializer(); + private final LicenseDeserializer licenseDeserializer = new LicenseDeserializer(); @Override public Metadata deserialize(JsonParser jsonParser, DeserializationContext ctxt) throws IOException { @@ -42,10 +32,12 @@ public Metadata deserialize(JsonParser jsonParser, DeserializationContext ctxt) Metadata metadata = new Metadata(); + ObjectMapper mapper = getMapper(jsonParser); + // Parsing other fields in the Metadata object if (node.has("authors")) { JsonNode authorsNode = node.get("authors"); - List authors = deserializerOrganizationalContact(authorsNode, mapper); + List authors = deserializeOrganizationalContact(authorsNode, mapper); metadata.setAuthors(authors); } @@ -59,6 +51,11 @@ public Metadata deserialize(JsonParser jsonParser, DeserializationContext ctxt) metadata.setManufacture(manufacture); } + if (node.has("manufacturer")) { + OrganizationalEntity manufacturer = mapper.convertValue(node.get("manufacturer"), OrganizationalEntity.class); + metadata.setManufacturer(manufacturer); + } + if (node.has("lifecycles")) { JsonParser lifecycleParser = node.get("lifecycles").traverse(jsonParser.getCodec()); lifecycleParser.nextToken(); @@ -72,21 +69,14 @@ public Metadata deserialize(JsonParser jsonParser, DeserializationContext ctxt) } if(node.has("licenses")) { - LicenseChoice license = mapper.convertValue(node.get("licenses"), LicenseChoice.class); - metadata.setLicenseChoice(license); + JsonParser licensesParser = node.get("licenses").traverse(jsonParser.getCodec()); + licensesParser.nextToken(); + LicenseChoice licenses = licenseDeserializer.deserialize(licensesParser, ctxt); + metadata.setLicenses(licenses); } if (node.has("timestamp")) { - JsonNode timestampNode = node.get("timestamp"); - if (timestampNode != null && timestampNode.isTextual()) { - String timestampStr = timestampNode.textValue(); - try { - Date timestamp = dateFormat.parse(timestampStr); - metadata.setTimestamp(timestamp); - } catch (ParseException e) { - // Handle parsing exception - } - } + setTimestamp(node, metadata); } if (node.has("properties")) { @@ -96,83 +86,16 @@ public Metadata deserialize(JsonParser jsonParser, DeserializationContext ctxt) metadata.setProperties(properties); } - JsonNode toolsNode = node.get("tools"); - - if (toolsNode != null) { - // Check if the 'tools' field is an array or an object - if (toolsNode.isArray()) { - List tools = mapper.convertValue(toolsNode, new TypeReference>() { }); - metadata.setTools(tools); - } - else if (toolsNode.has("tool")) { - final JsonNode toolNode = toolsNode.get("tool"); - // When deserializing XML BOMs, and multiple tools are provided, Jackson's internal - // representation looks like this: - // {"tool": [{"name": "foo"}, {"name": "bar"}]} - // If only a single tool is provided, it looks like this: - // {"tool": {"name": "foo"}} - if (toolNode.isArray()) { - List tools = mapper.convertValue(toolsNode.get("tool"), new TypeReference>() { }); - metadata.setTools(tools); - } else { - Tool tool = mapper.convertValue(toolsNode.get("tool"), Tool.class); - metadata.setTools(Collections.singletonList(tool)); - } - } - else { - ToolInformation toolInformation = new ToolInformation(); - if (toolsNode.has("components")) { - parseComponents(toolsNode.get("components"), toolInformation); - } - if (toolsNode.has("services")) { - parseServices(toolsNode.get("services"), toolInformation); - } - metadata.setToolChoice(toolInformation); - } + if (node.has("tools")) { + ToolsJsonParser toolsParser = new ToolsJsonParser(node, jsonParser, ctxt); + metadata.setTools(toolsParser.getTools()); + metadata.setToolChoice(toolsParser.getToolInformation()); } return metadata; } - private void parseComponents(JsonNode componentsNode, ToolInformation toolInformation) { - if (componentsNode != null) { - if (componentsNode.isArray()) { - List components = mapper.convertValue(componentsNode, new TypeReference>() {}); - toolInformation.setComponents(components); - } else if (componentsNode.isObject()) { - if (componentsNode.has("component")) { - JsonNode componentNode = componentsNode.get("component"); - if (componentNode.isArray()) { - parseComponents(componentNode, toolInformation); - return; - } - } - Component component = mapper.convertValue(componentsNode, Component.class); - toolInformation.setComponents(Collections.singletonList(component)); - } - } - } - - private void parseServices(JsonNode servicesNode, ToolInformation toolInformation) { - if (servicesNode != null) { - if (servicesNode.isArray()) { - List services = mapper.convertValue(servicesNode, new TypeReference>() {}); - toolInformation.setServices(services); - } else if (servicesNode.isObject()) { - if (servicesNode.has("service")) { - JsonNode serviceNode = servicesNode.get("service"); - if (serviceNode.isArray()) { - parseServices(serviceNode, toolInformation); - return; - } - } - Service service = mapper.convertValue(servicesNode, Service.class); - toolInformation.setServices(Collections.singletonList(service)); - } - } - } - - static List deserializerOrganizationalContact(JsonNode node, final ObjectMapper mapper) { + static List deserializeOrganizationalContact(JsonNode node, final ObjectMapper mapper) { List organizationalContactList = new ArrayList<>(); if (node.has("author")) { @@ -181,13 +104,36 @@ static List deserializerOrganizationalContact(JsonNode no if (node.isArray()) { for (JsonNode authorNode : node) { - OrganizationalContact author = mapper.convertValue(authorNode, OrganizationalContact.class); - organizationalContactList.add(author); + deserializeAuthor(authorNode, mapper, organizationalContactList); } - } else if (node.isObject()) { - OrganizationalContact author = mapper.convertValue(node, OrganizationalContact.class); - organizationalContactList.add(author); + } + else if (node.isObject()) { + deserializeAuthor(node, mapper, organizationalContactList); } return organizationalContactList; } + + static void deserializeAuthor( + JsonNode node, + final ObjectMapper mapper, + List organizationalContactList) + { + OrganizationalContact author = mapper.convertValue(node, OrganizationalContact.class); + organizationalContactList.add(author); + } + + private ObjectMapper getMapper(JsonParser jsonParser) { + if (jsonParser.getCodec() instanceof ObjectMapper) { + return (ObjectMapper) jsonParser.getCodec(); + } else { + return new ObjectMapper(); + } + } + + private void setTimestamp(JsonNode node, Metadata metadata) { + JsonNode timestampNode = node.get("timestamp"); + if (timestampNode != null && timestampNode.isTextual()) { + metadata.setTimestamp(TimestampUtils.parseTimestamp(timestampNode.textValue())); + } + } } diff --git a/src/main/java/org/cyclonedx/util/deserializer/NotesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/NotesDeserializer.java index d3e1cea4fc..a47df2498a 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/NotesDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/NotesDeserializer.java @@ -2,6 +2,7 @@ import java.io.IOException; import java.util.ArrayList; +import java.util.Collections; import java.util.List; import com.fasterxml.jackson.core.JsonParser; @@ -19,24 +20,23 @@ public class NotesDeserializer { private final ObjectMapper mapper = new ObjectMapper(); + @Override public List deserialize(JsonParser parser, DeserializationContext context) throws IOException { JsonNode node = parser.getCodec().readTree(parser); - - if(node.has("note")) { - return parseNode(node.get("note")); - } else { - return parseNode(node); - } + return parseNode(node.has("note") ? node.get("note") : node); } private List parseNode(JsonNode node) throws JsonProcessingException { + if (node.isEmpty()) { + return Collections.emptyList(); + } + List list = new ArrayList<>(); + ArrayNode nodes = DeserializerUtils.getArrayNode(node, mapper); - ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); for (JsonNode noteNode : nodes) { - Notes notes = parseNotes(noteNode); - list.add(notes); + list.add(parseNotes(noteNode)); } return list; } diff --git a/src/main/java/org/cyclonedx/util/deserializer/OrganizationalChoiceDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/OrganizationalChoiceDeserializer.java index 60ea73ff01..451409a501 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/OrganizationalChoiceDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/OrganizationalChoiceDeserializer.java @@ -21,11 +21,10 @@ import java.io.IOException; import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonDeserializer; -import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.node.ObjectNode; import org.cyclonedx.model.OrganizationalChoice; import org.cyclonedx.model.OrganizationalContact; import org.cyclonedx.model.OrganizationalEntity; @@ -34,37 +33,45 @@ public class OrganizationalChoiceDeserializer extends JsonDeserializer { @Override - public OrganizationalChoice deserialize(JsonParser jp, DeserializationContext ctxt) - throws IOException - { + public OrganizationalChoice deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException { JsonNode node = jp.getCodec().readTree(jp); - OrganizationalChoice organizationalChoice = new OrganizationalChoice(); - if(node.has("individual")) { + if (node.has("individual")) { OrganizationalContact individual = jp.getCodec().treeToValue(node.get("individual"), OrganizationalContact.class); organizationalChoice.setIndividual(individual); - } - else if(node.has("organization")) { + } else if (node.has("organization")) { JsonNode organizationNode = node.get("organization"); - OrganizationalEntity organization = new OrganizationalEntity(); + OrganizationalEntity organization = deserializeOrganization(jp, organizationNode); + organizationalChoice.setOrganization(organization); + } + + return organizationalChoice; + } + + private OrganizationalEntity deserializeOrganization(JsonParser jp, JsonNode organizationNode) throws JsonProcessingException { + OrganizationalEntity organization = new OrganizationalEntity(); + if (organizationNode.has("name")) { organization.setName(organizationNode.get("name").asText()); + } - if (organizationNode.has("contact")) { - JsonNode contactsNode = organizationNode.get("contact"); - if (contactsNode instanceof ArrayNode) { - for (JsonNode contactNode : contactsNode) { - OrganizationalContact contact = jp.getCodec().treeToValue(contactNode, OrganizationalContact.class); - organization.addContact(contact); - } - } else if (contactsNode instanceof ObjectNode) { - OrganizationalContact contact = jp.getCodec().treeToValue(contactsNode, OrganizationalContact.class); - organization.addContact(contact); + if (organizationNode.has("contact")) { + JsonNode contactsNode = organizationNode.get("contact"); + if (contactsNode.isArray()) { + for (JsonNode contactNode : contactsNode) { + addContactToOrganization(jp, organization, contactNode); } + } else if (contactsNode.isObject()) { + addContactToOrganization(jp, organization, contactsNode); } - organizationalChoice.setOrganization(organization); } + return organization; + } - return organizationalChoice; + private void addContactToOrganization(JsonParser jp, OrganizationalEntity organization, JsonNode node) + throws JsonProcessingException + { + OrganizationalContact contact = jp.getCodec().treeToValue(node, OrganizationalContact.class); + organization.addContact(contact); } } diff --git a/src/main/java/org/cyclonedx/util/deserializer/OrganizationalEntityDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/OrganizationalEntityDeserializer.java index 56247e8aef..065e1197c2 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/OrganizationalEntityDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/OrganizationalEntityDeserializer.java @@ -6,18 +6,21 @@ import com.fasterxml.jackson.core.ObjectCodec; import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import org.cyclonedx.model.OrganizationalContact; import org.cyclonedx.model.OrganizationalEntity; +import org.cyclonedx.model.organization.PostalAddress; public class OrganizationalEntityDeserializer extends JsonDeserializer { private final ObjectMapper mapper = new ObjectMapper(); + @Override public OrganizationalEntity deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { ObjectCodec codec = jsonParser.getCodec(); @@ -26,30 +29,39 @@ public OrganizationalEntity deserialize(JsonParser jsonParser, DeserializationCo String bomRef = node.has("bom-ref") ? node.get("bom-ref").asText() : null; String name = node.has("name") ? node.get("name").asText() : null; - List url = new ArrayList<>(); - if (node.has("url")) { - JsonNode urlNode = node.get("url"); - if (urlNode.isArray()) { - for (JsonNode urlElement : urlNode) { - url.add(urlElement.asText()); - } - } - else if (urlNode.isTextual()) { - url.add(urlNode.asText()); - } - } + List urls = parseUrls(node.get("url")); OrganizationalEntity entity = new OrganizationalEntity(); entity.setBomRef(bomRef); entity.setName(name); - entity.setUrls(url); - JsonNode contactNode = node.get("contact"); + entity.setUrls(urls); + JsonNode contactNode = node.get("contact"); if (contactNode != null) { - List contacts = - MetadataDeserializer.deserializerOrganizationalContact(contactNode, mapper); + List contacts = MetadataDeserializer.deserializeOrganizationalContact(contactNode, mapper); entity.setContacts(contacts); } + + JsonNode addressNode = node.get("address"); + if (addressNode != null) { + PostalAddress address = mapper.convertValue(addressNode, new TypeReference() {}); + entity.setAddress(address); + } + return entity; } + + private List parseUrls(JsonNode urlNode) { + List urls = new ArrayList<>(); + if (urlNode != null) { + if (urlNode.isArray()) { + for (JsonNode urlElement : urlNode) { + urls.add(urlElement.asText()); + } + } else if (urlNode.isTextual()) { + urls.add(urlNode.asText()); + } + } + return urls; + } } diff --git a/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java index 4cd445aa7a..2cf4d7cb5a 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java @@ -19,27 +19,16 @@ package org.cyclonedx.util.deserializer; import java.io.IOException; -import java.util.ArrayList; -import java.util.List; import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.DeserializationContext; -import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.node.ArrayNode; import org.cyclonedx.model.AttachmentText; -import org.cyclonedx.model.Property; -import org.cyclonedx.model.formulation.common.EnvVariableChoice; import org.cyclonedx.model.formulation.common.OutputType; import org.cyclonedx.model.formulation.common.OutputType.OutputTypeEnum; -import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; public class OutputTypeDeserializer - extends JsonDeserializer { - private final ObjectMapper objectMapper = new ObjectMapper(); + extends AbstractDataTypeDeserializer { @Override public OutputType deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) @@ -48,25 +37,9 @@ public OutputType deserialize(JsonParser jsonParser, DeserializationContext dese JsonNode node = jsonParser.getCodec().readTree(jsonParser); OutputType outputType = new OutputType(); - if(node.has("source")) { - JsonNode sourceNode = node.get("source"); - ResourceReferenceChoice source = objectMapper.treeToValue(sourceNode, ResourceReferenceChoice.class); - outputType.setSource(source); - } - - if(node.has("target")) { - JsonNode targetNode = node.get("target"); - ResourceReferenceChoice target = objectMapper.treeToValue(targetNode, ResourceReferenceChoice.class); - outputType.setTarget(target); - } - - createOutputDataInfo(node, outputType); - - if(node.has("properties")) { - JsonNode propertiesNode = node.get("properties"); - List properties = objectMapper.convertValue(propertiesNode, new TypeReference>() {}); - outputType.setProperties(properties); - } + setSourceAndTarget(node, outputType); + createOutputDataInfo(node, outputType, deserializationContext, jsonParser); + setProperties(node, outputType); if(node.has("type")) { JsonNode typeNode = node.get("type"); @@ -77,23 +50,16 @@ public OutputType deserialize(JsonParser jsonParser, DeserializationContext dese return outputType; } - private void createOutputDataInfo(JsonNode node, OutputType outputType) throws JsonProcessingException { + private void createOutputDataInfo(JsonNode node, OutputType outputType, DeserializationContext ctxt, JsonParser jsonParser) + throws IOException + { if (node.has("resource")) { - JsonNode resourceNode = node.get("resource"); - ResourceReferenceChoice resource = objectMapper.treeToValue(resourceNode, ResourceReferenceChoice.class); - outputType.setResource(resource); - } else if (node.has("environmentVars")) { - JsonNode nodes = node.get("environmentVars"); - List environmentVars = new ArrayList<>(); - - ArrayNode environmentVarsNode = (nodes.isArray() ? (ArrayNode) nodes : new ArrayNode(null).add(nodes)); - - for (JsonNode envVarNode : environmentVarsNode) { - EnvVariableChoice envVar = objectMapper.treeToValue(envVarNode, EnvVariableChoice.class); - environmentVars.add(envVar); - } - outputType.setEnvironmentVars(environmentVars); - } else if (node.has("data")) { + setResource(node, outputType); + } + else if (node.has("environmentVars")) { + setEnvironmentVars(node, outputType, jsonParser, ctxt); + } + else if (node.has("data")) { JsonNode dataNode = node.get("data"); AttachmentText data = objectMapper.treeToValue(dataNode, AttachmentText.class); outputType.setData(data); diff --git a/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java index b1b8a94bf7..8b0c4385ad 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java @@ -8,6 +8,7 @@ import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ArrayNode; import org.cyclonedx.model.Property; @@ -15,26 +16,22 @@ public class PropertiesDeserializer extends JsonDeserializer> { private final PropertyDeserializer propertyDeserializer = new PropertyDeserializer(); + private final ObjectMapper objectMapper = new ObjectMapper(); @Override public List deserialize(JsonParser p, DeserializationContext ctxt) throws IOException { JsonNode node = p.getCodec().readTree(p); - - if (node.has("property")) { - return parseProperties(node.get("property"), p, ctxt); - } - else { - return parseProperties(node, p, ctxt); - } + return parseProperties(node.has("property") ? node.get("property") : node, p, ctxt); } private List parseProperties(JsonNode node, JsonParser p, DeserializationContext ctxt) throws IOException { List properties = new ArrayList<>(); - ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); - for (JsonNode resolvesNode : nodes) { - Property type = parseProperty(resolvesNode, p, ctxt); - properties.add(type); + ArrayNode nodes = DeserializerUtils.getArrayNode(node, objectMapper); + + for (JsonNode propertyNode : nodes) { + properties.add(parseProperty(propertyNode, p, ctxt)); } + return properties; } diff --git a/src/main/java/org/cyclonedx/util/deserializer/PropertyDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/PropertyDeserializer.java index cb09d0b262..f45de55e5a 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/PropertyDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/PropertyDeserializer.java @@ -19,18 +19,18 @@ public Property deserialize(JsonParser parser, DeserializationContext context) t Property property = new Property(); - JsonNode textNode = node.get("value"); - if (textNode != null) { - property.setValue(textNode.textValue()); - } - else if (node.has("")) { + JsonNode valueNode = node.get("value"); + if (valueNode != null) { + property.setValue(valueNode.asText()); + } else if (node.has("")) { property.setValue(node.get("").asText()); } - JsonNode contentTypeNode = node.get("name"); - if (contentTypeNode != null && contentTypeNode.isTextual()) { - property.setName(contentTypeNode.textValue()); + JsonNode nameNode = node.get("name"); + if (nameNode != null && nameNode.isTextual()) { + property.setName(nameNode.asText()); } + return property; } } \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/deserializer/ResolvesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/ResolvesDeserializer.java index 583dc888fe..d489603516 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/ResolvesDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/ResolvesDeserializer.java @@ -21,22 +21,15 @@ public class ResolvesDeserializer @Override public List deserialize(JsonParser parser, DeserializationContext context) throws IOException { JsonNode node = parser.getCodec().readTree(parser); - - if (node.has("issue")) { - return parseResolvesNode(node.get("issue")); - } - else { - return parseResolvesNode(node); - } + return parseResolvesNode(node.has("issue") ? node.get("issue") : node); } private List parseResolvesNode(JsonNode node) { List resolvesList = new ArrayList<>(); - ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); + ArrayNode nodes = DeserializerUtils.getArrayNode(node, mapper); for (JsonNode resolvesNode : nodes) { - Resolves resolves = parseResolves(resolvesNode); - resolvesList.add(resolves); + resolvesList.add(parseResolves(resolvesNode)); } return resolvesList; } @@ -66,18 +59,22 @@ private Resolves parseResolves(JsonNode node) { } if (node.has("references")) { - JsonNode referencesNode = node.get("references"); - List references = new ArrayList<>(); - if (referencesNode.isArray()) { - for (JsonNode refNode : referencesNode) { - references.add(refNode.asText()); - } - } - else { - references.add(referencesNode.get("url").asText()); - } - resolves.setReferences(references); + resolves.setReferences(parseReferences(node.get("references"))); } + return resolves; } + + private List parseReferences(JsonNode referencesNode) { + List references = new ArrayList<>(); + if (referencesNode.isArray()) { + for (JsonNode refNode : referencesNode) { + references.add(refNode.asText()); + } + } + else { + references.add(referencesNode.get("url").asText()); + } + return references; + } } \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/deserializer/RiskDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/RiskDeserializer.java index 13483f3d2b..f7f201cf06 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/RiskDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/RiskDeserializer.java @@ -12,12 +12,14 @@ public class RiskDeserializer extends JsonDeserializer { @Override public Risk deserialize(JsonParser p, DeserializationContext ctxt) throws IOException { JsonNode node = p.getCodec().readTree(p); - String name = node.get("name").asText(); - String mitigationStrategy = node.get("mitigationStrategy").asText(); Risk risk = new Risk(); - risk.setName(name); - risk.setMitigationStrategy(mitigationStrategy); + if (node.has("name")) { + risk.setName(node.get("name").asText()); + } + if (node.has("mitigationStrategy")) { + risk.setMitigationStrategy(node.get("mitigationStrategy").asText()); + } return risk; } diff --git a/src/main/java/org/cyclonedx/util/deserializer/SignatoryDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/SignatoryDeserializer.java new file mode 100644 index 0000000000..735808acb8 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/SignatoryDeserializer.java @@ -0,0 +1,79 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.model.OrganizationalEntity; +import org.cyclonedx.model.Signature; +import org.cyclonedx.model.attestation.affirmation.Signatory; + +public class SignatoryDeserializer + extends JsonDeserializer +{ + private final ObjectMapper mapper = new ObjectMapper(); + + @Override + public Signatory deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) + throws IOException + { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + return parseSignatory(node); + } + + private Signatory parseSignatory(JsonNode node) { + Signatory signatory = new Signatory(); + + if (node.has("name")) { + signatory.setName(node.get("name").asText()); + } + + if (node.has("role")) { + signatory.setRole(node.get("role").asText()); + } + + JsonNode signatureNode = node.get("signature"); + if (signatureNode != null) { + Signature signature = mapper.convertValue(node.get("signature"), Signature.class); + signatory.setSignature(signature); + } + else { + parseOrganizationAndReference(node, signatory); + } + + return signatory; + } + + private void parseOrganizationAndReference(JsonNode node, Signatory signatory) { + JsonNode organizationNode = node.get("organization"); + JsonNode externalReferenceNode = node.get("externalReference"); + + if (organizationNode != null && externalReferenceNode != null) { + OrganizationalEntity organization = mapper.convertValue(organizationNode, OrganizationalEntity.class); + ExternalReference externalReference = mapper.convertValue(externalReferenceNode, ExternalReference.class); + signatory.setExternalReferenceAndOrganization(externalReference, organization); + } + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/StringListDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/StringListDeserializer.java index 73f9be63b2..f953db7844 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/StringListDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/StringListDeserializer.java @@ -15,17 +15,13 @@ public class StringListDeserializer @Override public List deserialize(JsonParser p, DeserializationContext ctxt) throws IOException { JsonNode node = p.getCodec().readTree(p); + String currentName = p.getCurrentName(); - if (p.getCurrentName().equalsIgnoreCase("aliases")) { + if ("aliases".equalsIgnoreCase(currentName)) { return deserializeList(node, "alias"); - } - else if (p.getCurrentName().equalsIgnoreCase("tags")) { - return deserializeList(node, "tag"); - } - else if (p.getCurrentName().equalsIgnoreCase("endpoints")) { + } else if ("endpoints".equalsIgnoreCase(currentName)) { return deserializeList(node, "endpoint"); - } - else if (p.getCurrentName().equalsIgnoreCase("altIds")) { + } else if ("altIds".equalsIgnoreCase(currentName)) { return deserializeList(node, "altId"); } return null; @@ -34,17 +30,15 @@ else if (p.getCurrentName().equalsIgnoreCase("altIds")) { private List deserializeList(JsonNode node, String itemName) { List list = new ArrayList<>(); - if(node.has(itemName)) { - node = node.get(itemName); - } + JsonNode itemsNode = node.has(itemName) ? node.get(itemName) : node; - if (node != null) { - if (node.isArray()) { - for (JsonNode nodeObject : node) { - list.add(nodeObject.asText()); + if (itemsNode != null) { + if (itemsNode.isArray()) { + for (JsonNode itemNode : itemsNode) { + list.add(itemNode.asText()); } } else { - list.add(node.asText()); + list.add(itemsNode.asText()); } } diff --git a/src/main/java/org/cyclonedx/util/deserializer/TagsDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/TagsDeserializer.java new file mode 100644 index 0000000000..cc8d10b3c8 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/TagsDeserializer.java @@ -0,0 +1,33 @@ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.ArrayNode; +import org.cyclonedx.model.component.Tags; + +public class TagsDeserializer + extends JsonDeserializer +{ + @Override + public Tags deserialize(JsonParser parser, DeserializationContext context) throws IOException { + JsonNode node = parser.getCodec().readTree(parser); + return parseNode(node.has("tag") ? node.get("tag") : node); + } + + private Tags parseNode(JsonNode node) { + List list = new ArrayList<>(); + + ArrayNode nodes = DeserializerUtils.getArrayNode(node, null); + for (JsonNode tagNode : nodes) { + list.add(tagNode.asText()); + } + + return list.isEmpty() ? null : new Tags(list); + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/deserializer/ToolDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/ToolDeserializer.java new file mode 100644 index 0000000000..a03eee5850 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/ToolDeserializer.java @@ -0,0 +1,42 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.ObjectCodec; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.cyclonedx.model.Tool; + +import java.io.IOException; + +public class ToolDeserializer + extends JsonDeserializer +{ + private final ObjectMapper mapper = new ObjectMapper(); + + @Override + public Tool deserialize(JsonParser parser, DeserializationContext context) throws IOException { + ObjectCodec codec = parser.getCodec(); + JsonNode node = codec.readTree(parser); + return mapper.convertValue(node, Tool.class); + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/ToolInformationDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/ToolInformationDeserializer.java new file mode 100644 index 0000000000..885f591f2d --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/ToolInformationDeserializer.java @@ -0,0 +1,104 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.cyclonedx.model.Component; +import org.cyclonedx.model.Service; +import org.cyclonedx.model.metadata.ToolInformation; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; + +public class ToolInformationDeserializer + extends JsonDeserializer +{ + private final ObjectMapper mapper = new ObjectMapper(); + + @Override + public ToolInformation deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) + throws IOException + { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + return parseToolInformation(node); + } + + private ToolInformation parseToolInformation(JsonNode toolsNode) { + ToolInformation toolInformation = new ToolInformation(); + if (toolsNode.has("components")) { + parseComponents(toolsNode.get("components"), toolInformation); + } + if (toolsNode.has("services")) { + parseServices(toolsNode.get("services"), toolInformation); + } + toolInformation.getComponents(); + toolInformation.getServices(); + return toolInformation; + } + + private void parseComponents(JsonNode componentsNode, ToolInformation toolInformation) { + if (componentsNode != null) { + if (componentsNode.isArray()) { + final List components = mapper.convertValue(componentsNode, new TypeReference>() {}); + toolInformation.setComponents(components); + } else if (componentsNode.isObject()) { + if (componentsNode.has("component")) { + final JsonNode componentNode = componentsNode.get("component"); + if (componentNode.isArray()) { + parseComponents(componentNode, toolInformation); + return; + } + } + final Component component = mapper.convertValue(componentsNode, Component.class); + final List components = new ArrayList<>(); + components.add(component); + toolInformation.setComponents(components); + } + } + } + + private void parseServices(JsonNode servicesNode, ToolInformation toolInformation) { + if (servicesNode != null) { + if (servicesNode.isArray()) { + final List services = mapper.convertValue(servicesNode, new TypeReference>() {}); + toolInformation.setServices(services); + } else if (servicesNode.isObject()) { + if (servicesNode.has("service")) { + final JsonNode serviceNode = servicesNode.get("service"); + if (serviceNode.isArray()) { + parseServices(serviceNode, toolInformation); + return; + } + } + final Service service = mapper.convertValue(servicesNode, Service.class); + final List services = new ArrayList<>(); + services.add(service); + toolInformation.setServices(services); + } + } + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/ToolsDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/ToolsDeserializer.java new file mode 100644 index 0000000000..2da349267d --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/ToolsDeserializer.java @@ -0,0 +1,59 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; +import org.cyclonedx.model.Tool; + +public class ToolsDeserializer + extends JsonDeserializer> +{ + private final ToolDeserializer toolDeserializer = new ToolDeserializer(); + private final ObjectMapper objectMapper = new ObjectMapper(); + + @Override + public List deserialize(JsonParser jsonParser, DeserializationContext ctxt) throws IOException { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + return parseTools(node.has("tool") ? node.get("tool") : node, jsonParser, ctxt); + } + + private List parseTools(JsonNode node, JsonParser p, DeserializationContext ctxt) throws IOException { + List tools = new ArrayList<>(); + ArrayNode nodes = DeserializerUtils.getArrayNode(node, objectMapper); + for (JsonNode toolNode : nodes) { + tools.add(parseTool(toolNode, p, ctxt)); + } + return tools; + } + + private Tool parseTool(JsonNode node, JsonParser p, DeserializationContext ctxt) throws IOException { + JsonParser toolParser = node.traverse(p.getCodec()); + toolParser.nextToken(); + return toolDeserializer.deserialize(toolParser, ctxt); + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/VulnerabilityDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/VulnerabilityDeserializer.java index 0695b0793a..6604b80a1f 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/VulnerabilityDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/VulnerabilityDeserializer.java @@ -18,34 +18,287 @@ */ package org.cyclonedx.util.deserializer; +import java.io.IOException; +import java.util.ArrayList; import java.util.List; import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.DeserializationContext; -import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; +import org.cyclonedx.model.OrganizationalContact; +import org.cyclonedx.model.OrganizationalEntity; +import org.cyclonedx.model.Property; import org.cyclonedx.model.vulnerability.Vulnerability; +import org.cyclonedx.util.TimestampUtils; +import org.cyclonedx.util.ToolsJsonParser; public class VulnerabilityDeserializer - extends StdDeserializer> -{ - public VulnerabilityDeserializer() { - this(null); - } + extends JsonDeserializer> { - public VulnerabilityDeserializer(final Class vc) { - super(vc); - } + private final PropertiesDeserializer propertiesDeserializer = new PropertiesDeserializer(); + private final AffectsDeserializer affectsDeserializer = new AffectsDeserializer(); @Override - public List deserialize(final JsonParser parser, final DeserializationContext context) - { + public List deserialize(final JsonParser parser, final DeserializationContext context) { try { - return parser.readValueAs(new TypeReference>(){}); - } - catch (Exception e) { + JsonNode node = parser.getCodec().readTree(parser); + return parseVulnerabilities(node.has("vulnerability") ? node.get("vulnerability") : node, parser, context); + } catch (Exception e) { return null; } } + + private List parseVulnerabilities(JsonNode node, JsonParser jsonParser, DeserializationContext ctxt) throws IOException { + ObjectMapper mapper = getMapper(jsonParser); + List vulnerabilities = new ArrayList<>(); + ArrayNode nodes = DeserializerUtils.getArrayNode(node, mapper); + for (JsonNode vulnerabilityNode : nodes) { + vulnerabilities.add(parseVulnerability(vulnerabilityNode, jsonParser, ctxt, mapper)); + } + return vulnerabilities; + } + + private Vulnerability parseVulnerability(JsonNode node, JsonParser jsonParser, DeserializationContext ctxt, ObjectMapper mapper) throws IOException { + JsonParser vulnerabilityParser = node.traverse(jsonParser.getCodec()); + vulnerabilityParser.nextToken(); + + Vulnerability vulnerability = new Vulnerability(); + + if (node.has("bom-ref")) { + vulnerability.setBomRef(node.get("bom-ref").asText()); + } + + if (node.has("id")) { + vulnerability.setId(node.get("id").asText()); + } + + if (node.has("description")) { + vulnerability.setDescription(node.get("description").asText()); + } + + if (node.has("detail")) { + vulnerability.setDetail(node.get("detail").asText()); + } + + if (node.has("recommendation")) { + vulnerability.setRecommendation(node.get("recommendation").asText()); + } + + if (node.has("source")) { + Vulnerability.Source source = mapper.convertValue(node.get("source"), Vulnerability.Source.class); + vulnerability.setSource(source); + } + + if (node.has("references")) { + JsonNode referencesNode = node.get("references"); + if (referencesNode.isArray()) { + List references = mapper.convertValue(node.get("references"), + new TypeReference>() {}); + vulnerability.setReferences(references); + } else if (referencesNode.has("reference")) { + JsonNode referenceNode = referencesNode.get("reference"); + if (referenceNode.isArray()) { + List references = mapper.convertValue(referenceNode, + new TypeReference>() {}); + vulnerability.setReferences(references); + } else { + vulnerability.addReference(mapper.convertValue(referenceNode, Vulnerability.Reference.class)); + } + } + } + + if (node.has("ratings")) { + JsonNode ratingsNode = node.get("ratings"); + if (ratingsNode.isArray()) { + List ratings = mapper.convertValue(node.get("ratings"), new TypeReference>() { + }); + vulnerability.setRatings(ratings); + } else if (ratingsNode.has("rating")) { + JsonNode ratingNode = ratingsNode.get("rating"); + if (ratingNode.isArray()) { + List ratings = mapper.convertValue(ratingNode, new TypeReference>() { + }); + vulnerability.setRatings(ratings); + } + else { + vulnerability.addRating(mapper.convertValue(ratingNode, Vulnerability.Rating.class)); + } + } + } + + if (node.has("cwes")) { + JsonNode cwesNode = node.get("cwes"); + if (cwesNode.isArray()) { + List codes = mapper.convertValue(node.get("cwes"), new TypeReference>() {}); + vulnerability.setCwes(codes); + } else if (cwesNode.has("cwe")) { + JsonNode cweNode = cwesNode.get("cwe"); + if (cweNode.isArray()) { + List codes = mapper.convertValue(cweNode, new TypeReference>() { + }); + vulnerability.setCwes(codes); + } else { + vulnerability.addCwe(cweNode.asInt()); + } + } + } + + if (node.has("advisories")) { + JsonNode advisoriesNode = node.get("advisories"); + if (advisoriesNode.isArray()) { + List advisories = mapper.convertValue(node.get("advisories"), + new TypeReference>() {}); + vulnerability.setAdvisories(advisories); + } else if (advisoriesNode.has("advisory")) { + JsonNode advisoryNode = advisoriesNode.get("advisory"); + if (advisoryNode.isArray()) { + List advisories = mapper.convertValue(advisoryNode, + new TypeReference>() {}); + vulnerability.setAdvisories(advisories); + } else { + vulnerability.addAdvisory(mapper.convertValue(advisoryNode, Vulnerability.Advisory.class)); + } + } + } + + if (node.has("created")) { + vulnerability.setCreated(TimestampUtils.parseTimestamp(node.get("created").textValue())); + } + + if (node.has("published")) { + vulnerability.setPublished(TimestampUtils.parseTimestamp(node.get("published").textValue())); + } + + if (node.has("updated")) { + vulnerability.setUpdated(TimestampUtils.parseTimestamp(node.get("updated").textValue())); + } + + if (node.has("rejected")) { + vulnerability.setRejected(TimestampUtils.parseTimestamp(node.get("rejected").textValue())); + } + + if (node.has("credits")) { + parseCredits(node.get("credits"), vulnerability, mapper); + } + + if (node.has("analysis")) { + parseAnalysis(node.get("analysis"), vulnerability, mapper); + } + + if (node.has("affects")) { + JsonParser affectsParser = node.get("affects").traverse(jsonParser.getCodec()); + affectsParser.nextToken(); + List affects = affectsDeserializer.deserialize(affectsParser, ctxt); + vulnerability.setAffects(affects); + } + + if (node.has("properties")) { + JsonParser propertiesParser = node.get("properties").traverse(jsonParser.getCodec()); + propertiesParser.nextToken(); + List properties = propertiesDeserializer.deserialize(propertiesParser, ctxt); + vulnerability.setProperties(properties); + } + + if (node.has("tools")) { + ToolsJsonParser toolsParser = new ToolsJsonParser(node, jsonParser, ctxt); + vulnerability.setTools(toolsParser.getTools()); + vulnerability.setToolChoice(toolsParser.getToolInformation()); + } + + return vulnerability; + } + + private void parseAnalysis(JsonNode analysisNode, Vulnerability vulnerability, ObjectMapper mapper) { + if (analysisNode != null) { + Vulnerability.Analysis analysis = new Vulnerability.Analysis(); + if (analysisNode.has("state")) { + analysis.setState(mapper.convertValue(analysisNode.get("state"), Vulnerability.Analysis.State.class)); + } + if (analysisNode.has("justification")) { + analysis.setJustification(mapper.convertValue(analysisNode.get("justification"), Vulnerability.Analysis.Justification.class)); + } + if (analysisNode.has("detail")) { + analysis.setDetail(analysisNode.get("detail").asText()); + } + if (analysisNode.has("firstIssued")) { + analysis.setFirstIssued(TimestampUtils.parseTimestamp(analysisNode.get("firstIssued").textValue())); + } + if (analysisNode.has("lastUpdated")) { + analysis.setLastUpdated(TimestampUtils.parseTimestamp(analysisNode.get("lastUpdated").textValue())); + } + if (analysisNode.has("response")) { + JsonNode responsesNode = analysisNode.get("response"); + if (responsesNode.isArray()) { + List responses = mapper.convertValue(responsesNode, + new TypeReference>() {}); + analysis.setResponses(responses); + } + } else if (analysisNode.has("responses")) { + JsonNode responsesNode = analysisNode.get("responses"); + if (responsesNode.has("response")) { + JsonNode responseNode = responsesNode.get("response"); + if (responseNode.isArray()) { + List responses = mapper.convertValue(responseNode, + new TypeReference>() {}); + analysis.setResponses(responses); + } + else if (responseNode.isTextual()) { + Vulnerability.Analysis.Response response = + Vulnerability.Analysis.Response.fromString(responseNode.asText()); + analysis.addResponse(response); + } + } + } + vulnerability.setAnalysis(analysis); + } + } + + private void parseCredits(JsonNode creditsNode, Vulnerability vulnerability, ObjectMapper mapper) { + Vulnerability.Credits credits = new Vulnerability.Credits(); + if (creditsNode.has("organizations")) { + parseOrganizations(creditsNode.get("organizations"), credits, mapper); + } + if (creditsNode.has("individuals")) { + parseIndividuals(creditsNode.get("individuals"), credits, mapper); + } + vulnerability.setCredits(credits); + } + + private void parseOrganizations(JsonNode organizationsNode, Vulnerability.Credits credits, ObjectMapper mapper) { + if (organizationsNode != null) { + if (organizationsNode.isArray()) { + List organizations = mapper.convertValue(organizationsNode, + new TypeReference>() {}); + credits.setOrganizations(organizations); + } else if (organizationsNode.isObject()) { + OrganizationalEntity organization = mapper.convertValue(organizationsNode.get("organization"), OrganizationalEntity.class); + credits.addOrganization(organization); + } + } + } + + private void parseIndividuals(JsonNode individualsNode, Vulnerability.Credits credits, ObjectMapper mapper) { + if (individualsNode != null) { + if (individualsNode.isArray()) { + List individuals = mapper.convertValue(individualsNode, new TypeReference>() {}); + credits.setIndividuals(individuals); + } else if (individualsNode.isObject()) { + OrganizationalContact individual = mapper.convertValue(individualsNode.get("individual"), OrganizationalContact.class); + credits.addIndividual(individual); + } + } + } + + private ObjectMapper getMapper(JsonParser jsonParser) { + if (jsonParser.getCodec() instanceof ObjectMapper) { + return (ObjectMapper) jsonParser.getCodec(); + } else { + return new ObjectMapper(); + } + } } diff --git a/src/main/java/org/cyclonedx/util/VersionJsonAnnotationIntrospector.java b/src/main/java/org/cyclonedx/util/introspector/VersionJsonAnnotationIntrospector.java similarity index 63% rename from src/main/java/org/cyclonedx/util/VersionJsonAnnotationIntrospector.java rename to src/main/java/org/cyclonedx/util/introspector/VersionJsonAnnotationIntrospector.java index b24b5aa860..260c832d03 100644 --- a/src/main/java/org/cyclonedx/util/VersionJsonAnnotationIntrospector.java +++ b/src/main/java/org/cyclonedx/util/introspector/VersionJsonAnnotationIntrospector.java @@ -16,33 +16,42 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.introspector; -import java.util.Arrays; import com.fasterxml.jackson.databind.introspect.AnnotatedMember; import com.fasterxml.jackson.databind.introspect.JacksonAnnotationIntrospector; +import org.cyclonedx.Version; import org.cyclonedx.model.VersionFilter; import org.cyclonedx.model.XmlOnly; public class VersionJsonAnnotationIntrospector extends JacksonAnnotationIntrospector { - private final String version; + private final Version version; - public VersionJsonAnnotationIntrospector(final String version) { + public VersionJsonAnnotationIntrospector(final Version version) { this.version = version; } @Override public boolean hasIgnoreMarker(final AnnotatedMember m) { + // Check if the field has the VersionFilter annotation if (m.hasAnnotation(VersionFilter.class)) { + // Get the VersionFilter annotation from the field VersionFilter filter = m.getAnnotation(VersionFilter.class); - if (Arrays.asList(filter.versions()).contains(version)) { + // Check if the version specified in the annotation is greater than the current version + if (filter.value().getVersion() > version.getVersion()) { + // If true, it means the field was introduced after the current version, so we should ignore it return true; } } + + // Check if the field has the XmlOnly annotation if (m.hasAnnotation(XmlOnly.class)) { + // If true, the field should be ignored for XML serialization return true; } + + // If none of the above conditions are met, delegate to the superclass's hasIgnoreMarker method return super.hasIgnoreMarker(m); } } diff --git a/src/main/java/org/cyclonedx/util/VersionXmlAnnotationIntrospector.java b/src/main/java/org/cyclonedx/util/introspector/VersionXmlAnnotationIntrospector.java similarity index 64% rename from src/main/java/org/cyclonedx/util/VersionXmlAnnotationIntrospector.java rename to src/main/java/org/cyclonedx/util/introspector/VersionXmlAnnotationIntrospector.java index b0a0a68141..475d0c4990 100644 --- a/src/main/java/org/cyclonedx/util/VersionXmlAnnotationIntrospector.java +++ b/src/main/java/org/cyclonedx/util/introspector/VersionXmlAnnotationIntrospector.java @@ -16,34 +16,42 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; - -import java.util.Arrays; +package org.cyclonedx.util.introspector; import com.fasterxml.jackson.databind.introspect.AnnotatedMember; import com.fasterxml.jackson.dataformat.xml.JacksonXmlAnnotationIntrospector; +import org.cyclonedx.Version; import org.cyclonedx.model.JsonOnly; import org.cyclonedx.model.VersionFilter; public class VersionXmlAnnotationIntrospector extends JacksonXmlAnnotationIntrospector { - private final String version; + private final Version version; - public VersionXmlAnnotationIntrospector(final String version) { + public VersionXmlAnnotationIntrospector(final Version version) { this.version = version; } @Override public boolean hasIgnoreMarker(final AnnotatedMember m) { + // Check if the field has the VersionFilter annotation if (m.hasAnnotation(VersionFilter.class)) { + // Get the VersionFilter annotation from the field VersionFilter filter = m.getAnnotation(VersionFilter.class); - if (Arrays.asList(filter.versions()).contains(version)) { + // Check if the version specified in the annotation is greater than the current version + if (filter.value().getVersion() > version.getVersion()) { + // If true, it means the field was introduced after the current version, so we should ignore it return true; } } + + // Check if the field has the JsonOnly annotation if (m.hasAnnotation(JsonOnly.class)) { + // If true, the field should be ignored for XML serialization return true; } + + // If none of the above conditions are met, delegate to the superclass's hasIgnoreMarker method return super.hasIgnoreMarker(m); } } diff --git a/src/main/java/org/cyclonedx/util/serializer/CustomSerializerModifier.java b/src/main/java/org/cyclonedx/util/serializer/CustomSerializerModifier.java new file mode 100644 index 0000000000..3b3d59bd94 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/serializer/CustomSerializerModifier.java @@ -0,0 +1,69 @@ +package org.cyclonedx.util.serializer; + +import com.fasterxml.jackson.databind.BeanDescription; +import com.fasterxml.jackson.databind.JsonSerializer; +import com.fasterxml.jackson.databind.SerializationConfig; +import com.fasterxml.jackson.databind.ser.BeanPropertyWriter; +import com.fasterxml.jackson.databind.ser.BeanSerializerModifier; +import org.cyclonedx.Version; +import org.cyclonedx.model.Bom; + +import java.util.Iterator; +import java.util.List; + +public class CustomSerializerModifier + extends BeanSerializerModifier +{ + private final Version version; + + private final boolean isXml; + + public CustomSerializerModifier(boolean isXml, Version version) { + this.version = version; + this.isXml = isXml; + } + + @Override + public List changeProperties( + SerializationConfig config, + BeanDescription beanDesc, + List beanProperties) + { + //Properties were introduced in 1.3 for XML and 1.5 for JSON + //Meaning that we should only serialize properties if the version is 1.3 or higher for XML + //and 1.5 or higher for JSON + //This is to ensure backwards compatibility with older versions of the schema + if (Bom.class.isAssignableFrom(beanDesc.getBeanClass())) { + Iterator iterator = beanProperties.iterator(); + while (iterator.hasNext()) { + BeanPropertyWriter writer = iterator.next(); + if (isValidAttribute(writer)) { + if (shouldSerializeProperties(version)) { + JsonSerializer serializer = new PropertiesSerializer(isXml); + writer.assignSerializer((JsonSerializer) serializer); + } + else { + // Remove the properties field from the list of properties + iterator.remove(); + } + } + } + } + return beanProperties; + } + + private boolean shouldSerializeProperties(Version version) { + // Check the version and decide if properties should be serialized + return (isXml && version.getVersion() >= Version.VERSION_13.getVersion()) + || (!isXml && version.getVersion() >= Version.VERSION_15.getVersion()); + } + + private boolean isValidAttribute(BeanPropertyWriter writer) { + if (isXml) { + return "properties".equals(writer.getWrapperName().getSimpleName()); + } + else { + return "properties".equals(writer.getName()); + } + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java b/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java index 50f11134f2..c4af1de980 100644 --- a/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java @@ -31,6 +31,7 @@ import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; import com.fasterxml.jackson.databind.BeanProperty; import com.fasterxml.jackson.databind.JsonSerializer; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.StringUtils; import org.cyclonedx.CycloneDxSchema; import org.cyclonedx.model.Dependency; @@ -90,7 +91,7 @@ private void writeJSONDependenciesWithGenerator(final JsonGenerator generator, f generator.writeStartObject(); generator.writeStringField(REF, dependency.getRef()); generator.writeArrayFieldStart("dependsOn"); - if (dependency.getDependencies() != null && !dependency.getDependencies().isEmpty()) { + if (CollectionUtils.isNotEmpty(dependency.getDependencies())) { for (Dependency subDependency : dependency.getDependencies()) { generator.writeString(subDependency.getRef()); } @@ -124,7 +125,7 @@ private void writeXMLDependency(final Dependency dependency, final ToXmlGenerato { processNamespace(generator, "dependency"); - if (dependency.getDependencies() != null && !dependency.getDependencies().isEmpty()) { + if (CollectionUtils.isNotEmpty(dependency.getDependencies())) { generator.writeStartArray(); } @@ -133,16 +134,16 @@ private void writeXMLDependency(final Dependency dependency, final ToXmlGenerato generator.writeString(dependency.getRef()); generator.setNextIsAttribute(false); - if (dependency.getDependencies() != null && !dependency.getDependencies().isEmpty()) { + if (CollectionUtils.isNotEmpty(dependency.getDependencies())) { for (Dependency subDependency : dependency.getDependencies()) { // You got Shay'd writeXMLDependency(subDependency, generator); } } - if (dependency.getDependencies() != null && !dependency.getDependencies().isEmpty()) { - generator.writeEndArray(); - } + if (CollectionUtils.isNotEmpty(dependency.getDependencies())) { + generator.writeEndArray(); + } generator.writeEndObject(); } diff --git a/src/main/java/org/cyclonedx/util/serializer/EnvironmentVarsSerializer.java b/src/main/java/org/cyclonedx/util/serializer/EnvironmentVarsSerializer.java new file mode 100644 index 0000000000..d85ba62344 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/serializer/EnvironmentVarsSerializer.java @@ -0,0 +1,87 @@ +package org.cyclonedx.util.serializer; + +import java.io.IOException; +import java.util.List; + +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.formulation.common.EnvironmentVars; + +public class EnvironmentVarsSerializer + extends StdSerializer +{ + private final boolean isXml; + + public EnvironmentVarsSerializer(boolean isXml) { + this(null, isXml); + } + + public EnvironmentVarsSerializer(Class t, boolean isXml) { + super(t); + this.isXml = isXml; + } + + @Override + public void serialize(EnvironmentVars value, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) + throws IOException { + + List choices = value.getChoices(); + + if (isXml && jsonGenerator instanceof ToXmlGenerator) { + ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; + serializeXml(choices, xmlGenerator); + } else { + serializeJson(choices, jsonGenerator); + } + } + + private void serializeXml(List choices, ToXmlGenerator xmlGenerator) throws IOException { + xmlGenerator.writeFieldName("environmentVars"); + if (choices.size() == 1 && choices.get(0) instanceof String) { + xmlGenerator.writeStartObject(); + xmlGenerator.writeStringField("value", (String) choices.get(0)); + xmlGenerator.writeEndObject(); + } else { + xmlGenerator.writeStartObject(); + for (Object choice : choices) { + if (choice instanceof Property) { + SerializerUtils.serializeProperty("environmentVar", (Property) choice, xmlGenerator); + } else if (choice instanceof String) { + xmlGenerator.writeFieldName("value"); + xmlGenerator.writeString((String) choice); + } + } + xmlGenerator.writeEndObject(); + } + } + + private void serializeJson(List choices, JsonGenerator jsonGenerator) throws IOException { + jsonGenerator.writeFieldName("environmentVars"); + jsonGenerator.writeStartArray(); + if (choices.size() == 1 && choices.get(0) instanceof String) { + jsonGenerator.writeString((String) choices.get(0)); + } else { + + for (Object choice : choices) { + if (choice instanceof Property) { + jsonGenerator.writeStartObject(); + Property property = (Property) choice; + jsonGenerator.writeStringField("name", property.getName()); + jsonGenerator.writeStringField("value", property.getValue()); + jsonGenerator.writeEndObject(); + } else if (choice instanceof String) { + jsonGenerator.writeString((String) choice); + } + } + } + jsonGenerator.writeEndArray(); + } + + @Override + public Class handledType() { + return EnvironmentVars.class; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/serializer/EvidenceSerializer.java b/src/main/java/org/cyclonedx/util/serializer/EvidenceSerializer.java new file mode 100644 index 0000000000..fe12903068 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/serializer/EvidenceSerializer.java @@ -0,0 +1,134 @@ +package org.cyclonedx.util.serializer; + +import java.io.IOException; + +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.apache.commons.collections4.CollectionUtils; +import org.cyclonedx.Version; +import org.cyclonedx.model.Copyright; +import org.cyclonedx.model.Evidence; +import org.cyclonedx.model.component.evidence.Identity; +import org.cyclonedx.model.component.evidence.Occurrence; + +import static org.cyclonedx.util.serializer.SerializerUtils.shouldSerializeField; + +public class EvidenceSerializer + extends StdSerializer +{ + private final boolean isXml; + + private final Version version; + + public EvidenceSerializer(boolean isXml, Version version) { + this(null, isXml, version); + } + + public EvidenceSerializer(Class t, boolean isXml, Version version) { + super(t); + this.isXml = isXml; + this.version = version; + } + + @Override + public void serialize(Evidence value, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) + throws IOException { + if (isXml && jsonGenerator instanceof ToXmlGenerator) { + ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; + serializeXml(xmlGenerator, value, serializerProvider); + } else { + serializeJson(jsonGenerator, value, serializerProvider); + } + } + + private void serializeXml(final ToXmlGenerator xmlGenerator, final Evidence evidence, SerializerProvider serializerProvider) throws IOException { + xmlGenerator.writeStartObject(); + if (CollectionUtils.isNotEmpty(evidence.getIdentities()) && shouldSerializeField(evidence, version, "identities")) { + if (version.getVersion() >= Version.VERSION_16.getVersion()) { + xmlGenerator.writeFieldName("identity"); + xmlGenerator.writeStartArray(); + for (Identity identity : evidence.getIdentities()) { + xmlGenerator.writeObject(identity); + } + xmlGenerator.writeEndArray(); + } + else { + xmlGenerator.writeObjectField("identity", evidence.getIdentities().get(0)); + } + } + + if (CollectionUtils.isNotEmpty(evidence.getOccurrences()) && shouldSerializeField(evidence, version, "occurrences")) { + xmlGenerator.writeFieldName("occurrences"); + xmlGenerator.writeStartObject(); // Start the occurrences object + for (Occurrence occurrence : evidence.getOccurrences()) { + xmlGenerator.writeFieldName("occurrence"); + xmlGenerator.writeObject(occurrence); + } + xmlGenerator.writeEndObject(); // End the occurrences object + } + + serializeCommonInfo(xmlGenerator, evidence, serializerProvider); + + if (CollectionUtils.isNotEmpty(evidence.getCopyright()) && shouldSerializeField(evidence, version, "copyright")) { + xmlGenerator.writeFieldName("copyright"); + xmlGenerator.writeStartObject(); + for (Copyright item : evidence.getCopyright()) { + xmlGenerator.writeStringField("text", item.getText()); + } + xmlGenerator.writeEndObject(); + } + xmlGenerator.writeEndObject(); + } + + private void serializeJson(final JsonGenerator gen, final Evidence evidence, SerializerProvider serializerProvider) throws IOException { + gen.writeStartObject(); + if (CollectionUtils.isNotEmpty(evidence.getIdentities()) && shouldSerializeField(evidence, version, "identities")) { + if (version.getVersion() >= Version.VERSION_16.getVersion()) { + gen.writeObjectField("identity", evidence.getIdentities()); + } + else { + gen.writeObjectField("identity", evidence.getIdentities().get(0)); + } + } + + if (CollectionUtils.isNotEmpty(evidence.getOccurrences()) && shouldSerializeField(evidence, version, "occurrences")) { + gen.writeObjectField("occurrences", evidence.getOccurrences()); + } + + serializeCommonInfo(gen, evidence, serializerProvider); + + if (CollectionUtils.isNotEmpty(evidence.getCopyright()) && shouldSerializeField(evidence, version, "copyright")) { + gen.writeFieldName("copyright"); + gen.writeStartArray(); + for (Copyright item : evidence.getCopyright()) { + gen.writeStartObject(); + gen.writeStringField("text", item.getText()); + gen.writeEndObject(); + } + gen.writeEndArray(); + } + gen.writeEndObject(); + } + + private void serializeCommonInfo( + final JsonGenerator gen, + final Evidence evidence, + final SerializerProvider serializerProvider) throws IOException + { + if (evidence.getCallstack() != null && shouldSerializeField(evidence, version, "callstack")) { + gen.writeObjectField("callstack", evidence.getCallstack()); + } + + if (evidence.getLicenses() != null && shouldSerializeField(evidence, version, "licenses")) { + gen.writeFieldName("licenses"); + new LicenseChoiceSerializer(isXml, version).serialize(evidence.getLicenses(), gen, serializerProvider); + } + } + + @Override + public Class handledType() { + return Evidence.class; + } +} diff --git a/src/main/java/org/cyclonedx/util/serializer/ExtensibleTypesSerializer.java b/src/main/java/org/cyclonedx/util/serializer/ExtensibleTypesSerializer.java index 72d0f8f44c..211f4d5add 100644 --- a/src/main/java/org/cyclonedx/util/serializer/ExtensibleTypesSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/ExtensibleTypesSerializer.java @@ -28,6 +28,7 @@ import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.ser.std.StdSerializer; import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.apache.commons.collections4.CollectionUtils; import org.cyclonedx.model.Attribute; import org.cyclonedx.model.ExtensibleType; @@ -52,9 +53,9 @@ public void serialize( final ToXmlGenerator toXmlGenerator = (ToXmlGenerator) generator; final XMLStreamWriter staxWriter = toXmlGenerator.getStaxWriter(); try { - if (extensibleTypes != null && !extensibleTypes.isEmpty()) { + if (CollectionUtils.isNotEmpty(extensibleTypes)) { for (ExtensibleType ext : extensibleTypes) { - if (ext.getAttributes() != null && !ext.getAttributes().isEmpty()) { + if (CollectionUtils.isNotEmpty(ext.getAttributes())) { Attribute xmlNS = ext.getAttributes().stream() .filter(a -> a.getKey().contains(XMLNS)) .findAny() @@ -71,7 +72,7 @@ public void serialize( staxWriter.writeStartElement(ext.getNamespace(), ext.getName(), "http://www.w3.org/1999/xhtml"); } - if (ext.getExtensibleTypes() != null && !ext.getExtensibleTypes().isEmpty()) { + if (CollectionUtils.isNotEmpty(ext.getExtensibleTypes())) { serialize(ext.getExtensibleTypes(), generator, provider); } if (ext.getValue() != null) { diff --git a/src/main/java/org/cyclonedx/util/serializer/ExtensionSerializer.java b/src/main/java/org/cyclonedx/util/serializer/ExtensionSerializer.java index 54b310e77c..3208d284e9 100644 --- a/src/main/java/org/cyclonedx/util/serializer/ExtensionSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/ExtensionSerializer.java @@ -27,6 +27,7 @@ import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.ser.std.StdSerializer; import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.apache.commons.collections4.CollectionUtils; import org.cyclonedx.model.ExtensibleType; import org.cyclonedx.model.Extension; import org.cyclonedx.model.Extension.ExtensionType; @@ -91,7 +92,7 @@ private void serializeVulnerabilities(final ToXmlGenerator gen, final Extension private void processAdvisories(final XMLStreamWriter staxWriter, final Vulnerability10 vuln) throws XMLStreamException { - if (vuln.getAdvisories() != null && !vuln.getAdvisories().isEmpty()) { + if (CollectionUtils.isNotEmpty(vuln.getAdvisories())) { staxWriter.writeStartElement(Vulnerability10.PREFIX, Vulnerability10.ADVISORIES, Vulnerability10.NAMESPACE_URI); for (Advisory a : vuln.getAdvisories()) { generateTextNode(staxWriter, Vulnerability10.ADVISORY, a.getText(), Vulnerability10.NAMESPACE_URI, Vulnerability10.PREFIX); @@ -103,7 +104,7 @@ private void processAdvisories(final XMLStreamWriter staxWriter, final Vulnerabi private void processRecommendations(final XMLStreamWriter staxWriter, final Vulnerability10 vuln) throws XMLStreamException { - if (vuln.getRecommendations() != null && !vuln.getRecommendations().isEmpty()) { + if (CollectionUtils.isNotEmpty(vuln.getRecommendations())) { staxWriter.writeStartElement(Vulnerability10.PREFIX, Vulnerability10.RECOMMENDATIONS, Vulnerability10.NAMESPACE_URI); for (Recommendation r : vuln.getRecommendations()) { generateTextNode(staxWriter, Vulnerability10.RECOMMENDATION, r.getText(), Vulnerability10.NAMESPACE_URI, Vulnerability10.PREFIX); @@ -115,7 +116,7 @@ private void processRecommendations(final XMLStreamWriter staxWriter, final Vuln private void processCwes(final XMLStreamWriter staxWriter, final Vulnerability10 vuln) throws XMLStreamException { - if (vuln.getCwes() != null && !vuln.getCwes().isEmpty()) { + if (CollectionUtils.isNotEmpty(vuln.getCwes())) { staxWriter.writeStartElement(Vulnerability10.PREFIX, Vulnerability10.CWES, Vulnerability10.NAMESPACE_URI); for (Cwe c : vuln.getCwes()) { generateTextNodeFromNumber(staxWriter, Vulnerability10.CWE, c.getText(), Vulnerability10.NAMESPACE_URI, Vulnerability10.PREFIX); @@ -141,7 +142,7 @@ private void processSource(final XMLStreamWriter staxWriter, final Vulnerability private void processRatings(final XMLStreamWriter staxWriter, final Vulnerability10 vuln) throws XMLStreamException { - if (vuln.getRatings() != null && !vuln.getRatings().isEmpty()) { + if (CollectionUtils.isNotEmpty(vuln.getRatings())) { staxWriter.writeStartElement(Vulnerability10.PREFIX, Vulnerability10.RATINGS, Vulnerability10.NAMESPACE_URI); for (Rating r : vuln.getRatings()) { staxWriter.writeStartElement(Vulnerability10.PREFIX, Vulnerability10.RATING, Vulnerability10.NAMESPACE_URI); diff --git a/src/main/java/org/cyclonedx/util/serializer/ExternalReferenceSerializer.java b/src/main/java/org/cyclonedx/util/serializer/ExternalReferenceSerializer.java index fbac4e9eed..35ad97bba5 100644 --- a/src/main/java/org/cyclonedx/util/serializer/ExternalReferenceSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/ExternalReferenceSerializer.java @@ -20,78 +20,115 @@ import java.io.IOException; import java.util.function.BiPredicate; -import javax.xml.stream.XMLStreamException; -import javax.xml.stream.XMLStreamWriter; import com.fasterxml.jackson.core.JsonGenerator; import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.ser.std.StdSerializer; import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.apache.commons.collections4.CollectionUtils; +import org.cyclonedx.Version; import org.cyclonedx.model.ExternalReference; import org.cyclonedx.model.ExternalReference.Type; import org.cyclonedx.model.Hash; +import org.cyclonedx.model.VersionFilter; import org.cyclonedx.util.BomUtils; -public class ExternalReferenceSerializer extends StdSerializer +import static org.cyclonedx.util.serializer.SerializerUtils.serializeHashJson; + +public class ExternalReferenceSerializer + extends StdSerializer { - public ExternalReferenceSerializer() { - this(null); + private final Version version; + + public ExternalReferenceSerializer(final Version version) { + this(null, version); } - public ExternalReferenceSerializer(final Class t) { + public ExternalReferenceSerializer(final Class t, final Version version) { super(t); + this.version = version; } @Override public void serialize( final ExternalReference extRef, final JsonGenerator gen, final SerializerProvider provider) throws IOException { - final BiPredicate validateExternalReference = (type, url) -> (type != null && url != null && BomUtils.validateUriString(url)); + final BiPredicate validateExternalReference = + (type, url) -> (type != null && url != null && BomUtils.validateUriString(url)); + + if (!validateExternalReference.test(extRef.getType(), extRef.getUrl())) { + return; + } + + if(!shouldSerializeField(extRef.getType())) { + return; + } + if (gen instanceof ToXmlGenerator) { - final ToXmlGenerator toXmlGenerator = (ToXmlGenerator) gen; - final XMLStreamWriter staxWriter = toXmlGenerator.getStaxWriter(); - - if (validateExternalReference.test(extRef.getType(), extRef.getUrl())) { - try { - staxWriter.writeStartElement("reference"); - staxWriter.writeAttribute("type", extRef.getType().getTypeName()); - staxWriter.writeStartElement("url"); - staxWriter.writeCharacters(extRef.getUrl()); - staxWriter.writeEndElement(); - if (extRef.getComment() != null) { - staxWriter.writeStartElement("comment"); - staxWriter.writeCharacters(extRef.getComment()); - staxWriter.writeEndElement(); - } - if (extRef.getHashes() != null && !extRef.getHashes().isEmpty()) { - staxWriter.writeStartElement("hashes"); - for (Hash hash : extRef.getHashes()) { - if (hash != null) { - staxWriter.writeStartElement("hash"); - staxWriter.writeAttribute("alg", hash.getAlgorithm()); - staxWriter.writeCharacters(hash.getValue()); - staxWriter.writeEndElement(); - } - } - staxWriter.writeEndElement(); - } - staxWriter.writeEndElement(); - } - catch (XMLStreamException ex) { - throw new IOException(ex); - } + serializeXml((ToXmlGenerator) gen, extRef); + } + else { + serializeJson(gen, extRef); + } + } + + private void serializeXml(final ToXmlGenerator toXmlGenerator, final ExternalReference extRef) throws IOException { + toXmlGenerator.writeStartObject(); + + toXmlGenerator.setNextIsAttribute(true); + toXmlGenerator.writeFieldName("type"); + toXmlGenerator.writeString(extRef.getType().getTypeName()); + toXmlGenerator.setNextIsAttribute(false); + + toXmlGenerator.writeStringField("url", extRef.getUrl()); + if (extRef.getComment() != null) { + toXmlGenerator.writeStringField("comment", extRef.getComment()); + } + if (CollectionUtils.isNotEmpty(extRef.getHashes())) { + toXmlGenerator.writeFieldName("hashes"); + toXmlGenerator.writeStartObject(); + for (Hash hash : extRef.getHashes()) { + toXmlGenerator.writeFieldName("hash"); + SerializerUtils.serializeHashXml(toXmlGenerator, hash); } - } else if (validateExternalReference.test(extRef.getType(), extRef.getUrl())) { - gen.writeStartObject(); - gen.writeStringField("type", extRef.getType().getTypeName()); - gen.writeStringField("url", extRef.getUrl()); - if (extRef.getComment() != null) { - gen.writeStringField("comment", extRef.getComment()); + toXmlGenerator.writeEndObject(); + } + toXmlGenerator.writeEndObject(); + } + + private void serializeJson(final JsonGenerator gen, final ExternalReference extRef) throws IOException { + gen.writeStartObject(); + gen.writeStringField("type", extRef.getType().getTypeName()); + gen.writeStringField("url", extRef.getUrl()); + if (extRef.getComment() != null) { + gen.writeStringField("comment", extRef.getComment()); + } + if (CollectionUtils.isNotEmpty(extRef.getHashes())) { + gen.writeFieldName("hashes"); + gen.writeStartArray(); + for (Hash hash : extRef.getHashes()) { + serializeHashJson(gen, hash); } - if (extRef.getHashes() != null && !extRef.getHashes().isEmpty()) { - gen.writePOJOField("hashes", extRef.getHashes()); + gen.writeEndArray(); + } + gen.writeEndObject(); + } + + private boolean shouldSerializeField(Object obj) { + try { + if (obj instanceof Type) { + Type type = (Type) obj; + VersionFilter filter = type.getClass().getField(type.name()).getAnnotation(VersionFilter.class); + return filter == null || filter.value().getVersion() <= version.getVersion(); } - gen.writeEndObject(); + return true; + }catch (NoSuchFieldException e) { + return false; } } + + @Override + public Class handledType() { + return ExternalReference.class; + } } diff --git a/src/main/java/org/cyclonedx/util/serializer/HashSerializer.java b/src/main/java/org/cyclonedx/util/serializer/HashSerializer.java new file mode 100644 index 0000000000..4b9ad50800 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/serializer/HashSerializer.java @@ -0,0 +1,79 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.serializer; + +import java.io.IOException; + +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.cyclonedx.Version; +import org.cyclonedx.model.Hash; +import org.cyclonedx.model.Hash.Algorithm; +import org.cyclonedx.model.VersionFilter; + +import static org.cyclonedx.util.serializer.SerializerUtils.serializeHashJson; + +public class HashSerializer + extends StdSerializer +{ + private final Version version; + + public HashSerializer(final Version version) { + this(Hash.class, version); + } + + public HashSerializer(final Class t, final Version version) { + super(t); + this.version = version; + } + + @Override + public void serialize( + final Hash hash, final JsonGenerator gen, final SerializerProvider provider) throws IOException + { + if (!shouldSerializeField(hash.getAlgorithm())) { + return; + } + + if (gen instanceof ToXmlGenerator) { + SerializerUtils.serializeHashXml((ToXmlGenerator) gen, hash); + } + else { + serializeHashJson(gen, hash); + } + } + + @Override + public Class handledType() { + return Hash.class; + } + + private boolean shouldSerializeField(String value) { + try { + Algorithm algorithm = Algorithm.fromSpec(value); + VersionFilter filter = algorithm.getClass().getField(algorithm.name()).getAnnotation(VersionFilter.class); + return filter == null || filter.value().getVersion() <= version.getVersion(); + } + catch (NoSuchFieldException e) { + return false; + } + } +} diff --git a/src/main/java/org/cyclonedx/util/serializer/InputTypeSerializer.java b/src/main/java/org/cyclonedx/util/serializer/InputTypeSerializer.java index e080e02695..ade5fdb991 100644 --- a/src/main/java/org/cyclonedx/util/serializer/InputTypeSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/InputTypeSerializer.java @@ -6,7 +6,7 @@ import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.ser.std.StdSerializer; import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; -import org.cyclonedx.model.formulation.common.EnvVariableChoice; +import org.apache.commons.collections4.CollectionUtils; import org.cyclonedx.model.formulation.common.InputType; public class InputTypeSerializer @@ -28,57 +28,37 @@ public void serialize(InputType value, JsonGenerator jsonGenerator, SerializerPr throws IOException { if (isXml && jsonGenerator instanceof ToXmlGenerator) { ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; - createInputChoice(value, xmlGenerator); + createInputChoice(value, xmlGenerator, serializerProvider); } else { - createInputChoice(value, jsonGenerator); + createInputChoice(value, jsonGenerator, serializerProvider); } } - private void createInputChoice(final InputType input, final JsonGenerator jsonGenerator) + private void createInputChoice(final InputType input, final JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException { jsonGenerator.writeStartObject(); if (input.getResource() != null) { jsonGenerator.writeFieldName("resource"); - jsonGenerator.writeObject( input.getResource()); + jsonGenerator.writeObject(input.getResource()); } - else if (input.getParameters() != null && !input.getParameters().isEmpty()) { + else if (CollectionUtils.isNotEmpty(input.getParameters())) { jsonGenerator.writeFieldName("parameters"); - jsonGenerator.writeObject( input.getParameters()); + jsonGenerator.writeObject(input.getParameters()); } - else if (input.getEnvironmentVars() != null && !input.getEnvironmentVars().isEmpty()) { - jsonGenerator.writeArrayFieldStart("environmentVars"); - for (EnvVariableChoice envVarChoice : input.getEnvironmentVars()) { - if (envVarChoice.getEnvironmentVar() != null) { - jsonGenerator.writeStartObject(); - jsonGenerator.writeObjectField("environmentVar", envVarChoice.getEnvironmentVar()); - jsonGenerator.writeEndObject(); - } else if (envVarChoice.getValue() != null) { - jsonGenerator.writeStartObject(); - jsonGenerator.writeObjectField("value", envVarChoice.getValue()); - jsonGenerator.writeEndObject(); - } - } - jsonGenerator.writeEndArray(); + else if (input.getEnvironmentVars() != null) { + new EnvironmentVarsSerializer(isXml).serialize(input.getEnvironmentVars(), jsonGenerator, serializerProvider); } else if (input.getData() != null) { jsonGenerator.writeFieldName("data"); - jsonGenerator.writeObject( input.getData()); + jsonGenerator.writeObject(input.getData()); } - if (input.getSource() != null) { - jsonGenerator.writeFieldName("source"); - jsonGenerator.writeObject(input.getSource()); - } - if (input.getTarget() != null) { - jsonGenerator.writeFieldName("target"); - jsonGenerator.writeObject(input.getTarget()); - } - if (input.getProperties() != null) { - jsonGenerator.writeFieldName("properties"); - jsonGenerator.writeObject( input.getProperties()); - } + SerializerUtils.writeField(jsonGenerator, "source", input.getSource()); + SerializerUtils.writeField(jsonGenerator, "target", input.getTarget()); + SerializerUtils.writeField(jsonGenerator, "properties", input.getProperties()); + jsonGenerator.writeEndObject(); } diff --git a/src/main/java/org/cyclonedx/util/serializer/LicenseChoiceSerializer.java b/src/main/java/org/cyclonedx/util/serializer/LicenseChoiceSerializer.java index 1d47be8d3e..5438d9110b 100644 --- a/src/main/java/org/cyclonedx/util/serializer/LicenseChoiceSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/LicenseChoiceSerializer.java @@ -23,36 +23,188 @@ import com.fasterxml.jackson.core.JsonGenerator; import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.lang3.StringUtils; +import org.cyclonedx.Version; import org.cyclonedx.model.License; import org.cyclonedx.model.LicenseChoice; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.license.Acknowledgement; +import org.cyclonedx.model.license.Expression; -public class LicenseChoiceSerializer extends StdSerializer +import static org.cyclonedx.util.serializer.SerializerUtils.shouldSerializeField; + +public class LicenseChoiceSerializer + extends StdSerializer { - public LicenseChoiceSerializer() { - this(LicenseChoice.class); + private final boolean isXml; + + private final Version version; + + public LicenseChoiceSerializer(final boolean isXml, final Version version) { + this(LicenseChoice.class, isXml, version); } - public LicenseChoiceSerializer(final Class t) { + public LicenseChoiceSerializer(final Class t, boolean isXml, final Version version) { super(t); + this.isXml = isXml; + this.version = version; } @Override public void serialize( - final LicenseChoice lc, final JsonGenerator gen, final SerializerProvider provider) + final LicenseChoice licenseChoice, final JsonGenerator gen, final SerializerProvider provider) throws IOException { - gen.writeStartArray(); - if (lc != null && lc.getLicenses() != null && !lc.getLicenses().isEmpty()) { + if (licenseChoice == null) { + return; + } + + if (isXml && gen instanceof ToXmlGenerator) { + ToXmlGenerator toXmlGenerator = (ToXmlGenerator) gen; + serializeXml(toXmlGenerator, licenseChoice, provider); + } + else { + serializeJson(licenseChoice, gen, provider); + } + } + + private void serializeXml(ToXmlGenerator toXmlGenerator, LicenseChoice lc, final SerializerProvider provider) + throws IOException + { + if (CollectionUtils.isNotEmpty(lc.getLicenses())) { + toXmlGenerator.writeStartObject(); + toXmlGenerator.writeFieldName("license"); + toXmlGenerator.writeStartArray(); for (License l : lc.getLicenses()) { - gen.writeStartObject(); - provider.defaultSerializeField("license", l, gen); - gen.writeEndObject(); + serializeXmlAttributes(toXmlGenerator, l.getBomRef(), l.getAcknowledgement(), l); + + if (StringUtils.isNotBlank(l.getId())) { + toXmlGenerator.writeStringField("id", l.getId()); + } + else if (StringUtils.isNotBlank(l.getName())) { + toXmlGenerator.writeStringField("name", l.getName()); + } + + if (l.getLicensing() != null && shouldSerializeField(l, version,"licensing")) { + toXmlGenerator.writeObjectField("licensing", l.getLicensing()); + } + + if (l.getAttachmentText() != null) { + toXmlGenerator.writeObjectField("text", l.getAttachmentText()); + } + + if (StringUtils.isNotBlank(l.getUrl())) { + toXmlGenerator.writeStringField("url", l.getUrl()); + } + + if (CollectionUtils.isNotEmpty(l.getProperties()) && shouldSerializeField(l, version, "properties")) { + toXmlGenerator.writeFieldName("properties"); + toXmlGenerator.writeStartObject(); + + for (Property property : l.getProperties()) { + toXmlGenerator.writeObjectField("property", property); + } + toXmlGenerator.writeEndObject(); + } + + //It might have extensible types + if(CollectionUtils.isNotEmpty(l.getExtensibleTypes())) { + new ExtensibleTypesSerializer().serialize(l.getExtensibleTypes(), toXmlGenerator, provider); + } + + toXmlGenerator.writeEndObject(); } - } else if (lc != null && lc.getExpression() != null) { + toXmlGenerator.writeEndArray(); + toXmlGenerator.writeEndObject(); + } + else if (lc.getExpression() != null) { + serializeExpressionToXml(lc, toXmlGenerator); + } else { + toXmlGenerator.writeStartArray(); + toXmlGenerator.writeEndArray(); + } + } + + private void serializeXmlAttributes( + final ToXmlGenerator toXmlGenerator, + final String bomRef, + final Acknowledgement acknowledgement, + final Object object) throws IOException + { + toXmlGenerator.writeStartObject(); + + if (StringUtils.isNotBlank(bomRef) && shouldSerializeField(object, version, "bomRef")) { + toXmlGenerator.setNextIsAttribute(true); + toXmlGenerator.writeFieldName("bom-ref"); + toXmlGenerator.writeString(bomRef); + toXmlGenerator.setNextIsAttribute(false); + } + if (acknowledgement != null && shouldSerializeField(object, version, "acknowledgement")) { + toXmlGenerator.setNextIsAttribute(true); + toXmlGenerator.writeFieldName("acknowledgement"); + toXmlGenerator.writeString(acknowledgement.getValue()); + toXmlGenerator.setNextIsAttribute(false); + } + } + + private void serializeJson( + final LicenseChoice licenseChoice, final JsonGenerator gen, final SerializerProvider provider) + throws IOException + { + if (CollectionUtils.isNotEmpty(licenseChoice.getLicenses())) { + serializeLicensesToJsonArray(licenseChoice, gen, provider); + } + else if (licenseChoice.getExpression() != null && + StringUtils.isNotBlank(licenseChoice.getExpression().getValue())) { + serializeExpressionToJson(licenseChoice, gen); + } else { + gen.writeStartArray(); + gen.writeEndArray(); + } + } + + private void serializeExpressionToXml( + final LicenseChoice licenseChoice, final ToXmlGenerator toXmlGenerator) + throws IOException + { + toXmlGenerator.writeStartObject(); + Expression expression = licenseChoice.getExpression(); + toXmlGenerator.writeFieldName("expression"); + serializeXmlAttributes(toXmlGenerator, expression.getBomRef(), expression.getAcknowledgement(), expression); + toXmlGenerator.setNextIsUnwrapped(true); + toXmlGenerator.writeStringField("", expression.getValue()); + toXmlGenerator.writeEndObject(); + toXmlGenerator.writeEndObject(); + } + + private void serializeLicensesToJsonArray( + final LicenseChoice licenseChoice, final JsonGenerator gen, final SerializerProvider provider) + throws IOException + { + gen.writeStartArray(); + for (License license : licenseChoice.getLicenses()) { gen.writeStartObject(); - gen.writeStringField("expression", lc.getExpression()); + provider.defaultSerializeField("license", license, gen); gen.writeEndObject(); } gen.writeEndArray(); } + + private void serializeExpressionToJson(final LicenseChoice licenseChoice, final JsonGenerator gen) + throws IOException { + Expression expression = licenseChoice.getExpression(); + gen.writeStartArray(); + gen.writeStartObject(); + gen.writeStringField("expression", expression.getValue()); + if (expression.getAcknowledgement() != null && shouldSerializeField(expression, version, "acknowledgement")) { + gen.writeStringField("acknowledgement", expression.getAcknowledgement().getValue()); + } + if (StringUtils.isNotBlank(expression.getBomRef()) && shouldSerializeField(expression, version, "bomRef")) { + gen.writeStringField("bom-ref", expression.getBomRef()); + } + gen.writeEndObject(); + gen.writeEndArray(); + } } diff --git a/src/main/java/org/cyclonedx/util/serializer/MetadataSerializer.java b/src/main/java/org/cyclonedx/util/serializer/MetadataSerializer.java index f368b4463c..10c3389b11 100644 --- a/src/main/java/org/cyclonedx/util/serializer/MetadataSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/MetadataSerializer.java @@ -7,11 +7,14 @@ import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.ser.std.StdSerializer; import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; -import org.cyclonedx.CycloneDxSchema.Version; +import org.apache.commons.collections4.CollectionUtils; +import org.cyclonedx.Version; import org.cyclonedx.model.Metadata; import org.cyclonedx.model.Property; import org.cyclonedx.model.metadata.ToolInformation; +import static org.cyclonedx.util.serializer.SerializerUtils.shouldSerializeField; + public class MetadataSerializer extends StdSerializer { @@ -31,26 +34,31 @@ public MetadataSerializer(final Class t, final boolean isXml, final Ve @Override public void serialize(Metadata output, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) - throws IOException { + throws IOException + { if (isXml && jsonGenerator instanceof ToXmlGenerator) { ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; createMetadataInfo(output, xmlGenerator, serializerProvider); - } else { + } + else { createMetadataInfo(output, jsonGenerator, serializerProvider); } } - private void createMetadataInfo(final Metadata metadata, final JsonGenerator jsonGenerator, SerializerProvider serializerProvider) + private void createMetadataInfo( + final Metadata metadata, + final JsonGenerator jsonGenerator, + SerializerProvider serializerProvider) throws IOException { jsonGenerator.writeStartObject(); - if (metadata.getTimestamp() != null) { + if (metadata.getTimestamp() != null && shouldSerializeField(metadata, version, "timestamp")) { jsonGenerator.writeFieldName("timestamp"); new CustomDateSerializer().serialize(metadata.getTimestamp(), jsonGenerator, serializerProvider); } - if(metadata.getLifecycles() != null) { + if (metadata.getLifecycles() != null && shouldSerializeField(metadata, version, "lifecycles")) { jsonGenerator.writeFieldName("lifecycles"); new LifecycleSerializer(isXml).serialize(metadata.getLifecycles(), jsonGenerator, serializerProvider); } @@ -58,7 +66,7 @@ private void createMetadataInfo(final Metadata metadata, final JsonGenerator jso //Tools parseTools(metadata, jsonGenerator); - if (metadata.getAuthors() != null) { + if (CollectionUtils.isNotEmpty(metadata.getAuthors()) && shouldSerializeField(metadata, version, "author")) { if (isXml) { ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; writeArrayFieldXML(metadata.getAuthors(), xmlGenerator, "author"); @@ -68,24 +76,28 @@ private void createMetadataInfo(final Metadata metadata, final JsonGenerator jso } } - if(metadata.getComponent() != null) { + if (metadata.getComponent() != null && shouldSerializeField(metadata, version, "component")) { jsonGenerator.writeObjectField("component", metadata.getComponent()); } - if(metadata.getManufacture() != null) { + if (metadata.getManufacturer() != null && shouldSerializeField(metadata, version, "manufacturer")) { + jsonGenerator.writeObjectField("manufacturer", metadata.getManufacturer()); + } + + if (metadata.getManufacture() != null && shouldSerializeField(metadata, version, "manufacture")) { jsonGenerator.writeObjectField("manufacture", metadata.getManufacture()); } - if(metadata.getSupplier() != null) { + if (metadata.getSupplier() != null && shouldSerializeField(metadata, version, "supplier")) { jsonGenerator.writeObjectField("supplier", metadata.getSupplier()); } - if(metadata.getLicenseChoice() != null) { + if (metadata.getLicenses() != null && shouldSerializeField(metadata, version, "licenses")) { jsonGenerator.writeFieldName("licenses"); - new LicenseChoiceSerializer().serialize(metadata.getLicenseChoice(), jsonGenerator, serializerProvider); + new LicenseChoiceSerializer(isXml, version).serialize(metadata.getLicenses(), jsonGenerator, serializerProvider); } - if(metadata.getProperties()!=null) { + if (CollectionUtils.isNotEmpty(metadata.getProperties()) && shouldSerializeField(metadata, version, "properties")) { if (isXml) { ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; xmlGenerator.writeFieldName("properties"); @@ -112,24 +124,25 @@ private void parseTools(Metadata metadata, JsonGenerator jsonGenerator) throws I else { writeArrayFieldJSON(jsonGenerator, "tools", metadata.getTools()); } - } else if (version.getVersion() >= Version.VERSION_15.getVersion()) { + } + else if (version.getVersion() >= Version.VERSION_15.getVersion()) { ToolInformation choice = metadata.getToolChoice(); if (choice != null) { jsonGenerator.writeFieldName("tools"); jsonGenerator.writeStartObject(); if (isXml && jsonGenerator instanceof ToXmlGenerator) { - if (choice.getComponents() != null) { + if (CollectionUtils.isNotEmpty(choice.getComponents())) { writeArrayFieldXML(choice.getComponents(), (ToXmlGenerator) jsonGenerator, "component"); } - if (choice.getServices() != null) { + if (CollectionUtils.isNotEmpty(choice.getServices())) { writeArrayFieldXML(choice.getServices(), (ToXmlGenerator) jsonGenerator, "service"); } } else { - if (choice.getComponents() != null) { + if (CollectionUtils.isNotEmpty(choice.getComponents())) { writeArrayFieldJSON(jsonGenerator, "components", choice.getComponents()); } - if (choice.getServices() != null) { + if (CollectionUtils.isNotEmpty(choice.getServices())) { writeArrayFieldJSON(jsonGenerator, "services", choice.getServices()); } } @@ -138,7 +151,9 @@ private void parseTools(Metadata metadata, JsonGenerator jsonGenerator) throws I } } - private void writeArrayFieldJSON(JsonGenerator jsonGenerator, String fieldName, List items) throws IOException { + private void writeArrayFieldJSON(JsonGenerator jsonGenerator, String fieldName, List items) + throws IOException + { if (items != null) { jsonGenerator.writeArrayFieldStart(fieldName); for (T item : items) { @@ -149,13 +164,13 @@ private void writeArrayFieldJSON(JsonGenerator jsonGenerator, String fieldNa } private void writeArrayFieldXML(List items, ToXmlGenerator xmlGenerator, String fieldName) throws IOException { - if (items != null) { - xmlGenerator.writeObjectFieldStart(fieldName + "s"); - xmlGenerator.writeArrayFieldStart(fieldName); + if (CollectionUtils.isNotEmpty(items)) { + xmlGenerator.writeFieldName(fieldName + "s"); + xmlGenerator.writeStartObject(); for (T item : items) { + xmlGenerator.writeFieldName(fieldName); xmlGenerator.writeObject(item); } - xmlGenerator.writeEndArray(); xmlGenerator.writeEndObject(); } } diff --git a/src/main/java/org/cyclonedx/util/serializer/OutputTypeSerializer.java b/src/main/java/org/cyclonedx/util/serializer/OutputTypeSerializer.java index 62ba2acbf0..a8de77f292 100644 --- a/src/main/java/org/cyclonedx/util/serializer/OutputTypeSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/OutputTypeSerializer.java @@ -6,7 +6,7 @@ import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.ser.std.StdSerializer; import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; -import org.cyclonedx.model.formulation.common.EnvVariableChoice; +import org.apache.commons.collections4.CollectionUtils; import org.cyclonedx.model.formulation.common.OutputType; public class OutputTypeSerializer @@ -28,16 +28,13 @@ public void serialize(OutputType value, JsonGenerator jsonGenerator, SerializerP throws IOException { if (isXml && jsonGenerator instanceof ToXmlGenerator) { ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; - xmlGenerator.writeStartObject(); - xmlGenerator.writeFieldName("input"); - createOutputChoice(value, xmlGenerator); - xmlGenerator.writeEndObject(); + createOutputChoiceXml(value, xmlGenerator, serializerProvider); } else { - createOutputChoice(value, jsonGenerator); + createOutputChoiceJson(value, jsonGenerator, serializerProvider); } } - private void createOutputChoice(final OutputType output, final JsonGenerator jsonGenerator) + private void createOutputChoiceJson(final OutputType output, final JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException { jsonGenerator.writeStartObject(); @@ -46,43 +43,55 @@ private void createOutputChoice(final OutputType output, final JsonGenerator jso jsonGenerator.writeFieldName("resource"); jsonGenerator.writeObject( output.getResource()); } - else if (output.getEnvironmentVars() != null && !output.getEnvironmentVars().isEmpty()) { - jsonGenerator.writeArrayFieldStart("environmentVars"); - for (EnvVariableChoice envVarChoice : output.getEnvironmentVars()) { - if (envVarChoice.getEnvironmentVar() != null) { - jsonGenerator.writeStartObject(); - jsonGenerator.writeObjectField("environmentVar", envVarChoice.getEnvironmentVar()); - jsonGenerator.writeEndObject(); - } else if (envVarChoice.getValue() != null) { - jsonGenerator.writeStartObject(); - jsonGenerator.writeObjectField("value", envVarChoice.getValue()); - jsonGenerator.writeEndObject(); - } - } - jsonGenerator.writeEndArray(); + else if (output.getEnvironmentVars() != null) { + new EnvironmentVarsSerializer(isXml).serialize(output.getEnvironmentVars(), jsonGenerator, serializerProvider); } else if (output.getData() != null) { jsonGenerator.writeFieldName("data"); jsonGenerator.writeObject( output.getData()); } + SerializerUtils.writeField(jsonGenerator, "type", output.getType()); + SerializerUtils.writeField(jsonGenerator, "source", output.getSource()); + SerializerUtils.writeField(jsonGenerator, "target", output.getTarget()); + SerializerUtils.writeField(jsonGenerator, "properties", output.getProperties()); + jsonGenerator.writeEndObject(); + } + + private void createOutputChoiceXml(final OutputType output, final ToXmlGenerator xmlGenerator, SerializerProvider serializerProvider) + throws IOException + { + xmlGenerator.writeStartObject(); + + if (output.getResource() != null) { + xmlGenerator.writeFieldName("resource"); + xmlGenerator.writeObject( output.getResource()); + } + else if (output.getEnvironmentVars() != null) { + new EnvironmentVarsSerializer(isXml).serialize(output.getEnvironmentVars(), xmlGenerator, serializerProvider); + } + else if (output.getData() != null) { + xmlGenerator.writeFieldName("data"); + xmlGenerator.writeObject( output.getData()); + } + if (output.getType() != null) { - jsonGenerator.writeFieldName("type"); - jsonGenerator.writeObject(output.getType()); + xmlGenerator.writeFieldName("type"); + xmlGenerator.writeObject(output.getType()); } if (output.getSource() != null) { - jsonGenerator.writeFieldName("source"); - jsonGenerator.writeObject(output.getSource()); + xmlGenerator.writeFieldName("source"); + xmlGenerator.writeObject(output.getSource()); } if (output.getTarget() != null) { - jsonGenerator.writeFieldName("target"); - jsonGenerator.writeObject(output.getTarget()); + xmlGenerator.writeFieldName("target"); + xmlGenerator.writeObject(output.getTarget()); } - if (output.getProperties() != null) { - jsonGenerator.writeFieldName("properties"); - jsonGenerator.writeObject( output.getProperties()); + if (CollectionUtils.isNotEmpty(output.getProperties())) { + xmlGenerator.writeFieldName("properties"); + xmlGenerator.writeObject( output.getProperties()); } - jsonGenerator.writeEndObject(); + xmlGenerator.writeEndObject(); } @Override diff --git a/src/main/java/org/cyclonedx/util/serializer/PropertiesSerializer.java b/src/main/java/org/cyclonedx/util/serializer/PropertiesSerializer.java new file mode 100644 index 0000000000..d4eaa9b770 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/serializer/PropertiesSerializer.java @@ -0,0 +1,67 @@ +package org.cyclonedx.util.serializer; + +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.databind.JsonSerializer; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.apache.commons.collections4.CollectionUtils; +import org.cyclonedx.model.Property; + +import java.io.IOException; +import java.util.List; + +public class PropertiesSerializer + extends JsonSerializer> +{ + private boolean isXml; + + public PropertiesSerializer(boolean isXml) { + this.isXml = isXml; + } + + public PropertiesSerializer() { + // Default constructor + } + + @Override + public void serialize(List properties, JsonGenerator jsonGenerator, SerializerProvider serializers) + throws IOException + { + if (CollectionUtils.isEmpty(properties)) { + return; // Do not serialize if the list is null or empty + } + + if (isXml) { + serializeXml(properties, (ToXmlGenerator) jsonGenerator); + } + else { + serializerJson(properties, jsonGenerator); + } + } + + private void serializerJson(List properties, JsonGenerator jsonGenerator) throws IOException { + jsonGenerator.writeStartArray(); + for (Property property : properties) { + jsonGenerator.writeStartObject(); + jsonGenerator.writeObjectField("name", property.getName()); + jsonGenerator.writeObjectField("value", property.getValue()); + jsonGenerator.writeEndObject(); + } + jsonGenerator.writeEndArray(); + } + + private static void serializeXml(final List properties, final ToXmlGenerator xmlGenerator) + throws IOException + { + xmlGenerator.writeStartArray(); + for (Property property : properties) { + SerializerUtils.serializeProperty("property", property, xmlGenerator); + } + xmlGenerator.writeEndArray(); + } + + @Override + public Class> handledType() { + return (Class>) (Class) List.class; + } +} diff --git a/src/main/java/org/cyclonedx/util/serializer/SerializerUtils.java b/src/main/java/org/cyclonedx/util/serializer/SerializerUtils.java new file mode 100644 index 0000000000..4f0ad14d0a --- /dev/null +++ b/src/main/java/org/cyclonedx/util/serializer/SerializerUtils.java @@ -0,0 +1,65 @@ +package org.cyclonedx.util.serializer; + +import java.io.IOException; +import java.lang.reflect.Field; + +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.cyclonedx.Version; +import org.cyclonedx.model.Hash; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.VersionFilter; + +public class SerializerUtils +{ + public static void serializeHashXml(final ToXmlGenerator toXmlGenerator, final Hash hash) throws IOException { + toXmlGenerator.writeStartObject(); + toXmlGenerator.setNextIsAttribute(true); + toXmlGenerator.writeFieldName("alg"); + toXmlGenerator.writeString(hash.getAlgorithm()); + toXmlGenerator.setNextIsAttribute(false); + toXmlGenerator.setNextIsUnwrapped(true); + toXmlGenerator.writeStringField("", hash.getValue()); + toXmlGenerator.writeEndObject(); + } + + public static void serializeHashJson(final JsonGenerator gen, final Hash hash) + throws IOException + { + gen.writeStartObject(); + gen.writeStringField("alg", hash.getAlgorithm()); + gen.writeStringField("content", hash.getValue()); + gen.writeEndObject(); + } + + public static boolean shouldSerializeField(Object obj, Version version, String fieldName) { + try { + Field field = obj.getClass().getDeclaredField(fieldName); + VersionFilter filter = field.getAnnotation(VersionFilter.class); + return filter == null || filter.value().getVersion() <= version.getVersion(); + } catch (NoSuchFieldException e) { + // If the field does not exist, assume it should be serialized + return true; + } + } + + public static void serializeProperty(String propertyName, Property prop, ToXmlGenerator xmlGenerator) throws IOException { + xmlGenerator.writeFieldName(propertyName); + xmlGenerator.writeStartObject(); + xmlGenerator.setNextIsAttribute(true); + xmlGenerator.writeFieldName("name"); + xmlGenerator.writeString(prop.getName()); + xmlGenerator.setNextIsAttribute(false); + + xmlGenerator.setNextIsUnwrapped(true); + xmlGenerator.writeStringField("", prop.getValue()); + xmlGenerator.writeEndObject(); + } + + public static void writeField(JsonGenerator jsonGenerator, String fieldName, Object fieldValue) throws IOException { + if (fieldValue != null) { + jsonGenerator.writeFieldName(fieldName); + jsonGenerator.writeObject(fieldValue); + } + } +} diff --git a/src/main/java/org/cyclonedx/util/serializer/SignatorySerializer.java b/src/main/java/org/cyclonedx/util/serializer/SignatorySerializer.java new file mode 100644 index 0000000000..4322c907bb --- /dev/null +++ b/src/main/java/org/cyclonedx/util/serializer/SignatorySerializer.java @@ -0,0 +1,96 @@ +package org.cyclonedx.util.serializer; + +import java.io.IOException; + +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.lang3.StringUtils; +import org.cyclonedx.model.attestation.affirmation.Signatory; + +public class SignatorySerializer + extends StdSerializer +{ + private final boolean isXml; + + public SignatorySerializer(boolean isXml) { + this(null, isXml); + } + + public SignatorySerializer(Class t, boolean isXml) { + super(t); + this.isXml = isXml; + } + + @Override + public void serialize(Signatory value, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) + throws IOException { + if (isXml && jsonGenerator instanceof ToXmlGenerator) { + ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; + serializeXml(xmlGenerator, value, serializerProvider); + } else { + serializeJson(jsonGenerator, value); + } + } + + private void serializeXml(final ToXmlGenerator gen, final Signatory signatory, final SerializerProvider provider) + throws IOException + { + //It might have extensible types (signature) + if (CollectionUtils.isNotEmpty(signatory.getExtensibleTypes())) { + gen.writeStartObject(); + + if (StringUtils.isNotBlank(signatory.getName())) { + gen.writeStringField("name", signatory.getName()); + } + + if (StringUtils.isNotBlank(signatory.getRole())) { + gen.writeStringField("role", signatory.getRole()); + } + + new ExtensibleTypesSerializer().serialize(signatory.getExtensibleTypes(), gen, provider); + gen.writeEndObject(); + } + } + + private void serializeJson(final JsonGenerator gen, final Signatory signatory) + throws IOException + { + boolean shouldSerialize = false; + + if (signatory.getSignature() != null && !isXml) { + shouldSerialize = true; + } else if (signatory.getExternalReference() != null && signatory.getOrganization() != null) { + shouldSerialize = true; + } + + // Only serialize if the required values are set + if (shouldSerialize) { + gen.writeStartObject(); + + if (StringUtils.isNotBlank(signatory.getName())) { + gen.writeStringField("name", signatory.getName()); + } + + if (StringUtils.isNotBlank(signatory.getRole())) { + gen.writeStringField("role", signatory.getRole()); + } + + if (signatory.getSignature() != null) { + gen.writeObjectField("signature", signatory.getSignature()); + } + else if (signatory.getExternalReference() != null && signatory.getOrganization() != null) { + gen.writeObjectField("organization", signatory.getOrganization()); + gen.writeObjectField("externalReference", signatory.getExternalReference()); + } + gen.writeEndObject(); + } + } + + @Override + public Class handledType() { + return Signatory.class; + } +} diff --git a/src/main/resources/bom-1.6.proto b/src/main/resources/bom-1.6.proto new file mode 100644 index 0000000000..b2d318ad4c --- /dev/null +++ b/src/main/resources/bom-1.6.proto @@ -0,0 +1,2381 @@ +syntax = "proto3"; +package cyclonedx.v1_6; // version 1.6.1 +import "google/protobuf/timestamp.proto"; + +// Specifies attributes of the text +message AttachedText { + // Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plan text documents. [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml). + optional string content_type = 1; + // Specifies the optional encoding the text is represented in + optional string encoding = 2; + // SimpleContent value of element. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text. + string value = 3; +} + +message Bom { + // The version of the CycloneDX specification a BOM is written to (starting at version 1.3) + string spec_version = 1; + // The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'. + optional int32 version = 2; + // Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated. + optional string serial_number = 3; + // Provides additional information about a BOM. + optional Metadata metadata = 4; + // Provides the ability to document a list of components. + repeated Component components = 5; + // Provides the ability to document a list of external services. + repeated Service services = 6; + // Provides the ability to document external references related to the BOM or to the project the BOM describes. + repeated ExternalReference external_references = 7; + // Provides the ability to document dependency relationships. + repeated Dependency dependencies = 8; + // Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described. + repeated Composition compositions = 9; + // Vulnerabilities identified in components or services. + repeated Vulnerability vulnerabilities = 10; + // Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinion or commentary from various stakeholders. + repeated Annotation annotations = 11; + // Specifies optional, custom, properties + repeated Property properties = 12; + // Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process. + repeated Formula formulation = 13; + // The list of declarations which describe the conformance to standards. Each declaration may include attestations, claims, and evidence. + repeated Declarations declarations = 14; + // A collection of reusable objects that are defined and may be used elsewhere in the BOM. + repeated Definition definitions = 15; +} + +enum Classification { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` + CLASSIFICATION_NULL = 0; + // A software application. Refer to https://en.wikipedia.org/wiki/Application_software for information about applications. + CLASSIFICATION_APPLICATION = 1; + // A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework for information on how frameworks vary slightly from libraries. + CLASSIFICATION_FRAMEWORK = 2; + // A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended. + CLASSIFICATION_LIBRARY = 3; + // A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to https://en.wikipedia.org/wiki/Operating_system + CLASSIFICATION_OPERATING_SYSTEM = 4; + // A hardware device such as a processor, or chip-set. A hardware device containing firmware should include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device. See also the list of known device properties: https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md + CLASSIFICATION_DEVICE = 5; + // A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file for information about files. + CLASSIFICATION_FILE = 6; + // A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization + CLASSIFICATION_CONTAINER = 7; + // A special type of software that provides low-level control over a devices hardware. Refer to https://en.wikipedia.org/wiki/Firmware + CLASSIFICATION_FIRMWARE = 8; + // A special type of software that operates or controls a particular type of device. Refer to https://en.wikipedia.org/wiki/Device_driver + CLASSIFICATION_DEVICE_DRIVER = 9; + // A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms. + CLASSIFICATION_PLATFORM = 10; + // A model based on training data that can make predictions or decisions without being explicitly programmed to do so. + CLASSIFICATION_MACHINE_LEARNING_MODEL = 11; + // A collection of discrete values that convey information. + CLASSIFICATION_DATA = 12; + // A cryptographic asset including algorithms, protocols, certificates, keys, tokens, and secrets. + CLASSIFICATION_CRYPTOGRAPHIC_ASSET = 13; +} + +message Commit { + // A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes. + optional string uid = 1; + // The URL to the commit. This URL will typically point to a commit in a version control system. + optional string url = 2; + // The author who created the changes in the commit + optional IdentifiableAction author = 3; + // The person who committed or pushed the commit + optional IdentifiableAction committer = 4; + // The text description of the contents of the commit + optional string message = 5; +} + +message Component { + // Specifies the type of component. For software components, classify as an application if no more specific appropriate classification is available or cannot be determined for the component. + Classification type = 1; + // The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented, such as an image, font, or executable. Some library or framework components may also have an associated mime-type. + optional string mime_type = 2; + // An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 3; + // The organization that supplied the component. The supplier may often be the manufacturer but may also be a distributor or repackager. + optional OrganizationalEntity supplier = 4; + // DEPRECATED - DO NOT USE - This will be removed in a future version - Use `.authors` or `.manufacturer` instead. The person(s) or organization(s) that authored the component + optional string author = 5 [deprecated = true]; + // The person(s) or organization(s) that published the component + optional string publisher = 6; + // The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org. + optional string group = 7; + // The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery + string name = 8; + // The component version. The version should ideally comply with semantic versioning but is not enforced. Version was made optional in v1.4 of the spec. For backward compatibility, it is recommended to use an empty string to represent components without version information. + string version = 9; + // Specifies a description for the component + optional string description = 10; + // Specifies the scope of the component. If a scope is not specified, SCOPE_REQUIRED scope should be assumed by the consumer of the BOM + optional Scope scope = 11; + // The hashes of the component. + repeated Hash hashes = 12; + // EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression) + repeated LicenseChoice licenses = 13; + // An optional copyright notice informing users of the underlying claims to copyright ownership in a published work. + optional string copyright = 14; + // DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe + optional string cpe = 15; + // Specifies the package-url (PURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec + optional string purl = 16; + // Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. + optional Swid swid = 17; + // DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original. + optional bool modified = 18; + // Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. + optional Pedigree pedigree = 19; + // Provides the ability to document external references related to the component or to the project the component describes. + repeated ExternalReference external_references = 20; + // Specifies optional sub-components. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. + repeated Component components = 21; + // Specifies optional, custom, properties + repeated Property properties = 22; + // Specifies optional license and copyright evidence. + optional Evidence evidence = 23; + // Specifies optional release notes. + optional ReleaseNotes releaseNotes = 24; + // A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency. + optional ModelCard modelCard = 25; + // This object SHOULD be specified for any component of type `data` and must not be specified for other component types. + repeated ComponentData data = 26; + // Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) is only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference. + optional CryptoProperties cryptoProperties = 27; + // The organization that created the component. Manufacturer is common in components created through automated processes. Components created through manual means may have `.authors` instead. + optional OrganizationalEntity manufacturer = 28; + // The person(s) who created the component. Authors are common in components created through manual processes. Components created through automated means may have `.manufacturer` instead. + repeated OrganizationalContact authors = 29; + // Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection". + repeated string tags = 30; + // Specifies the OmniBOR Artifact ID. The OmniBOR, if specified, must be valid and conform to the specification defined at: https://www.iana.org/assignments/uri-schemes/prov/gitoid + repeated string omniborId = 31; + // Specifies the Software Heritage persistent identifier (SWHID). The SWHID, if specified, must be valid and conform to the specification defined at: https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html + repeated string swhid = 32; +} + +// Specifies the data flow. +message DataFlow { + // Specifies the flow direction of the data. + DataFlowDirection flow = 1; + // Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed. + string value = 2; + // Name for the defined data + optional string name = 3; + // Short description of the data content and usage + optional string description = 4; + // The URI, URL, or BOM-Link of the components or services the data came in from + repeated string source = 5; + // The URI, URL, or BOM-Link of the components or services the data is sent to + repeated string destination = 6; + // Data Governance + optional DataGovernance governance = 7; +} + +// Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known. +// buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "DATA_FLOW_DIRECTION_" +enum DataFlowDirection { + // Default + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` + DATA_FLOW_NULL = 0; + // Data that enters a service. + DATA_FLOW_INBOUND = 1; + // Data that exits a service. + DATA_FLOW_OUTBOUND = 2; + // Data flows in and out of the service. + DATA_FLOW_BI_DIRECTIONAL = 3; + // The directional flow of data is not known. + DATA_FLOW_UNKNOWN = 4; +} + +// Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies must be declared as empty elements within the graph. Components or services that are not represented in the dependency graph may have unknown dependencies. It is recommended that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is recommended to leverage compositions to indicate unknown dependency graphs. +message Dependency { + // References a component or service by its bom-ref attribute + string ref = 1; + // The bom-ref identifiers of the components or services that are dependencies of this dependency object. + repeated Dependency dependencies = 2; + // The bom-ref identifiers of the components or services that define a given specification or standard, which are provided or implemented by this dependency object. + repeated string provides = 3; +} + +// The patch file (or diff) that shows changes. Refer to https://en.wikipedia.org/wiki/Diff +message Diff { + // Specifies the optional text of the diff + optional AttachedText text = 1; + // Specifies the URL to the diff + optional string url = 2; +} + +// External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM. +message ExternalReference { + // Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the "other" type. + ExternalReferenceType type = 1; + // The URL to the external reference + string url = 2; + // An optional comment describing the external reference + optional string comment = 3; + // Optional integrity hashes for the external resource content + repeated Hash hashes = 4; +} + +enum ExternalReferenceType { + // Use this if no other types accurately describe the purpose of the external reference + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `other` is our fallback, doubling `unspecified` + EXTERNAL_REFERENCE_TYPE_OTHER = 0; + // Version Control System + EXTERNAL_REFERENCE_TYPE_VCS = 1; + // Issue, defect tracking system, or an Application Lifecycle Management (ALM) system + EXTERNAL_REFERENCE_TYPE_ISSUE_TRACKER = 2; + // Website + EXTERNAL_REFERENCE_TYPE_WEBSITE = 3; + // Security advisories + EXTERNAL_REFERENCE_TYPE_ADVISORIES = 4; + // Bill-of-material document (CycloneDX, SPDX, SWID, etc) + EXTERNAL_REFERENCE_TYPE_BOM = 5; + // Mailing list or discussion group + EXTERNAL_REFERENCE_TYPE_MAILING_LIST = 6; + // Social media account + EXTERNAL_REFERENCE_TYPE_SOCIAL = 7; + // Real-time chat platform + EXTERNAL_REFERENCE_TYPE_CHAT = 8; + // Documentation, guides, or how-to instructions + EXTERNAL_REFERENCE_TYPE_DOCUMENTATION = 9; + // Community or commercial support + EXTERNAL_REFERENCE_TYPE_SUPPORT = 10; + // Direct or repository download location + EXTERNAL_REFERENCE_TYPE_DISTRIBUTION = 11; + // The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness + EXTERNAL_REFERENCE_TYPE_LICENSE = 12; + // Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) + EXTERNAL_REFERENCE_TYPE_BUILD_META = 13; + // URL to an automated build system + EXTERNAL_REFERENCE_TYPE_BUILD_SYSTEM = 14; + // Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501) that specifies the records containing DNS Security TXT. + EXTERNAL_REFERENCE_TYPE_SECURITY_CONTACT = 15; + // Human or machine-readable statements containing facts, evidence, or testimony + EXTERNAL_REFERENCE_TYPE_ATTESTATION = 16; + // An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format + EXTERNAL_REFERENCE_TYPE_THREAT_MODEL = 17; + // The defined assumptions, goals, and capabilities of an adversary. + EXTERNAL_REFERENCE_TYPE_ADVERSARY_MODEL = 18; + // Identifies and analyzes the potential of future events that may negatively impact individuals, assets, and/or the environment. Risk assessments may also include judgments on the tolerability of each risk. + EXTERNAL_REFERENCE_TYPE_RISK_ASSESSMENT = 19; + // The location where a component was published. This is often the same as "distribution" but may also include specialized publishing processes that act as an intermediary + EXTERNAL_REFERENCE_TYPE_DISTRIBUTION_INTAKE = 20; + // A Vulnerability Disclosure Report (VDR) which asserts the known and previously unknown vulnerabilities that affect a component, service, or product including the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on a component, service, or product + EXTERNAL_REFERENCE_TYPE_VULNERABILITY_ASSERTION = 21; + // A Vulnerability Exploitability eXchange (VEX) asserts the known vulnerabilities that do not affect a product, product family, or organization, and optionally, the ones that do. The VEX should include the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on the product, product family, or organization + EXTERNAL_REFERENCE_TYPE_EXPLOITABILITY_STATEMENT = 22; + // Results from an authorized simulated cyberattack on a component or service, otherwise known as a penetration test + EXTERNAL_REFERENCE_TYPE_PENTEST_REPORT = 23; + // SARIF or proprietary machine or human-readable report for which static analysis has identified code quality, security, and other potential issues with the source code + EXTERNAL_REFERENCE_TYPE_STATIC_ANALYSIS_REPORT = 24; + // Dynamic analysis report that has identified issues such as vulnerabilities and misconfigurations + EXTERNAL_REFERENCE_TYPE_DYNAMIC_ANALYSIS_REPORT = 25; + // Report generated by analyzing the call stack of a running application + EXTERNAL_REFERENCE_TYPE_RUNTIME_ANALYSIS_REPORT = 26; + // Report generated by Software Composition Analysis (SCA), container analysis, or other forms of component analysis + EXTERNAL_REFERENCE_TYPE_COMPONENT_ANALYSIS_REPORT = 27; + // Report containing a formal assessment of an organization, business unit, or team against a maturity model + EXTERNAL_REFERENCE_TYPE_MATURITY_REPORT = 28; + // Industry, regulatory, or other certification from an accredited (if applicable) certification body + EXTERNAL_REFERENCE_TYPE_CERTIFICATION_REPORT = 29; + // Report or system in which quality metrics can be obtained + EXTERNAL_REFERENCE_TYPE_QUALITY_METRICS = 30; + // Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC) + EXTERNAL_REFERENCE_TYPE_CODIFIED_INFRASTRUCTURE = 31; + // A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency. + EXTERNAL_REFERENCE_TYPE_MODEL_CARD = 32; + // Plans of Action and Milestones (POA&M) complement an "attestation" external reference. POA&M is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones". + EXTERNAL_REFERENCE_TYPE_POAM = 33; + // A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations. + EXTERNAL_REFERENCE_TYPE_LOG = 34; + // Parameters or settings that may be used by other components or services. + EXTERNAL_REFERENCE_TYPE_CONFIGURATION = 35; + // Information used to substantiate a claim. + EXTERNAL_REFERENCE_TYPE_EVIDENCE = 36; + // Describes how a component or service was manufactured or deployed. + EXTERNAL_REFERENCE_TYPE_FORMULATION = 37; + // The location where the source code distributable can be obtained. This is often an archive format such as zip or tar.gz. The source-distribution type complements the use of the version control (vcs) type. + EXTERNAL_REFERENCE_TYPE_SOURCE_DISTRIBUTION = 38; + // An e-signature is commonly a scanned representation of a written signature or a stylized script of the person's name. + EXTERNAL_REFERENCE_TYPE_ELECTRONIC_SIGNATURE = 39; + // A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification. + EXTERNAL_REFERENCE_TYPE_DIGITAL_SIGNATURE = 40; + // Document that complies with RFC-9116 (A File Format to Aid in Security Vulnerability Disclosure) + EXTERNAL_REFERENCE_TYPE_RFC_9116 = 41; + // Reference to release notes + EXTERNAL_REFERENCE_TYPE_RELEASE_NOTES = 42; +} + +enum HashAlg { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` + HASH_ALG_NULL = 0; + HASH_ALG_MD_5 = 1; + HASH_ALG_SHA_1 = 2; + HASH_ALG_SHA_256 = 3; + HASH_ALG_SHA_384 = 4; + HASH_ALG_SHA_512 = 5; + HASH_ALG_SHA_3_256 = 6; + HASH_ALG_SHA_3_384 = 7; + HASH_ALG_SHA_3_512 = 8; + HASH_ALG_BLAKE_2_B_256 = 9; + HASH_ALG_BLAKE_2_B_384 = 10; + HASH_ALG_BLAKE_2_B_512 = 11; + HASH_ALG_BLAKE_3 = 12; +} + +// Specifies the file hash of the component +message Hash { + // Specifies the algorithm used to create the hash + HashAlg alg = 1; + // SimpleContent value of element + string value = 2; +} + +message IdentifiableAction { + // The timestamp in which the action occurred + optional google.protobuf.Timestamp timestamp = 1; + // The name of the individual who performed the action + optional string name = 2; + // The email address of the individual who performed the action + optional string email = 3; +} + +enum IssueClassification { + // Default + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` + ISSUE_CLASSIFICATION_NULL = 0; + // A fault, flaw, or bug in software + ISSUE_CLASSIFICATION_DEFECT = 1; + // A new feature or behavior in software + ISSUE_CLASSIFICATION_ENHANCEMENT = 2; + // A special type of defect which impacts security + ISSUE_CLASSIFICATION_SECURITY = 3; +} + +// An individual issue that has been resolved. +message Issue { + // Specifies the type of issue + IssueClassification type = 1; + // The identifier of the issue assigned by the source of the issue + optional string id = 2; + // The name of the issue + optional string name = 3; + // A description of the issue + optional string description = 4; + // The source of the issue where it is documented + optional Source source = 5; + // A collection of URL's for reference. Multiple URLs are allowed. Example: "https://example.com" + repeated string references = 6; +} + +// The source of the issue where it is documented. +message Source { + // The name of the source. For example, "National Vulnerability Database", "NVD", and "Apache" + optional string name = 1; + // The url of the issue documentation as provided by the source + optional string url = 2; +} + +message LicenseChoice { + oneof choice { + // A license + License license = 1; + // A valid SPDX license expression. Refer to https://spdx.org/specifications for syntax requirements + string expression = 2; + } + // This field must only be used when "expression" is chosen as the License object has its own acknowledgement. + optional LicenseAcknowledgementEnumeration acknowledgement = 3; + // This field must only be used when "expression" is chosen as the License object has its own bom_ref. + optional string bom_ref = 4; +} + +// Specifies the details and attributes related to a software license. It can either include a valid SPDX license identifier or a named license, along with additional properties such as license acknowledgment, comprehensive commercial licensing information, and the full text of the license. +message License { + oneof license { + // A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX license identifiers defined in the spdx.schema.json (or spdx.xml) subschema which is synchronized with the official SPDX license list. + string id = 1; + // The name of the license. This may include the name of a commercial or proprietary license or an open source license that may not be defined by SPDX. + string name = 2; + } + // Specifies the optional full text of the attachment + optional AttachedText text = 3; + // The URL to the attachment file. If the attachment is a license or BOM, an externalReference should also be specified for completeness. + optional string url = 4; + // An optional identifier which can be used to reference the license elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 5; + // Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata + optional Licensing licensing = 6; + // Specifies optional, custom, properties + repeated Property properties = 7; + // Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license. + optional LicenseAcknowledgementEnumeration acknowledgement = 8; +} + +// Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license. +enum LicenseAcknowledgementEnumeration { + // The license acknowledgement is not specified. + LICENSE_ACKNOWLEDGEMENT_ENUMERATION_UNSPECIFIED = 0; + // Declared licenses represent the initial intentions of authors regarding the licensing terms of their code. + LICENSE_ACKNOWLEDGEMENT_ENUMERATION_DECLARED = 1; + // Concluded licenses are verified and confirmed. + LICENSE_ACKNOWLEDGEMENT_ENUMERATION_CONCLUDED = 2; +} + +message Licensing { + // License identifiers that may be used to manage licenses and their lifecycle + repeated string altIds = 1; + // The individual or organization that grants a license to another individual or organization + optional OrganizationalEntityOrContact licensor = 2; + // The individual or organization for which a license was granted to + optional OrganizationalEntityOrContact licensee = 3; + // The individual or organization that purchased the license + optional OrganizationalEntityOrContact purchaser = 4; + // The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase + optional string purchaseOrder = 5; + // The type of license(s) that was granted to the licensee + repeated LicensingTypeEnum licenseTypes = 6; + // The timestamp indicating when the license was last renewed. For new purchases, this is often the purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of when the license was last renewed. + optional google.protobuf.Timestamp lastRenewal = 7; + // The timestamp indicating when the current license expires (if applicable). + optional google.protobuf.Timestamp expiration = 8; +} + +// EITHER an organization OR an individual +message OrganizationalEntityOrContact { + oneof choice { + // Organization + OrganizationalEntity organization = 1; + // Individual + OrganizationalContact individual = 2; + } +} + +// buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "LICENSING_TYPE_ENUM_" +enum LicensingTypeEnum { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` + LICENSING_TYPE_NULL = 0; + // A license that grants use of software solely for the purpose of education or research. + LICENSING_TYPE_ACADEMIC = 1; + // A license covering use of software embedded in a specific piece of hardware. + LICENSING_TYPE_APPLIANCE = 2; + // A Client Access License (CAL) allows client computers to access services provided by server software. + LICENSING_TYPE_CLIENT_ACCESS = 3; + // A Concurrent User license (aka floating license) limits the number of licenses for a software application and licenses are shared among a larger number of users. + LICENSING_TYPE_CONCURRENT_USER = 4; + // A license where the core of a computer's processor is assigned a specific number of points. + LICENSING_TYPE_CORE_POINTS = 5; + // A license for which consumption is measured by non-standard metrics. + LICENSING_TYPE_CUSTOM_METRIC = 6; + // A license that covers a defined number of installations on computers and other types of devices. + LICENSING_TYPE_DEVICE = 7; + // A license that grants permission to install and use software for trial purposes. + LICENSING_TYPE_EVALUATION = 8; + // A license that grants access to the software to one or more pre-defined users. + LICENSING_TYPE_NAMED_USER = 9; + // A license that grants access to the software on one or more pre-defined computers or devices. + LICENSING_TYPE_NODE_LOCKED = 10; + // An Original Equipment Manufacturer license that is delivered with hardware, cannot be transferred to other hardware, and is valid for the life of the hardware. + LICENSING_TYPE_OEM = 11; + // A license where the software is sold on a one-time basis and the licensee can use a copy of the software indefinitely. + LICENSING_TYPE_PERPETUAL = 12; + // A license where each installation consumes points per processor. + LICENSING_TYPE_PROCESSOR_POINTS = 13; + // A license where the licensee pays a fee to use the software or service. + LICENSING_TYPE_SUBSCRIPTION = 14; + // A license that grants access to the software or service by a specified number of users. + LICENSING_TYPE_USER = 15; + // Another license type. + LICENSING_TYPE_OTHER = 16; +} + +message Metadata { + // The date and time (timestamp) when the document was created. + optional google.protobuf.Timestamp timestamp = 1; + // The tool(s) used in the creation of the BOM. + optional Tool tools = 2; + // The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may have '.manufacturer' instead. + repeated OrganizationalContact authors = 3; + // The component that the BOM describes. + optional Component component = 4; + // DEPRECATED - DO NOT USE - This will be removed in a future version - Use the `.component.manufacturer` instead. The organization that manufactured the component that the BOM describes. + optional OrganizationalEntity manufacture = 5 [deprecated = true]; + // The organization that supplied the component that the BOM describes. The supplier may often be the manufacture, but may also be a distributor or repackager. + optional OrganizationalEntity supplier = 6; + // The license information for the BOM document. This may be different from the license(s) of the component(s) that the BOM describes. + // EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression) + repeated LicenseChoice licenses = 7; + // Specifies optional, custom, properties + repeated Property properties = 8; + // Lifecycles communicate the stage(s) in which data in the BOM was captured. Different types of data may be available at various phases of a lifecycle, such as the Software Development Lifecycle (SDLC), IT Asset Management (ITAM), and Software Asset Management (SAM). Thus, a BOM may include data specific to or only obtainable in a given lifecycle. + repeated Lifecycles lifecycles = 9; + // The organization that created the BOM. Manufacturer is common in BOMs created through automated processes. BOMs created through manual means may have '.authors' instead. + optional OrganizationalEntity manufacturer = 10; +} + +message Lifecycles { + oneof choice { + // A pre-defined phase in the product lifecycle. + LifecyclePhase phase = 1; + // The name of the lifecycle phase + string name = 2; + } + // The description of the lifecycle phase + optional string description = 3; +} + +enum LifecyclePhase { + // BOM produced early in the development lifecycle containing an inventory of components and services that are proposed or planned to be used. The inventory may need to be procured, retrieved, or resourced prior to use. + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error; it shall be fixed with v2.0 of this very schema + LIFECYCLE_PHASE_DESIGN = 0; + // BOM consists of information obtained prior to a build process and may contain source files, development artifacts, and manifests. The inventory may need to be resolved and retrieved prior to use. + LIFECYCLE_PHASE_PRE_BUILD = 1; + // BOM consisting of information obtained during a build process where component inventory is available for use. The precise versions of resolved components are usually available at this time as well as the provenance of where the components were retrieved from. + LIFECYCLE_PHASE_BUILD = 2; + // BOM consisting of information obtained after a build process has completed and the resulting components(s) are available for further analysis. Built components may exist as the result of a CI/CD process, may have been installed or deployed to a system or device, and may need to be retrieved or extracted from the system or device. + LIFECYCLE_PHASE_POST_BUILD = 3; + // BOM produced that represents inventory that is running and operational. This may include staging or production environments and will generally encompass multiple SBOMs describing the applications and operating system, along with HBOMs describing the hardware that makes up the system. Operations Bill of Materials (OBOM) can provide full-stack inventory of runtime environments, configurations, and additional dependencies. + LIFECYCLE_PHASE_OPERATIONS = 4; + // BOM consisting of information observed through network discovery providing point-in-time enumeration of embedded, on-premise, and cloud-native services such as server applications, connected devices, microservices, and serverless functions. + LIFECYCLE_PHASE_DISCOVERY = 5; + // BOM containing inventory that will be, or has been retired from operations. + LIFECYCLE_PHASE_DECOMMISSION = 6; +} + +message OrganizationalContact { + // The name of the contact + optional string name = 1; + // The email address of the contact. + optional string email = 2; + // The phone number of the contact. + optional string phone = 3; + // An optional identifier which can be used to reference the object elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 4; +} + +message OrganizationalEntity { + // The name of the organization + optional string name = 1; + // The URL of the organization. Multiple URLs are allowed. + repeated string url = 2; + // A contact person at the organization. Multiple contacts are allowed. + repeated OrganizationalContact contact = 3; + // An optional identifier which can be used to reference the object elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 4; + // The physical address (location) of the organization + optional PostalAddressType address = 5; +} + +enum PatchClassification { + // Default + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` + PATCH_CLASSIFICATION_NULL = 0; + // A patch which is not developed by the creators or maintainers of the software being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch + PATCH_CLASSIFICATION_UNOFFICIAL = 1; + // A patch which dynamically modifies runtime behavior. Refer to https://en.wikipedia.org/wiki/Monkey_patch + PATCH_CLASSIFICATION_MONKEY = 2; + // A patch which takes code from a newer version of software and applies it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting + PATCH_CLASSIFICATION_BACKPORT = 3; + // A patch created by selectively applying commits from other versions or branches of the same software. + PATCH_CLASSIFICATION_CHERRY_PICK = 4; +} + +// Specifies an individual patch +message Patch { + // Specifies the purpose for the patch, including the resolution of defects, security issues, or new behavior or functionality + PatchClassification type = 1; + // The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff + optional Diff diff = 2; + // A collection of issues the patch resolves + repeated Issue resolves = 3; +} + +// Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known. +message Pedigree { + // Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains an ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from. + repeated Component ancestors = 1; + // Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component. + repeated Component descendants = 2; + // Variants describe relations where the relationship between the components is not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other or if they share a common ancestor. + repeated Component variants = 3; + // A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant. + repeated Commit commits = 4; + // A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complementary to commits or may be used in place of commits. + repeated Patch patches = 5; + // Notes, observations, and other non-structured commentary describing the component's pedigree. + optional string notes = 6; +} + +enum Scope { + // Default + SCOPE_UNSPECIFIED = 0; + // The component is required for runtime + SCOPE_REQUIRED = 1; + // The component is optional at runtime. Optional components are components that are not capable of being called due to them not being installed or otherwise accessible by any means. Components that are installed but, due to configuration or other restrictions, are prohibited from being called must be scoped as 'required'. + SCOPE_OPTIONAL = 2; + // Components that are excluded provide the ability to document component usage for test and other non-runtime purposes. Excluded components are not reachable within a call graph at runtime. + SCOPE_EXCLUDED = 3; +} + +message Service { + // An optional identifier which can be used to reference the service elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 1; + // The organization that provides the service. + optional OrganizationalEntity provider = 2; + // The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided. + optional string group = 3; + // The name of the service. This will often be a shortened, single name of the service. + string name = 4; + // The service version. + optional string version = 5; + // Specifies a description for the service. + optional string description = 6; + // The endpoint URIs of the service. Multiple endpoints are allowed. Example: "https://example.com/api/v1/ticker" + repeated string endpoints = 7; + // A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication. + optional bool authenticated = 8; + // A boolean value indicating if the use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed. + optional bool x_trust_boundary = 9; + // Specifies information about the data including the directional flow of data and the data classification. + repeated DataFlow data = 10; + // EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression) + repeated LicenseChoice licenses = 11; + // Provides the ability to document external references related to the service. + repeated ExternalReference external_references = 12; + // Specifies optional sub-service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. + repeated Service services = 13; + // Specifies optional, custom, properties + repeated Property properties = 14; + // Specifies optional release notes. + optional ReleaseNotes releaseNotes = 15; + // The name of the trust zone the service resides in. + optional string trustZone = 16; + // Textual strings that aid in the discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection". + repeated string tags = 17; +} + +// Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. +message Swid { + // Maps to the tagId of a SoftwareIdentity. + string tag_id = 1; + // Maps to the name of a SoftwareIdentity. + string name = 2; + // Maps to the version of a SoftwareIdentity. Defaults to '0.0' if not specified. + optional string version = 3; + // Maps to the tagVersion of a SoftwareIdentity. Defaults to '0' if not specified. + optional int32 tag_version = 4; + // Maps to the patch of a SoftwareIdentity. Defaults to 'false' if not specified. + optional bool patch = 5; + // Specifies the full content of the SWID tag. + optional AttachedText text = 6; + // The URL to the SWID file. + optional string url = 7; +} + +// Specifies a tool (manual or automated). +message Tool { + // DEPRECATED - DO NOT USE - The vendor of the tool used to create the BOM. + optional string vendor = 1 [deprecated = true]; + // DEPRECATED - DO NOT USE - The name of the tool used to create the BOM. + optional string name = 2 [deprecated = true]; + // DEPRECATED - DO NOT USE - The version of the tool used to create the BOM. + optional string version = 3 [deprecated = true]; + // DEPRECATED - DO NOT USE + repeated Hash hashes = 4 [deprecated = true]; + // DEPRECATED - DO NOT USE - Provides the ability to document external references related to the tool. + repeated ExternalReference external_references = 5 [deprecated = true]; + // A list of software and hardware components used as tools + repeated Component components = 6; + // A list of services used as tools. This may include microservices, function-as-a-service, and other types of network or intra-process services. + repeated Service services = 7; +} + +// Specifies a property +message Property { + // Name (or key) + string name = 1; + // Value + optional string value = 2; +} + +enum Aggregate { + // The relationship completeness is not specified. + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `not specified` is our fallback, doubling `unspecified` + AGGREGATE_NOT_SPECIFIED = 0; + // The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist. + AGGREGATE_COMPLETE = 1; + // The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. + AGGREGATE_INCOMPLETE = 2; + // The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. + AGGREGATE_INCOMPLETE_FIRST_PARTY_ONLY = 3; + // The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. + AGGREGATE_INCOMPLETE_THIRD_PARTY_ONLY = 4; + // The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. + AGGREGATE_UNKNOWN = 5; + // The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. + AGGREGATE_INCOMPLETE_FIRST_PARTY_PROPRIETARY_ONLY = 6; + // The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource. + AGGREGATE_INCOMPLETE_FIRST_PARTY_OPENSOURCE_ONLY = 7; + // The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. + AGGREGATE_INCOMPLETE_THIRD_PARTY_PROPRIETARY_ONLY = 8; + // The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. + AGGREGATE_INCOMPLETE_THIRD_PARTY_OPENSOURCE_ONLY = 9; +} + +message Composition { + // Indicates the aggregate completeness + Aggregate aggregate = 1; + // The assemblies the aggregate completeness applies to + repeated string assemblies = 2; + // The dependencies the aggregate completeness applies to + repeated string dependencies = 3; + // The bom-ref identifiers of the vulnerabilities being described. + repeated string vulnerabilities = 4; + // An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref must be unique within the BOM. + optional string bom_ref = 5; +} + +message EvidenceCopyright { + // Copyright text + string text = 1; +} + +// Provides the ability to document evidence collected through various forms of extraction or analysis. +message Evidence { + // EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression) + repeated LicenseChoice licenses = 1; + // Copyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection. + repeated EvidenceCopyright copyright = 2; + // Evidence that substantiates the identity of a component. The identity may be an object or an array of identity objects. Support for specifying identity as a single object was introduced in CycloneDX v1.5. Arrays were introduced in v1.6. It is recommended that all implementations use arrays, even if only one identity object is specified. + repeated EvidenceIdentity identity = 3; + // Evidence of individual instances of a component spread across multiple locations. + repeated EvidenceOccurrences occurrences = 4; + // Evidence of the components use through the callstack. + optional Callstack callstack = 5; +} + +message Callstack { + // Within a call stack, a frame is a discrete unit that encapsulates an execution context, including local variables, parameters, and the return address. As function calls are made, frames are pushed onto the stack, forming an array-like structure that orchestrates the flow of program execution and manages the sequence of function invocations. + repeated Frames frames = 1; + + message Frames { + // A package organizes modules into namespaces, providing a unique namespace for each type it contains. + optional string package = 1; + // A module or class that encloses functions/methods and other code. + string module = 2; + // A block of code designed to perform a particular task. + optional string function = 3; + // Optional arguments that are passed to the module or function. + repeated string parameters = 4; + // The line number the code that is called resides on. + optional int32 line = 5; + // The column the code that is called resides. + optional int32 column = 6; + // The full path and filename of the module. + optional string fullFilename = 7; + } +} + +message EvidenceIdentity { + // The identity field of the component which the evidence describes. + EvidenceFieldType field = 1; + // The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence. + optional float confidence = 2; + // The methods used to extract and/or analyze the evidence. + repeated EvidenceMethods methods = 3; + // The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs. Tools used for analysis should already be defined in the BOM, either in the metadata/tools, components, or formulation. + repeated string tools = 4; + // The value of the field (cpe, purl, etc) that has been concluded based on the aggregate of all methods (if available). + optional string concludedValue = 5; +} + +message EvidenceMethods { + // The technique used in this method of analysis. + EvidenceTechnique technique = 1; + // The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is specific to the technique used. Each technique of analysis can have independent confidence. + float confidence = 2; + // The value or contents of the evidence. + optional string value = 3; +} + +message EvidenceOccurrences { + // An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref must be unique within the BOM. + optional string bom_ref = 1; + // The location or path to where the component was found. + string location = 2; + // The line number where the component was found. + optional int32 line = 3; + // The offset where the component was found. + optional int32 offset = 4; + // The symbol name that was found associated with the component. + optional string symbol = 5; + // Any additional context of the detected component (e.g. a code snippet). + optional string additionalContext = 6; +} + +// buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "EVIDENCE_FIELD_TYPE_" +enum EvidenceFieldType { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` + EVIDENCE_FIELD_NULL = 0; + EVIDENCE_FIELD_GROUP = 1; + EVIDENCE_FIELD_NAME = 2; + EVIDENCE_FIELD_VERSION = 3; + EVIDENCE_FIELD_PURL = 4; + EVIDENCE_FIELD_CPE = 5; + EVIDENCE_FIELD_SWID = 6; + EVIDENCE_FIELD_HASH = 7; + EVIDENCE_FIELD_OMNIBOR_ID = 8; + EVIDENCE_FIELD_SWHID = 9; +} + +enum EvidenceTechnique { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema + EVIDENCE_TECHNIQUE_SOURCE_CODE_ANALYSIS = 0; + EVIDENCE_TECHNIQUE_BINARY_ANALYSIS = 1; + EVIDENCE_TECHNIQUE_MANIFEST_ANALYSIS = 2; + EVIDENCE_TECHNIQUE_AST_FINGERPRINT = 3; + EVIDENCE_TECHNIQUE_HASH_COMPARISON = 4; + EVIDENCE_TECHNIQUE_INSTRUMENTATION = 5; + EVIDENCE_TECHNIQUE_DYNAMIC_ANALYSIS = 6; + EVIDENCE_TECHNIQUE_FILENAME = 7; + EVIDENCE_TECHNIQUE_ATTESTATION = 8; + EVIDENCE_TECHNIQUE_OTHER = 9; +} + +// A note containing the locale and content. +message Note { + // The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. Examples include: "en", "en-US", "fr" and "fr-CA". + optional string locale = 1; + // Specifies the full content of the release note. + optional AttachedText text = 2; +} + +message ReleaseNotes { + // The software versioning type. It is recommended that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged. + string type = 1; + // The title of the release. + optional string title = 2; + // The URL to an image that may be prominently displayed with the release note. + optional string featuredImage = 3; + // The URL to an image that may be used in messaging on social media platforms. + optional string socialImage = 4; + // A short description of the release. + optional string description = 5; + // The date and time (timestamp) when the release note was created. + optional google.protobuf.Timestamp timestamp = 6; + // Optional alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names). + repeated string aliases = 7; + // Textual strings that aid in the discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection". + repeated string tags = 8; + // A collection of issues that have been resolved. + repeated Issue resolves = 9; + // Zero or more release notes containing the locale and content. Multiple note messages may be specified to support release notes in a wide variety of languages. + repeated Note notes = 10; + // Specifies optional, custom, properties + repeated Property properties = 11; +} + +// Defines a weakness in a component or service that could be exploited or triggered by a threat source. +message Vulnerability { + // An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 1; + // The identifier that uniquely identifies the vulnerability. + optional string id = 2; + // The source that published the vulnerability. + optional Source source = 3; + // Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Oftentimes, the same vulnerability may exist in multiple sources of vulnerability intelligence but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence. + repeated VulnerabilityReference references = 4; + // List of vulnerability ratings + repeated VulnerabilityRating ratings = 5; + // List of Common Weaknesses Enumerations (CWEs) codes that describe this vulnerability. For example, 399 (of https://cwe.mitre.org/data/definitions/399.html) + repeated int32 cwes = 6; + // A description of the vulnerability as provided by the source. + optional string description = 7; + // If available, an in-depth description of the vulnerability as provided by the source organization. Details often include information useful in understanding the root cause. + optional string detail = 8; + // Recommendations of how the vulnerability can be remediated or mitigated. + optional string recommendation = 9; + // Published advisories of the vulnerability if provided. + repeated Advisory advisories = 10; + // The date and time (timestamp) when the vulnerability record was created in the vulnerability database. + optional google.protobuf.Timestamp created = 11; + // The date and time (timestamp) when the vulnerability record was first published. + optional google.protobuf.Timestamp published = 12; + // The date and time (timestamp) when the vulnerability record was last updated. + optional google.protobuf.Timestamp updated = 13; + // Individuals or organizations credited with the discovery of the vulnerability. + optional VulnerabilityCredits credits = 14; + // The tool(s) used to identify, confirm, or score the vulnerability. + optional Tool tools = 15; + // An assessment of the impact and exploitability of the vulnerability. + optional VulnerabilityAnalysis analysis = 16; + // affects + repeated VulnerabilityAffects affects = 17; + // Specifies optional, custom, properties + repeated Property properties = 18; + // The date and time (timestamp) when the vulnerability record was rejected (if applicable). + optional google.protobuf.Timestamp rejected = 19; + // Evidence used to reproduce the vulnerability. + optional ProofOfConcept proofOfConcept = 20; + // A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or impact. Workarounds often involve changes to configuration or deployments. + optional string workaround = 21; +} + +message ProofOfConcept { + // Precise steps to reproduce the vulnerability. + optional string reproductionSteps = 1; + // A description of the environment in which reproduction was possible. + optional string environment = 2; + // Supporting material that helps in reproducing or understanding how reproduction is possible. This may include screenshots, payloads, and PoC exploit code. + repeated AttachedText supportingMaterial = 3; +} + +message VulnerabilityReference { + // An identifier that uniquely identifies the vulnerability. + string id = 1; + // The source that published the vulnerability. + Source source = 2; +} + +message VulnerabilityRating { + // The source that calculated the severity or risk rating of the vulnerability. + optional Source source = 1; + // The numerical score of the rating. + optional double score = 2; + // Textual representation of the severity that corresponds to the numerical score of the rating. + optional Severity severity = 3; + // Specifies the severity or risk scoring methodology or standard used. + optional ScoreMethod method = 4; + // Textual representation of the metric values used to score the vulnerability. + optional string vector = 5; + // An optional reason for rating the vulnerability as it was. + optional string justification = 6; +} + +// Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately. +enum Severity { + // The severity is not known + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `unknown` is our fallback, doubling `unspecified` + SEVERITY_UNKNOWN = 0; + // Critical severity + SEVERITY_CRITICAL = 1; + // High severity + SEVERITY_HIGH = 2; + // Medium severity + SEVERITY_MEDIUM = 3; + // Low severity + SEVERITY_LOW = 4; + // Informational warning. + SEVERITY_INFO = 5; + // None + SEVERITY_NONE = 6; +} + +enum ScoreMethod { + // An undefined score method + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` + SCORE_METHOD_NULL = 0; + // Common Vulnerability Scoring System v2 - https://www.first.org/cvss/v2/ + SCORE_METHOD_CVSSV2 = 1; + // Common Vulnerability Scoring System v3 - https://www.first.org/cvss/v3-0/ + SCORE_METHOD_CVSSV3 = 2; + // Common Vulnerability Scoring System v3.1 - https://www.first.org/cvss/v3-1/ + SCORE_METHOD_CVSSV31 = 3; + // OWASP Risk Rating Methodology - https://owasp.org/www-community/OWASP_Risk_Rating_Methodology + SCORE_METHOD_OWASP = 4; + // Other scoring method + SCORE_METHOD_OTHER = 5; + // Common Vulnerability Scoring System v4.0 - https://www.first.org/cvss/v4-0/ + SCORE_METHOD_CVSSV4 = 6; + // Stakeholder Specific Vulnerability Categorization (all versions) - https://github.com/CERTCC/SSVC + SCORE_METHOD_SSVC = 7; +} + +// Title and location where advisory information can be obtained. An advisory is a notification of a threat to a component, service, or system. +message Advisory { + // An optional name of the advisory. + optional string title = 1; + // Location where the advisory can be obtained. + string url = 2; +} + +message VulnerabilityCredits { + // The organizations credited with vulnerability discovery. + repeated OrganizationalEntity organizations = 1; + // The individuals not associated with organizations that are credited with vulnerability discovery. + repeated OrganizationalContact individuals = 2; +} + +message VulnerabilityAnalysis { + // Declares the current state of an occurrence of a vulnerability after automated or manual analysis. + optional ImpactAnalysisState state = 1; + // The rationale of why the impact analysis state was asserted. + optional ImpactAnalysisJustification justification = 2; + // A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable. + repeated VulnerabilityResponse response = 3; + // Detailed description of the impact, including methods used during the assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability. + optional string detail = 4; + // The date and time (timestamp) when the analysis was first issued. + optional google.protobuf.Timestamp firstIssued = 5; + // The date and time (timestamp) when the analysis was last updated. + optional google.protobuf.Timestamp lastUpdated = 6; +} + +enum ImpactAnalysisState { + // An undefined impact analysis state + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` + IMPACT_ANALYSIS_STATE_NULL = 0; + // The vulnerability has been remediated. + IMPACT_ANALYSIS_STATE_RESOLVED = 1; + // The vulnerability has been remediated, and evidence of the changes is provided in the affected components pedigree containing verifiable commit history and/or diff(s). + IMPACT_ANALYSIS_STATE_RESOLVED_WITH_PEDIGREE = 2; + // The vulnerability may be directly or indirectly exploitable. + IMPACT_ANALYSIS_STATE_EXPLOITABLE = 3; + // The vulnerability is being investigated. + IMPACT_ANALYSIS_STATE_IN_TRIAGE = 4; + // The vulnerability is not specific to the component or service and was falsely identified or associated. + IMPACT_ANALYSIS_STATE_FALSE_POSITIVE = 5; + // The component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases. + IMPACT_ANALYSIS_STATE_NOT_AFFECTED = 6; +} + +enum ImpactAnalysisJustification { + // An undefined impact analysis justification + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` + IMPACT_ANALYSIS_JUSTIFICATION_NULL = 0; + // The code has been removed or tree-shaked. + IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_PRESENT = 1; + // The vulnerable code is not invoked at runtime. + IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_REACHABLE = 2; + // Exploitability requires a configurable option to be set/unset. + IMPACT_ANALYSIS_JUSTIFICATION_REQUIRES_CONFIGURATION = 3; + // Exploitability requires a dependency that is not present. + IMPACT_ANALYSIS_JUSTIFICATION_REQUIRES_DEPENDENCY = 4; + // Exploitability requires a certain environment which is not present. + IMPACT_ANALYSIS_JUSTIFICATION_REQUIRES_ENVIRONMENT = 5; + // Exploitability requires a compiler flag to be set/unset. + IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_BY_COMPILER = 6; + // Exploits are prevented at runtime. + IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_AT_RUNTIME = 7; + // Attacks are blocked at physical, logical, or network perimeter. + IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_AT_PERIMETER = 8; + // Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability. + IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_BY_MITIGATING_CONTROL = 9; +} + +enum VulnerabilityResponse { + // unspecified value + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` + VULNERABILITY_RESPONSE_NULL = 0; + // Can not fix + VULNERABILITY_RESPONSE_CAN_NOT_FIX = 1; + // Will not fix + VULNERABILITY_RESPONSE_WILL_NOT_FIX = 2; + // Update to a different revision or release + VULNERABILITY_RESPONSE_UPDATE = 3; + // Revert to a previous revision or release + VULNERABILITY_RESPONSE_ROLLBACK = 4; + // There is a workaround available + VULNERABILITY_RESPONSE_WORKAROUND_AVAILABLE = 5; +} + +message VulnerabilityAffects { + // References a component or service by the objects bom-ref + string ref = 1; + // Zero or more individual versions or range of versions. + repeated VulnerabilityAffectedVersions versions = 2; +} + +message VulnerabilityAffectedVersions { + oneof choice { + // A single version of a component or service. + string version = 1; + // A version range specified in Package URL Version Range syntax (vers), which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst + string range = 2; + } + // The vulnerability status for the version or range of versions. Defaults to VULNERABILITY_AFFECTED_STATUS_AFFECTED if not specified. + optional VulnerabilityAffectedStatus status = 3; +} + +// The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status. +enum VulnerabilityAffectedStatus { + // It is unknown (or unspecified) whether the given version is affected. + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `unknown` is our fallback, doubling `unspecified` + VULNERABILITY_AFFECTED_STATUS_UNKNOWN = 0; + // The version is affected by the vulnerability. + VULNERABILITY_AFFECTED_STATUS_AFFECTED = 1; + // The version is not affected by the vulnerability. + VULNERABILITY_AFFECTED_STATUS_NOT_AFFECTED = 2; +} + +message AnnotatorChoice { + oneof choice { + // The organization that created the annotation + OrganizationalEntity organization = 1; + // The person that created the annotation + OrganizationalContact individual = 2; + // The tool or component that created the annotation + Component component = 3; + // The service that created the annotation + Service service = 4; + } +} + +message Annotation { + // An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref must be unique within the BOM. + optional string bom_ref = 1; + // The object in the BOM identified by its bom-ref. This is often a component or service but may be any object type supporting bom-refs. + repeated string subjects = 2; + // The organization, person, component, or service which created the textual content of the annotation. + AnnotatorChoice annotator = 3; + // The date and time (timestamp) when the annotation was created. + google.protobuf.Timestamp timestamp = 4; + // The textual content of the annotation. + string text = 5; +} + +/** + * A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and must not be specified for other component types. + * + * Comment: + * Model card support in CycloneDX is derived from TensorFlow Model Card Toolkit released under the Apache 2.0 license and available from https://github.com/tensorflow/model-card-toolkit/blob/main/model_card_toolkit/schema/v0.0.2/model_card.schema.json. In addition, CycloneDX model card support includes portions of VerifyML, also released under the Apache 2.0 license and available from https://github.com/cylynx/verifyml/blob/main/verifyml/model_card_toolkit/schema/v0.0.4/model_card.schema.json. + */ +message ModelCard { + // An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref must be unique within the BOM. + optional string bom_ref = 1; + // Hyper-parameters for construction of the model. + optional ModelParameters modelParameters = 2; + // A quantitative analysis of the model + optional QuantitativeAnalysis quantitativeAnalysis = 3; + // What considerations should be taken into account regarding the model's construction, training, and application? + optional ModelCardConsiderations considerations = 4; + + message ModelParameters { + // The overall approach to learning used by the model for problem-solving. + optional Approach approach = 1; + // Directly influences the input and/or output. Examples include classification, regression, clustering, etc. + optional string task = 2; + // The model architecture family such as transformer network, convolutional neural network, residual neural network, LSTM neural network, etc. + optional string architectureFamily = 3; + //The specific architecture of the model, such as GPT-1, ResNet-50, YOLOv3, etc. + optional string modelArchitecture = 4; + // The datasets used to train and evaluate the model. + repeated Datasets datasets = 5; + // The input format(s) of the model + repeated MachineLearningInputOutputParameters inputs = 6; + // The output format(s) from the model + repeated MachineLearningInputOutputParameters outputs = 7; + + message Approach { + // Learning types describing the learning problem or hybrid learning problem. + optional ModelParameterApproachType type = 1; + } + + message Datasets { + oneof choice { + // Inline Data Information + ComponentData dataset = 1; + // References a data component by the components bom-ref attribute + string ref = 2; + } + } + + message MachineLearningInputOutputParameters { + // The data format for input/output to the model. Example formats include string, image, time-series + optional string format = 1; + } + } + message QuantitativeAnalysis { + // The model performance metrics being reported. Examples may include accuracy, F1 score, precision, top-3 error rates, MSC, etc. + repeated PerformanceMetrics performanceMetrics = 1; + // A collection of graphics that represent various measurements. + optional GraphicsCollection graphics = 2; + + message PerformanceMetrics { + // The type of performance metric. + optional string type = 1; + // The value of the performance metric. + optional string value = 2; + // The name of the slice this metric was computed on. By default, assume this metric is not sliced. + optional string slice = 3; + // The confidence interval of the metric. + optional ConfidenceInterval confidenceInterval = 4; + + message ConfidenceInterval { + // The lower bound of the confidence interval. + optional string lowerBound = 1; + // The upper bound of the confidence interval. + optional string upperBound = 2; + } + } + } + message ModelCardConsiderations { + // Who are the intended users of the model? + repeated string users = 1; + // What are the intended use cases of the model? + repeated string useCases = 2; + // What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance? + repeated string technicalLimitations = 3; + // What are the known tradeoffs in accuracy/performance of the model? + repeated string performanceTradeoffs = 4; + // What are the ethical risks involved in the application of this model? + repeated EthicalConsiderations ethicalConsiderations = 5; + // How does the model affect groups at risk of being systematically disadvantaged? What are the harms and benefits to the various affected groups? + repeated FairnessAssessments fairnessAssessments = 6; + // What are the various environmental impacts the corresponding machine learning model has exhibited across its lifecycle? + optional EnvironmentalConsiderations environmentalConsiderations = 7; + + message EthicalConsiderations { + // The name of the risk. + optional string name = 1; + // Strategy used to address this risk. + optional string mitigationStrategy = 2; + } + message FairnessAssessments { + // The groups or individuals at risk of being systematically disadvantaged by the model. + optional string groupAtRisk = 1; + // Expected benefits to the identified groups. + optional string benefits = 2; + // Expected harms to the identified groups. + optional string harms = 3; + // With respect to the benefits and harms outlined, please describe any mitigation strategy implemented. + optional string mitigationStrategy = 4; + } + message EnvironmentalConsiderations { + // Describes energy consumption information incurred for one or more component lifecycle activities. + repeated EnergyConsumption energyConsumptions = 1; + // Specifies optional, custom properties for environment considerations + repeated Property properties = 2; + } + // Describes energy consumption information incurred for the specified lifecycle activity. + message EnergyConsumption { + // An activity that is part of a machine learning model development or operational lifecycle. + enum ActivityType { + // Default + ACTIVITY_TYPE_UNSPECIFIED = 0; + // a lifecycle activity type whose description does not match currently defined values (the default type). + ACTIVITY_TYPE_OTHER = 1; + // model design including problem framing, goal definition and algorithm selection. + ACTIVITY_TYPE_DESIGN = 2; + // model data acquisition including search, selection and transfer. + ACTIVITY_TYPE_DATA_COLLECTION = 3; + // model data preparation including data cleaning, labeling and conversion. + ACTIVITY_TYPE_DATA_PREPARATION = 4; + // model building, training and generalized tuning. + ACTIVITY_TYPE_TRAINING = 5; + // refining a trained model to produce desired outputs for a given problem space. + ACTIVITY_TYPE_FINE_TUNING = 6; + // model validation including model output evaluation and testing. + ACTIVITY_TYPE_VALIDATION = 7; + // explicit model deployment to a target hosting infrastructure. + ACTIVITY_TYPE_DEPLOYMENT = 8; + // generating an output response from a hosted model from a set of inputs. + ACTIVITY_TYPE_INFERENCE = 9; + } + + // The type of activity that is part of a machine learning model development or operational lifecycle. + ActivityType activity = 1; + // The providers of the energy consumed by the associated model development lifecycle activity. + repeated EnergyProviderType energyProviders = 2; + // The total energy cost associated with the model lifecycle activity. + EnergyMeasureType activityEnergyCost = 3; + // The CO2 cost or debit equivalent to the total energy cost. + optional CO2MeasureType co2CostEquivalent = 4; + // The CO2 offset or credit for the CO2 equivalent cost. + optional CO2MeasureType co2CostOffset = 5; + // Specifies optional, custom properties for environment considerations + repeated Property properties = 6; + } + } +} + + +// Describes the physical provider of energy used for model development or operations. +message EnergyProviderType { + enum EnergySourceType { + // Default + ENERGY_SOURCE_TYPE_UNSPECIFIED = 0; + // energy source: unknown. The energy source is unknown. + ENERGY_SOURCE_TYPE_UNKNOWN = 1; + // energy source: other. An energy source that is not listed. + ENERGY_SOURCE_TYPE_OTHER = 2; + // energy source: coal. Energy produced by types of coal. + ENERGY_SOURCE_TYPE_COAL = 3; + // energy source: oil. Petroleum products (primarily crude oil and its derivative fuel oils). + ENERGY_SOURCE_TYPE_OIL = 4; + // energy source: natural-gas. Hydrocarbon gas liquids (HGL) that occur as gases at atmospheric pressure and as liquids under higher pressures including Natural gas (C5H12 and heavier), Ethane (C2H6), Propane (C3H8), etc. + ENERGY_SOURCE_TYPE_NATURAL_GAS = 5; + // energy source: nuclear. Energy produced from the cores of atoms (i.e., through nuclear fission or fusion). + ENERGY_SOURCE_TYPE_NUCLEAR = 6; + // energy source: wind. Energy produced from moving air. + ENERGY_SOURCE_TYPE_WIND = 7; + // energy source: solar. Energy produced from the sun (i.e., solar radiation). + ENERGY_SOURCE_TYPE_SOLAR = 8; + // energy source: geothermal. Energy produced from heat within the earth. + ENERGY_SOURCE_TYPE_GEOTHERMAL = 9; + // energy source: hydropower. Energy produced from flowing water. + ENERGY_SOURCE_TYPE_HYDROPOWER = 10; + // energy source: biofuel. Liquid fuels produced from biomass feedstocks (i.e., organic materials such as plants or animals). + ENERGY_SOURCE_TYPE_BIOFUEL = 11; + } + + // BOM unique reference to the energy provider. + optional string bom_ref = 1; + // A description of the energy provider. + string description = 2; + // The organization of the energy provider. + OrganizationalEntity organization = 3; + // The energy source for the energy provider. + EnergySourceType energySource = 4; + // The energy provided by the energy source for an associated activity. + EnergyMeasureType energyProvided = 5; + // Provides the ability to document external references related to the BOM or to the project the BOM describes. + repeated ExternalReference external_references = 6; +} + +// A measure of energy. +message EnergyMeasureType { + enum EnergyMeasureUnitType { + //Default + ENERGY_MEASURE_UNIT_TYPE_UNSPECIFIED = 0; + // kilowatt-hour (kWh) is the energy delivered by one kilowatt (kW) of power for one hour (h) (the default unit). + ENERGY_MEASURE_UNIT_TYPE_KILOWATT_HOURS = 1; + } + + // Quantity of energy. + float value = 1; + // Unit of energy. + EnergyMeasureUnitType unit = 2; +} + + +// A measure of carbon dioxide (CO2). +message CO2MeasureType { + enum CO2MeasureUnitType { + // Default + CO2_MEASURE_UNIT_TYPE_UNSPECIFIED = 0; + // Tonnes (t) of carbon dioxide (CO2) equivalent (eq) (the default unit). + CO2_MEASURE_UNIT_TYPE_TONNES_CO2_EQUIVALENT = 1; + } + + // Quantity of carbon dioxide (CO2). + float value = 1; + // Unit of carbon dioxide (CO2). + CO2MeasureUnitType unit = 2; +} + + +// An address used to identify a contactable location. +message PostalAddressType { + // An optional identifier which can be used to reference the address elsewhere in the BOM. Every bom-ref must be unique within the BOM. + optional string bom_ref = 1; + // The country name or the two-letter ISO 3166-1 country code. + optional string country = 2; + // The region or state in the country. For example, Texas. + optional string region = 3; + // The locality or city within the country. For example, Austin. + optional string locality = 4; + // The post office box number. For example, 901. + optional string postOfficeBoxNumber = 5; + // The postal code. For example, 78758. + optional string postalCodeue = 6; + // The street address. For example, 100 Main Street. + optional string streetAddress = 7; +} + +enum ModelParameterApproachType { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema + // Supervised machine learning involves training an algorithm on labeled data to predict or classify new data based on the patterns learned from the labeled examples. + MODEL_PARAMETER_APPROACH_TYPE_SUPERVISED = 0; + // Unsupervised machine learning involves training algorithms on unlabeled data to discover patterns, structures, or relationships without explicit guidance, allowing the model to identify inherent structures or clusters within the data. + MODEL_PARAMETER_APPROACH_TYPE_UNSUPERVISED = 1; + // Reinforcement learning is a type of machine learning where an agent learns to make decisions by interacting with an environment to maximize cumulative rewards, through trial and error. + MODEL_PARAMETER_APPROACH_TYPE_REINFORCED_LEARNING = 2; + // Semi-supervised machine learning utilizes a combination of labeled and unlabeled data during training to improve model performance, leveraging the benefits of both supervised and unsupervised learning techniques. + MODEL_PARAMETER_APPROACH_TYPE_SEMI_SUPERVISED = 3; + // Self-supervised machine learning involves training models to predict parts of the input data from other parts of the same data, without requiring external labels, enabling learning from large amounts of unlabeled data. + MODEL_PARAMETER_APPROACH_TYPE_SELF_SUPERVISED = 4; +} + +message ComponentData { + // An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref must be unique within the BOM. + optional string bom_ref = 1; + // The general theme or subject matter of the data being specified. + ComponentDataType type = 2; + // The name of the dataset. + optional string name = 3; + // The contents or references to the contents of the data being described. + optional ComponentDataContents contents = 4; + // Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed. + optional string classification = 5; + // A description of any sensitive data in a dataset. + repeated string sensitiveData = 6; + // A collection of graphics that represent various measurements. + optional GraphicsCollection graphics = 7; + // A description of the dataset. Can describe size of dataset, whether it's used for source code, training, testing, or validation, etc. + optional string description = 8; + // Data Governance + optional DataGovernance governance = 9; + + message ComponentDataContents { + // An optional way to include textual or encoded data. + optional AttachedText attachment = 1; + // The URL to where the data can be retrieved. + optional string url = 2; + // Provides the ability to document name-value parameters used for configuration. + repeated Property properties = 3; + } +} + +// Data governance captures information regarding data ownership, stewardship, and custodianship, providing insights into the individuals or entities responsible for managing, overseeing, and safeguarding the data throughout its lifecycle. +message DataGovernance { + // Data custodians are responsible for the safe custody, transport, and storage of data. + repeated DataGovernanceResponsibleParty custodians = 1; + // Data stewards are responsible for data content, context, and associated business rules. + repeated DataGovernanceResponsibleParty stewards = 2; + // Data owners are concerned with risk and appropriate access to data. + repeated DataGovernanceResponsibleParty owners = 3; + + message DataGovernanceResponsibleParty { + oneof choice { + // The organization that is responsible for specific data governance role(s). + OrganizationalEntity organization = 1; + // The individual that is responsible for specific data governance role(s). + OrganizationalContact contact = 2; + } + } +} + +enum ComponentDataType { + // Any type of code, code snippet, or data-as-code + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema + COMPONENT_DATA_TYPE_SOURCE_CODE = 0; + // Parameters or settings that may be used by other components. + COMPONENT_DATA_TYPE_CONFIGURATION = 1; + // A collection of data. + COMPONENT_DATA_TYPE_DATASET = 2; + // Data that can be used to create new instances of what the definition defines. + COMPONENT_DATA_TYPE_DEFINITION = 3; + // Any other type of data that does not fit into existing definitions. + COMPONENT_DATA_TYPE_OTHER = 4; +} + +// A collection of graphics that represent various measurements. +message GraphicsCollection { + // A description of this collection of graphics. + optional string description = 1; + // A collection of graphics. + repeated Graphic graphic = 2; + + message Graphic { + // The name of the graphic. + optional string name = 1; + // The graphic (vector or raster). Base64 encoding must be specified for binary images. + optional AttachedText image = 2; + } +} + +// Describes workflows and resources that captures rules and other aspects of how the associated BOM component or service was formed. +message Formula { + // BOM unique reference to the resource. + optional string bom_ref = 1; + // Transient components that are used in tasks that constitute one or more of this formula's workflows + repeated Component components = 2; + // Transient services that are used in tasks that constitute one or more of this formula's workflows + repeated Service services = 3; + // List of workflows that can be declared to accomplish specific orchestrated goals and independently triggered. + repeated Workflow workflows = 4; + // Domain-specific formula properties. + repeated Property properties = 5; +} + +// A specialized orchestration task. +message Workflow { + // BOM unique reference to the resource. + string bom_ref = 1; + // The unique identifier for the resource instance within its deployment context. + string uid = 2; + // The name of the resource instance. + optional string name = 3; + // A description of the resource instance. + optional string description = 4; + // Domain-specific resource instance properties. + repeated Property properties = 5; + // References to component or service resources that are used to realize the resource instance. + repeated ResourceReferenceChoice resourceReferences = 6; + // The tasks that comprise the workflow. + repeated Task tasks = 7; + // The graph of dependencies between tasks within the workflow. + repeated Dependency taskDependencies = 8; + // Indicates the types of activities performed by the set of workflow tasks. + repeated TaskType taskTypes = 9; + // The trigger that initiated the task. + optional Trigger trigger = 10; + // The sequence of steps for the task. + repeated Step steps = 11; + // Represents resources and data brought into a task at runtime by executor or task commands + repeated InputType inputs = 12; + // Represents resources and data output from a task at runtime by executor or task commands + repeated OutputType outputs = 13; + // The date and time (timestamp) when the task started. + optional google.protobuf.Timestamp timeStart = 14; + // The date and time (timestamp) when the task ended. + optional google.protobuf.Timestamp timeEnd = 15; + // A set of named filesystem or data resource shareable by workflow tasks. + repeated Workspace workspaces = 16; + // A graph of the component runtime topology for workflow's instance. + repeated Dependency runtimeTopology = 17; +} + +// Describes the inputs, sequence of steps and resources used to accomplish a task and its output. +message Task { + // BOM unique reference to the resource. + string bom_ref = 1; + // The unique identifier for the resource instance within its deployment context. + string uid = 2; + // The name of the resource instance. + optional string name = 3; + // A description of the resource instance. + optional string description = 4; + // Domain-specific task instance properties. + repeated Property properties = 5; + // References to component or service resources that are used to realize the resource instance. + repeated ResourceReferenceChoice resourceReferences = 6; + // Indicates the types of activities performed by the set of workflow tasks. + repeated TaskType taskTypes = 7; + // The trigger that initiated the task. + optional Trigger trigger = 8; + // "The sequence of steps for the task. + repeated Step steps = 9; + // Represents resources and data brought into a task at runtime by an executor or task commands + repeated InputType inputs = 10; + // Represents resources and data output from a task at runtime by an executor or task commands + repeated OutputType outputs = 11; + // The date and time (timestamp) when the task started. + optional google.protobuf.Timestamp timeStart = 14; + // The date and time (timestamp) when the task ended. + optional google.protobuf.Timestamp timeEnd = 15; + // A set of named filesystem or data resource shareable by workflow tasks. + repeated Workspace workspaces = 16; + // A graph of the component runtime topology for task's instance. + repeated Dependency runtimeTopology = 17; +} + +// Executes specific commands or tools in order to accomplish its owning task as part of a sequence. +message Step { + // A name for the step. + optional string name = 1; + // A description of the step. + optional string description = 2; + // Ordered list of commands or directives for the step + repeated Command commands = 3; + // Domain-specific step properties. + repeated Property properties = 4; +} + +message Command { + // A text representation of the executed command. + optional string executed = 1; + // Domain-specific command properties. + repeated Property properties = 2; +} + +// A named filesystem or data resource shareable by workflow tasks. +message Workspace { + // BOM unique reference to the resource. + string bom_ref = 1; + // The unique identifier for the resource instance within its deployment context. + string uid = 2; + // The name of the resource instance. + optional string name = 3; + // The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping so other tasks can use their own local name in their steps. + repeated string aliases = 4; + // A description of the resource instance. + optional string description = 5; + // Domain-specific workspace instance properties. + repeated Property properties = 6; + // References to component or service resources that are used to realize the resource instance. + repeated ResourceReferenceChoice resourceReferences = 7; + // Describes the read-write access control for the workspace relative to the owning resource instance. + optional AccessMode accessMode = 8; + // A path to a location on disk where the workspace will be available for the associated task's steps. + optional string mountPath = 9; + // The name of a domain-specific data type the workspace represents. + optional string managedDataType = 10; + // Identifies the reference to the request for a specific volume type and parameters. + optional string volumeRequest = 11; + // Information about the actual volume instance allocated to the workspace. + optional Volume volume = 12; + + enum AccessMode { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error; it shall be fixed with v2.0 of this very schema + ACCESS_MODE_READ_ONLY = 0; + ACCESS_MODE_READ_WRITE = 1; + ACCESS_MODE_READ_WRITE_ONCE = 2; + ACCESS_MODE_WRITE_ONCE = 3; + ACCESS_MODE_WRITE_ONLY = 4; + } +} + +// An identifiable, logical unit of data storage tied to a physical device. +message Volume { + // The unique identifier for the volume instance within its deployment context. + optional string uid = 1; + // The name of the volume instance + optional string name = 2; + // The volume mode for the volume instance. + optional VolumeMode mode = 3; + // The underlying path created from the actual volume. + optional string path = 4; + // The allocated size of the volume accessible to the associated workspace. This should include the scalar size as well as the IEC standard unit in either decimal or binary form. + optional string sizeAllocated = 5; + // Indicates if the volume persists beyond the life of the resource it is associated with. + optional bool persistent = 6; + // Indicates if the volume is remotely (i.e., network) attached. + optional bool remote = 7; + // Domain-specific volume instance properties. + repeated Property properties = 8; + + enum VolumeMode { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error; it shall be fixed with v2.0 of this very schema + VOLUME_MODE_FILESYSTEM = 0; + VOLUME_MODE_BLOCK = 1; + } +} + +// Represents a resource that can conditionally activate (or fire) tasks based upon associated events and their data. +message Trigger { + // BOM unique reference to the resource. + string bom_ref = 1; + // The unique identifier for the resource instance within its deployment context. + string uid = 2; + // The name of the resource instance. + optional string name = 3; + // A description of the resource instance. + optional string description = 4; + // Additional properties of the trigger. + repeated Property properties = 5; + // References to component or service resources that are used to realize the resource instance. + repeated ResourceReferenceChoice resourceReferences = 6; + // The source type of event which caused the trigger to fire. + TriggerType type = 7; + // The event data that caused the associated trigger to activate. + optional Event event = 8; + // A list of conditions used to determine if a trigger should be activated. + repeated Condition conditions = 9; + // The date and time (timestamp) when the trigger was activated. + optional google.protobuf.Timestamp timeActivated = 10; + // Represents resources and data brought into a task at runtime by an executor or task commands + repeated InputType inputs = 11; + // Represents resources and data output from a task at runtime by an executor or task commands + repeated OutputType outputs = 12; + + enum TriggerType { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error; it shall be fixed with v2.0 of this very schema + TRIGGER_TYPE_MANUAL = 0; + TRIGGER_TYPE_API = 1; + TRIGGER_TYPE_WEBHOOK = 2; + TRIGGER_TYPE_SCHEDULED = 3; + } +} + +// Represents something that happened that may trigger a response. +message Event { + // The unique identifier of the event. + optional string uid = 1; + // A description of the event. + optional string description = 2; + // The date and time (timestamp) when the event was received. + optional google.protobuf.Timestamp timeReceived = 3; + // Encoding of the raw event data. + optional AttachedText data = 4; + // References the component or service that was the source of the event + optional ResourceReferenceChoice source = 5; + // References the component or service that was the target of the event + optional ResourceReferenceChoice target = 6; + // Additional properties of the event. + repeated Property properties = 7; +} + +// Type that represents various input data types and formats. +message InputType { + // A references to the component or service that provided the input to the task (e.g., reference to a service with a data flow value of `inbound`) + optional ResourceReferenceChoice source = 1; + // A reference to the component or service that received or stored the input if not the task itself (e.g., a local, named storage workspace) + optional ResourceReferenceChoice target = 2; + // A reference to an independent resource provided as an input to a task by the workflow runtime. + optional ResourceReferenceChoice resource = 3; + // Inputs that have the form of parameters with names and values. + repeated Parameter parameters = 4; + // Inputs that have the form of parameters with names and values. + repeated EnvironmentVars environmentVars = 5; + // Inputs that have the form of data. + optional AttachedText data = 6; + // Additional properties of the input data. + repeated Property properties = 7; +} + +// Type that represents various output data types and formats. +message OutputType { + // Describes the type of data output. + optional OutputTypeType type = 1; + // Component or service that generated or provided the output from the task (e.g., a build tool) + optional ResourceReferenceChoice source = 2; + // Component or service that received the output from the task (e.g., reference to an artifactory service with data flow value of `outbound`) + optional ResourceReferenceChoice target = 3; + // A reference to an independent resource generated as output by the task. + optional ResourceReferenceChoice resource = 4; + // Outputs that have the form of data. + optional AttachedText data = 5; + // Outputs that have the form of environment variables. + repeated EnvironmentVars environmentVars = 6; + // Additional properties of the output data. + repeated Property properties = 7; + + // buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "OUTPUT_TYPE_TYPE_" + enum OutputTypeType { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error; it shall be fixed with v2.0 of this very schema + OUTPUT_TYPE_ARTIFACT = 0; + OUTPUT_TYPE_ATTESTATION = 1; + OUTPUT_TYPE_LOG = 2; + OUTPUT_TYPE_EVIDENCE = 3; + OUTPUT_TYPE_METRICS = 4; + OUTPUT_TYPE_OTHER = 5; + } +} + +// Type that permits a choice to reference a resource using an iternal bom-ref identifier or an external reference. +message ResourceReferenceChoice { + oneof choice { + // References an object by its bom-ref attribute + string ref = 1; + // Reference to an externally accessible resource + ExternalReference externalReference = 2; + } +} + +// A condition that was used to determine a trigger should be activated. +message Condition { + // Describes the set of conditions which cause the trigger to activate. + optional string description = 1; + // The logical expression that was evaluated that determined the trigger should be fired. + optional string expression = 2; + // Domain-specific condition instance properties. + repeated Property properties = 3; +} + +enum TaskType { + // A task that copies software or data used to accomplish other tasks in the workflow. + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error; it shall be fixed with v2.0 of this very schema + TASK_TYPE_COPY = 0; + // A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step. + TASK_TYPE_CLONE = 1; + // A task that checks source code for programmatic and stylistic errors. + TASK_TYPE_LINT = 2; + // A task that performs a scan against source code, or built or deployed components and services. Scans are typically run to gather or test for security vulnerabilities or policy compliance. + TASK_TYPE_SCAN = 3; + // A task that merges changes or fixes into source code prior to a build step in the workflow. + TASK_TYPE_MERGE = 4; + // A task that builds the source code, dependencies and/or data into an artifact that can be deployed to and executed on target systems. + TASK_TYPE_BUILD = 5; + // A task that verifies the functionality of a component or service. + TASK_TYPE_TEST = 6; + // A task that delivers a built artifact to one or more target repositories or storage systems. + TASK_TYPE_DELIVER = 7; + // A task that deploys a built artifact for execution on one or more target systems. + TASK_TYPE_DEPLOY = 8; + // A task that releases a built, versioned artifact to a target repository or distribution system. + TASK_TYPE_RELEASE = 9; + // A task that cleans unnecessary tools, build artifacts and/or data from workflow storage. + TASK_TYPE_CLEAN = 10; + // A workflow task that does not match current task type definitions. + TASK_TYPE_OTHER = 11; +} + +// A representation of a functional parameter. +message Parameter { + // The name of the parameter. + optional string name = 1; + // The value of the parameter. + optional string value = 2; + // The data type of the parameter. + optional string dataType = 3; +} + +message EnvironmentVars { + oneof choice { + // Name-value pair + Property property = 1; + // Value + string value = 2; + } +} + +// The list of declarations which describe the conformance to standards. Each declaration may include attestations, claims, and evidence. +message Declarations { + message Assessor { + // An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 1; + // The boolean indicating if the assessor is outside the organization generating claims. A value of false indicates a self assessor. + optional bool thirdParty = 2; + // The entity issuing the assessment. + optional OrganizationalEntity organization = 3; + } + + // Attestation + message Attestation { + // Map + message AttestationMap { + + // Conformance + message AttestationConformance { + // The conformance of the claim between and inclusive of 0 and 1, where 1 is 100% conformance. + optional double score = 1; + // The rationale for the conformance score. + optional string rationale = 2; + // The list of `bom-ref` to the evidence provided describing the mitigation strategies. + repeated string mitigationStrategies = 3; + } + + // Confidence + message AttestationConfidence { + // The confidence of the claim between and inclusive of 0 and 1, where 1 is 100% confidence. + optional double score = 1; + // The rationale for the confidence score. + optional string rationale = 2; + } + + // The `bom-ref` to the requirement being attested to. + optional string requirement = 1; + // The list of `bom-ref` to the claims being attested to. + repeated string claims = 2; + // The list of `bom-ref` to the counter claims being attested to. + repeated string counterClaims = 3; + // The conformance of the claim meeting a requirement. + optional AttestationConformance conformance = 4; + // The confidence of the claim meeting the requirement. + optional AttestationConfidence confidence = 5; + } + + // The short description explaining the main points of the attestation. + optional string summary = 1; + // The `bom-ref` to the assessor asserting the attestation. + optional string assessor = 2; + // The grouping of requirements to claims and the attestors' declared conformance and confidence thereof. + repeated AttestationMap map = 3; + } + + message Claim { + // An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 1; + // The `bom-ref` to a target representing a specific system, application, API, module, team, person, process, business unit, company, etc... that this claim is being applied to. + optional string target = 2; + // The specific statement or assertion about the target. + optional string predicate = 3; + // The list of `bom-ref` to the evidence provided describing the mitigation strategies. Each mitigation strategy should include an explanation of how any weaknesses in the evidence will be mitigated. + repeated string mitigationStrategies = 4; + // The written explanation of why the evidence provided substantiates the claim. + optional string reasoning = 5; + // The list of `bom-ref` to evidence that supports this claim. + repeated string evidence = 6; + // The list of `bom-ref` to counterEvidence that supports this claim. + repeated string counterEvidence = 7; + // External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM. + repeated ExternalReference externalReferences = 8; + } + + message Evidence { + message Data { + message Contents { + // An optional way to include textual or encoded data. + optional AttachedText attachment = 1; + // The URL to where the data can be retrieved. + optional string url = 2; + } + + // The name of the data. + optional string name = 1; + // The contents or references to the contents of the data being described. + optional Contents contents = 2; + // Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed. + optional string classification = 3; + // A description of any sensitive data included. + repeated string sensitiveData = 4; + // Data Governance + optional DataGovernance governance = 5; + } + + // An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 1; + // The reference to the property name as defined in the CycloneDX Property Taxonomy: https://github.com/CycloneDX/cyclonedx-property-taxonomy/. + optional string propertyName = 2; + // The written description of what this evidence is and how it was created. + optional string description = 3; + // The output or analysis that supports claims. + repeated Data data = 4; + // The date and time (timestamp) when the evidence was created. + optional google.protobuf.Timestamp created = 5; + // The optional date and time (timestamp) when the evidence is no longer valid. + optional google.protobuf.Timestamp expires = 6; + // The author of the evidence. + optional OrganizationalContact author = 7; + // The reviewer of the evidence. + optional OrganizationalContact reviewer = 8; + } + + message Targets { + // The list of organizations which claims are made against. + repeated OrganizationalEntity organizations = 1; + // The list of components which claims are made against. + repeated Component components = 2; + // The list of services which claims are made against. + repeated Service services = 3; + } + + message Affirmation { + message Signatory { + // The signatory's name. + optional string name = 1; + // The signatory's role within an organization. + optional string role = 2; + // The signatory's organization. + optional OrganizationalEntity organization = 3; + // An External reference provides a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM. + optional ExternalReference externalReference = 4; + } + + // The brief statement affirmed by an individual regarding all declarations. Notes: This could be an affirmation of acceptance by a third-party auditor or receiving individual of a file. Example: "I certify, to the best of my knowledge, that all information is correct." + optional string statement = 1; + // The list of signatories authorized on behalf of an organization to assert validity of this document. + repeated Signatory signatories = 2; + } + + // The list of assessors evaluating claims and determining conformance to requirements and confidence in that assessment. + repeated Assessor assessors = 1; + // The list of attestations asserted by an assessor that maps requirements to claims. + repeated Attestation attestations = 2; + // The list of claims. + repeated Claim claims = 3; + // The list of evidence + repeated Evidence evidence = 4; + // The list of targets which claims are made against. + optional Targets targets = 5; + // A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment. It includes a list of authorized signatories who assert the validity of the document on behalf of the organization. + optional Affirmation affirmation = 6; +} + +message Definition { + // A standard may consist of regulations, industry or organizational-specific standards, maturity models, best practices, or any other requirements which can be evaluated against or attested to. + message Standard { + message Requirement { + // An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 1; + // The unique identifier used in the standard to identify a specific requirement. This should match what is in the standard and should not be the requirements bom-ref. + optional string identifier = 2; + // The title of the requirement. + optional string title = 3; + // The textual content of the requirement. + optional string text = 4; + // The supplemental text that provides additional guidance or context to the requirement but is not directly part of the requirement. + repeated string descriptions = 5; + // The Common Requirements Enumeration (CRE) identifier(s). CRE is a structured and standardized framework for uniting security standards and guidelines. CRE links each section of a resource to a shared topic identifier (a Common Requirement). Through this shared topic link, all resources map to each other. The use of CRE promotes clear and unambiguous communication among stakeholders. + repeated string openCre = 6; + // The optional `bom-ref` to a parent requirement. This establishes a hierarchy of requirements. Top-level requirements must not define a parent. Only child requirements should define parents. + optional string parent = 7; + // Specifies optional, custom, properties + repeated Property properties = 8; + // External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM. + repeated ExternalReference externalReferences = 9; + } + + message Level { + // An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 1; + // The identifier used in the standard to identify a specific level. + optional string identifier = 2; + // The title of the level. + optional string title = 3; + // The description of the level. + optional string description = 4; + // The list of requirement `bom-ref`s that comprise the level. + repeated string requirements = 5; + } + + // An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 1; + // The name of the standard. This will often be a shortened, single name of the standard. + optional string name = 2; + // The version of the standard. + optional string version = 3; + // The description of the standard. + optional string description = 4; + // The owner of the standard, often the entity responsible for its release. + optional string owner = 5; + // The list of requirements comprising the standard. + repeated Requirement requirements = 6; + // The list of levels associated with the standard. Some standards have different levels of compliance. + repeated Level levels = 7; + // External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM. + repeated ExternalReference externalReferences = 8; + } + + // The list of standards which may consist of regulations, industry or organizational-specific standards, maturity models, best practices, or any other requirements which can be evaluated against or attested to. + repeated Standard standards = 1; +} + +// "Cryptographic Properties +message CryptoProperties { + // Asset Type + enum CryptoAssetType { + // ProtoBuff's default value + CRYPTO_ASSET_TYPE_UNSPECIFIED = 0; + // Mathematical function commonly used for data encryption, authentication, and digital signatures. + CRYPTO_ASSET_TYPE_ALGORITHM = 1; + // An electronic document that is used to provide the identity or validate a public key. + CRYPTO_ASSET_TYPE_CERTIFICATE = 2; + // A set of rules and guidelines that govern the behavior and communication with each other. + CRYPTO_ASSET_TYPE_PROTOCOL = 3; + // Other cryptographic assets related to algorithms, certificates, and protocols such as keys and tokens. + CRYPTO_ASSET_TYPE_RELATED_CRYPTO_MATERIAL = 4; + } + + // Algorithm Propertie + message AlgorithmProperties { + // Primitive + enum CryptoPrimitive { + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_PRIMITIVE_UNSPECIFIED = 0; + // The primitive is not known + CRYPTO_PRIMITIVE_UNKNOWN = 1; + // Another primitive type - none of the following + CRYPTO_PRIMITIVE_OTHER = 2; + // Deterministic Random Bit Generator (DRBG) is a type of pseudorandom number generator designed to produce a sequence of bits from an initial seed value. DRBGs are commonly used in cryptographic applications where reproducibility of random values is important. + CRYPTO_PRIMITIVE_DRBG = 3; + // In cryptography, a Message Authentication Code (MAC) is information used for authenticating and integrity-checking a message. + CRYPTO_PRIMITIVE_MAC = 4; + // A block cipher is a symmetric key algorithm that operates on fixed-size blocks of data. It encrypts or decrypts the data in block units, providing confidentiality. Block ciphers are widely used in various cryptographic modes and protocols for secure data transmission. + CRYPTO_PRIMITIVE_BLOCK_CIPHER = 5; + // A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). + CRYPTO_PRIMITIVE_STREAM_CIPHER = 6; + // In cryptography, a signature is a digital representation of a message or data that proves its origin, identity, and integrity. Digital signatures are generated using cryptographic algorithms and are widely used for authentication and verification in secure communication. + CRYPTO_PRIMITIVE_SIGNATURE = 7; + // A hash function is a mathematical algorithm that takes an input (or 'message') and produces a fixed-size string of characters, which is typically a hash value. Hash functions are commonly used in various cryptographic applications, including data integrity verification and password hashing. + CRYPTO_PRIMITIVE_HASH = 8; + // Public Key Encryption (PKE) is a type of encryption that uses a pair of public and private keys for secure communication. The public key is used for encryption, while the private key is used for decryption. PKE is a fundamental component of public-key cryptography. + CRYPTO_PRIMITIVE_PKE = 9; + // An XOF is an extendable output function that can take arbitrary input and creates a stream of output, up to a limit determined by the size of the internal state of the hash function that underlies the XOF. + CRYPTO_PRIMITIVE_XOF = 10; + // A Key Derivation Function (KDF) derives key material from another source of entropy while preserving the entropy of the input. + CRYPTO_PRIMITIVE_KDF = 11; + // In cryptography, a key-agreement is a protocol whereby two or more parties agree on a cryptographic key in such a way that both influence the outcome. + CRYPTO_PRIMITIVE_KEY_AGREE = 12; + // A Key Encapsulation Mechanism (KEM) algorithm is a mechanism for transporting random keying material to a recipient using the recipient's public key. + CRYPTO_PRIMITIVE_KEM = 13; + // Authenticated Encryption (AE) is a cryptographic process that provides both confidentiality and data integrity. It ensures that the encrypted data has not been tampered with and comes from a legitimate source. AE is commonly used in secure communication protocols. + CRYPTO_PRIMITIVE_AE = 14; + // A combiner aggregates many candidates for a cryptographic primitive and generates a new candidate for the same primitive. + CRYPTO_PRIMITIVE_COMBINER = 15; + } + + // Execution Environment + enum CryptoExecutionEnvironment { + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_EXECUTION_ENVIRONMENT_UNSPECIFIED = 0; + // The execution environment is not known + CRYPTO_EXECUTION_ENVIRONMENT_UNKNOWN = 1; + // Another implementation environment - none of the following + CRYPTO_EXECUTION_ENVIRONMENT_OTHER = 2; + // A software implementation running in plain unencrypted RAM. + CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM = 3; + // A software implementation running in encrypted RAM. + CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_ENCRYPTED_RAM = 4; + // A software implementation running in a trusted execution environment. + CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_TEE = 5; + // A hardware implementation. + CRYPTO_EXECUTION_ENVIRONMENT_HARDWARE = 6; + } + + // Implementation platform + enum CryptoImplementationPlatform { + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_IMPLEMENTATION_PLATFORM_UNSPECIFIED = 0; + // the platform is not known + CRYPTO_IMPLEMENTATION_PLATFORM_UNKNOWN = 1; + // none of the following + CRYPTO_IMPLEMENTATION_PLATFORM_OTHER = 2; + CRYPTO_IMPLEMENTATION_PLATFORM_GENERIC = 3; + CRYPTO_IMPLEMENTATION_PLATFORM_X86_32 = 4; + CRYPTO_IMPLEMENTATION_PLATFORM_X86_64 = 5; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV7A = 6; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV7M = 7; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV8A = 8; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV8M = 9; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV9A = 10; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV9M = 11; + CRYPTO_IMPLEMENTATION_PLATFORM_X390X = 12; + CRYPTO_IMPLEMENTATION_PLATFORM_PPC64 = 13; + CRYPTO_IMPLEMENTATION_PLATFORM_PPC64LE = 14; + } + + // Mode + enum CryptoAlgorithmMode { + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_ALGORITHM_MODE_UNSPECIFIED = 0; + // The mode of operation is not known + CRYPTO_ALGORITHM_MODE_UNKNOWN = 1; + // Another mode of operation - none of the following + CRYPTO_ALGORITHM_MODE_OTHER = 2; + // Cipher block chaining + CRYPTO_ALGORITHM_MODE_CBC = 3; + // Electronic codebook + CRYPTO_ALGORITHM_MODE_ECB = 4; + // Counter with cipher block chaining message authentication code + CRYPTO_ALGORITHM_MODE_CCM = 5; + // Galois/counter + CRYPTO_ALGORITHM_MODE_GCM = 6; + // Cipher feedback + CRYPTO_ALGORITHM_MODE_CFB = 7; + // Output feedback + CRYPTO_ALGORITHM_MODE_OFB = 8; + // Counter + CRYPTO_ALGORITHM_MODE_CTR = 9; + } + + // Padding + enum CryptoAlgorithmPadding { + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_ALGORITHM_PADDING_UNSPECIFIED = 0; + // The padding scheme is not known + CRYPTO_ALGORITHM_PADDING_UNKNOWN = 1; + // Another padding scheme - none of the following + CRYPTO_ALGORITHM_PADDING_OTHER = 2; + // Public Key Cryptography Standard: Password-Based Cryptography + CRYPTO_ALGORITHM_PADDING_PKCS5 = 3; + // Public Key Cryptography Standard: Cryptographic Message Syntax + CRYPTO_ALGORITHM_PADDING_PKCS7 = 4; + // Public Key Cryptography Standard: RSA Cryptography v1.5 + CRYPTO_ALGORITHM_PADDING_PKCS1V15 = 5; + // Optimal asymmetric encryption padding + CRYPTO_ALGORITHM_PADDING_OAEP = 6; + // Raw + CRYPTO_ALGORITHM_PADDING_RAW = 7; + } + + // Cryptographic functions + enum CryptoAlgorithmFunction { + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_ALGORITHM_FUNCTION_UNSPECIFIED = 0; + // meaning "there is some, but it is unclear which one" + CRYPTO_ALGORITHM_FUNCTION_UNKNOWN = 1; + // none of the following + CRYPTO_ALGORITHM_FUNCTION_OTHER = 2; + CRYPTO_ALGORITHM_FUNCTION_GENERATE = 3; + CRYPTO_ALGORITHM_FUNCTION_KEYGEN = 4; + CRYPTO_ALGORITHM_FUNCTION_ENCRYPT = 5; + CRYPTO_ALGORITHM_FUNCTION_DECRYPT = 6; + CRYPTO_ALGORITHM_FUNCTION_DIGEST = 7; + CRYPTO_ALGORITHM_FUNCTION_TAG = 8; + CRYPTO_ALGORITHM_FUNCTION_KEYDERIVE = 9; + CRYPTO_ALGORITHM_FUNCTION_SIGN = 10; + CRYPTO_ALGORITHM_FUNCTION_VERIFY = 11; + CRYPTO_ALGORITHM_FUNCTION_ENCAPSULATE = 12; + CRYPTO_ALGORITHM_FUNCTION_DECAPSULATE = 13; + } + + // Cryptographic building blocks used in higher-level cryptographic systems and protocols. Primitives represent different cryptographic routines: deterministic random bit generators (drbg, e.g. CTR_DRBG from NIST SP800-90A-r1), message authentication codes (mac, e.g. HMAC-SHA-256), blockciphers (e.g. AES), streamciphers (e.g. Salsa20), signatures (e.g. ECDSA), hash functions (e.g. SHA-256), public-key encryption schemes (pke, e.g. RSA), extended output functions (xof, e.g. SHAKE256), key derivation functions (e.g. pbkdf2), key agreement algorithms (e.g. ECDH), key encapsulation mechanisms (e.g. ML-KEM), authenticated encryption (ae, e.g. AES-GCM) and the combination of multiple algorithms (combiner, e.g. SP800-56Cr2). + optional CryptoPrimitive primitive = 1; + // An identifier for the parameter set of the cryptographic algorithm. Examples: in AES128, '128' identifies the key length in bits, in SHA256, '256' identifies the digest length, '128' in SHAKE128 identifies its maximum security level in bits, and 'SHA2-128s' identifies a parameter set used in SLH-DSA (FIPS205). + optional string parameterSetIdentifier = 2; + // The specific underlying Elliptic Curve (EC) definition employed which is an indicator of the level of security strength, performance and complexity. Absent an authoritative source of curve names, CycloneDX recommends use of curve names as defined at [https://neuromancer.sk/std/](https://neuromancer.sk/std/), the source from which can be found at [https://github.com/J08nY/std-curves](https://github.com/J08nY/std-curves). + optional string curve = 3; + // The target and execution environment in which the algorithm is implemented in. + optional CryptoExecutionEnvironment executionEnvironment = 4; + // The target platform for which the algorithm is implemented. The implementation can be 'generic', running on any platform or for a specific platform. + optional CryptoImplementationPlatform implementationPlatform = 5; + // The certification that the implementation of the cryptographic algorithm has received, if any. Certifications include revisions and levels of FIPS 140 or Common Criteria of different Extended Assurance Levels (CC-EAL). + repeated string certificationLevel = 6; + // The mode of operation in which the cryptographic algorithm (block cipher) is used. + optional CryptoAlgorithmMode mode = 7; + // The padding scheme that is used for the cryptographic algorithm. + optional CryptoAlgorithmPadding padding = 8; + // The cryptographic functions implemented by the cryptographic algorithm. + repeated CryptoAlgorithmFunction cryptoFunctions = 9; + // The classical security level that a cryptographic algorithm provides (in bits). + optional int32 classicalSecurityLevel = 10; + // The NIST security strength category as defined in https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria). A value of 0 indicates that none of the categories are met. + optional int32 nistQuantumSecurityLevel = 11; + } // end of AlgorithmProperties + + // Certificate Properties + message CertificateProperties { + // The subject name for the certificate + optional string subjectName = 1; + // The issuer name for the certificate + optional string issuerName = 2; + // The date and time according to ISO-8601 standard from which the certificate is valid + optional google.protobuf.Timestamp notValidBefore = 3; + // The date and time according to ISO-8601 standard from which the certificate is not valid anymore + optional google.protobuf.Timestamp notValidAfter = 4; + // The bom-ref to signature algorithm used by the certificate + optional string signatureAlgorithmRef = 5; + // The bom-ref to the public key of the subject + optional string subjectPublicKeyRef = 6; + // The format of the certificate. Examples include X.509, PEM, DER, and CVC. + optional string certificateFormat = 7; + // The file extension of the certificate. Examples include crt, pem, cer, der, and p12. + optional string certificateExtension = 8; + } // end of CertificateProperties + + // Related Cryptographic Material Properties + message RelatedCryptoMaterialProperties { + + // relatedCryptoMaterialType + enum CryptoRelatedType { + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_RELATED_TYPE_UNSPECIFIED = 0; + // The type of cryptographic asset is not known. + CRYPTO_RELATED_TYPE_UNKNOWN = 1; + // Another type of cryptographic asset - none of the following + CRYPTO_RELATED_TYPE_OTHER = 2; + CRYPTO_RELATED_TYPE_PRIVATE_KEY = 3; + CRYPTO_RELATED_TYPE_PUBLIC_KEY = 4; + CRYPTO_RELATED_TYPE_SECRET_KEY = 5; + CRYPTO_RELATED_TYPE_KEY = 6; + CRYPTO_RELATED_TYPE_CIPHERTEXT = 7; + CRYPTO_RELATED_TYPE_SIGNATURE = 8; + CRYPTO_RELATED_TYPE_DIGEST = 9; + CRYPTO_RELATED_TYPE_INITIALIZATION_VECTOR = 10; + CRYPTO_RELATED_TYPE_NONCE = 11; + CRYPTO_RELATED_TYPE_SEED = 12; + CRYPTO_RELATED_TYPE_SALT = 13; + CRYPTO_RELATED_TYPE_SHARED_SECRET = 14; + CRYPTO_RELATED_TYPE_TAG = 15; + CRYPTO_RELATED_TYPE_ADDITIONAL_DATA = 16; + CRYPTO_RELATED_TYPE_PASSWORD = 17; + CRYPTO_RELATED_TYPE_CREDENTIAL = 18; + CRYPTO_RELATED_TYPE_TOKEN = 19; + } + + // State + enum CryptoRelatedState { + // Default + CRYPTO_RELATED_STATE_UNSPECIFIED = 0; + CRYPTO_RELATED_STATE_PRE_ACTIVATION = 1; + CRYPTO_RELATED_STATE_ACTIVE = 2; + CRYPTO_RELATED_STATE_SUSPENDED = 3; + CRYPTO_RELATED_STATE_DEACTIVATED = 4; + CRYPTO_RELATED_STATE_COMPROMISED = 5; + CRYPTO_RELATED_STATE_DESTROYED = 6; + } + + // Secured By + message CryptoRelatedSecuredBy { + // Specifies the mechanism by which the cryptographic asset is secured. Examples include HSM, TPM, SGX, Software, and None + optional string mechanism = 1; + // The bom-ref to the algorithm. + optional string algorithmRef = 2; + } + + // The type for the related cryptographic material + optional CryptoRelatedType type = 1; + // The optional unique identifier for the related cryptographic material. + optional string id = 2; + // The key state as defined by NIST SP 800-57. + optional CryptoRelatedState state = 3; + // The bom-ref to the algorithm used to generate the related cryptographic material. + optional string algorithmRef = 4; + // The date and time (timestamp) when the related cryptographic material was created. + optional google.protobuf.Timestamp creationDate = 5; + // The date and time (timestamp) when the related cryptographic material was activated. + optional google.protobuf.Timestamp activationDate = 6; + // The date and time (timestamp) when the related cryptographic material was updated. + optional google.protobuf.Timestamp updateDate = 7; + // The date and time (timestamp) when the related cryptographic material expires. + optional google.protobuf.Timestamp expirationDate = 8; + // The associated value of the cryptographic material. + optional string value = 9; + // The size of the cryptographic asset (in bits). + optional int64 size = 10; + // The format of the related cryptographic material (e.g. P8, PEM, DER). + optional string format = 11; + // The mechanism by which the cryptographic asset is secured. + optional CryptoRelatedSecuredBy securedBy = 12; + } // end of RelatedCryptoMaterialProperties + + // Protocol Properties + message ProtocolProperties { + enum CryptoProtocolType { + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_PROTOCOL_TYPE_UNSPECIFIED = 0; + // The protocol type is not known + CRYPTO_PROTOCOL_TYPE_UNKNOWN = 1; + // Another protocol type - none of the following + CRYPTO_PROTOCOL_TYPE_OTHER = 2; + // Transport Layer Security + CRYPTO_PROTOCOL_TYPE_TLS = 3; + // Secure Shell + CRYPTO_PROTOCOL_TYPE_SSH = 4; + // Internet Protocol Security + CRYPTO_PROTOCOL_TYPE_IPSEC = 5; + // Internet Key Exchange + CRYPTO_PROTOCOL_TYPE_IKE = 6; + // Secure Socket Tunneling Protocol + CRYPTO_PROTOCOL_TYPE_SSTP = 7; + // Wi-Fi Protected Access + CRYPTO_PROTOCOL_TYPE_WPA = 8; + } + + // Object representing a cipher suite + message CryptoProtocolCipherSuite { + // A common name for the cipher suite. For example: TLS_DHE_RSA_WITH_AES_128_CCM + optional string name = 1; + // A list of algorithms related to the cipher suite. Use the bom-ref to the algorithm cryptographic asset. + repeated string algorithms = 2; + // A list of common identifiers for the cipher suite. For example: 0xC0 and 0x9E + repeated string identifiers = 3; + } + + // IKEv2 Transform Types + message Ikev2TransformTypes { + // Transform Type 1: encryption algorithms + repeated string encr = 1; + // Transform Type 2: pseudorandom functions + repeated string prf = 2; + // Transform Type 3: integrity algorithms + repeated string integ = 3; + // Transform Type 4: Key Exchange Method (KE) per RFC9370, formerly called Diffie-Hellman Group (D-H) + repeated string ke = 4; + // Specifies if an Extended Sequence Number (ESN) is used. + optional bool esn = 5; + // IKEv2 Authentication method + repeated string auth = 6; + } + + // The concrete protocol type. + optional CryptoProtocolType type = 1; + // The version of the protocol. Examples include 1.0, 1.2, and 1.99. + optional string version = 2; + // A list of cipher suites related to the protocol. + repeated CryptoProtocolCipherSuite cipherSuites = 3; + // The IKEv2 transform types supported (types 1-4), defined in RFC7296 section 3.3.2, and additional properties. + optional Ikev2TransformTypes ikev2TransformTypes = 4; + // The bom-ref(s) to protocol-related cryptographic assets + repeated string cryptoRef = 5; + } // end of ProtocolProperties + + // Cryptographic assets occur in several forms. Algorithms and protocols are most commonly implemented in specialized cryptographic libraries. They may, however, also be 'hardcoded' in software components. Certificates and related cryptographic material like keys, tokens, secrets or passwords are other cryptographic assets to be modelled. + CryptoAssetType assetType = 1; + // Additional properties specific to a cryptographic algorithm. + optional AlgorithmProperties algorithmProperties = 2; + // Properties for cryptographic assets of asset type 'certificate' + optional CertificateProperties certificateProperties = 3; + // Properties for cryptographic assets of asset type: `related-crypto-material` + optional RelatedCryptoMaterialProperties relatedCryptoMaterialProperties = 4; + // Properties specific to cryptographic assets of type: `protocol`. + optional ProtocolProperties protocolProperties = 5; + // The object identifier (OID) of the cryptographic asset. + optional string oid = 6; +} diff --git a/src/main/resources/bom-1.6.schema.json b/src/main/resources/bom-1.6.schema.json new file mode 100644 index 0000000000..45fd8e20d6 --- /dev/null +++ b/src/main/resources/bom-1.6.schema.json @@ -0,0 +1,5699 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "type": "object", + "title": "CycloneDX Bill of Materials Standard", + "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", + "required": [ + "bomFormat", + "specVersion" + ], + "additionalProperties": false, + "properties": { + "$schema": { + "type": "string" + }, + "bomFormat": { + "type": "string", + "title": "BOM Format", + "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention, nor does JSON schema support namespaces. This value must be \"CycloneDX\".", + "enum": [ + "CycloneDX" + ] + }, + "specVersion": { + "type": "string", + "title": "CycloneDX Specification Version", + "description": "The version of the CycloneDX specification the BOM conforms to.", + "examples": ["1.6.1"] + }, + "serialNumber": { + "type": "string", + "title": "BOM Serial Number", + "description": "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number must conform to [RFC 4122](https://www.ietf.org/rfc/rfc4122.html). Use of serial numbers is recommended.", + "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], + "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" + }, + "version": { + "type": "integer", + "title": "BOM Version", + "description": "Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. The default version is '1'.", + "minimum": 1, + "default": 1, + "examples": [1] + }, + "metadata": { + "$ref": "#/definitions/metadata", + "title": "BOM Metadata", + "description": "Provides additional information about a BOM." + }, + "components": { + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components", + "description": "A list of software and hardware components." + }, + "services": { + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services", + "description": "A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services." + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." + }, + "dependencies": { + "type": "array", + "items": {"$ref": "#/definitions/dependency"}, + "uniqueItems": true, + "title": "Dependencies", + "description": "Provides the ability to document dependency relationships including provided & implemented components." + }, + "compositions": { + "type": "array", + "items": {"$ref": "#/definitions/compositions"}, + "uniqueItems": true, + "title": "Compositions", + "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described." + }, + "vulnerabilities": { + "type": "array", + "items": {"$ref": "#/definitions/vulnerability"}, + "uniqueItems": true, + "title": "Vulnerabilities", + "description": "Vulnerabilities identified in components or services." + }, + "annotations": { + "type": "array", + "items": {"$ref": "#/definitions/annotations"}, + "uniqueItems": true, + "title": "Annotations", + "description": "Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinions or commentary from various stakeholders. Annotations may be inline (with inventory) or externalized via BOM-Link and may optionally be signed." + }, + "formulation": { + "type": "array", + "items": {"$ref": "#/definitions/formula"}, + "uniqueItems": true, + "title": "Formulation", + "description": "Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process." + }, + "declarations": { + "type": "object", + "title": "Declarations", + "description": "The list of declarations which describe the conformance to standards. Each declaration may include attestations, claims, and evidence.", + "additionalProperties": false, + "properties": { + "assessors": { + "type": "array", + "title": "Assessors", + "description": "The list of assessors evaluating claims and determining conformance to requirements and confidence in that assessment.", + "items": { + "type": "object", + "title": "Assessor", + "description": "The assessor who evaluates claims and determines conformance to requirements and confidence in that assessment.", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." + }, + "thirdParty": { + "type": "boolean", + "title": "Third Party", + "description": "The boolean indicating if the assessor is outside the organization generating claims. A value of false indicates a self assessor." + }, + "organization": { + "$ref": "#/definitions/organizationalEntity", + "title": "Organization", + "description": "The entity issuing the assessment." + } + } + } + }, + "attestations": { + "type": "array", + "title": "Attestations", + "description": "The list of attestations asserted by an assessor that maps requirements to claims.", + "items": { + "type": "object", + "title": "Attestation", + "additionalProperties": false, + "properties": { + "summary": { + "type": "string", + "title": "Summary", + "description": "The short description explaining the main points of the attestation." + }, + "assessor": { + "$ref": "#/definitions/refLinkType", + "title": "Assessor", + "description": "The `bom-ref` to the assessor asserting the attestation." + }, + "map": { + "type": "array", + "title": "Map", + "description": "The grouping of requirements to claims and the attestors declared conformance and confidence thereof.", + "items": { + "type": "object", + "title": "Map", + "additionalProperties": false, + "properties": { + "requirement": { + "$ref": "#/definitions/refLinkType", + "title": "Requirement", + "description": "The `bom-ref` to the requirement being attested to." + }, + "claims": { + "type": "array", + "title": "Claims", + "description": "The list of `bom-ref` to the claims being attested to.", + "items": { "$ref": "#/definitions/refLinkType" } + }, + "counterClaims": { + "type": "array", + "title": "Counter Claims", + "description": "The list of `bom-ref` to the counter claims being attested to.", + "items": { "$ref": "#/definitions/refLinkType" } + }, + "conformance": { + "type": "object", + "title": "Conformance", + "description": "The conformance of the claim meeting a requirement.", + "additionalProperties": false, + "properties": { + "score": { + "type": "number", + "minimum": 0, + "maximum": 1, + "title": "Score", + "description": "The conformance of the claim between and inclusive of 0 and 1, where 1 is 100% conformance." + }, + "rationale": { + "type": "string", + "title": "Rationale", + "description": "The rationale for the conformance score." + }, + "mitigationStrategies": { + "type": "array", + "title": "Mitigation Strategies", + "description": "The list of `bom-ref` to the evidence provided describing the mitigation strategies.", + "items": { "$ref": "#/definitions/refLinkType" } + } + } + }, + "confidence": { + "type": "object", + "title": "Confidence", + "description": "The confidence of the claim meeting the requirement.", + "additionalProperties": false, + "properties": { + "score": { + "type": "number", + "minimum": 0, + "maximum": 1, + "title": "Score", + "description": "The confidence of the claim between and inclusive of 0 and 1, where 1 is 100% confidence." + }, + "rationale": { + "type": "string", + "title": "Rationale", + "description": "The rationale for the confidence score." + } + } + } + } + } + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + } + }, + "claims": { + "type": "array", + "title": "Claims", + "description": "The list of claims.", + "items": { + "type": "object", + "title": "Claim", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." + }, + "target": { + "$ref": "#/definitions/refLinkType", + "title": "Target", + "description": "The `bom-ref` to a target representing a specific system, application, API, module, team, person, process, business unit, company, etc... that this claim is being applied to." + }, + "predicate": { + "type": "string", + "title": "Predicate", + "description": "The specific statement or assertion about the target." + }, + "mitigationStrategies": { + "type": "array", + "title": "Mitigation Strategies", + "description": "The list of `bom-ref` to the evidence provided describing the mitigation strategies. Each mitigation strategy should include an explanation of how any weaknesses in the evidence will be mitigated.", + "items": { "$ref": "#/definitions/refLinkType" } + }, + "reasoning": { + "type": "string", + "title": "Reasoning", + "description": "The written explanation of why the evidence provided substantiates the claim." + }, + "evidence": { + "type": "array", + "title": "Evidence", + "description": "The list of `bom-ref` to evidence that supports this claim.", + "items": { "$ref": "#/definitions/refLinkType" } + }, + "counterEvidence": { + "type": "array", + "title": "Counter Evidence", + "description": "The list of `bom-ref` to counterEvidence that supports this claim.", + "items": { "$ref": "#/definitions/refLinkType" } + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + } + }, + "evidence": { + "type": "array", + "title": "Evidence", + "description": "The list of evidence", + "items": { + "type": "object", + "title": "Evidence", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." + }, + "propertyName": { + "type": "string", + "title": "Property Name", + "description": "The reference to the property name as defined in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy/)." + }, + "description": { + "type": "string", + "title": "Description", + "description": "The written description of what this evidence is and how it was created." + }, + "data": { + "type": "array", + "title": "Data", + "description": "The output or analysis that supports claims.", + "items": { + "type": "object", + "title": "Data", + "additionalProperties": false, + "properties": { + "name": { + "title": "Data Name", + "description": "The name of the data.", + "type": "string" + }, + "contents": { + "type": "object", + "title": "Data Contents", + "description": "The contents or references to the contents of the data being described.", + "additionalProperties": false, + "properties": { + "attachment": { + "title": "Data Attachment", + "description": "An optional way to include textual or encoded data.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "Data URL", + "description": "The URL to where the data can be retrieved.", + "format": "iri-reference" + } + } + }, + "classification": { + "$ref": "#/definitions/dataClassification" + }, + "sensitiveData": { + "type": "array", + "title": "Sensitive Data", + "description": "A description of any sensitive data included.", + "items": { + "type": "string" + } + }, + "governance": { + "title": "Data Governance", + "$ref": "#/definitions/dataGovernance" + } + } + } + }, + "created": { + "type": "string", + "format": "date-time", + "title": "Created", + "description": "The date and time (timestamp) when the evidence was created." + }, + "expires": { + "type": "string", + "format": "date-time", + "title": "Expires", + "description": "The optional date and time (timestamp) when the evidence is no longer valid." + }, + "author": { + "$ref": "#/definitions/organizationalContact", + "title": "Author", + "description": "The author of the evidence." + }, + "reviewer": { + "$ref": "#/definitions/organizationalContact", + "title": "Reviewer", + "description": "The reviewer of the evidence." + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + } + }, + "targets": { + "type": "object", + "title": "Targets", + "description": "The list of targets which claims are made against.", + "additionalProperties": false, + "properties": { + "organizations": { + "type": "array", + "title": "Organizations", + "description": "The list of organizations which claims are made against.", + "items": {"$ref": "#/definitions/organizationalEntity"} + }, + "components": { + "type": "array", + "title": "Components", + "description": "The list of components which claims are made against.", + "items": {"$ref": "#/definitions/component"} + }, + "services": { + "type": "array", + "title": "Services", + "description": "The list of services which claims are made against.", + "items": {"$ref": "#/definitions/service"} + } + } + }, + "affirmation": { + "type": "object", + "title": "Affirmation", + "description": "A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment. It includes a list of authorized signatories who assert the validity of the document on behalf of the organization.", + "additionalProperties": false, + "properties": { + "statement": { + "type": "string", + "title": "Statement", + "description": "The brief statement affirmed by an individual regarding all declarations.\n*- Notes This could be an affirmation of acceptance by a third-party auditor or receiving individual of a file.", + "examples": [ "I certify, to the best of my knowledge, that all information is correct." ] + }, + "signatories": { + "type": "array", + "title": "Signatories", + "description": "The list of signatories authorized on behalf of an organization to assert validity of this document.", + "items": { + "type": "object", + "title": "Signatory", + "additionalProperties": false, + "oneOf": [ + { + "required": ["signature"] + }, + { + "required": ["externalReference", "organization"] + } + ], + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The signatory's name." + }, + "role": { + "type": "string", + "title": "Role", + "description": "The signatory's role within an organization." + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + }, + "organization": { + "$ref": "#/definitions/organizationalEntity", + "title": "Organization", + "description": "The signatory's organization." + }, + "externalReference": { + "$ref": "#/definitions/externalReference", + "title": "External Reference", + "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." + } + } + } + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "definitions": { + "type": "object", + "title": "Definitions", + "description": "A collection of reusable objects that are defined and may be used elsewhere in the BOM.", + "additionalProperties": false, + "properties": { + "standards": { + "type": "array", + "title": "Standards", + "description": "The list of standards which may consist of regulations, industry or organizational-specific standards, maturity models, best practices, or any other requirements which can be evaluated against or attested to.", + "items": { + "$ref": "#/definitions/standard" + } + } + } + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + }, + "definitions": { + "refType": { + "description": "Identifier for referable and therefore interlinkable elements.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "type": "string", + "minLength": 1, + "$comment": "TODO (breaking change): add a format constraint that prevents the value from staring with 'urn:cdx:'" + }, + "refLinkType": { + "description": "Descriptor for an element identified by the attribute 'bom-ref' in the same BOM document.\nIn contrast to `bomLinkElementType`.", + "$ref": "#/definitions/refType" + }, + "bomLinkDocumentType": { + "title": "BOM-Link Document", + "description": "Descriptor for another BOM document. See https://cyclonedx.org/capabilities/bomlink/", + "type": "string", + "format": "iri-reference", + "pattern": "^urn:cdx:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/[1-9][0-9]*$", + "$comment": "part of the pattern is based on `bom.serialNumber`'s pattern" + }, + "bomLinkElementType": { + "title": "BOM-Link Element", + "description": "Descriptor for an element in a BOM document. See https://cyclonedx.org/capabilities/bomlink/", + "type": "string", + "format": "iri-reference", + "pattern": "^urn:cdx:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/[1-9][0-9]*#.+$", + "$comment": "part of the pattern is based on `bom.serialNumber`'s pattern" + }, + "bomLink": { + "title": "BOM-Link", + "anyOf": [ + { + "title": "BOM-Link Document", + "$ref": "#/definitions/bomLinkDocumentType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] + }, + "metadata": { + "type": "object", + "title": "BOM Metadata", + "additionalProperties": false, + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The date and time (timestamp) when the BOM was created." + }, + "lifecycles": { + "type": "array", + "title": "Lifecycles", + "description": "Lifecycles communicate the stage(s) in which data in the BOM was captured. Different types of data may be available at various phases of a lifecycle, such as the Software Development Lifecycle (SDLC), IT Asset Management (ITAM), and Software Asset Management (SAM). Thus, a BOM may include data specific to or only obtainable in a given lifecycle.", + "items": { + "type": "object", + "title": "Lifecycle", + "description": "The product lifecycle(s) that this BOM represents.", + "oneOf": [ + { + "title": "Pre-Defined Phase", + "required": ["phase"], + "additionalProperties": false, + "properties": { + "phase": { + "type": "string", + "title": "Phase", + "description": "A pre-defined phase in the product lifecycle.", + "enum": [ + "design", + "pre-build", + "build", + "post-build", + "operations", + "discovery", + "decommission" + ], + "meta:enum": { + "design": "BOM produced early in the development lifecycle containing an inventory of components and services that are proposed or planned to be used. The inventory may need to be procured, retrieved, or resourced prior to use.", + "pre-build": "BOM consisting of information obtained prior to a build process and may contain source files and development artifacts and manifests. The inventory may need to be resolved and retrieved prior to use.", + "build": "BOM consisting of information obtained during a build process where component inventory is available for use. The precise versions of resolved components are usually available at this time as well as the provenance of where the components were retrieved from.", + "post-build": "BOM consisting of information obtained after a build process has completed and the resulting components(s) are available for further analysis. Built components may exist as the result of a CI/CD process, may have been installed or deployed to a system or device, and may need to be retrieved or extracted from the system or device.", + "operations": "BOM produced that represents inventory that is running and operational. This may include staging or production environments and will generally encompass multiple SBOMs describing the applications and operating system, along with HBOMs describing the hardware that makes up the system. Operations Bill of Materials (OBOM) can provide full-stack inventory of runtime environments, configurations, and additional dependencies.", + "discovery": "BOM consisting of information observed through network discovery providing point-in-time enumeration of embedded, on-premise, and cloud-native services such as server applications, connected devices, microservices, and serverless functions.", + "decommission": "BOM containing inventory that will be, or has been retired from operations." + } + } + } + }, + { + "title": "Custom Phase", + "required": ["name"], + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the lifecycle phase" + }, + "description": { + "type": "string", + "title": "Description", + "description": "The description of the lifecycle phase" + } + } + } + ] + } + }, + "tools": { + "title": "Tools", + "description": "The tool(s) used in the creation, enrichment, and validation of the BOM.", + "oneOf": [ + { + "type": "object", + "title": "Tools", + "description": "The tool(s) used in the creation, enrichment, and validation of the BOM.", + "additionalProperties": false, + "properties": { + "components": { + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components", + "description": "A list of software and hardware components used as tools." + }, + "services": { + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services", + "description": "A list of services used as tools. This may include microservices, function-as-a-service, and other types of network or intra-process services." + } + } + }, + { + "type": "array", + "title": "Tools (legacy)", + "description": "[Deprecated] The tool(s) used in the creation, enrichment, and validation of the BOM.", + "items": {"$ref": "#/definitions/tool"} + } + ] + }, + "manufacturer": { + "title": "BOM Manufacturer", + "description": "The organization that created the BOM.\nManufacturer is common in BOMs created through automated processes. BOMs created through manual means may have `@.authors` instead.", + "$ref": "#/definitions/organizationalEntity" + }, + "authors": { + "type": "array", + "title": "BOM Authors", + "description": "The person(s) who created the BOM.\nAuthors are common in BOMs created through manual processes. BOMs created through automated means may have `@.manufacturer` instead.", + "items": {"$ref": "#/definitions/organizationalContact"} + }, + "component": { + "title": "Component", + "description": "The component that the BOM describes.", + "$ref": "#/definitions/component" + }, + "manufacture": { + "deprecated": true, + "title": "Component Manufacture (legacy)", + "description": "[Deprecated] This will be removed in a future version. Use the `@.component.manufacturer` instead.\nThe organization that manufactured the component that the BOM describes.", + "$ref": "#/definitions/organizationalEntity" + }, + "supplier": { + "title": "Supplier", + "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + }, + "licenses": { + "title": "BOM License(s)", + "description": "The license information for the BOM document.\nThis may be different from the license(s) of the component(s) that the BOM describes.", + "$ref": "#/definitions/licenseChoice" + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": {"$ref": "#/definitions/property"} + } + } + }, + "tool": { + "type": "object", + "title": "Tool", + "description": "[Deprecated] This will be removed in a future version. Use component or service instead. Information about the automated or manual tool used", + "additionalProperties": false, + "properties": { + "vendor": { + "type": "string", + "title": "Tool Vendor", + "description": "The name of the vendor who created the tool" + }, + "name": { + "type": "string", + "title": "Tool Name", + "description": "The name of the tool" + }, + "version": { + "$ref": "#/definitions/version", + "title": "Tool Version", + "description": "The version of the tool" + }, + "hashes": { + "type": "array", + "items": {"$ref": "#/definitions/hash"}, + "title": "Hashes", + "description": "The hashes of the tool (if applicable)." + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." + } + } + }, + "organizationalEntity": { + "type": "object", + "title": "Organizational Entity", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + }, + "name": { + "type": "string", + "title": "Organization Name", + "description": "The name of the organization", + "examples": [ + "Example Inc." + ] + }, + "address": { + "$ref": "#/definitions/postalAddress", + "title": "Organization Address", + "description": "The physical address (location) of the organization" + }, + "url": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "Organization URL(s)", + "description": "The URL of the organization. Multiple URLs are allowed.", + "examples": ["https://example.com"] + }, + "contact": { + "type": "array", + "title": "Organizational Contact", + "description": "A contact at the organization. Multiple contacts are allowed.", + "items": {"$ref": "#/definitions/organizationalContact"} + } + } + }, + "organizationalContact": { + "type": "object", + "title": "Organizational Contact", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of a contact", + "examples": ["Contact name"] + }, + "email": { + "type": "string", + "format": "idn-email", + "title": "Email Address", + "description": "The email address of the contact.", + "examples": ["firstname.lastname@example.com"] + }, + "phone": { + "type": "string", + "title": "Phone", + "description": "The phone number of the contact.", + "examples": ["800-555-1212"] + } + } + }, + "component": { + "type": "object", + "title": "Component", + "required": [ + "type", + "name" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "application", + "framework", + "library", + "container", + "platform", + "operating-system", + "device", + "device-driver", + "firmware", + "file", + "machine-learning-model", + "data", + "cryptographic-asset" + ], + "meta:enum": { + "application": "A software application. Refer to [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) for information about applications.", + "framework": "A software framework. Refer to [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) for information on how frameworks vary slightly from libraries.", + "library": "A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing)) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended.", + "container": "A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization).", + "platform": "A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms.", + "operating-system": "A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system).", + "device": "A hardware device such as a processor or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device. See also the list of [known device properties](https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md).", + "device-driver": "A special type of software that operates or controls a particular type of device. Refer to [https://en.wikipedia.org/wiki/Device_driver](https://en.wikipedia.org/wiki/Device_driver).", + "firmware": "A special type of software that provides low-level control over a device's hardware. Refer to [https://en.wikipedia.org/wiki/Firmware](https://en.wikipedia.org/wiki/Firmware).", + "file": "A computer file. Refer to [https://en.wikipedia.org/wiki/Computer_file](https://en.wikipedia.org/wiki/Computer_file) for information about files.", + "machine-learning-model": "A model based on training data that can make predictions or decisions without being explicitly programmed to do so.", + "data": "A collection of discrete values that convey information.", + "cryptographic-asset": "A cryptographic asset including algorithms, protocols, certificates, keys, tokens, and secrets." + }, + "title": "Component Type", + "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component.", + "examples": ["library"] + }, + "mime-type": { + "type": "string", + "title": "Mime-Type", + "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented, such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", + "examples": ["image/jpeg"], + "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" + }, + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + }, + "supplier": { + "title": "Component Supplier", + "description": " The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + }, + "manufacturer": { + "title": "Component Manufacturer", + "description": "The organization that created the component.\nManufacturer is common in components created through automated processes. Components created through manual means may have `@.authors` instead.", + "$ref": "#/definitions/organizationalEntity" + }, + "authors" :{ + "type": "array", + "title": "Component Authors", + "description": "The person(s) who created the component.\nAuthors are common in components created through manual processes. Components created through automated means may have `@.manufacturer` instead.", + "items": {"$ref": "#/definitions/organizationalContact"} + }, + "author": { + "deprecated": true, + "type": "string", + "title": "Component Author (legacy)", + "description": "[Deprecated] This will be removed in a future version. Use `@.authors` or `@.manufacturer` instead.\nThe person(s) or organization(s) that authored the component", + "examples": ["Acme Inc"] + }, + "publisher": { + "type": "string", + "title": "Component Publisher", + "description": "The person(s) or organization(s) that published the component", + "examples": ["Acme Inc"] + }, + "group": { + "type": "string", + "title": "Component Group", + "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", + "examples": ["com.acme"] + }, + "name": { + "type": "string", + "title": "Component Name", + "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", + "examples": ["tomcat-catalina"] + }, + "version": { + "$ref": "#/definitions/version", + "title": "Component Version", + "description": "The component version. The version should ideally comply with semantic versioning but is not enforced." + }, + "description": { + "type": "string", + "title": "Component Description", + "description": "Specifies a description for the component" + }, + "scope": { + "type": "string", + "enum": [ + "required", + "optional", + "excluded" + ], + "meta:enum": { + "required": "The component is required for runtime", + "optional": "The component is optional at runtime. Optional components are components that are not capable of being called due to them not being installed or otherwise accessible by any means. Components that are installed but due to configuration or other restrictions are prohibited from being called must be scoped as 'required'.", + "excluded": "Components that are excluded provide the ability to document component usage for test and other non-runtime purposes. Excluded components are not reachable within a call graph at runtime." + }, + "title": "Component Scope", + "description": "Specifies the scope of the component. If scope is not specified, 'required' scope SHOULD be assumed by the consumer of the BOM.", + "default": "required" + }, + "hashes": { + "type": "array", + "title": "Component Hashes", + "description": "The hashes of the component.", + "items": {"$ref": "#/definitions/hash"} + }, + "licenses": { + "$ref": "#/definitions/licenseChoice", + "title": "Component License(s)" + }, + "copyright": { + "type": "string", + "title": "Component Copyright", + "description": "A copyright notice informing users of the underlying claims to copyright ownership in a published work.", + "examples": ["Acme Inc"] + }, + "cpe": { + "type": "string", + "title": "Common Platform Enumeration (CPE)", + "description": "Asserts the identity of the component using CPE. The CPE must conform to the CPE 2.2 or 2.3 specification. See [https://nvd.nist.gov/products/cpe](https://nvd.nist.gov/products/cpe). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", + "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"] + }, + "purl": { + "type": "string", + "title": "Package URL (purl)", + "description": "Asserts the identity of the component using package-url (purl). The purl, if specified, must be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", + "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"] + }, + "omniborId": { + "type": "array", + "title": "OmniBOR Artifact Identifier (gitoid)", + "description": "Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if specified, must be valid and conform to the specification defined at: [https://www.iana.org/assignments/uri-schemes/prov/gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", + "items": { "type": "string" }, + "examples": [ + "gitoid:blob:sha1:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3", + "gitoid:blob:sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08" + ] + }, + "swhid": { + "type": "array", + "title": "Software Heritage Identifier", + "description": "Asserts the identity of the component using the Software Heritage persistent identifier (SWHID). The SWHID, if specified, must be valid and conform to the specification defined at: [https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html](https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", + "items": { "type": "string" }, + "examples": ["swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2"] + }, + "swid": { + "$ref": "#/definitions/swid", + "title": "SWID Tag", + "description": "Asserts the identity of the component using [ISO-IEC 19770-2 Software Identification (SWID) Tags](https://www.iso.org/standard/65666.html). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity." + }, + "modified": { + "type": "boolean", + "title": "Component Modified From Original", + "description": "[Deprecated] This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating if the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." + }, + "pedigree": { + "type": "object", + "title": "Component Pedigree", + "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", + "additionalProperties": false, + "properties": { + "ancestors": { + "type": "array", + "title": "Ancestors", + "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", + "items": {"$ref": "#/definitions/component"} + }, + "descendants": { + "type": "array", + "title": "Descendants", + "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", + "items": {"$ref": "#/definitions/component"} + }, + "variants": { + "type": "array", + "title": "Variants", + "description": "Variants describe relations where the relationship between the components is not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", + "items": {"$ref": "#/definitions/component"} + }, + "commits": { + "type": "array", + "title": "Commits", + "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", + "items": {"$ref": "#/definitions/commit"} + }, + "patches": { + "type": "array", + "title": "Patches", + "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complementary to commits or may be used in place of commits.", + "items": {"$ref": "#/definitions/patch"} + }, + "notes": { + "type": "string", + "title": "Notes", + "description": "Notes, observations, and other non-structured commentary describing the components pedigree." + } + } + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." + }, + "components": { + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components", + "description": "A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system → subsystem → parts assembly in physical supply chains." + }, + "evidence": { + "$ref": "#/definitions/componentEvidence", + "title": "Evidence", + "description": "Provides the ability to document evidence collected through various forms of extraction or analysis." + }, + "releaseNotes": { + "$ref": "#/definitions/releaseNotes", + "title": "Release notes", + "description": "Specifies optional release notes." + }, + "modelCard": { + "$ref": "#/definitions/modelCard", + "title": "AI/ML Model Card" + }, + "data": { + "type": "array", + "items": {"$ref": "#/definitions/componentData"}, + "title": "Data", + "description": "This object SHOULD be specified for any component of type `data` and must not be specified for other component types." + }, + "cryptoProperties": { + "$ref": "#/definitions/cryptoProperties", + "title": "Cryptographic Properties" + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": {"$ref": "#/definitions/property"} + }, + "tags": { + "$ref": "#/definitions/tags", + "title": "Tags" + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "swid": { + "type": "object", + "title": "SWID Tag", + "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", + "required": [ + "tagId", + "name" + ], + "additionalProperties": false, + "properties": { + "tagId": { + "type": "string", + "title": "Tag ID", + "description": "Maps to the tagId of a SoftwareIdentity." + }, + "name": { + "type": "string", + "title": "Name", + "description": "Maps to the name of a SoftwareIdentity." + }, + "version": { + "type": "string", + "title": "Version", + "default": "0.0", + "description": "Maps to the version of a SoftwareIdentity." + }, + "tagVersion": { + "type": "integer", + "title": "Tag Version", + "default": 0, + "description": "Maps to the tagVersion of a SoftwareIdentity." + }, + "patch": { + "type": "boolean", + "title": "Patch", + "default": false, + "description": "Maps to the patch of a SoftwareIdentity." + }, + "text": { + "title": "Attachment text", + "description": "Specifies the metadata and content of the SWID tag.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the SWID file.", + "format": "iri-reference" + } + } + }, + "attachment": { + "type": "object", + "title": "Attachment", + "description": "Specifies the metadata and content for an attachment.", + "required": [ + "content" + ], + "additionalProperties": false, + "properties": { + "contentType": { + "type": "string", + "title": "Content-Type", + "description": "Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plan text documents.\n [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml).", + "default": "text/plain", + "examples": [ + "text/plain", + "application/json", + "image/png" + ] + }, + "encoding": { + "type": "string", + "title": "Encoding", + "description": "Specifies the optional encoding the text is represented in.", + "enum": [ + "base64" + ], + "meta:enum": { + "base64": "Base64 is a binary-to-text encoding scheme that represents binary data in an ASCII string." + } + }, + "content": { + "type": "string", + "title": "Attachment Text", + "description": "The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text." + } + } + }, + "hash": { + "type": "object", + "title": "Hash", + "required": [ + "alg", + "content" + ], + "additionalProperties": false, + "properties": { + "alg": { + "$ref": "#/definitions/hash-alg" + }, + "content": { + "$ref": "#/definitions/hash-content" + } + } + }, + "hash-alg": { + "type": "string", + "title": "Hash Algorithm", + "description": "The algorithm that generated the hash value.", + "enum": [ + "MD5", + "SHA-1", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-256", + "SHA3-384", + "SHA3-512", + "BLAKE2b-256", + "BLAKE2b-384", + "BLAKE2b-512", + "BLAKE3" + ] + }, + "hash-content": { + "type": "string", + "title": "Hash Value", + "description": "The value of the hash.", + "examples": ["3942447fac867ae5cdb3229b658f4d48"], + "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" + }, + "license": { + "type": "object", + "title": "License", + "description": "Specifies the details and attributes related to a software license. It can either include a valid SPDX license identifier or a named license, along with additional properties such as license acknowledgment, comprehensive commercial licensing information, and the full text of the license.", + "oneOf": [ + { + "required": ["id"] + }, + { + "required": ["name"] + } + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + }, + "id": { + "$ref": "spdx.schema.json", + "title": "License ID (SPDX)", + "description": "A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX license identifiers defined in the spdx.schema.json (or spdx.xml) subschema which is synchronized with the official SPDX license list.", + "examples": ["Apache-2.0"] + }, + "name": { + "type": "string", + "title": "License Name", + "description": "The name of the license. This may include the name of a commercial or proprietary license or an open source license that may not be defined by SPDX.", + "examples": ["Acme Software License"] + }, + "acknowledgement": { + "$ref": "#/definitions/licenseAcknowledgementEnumeration" + }, + "text": { + "title": "License text", + "description": "An optional way to include the textual content of a license.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "License URL", + "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", + "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], + "format": "iri-reference" + }, + "licensing": { + "type": "object", + "title": "Licensing information", + "description": "Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata", + "additionalProperties": false, + "properties": { + "altIds": { + "type": "array", + "title": "Alternate License Identifiers", + "description": "License identifiers that may be used to manage licenses and their lifecycle", + "items": { + "type": "string" + } + }, + "licensor": { + "title": "Licensor", + "description": "The individual or organization that grants a license to another individual or organization", + "type": "object", + "additionalProperties": false, + "properties": { + "organization": { + "title": "Licensor (Organization)", + "description": "The organization that granted the license", + "$ref": "#/definitions/organizationalEntity" + }, + "individual": { + "title": "Licensor (Individual)", + "description": "The individual, not associated with an organization, that granted the license", + "$ref": "#/definitions/organizationalContact" + } + }, + "oneOf":[ + { + "required": ["organization"] + }, + { + "required": ["individual"] + } + ] + }, + "licensee": { + "title": "Licensee", + "description": "The individual or organization for which a license was granted to", + "type": "object", + "additionalProperties": false, + "properties": { + "organization": { + "title": "Licensee (Organization)", + "description": "The organization that was granted the license", + "$ref": "#/definitions/organizationalEntity" + }, + "individual": { + "title": "Licensee (Individual)", + "description": "The individual, not associated with an organization, that was granted the license", + "$ref": "#/definitions/organizationalContact" + } + }, + "oneOf":[ + { + "required": ["organization"] + }, + { + "required": ["individual"] + } + ] + }, + "purchaser": { + "title": "Purchaser", + "description": "The individual or organization that purchased the license", + "type": "object", + "additionalProperties": false, + "properties": { + "organization": { + "title": "Purchaser (Organization)", + "description": "The organization that purchased the license", + "$ref": "#/definitions/organizationalEntity" + }, + "individual": { + "title": "Purchaser (Individual)", + "description": "The individual, not associated with an organization, that purchased the license", + "$ref": "#/definitions/organizationalContact" + } + }, + "oneOf":[ + { + "required": ["organization"] + }, + { + "required": ["individual"] + } + ] + }, + "purchaseOrder": { + "type": "string", + "title": "Purchase Order", + "description": "The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase" + }, + "licenseTypes": { + "type": "array", + "title": "License Type", + "description": "The type of license(s) that was granted to the licensee.", + "items": { + "type": "string", + "enum": [ + "academic", + "appliance", + "client-access", + "concurrent-user", + "core-points", + "custom-metric", + "device", + "evaluation", + "named-user", + "node-locked", + "oem", + "perpetual", + "processor-points", + "subscription", + "user", + "other" + ], + "meta:enum": { + "academic": "A license that grants use of software solely for the purpose of education or research.", + "appliance": "A license covering use of software embedded in a specific piece of hardware.", + "client-access": "A Client Access License (CAL) allows client computers to access services provided by server software.", + "concurrent-user": "A Concurrent User license (aka floating license) limits the number of licenses for a software application and licenses are shared among a larger number of users.", + "core-points": "A license where the core of a computer's processor is assigned a specific number of points.", + "custom-metric": "A license for which consumption is measured by non-standard metrics.", + "device": "A license that covers a defined number of installations on computers and other types of devices.", + "evaluation": "A license that grants permission to install and use software for trial purposes.", + "named-user": "A license that grants access to the software to one or more pre-defined users.", + "node-locked": "A license that grants access to the software on one or more pre-defined computers or devices.", + "oem": "An Original Equipment Manufacturer license that is delivered with hardware, cannot be transferred to other hardware, and is valid for the life of the hardware.", + "perpetual": "A license where the software is sold on a one-time basis and the licensee can use a copy of the software indefinitely.", + "processor-points": "A license where each installation consumes points per processor.", + "subscription": "A license where the licensee pays a fee to use the software or service.", + "user": "A license that grants access to the software or service by a specified number of users.", + "other": "Another license type." + } + } + }, + "lastRenewal": { + "type": "string", + "format": "date-time", + "title": "Last Renewal", + "description": "The timestamp indicating when the license was last renewed. For new purchases, this is often the purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of when the license was last renewed." + }, + "expiration": { + "type": "string", + "format": "date-time", + "title": "Expiration", + "description": "The timestamp indicating when the current license expires (if applicable)." + } + } + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": {"$ref": "#/definitions/property"} + } + } + }, + "licenseAcknowledgementEnumeration": { + "title": "License Acknowledgement", + "description": "Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license.", + "type": "string", + "enum": [ + "declared", + "concluded" + ], + "meta:enum": { + "declared": "Declared licenses represent the initial intentions of authors regarding the licensing terms of their code.", + "concluded": "Concluded licenses are verified and confirmed." + } + }, + "licenseChoice": { + "title": "License Choice", + "description": "EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)", + "type": "array", + "oneOf": [ + { + "title": "Multiple licenses", + "description": "A list of SPDX licenses and/or named licenses.", + "type": "array", + "items": { + "type": "object", + "title": "License", + "required": ["license"], + "additionalProperties": false, + "properties": { + "license": {"$ref": "#/definitions/license"} + } + } + }, + { + "title": "SPDX License Expression", + "description": "A tuple of exactly one SPDX License Expression.", + "type": "array", + "additionalItems": false, + "minItems": 1, + "maxItems": 1, + "items": [{ + "type": "object", + "additionalProperties": false, + "required": ["expression"], + "properties": { + "expression": { + "type": "string", + "title": "SPDX License Expression", + "description": "A valid SPDX license expression.\nRefer to https://spdx.org/specifications for syntax requirements", + "examples": [ + "Apache-2.0 AND (MIT OR GPL-2.0-only)", + "GPL-3.0-only WITH Classpath-exception-2.0" + ] + }, + "acknowledgement": { + "$ref": "#/definitions/licenseAcknowledgementEnumeration" + }, + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + } + } + }] + } + ] + }, + "commit": { + "type": "object", + "title": "Commit", + "description": "Specifies an individual commit", + "additionalProperties": false, + "properties": { + "uid": { + "type": "string", + "title": "UID", + "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes." + }, + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", + "format": "iri-reference" + }, + "author": { + "title": "Author", + "description": "The author who created the changes in the commit", + "$ref": "#/definitions/identifiableAction" + }, + "committer": { + "title": "Committer", + "description": "The person who committed or pushed the commit", + "$ref": "#/definitions/identifiableAction" + }, + "message": { + "type": "string", + "title": "Message", + "description": "The text description of the contents of the commit" + } + } + }, + "patch": { + "type": "object", + "title": "Patch", + "description": "Specifies an individual patch", + "required": [ + "type" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "unofficial", + "monkey", + "backport", + "cherry-pick" + ], + "meta:enum": { + "unofficial": "A patch which is not developed by the creators or maintainers of the software being patched. Refer to [https://en.wikipedia.org/wiki/Unofficial_patch](https://en.wikipedia.org/wiki/Unofficial_patch).", + "monkey": "A patch which dynamically modifies runtime behavior. Refer to [https://en.wikipedia.org/wiki/Monkey_patch](https://en.wikipedia.org/wiki/Monkey_patch).", + "backport": "A patch which takes code from a newer version of the software and applies it to older versions of the same software. Refer to [https://en.wikipedia.org/wiki/Backporting](https://en.wikipedia.org/wiki/Backporting).", + "cherry-pick": "A patch created by selectively applying commits from other versions or branches of the same software." + }, + "title": "Patch Type", + "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality." + }, + "diff": { + "title": "Diff", + "description": "The patch file (or diff) that shows changes. Refer to [https://en.wikipedia.org/wiki/Diff](https://en.wikipedia.org/wiki/Diff)", + "$ref": "#/definitions/diff" + }, + "resolves": { + "type": "array", + "items": {"$ref": "#/definitions/issue"}, + "title": "Resolves", + "description": "A collection of issues the patch resolves" + } + } + }, + "diff": { + "type": "object", + "title": "Diff", + "description": "The patch file (or diff) that shows changes. Refer to https://en.wikipedia.org/wiki/Diff", + "additionalProperties": false, + "properties": { + "text": { + "title": "Diff text", + "description": "Specifies the optional text of the diff", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "description": "Specifies the URL to the diff", + "format": "iri-reference" + } + } + }, + "issue": { + "type": "object", + "title": "Issue", + "description": "An individual issue that has been resolved.", + "required": [ + "type" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "defect", + "enhancement", + "security" + ], + "meta:enum": { + "defect": "A fault, flaw, or bug in software.", + "enhancement": "A new feature or behavior in software.", + "security": "A special type of defect which impacts security." + }, + "title": "Issue Type", + "description": "Specifies the type of issue" + }, + "id": { + "type": "string", + "title": "Issue ID", + "description": "The identifier of the issue assigned by the source of the issue" + }, + "name": { + "type": "string", + "title": "Issue Name", + "description": "The name of the issue" + }, + "description": { + "type": "string", + "title": "Issue Description", + "description": "A description of the issue" + }, + "source": { + "type": "object", + "title": "Source", + "description": "The source of the issue where it is documented", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the source.", + "examples": [ + "National Vulnerability Database", + "NVD", + "Apache" + ] + }, + "url": { + "type": "string", + "title": "URL", + "description": "The url of the issue documentation as provided by the source", + "format": "iri-reference" + } + } + }, + "references": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "References", + "description": "A collection of URL's for reference. Multiple URLs are allowed.", + "examples": ["https://example.com"] + } + } + }, + "identifiableAction": { + "type": "object", + "title": "Identifiable Action", + "description": "Specifies an individual commit", + "additionalProperties": false, + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The timestamp in which the action occurred" + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the individual who performed the action" + }, + "email": { + "type": "string", + "format": "idn-email", + "title": "E-mail", + "description": "The email address of the individual who performed the action" + } + } + }, + "externalReference": { + "type": "object", + "title": "External Reference", + "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM.", + "required": [ + "url", + "type" + ], + "additionalProperties": false, + "properties": { + "url": { + "anyOf": [ + { + "title": "URL", + "type": "string", + "format": "iri-reference" + }, + { + "title": "BOM-Link", + "$ref": "#/definitions/bomLink" + } + ], + "title": "URL", + "description": "The URI (URL or URN) to the external reference. External references are URIs and therefore can accept any URL scheme including https ([RFC-7230](https://www.ietf.org/rfc/rfc7230.txt)), mailto ([RFC-2368](https://www.ietf.org/rfc/rfc2368.txt)), tel ([RFC-3966](https://www.ietf.org/rfc/rfc3966.txt)), and dns ([RFC-4501](https://www.ietf.org/rfc/rfc4501.txt)). External references may also include formally registered URNs such as [CycloneDX BOM-Link](https://cyclonedx.org/capabilities/bomlink/) to reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external references into relationships that can be expressed in a BOM or across BOMs." + }, + "comment": { + "type": "string", + "title": "Comment", + "description": "An optional comment describing the external reference" + }, + "type": { + "type": "string", + "title": "Type", + "description": "Specifies the type of external reference.", + "enum": [ + "vcs", + "issue-tracker", + "website", + "advisories", + "bom", + "mailing-list", + "social", + "chat", + "documentation", + "support", + "source-distribution", + "distribution", + "distribution-intake", + "license", + "build-meta", + "build-system", + "release-notes", + "security-contact", + "model-card", + "log", + "configuration", + "evidence", + "formulation", + "attestation", + "threat-model", + "adversary-model", + "risk-assessment", + "vulnerability-assertion", + "exploitability-statement", + "pentest-report", + "static-analysis-report", + "dynamic-analysis-report", + "runtime-analysis-report", + "component-analysis-report", + "maturity-report", + "certification-report", + "codified-infrastructure", + "quality-metrics", + "poam", + "electronic-signature", + "digital-signature", + "rfc-9116", + "other" + ], + "meta:enum": { + "vcs": "Version Control System", + "issue-tracker": "Issue or defect tracking system, or an Application Lifecycle Management (ALM) system", + "website": "Website", + "advisories": "Security advisories", + "bom": "Bill of Materials (SBOM, OBOM, HBOM, SaaSBOM, etc)", + "mailing-list": "Mailing list or discussion group", + "social": "Social media account", + "chat": "Real-time chat platform", + "documentation": "Documentation, guides, or how-to instructions", + "support": "Community or commercial support", + "source-distribution": "The location where the source code distributable can be obtained. This is often an archive format such as zip or tgz. The source-distribution type complements use of the version control (vcs) type.", + "distribution": "Direct or repository download location", + "distribution-intake": "The location where a component was published to. This is often the same as \"distribution\" but may also include specialized publishing processes that act as an intermediary.", + "license": "The reference to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness.", + "build-meta": "Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc)", + "build-system": "Reference to an automated build system", + "release-notes": "Reference to release notes", + "security-contact": "Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501) that specifies the records containing DNS Security TXT.", + "model-card": "A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency.", + "log": "A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations.", + "configuration": "Parameters or settings that may be used by other components or services.", + "evidence": "Information used to substantiate a claim.", + "formulation": "Describes how a component or service was manufactured or deployed.", + "attestation": "Human or machine-readable statements containing facts, evidence, or testimony.", + "threat-model": "An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format.", + "adversary-model": "The defined assumptions, goals, and capabilities of an adversary.", + "risk-assessment": "Identifies and analyzes the potential of future events that may negatively impact individuals, assets, and/or the environment. Risk assessments may also include judgments on the tolerability of each risk.", + "vulnerability-assertion": "A Vulnerability Disclosure Report (VDR) which asserts the known and previously unknown vulnerabilities that affect a component, service, or product including the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on a component, service, or product.", + "exploitability-statement": "A Vulnerability Exploitability eXchange (VEX) which asserts the known vulnerabilities that do not affect a product, product family, or organization, and optionally the ones that do. The VEX should include the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on the product, product family, or organization.", + "pentest-report": "Results from an authorized simulated cyberattack on a component or service, otherwise known as a penetration test.", + "static-analysis-report": "SARIF or proprietary machine or human-readable report for which static analysis has identified code quality, security, and other potential issues with the source code.", + "dynamic-analysis-report": "Dynamic analysis report that has identified issues such as vulnerabilities and misconfigurations.", + "runtime-analysis-report": "Report generated by analyzing the call stack of a running application.", + "component-analysis-report": "Report generated by Software Composition Analysis (SCA), container analysis, or other forms of component analysis.", + "maturity-report": "Report containing a formal assessment of an organization, business unit, or team against a maturity model.", + "certification-report": "Industry, regulatory, or other certification from an accredited (if applicable) certification body.", + "codified-infrastructure": "Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC).", + "quality-metrics": "Report or system in which quality metrics can be obtained.", + "poam": "Plans of Action and Milestones (POA&M) complement an \"attestation\" external reference. POA&M is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".", + "electronic-signature": "An e-signature is commonly a scanned representation of a written signature or a stylized script of the person's name.", + "digital-signature": "A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification.", + "rfc-9116": "Document that complies with [RFC 9116](https://www.ietf.org/rfc/rfc9116.html) (A File Format to Aid in Security Vulnerability Disclosure)", + "other": "Use this if no other types accurately describe the purpose of the external reference." + } + }, + "hashes": { + "type": "array", + "items": {"$ref": "#/definitions/hash"}, + "title": "Hashes", + "description": "The hashes of the external reference (if applicable)." + } + } + }, + "dependency": { + "type": "object", + "title": "Dependency", + "description": "Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies must be declared as empty elements within the graph. Components or services that are not represented in the dependency graph may have unknown dependencies. It is recommended that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is recommended to leverage compositions to indicate unknown dependency graphs.", + "required": [ + "ref" + ], + "additionalProperties": false, + "properties": { + "ref": { + "$ref": "#/definitions/refLinkType", + "title": "Reference", + "description": "References a component or service by its bom-ref attribute" + }, + "dependsOn": { + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/refLinkType" + }, + "title": "Depends On", + "description": "The bom-ref identifiers of the components or services that are dependencies of this dependency object." + }, + "provides": { + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/refLinkType" + }, + "title": "Provides", + "description": "The bom-ref identifiers of the components or services that define a given specification or standard, which are provided or implemented by this dependency object.\nFor example, a cryptographic library which implements a cryptographic algorithm. A component which implements another component does not imply that the implementation is in use." + } + } + }, + "service": { + "type": "object", + "title": "Service", + "required": [ + "name" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + }, + "provider": { + "title": "Provider", + "description": "The organization that provides the service.", + "$ref": "#/definitions/organizationalEntity" + }, + "group": { + "type": "string", + "title": "Service Group", + "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", + "examples": ["com.acme"] + }, + "name": { + "type": "string", + "title": "Service Name", + "description": "The name of the service. This will often be a shortened, single name of the service.", + "examples": ["ticker-service"] + }, + "version": { + "$ref": "#/definitions/version", + "title": "Service Version", + "description": "The service version." + }, + "description": { + "type": "string", + "title": "Service Description", + "description": "Specifies a description for the service" + }, + "endpoints": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "Endpoints", + "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", + "examples": ["https://example.com/api/v1/ticker"] + }, + "authenticated": { + "type": "boolean", + "title": "Authentication Required", + "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." + }, + "x-trust-boundary": { + "type": "boolean", + "title": "Crosses Trust Boundary", + "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." + }, + "trustZone": { + "type": "string", + "title": "Trust Zone", + "description": "The name of the trust zone the service resides in." + }, + "data": { + "type": "array", + "items": {"$ref": "#/definitions/serviceData"}, + "title": "Data", + "description": "Specifies information about the data including the directional flow of data and the data classification." + }, + "licenses": { + "$ref": "#/definitions/licenseChoice", + "title": "Service License(s)" + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." + }, + "services": { + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services", + "description": "A list of services included or deployed behind the parent service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies." + }, + "releaseNotes": { + "$ref": "#/definitions/releaseNotes", + "title": "Release notes", + "description": "Specifies optional release notes." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": {"$ref": "#/definitions/property"} + }, + "tags": { + "$ref": "#/definitions/tags", + "title": "Tags" + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "serviceData": { + "type": "object", + "title": "Hash Objects", + "required": [ + "flow", + "classification" + ], + "additionalProperties": false, + "properties": { + "flow": { + "$ref": "#/definitions/dataFlowDirection", + "title": "Directional Flow", + "description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways and unknown states that the direction is not known." + }, + "classification": { + "$ref": "#/definitions/dataClassification" + }, + "name": { + "type": "string", + "title": "Name", + "description": "Name for the defined data", + "examples": [ + "Credit card reporting" + ] + }, + "description": { + "type": "string", + "title": "Description", + "description": "Short description of the data content and usage", + "examples": [ + "Credit card information being exchanged in between the web app and the database" + ] + }, + "governance": { + "title": "Data Governance", + "$ref": "#/definitions/dataGovernance" + }, + "source": { + "type": "array", + "items": { + "anyOf": [ + { + "title": "URL", + "type": "string", + "format": "iri-reference" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] + }, + "title": "Source", + "description": "The URI, URL, or BOM-Link of the components or services the data came in from" + }, + "destination": { + "type": "array", + "items": { + "anyOf": [ + { + "title": "URL", + "type": "string", + "format": "iri-reference" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] + }, + "title": "Destination", + "description": "The URI, URL, or BOM-Link of the components or services the data is sent to" + } + } + }, + "dataFlowDirection": { + "type": "string", + "enum": [ + "inbound", + "outbound", + "bi-directional", + "unknown" + ], + "meta:enum": { + "inbound": "Data that enters a service.", + "outbound": "Data that exits a service.", + "bi-directional": "Data flows in and out of the service.", + "unknown": "The directional flow of data is not known." + }, + "title": "Data flow direction", + "description": "Specifies the flow direction of the data. Direction is relative to the service." + }, + "copyright": { + "type": "object", + "title": "Copyright", + "description": "A copyright notice informing users of the underlying claims to copyright ownership in a published work.", + "required": [ + "text" + ], + "additionalProperties": false, + "properties": { + "text": { + "type": "string", + "title": "Copyright Text", + "description": "The textual content of the copyright." + } + } + }, + "componentEvidence": { + "type": "object", + "title": "Evidence", + "description": "Provides the ability to document evidence collected through various forms of extraction or analysis.", + "additionalProperties": false, + "properties": { + "identity": { + "title": "Identity Evidence", + "description": "Evidence that substantiates the identity of a component. The identity may be an object or an array of identity objects. Support for specifying identity as a single object was introduced in CycloneDX v1.5. Arrays were introduced in v1.6. It is recommended that all implementations use arrays, even if only one identity object is specified.", + "oneOf" : [ + { + "type": "array", + "title": "Array of Identity Objects", + "items": { "$ref": "#/definitions/componentIdentityEvidence" } + }, + { + "title": "A Single Identity Object", + "description": "[Deprecated]", + "$ref": "#/definitions/componentIdentityEvidence", + "deprecated": true + } + ] + }, + "occurrences": { + "type": "array", + "title": "Occurrences", + "description": "Evidence of individual instances of a component spread across multiple locations.", + "items": { + "type": "object", + "required": [ "location" ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + }, + "location": { + "type": "string", + "title": "Location", + "description": "The location or path to where the component was found." + }, + "line": { + "type": "integer", + "minimum": 0, + "title": "Line Number", + "description": "The line number where the component was found." + }, + "offset": { + "type": "integer", + "minimum": 0, + "title": "Offset", + "description": "The offset where the component was found." + }, + "symbol": { + "type": "string", + "title": "Symbol", + "description": "The symbol name that was found associated with the component." + }, + "additionalContext": { + "type": "string", + "title": "Additional Context", + "description": "Any additional context of the detected component (e.g. a code snippet)." + } + } + } + }, + "callstack": { + "type": "object", + "title": "Call Stack", + "description": "Evidence of the components use through the callstack.", + "additionalProperties": false, + "properties": { + "frames": { + "type": "array", + "title": "Frames", + "description": "Within a call stack, a frame is a discrete unit that encapsulates an execution context, including local variables, parameters, and the return address. As function calls are made, frames are pushed onto the stack, forming an array-like structure that orchestrates the flow of program execution and manages the sequence of function invocations.", + "items": { + "type": "object", + "required": [ + "module" + ], + "additionalProperties": false, + "properties": { + "package": { + "title": "Package", + "description": "A package organizes modules into namespaces, providing a unique namespace for each type it contains.", + "type": "string" + }, + "module": { + "title": "Module", + "description": "A module or class that encloses functions/methods and other code.", + "type": "string" + }, + "function": { + "title": "Function", + "description": "A block of code designed to perform a particular task.", + "type": "string" + }, + "parameters": { + "title": "Parameters", + "description": "Optional arguments that are passed to the module or function.", + "type": "array", + "items": { + "type": "string" + } + }, + "line": { + "title": "Line", + "description": "The line number the code that is called resides on.", + "type": "integer" + }, + "column": { + "title": "Column", + "description": "The column the code that is called resides.", + "type": "integer" + }, + "fullFilename": { + "title": "Full Filename", + "description": "The full path and filename of the module.", + "type": "string" + } + } + } + } + } + }, + "licenses": { + "$ref": "#/definitions/licenseChoice", + "title": "License Evidence" + }, + "copyright": { + "type": "array", + "items": {"$ref": "#/definitions/copyright"}, + "title": "Copyright Evidence", + "description": "Copyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection." + } + } + }, + "compositions": { + "type": "object", + "title": "Compositions", + "required": [ + "aggregate" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + }, + "aggregate": { + "$ref": "#/definitions/aggregateType", + "title": "Aggregate", + "description": "Specifies an aggregate type that describe how complete a relationship is." + }, + "assemblies": { + "type": "array", + "uniqueItems": true, + "items": { + "anyOf": [ + { + "title": "Ref", + "$ref": "#/definitions/refLinkType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] + }, + "title": "BOM references", + "description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only." + }, + "dependencies": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "BOM references", + "description": "The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only." + }, + "vulnerabilities": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "BOM references", + "description": "The bom-ref identifiers of the vulnerabilities being described." + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "aggregateType": { + "type": "string", + "default": "not_specified", + "enum": [ + "complete", + "incomplete", + "incomplete_first_party_only", + "incomplete_first_party_proprietary_only", + "incomplete_first_party_opensource_only", + "incomplete_third_party_only", + "incomplete_third_party_proprietary_only", + "incomplete_third_party_opensource_only", + "unknown", + "not_specified" + ], + "meta:enum": { + "complete": "The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist.", + "incomplete": "The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies.", + "incomplete_first_party_only": "The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented.", + "incomplete_first_party_proprietary_only": "The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.", + "incomplete_first_party_opensource_only": "The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource.", + "incomplete_third_party_only": "The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented.", + "incomplete_third_party_proprietary_only": "The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.", + "incomplete_third_party_opensource_only": "The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource.", + "unknown": "The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive.", + "not_specified": "The relationship completeness is not specified." + } + }, + "property": { + "type": "object", + "title": "Lightweight name-value pair", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the property. Duplicate names are allowed, each potentially having a different value." + }, + "value": { + "type": "string", + "title": "Value", + "description": "The value of the property." + } + }, + "additionalProperties": false + }, + "localeType": { + "type": "string", + "pattern": "^([a-z]{2})(-[A-Z]{2})?$", + "title": "Locale", + "description": "Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code must be lower case. If the country code is specified, the country code must be upper case. The language code and country code must be separated by a minus sign. Examples: en, en-US, fr, fr-CA" + }, + "releaseType": { + "type": "string", + "examples": [ + "major", + "minor", + "patch", + "pre-release", + "internal" + ], + "description": "The software versioning type. It is recommended that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged.\n\n* __major__ = A major release may contain significant changes or may introduce breaking changes.\n* __minor__ = A minor release, also known as an update, may contain a smaller number of changes than major releases.\n* __patch__ = Patch releases are typically unplanned and may resolve defects or important security issues.\n* __pre-release__ = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability.\n* __internal__ = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it." + }, + "note": { + "type": "object", + "title": "Note", + "description": "A note containing the locale and content.", + "required": [ + "text" + ], + "additionalProperties": false, + "properties": { + "locale": { + "$ref": "#/definitions/localeType", + "title": "Locale", + "description": "The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. Examples include: \"en\", \"en-US\", \"fr\" and \"fr-CA\"" + }, + "text": { + "title": "Release note content", + "description": "Specifies the full content of the release note.", + "$ref": "#/definitions/attachment" + } + } + }, + "releaseNotes": { + "type": "object", + "title": "Release notes", + "required": [ + "type" + ], + "additionalProperties": false, + "properties": { + "type": { + "$ref": "#/definitions/releaseType", + "title": "Type", + "description": "The software versioning type the release note describes." + }, + "title": { + "type": "string", + "title": "Title", + "description": "The title of the release." + }, + "featuredImage": { + "type": "string", + "format": "iri-reference", + "title": "Featured image", + "description": "The URL to an image that may be prominently displayed with the release note." + }, + "socialImage": { + "type": "string", + "format": "iri-reference", + "title": "Social image", + "description": "The URL to an image that may be used in messaging on social media platforms." + }, + "description": { + "type": "string", + "title": "Description", + "description": "A short description of the release." + }, + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The date and time (timestamp) when the release note was created." + }, + "aliases": { + "type": "array", + "items": { + "type": "string" + }, + "title": "Aliases", + "description": "One or more alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names)." + }, + "tags": { + "$ref": "#/definitions/tags", + "title": "Tags" + }, + "resolves": { + "type": "array", + "items": {"$ref": "#/definitions/issue"}, + "title": "Resolves", + "description": "A collection of issues that have been resolved." + }, + "notes": { + "type": "array", + "items": {"$ref": "#/definitions/note"}, + "title": "Notes", + "description": "Zero or more release notes containing the locale and content. Multiple note objects may be specified to support release notes in a wide variety of languages." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": {"$ref": "#/definitions/property"} + } + } + }, + "advisory": { + "type": "object", + "title": "Advisory", + "description": "Title and location where advisory information can be obtained. An advisory is a notification of a threat to a component, service, or system.", + "required": ["url"], + "additionalProperties": false, + "properties": { + "title": { + "type": "string", + "title": "Title", + "description": "An optional name of the advisory." + }, + "url": { + "type": "string", + "title": "URL", + "format": "iri-reference", + "description": "Location where the advisory can be obtained." + } + } + }, + "cwe": { + "type": "integer", + "minimum": 1, + "title": "CWE", + "description": "Integer representation of a Common Weaknesses Enumerations (CWE). For example 399 (of https://cwe.mitre.org/data/definitions/399.html)" + }, + "severity": { + "type": "string", + "title": "Severity", + "description": "Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately.", + "enum": [ + "critical", + "high", + "medium", + "low", + "info", + "none", + "unknown" + ], + "meta:enum": { + "critical": "Critical severity", + "high": "High severity", + "medium": "Medium severity", + "low": "Low severity", + "info": "Informational warning.", + "none": "None", + "unknown": "The severity is not known" + } + }, + "scoreMethod": { + "type": "string", + "title": "Method", + "description": "Specifies the severity or risk scoring methodology or standard used.", + "enum": [ + "CVSSv2", + "CVSSv3", + "CVSSv31", + "CVSSv4", + "OWASP", + "SSVC", + "other" + ], + "meta:enum": { + "CVSSv2": "Common Vulnerability Scoring System v2.0", + "CVSSv3": "Common Vulnerability Scoring System v3.0", + "CVSSv31": "Common Vulnerability Scoring System v3.1", + "CVSSv4": "Common Vulnerability Scoring System v4.0", + "OWASP": "OWASP Risk Rating Methodology", + "SSVC": "Stakeholder Specific Vulnerability Categorization", + "other": "Another severity or risk scoring methodology" + } + }, + "impactAnalysisState": { + "type": "string", + "title": "Impact Analysis State", + "description": "Declares the current state of an occurrence of a vulnerability, after automated or manual analysis.", + "enum": [ + "resolved", + "resolved_with_pedigree", + "exploitable", + "in_triage", + "false_positive", + "not_affected" + ], + "meta:enum": { + "resolved": "The vulnerability has been remediated.", + "resolved_with_pedigree": "The vulnerability has been remediated and evidence of the changes are provided in the affected components pedigree containing verifiable commit history and/or diff(s).", + "exploitable": "The vulnerability may be directly or indirectly exploitable.", + "in_triage": "The vulnerability is being investigated.", + "false_positive": "The vulnerability is not specific to the component or service and was falsely identified or associated.", + "not_affected": "The component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases." + } + }, + "impactAnalysisJustification": { + "type": "string", + "title": "Impact Analysis Justification", + "description": "The rationale of why the impact analysis state was asserted.", + "enum": [ + "code_not_present", + "code_not_reachable", + "requires_configuration", + "requires_dependency", + "requires_environment", + "protected_by_compiler", + "protected_at_runtime", + "protected_at_perimeter", + "protected_by_mitigating_control" + ], + "meta:enum": { + "code_not_present": "The code has been removed or tree-shaked.", + "code_not_reachable": "The vulnerable code is not invoked at runtime.", + "requires_configuration": "Exploitability requires a configurable option to be set/unset.", + "requires_dependency": "Exploitability requires a dependency that is not present.", + "requires_environment": "Exploitability requires a certain environment which is not present.", + "protected_by_compiler": "Exploitability requires a compiler flag to be set/unset.", + "protected_at_runtime": "Exploits are prevented at runtime.", + "protected_at_perimeter": "Attacks are blocked at physical, logical, or network perimeter.", + "protected_by_mitigating_control": "Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability." + } + }, + "rating": { + "type": "object", + "title": "Rating", + "description": "Defines the severity or risk ratings of a vulnerability.", + "additionalProperties": false, + "properties": { + "source": { + "$ref": "#/definitions/vulnerabilitySource", + "description": "The source that calculated the severity or risk rating of the vulnerability." + }, + "score": { + "type": "number", + "title": "Score", + "description": "The numerical score of the rating." + }, + "severity": { + "$ref": "#/definitions/severity", + "description": "Textual representation of the severity that corresponds to the numerical score of the rating." + }, + "method": { + "$ref": "#/definitions/scoreMethod" + }, + "vector": { + "type": "string", + "title": "Vector", + "description": "Textual representation of the metric values used to score the vulnerability" + }, + "justification": { + "type": "string", + "title": "Justification", + "description": "An optional reason for rating the vulnerability as it was" + } + } + }, + "vulnerabilitySource": { + "type": "object", + "title": "Source", + "description": "The source of vulnerability information. This is often the organization that published the vulnerability.", + "additionalProperties": false, + "properties": { + "url": { + "type": "string", + "title": "URL", + "description": "The url of the vulnerability documentation as provided by the source.", + "examples": [ + "https://nvd.nist.gov/vuln/detail/CVE-2021-39182" + ] + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the source.", + "examples": [ + "NVD", + "National Vulnerability Database", + "OSS Index", + "VulnDB", + "GitHub Advisories" + ] + } + } + }, + "vulnerability": { + "type": "object", + "title": "Vulnerability", + "description": "Defines a weakness in a component or service that could be exploited or triggered by a threat source.", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + }, + "id": { + "type": "string", + "title": "ID", + "description": "The identifier that uniquely identifies the vulnerability.", + "examples": [ + "CVE-2021-39182", + "GHSA-35m5-8cvj-8783", + "SNYK-PYTHON-ENROCRYPT-1912876" + ] + }, + "source": { + "$ref": "#/definitions/vulnerabilitySource", + "description": "The source that published the vulnerability." + }, + "references": { + "type": "array", + "title": "References", + "description": "Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence.", + "items": { + "type": "object", + "required": [ + "id", + "source" + ], + "additionalProperties": false, + "properties": { + "id": { + "type": "string", + "title": "ID", + "description": "An identifier that uniquely identifies the vulnerability.", + "examples": [ + "CVE-2021-39182", + "GHSA-35m5-8cvj-8783", + "SNYK-PYTHON-ENROCRYPT-1912876" + ] + }, + "source": { + "$ref": "#/definitions/vulnerabilitySource", + "description": "The source that published the vulnerability." + } + } + } + }, + "ratings": { + "type": "array", + "title": "Ratings", + "description": "List of vulnerability ratings", + "items": { + "$ref": "#/definitions/rating" + } + }, + "cwes": { + "type": "array", + "title": "CWEs", + "description": "List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability.", + "examples": [399], + "items": { + "$ref": "#/definitions/cwe" + } + }, + "description": { + "type": "string", + "title": "Description", + "description": "A description of the vulnerability as provided by the source." + }, + "detail": { + "type": "string", + "title": "Details", + "description": "If available, an in-depth description of the vulnerability as provided by the source organization. Details often include information useful in understanding root cause." + }, + "recommendation": { + "type": "string", + "title": "Recommendation", + "description": "Recommendations of how the vulnerability can be remediated or mitigated." + }, + "workaround": { + "type": "string", + "title": "Workarounds", + "description": "A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or impact. Workarounds often involve changes to configuration or deployments." + }, + "proofOfConcept": { + "type": "object", + "title": "Proof of Concept", + "description": "Evidence used to reproduce the vulnerability.", + "properties": { + "reproductionSteps": { + "type": "string", + "title": "Steps to Reproduce", + "description": "Precise steps to reproduce the vulnerability." + }, + "environment": { + "type": "string", + "title": "Environment", + "description": "A description of the environment in which reproduction was possible." + }, + "supportingMaterial": { + "type": "array", + "title": "Supporting Material", + "description": "Supporting material that helps in reproducing or understanding how reproduction is possible. This may include screenshots, payloads, and PoC exploit code.", + "items": { "$ref": "#/definitions/attachment" } + } + } + }, + "advisories": { + "type": "array", + "title": "Advisories", + "description": "Published advisories of the vulnerability if provided.", + "items": { + "$ref": "#/definitions/advisory" + } + }, + "created": { + "type": "string", + "format": "date-time", + "title": "Created", + "description": "The date and time (timestamp) when the vulnerability record was created in the vulnerability database." + }, + "published": { + "type": "string", + "format": "date-time", + "title": "Published", + "description": "The date and time (timestamp) when the vulnerability record was first published." + }, + "updated": { + "type": "string", + "format": "date-time", + "title": "Updated", + "description": "The date and time (timestamp) when the vulnerability record was last updated." + }, + "rejected": { + "type": "string", + "format": "date-time", + "title": "Rejected", + "description": "The date and time (timestamp) when the vulnerability record was rejected (if applicable)." + }, + "credits": { + "type": "object", + "title": "Credits", + "description": "Individuals or organizations credited with the discovery of the vulnerability.", + "additionalProperties": false, + "properties": { + "organizations": { + "type": "array", + "title": "Organizations", + "description": "The organizations credited with vulnerability discovery.", + "items": { + "$ref": "#/definitions/organizationalEntity" + } + }, + "individuals": { + "type": "array", + "title": "Individuals", + "description": "The individuals, not associated with organizations, that are credited with vulnerability discovery.", + "items": { + "$ref": "#/definitions/organizationalContact" + } + } + } + }, + "tools": { + "title": "Tools", + "description": "The tool(s) used to identify, confirm, or score the vulnerability.", + "oneOf": [ + { + "type": "object", + "title": "Tools", + "description": "The tool(s) used to identify, confirm, or score the vulnerability.", + "additionalProperties": false, + "properties": { + "components": { + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components", + "description": "A list of software and hardware components used as tools." + }, + "services": { + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services", + "description": "A list of services used as tools. This may include microservices, function-as-a-service, and other types of network or intra-process services." + } + } + }, + { + "type": "array", + "title": "Tools (legacy)", + "description": "[Deprecated] The tool(s) used to identify, confirm, or score the vulnerability.", + "items": {"$ref": "#/definitions/tool"} + } + ] + }, + "analysis": { + "type": "object", + "title": "Impact Analysis", + "description": "An assessment of the impact and exploitability of the vulnerability.", + "additionalProperties": false, + "properties": { + "state": { + "$ref": "#/definitions/impactAnalysisState" + }, + "justification": { + "$ref": "#/definitions/impactAnalysisJustification" + }, + "response": { + "type": "array", + "title": "Response", + "description": "A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable.", + "items": { + "type": "string", + "enum": [ + "can_not_fix", + "will_not_fix", + "update", + "rollback", + "workaround_available" + ], + "meta:enum": { + "can_not_fix": "Can not fix", + "will_not_fix": "Will not fix", + "update": "Update to a different revision or release", + "rollback": "Revert to a previous revision or release", + "workaround_available": "There is a workaround available" + } + } + }, + "detail": { + "type": "string", + "title": "Detail", + "description": "Detailed description of the impact including methods used during assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability." + }, + "firstIssued": { + "type": "string", + "format": "date-time", + "title": "First Issued", + "description": "The date and time (timestamp) when the analysis was first issued." + }, + "lastUpdated": { + "type": "string", + "format": "date-time", + "title": "Last Updated", + "description": "The date and time (timestamp) when the analysis was last updated." + } + } + }, + "affects": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "ref" + ], + "additionalProperties": false, + "properties": { + "ref": { + "anyOf": [ + { + "title": "Ref", + "$ref": "#/definitions/refLinkType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ], + "title": "Reference", + "description": "References a component or service by the objects bom-ref" + }, + "versions": { + "type": "array", + "title": "Versions", + "description": "Zero or more individual versions or range of versions.", + "items": { + "type": "object", + "oneOf": [ + { + "required": ["version"] + }, + { + "required": ["range"] + } + ], + "additionalProperties": false, + "properties": { + "version": { + "title": "Version", + "description": "A single version of a component or service.", + "$ref": "#/definitions/version" + }, + "range": { + "title": "Version Range", + "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst", + "$ref": "#/definitions/versionRange" + }, + "status": { + "title": "Status", + "description": "The vulnerability status for the version or range of versions.", + "$ref": "#/definitions/affectedStatus", + "default": "affected" + } + } + } + } + } + }, + "title": "Affects", + "description": "The components or services that are affected by the vulnerability." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "affectedStatus": { + "description": "The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.", + "type": "string", + "enum": [ + "affected", + "unaffected", + "unknown" + ], + "meta:enum": { + "affected": "The version is affected by the vulnerability.", + "unaffected": "The version is not affected by the vulnerability.", + "unknown": "It is unknown (or unspecified) whether the given version is affected." + } + }, + "version": { + "description": "A single disjunctive version identifier, for a component or service.", + "type": "string", + "maxLength": 1024, + "examples": [ + "9.0.14", + "v1.33.7", + "7.0.0-M1", + "2.0pre1", + "1.0.0-beta1", + "0.8.15" + ] + }, + "versionRange": { + "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst", + "type": "string", + "minLength": 1, + "maxLength": 4096, + "examples": [ + "vers:cargo/9.0.14", + "vers:npm/1.2.3|>=2.0.0|<5.0.0", + "vers:pypi/0.0.0|0.0.1|0.0.2|0.0.3|1.0|2.0pre1", + "vers:tomee/>=1.0.0-beta1|<=1.7.5|>=7.0.0-M1|<=7.0.7|>=7.1.0|<=7.1.2|>=8.0.0-M1|<=8.0.1", + "vers:gem/>=2.2.0|!= 2.2.1|<2.3.0" + ] + }, + "range": { + "deprecated": true, + "description": "Deprecated definition. use definition `versionRange` instead.", + "$ref": "#/definitions/versionRange" + }, + "annotations": { + "type": "object", + "title": "Annotations", + "description": "A comment, note, explanation, or similar textual content which provides additional context to the object(s) being annotated.", + "required": [ + "subjects", + "annotator", + "timestamp", + "text" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + }, + "subjects": { + "type": "array", + "uniqueItems": true, + "items": { + "anyOf": [ + { + "title": "Ref", + "$ref": "#/definitions/refLinkType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] + }, + "title": "Subjects", + "description": "The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs." + }, + "annotator": { + "type": "object", + "title": "Annotator", + "description": "The organization, person, component, or service which created the textual content of the annotation.", + "oneOf": [ + { + "required": [ + "organization" + ] + }, + { + "required": [ + "individual" + ] + }, + { + "required": [ + "component" + ] + }, + { + "required": [ + "service" + ] + } + ], + "additionalProperties": false, + "properties": { + "organization": { + "description": "The organization that created the annotation", + "$ref": "#/definitions/organizationalEntity" + }, + "individual": { + "description": "The person that created the annotation", + "$ref": "#/definitions/organizationalContact" + }, + "component": { + "description": "The tool or component that created the annotation", + "$ref": "#/definitions/component" + }, + "service": { + "description": "The service that created the annotation", + "$ref": "#/definitions/service" + } + } + }, + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The date and time (timestamp) when the annotation was created." + }, + "text": { + "type": "string", + "title": "Text", + "description": "The textual content of the annotation." + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "modelCard": { + "$comment": "Model card support in CycloneDX is derived from TensorFlow Model Card Toolkit released under the Apache 2.0 license and available from https://github.com/tensorflow/model-card-toolkit/blob/main/model_card_toolkit/schema/v0.0.2/model_card.schema.json. In addition, CycloneDX model card support includes portions of VerifyML, also released under the Apache 2.0 license and available from https://github.com/cylynx/verifyml/blob/main/verifyml/model_card_toolkit/schema/v0.0.4/model_card.schema.json.", + "type": "object", + "title": "Model Card", + "description": "A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and must not be specified for other component types.", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + }, + "modelParameters": { + "type": "object", + "title": "Model Parameters", + "description": "Hyper-parameters for construction of the model.", + "additionalProperties": false, + "properties": { + "approach": { + "type": "object", + "title": "Approach", + "description": "The overall approach to learning used by the model for problem solving.", + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "title": "Learning Type", + "description": "Learning types describing the learning problem or hybrid learning problem.", + "enum": [ + "supervised", + "unsupervised", + "reinforcement-learning", + "semi-supervised", + "self-supervised" + ], + "meta:enum": { + "supervised": "Supervised machine learning involves training an algorithm on labeled data to predict or classify new data based on the patterns learned from the labeled examples.", + "unsupervised": "Unsupervised machine learning involves training algorithms on unlabeled data to discover patterns, structures, or relationships without explicit guidance, allowing the model to identify inherent structures or clusters within the data.", + "reinforcement-learning": "Reinforcement learning is a type of machine learning where an agent learns to make decisions by interacting with an environment to maximize cumulative rewards, through trial and error.", + "semi-supervised": "Semi-supervised machine learning utilizes a combination of labeled and unlabeled data during training to improve model performance, leveraging the benefits of both supervised and unsupervised learning techniques.", + "self-supervised": "Self-supervised machine learning involves training models to predict parts of the input data from other parts of the same data, without requiring external labels, enabling learning from large amounts of unlabeled data." + } + } + } + }, + "task": { + "type": "string", + "title": "Task", + "description": "Directly influences the input and/or output. Examples include classification, regression, clustering, etc." + }, + "architectureFamily": { + "type": "string", + "title": "Architecture Family", + "description": "The model architecture family such as transformer network, convolutional neural network, residual neural network, LSTM neural network, etc." + }, + "modelArchitecture": { + "type": "string", + "title": "Model Architecture", + "description": "The specific architecture of the model such as GPT-1, ResNet-50, YOLOv3, etc." + }, + "datasets": { + "type": "array", + "title": "Datasets", + "description": "The datasets used to train and evaluate the model.", + "items" : { + "oneOf" : [ + { + "title": "Inline Data Information", + "$ref": "#/definitions/componentData" + }, + { + "type": "object", + "title": "Data Reference", + "additionalProperties": false, + "properties": { + "ref": { + "anyOf": [ + { + "title": "Ref", + "$ref": "#/definitions/refLinkType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ], + "title": "Reference", + "type": "string", + "description": "References a data component by the components bom-ref attribute" + } + } + } + ] + } + }, + "inputs": { + "type": "array", + "title": "Inputs", + "description": "The input format(s) of the model", + "items": { "$ref": "#/definitions/inputOutputMLParameters" } + }, + "outputs": { + "type": "array", + "title": "Outputs", + "description": "The output format(s) from the model", + "items": { "$ref": "#/definitions/inputOutputMLParameters" } + } + } + }, + "quantitativeAnalysis": { + "type": "object", + "title": "Quantitative Analysis", + "description": "A quantitative analysis of the model", + "additionalProperties": false, + "properties": { + "performanceMetrics": { + "type": "array", + "title": "Performance Metrics", + "description": "The model performance metrics being reported. Examples may include accuracy, F1 score, precision, top-3 error rates, MSC, etc.", + "items": { "$ref": "#/definitions/performanceMetric" } + }, + "graphics": { "$ref": "#/definitions/graphicsCollection" } + } + }, + "considerations": { + "type": "object", + "title": "Considerations", + "description": "What considerations should be taken into account regarding the model's construction, training, and application?", + "additionalProperties": false, + "properties": { + "users": { + "type": "array", + "title": "Users", + "description": "Who are the intended users of the model?", + "items": { + "type": "string" + } + }, + "useCases": { + "type": "array", + "title": "Use Cases", + "description": "What are the intended use cases of the model?", + "items": { + "type": "string" + } + }, + "technicalLimitations": { + "type": "array", + "title": "Technical Limitations", + "description": "What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?", + "items": { + "type": "string" + } + }, + "performanceTradeoffs": { + "type": "array", + "title": "Performance Tradeoffs", + "description": "What are the known tradeoffs in accuracy/performance of the model?", + "items": { + "type": "string" + } + }, + "ethicalConsiderations": { + "type": "array", + "title": "Ethical Considerations", + "description": "What are the ethical risks involved in the application of this model?", + "items": { "$ref": "#/definitions/risk" } + }, + "environmentalConsiderations":{ + "$ref": "#/definitions/environmentalConsiderations", + "title": "Environmental Considerations", + "description": "What are the various environmental impacts the corresponding machine learning model has exhibited across its lifecycle?" + }, + "fairnessAssessments": { + "type": "array", + "title": "Fairness Assessments", + "description": "How does the model affect groups at risk of being systematically disadvantaged? What are the harms and benefits to the various affected groups?", + "items": { + "$ref": "#/definitions/fairnessAssessment" + } + } + } + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": {"$ref": "#/definitions/property"} + } + } + }, + "inputOutputMLParameters": { + "type": "object", + "title": "Input and Output Parameters", + "additionalProperties": false, + "properties": { + "format": { + "title": "Input/Output Format", + "description": "The data format for input/output to the model.", + "type": "string", + "examples": [ "string", "image", "time-series"] + } + } + }, + "componentData": { + "type": "object", + "additionalProperties": false, + "required": [ + "type" + ], + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + }, + "type": { + "type": "string", + "title": "Type of Data", + "description": "The general theme or subject matter of the data being specified.", + "enum": [ + "source-code", + "configuration", + "dataset", + "definition", + "other" + ], + "meta:enum": { + "source-code": "Any type of code, code snippet, or data-as-code.", + "configuration": "Parameters or settings that may be used by other components.", + "dataset": "A collection of data.", + "definition": "Data that can be used to create new instances of what the definition defines.", + "other": "Any other type of data that does not fit into existing definitions." + } + }, + "name": { + "title": "Dataset Name", + "description": "The name of the dataset.", + "type": "string" + }, + "contents": { + "type": "object", + "title": "Data Contents", + "description": "The contents or references to the contents of the data being described.", + "additionalProperties": false, + "properties": { + "attachment": { + "title": "Data Attachment", + "description": "An optional way to include textual or encoded data.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "Data URL", + "description": "The URL to where the data can be retrieved.", + "format": "iri-reference" + }, + "properties": { + "type": "array", + "title": "Configuration Properties", + "description": "Provides the ability to document name-value parameters used for configuration.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "classification": { + "$ref": "#/definitions/dataClassification" + }, + "sensitiveData": { + "type": "array", + "title": "Sensitive Data", + "description": "A description of any sensitive data in a dataset.", + "items": { + "type": "string" + } + }, + "graphics": { "$ref": "#/definitions/graphicsCollection" }, + "description": { + "title": "Dataset Description", + "description": "A description of the dataset. Can describe size of dataset, whether it's used for source code, training, testing, or validation, etc.", + "type": "string" + }, + "governance": { + "title": "Data Governance", + "$ref": "#/definitions/dataGovernance" + } + } + }, + "dataGovernance": { + "type": "object", + "title": "Data Governance", + "description": "Data governance captures information regarding data ownership, stewardship, and custodianship, providing insights into the individuals or entities responsible for managing, overseeing, and safeguarding the data throughout its lifecycle.", + "additionalProperties": false, + "properties": { + "custodians": { + "type": "array", + "title": "Data Custodians", + "description": "Data custodians are responsible for the safe custody, transport, and storage of data.", + "items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" } + }, + "stewards": { + "type": "array", + "title": "Data Stewards", + "description": "Data stewards are responsible for data content, context, and associated business rules.", + "items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" } + }, + "owners": { + "type": "array", + "title": "Data Owners", + "description": "Data owners are concerned with risk and appropriate access to data.", + "items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" } + } + } + }, + "dataGovernanceResponsibleParty": { + "type": "object", + "additionalProperties": false, + "properties": { + "organization": { + "title": "Organization", + "description": "The organization that is responsible for specific data governance role(s).", + "$ref": "#/definitions/organizationalEntity" + }, + "contact": { + "title": "Individual", + "description": "The individual that is responsible for specific data governance role(s).", + "$ref": "#/definitions/organizationalContact" + } + }, + "oneOf":[ + { + "required": ["organization"] + }, + { + "required": ["contact"] + } + ] + }, + "graphicsCollection": { + "type": "object", + "title": "Graphics Collection", + "description": "A collection of graphics that represent various measurements.", + "additionalProperties": false, + "properties": { + "description": { + "title": "Description", + "description": "A description of this collection of graphics.", + "type": "string" + }, + "collection": { + "title": "Collection", + "description": "A collection of graphics.", + "type": "array", + "items": { "$ref": "#/definitions/graphic" } + } + } + }, + "graphic": { + "type": "object", + "title": "Graphic", + "additionalProperties": false, + "properties": { + "name": { + "title": "Name", + "description": "The name of the graphic.", + "type": "string" + }, + "image": { + "title": "Graphic Image", + "description": "The graphic (vector or raster). Base64 encoding must be specified for binary images.", + "$ref": "#/definitions/attachment" + } + } + }, + "performanceMetric": { + "type": "object", + "title": "Performance Metric", + "additionalProperties": false, + "properties": { + "type": { + "title": "Type", + "description": "The type of performance metric.", + "type": "string" + }, + "value": { + "title": "Value", + "description": "The value of the performance metric.", + "type": "string" + }, + "slice": { + "title": "Slice", + "description": "The name of the slice this metric was computed on. By default, assume this metric is not sliced.", + "type": "string" + }, + "confidenceInterval": { + "title": "Confidence Interval", + "description": "The confidence interval of the metric.", + "type": "object", + "additionalProperties": false, + "properties": { + "lowerBound": { + "title": "Lower Bound", + "description": "The lower bound of the confidence interval.", + "type": "string" + }, + "upperBound": { + "title": "Upper Bound", + "description": "The upper bound of the confidence interval.", + "type": "string" + } + } + } + } + }, + "risk": { + "type": "object", + "title": "Risk", + "additionalProperties": false, + "properties": { + "name": { + "title": "Name", + "description": "The name of the risk.", + "type": "string" + }, + "mitigationStrategy": { + "title": "Mitigation Strategy", + "description": "Strategy used to address this risk.", + "type": "string" + } + } + }, + "fairnessAssessment": { + "type": "object", + "title": "Fairness Assessment", + "description": "Information about the benefits and harms of the model to an identified at risk group.", + "additionalProperties": false, + "properties": { + "groupAtRisk": { + "type": "string", + "title": "Group at Risk", + "description": "The groups or individuals at risk of being systematically disadvantaged by the model." + }, + "benefits": { + "type": "string", + "title": "Benefits", + "description": "Expected benefits to the identified groups." + }, + "harms": { + "type": "string", + "title": "Harms", + "description": "Expected harms to the identified groups." + }, + "mitigationStrategy": { + "type": "string", + "title": "Mitigation Strategy", + "description": "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented." + } + } + }, + "dataClassification": { + "type": "string", + "title": "Data Classification", + "description": "Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed." + }, + "environmentalConsiderations": { + "type": "object", + "title": "Environmental Considerations", + "description": "Describes various environmental impact metrics.", + "additionalProperties": false, + "properties": { + "energyConsumptions": { + "title": "Energy Consumptions", + "description": "Describes energy consumption information incurred for one or more component lifecycle activities.", + "type": "array", + "items": { + "$ref": "#/definitions/energyConsumption" + } + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "energyConsumption": { + "title": "Energy consumption", + "description": "Describes energy consumption information incurred for the specified lifecycle activity.", + "type": "object", + "required": [ + "activity", + "energyProviders", + "activityEnergyCost" + ], + "additionalProperties": false, + "properties": { + "activity": { + "type": "string", + "title": "Activity", + "description": "The type of activity that is part of a machine learning model development or operational lifecycle.", + "enum": [ + "design", + "data-collection", + "data-preparation", + "training", + "fine-tuning", + "validation", + "deployment", + "inference", + "other" + ], + "meta:enum": { + "design": "A model design including problem framing, goal definition and algorithm selection.", + "data-collection": "Model data acquisition including search, selection and transfer.", + "data-preparation": "Model data preparation including data cleaning, labeling and conversion.", + "training": "Model building, training and generalized tuning.", + "fine-tuning": "Refining a trained model to produce desired outputs for a given problem space.", + "validation": "Model validation including model output evaluation and testing.", + "deployment": "Explicit model deployment to a target hosting infrastructure.", + "inference": "Generating an output response from a hosted model from a set of inputs.", + "other": "A lifecycle activity type whose description does not match currently defined values." + } + }, + "energyProviders": { + "title": "Energy Providers", + "description": "The provider(s) of the energy consumed by the associated model development lifecycle activity.", + "type": "array", + "items": { "$ref": "#/definitions/energyProvider" } + }, + "activityEnergyCost": { + "title": "Activity Energy Cost", + "description": "The total energy cost associated with the model lifecycle activity.", + "$ref": "#/definitions/energyMeasure" + }, + "co2CostEquivalent": { + "title": "CO2 Equivalent Cost", + "description": "The CO2 cost (debit) equivalent to the total energy cost.", + "$ref": "#/definitions/co2Measure" + }, + "co2CostOffset": { + "title": "CO2 Cost Offset", + "description": "The CO2 offset (credit) for the CO2 equivalent cost.", + "$ref": "#/definitions/co2Measure" + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "energyMeasure": { + "type": "object", + "title": "Energy Measure", + "description": "A measure of energy.", + "required": [ + "value", + "unit" + ], + "additionalProperties": false, + "properties": { + "value": { + "type": "number", + "title": "Value", + "description": "Quantity of energy." + }, + "unit": { + "type": "string", + "enum": [ "kWh" ], + "title": "Unit", + "description": "Unit of energy.", + "meta:enum": { + "kWh": "Kilowatt-hour (kWh) is the energy delivered by one kilowatt (kW) of power for one hour (h)." + } + } + } + }, + "co2Measure": { + "type": "object", + "title": "CO2 Measure", + "description": "A measure of carbon dioxide (CO2).", + "required": [ + "value", + "unit" + ], + "additionalProperties": false, + "properties": { + "value": { + "type": "number", + "title": "Value", + "description": "Quantity of carbon dioxide (CO2)." + }, + "unit": { + "type": "string", + "enum": [ "tCO2eq" ], + "title": "Unit", + "description": "Unit of carbon dioxide (CO2).", + "meta:enum": { + "tCO2eq": "Tonnes (t) of carbon dioxide (CO2) equivalent (eq)." + } + } + } + }, + "energyProvider": { + "type": "object", + "title": "Energy Provider", + "description": "Describes the physical provider of energy used for model development or operations.", + "required": [ + "organization", + "energySource", + "energyProvided" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the energy provider elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "$ref": "#/definitions/refType" + }, + "description": { + "type": "string", + "title": "Description", + "description": "A description of the energy provider." + }, + "organization": { + "type": "object", + "title": "Organization", + "description": "The organization that provides energy.", + "$ref": "#/definitions/organizationalEntity" + }, + "energySource": { + "type": "string", + "enum": [ + "coal", + "oil", + "natural-gas", + "nuclear", + "wind", + "solar", + "geothermal", + "hydropower", + "biofuel", + "unknown", + "other" + ], + "meta:enum": { + "coal": "Energy produced by types of coal.", + "oil": "Petroleum products (primarily crude oil and its derivative fuel oils).", + "natural-gas": "Hydrocarbon gas liquids (HGL) that occur as gases at atmospheric pressure and as liquids under higher pressures including Natural gas (C5H12 and heavier), Ethane (C2H6), Propane (C3H8), etc.", + "nuclear": "Energy produced from the cores of atoms (i.e., through nuclear fission or fusion).", + "wind": "Energy produced from moving air.", + "solar": "Energy produced from the sun (i.e., solar radiation).", + "geothermal": "Energy produced from heat within the earth.", + "hydropower": "Energy produced from flowing water.", + "biofuel": "Liquid fuels produced from biomass feedstocks (i.e., organic materials such as plants or animals).", + "unknown": "The energy source is unknown.", + "other": "An energy source that is not listed." + }, + "title": "Energy Source", + "description": "The energy source for the energy provider." + }, + "energyProvided": { + "$ref": "#/definitions/energyMeasure", + "title": "Energy Provided", + "description": "The energy provided by the energy source for an associated activity." + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." + } + } + }, + "postalAddress": { + "type": "object", + "title": "Postal address", + "description": "An address used to identify a contactable location.", + "additionalProperties": false, + "properties": { + "bom-ref": { + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the address elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "$ref": "#/definitions/refType" + }, + "country": { + "type": "string", + "title": "Country", + "description": "The country name or the two-letter ISO 3166-1 country code." + }, + "region": { + "type": "string", + "title": "Region", + "description": "The region or state in the country.", + "examples": [ "Texas" ] + }, + "locality": { + "type": "string", + "title": "Locality", + "description": "The locality or city within the country.", + "examples": [ "Austin" ] + }, + "postOfficeBoxNumber": { + "type": "string", + "title": "Post Office Box Number", + "description": "The post office box number.", + "examples": [ "901" ] + }, + "postalCode": { + "type": "string", + "title": "Postal Code", + "description": "The postal code.", + "examples": [ "78758" ] + }, + "streetAddress": { + "type": "string", + "title": "Street Address", + "description": "The street address.", + "examples": [ "100 Main Street" ] + } + } + }, + "formula": { + "title": "Formula", + "description": "Describes workflows and resources that captures rules and other aspects of how the associated BOM component or service was formed.", + "type": "object", + "additionalProperties": false, + "properties": { + "bom-ref": { + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the formula elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "$ref": "#/definitions/refType" + }, + "components": { + "title": "Components", + "description": "Transient components that are used in tasks that constitute one or more of this formula's workflows", + "type": "array", + "items": { + "$ref": "#/definitions/component" + }, + "uniqueItems": true + }, + "services": { + "title": "Services", + "description": "Transient services that are used in tasks that constitute one or more of this formula's workflows", + "type": "array", + "items": { + "$ref": "#/definitions/service" + }, + "uniqueItems": true + }, + "workflows": { + "title": "Workflows", + "description": "List of workflows that can be declared to accomplish specific orchestrated goals and independently triggered.", + "$comment": "Different workflows can be designed to work together to perform end-to-end CI/CD builds and deployments.", + "type": "array", + "items": { + "$ref": "#/definitions/workflow" + }, + "uniqueItems": true + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "workflow": { + "title": "Workflow", + "description": "A specialized orchestration task.", + "$comment": "Workflow are as task themselves and can trigger other workflow tasks. These relationships can be modeled in the taskDependencies graph.", + "type": "object", + "required": [ + "bom-ref", + "uid", + "taskTypes" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "$ref": "#/definitions/refType" + }, + "uid": { + "title": "Unique Identifier (UID)", + "description": "The unique identifier for the resource instance within its deployment context.", + "type": "string" + }, + "name": { + "title": "Name", + "description": "The name of the resource instance.", + "type": "string" + }, + "description": { + "title": "Description", + "description": "A description of the resource instance.", + "type": "string" + }, + "resourceReferences": { + "title": "Resource references", + "description": "References to component or service resources that are used to realize the resource instance.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/resourceReferenceChoice" + } + }, + "tasks": { + "title": "Tasks", + "description": "The tasks that comprise the workflow.", + "$comment": "Note that tasks can appear more than once as different instances (by name or UID).", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/task" + } + }, + "taskDependencies": { + "title": "Task dependency graph", + "description": "The graph of dependencies between tasks within the workflow.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/dependency" + } + }, + "taskTypes": { + "title": "Task types", + "description": "Indicates the types of activities performed by the set of workflow tasks.", + "$comment": "Currently, these types reflect common CI/CD actions.", + "type": "array", + "items": { + "$ref": "#/definitions/taskType" + } + }, + "trigger": { + "title": "Trigger", + "description": "The trigger that initiated the task.", + "$ref": "#/definitions/trigger" + }, + "steps": { + "title": "Steps", + "description": "The sequence of steps for the task.", + "type": "array", + "items": { + "$ref": "#/definitions/step" + }, + "uniqueItems": true + }, + "inputs": { + "title": "Inputs", + "description": "Represents resources and data brought into a task at runtime by executor or task commands", + "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], + "type": "array", + "items": { + "$ref": "#/definitions/inputType" + }, + "uniqueItems": true + }, + "outputs": { + "title": "Outputs", + "description": "Represents resources and data output from a task at runtime by executor or task commands", + "examples": ["a log file or metrics data produced by the task"], + "type": "array", + "items": { + "$ref": "#/definitions/outputType" + }, + "uniqueItems": true + }, + "timeStart": { + "title": "Time start", + "description": "The date and time (timestamp) when the task started.", + "type": "string", + "format": "date-time" + }, + "timeEnd": { + "title": "Time end", + "description": "The date and time (timestamp) when the task ended.", + "type": "string", + "format": "date-time" + }, + "workspaces": { + "title": "Workspaces", + "description": "A set of named filesystem or data resource shareable by workflow tasks.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/workspace" + } + }, + "runtimeTopology": { + "title": "Runtime topology", + "description": "A graph of the component runtime topology for workflow's instance.", + "$comment": "A description of the runtime component and service topology. This can describe a partial or complete topology used to host and execute the task (e.g., hardware, operating systems, configurations, etc.),", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/dependency" + } + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "task": { + "title": "Task", + "description": "Describes the inputs, sequence of steps and resources used to accomplish a task and its output.", + "$comment": "Tasks are building blocks for constructing assemble CI/CD workflows or pipelines.", + "type": "object", + "required": [ + "bom-ref", + "uid", + "taskTypes" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the task elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "$ref": "#/definitions/refType" + }, + "uid": { + "title": "Unique Identifier (UID)", + "description": "The unique identifier for the resource instance within its deployment context.", + "type": "string" + }, + "name": { + "title": "Name", + "description": "The name of the resource instance.", + "type": "string" + }, + "description": { + "title": "Description", + "description": "A description of the resource instance.", + "type": "string" + }, + "resourceReferences": { + "title": "Resource references", + "description": "References to component or service resources that are used to realize the resource instance.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/resourceReferenceChoice" + } + }, + "taskTypes": { + "title": "Task types", + "description": "Indicates the types of activities performed by the set of workflow tasks.", + "$comment": "Currently, these types reflect common CI/CD actions.", + "type": "array", + "items": { + "$ref": "#/definitions/taskType" + } + }, + "trigger": { + "title": "Trigger", + "description": "The trigger that initiated the task.", + "$ref": "#/definitions/trigger" + }, + "steps": { + "title": "Steps", + "description": "The sequence of steps for the task.", + "type": "array", + "items": { + "$ref": "#/definitions/step" + }, + "uniqueItems": true + }, + "inputs": { + "title": "Inputs", + "description": "Represents resources and data brought into a task at runtime by executor or task commands", + "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], + "type": "array", + "items": { + "$ref": "#/definitions/inputType" + }, + "uniqueItems": true + }, + "outputs": { + "title": "Outputs", + "description": "Represents resources and data output from a task at runtime by executor or task commands", + "examples": ["a log file or metrics data produced by the task"], + "type": "array", + "items": { + "$ref": "#/definitions/outputType" + }, + "uniqueItems": true + }, + "timeStart": { + "title": "Time start", + "description": "The date and time (timestamp) when the task started.", + "type": "string", + "format": "date-time" + }, + "timeEnd": { + "title": "Time end", + "description": "The date and time (timestamp) when the task ended.", + "type": "string", + "format": "date-time" + }, + "workspaces": { + "title": "Workspaces", + "description": "A set of named filesystem or data resource shareable by workflow tasks.", + "type": "array", + "items": { + "$ref": "#/definitions/workspace" + }, + "uniqueItems": true + }, + "runtimeTopology": { + "title": "Runtime topology", + "description": "A graph of the component runtime topology for task's instance.", + "$comment": "A description of the runtime component and service topology. This can describe a partial or complete topology used to host and execute the task (e.g., hardware, operating systems, configurations, etc.),", + "type": "array", + "items": { + "$ref": "#/definitions/dependency" + }, + "uniqueItems": true + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "step": { + "type": "object", + "description": "Executes specific commands or tools in order to accomplish its owning task as part of a sequence.", + "additionalProperties": false, + "properties": { + "name": { + "title": "Name", + "description": "A name for the step.", + "type": "string" + }, + "description": { + "title": "Description", + "description": "A description of the step.", + "type": "string" + }, + "commands": { + "title": "Commands", + "description": "Ordered list of commands or directives for the step", + "type": "array", + "items": { + "$ref": "#/definitions/command" + } + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "command": { + "type": "object", + "additionalProperties": false, + "properties": { + "executed": { + "title": "Executed", + "description": "A text representation of the executed command.", + "type": "string" + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "workspace": { + "title": "Workspace", + "description": "A named filesystem or data resource shareable by workflow tasks.", + "type": "object", + "required": [ + "bom-ref", + "uid" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "$ref": "#/definitions/refType" + }, + "uid": { + "title": "Unique Identifier (UID)", + "description": "The unique identifier for the resource instance within its deployment context.", + "type": "string" + }, + "name": { + "title": "Name", + "description": "The name of the resource instance.", + "type": "string" + }, + "aliases": { + "title": "Aliases", + "description": "The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping so other tasks can use their own local name in their steps.", + "type": "array", + "items": {"type": "string"} + }, + "description": { + "title": "Description", + "description": "A description of the resource instance.", + "type": "string" + }, + "resourceReferences": { + "title": "Resource references", + "description": "References to component or service resources that are used to realize the resource instance.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/resourceReferenceChoice" + } + }, + "accessMode": { + "title": "Access mode", + "description": "Describes the read-write access control for the workspace relative to the owning resource instance.", + "type": "string", + "enum": [ + "read-only", + "read-write", + "read-write-once", + "write-once", + "write-only" + ] + }, + "mountPath": { + "title": "Mount path", + "description": "A path to a location on disk where the workspace will be available to the associated task's steps.", + "type": "string" + }, + "managedDataType": { + "title": "Managed data type", + "description": "The name of a domain-specific data type the workspace represents.", + "$comment": "This property is for CI/CD frameworks that are able to provide access to structured, managed data at a more granular level than a filesystem.", + "examples": ["ConfigMap","Secret"], + "type": "string" + }, + "volumeRequest": { + "title": "Volume request", + "description": "Identifies the reference to the request for a specific volume type and parameters.", + "examples": ["a kubernetes Persistent Volume Claim (PVC) name"], + "type": "string" + }, + "volume": { + "title": "Volume", + "description": "Information about the actual volume instance allocated to the workspace.", + "$comment": "The actual volume allocated may be different than the request.", + "examples": ["see https://kubernetes.io/docs/concepts/storage/persistent-volumes/"], + "$ref": "#/definitions/volume" + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "volume": { + "title": "Volume", + "description": "An identifiable, logical unit of data storage tied to a physical device.", + "type": "object", + "additionalProperties": false, + "properties": { + "uid": { + "title": "Unique Identifier (UID)", + "description": "The unique identifier for the volume instance within its deployment context.", + "type": "string" + }, + "name": { + "title": "Name", + "description": "The name of the volume instance", + "type": "string" + }, + "mode": { + "title": "Mode", + "description": "The mode for the volume instance.", + "type": "string", + "enum": [ + "filesystem", "block" + ], + "default": "filesystem" + }, + "path": { + "title": "Path", + "description": "The underlying path created from the actual volume.", + "type": "string" + }, + "sizeAllocated": { + "title": "Size allocated", + "description": "The allocated size of the volume accessible to the associated workspace. This should include the scalar size as well as IEC standard unit in either decimal or binary form.", + "examples": ["10GB", "2Ti", "1Pi"], + "type": "string" + }, + "persistent": { + "title": "Persistent", + "description": "Indicates if the volume persists beyond the life of the resource it is associated with.", + "type": "boolean" + }, + "remote": { + "title": "Remote", + "description": "Indicates if the volume is remotely (i.e., network) attached.", + "type": "boolean" + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "trigger": { + "title": "Trigger", + "description": "Represents a resource that can conditionally activate (or fire) tasks based upon associated events and their data.", + "type": "object", + "additionalProperties": false, + "required": [ + "type", + "bom-ref", + "uid" + ], + "properties": { + "bom-ref": { + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the trigger elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "$ref": "#/definitions/refType" + }, + "uid": { + "title": "Unique Identifier (UID)", + "description": "The unique identifier for the resource instance within its deployment context.", + "type": "string" + }, + "name": { + "title": "Name", + "description": "The name of the resource instance.", + "type": "string" + }, + "description": { + "title": "Description", + "description": "A description of the resource instance.", + "type": "string" + }, + "resourceReferences": { + "title": "Resource references", + "description": "References to component or service resources that are used to realize the resource instance.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/resourceReferenceChoice" + } + }, + "type": { + "title": "Type", + "description": "The source type of event which caused the trigger to fire.", + "type": "string", + "enum": [ + "manual", + "api", + "webhook", + "scheduled" + ] + }, + "event": { + "title": "Event", + "description": "The event data that caused the associated trigger to activate.", + "$ref": "#/definitions/event" + }, + "conditions": { + "type": "array", + "title": "Conditions", + "description": "A list of conditions used to determine if a trigger should be activated.", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/condition" + } + }, + "timeActivated": { + "title": "Time activated", + "description": "The date and time (timestamp) when the trigger was activated.", + "type": "string", + "format": "date-time" + }, + "inputs": { + "title": "Inputs", + "description": "Represents resources and data brought into a task at runtime by executor or task commands", + "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], + "type": "array", + "items": { + "$ref": "#/definitions/inputType" + }, + "uniqueItems": true + }, + "outputs": { + "title": "Outputs", + "description": "Represents resources and data output from a task at runtime by executor or task commands", + "examples": ["a log file or metrics data produced by the task"], + "type": "array", + "items": { + "$ref": "#/definitions/outputType" + }, + "uniqueItems": true + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "event": { + "title": "Event", + "description": "Represents something that happened that may trigger a response.", + "type": "object", + "additionalProperties": false, + "properties": { + "uid": { + "title": "Unique Identifier (UID)", + "description": "The unique identifier of the event.", + "type": "string" + }, + "description": { + "title": "Description", + "description": "A description of the event.", + "type": "string" + }, + "timeReceived": { + "title": "Time Received", + "description": "The date and time (timestamp) when the event was received.", + "type": "string", + "format": "date-time" + }, + "data": { + "title": "Data", + "description": "Encoding of the raw event data.", + "$ref": "#/definitions/attachment" + }, + "source": { + "title": "Source", + "description": "References the component or service that was the source of the event", + "$ref": "#/definitions/resourceReferenceChoice" + }, + "target": { + "title": "Target", + "description": "References the component or service that was the target of the event", + "$ref": "#/definitions/resourceReferenceChoice" + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "inputType": { + "title": "Input type", + "description": "Type that represents various input data types and formats.", + "type": "object", + "oneOf": [ + { + "required": [ + "resource" + ] + }, + { + "required": [ + "parameters" + ] + }, + { + "required": [ + "environmentVars" + ] + }, + { + "required": [ + "data" + ] + } + ], + "additionalProperties": false, + "properties": { + "source": { + "title": "Source", + "description": "A reference to the component or service that provided the input to the task (e.g., reference to a service with data flow value of `inbound`)", + "examples": [ + "source code repository", + "database" + ], + "$ref": "#/definitions/resourceReferenceChoice" + }, + "target": { + "title": "Target", + "description": "A reference to the component or service that received or stored the input if not the task itself (e.g., a local, named storage workspace)", + "examples": [ + "workspace", + "directory" + ], + "$ref": "#/definitions/resourceReferenceChoice" + }, + "resource": { + "title": "Resource", + "description": "A reference to an independent resource provided as an input to a task by the workflow runtime.", + "examples": [ + "a reference to a configuration file in a repository (i.e., a bom-ref)", + "a reference to a scanning service used in a task (i.e., a bom-ref)" + ], + "$ref": "#/definitions/resourceReferenceChoice" + }, + "parameters": { + "title": "Parameters", + "description": "Inputs that have the form of parameters with names and values.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/parameter" + } + }, + "environmentVars": { + "title": "Environment variables", + "description": "Inputs that have the form of parameters with names and values.", + "type": "array", + "uniqueItems": true, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/property" + }, + { + "type": "string" + } + ] + } + }, + "data": { + "title": "Data", + "description": "Inputs that have the form of data.", + "$ref": "#/definitions/attachment" + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "outputType": { + "type": "object", + "oneOf": [ + { + "required": [ + "resource" + ] + }, + { + "required": [ + "environmentVars" + ] + }, + { + "required": [ + "data" + ] + } + ], + "additionalProperties": false, + "properties": { + "type": { + "title": "Type", + "description": "Describes the type of data output.", + "type": "string", + "enum": [ + "artifact", + "attestation", + "log", + "evidence", + "metrics", + "other" + ] + }, + "source": { + "title": "Source", + "description": "Component or service that generated or provided the output from the task (e.g., a build tool)", + "$ref": "#/definitions/resourceReferenceChoice" + }, + "target": { + "title": "Target", + "description": "Component or service that received the output from the task (e.g., reference to an artifactory service with data flow value of `outbound`)", + "examples": ["a log file described as an `externalReference` within its target domain."], + "$ref": "#/definitions/resourceReferenceChoice" + }, + "resource": { + "title": "Resource", + "description": "A reference to an independent resource generated as output by the task.", + "examples": [ + "configuration file", + "source code", + "scanning service" + ], + "$ref": "#/definitions/resourceReferenceChoice" + }, + "data": { + "title": "Data", + "description": "Outputs that have the form of data.", + "$ref": "#/definitions/attachment" + }, + "environmentVars": { + "title": "Environment variables", + "description": "Outputs that have the form of environment variables.", + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/property" + }, + { + "type": "string" + } + ] + }, + "uniqueItems": true + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "resourceReferenceChoice": { + "title": "Resource reference choice", + "description": "A reference to a locally defined resource (e.g., a bom-ref) or an externally accessible resource.", + "$comment": "Enables reference to a resource that participates in a workflow; using either internal (bom-ref) or external (externalReference) types.", + "type": "object", + "additionalProperties": false, + "properties": { + "ref": { + "title": "BOM Reference", + "description": "References an object by its bom-ref attribute", + "anyOf": [ + { + "title": "Ref", + "$ref": "#/definitions/refLinkType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] + }, + "externalReference": { + "title": "External reference", + "description": "Reference to an externally accessible resource.", + "$ref": "#/definitions/externalReference" + } + }, + "oneOf": [ + { + "required": [ + "ref" + ] + }, + { + "required": [ + "externalReference" + ] + } + ] + }, + "condition": { + "title": "Condition", + "description": "A condition that was used to determine a trigger should be activated.", + "type": "object", + "additionalProperties": false, + "properties": { + "description": { + "title": "Description", + "description": "Describes the set of conditions which cause the trigger to activate.", + "type": "string" + }, + "expression": { + "title": "Expression", + "description": "The logical expression that was evaluated that determined the trigger should be fired.", + "type": "string" + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "taskType": { + "type": "string", + "enum": [ + "copy", + "clone", + "lint", + "scan", + "merge", + "build", + "test", + "deliver", + "deploy", + "release", + "clean", + "other" + ], + "meta:enum": { + "copy": "A task that copies software or data used to accomplish other tasks in the workflow.", + "clone": "A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step.", + "lint": "A task that checks source code for programmatic and stylistic errors.", + "scan": "A task that performs a scan against source code, or built or deployed components and services. Scans are typically run to gather or test for security vulnerabilities or policy compliance.", + "merge": "A task that merges changes or fixes into source code prior to a build step in the workflow.", + "build": "A task that builds the source code, dependencies and/or data into an artifact that can be deployed to and executed on target systems.", + "test": "A task that verifies the functionality of a component or service.", + "deliver": "A task that delivers a built artifact to one or more target repositories or storage systems.", + "deploy": "A task that deploys a built artifact for execution on one or more target systems.", + "release": "A task that releases a built, versioned artifact to a target repository or distribution system.", + "clean": "A task that cleans unnecessary tools, build artifacts and/or data from workflow storage.", + "other": "A workflow task that does not match current task type definitions." + } + }, + "parameter": { + "title": "Parameter", + "description": "A representation of a functional parameter.", + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "title": "Name", + "description": "The name of the parameter.", + "type": "string" + }, + "value": { + "title": "Value", + "description": "The value of the parameter.", + "type": "string" + }, + "dataType": { + "title": "Data type", + "description": "The data type of the parameter.", + "type": "string" + } + } + }, + "componentIdentityEvidence": { + "type": "object", + "title": "Identity Evidence", + "description": "Evidence that substantiates the identity of a component.", + "required": [ "field" ], + "additionalProperties": false, + "properties": { + "field": { + "type": "string", + "enum": [ + "group", "name", "version", "purl", "cpe", "omniborId", "swhid", "swid", "hash" + ], + "title": "Field", + "description": "The identity field of the component which the evidence describes." + }, + "confidence": { + "type": "number", + "minimum": 0, + "maximum": 1, + "title": "Confidence", + "description": "The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence." + }, + "concludedValue": { + "type": "string", + "title": "Concluded Value", + "description": "The value of the field (cpe, purl, etc) that has been concluded based on the aggregate of all methods (if available)." + }, + "methods": { + "type": "array", + "title": "Methods", + "description": "The methods used to extract and/or analyze the evidence.", + "items": { + "type": "object", + "required": [ + "technique" , + "confidence" + ], + "additionalProperties": false, + "properties": { + "technique": { + "title": "Technique", + "description": "The technique used in this method of analysis.", + "type": "string", + "enum": [ + "source-code-analysis", + "binary-analysis", + "manifest-analysis", + "ast-fingerprint", + "hash-comparison", + "instrumentation", + "dynamic-analysis", + "filename", + "attestation", + "other" + ] + }, + "confidence": { + "type": "number", + "minimum": 0, + "maximum": 1, + "title": "Confidence", + "description": "The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is specific to the technique used. Each technique of analysis can have independent confidence." + }, + "value": { + "type": "string", + "title": "Value", + "description": "The value or contents of the evidence." + } + } + } + }, + "tools": { + "type": "array", + "uniqueItems": true, + "items": { + "anyOf": [ + { + "title": "Ref", + "$ref": "#/definitions/refLinkType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] + }, + "title": "BOM References", + "description": "The object in the BOM identified by its bom-ref. This is often a component or service but may be any object type supporting bom-refs. Tools used for analysis should already be defined in the BOM, either in the metadata/tools, components, or formulation." + } + } + }, + "standard": { + "type": "object", + "title": "Standard", + "description": "A standard may consist of regulations, industry or organizational-specific standards, maturity models, best practices, or any other requirements which can be evaluated against or attested to.", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the standard. This will often be a shortened, single name of the standard." + }, + "version": { + "type": "string", + "title": "Version", + "description": "The version of the standard." + }, + "description": { + "type": "string", + "title": "Description", + "description": "The description of the standard." + }, + "owner": { + "type": "string", + "title": "Owner", + "description": "The owner of the standard, often the entity responsible for its release." + }, + "requirements": { + "type": "array", + "title": "Requirements", + "description": "The list of requirements comprising the standard.", + "items": { + "type": "object", + "title": "Requirement", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." + }, + "identifier": { + "type": "string", + "title": "Identifier", + "description": "The unique identifier used in the standard to identify a specific requirement. This should match what is in the standard and should not be the requirements bom-ref." + }, + "title": { + "type": "string", + "title": "Title", + "description": "The title of the requirement." + }, + "text": { + "type": "string", + "title": "Text", + "description": "The textual content of the requirement." + }, + "descriptions": { + "type": "array", + "title": "Descriptions", + "description": "The supplemental text that provides additional guidance or context to the requirement, but is not directly part of the requirement.", + "items": { "type": "string" } + }, + "openCre": { + "type": "array", + "title": "OWASP OpenCRE Identifier(s)", + "description": "The Common Requirements Enumeration (CRE) identifier(s). CRE is a structured and standardized framework for uniting security standards and guidelines. CRE links each section of a resource to a shared topic identifier (a Common Requirement). Through this shared topic link, all resources map to each other. Use of CRE promotes clear and unambiguous communication among stakeholders.", + "items": { + "type": "string", + "pattern": "^CRE:[0-9]+-[0-9]+$", + "examples": [ "CRE:764-507" ] + } + }, + "parent": { + "$ref": "#/definitions/refLinkType", + "title": "Parent BOM Reference", + "description": "The optional `bom-ref` to a parent requirement. This establishes a hierarchy of requirements. Top-level requirements must not define a parent. Only child requirements should define parents." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" + } + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." + } + } + } + }, + "levels": { + "type": "array", + "title": "Levels", + "description": "The list of levels associated with the standard. Some standards have different levels of compliance.", + "items": { + "type": "object", + "title": "Level", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." + }, + "identifier": { + "type": "string", + "title": "Identifier", + "description": "The identifier used in the standard to identify a specific level." + }, + "title": { + "type": "string", + "title": "Title", + "description": "The title of the level." + }, + "description": { + "type": "string", + "title": "Description", + "description": "The description of the level." + }, + "requirements": { + "type": "array", + "title": "Requirements", + "description": "The list of requirement `bom-ref`s that comprise the level.", + "items": { "$ref": "#/definitions/refLinkType" } + } + } + } + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "signature": { + "$ref": "jsf-0.82.schema.json#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + }, + "cryptoProperties": { + "type": "object", + "title": "Cryptographic Properties", + "description": "Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) are only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference.", + "additionalProperties": false, + "required": [ + "assetType" + ], + "properties": { + "assetType": { + "type": "string", + "title": "Asset Type", + "description": "Cryptographic assets occur in several forms. Algorithms and protocols are most commonly implemented in specialized cryptographic libraries. They may, however, also be 'hardcoded' in software components. Certificates and related cryptographic material like keys, tokens, secrets or passwords are other cryptographic assets to be modelled.", + "enum": [ + "algorithm", + "certificate", + "protocol", + "related-crypto-material" + ], + "meta:enum": { + "algorithm": "Mathematical function commonly used for data encryption, authentication, and digital signatures.", + "certificate": "An electronic document that is used to provide the identity or validate a public key.", + "protocol": "A set of rules and guidelines that govern the behavior and communication with each other.", + "related-crypto-material": "Other cryptographic assets related to algorithms, certificates, and protocols such as keys and tokens." + } + }, + "algorithmProperties": { + "type": "object", + "title": "Algorithm Properties", + "description": "Additional properties specific to a cryptographic algorithm.", + "additionalProperties": false, + "properties": { + "primitive": { + "type": "string", + "title": "primitive", + "description": "Cryptographic building blocks used in higher-level cryptographic systems and protocols. Primitives represent different cryptographic routines: deterministic random bit generators (drbg, e.g. CTR_DRBG from NIST SP800-90A-r1), message authentication codes (mac, e.g. HMAC-SHA-256), blockciphers (e.g. AES), streamciphers (e.g. Salsa20), signatures (e.g. ECDSA), hash functions (e.g. SHA-256), public-key encryption schemes (pke, e.g. RSA), extended output functions (xof, e.g. SHAKE256), key derivation functions (e.g. pbkdf2), key agreement algorithms (e.g. ECDH), key encapsulation mechanisms (e.g. ML-KEM), authenticated encryption (ae, e.g. AES-GCM) and the combination of multiple algorithms (combiner, e.g. SP800-56Cr2).", + "enum": [ + "drbg", + "mac", + "block-cipher", + "stream-cipher", + "signature", + "hash", + "pke", + "xof", + "kdf", + "key-agree", + "kem", + "ae", + "combiner", + "other", + "unknown" + ], + "meta:enum": { + "drbg": "Deterministic Random Bit Generator (DRBG) is a type of pseudorandom number generator designed to produce a sequence of bits from an initial seed value. DRBGs are commonly used in cryptographic applications where reproducibility of random values is important.", + "mac": "In cryptography, a Message Authentication Code (MAC) is information used for authenticating and integrity-checking a message.", + "block-cipher": "A block cipher is a symmetric key algorithm that operates on fixed-size blocks of data. It encrypts or decrypts the data in block units, providing confidentiality. Block ciphers are widely used in various cryptographic modes and protocols for secure data transmission.", + "stream-cipher": "A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream).", + "signature": "In cryptography, a signature is a digital representation of a message or data that proves its origin, identity, and integrity. Digital signatures are generated using cryptographic algorithms and are widely used for authentication and verification in secure communication.", + "hash": "A hash function is a mathematical algorithm that takes an input (or 'message') and produces a fixed-size string of characters, which is typically a hash value. Hash functions are commonly used in various cryptographic applications, including data integrity verification and password hashing.", + "pke": "Public Key Encryption (PKE) is a type of encryption that uses a pair of public and private keys for secure communication. The public key is used for encryption, while the private key is used for decryption. PKE is a fundamental component of public-key cryptography.", + "xof": "An XOF is an extendable output function that can take arbitrary input and creates a stream of output, up to a limit determined by the size of the internal state of the hash function that underlies the XOF.", + "kdf": "A Key Derivation Function (KDF) derives key material from another source of entropy while preserving the entropy of the input.", + "key-agree": "In cryptography, a key-agreement is a protocol whereby two or more parties agree on a cryptographic key in such a way that both influence the outcome.", + "kem": "A Key Encapsulation Mechanism (KEM) algorithm is a mechanism for transporting random keying material to a recipient using the recipient's public key.", + "ae": "Authenticated Encryption (AE) is a cryptographic process that provides both confidentiality and data integrity. It ensures that the encrypted data has not been tampered with and comes from a legitimate source. AE is commonly used in secure communication protocols.", + "combiner": "A combiner aggregates many candidates for a cryptographic primitive and generates a new candidate for the same primitive.", + "other": "Another primitive type.", + "unknown": "The primitive is not known." + } + }, + "parameterSetIdentifier": { + "type": "string", + "title": "Parameter Set Identifier", + "description": "An identifier for the parameter set of the cryptographic algorithm. Examples: in AES128, '128' identifies the key length in bits, in SHA256, '256' identifies the digest length, '128' in SHAKE128 identifies its maximum security level in bits, and 'SHA2-128s' identifies a parameter set used in SLH-DSA (FIPS205)." + }, + "curve": { + "type": "string", + "title": "Elliptic Curve", + "description": "The specific underlying Elliptic Curve (EC) definition employed which is an indicator of the level of security strength, performance and complexity. Absent an authoritative source of curve names, CycloneDX recommends using curve names as defined at [https://neuromancer.sk/std/](https://neuromancer.sk/std/), the source of which can be found at [https://github.com/J08nY/std-curves](https://github.com/J08nY/std-curves)." + }, + "executionEnvironment": { + "type": "string", + "title": "Execution Environment", + "description": "The target and execution environment in which the algorithm is implemented in.", + "enum": [ + "software-plain-ram", + "software-encrypted-ram", + "software-tee", + "hardware", + "other", + "unknown" + ], + "meta:enum": { + "software-plain-ram": "A software implementation running in plain unencrypted RAM.", + "software-encrypted-ram": "A software implementation running in encrypted RAM.", + "software-tee": "A software implementation running in a trusted execution environment.", + "hardware": "A hardware implementation.", + "other": "Another implementation environment.", + "unknown": "The execution environment is not known." + } + }, + "implementationPlatform": { + "type": "string", + "title": "Implementation platform", + "description": "The target platform for which the algorithm is implemented. The implementation can be 'generic', running on any platform or for a specific platform.", + "enum": [ + "generic", + "x86_32", + "x86_64", + "armv7-a", + "armv7-m", + "armv8-a", + "armv8-m", + "armv9-a", + "armv9-m", + "s390x", + "ppc64", + "ppc64le", + "other", + "unknown" + ] + }, + "certificationLevel": { + "type": "array", + "title": "Certification Level", + "description": "The certification that the implementation of the cryptographic algorithm has received, if any. Certifications include revisions and levels of FIPS 140 or Common Criteria of different Extended Assurance Levels (CC-EAL).", + "items": { + "type": "string", + "enum": [ + "none", + "fips140-1-l1", + "fips140-1-l2", + "fips140-1-l3", + "fips140-1-l4", + "fips140-2-l1", + "fips140-2-l2", + "fips140-2-l3", + "fips140-2-l4", + "fips140-3-l1", + "fips140-3-l2", + "fips140-3-l3", + "fips140-3-l4", + "cc-eal1", + "cc-eal1+", + "cc-eal2", + "cc-eal2+", + "cc-eal3", + "cc-eal3+", + "cc-eal4", + "cc-eal4+", + "cc-eal5", + "cc-eal5+", + "cc-eal6", + "cc-eal6+", + "cc-eal7", + "cc-eal7+", + "other", + "unknown" + ], + "meta:enum": { + "none": "No certification obtained", + "fips140-1-l1": "FIPS 140-1 Level 1", + "fips140-1-l2": "FIPS 140-1 Level 2", + "fips140-1-l3": "FIPS 140-1 Level 3", + "fips140-1-l4": "FIPS 140-1 Level 4", + "fips140-2-l1": "FIPS 140-2 Level 1", + "fips140-2-l2": "FIPS 140-2 Level 2", + "fips140-2-l3": "FIPS 140-2 Level 3", + "fips140-2-l4": "FIPS 140-2 Level 4", + "fips140-3-l1": "FIPS 140-3 Level 1", + "fips140-3-l2": "FIPS 140-3 Level 2", + "fips140-3-l3": "FIPS 140-3 Level 3", + "fips140-3-l4": "FIPS 140-3 Level 4", + "cc-eal1": "Common Criteria - Evaluation Assurance Level 1", + "cc-eal1+": "Common Criteria - Evaluation Assurance Level 1 (Augmented)", + "cc-eal2": "Common Criteria - Evaluation Assurance Level 2", + "cc-eal2+": "Common Criteria - Evaluation Assurance Level 2 (Augmented)", + "cc-eal3": "Common Criteria - Evaluation Assurance Level 3", + "cc-eal3+": "Common Criteria - Evaluation Assurance Level 3 (Augmented)", + "cc-eal4": "Common Criteria - Evaluation Assurance Level 4", + "cc-eal4+": "Common Criteria - Evaluation Assurance Level 4 (Augmented)", + "cc-eal5": "Common Criteria - Evaluation Assurance Level 5", + "cc-eal5+": "Common Criteria - Evaluation Assurance Level 5 (Augmented)", + "cc-eal6": "Common Criteria - Evaluation Assurance Level 6", + "cc-eal6+": "Common Criteria - Evaluation Assurance Level 6 (Augmented)", + "cc-eal7": "Common Criteria - Evaluation Assurance Level 7", + "cc-eal7+": "Common Criteria - Evaluation Assurance Level 7 (Augmented)", + "other": "Another certification", + "unknown": "The certification level is not known" + } + } + }, + "mode": { + "type": "string", + "title": "Mode", + "description": "The mode of operation in which the cryptographic algorithm (block cipher) is used.", + "enum": [ + "cbc", + "ecb", + "ccm", + "gcm", + "cfb", + "ofb", + "ctr", + "other", + "unknown" + ], + "meta:enum": { + "cbc": "Cipher block chaining", + "ecb": "Electronic codebook", + "ccm": "Counter with cipher block chaining message authentication code", + "gcm": "Galois/counter", + "cfb": "Cipher feedback", + "ofb": "Output feedback", + "ctr": "Counter", + "other": "Another mode of operation", + "unknown": "The mode of operation is not known" + } + }, + "padding": { + "type": "string", + "title": "Padding", + "description": "The padding scheme that is used for the cryptographic algorithm.", + "enum": [ + "pkcs5", + "pkcs7", + "pkcs1v15", + "oaep", + "raw", + "other", + "unknown" + ], + "meta:enum": { + "pkcs5": "Public Key Cryptography Standard: Password-Based Cryptography", + "pkcs7": "Public Key Cryptography Standard: Cryptographic Message Syntax", + "pkcs1v15": "Public Key Cryptography Standard: RSA Cryptography v1.5", + "oaep": "Optimal asymmetric encryption padding", + "raw": "Raw", + "other": "Another padding scheme", + "unknown": "The padding scheme is not known" + } + }, + "cryptoFunctions": { + "type": "array", + "title": "Cryptographic functions", + "description": "The cryptographic functions implemented by the cryptographic algorithm.", + "items": { + "type": "string", + "enum": [ + "generate", + "keygen", + "encrypt", + "decrypt", + "digest", + "tag", + "keyderive", + "sign", + "verify", + "encapsulate", + "decapsulate", + "other", + "unknown" + ] + } + }, + "classicalSecurityLevel": { + "type": "integer", + "title": "classical security level", + "description": "The classical security level that a cryptographic algorithm provides (in bits).", + "minimum": 0 + }, + "nistQuantumSecurityLevel": { + "type": "integer", + "title": "NIST security strength category", + "description": "The NIST security strength category as defined in https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria). A value of 0 indicates that none of the categories are met.", + "minimum": 0, + "maximum": 6 + } + } + }, + "certificateProperties": { + "type": "object", + "title": "Certificate Properties", + "description": "Properties for cryptographic assets of asset type 'certificate'", + "additionalProperties": false, + "properties": { + "subjectName": { + "type": "string", + "title": "Subject Name", + "description": "The subject name for the certificate" + }, + "issuerName": { + "type": "string", + "title": "Issuer Name", + "description": "The issuer name for the certificate" + }, + "notValidBefore": { + "type": "string", + "format": "date-time", + "title": "Not Valid Before", + "description": "The date and time according to ISO-8601 standard from which the certificate is valid" + }, + "notValidAfter": { + "type": "string", + "format": "date-time", + "title": "Not Valid After", + "description": "The date and time according to ISO-8601 standard from which the certificate is not valid anymore" + }, + "signatureAlgorithmRef": { + "$ref": "#/definitions/refType", + "title": "Algorithm Reference", + "description": "The bom-ref to signature algorithm used by the certificate" + }, + "subjectPublicKeyRef": { + "$ref": "#/definitions/refType", + "title": "Key reference", + "description": "The bom-ref to the public key of the subject" + }, + "certificateFormat": { + "type": "string", + "title": "Certificate Format", + "description": "The format of the certificate", + "examples": [ + "X.509", + "PEM", + "DER", + "CVC" + ] + }, + "certificateExtension": { + "type": "string", + "title": "Certificate File Extension", + "description": "The file extension of the certificate", + "examples": [ + "crt", + "pem", + "cer", + "der", + "p12" + ] + } + } + }, + "relatedCryptoMaterialProperties": { + "type": "object", + "title": "Related Cryptographic Material Properties", + "description": "Properties for cryptographic assets of asset type: `related-crypto-material`", + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "title": "relatedCryptoMaterialType", + "description": "The type for the related cryptographic material", + "enum": [ + "private-key", + "public-key", + "secret-key", + "key", + "ciphertext", + "signature", + "digest", + "initialization-vector", + "nonce", + "seed", + "salt", + "shared-secret", + "tag", + "additional-data", + "password", + "credential", + "token", + "other", + "unknown" + ], + "meta:enum": { + "private-key": "The confidential key of a key pair used in asymmetric cryptography.", + "public-key": "The non-confidential key of a key pair used in asymmetric cryptography.", + "secret-key": "A key used to encrypt and decrypt messages in symmetric cryptography.", + "key": "A piece of information, usually an octet string, which, when processed through a cryptographic algorithm, processes cryptographic data.", + "ciphertext": "The result of encryption performed on plaintext using an algorithm (or cipher).", + "signature": "A cryptographic value that is calculated from the data and a key known only by the signer.", + "digest": "The output of the hash function.", + "initialization-vector": "A fixed-size random or pseudo-random value used as an input parameter for cryptographic algorithms.", + "nonce": "A random or pseudo-random number that can only be used once in a cryptographic communication.", + "seed": "The input to a pseudo-random number generator. Different seeds generate different pseudo-random sequences.", + "salt": "A value used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an attacker.", + "shared-secret": "A piece of data known only to the parties involved, in a secure communication.", + "tag": "A message authentication code (MAC), sometimes known as an authentication tag, is a short piece of information used for authenticating and integrity-checking a message.", + "additional-data": "An unspecified collection of data with relevance to cryptographic activity.", + "password": "A secret word, phrase, or sequence of characters used during authentication or authorization.", + "credential": "Establishes the identity of a party to communication, usually in the form of cryptographic keys or passwords.", + "token": "An object encapsulating a security identity.", + "other": "Another type of cryptographic asset.", + "unknown": "The type of cryptographic asset is not known." + } + }, + "id": { + "type": "string", + "title": "ID", + "description": "The optional unique identifier for the related cryptographic material." + }, + "state": { + "type": "string", + "title": "State", + "description": "The key state as defined by NIST SP 800-57.", + "enum": [ + "pre-activation", + "active", + "suspended", + "deactivated", + "compromised", + "destroyed" + ] + }, + "algorithmRef": { + "$ref": "#/definitions/refType", + "title": "Algorithm Reference", + "description": "The bom-ref to the algorithm used to generate the related cryptographic material." + }, + "creationDate": { + "type": "string", + "format": "date-time", + "title": "Creation Date", + "description": "The date and time (timestamp) when the related cryptographic material was created." + }, + "activationDate": { + "type": "string", + "format": "date-time", + "title": "Activation Date", + "description": "The date and time (timestamp) when the related cryptographic material was activated." + }, + "updateDate": { + "type": "string", + "format": "date-time", + "title": "Update Date", + "description": "The date and time (timestamp) when the related cryptographic material was updated." + }, + "expirationDate": { + "type": "string", + "format": "date-time", + "title": "Expiration Date", + "description": "The date and time (timestamp) when the related cryptographic material expires." + }, + "value": { + "type": "string", + "title": "Value", + "description": "The associated value of the cryptographic material." + }, + "size": { + "type": "integer", + "title": "Size", + "description": "The size of the cryptographic asset (in bits)." + }, + "format": { + "type": "string", + "title": "Format", + "description": "The format of the related cryptographic material (e.g. P8, PEM, DER)." + }, + "securedBy": { + "$ref": "#/definitions/securedBy", + "title": "Secured By", + "description": "The mechanism by which the cryptographic asset is secured by." + } + } + }, + "protocolProperties": { + "type": "object", + "title": "Protocol Properties", + "description": "Properties specific to cryptographic assets of type: `protocol`.", + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "title": "Type", + "description": "The concrete protocol type.", + "enum": [ + "tls", + "ssh", + "ipsec", + "ike", + "sstp", + "wpa", + "other", + "unknown" + ], + "meta:enum": { + "tls": "Transport Layer Security", + "ssh": "Secure Shell", + "ipsec": "Internet Protocol Security", + "ike": "Internet Key Exchange", + "sstp": "Secure Socket Tunneling Protocol", + "wpa": "Wi-Fi Protected Access", + "other": "Another protocol type", + "unknown": "The protocol type is not known" + } + }, + "version": { + "type": "string", + "title": "Protocol Version", + "description": "The version of the protocol.", + "examples": [ + "1.0", + "1.2", + "1.99" + ] + }, + "cipherSuites": { + "type": "array", + "title": "Cipher Suites", + "description": "A list of cipher suites related to the protocol.", + "items": { + "$ref": "#/definitions/cipherSuite", + "title": "Cipher Suite" + } + }, + "ikev2TransformTypes": { + "type": "object", + "title": "IKEv2 Transform Types", + "description": "The IKEv2 transform types supported (types 1-4), defined in [RFC 7296 section 3.3.2](https://www.ietf.org/rfc/rfc7296.html#section-3.3.2), and additional properties.", + "additionalProperties": false, + "properties": { + "encr": { + "$ref": "#/definitions/cryptoRefArray", + "title": "Encryption Algorithm (ENCR)", + "description": "Transform Type 1: encryption algorithms" + }, + "prf": { + "$ref": "#/definitions/cryptoRefArray", + "title": "Pseudorandom Function (PRF)", + "description": "Transform Type 2: pseudorandom functions" + }, + "integ": { + "$ref": "#/definitions/cryptoRefArray", + "title": "Integrity Algorithm (INTEG)", + "description": "Transform Type 3: integrity algorithms" + }, + "ke": { + "$ref": "#/definitions/cryptoRefArray", + "title": "Key Exchange Method (KE)", + "description": "Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H)." + }, + "esn": { + "type": "boolean", + "title": "Extended Sequence Numbers (ESN)", + "description": "Specifies if an Extended Sequence Number (ESN) is used." + }, + "auth": { + "$ref": "#/definitions/cryptoRefArray", + "title": "IKEv2 Authentication method", + "description": "IKEv2 Authentication method" + } + } + }, + "cryptoRefArray": { + "$ref": "#/definitions/cryptoRefArray", + "title": "Cryptographic References", + "description": "A list of protocol-related cryptographic assets" + } + } + }, + "oid": { + "type": "string", + "title": "OID", + "description": "The object identifier (OID) of the cryptographic asset." + } + } + }, + "cipherSuite": { + "type": "object", + "title": "Cipher Suite", + "description": "Object representing a cipher suite", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Common Name", + "description": "A common name for the cipher suite.", + "examples": [ + "TLS_DHE_RSA_WITH_AES_128_CCM" + ] + }, + "algorithms": { + "type": "array", + "title": "Related Algorithms", + "description": "A list of algorithms related to the cipher suite.", + "items": { + "$ref": "#/definitions/refType", + "title": "Algorithm reference", + "description": "The bom-ref to algorithm cryptographic asset." + } + }, + "identifiers": { + "type": "array", + "title": "Cipher Suite Identifiers", + "description": "A list of common identifiers for the cipher suite.", + "items": { + "type": "string", + "title": "identifier", + "description": "Cipher suite identifier", + "examples": [ + "0xC0", + "0x9E" + ] + } + } + } + }, + "cryptoRefArray" : { + "type": "array", + "items": { + "$ref": "#/definitions/refType" + } + }, + "securedBy": { + "type": "object", + "title": "Secured By", + "description": "Specifies the mechanism by which the cryptographic asset is secured by", + "additionalProperties": false, + "properties": { + "mechanism": { + "type": "string", + "title": "Mechanism", + "description": "Specifies the mechanism by which the cryptographic asset is secured by.", + "examples": [ + "HSM", + "TPM", + "SGX", + "Software", + "None" + ] + }, + "algorithmRef": { + "$ref": "#/definitions/refType", + "title": "Algorithm Reference", + "description": "The bom-ref to the algorithm." + } + } + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "title": "Tags", + "description": "Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes.", + "examples": [ + "json-parser", + "object-persistence", + "text-to-image", + "translation", + "object-detection" + ] + } + } +} diff --git a/src/main/resources/bom-1.6.xsd b/src/main/resources/bom-1.6.xsd new file mode 100644 index 0000000000..cee94c8ac1 --- /dev/null +++ b/src/main/resources/bom-1.6.xsd @@ -0,0 +1,8432 @@ + + + + + + + + + CycloneDX Bill of Materials Standard + https://cyclonedx.org/ + Apache License, Version 2.0 + + + + + + Identifier for referable and therefore interlink-able elements. + + + + + + + + + + Descriptor for an element identified by the attribute "bom-ref" in the same BOM document. + In contrast to `bomLinkElementType`. + + + + + + + + + + + + + + + + + =2.0.0|<5.0.0" + - "vers:pypi/0.0.0|0.0.1|0.0.2|0.0.3|1.0|2.0pre1" + - "vers:tomee/>=1.0.0-beta1|<=1.7.5|>=7.0.0-M1|<=7.0.7|>=7.1.0|<=7.1.2|>=8.0.0-M1|<=8.0.1" + - "vers:gem/>=2.2.0|!= 2.2.1|<2.3.0" + ]]> + + + + + + + + + + + + Descriptor for another BOM document. + See https://cyclonedx.org/capabilities/bomlink/ + + + + + + + + + + + Descriptor for an element in another BOM document. + See https://cyclonedx.org/capabilities/bomlink/ + + + + + + + + + + + + + + + + The date and time (timestamp) when the BOM was created. + + + + + + Lifecycles communicate the stage(s) in which data in the BOM was captured. Different types of data may be available at various phases of a lifecycle, such as the Software Development Lifecycle (SDLC), IT Asset Management (ITAM), and Software Asset Management (SAM). Thus, a BOM may include data specific to or only obtainable in a given lifecycle. + + + + + + + + + + + + A pre-defined phase in the product lifecycle. + + + + + + + + + The name of the lifecycle phase + + + + + + + The description of the lifecycle phase + + + + + + + + + + + + + The tool(s) used in the creation of the BOM. + + + + + + + DEPRECATED. Use tools\components or tools\services instead. + + + + + + + A list of software and hardware components used as tools. + + + + + A list of services used as tools. + + + + + + + + + + The person(s) who created the BOM. + Authors are common in BOMs created through manual processes. BOMs created through automated means may have './manufacturer' instead. + + + + + + + + + + + The component that the BOM describes. + + + + + + The organization that created the BOM. + Manufacturer is common in BOMs created through automated processes. BOMs created through manual means may have './authors' instead. + + + + + + + DEPRECATED - DO NOT USE. This will be removed in a future version. Use the `./component/manufacturer` instead. + The organization that manufactured the component that the BOM describes. + + + + + + The organization that supplied the component that the BOM describes. The + supplier may often be the manufacturer, but may also be a distributor or repackager. + + + + + + The license information for the BOM document. + This may be different from the license(s) of the component(s) that the BOM describes. + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + BOM produced early in the development lifecycle containing inventory of components and services + that are proposed or planned to be used. The inventory may need to be procured, retrieved, + or resourced prior to use. + + + + + + + BOM consisting of information obtained prior to a build process and may contain source files + and development artifacts and manifests. The inventory may need to be resolved and retrieved + prior to use. + + + + + + + BOM consisting of information obtained during a build process where component inventory is + available for use. The precise versions of resolved components are usually available at this + time as well as the provenance of where the components were retrieved from. + + + + + + + BOM consisting of information obtained after a build process has completed and the resulting + components(s) are available for further analysis. Built components may exist as the result of a + CI/CD process, may have been installed or deployed to a system or device, and may need to be + retrieved or extracted from the system or device. + + + + + + + BOM produced that represents inventory that is running and operational. This may include staging + or production environments and will generally encompass multiple SBOMs describing the applications + and operating system, along with HBOMs describing the hardware that makes up the system. Operations + Bill of Materials (OBOM) can provide full-stack inventory of runtime environments, configurations, + and additional dependencies. + + + + + + + BOM consisting of information observed through network discovery providing point-in-time + enumeration of embedded, on-premise, and cloud-native services such as server applications, + connected devices, microservices, and serverless functions. + + + + + + + BOM containing inventory that will be, or has been retired from operations. + + + + + + + + + + + The name of the organization + + + + + The physical address (location) of the organization. + + + + + + The URL of the organization. Multiple URLs are allowed. + Example: https://example.com + + + + + + A contact person at the organization. Multiple contacts are allowed. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the object elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Information about the automated or manual tool used + + + + + The name of the vendor who created the tool + + + + + The name of the tool + + + + + The version of the tool + + + + + + + + + + + + Provides the ability to document external references related to the tool. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The name of the contact + + + + + The email address of the contact. + + + + + The phone number of the contact. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the object elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The organization that supplied the component. The supplier may often + be the manufacturer, but may also be a distributor or repackager. + + + + + + The organization that created the component. + Manufacturer is common in components created through automated processes. Components created through manual means may have './authors' instead. + + + + + + + The person(s) who created the component. + Authors are common in components created through manual processes. Components created through automated means may have `./manufacturer` instead. + + + + + + + + + + + + DEPRECATED - DO NOT USE. This will be removed in a future version. Use `./authors` or `./manufacturer` instead. + The person(s) or organization(s) that authored the component. + + + + + + The person(s) or organization(s) that published the component + + + + + The grouping name or identifier. This will often be a shortened, single + name of the company or project that produced the component, or the source package or + domain name. Whitespace and special characters should be avoided. Examples include: + apache, org.apache.commons, and apache.org. + + + + + The name of the component. This will often be a shortened, single name + of the component. Examples: commons-lang3 and jquery + + + + + The component version. The version should ideally comply with semantic versioning + but is not enforced. + + + + + Specifies a description for the component + + + + + Specifies the scope of the component. If scope is not specified, 'required' + scope SHOULD be assumed by the consumer of the BOM. + + + + + The hashes of the component. + + + + + + + + + + + A copyright notice informing users of the underlying claims to copyright ownership in a published work. + + + + + + Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See https://nvd.nist.gov/products/cpe + + + + + + + Specifies the package-url (purl). The purl, if specified, must be valid and conform + to the specification defined at: https://github.com/package-url/purl-spec + + + + + + + Specifies the OmniBOR Artifact ID. The OmniBOR, if specified, must be valid and conform + to the specification defined at: https://www.iana.org/assignments/uri-schemes/prov/gitoid + + + + + + + Specifies the Software Heritage persistent identifier (SWHID). The SWHID, if specified, must + be valid and conform to the specification defined at: + https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html + + + + + + + Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. + + + + + + + DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree + element instead to supply information on exactly how the component was modified. + A boolean value indicating if the component has been modified from the original. + A value of true indicates the component is a derivative of the original. + A value of false indicates the component has not been modified from the original. + + + + + + + Component pedigree is a way to document complex supply chain scenarios where components are + created, distributed, modified, redistributed, combined with other components, etc. + + + + + + Provides the ability to document external references related to the + component or to the project the component describes. + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + A list of software and hardware components included in the parent component. This is not a + dependency tree. It provides a way to specify a hierarchical representation of component + assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Provides the ability to document evidence collected through various forms of extraction or analysis. + + + + + Specifies optional release notes. + + + + + A model card describes the intended uses of a machine learning model and potential + limitations, including biases and ethical considerations. Model cards typically contain the + training parameters, which datasets were used to train the model, performance metrics, and other + relevant data useful for ML transparency. This object SHOULD be specified for any component of + type `machine-learning-model` and must not be specified for other component types. + + + + + This object SHOULD be specified for any component of type `data` and must not be + specified for other component types. + + + + + + Cryptographic assets have properties that uniquely define them and that make them actionable + for further reasoning. As an example, it makes a difference if one knows the algorithm family + (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the + security level and the algorithm primitive (authenticated encryption) is only defined by the + definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 + vs. HMAC-SHA1 also makes a difference. + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + Specifies the type of component. For software components, classify as application if no more + specific appropriate classification is available or cannot be determined for the component. + + + + + + + The optional mime-type of the component. When used on file components, the mime-type + can provide additional context about the kind of file being represented such as an image, + font, or executable. Some library or framework components may also have an associated mime-type. + + + + + + + An optional identifier which can be used to reference the component elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies the details and attributes related to a software license. + It can either include a valid SPDX license identifier or a named license, along with additional + properties such as license acknowledgment, comprehensive commercial licensing information, and + the full text of the license. + + + + + + A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX license identifiers defined in the spdx.schema.json (or spdx.xml) subschema which is synchronized with the official SPDX license list. + + + + + The name of the license. This may include the name of a commercial or proprietary license or an open source license that may not be defined by SPDX. + + + + + + Specifies the optional full text of the attachment + + + + + The URL to the attachment file. If the attachment is a license or BOM, + an externalReference should also be specified for completeness. + + + + + Licensing details describing the licensor/licensee, license type, renewal and + expiration dates, and other important metadata + + + + + + License identifiers that may be used to manage licenses and + their lifecycle + + + + + + + + + + The individual or organization that grants a license to another + individual or organization + + + + + + + The organization that granted the license + + + + + The individual, not associated with an organization, + that granted the license + + + + + + + + + The individual or organization for which a license was granted to + + + + + + + The organization that was granted the license + + + + + The individual, not associated with an organization, + that was granted the license + + + + + + + + + The individual or organization that purchased the license + + + + + + + The organization that purchased the license + + + + + The individual, not associated with an organization, + that purchased the license + + + + + + + + + The purchase order identifier the purchaser sent to a supplier or + vendor to authorize a purchase + + + + + The type of license(s) that was granted to the licensee + + + + + + + + + + The timestamp indicating when the license was last + renewed. For new purchases, this is often the purchase or acquisition date. + For non-perpetual licenses or subscriptions, this is the timestamp of when the + license was last renewed. + + + + + The timestamp indicating when the current license + expires (if applicable). + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the license elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + + Declared licenses and concluded licenses represent two different stages in the + licensing process within software development. Declared licenses refer to the + initial intention of the software authors regarding the licensing terms under + which their code is released. On the other hand, concluded licenses are the + result of a comprehensive analysis of the project's codebase to identify and + confirm the actual licenses of the components used, which may differ from the + initially declared licenses. While declared licenses provide an upfront indication + of the licensing intentions, concluded licenses offer a more thorough understanding + of the actual licensing within a project, facilitating proper compliance and risk + management. Observed licenses are defined in `evidence.licenses`. Observed licenses + form the evidence necessary to substantiate a concluded license. + + + + + + + + + + The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text. + + + + + Specifies the format and nature of the data being attached, helping systems correctly + interpret and process the content. Common content type examples include `application/json` + for JSON data and `text/plain` for plan text documents. + RFC 2045 section 5.1 outlines the structure and use of content types. For a comprehensive + list of registered content types, refer to the IANA media types registry at + https://www.iana.org/assignments/media-types/media-types.xhtml. + + + + + + + Specifies the optional encoding the text is represented in + + + + + + + + + + Specifies the file hash of the component + + + + + + Specifies the algorithm used to create the hash + + + + + + + + + + + The component is required for runtime + + + + + The component is optional at runtime. Optional components are components that + are not capable of being called due to them not be installed or otherwise accessible by any means. + Components that are installed but due to configuration or other restrictions are prohibited from + being called must be scoped as 'required'. + + + + + Components that are excluded provide the ability to document component usage + for test and other non-runtime purposes. Excluded components are not reachable within a call + graph at runtime. + + + + + + + + + + A software application. Refer to https://en.wikipedia.org/wiki/Application_software + for information about applications. + + + + + A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework + for information on how frameworks vary slightly from libraries. + + + + + A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) + for information about libraries. All third-party and open source reusable components will likely + be a library. If the library also has key features of a framework, then it should be classified + as a framework. If not, or is unknown, then specifying library is recommended. + + + + + A packaging and/or runtime format, not specific to any particular technology, + which isolates software inside the container from software outside of a container through + virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization + + + + + A runtime environment which interprets or executes software. This may include + runtimes such as those that execute bytecode or low-code/no-code application platforms. + + + + + A software operating system without regard to deployment model + (i.e. installed on physical hardware, virtual machine, image, etc) Refer to + https://en.wikipedia.org/wiki/Operating_system + + + + + A hardware device such as a processor, or chip-set. A hardware device + containing firmware SHOULD include a component for the physical hardware itself, and another + component of type 'firmware' or 'operating-system' (whichever is relevant), describing + information about the software running on the device. + See also the list of known device properties: https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md + + + + + + A special type of software that operates or controls a particular type of device. + Refer to https://en.wikipedia.org/wiki/Device_driver + + + + + A special type of software that provides low-level control over a devices + hardware. Refer to https://en.wikipedia.org/wiki/Firmware + + + + + A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file + for information about files. + + + + + A model based on training data that can make predictions or decisions without + being explicitly programmed to do so. + + + + + A collection of discrete values that convey information. + + + + + A cryptographic asset including algorithms, protocols, certificates, keys, tokens, and secrets. + + + + + + + + + + + + + + + + + + + + + + + + + + + A license that grants use of software solely for the purpose + of education or research. + + + + + A license covering use of software embedded in a specific + piece of hardware. + + + + + A Client Access License (CAL) allows client computers to access + services provided by server software. + + + + + A Concurrent User license (aka floating license) limits the + number of licenses for a software application and licenses are shared among + a larger number of users. + + + + + A license where the core of a computer's processor is assigned + a specific number of points. + + + + + A license for which consumption is measured by non-standard + metrics. + + + + + A license that covers a defined number of installations on + computers and other types of devices. + + + + + A license that grants permission to install and use software + for trial purposes. + + + + + A license that grants access to the software to one or more + pre-defined users. + + + + + A license that grants access to the software on one or more + pre-defined computers or devices. + + + + + An Original Equipment Manufacturer license that is delivered + with hardware, cannot be transferred to other hardware, and is valid for the + life of the hardware. + + + + + A license where the software is sold on a one-time basis and + the licensee can use a copy of the software indefinitely. + + + + + A license where each installation consumes points per + processor. + + + + + A license where the licensee pays a fee to use the software + or service. + + + + + A license that grants access to the software or service by a + specified number of users. + + + + + Another license type. + + + + + + + + + + + + + + + + + + + + + + + + + + + Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. + Refer to https://nvd.nist.gov/products/cpe for official specification. + + + + + + + + + + + + Specifies the full content of the SWID tag. + + + + + The URL to the SWID file. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Maps to the tagId of a SoftwareIdentity. + + + + + Maps to the name of a SoftwareIdentity. + + + + + Maps to the version of a SoftwareIdentity. + + + + + Maps to the tagVersion of a SoftwareIdentity. + + + + + Maps to the patch of a SoftwareIdentity. + + + + + + + + Defines a string representation of a UUID conforming to RFC 4122. + + + + + + + + + + + + Version Control System + + + + + Issue or defect tracking system, or an Application Lifecycle Management (ALM) system + + + + + Website + + + + + Security advisories + + + + + Bill-of-materials (SBOM, OBOM, HBOM, SaaSBOM, etc) + + + + + Mailing list or discussion group + + + + + Social media account + + + + + Real-time chat platform + + + + + Documentation, guides, or how-to instructions + + + + + Community or commercial support + + + + + The location where the source code distributable can be obtained. This is often an archive format such as zip or tgz. The source-distribution type complements use of the version control (vcs) type. + + + + + Direct or repository download location + + + + + The location where a component was published to. This is often the same as "distribution" but may also include specialized publishing processes that act as an intermediary + + + + + + The URL to the license file. If a license URL has been defined in the license + node, it should also be defined as an external reference for completeness. + Example: https://www.apache.org/licenses/LICENSE-2.0.txt + + + + + + Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) + + + + + URL to an automated build system + + + + + URL to release notes + + + + + Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501) that specifies the records containing DNS Security TXT. + + + + + A model card describes the intended uses of a machine learning model, potential + limitations, biases, ethical considerations, training parameters, datasets used to train the + model, performance metrics, and other relevant data useful for ML transparency. + + + + + A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations. + + + + + Parameters or settings that may be used by other components or services. + + + + + Information used to substantiate a claim. + + + + + Describes how a component or service was manufactured or deployed. + + + + + Human or machine-readable statements containing facts, evidence, or testimony + + + + + An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format + + + + + The defined assumptions, goals, and capabilities of an adversary. + + + + + Identifies and analyzes the potential of future events that may negatively impact individuals, assets, and/or the environment. Risk assessments may also include judgments on the tolerability of each risk. + + + + + A Vulnerability Disclosure Report (VDR) which asserts the known and previously unknown vulnerabilities that affect a component, service, or product including the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on a component, service, or product. + + + + + A Vulnerability Exploitability eXchange (VEX) which asserts the known vulnerabilities that do not affect a product, product family, or organization, and optionally the ones that do. The VEX should include the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on the product, product family, or organization. + + + + + Results from an authorized simulated cyberattack on a component or service, otherwise known as a penetration test + + + + + SARIF or proprietary machine or human-readable report for which static analysis has identified code quality, security, and other potential issues with the source code + + + + + Dynamic analysis report that has identified issues such as vulnerabilities and misconfigurations + + + + + Report generated by analyzing the call stack of a running application + + + + + Report generated by Software Composition Analysis (SCA), container analysis, or other forms of component analysis + + + + + Report containing a formal assessment of an organization, business unit, or team against a maturity model + + + + + Industry, regulatory, or other certification from an accredited (if applicable) certification body + + + + + Report or system in which quality metrics can be obtained + + + + + Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC) + + + + + Plans of Action and Milestones (POA&M) complement an "attestation" external reference. POA&M is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones". + + + + + An e-signature is commonly a scanned representation of a written signature or a stylized script of the persons name. + + + + + A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification. + + + + + Document that complies with RFC-9116 (A File Format to Aid in Security Vulnerability Disclosure) + + + + + Use this if no other types accurately describe the purpose of the external reference + + + + + + + + + External references provide a way to document systems, sites, and information that may be + relevant, but are not included with the BOM. They may also establish specific relationships + within or external to the BOM. + + + + + + Zero or more external references can be defined + + + + + + + + + + The URI (URL or URN) to the external reference. External references + are URIs and therefore can accept any URL scheme including https, mailto, tel, and dns. + External references may also include formally registered URNs such as CycloneDX BOM-Link to + reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external + references into relationships that can be expressed in a BOM or across BOMs. Refer to: + https://cyclonedx.org/capabilities/bomlink/ + + + + + + + + An optional comment describing the external reference + + + + + + + + + + + + + Specifies the type of external reference. There are built-in types to describe common + references. If a type does not exist for the reference being referred to, use the "other" type. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Zero or more commits can be specified. + + + + + Specifies an individual commit. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + A unique identifier of the commit. This may be version control + specific. For example, Subversion uses revision numbers whereas git uses commit hashes. + + + + + + The URL to the commit. This URL will typically point to a commit + in a version control system. + + + + + + The author who created the changes in the commit + + + + + The person who committed or pushed the commit + + + + + The text description of the contents of the commit + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Zero or more patches can be specified. + + + + + Specifies an individual patch. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + The patch file (or diff) that show changes. + Refer to https://en.wikipedia.org/wiki/Diff + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Specifies the purpose for the patch including the resolution of defects, + security issues, or new behavior or functionality + + + + + + + + + A patch which is not developed by the creators or maintainers of the software + being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch + + + + + A patch which dynamically modifies runtime behavior. + Refer to https://en.wikipedia.org/wiki/Monkey_patch + + + + + A patch which takes code from a newer version of software and applies + it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting + + + + + A patch created by selectively applying commits from other versions or + branches of the same software. + + + + + + + + + + A fault, flaw, or bug in software + + + + + A new feature or behavior in software + + + + + A special type of defect which impacts security + + + + + + + + + + Specifies the optional text of the diff + + + + + Specifies the URL to the diff + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + An individual issue that has been resolved. + + + + + + The identifier of the issue assigned by the source of the issue + + + + + The name of the issue + + + + + A description of the issue + + + + + + + The source of the issue where it is documented. + + + + + + + The name of the source. For example "National Vulnerability Database", + "NVD", and "Apache" + + + + + + + The url of the issue documentation as provided by the source + + + + + + + + + + A collection of URL's for reference. Multiple URLs are allowed. + Example: "https://example.com" + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Specifies the type of issue + + + + + + + + + The timestamp in which the action occurred + + + + + The name of the individual who performed the action + + + + + The email address of the individual who performed the action + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + Component pedigree is a way to document complex supply chain scenarios where components are created, + distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing + this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to + document variants where the exact relation may not be known. + + + + + + Describes zero or more components in which a component is derived + from. This is commonly used to describe forks from existing projects where the forked version + contains a ancestor node containing the original component it was forked from. For example, + Component A is the original component. Component B is the component being used and documented + in the BOM. However, Component B contains a pedigree node with a single ancestor documenting + Component A - the original component from which Component B is derived from. + + + + + + Descendants are the exact opposite of ancestors. This provides a + way to document all forks (and their forks) of an original or root component. + + + + + + Variants describe relations where the relationship between the + components are not known. For example, if Component A contains nearly identical code to + Component B. They are both related, but it is unclear if one is derived from the other, + or if they share a common ancestor. + + + + + + A list of zero or more commits which provide a trail describing + how the component deviates from an ancestor, descendant, or variant. + + + + + A list of zero or more patches describing how the component + deviates from an ancestor, descendant, or variant. Patches may be complementary to commits + or may be used in place of commits. + + + + + Notes, observations, and other non-structured commentary + describing the components pedigree. + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + The component or service that is a dependency of this dependency object. + + + + + + The component or service that define a given specification or standard, which is provided or implemented by this dependency object. + For example, a cryptographic library which implements a cryptographic algorithm. A component which implements another component does not imply that the implementation is in use. + + + + + + References a component or service by its bom-ref attribute + + + + + + + + References a component or service by its bom-ref attribute + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + Defines the direct dependencies of a component or service. Components or services + that do not have their own dependencies must be declared as empty elements within the graph. + Components or services that are not represented in the dependency graph may have unknown + dependencies. It is recommended that implementations assume this to be opaque and not an + indicator of a object being dependency-free. It is recommended to leverage compositions to + indicate unknown dependency graphs. + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The organization that provides the service. + + + + + The grouping name, namespace, or identifier. This will often be a shortened, + single name of the company or project that produced the service or domain name. + Whitespace and special characters should be avoided. + + + + + The name of the service. This will often be a shortened, single name + of the service. + + + + + The service version. + + + + + Specifies a description for the service. + + + + + + The endpoint URIs of the service. Multiple endpoints are allowed. + Example: "https://example.com/api/v1/ticker" + + + + + + + A service endpoint URI. + + + + + + + + A boolean value indicating if the service requires authentication. + A value of true indicates the service requires authentication prior to use. + A value of false indicates the service does not require authentication. + + + + + A boolean value indicating if use of the service crosses a trust zone or boundary. + A value of true indicates that by using the service, a trust boundary is crossed. + A value of false indicates that by using the service, a trust boundary is not crossed. + + + + + The name of the trust zone the service resides in. + + + + + Specifies information about the data including the directional flow of data and the data classification. + + + + + + + DEPRECATED: Specifies the data classification. THIS FIELD IS DEPRECATED AS OF v1.5. Use dataflow\classification instead + + + + + + Specifies the data classification. + + + + + + Specifies the data classification. + + + + + + The URI, URL, or BOM-Link of the components or services the data came in from. + + + + + + + + + + + + + + The URI, URL, or BOM-Link of the components or services the data is sent to. + + + + + + + + + + + + + + + + Name for the defined data. + + + + + + + Short description of the data content and usage. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Provides the ability to document external references related to the service. + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + A list of services included or deployed behind the parent service. This is not a dependency + tree. It provides a way to specify a hierarchical representation of service assemblies. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Specifies optional release notes. + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the service elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies the data classification. + + + + + + Specifies the flow direction of the data. + + + + + + + + + Specifies the flow direction of the data. Valid values are: + inbound, outbound, bi-directional, and unknown. Direction is relative to the service. + Inbound flow states that data enters the service. Outbound flow states that data + leaves the service. Bi-directional states that data flows both ways, and unknown + states that the direction is not known. + + + + + + Data that enters a service. + + + + + + Data that exits a service. + + + + + Data flows in and out of the service. + + + + + The directional flow of data is not known. + + + + + + + + + + + A valid SPDX license expression. + Refer to https://spdx.org/specifications for syntax requirements + + Example values: + - Apache-2.0 AND (MIT OR GPL-2.0-only) + - GPL-3.0-only WITH Classpath-exception-2.0 + + + + + + + + + An optional identifier which can be used to reference the license elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + + Declared licenses and concluded licenses represent two different stages in the + licensing process within software development. Declared licenses refer to the + initial intention of the software authors regarding the licensing terms under + which their code is released. On the other hand, concluded licenses are the + result of a comprehensive analysis of the project's codebase to identify and + confirm the actual licenses of the components used, which may differ from the + initially declared licenses. While declared licenses provide an upfront indication + of the licensing intentions, concluded licenses offer a more thorough understanding + of the actual licensing within a project, facilitating proper compliance and risk + management. Observed licenses are defined in `evidence.licenses`. Observed licenses + form the evidence necessary to substantiate a concluded license. + + + + + + + + + + + + + + + + Declared licenses represent the initial intentions of authors regarding + the licensing terms of their code. + + + + + + + Concluded licenses are verified and confirmed. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Examines the source code without executing it. + + + + + + + Examines a compiled binary through reverse engineering, typically via disassembly or bytecode reversal. + + + + + + + Examines a package management system such as those used for building software or installing software. + + + + + + + Examines the Abstract Syntax Tree (AST) of source code or a compiled binary. + + + + + + + Evaluates the cryptographic hash of a component against a set of pre-computed hashes of identified software. + + + + + + + Examines the call stack of running applications by intercepting and monitoring application logic without the need to modify the application. + + + + + + + Evaluates a running application. + + + + + + + Evaluates file name of a component against a set of known file names of identified software. + + + + + + + A testimony to the accuracy of the identify of a component made by an individual or entity. + + + + + + + Any other technique. + + + + + + + + + + + Evidence that substantiates the identity of a component. The identify may be an + object or an array of identity objects. Support for specifying identity as a single object was + introduced in CycloneDX v1.5. "unbounded" was introduced in v1.6. It is recommended that all + implementations are aware of "unbounded". + + + + + + The identity field of the component which the evidence describes. + + + + + The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence. + + + + + The value of the field (cpe, purl, etc) that has been concluded based on the aggregate of all methods (if available). + + + + + The methods used to extract and/or analyze the evidence. + + + + + + + + + The technique used in this method of analysis. + + + + + The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is specific to the technique used. Each technique of analysis can have independent confidence. + + + + + The value or contents of the evidence. + + + + + + + + + + + + The object in the BOM identified by its bom-ref. This is often a component or service, + but may be any object type supporting bom-refs. Tools used for analysis should already + be defined in the BOM, either in the metadata/tools, components, or formulation. + + + + + + + + + + + + + + Evidence of individual instances of a component spread across multiple locations. + + + + + + + + + The location or path to where the component was found. + + + + + The line number where the component was found. + + + + + The offset where the component was found. + + + + + The symbol name that was found associated with the component. + + + + + Any additional context of the detected component (e.g. a code snippet). + + + + + + + + An optional identifier which can be used to reference the occurrence elsewhere + in the BOM. Every bom-ref must be unique within the BOM. + + + + + + + + + + + Evidence of the components use through the callstack. + + + + + + + + + + Within a call stack, a frame is a discrete unit that encapsulates an execution context, including local variables, parameters, and the return address. As function calls are made, frames are pushed onto the stack, forming an array-like structure that orchestrates the flow of program execution and manages the sequence of function invocations. + + + + + + + A package organizes modules into namespaces, providing a unique namespace for each type it contains. + + + + + A module or class that encloses functions/methods and other code. + + + + + A block of code designed to perform a particular task. + + + + + Optional arguments that are passed to the module or function. + + + + + + + + + + The line number the code that is called resides on. + + + + + The column the code that is called resides. + + + + + The full path and filename of the module. + + + + + + + + + + + + The object in the BOM identified by its bom-ref. This is often a component or service, + but may be any object type supporting bom-refs. Tools used for analysis should already + be defined in the BOM, either in the metadata/tools, components, or formulation. + + + + + + + + + + + + + + + + opyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection. + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + Specifies an aggregate type that describe how complete a relationship is. + + + + + + The bom-ref identifiers of the components or services being described. Assemblies refer to + nested relationships whereby a constituent part may include other constituent parts. References + do not cascade to child parts. References are explicit for the specified constituent part only. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + The bom-ref identifiers of the components or services being described. Dependencies refer to a + relationship whereby an independent constituent part requires another independent constituent + part. References do not cascade to transitive dependencies. References are explicit for the + specified dependency only. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + The bom-ref identifiers of the vulnerabilities being described. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + An optional identifier which can be used to reference the composition elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + + + + + The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist. + + + + + The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. + + + + + The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. + + + + + The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. + + + + + The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. + + + + + The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. + + + + + The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. + + + + + The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. + + + + + The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. + + + + + The relationship completeness is not specified. + + + + + + + + + Defines a syntax for representing two character language code (ISO-639) followed by an optional two + character country code. The language code must be lower case. If the country code is specified, the + country code must be upper case. The language code and country code must be separated by a minus sign. + Examples: en, en-US, fr, fr-CA + + + + + + + + + + + + The software versioning type. It is recommended that the release type use one + of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software + release types is not practical, so standardizing on the recommended values, whenever possible, + is strongly encouraged. + * major = A major release may contain significant changes or may introduce breaking changes. + * minor = A minor release, also known as an update, may contain a smaller number of changes than major releases. + * patch = Patch releases are typically unplanned and may resolve defects or important security issues. + * pre-release = A pre-release may include alpha, beta, or release candidates and typically have + limited support. They provide the ability to preview a release prior to its general availability. + * internal = Internal releases are not for public consumption and are intended to be used exclusively + by the project or manufacturer that produced it. + + + + + + The title of the release. + + + + + The URL to an image that may be prominently displayed with the release note. + + + + + The URL to an image that may be used in messaging on social media platforms. + + + + + A short description of the release. + + + + + The date and time (timestamp) when the release note was created. + + + + + + + + One or more alternate names the release may be referred to. This may + include unofficial terms used by development and marketing teams (e.g. code names). + + + + + + + + + A collection of issues that have been resolved. + + + + + + + + + + + + + Zero or more release notes containing the locale and content. Multiple + note elements may be specified to support release notes in a wide variety of languages. + + + + + + The ISO-639 (or higher) language code and optional ISO-3166 + (or higher) country code. Examples include: "en", "en-US", "fr" and "fr-CA". + + + + + Specifies the full content of the release note. + + + + + + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + A model card describes the intended uses of a machine learning model and potential limitations, including + biases and ethical considerations. Model cards typically contain the training parameters, which datasets + were used to train the model, performance metrics, and other relevant data useful for ML transparency. + This object SHOULD be specified for any component of type `machine-learning-model` and must not be specified + for other component types. + + + + + + + Hyper-parameters for construction of the model. + + + + + + + + The overall approach to learning used by the model for problem solving. + + + + + + + + Learning types describing the learning problem or hybrid learning problem. + + + + + + + + + + Directly influences the input and/or output. Examples include classification, + regression, clustering, etc. + + + + + + + The model architecture family such as transformer network, convolutional neural + network, residual neural network, LSTM neural network, etc. + + + + + + + The specific architecture of the model such as GPT-1, ResNet-50, YOLOv3, etc. + + + + + + + The datasets used to train and evaluate the model. + + + + + + + References a data component by the components bom-ref attribute + + + + + + + + Inline Data Information + + + + + + + + + The input format(s) of the model + + + + + + + + + + + The data format for input to the model. Example formats include string, image, time-series + + + + + + + + + + + + + The output format(s) from the model + + + + + + + + + + + The data format for output from the model. Example formats include string, image, time-series + + + + + + + + + + + + + + + + A quantitative analysis of the model + + + + + + + + + + + + + + The type of performance metric. + + + + + + + The value of the performance metric. + + + + + + + The name of the slice this metric was computed on. By default, assume + this metric is not sliced. + + + + + + + The confidence interval of the metric. + + + + + + + + The lower bound of the confidence interval. + + + + + + + The upper bound of the confidence interval. + + + + + + + + + + + + + + + + A collection of graphics that represent various measurements + + + + + + + + A description of this collection of graphics. + + + + + + + A collection of graphics. + + + + + + + + + + + The name of the graphic. + + + + + + + The graphic (vector or raster). Base64 encoding must be specified for binary images. + + + + + + + + + + + + + + + + + + + What considerations should be taken into account regarding the model's construction, training, + and application? + + + + + + + + Who are the intended users of the model? + + + + + + + + + + + + What are the intended use cases of the model? + + + + + + + + + + + + What are the known technical limitations of the model? E.g. What kind(s) of data + should the model be expected not to perform well on? What are the factors that might + degrade model performance? + + + + + + + + + + + + What are the known tradeoffs in accuracy/performance of the model? + + + + + + + + + + + + What are the ethical risks involved in the application of this model? + + + + + + + + + + + The name of the risk + + + + + + + Strategy used to address this risk + + + + + + + + + + + + + What are the various environmental impacts the corresponding machine learning model has exhibited across its lifecycle? + + + + + + + How does the model affect groups at risk of being systematically disadvantaged? + What are the harms and benefits to the various affected groups? + + + + + + + + + + + The groups or individuals at risk of being systematically disadvantaged by the model. + + + + + + + Expected benefits to the identified groups. + + + + + + + Expected harms to the identified groups. + + + + + + + With respect to the benefits and harms outlined, please + describe any mitigation strategy implemented. + + + + + + + + + + + + + + + + + An optional identifier which can be used to reference the model card elsewhere in the BOM. + Every bom-ref must be unique within the BOM. + + + + + + + + + Describes various environmental impact metrics. + + + + + + + Describes energy consumption information incurred for one or more component lifecycle activities. + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + Describes energy consumption information incurred for the specified lifecycle activity. + + + + + + + The type of activity that is part of a machine learning model development or operational lifecycle. + + + + + + + + model design including problem framing, goal definition and algorithm selection. + + + + + + + model data acquisition including search, selection and transfer. + + + + + + + model data preparation including data cleaning, labeling and conversion. + + + + + + + model building, training and generalized tuning. + + + + + + + refining a trained model to produce desired outputs for a given problem space. + + + + + + + model validation including model output evaluation and testing. + + + + + + + explicit model deployment to a target hosting infrastructure. + + + + + + + generating an output response from a hosted model from a set of inputs. + + + + + + + a lifecycle activity type whose description does not match currently defined values. + + + + + + + + + + The provider(s) of the energy consumed by the associated model development lifecycle activity. + + + + + + + The total energy cost associated with the model lifecycle activity. + + + + + + + The CO2 cost (debit) equivalent to the total energy cost. + + + + + + + The CO2 offset (credit) for the CO2 equivalent cost. + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + + + + + A measure of energy. + + + + + + + Quantity of energy. + + + + + + + Unit of energy. + + + + + + + + kilowatt-hour (kWh) is the energy delivered by one kilowatt (kW) of power for one hour (h). + + + + + + + + + + + + + A measure of carbon dioxide (CO2). + + + + + + + Quantity of carbon dioxide (CO2). + + + + + + + Unit of carbon dioxide (CO2). + + + + + + + + Tonnes (t) of carbon dioxide (CO2) equivalent (eq). + + + + + + + + + + + + + Describes the physical provider of energy used for model development or operations. + + + + + + + A description of the energy provider. + + + + + + + The organization of the energy provider. + + + + + + + The energy source for the energy provider. + + + + + + + + Energy produced by types of coal. + + + + + + + Petroleum products (primarily crude oil and its derivative fuel oils). + + + + + + + Hydrocarbon gas liquids (HGL) that occur as gases at atmospheric pressure and as liquids under higher pressures including Natural gas (C5H12 and heavier), Ethane (C2H6), Propane (C3H8), etc. + + + + + + + Energy produced from the cores of atoms (i.e., through nuclear fission or fusion). + + + + + + + Energy produced from moving air. + + + + + + + Energy produced from the sun (i.e., solar radiation). + + + + + + + Energy produced from heat within the earth. + + + + + + + Energy produced from flowing water. + + + + + + + Liquid fuels produced from biomass feedstocks (i.e., organic materials such as plants or animals). + + + + + + + The energy source is unknown. + + + + + + + An energy source that is not listed. + + + + + + + + + + The energy provided by the energy source for an associated activity. + + + + + + External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM. + + + + + + + An optional identifier which can be used to reference the energy provider elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + + + + An address used to identify a contactable location. + + + + + + + The country name or the two-letter ISO 3166-1 country code. + + + + + + + The region or state in the country. For example, Texas. + + + + + + + The locality or city within the country. For example, Austin. + + + + + + + The post office box number. For example, 901. + + + + + + + The postal code. For example, 78758. + + + + + + + The street address. For example, 100 Main Street. + + + + + + + + An optional identifier which can be used to reference the address elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + + + + + + Supervised machine learning involves training an algorithm on labeled + data to predict or classify new data based on the patterns learned from + the labeled examples. + + + + + + + Unsupervised machine learning involves training algorithms on unlabeled + data to discover patterns, structures, or relationships without explicit + guidance, allowing the model to identify inherent structures or clusters + within the data. + + + + + + + Reinforcement learning is a type of machine learning where an agent learns + to make decisions by interacting with an environment to maximize cumulative + rewards, through trial and error. + + + + + + + Semi-supervised machine learning utilizes a combination of labeled and + unlabeled data during training to improve model performance, leveraging + the benefits of both supervised and unsupervised learning techniques. + + + + + + + Self-supervised machine learning involves training models to predict parts + of the input data from other parts of the same data, without requiring + external labels, enabling learning from large amounts of unlabeled data. + + + + + + + + + + + + The general theme or subject matter of the data being specified. + + + + + + + The name of the dataset. + + + + + + + The contents or references to the contents of the data being described. + + + + + + + An optional way to include textual or encoded data. + + + + + The URL to where the data can be retrieved. + + + + + Provides the ability to document name-value parameters used for configuration. + + + + + + + + + Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed. + + + + + + + A description of any sensitive data in a dataset. + + + + + + + A collection of graphics that represent various measurements. + + + + + + + A description of the dataset. Can describe size of dataset, whether it's used for source code, + training, testing, or validation, etc. + + + + + + + + + An optional identifier which can be used to reference the dataset elsewhere in the BOM. + Every bom-ref must be unique within the BOM. + + + + + + + + + + + Data custodians are responsible for the safe custody, transport, and storage of data. + + + + + + + + + + + + Data stewards are responsible for data content, context, and associated business rules. + + + + + + + + + + + + Data owners are concerned with risk and appropriate access to data. + + + + + + + + + + + + + + + + + + + + + + A collection of graphics that represent various measurements. + + + + + + + A description of this collection of graphics. + + + + + + + A collection of graphics. + + + + + + + + + + + The name of the graphic. + + + + + + + The graphic (vector or raster). Base64 encoding must be specified for binary images. + + + + + + + + + + + + + + + + + Any type of code, code snippet, or data-as-code. + + + + + Parameters or settings that may be used by other components. + + + + + A collection of data. + + + + + Data that can be used to create new instances of what the definition defines. + + + + + Any other type of data that does not fit into existing definitions. + + + + + + + + + References a component or service by its bom-ref attribute + + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies an individual property with a name and value. + + + + + + The name of the property. Duplicate names are allowed, each potentially having a different value. + + + + + + + + + + + Defines a weakness in a component or service that could be exploited or triggered by a threat source. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The identifier that uniquely identifies the vulnerability. For example: + CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. + + + + + The source that published the vulnerability. + + + + + Zero or more pointers to vulnerabilities that are the equivalent of the + vulnerability specified. Often times, the same vulnerability may exist in multiple sources of + vulnerability intelligence, but have different identifiers. References provide a way to + correlate vulnerabilities across multiple sources of vulnerability intelligence. + + + + + + A pointer to a vulnerability that is the equivalent of the + vulnerability specified. + + + + + + The identifier that uniquely identifies the vulnerability. For example: + CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. + + + + + The source that published the vulnerability. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + List of vulnerability ratings. + + + + + + + + + + + + List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. + For example 399 (of https://cwe.mitre.org/data/definitions/399.html) + + + + + + + + + + A description of the vulnerability as provided by the source. + + + + + If available, an in-depth description of the vulnerability as provided by the + source organization. Details often include information useful in understanding root cause. + + + + + Recommendations of how the vulnerability can be remediated or mitigated. + + + + + A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or impact. Workarounds often involve changes to configuration or deployments. + + + + + + + Evidence used to reproduce the vulnerability. + + + + + + Precise steps to reproduce the vulnerability. + + + + + A description of the environment in which reproduction was possible. + + + + + Supporting material that helps in reproducing or understanding how reproduction is possible. This may include screenshots, payloads, and PoC exploit code. + + + + + + + + + + + + + + + Published advisories of the vulnerability if provided. + + + + + + + + + + The date and time (timestamp) when the vulnerability record was created in the vulnerability database. + + + + + The date and time (timestamp) when the vulnerability record was first published. + + + + + The date and time (timestamp) when the vulnerability record was last updated. + + + + + The date and time (timestamp) when the vulnerability record was rejected (if applicable). + + + + + Individuals or organizations credited with the discovery of the vulnerability. + + + + + + The organizations credited with vulnerability discovery. + + + + + + + + + + The individuals, not associated with organizations, that are credited with vulnerability discovery. + + + + + + + + + + + + + The tool(s) used to identify, confirm, or score the vulnerability. + + + + + + + DEPRECATED. Use tools\components or tools\services instead. + + + + + + + A list of software and hardware components used as tools. + + + + + A list of services used as tools. + + + + + + + + + + + An assessment of the impact and exploitability of the vulnerability. + + + + + + + Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. + + + + + + + The rationale of why the impact analysis state was asserted. + + + + + + A response to the vulnerability by the manufacturer, supplier, or + project responsible for the affected component or service. More than one response + is allowed. Responses are strongly encouraged for vulnerabilities where the analysis + state is exploitable. + + + + + + + + + + + Detailed description of the impact including methods used during assessment. + If a vulnerability is not exploitable, this field should include specific details + on why the component or service is not impacted by this vulnerability. + + + + + + + The date and time (timestamp) when the analysis was first issued. + + + + + + + The date and time (timestamp) when the analysis was last updated. + + + + + + + + + The components or services that are affected by the vulnerability. + + + + + + + + + References a component or service by the objects bom-ref. + + + + + + + + Zero or more individual versions or range of versions. + + + + + + + + + + A single version of a component or service. + + + + + A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst + + + + + + + The vulnerability status for the version or range of versions. + + + + + + + + + + + + + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + + An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + + + + + The name of the source. + For example: NVD, National Vulnerability Database, OSS Index, VulnDB, and GitHub Advisories + + + + + + The url of the vulnerability documentation as provided by the source. + For example: https://nvd.nist.gov/vuln/detail/CVE-2021-39182 + + + + + + + + + + The source that calculated the severity or risk rating of the vulnerability. + + + + + The numerical score of the rating. + + + + + Textual representation of the severity that corresponds to the numerical score of the rating. + + + + + The risk scoring methodology/standard used. + + + + + Textual representation of the metric values used to score the vulnerability. + + + + + An optional reason for rating the vulnerability as it was. + + + + + + + + + + An optional name of the advisory. + + + + + Location where the advisory can be obtained. + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The organization that created the annotation + + + + + The person that created the annotation + + + + + The tool or component that created the annotation + + + + + The service that created the annotation + + + + + + + + + + + The objects in the BOM identified by their bom-ref's. This is often components or services, but may be any object type supporting bom-refs. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + The organization, individual, component, or service which created the textual content + of the annotation. + + + + + The date and time (timestamp) when the annotation was created. + + + + + The textual content of the annotation. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the annotation elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + Textual representation of the severity of the vulnerability adopted by the analysis method. If the + analysis method uses values other than what is provided, the user is expected to translate appropriately. + + + + + + Critical severity + + + + + High severity + + + + + Medium severity + + + + + Low severity + + + + + Informational warning. + + + + + None + + + + + The severity is not known + + + + + + + + + Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. + + + + + + + The vulnerability has been remediated. + + + + + + + The vulnerability has been remediated and evidence of the changes are provided in the affected + components pedigree containing verifiable commit history and/or diff(s). + + + + + + + The vulnerability may be directly or indirectly exploitable. + + + + + + + The vulnerability is being investigated. + + + + + + + The vulnerability is not specific to the component or service and was falsely identified or associated. + + + + + + + The component or service is not affected by the vulnerability. Justification should be specified + for all not_affected cases. + + + + + + + + + + The rationale of why the impact analysis state was asserted. + + + + + + + The code has been removed or tree-shaked. + + + + + + + The vulnerable code is not invoked at runtime. + + + + + + + Exploitability requires a configurable option to be set/unset. + + + + + + + Exploitability requires a dependency that is not present. + + + + + + + Exploitability requires a certain environment which is not present. + + + + + + + Exploitability requires a compiler flag to be set/unset. + + + + + + + Exploits are prevented at runtime. + + + + + + + Attacks are blocked at physical, logical, or network perimeter. + + + + + + + Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability. + + + + + + + + + + Specifies the severity or risk scoring methodology or standard used. + + + + + + + Common Vulnerability Scoring System v2.0 standard as defined at https://www.first.org/cvss/v2/ + + + + + + + Common Vulnerability Scoring System v3.0 standard as defined at https://www.first.org/cvss/v3-0/ + + + + + + + Common Vulnerability Scoring System v3.1 standard as defined at https://www.first.org/cvss/v3-1/ + + + + + + + Common Vulnerability Scoring System v4.0 standard as defined at https://www.first.org/cvss/v4-0/ + + + + + + + OWASP Risk Rating as defined at https://owasp.org/www-community/OWASP_Risk_Rating_Methodology + + + + + + + Stakeholder Specific Vulnerability Categorization as defined at https://github.com/CERTCC/SSVC + + + + + + + Another severity or risk scoring methodology + + + + + + + + + + The rationale of why the impact analysis state was asserted. + + + + + + Can not fix + + + + + Will not fix + + + + + Update to a different revision or release + + + + + Revert to a previous revision or release + + + + + There is a workaround available + + + + + + + + + The vulnerability status of a given version or range of versions of a product. The statuses + 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. + The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. + There can be many reasons for an 'unknown' status, including that an investigation has not been + undertaken or that a vendor has not disclosed the status. + + + + + + The version is affected by the vulnerability. + + + + + The version is not affected by the vulnerability. + + + + + It is unknown (or unspecified) whether the given version is affected. + + + + + + + + + Describes how a component or service was manufactured or deployed. This is achieved through the use + of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the + observed formulas describing the steps which transpired in the manufacturing process. + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + Describes workflows and resources that captures rules and other aspects of how the associated + BOM component or service was formed. + + + + + + Transient components that are used in tasks that constitute one or more of + this formula's workflows + + + + + Transient services that are used in tasks that constitute one or more of + this formula's workflows + + + + + List of workflows that can be declared to accomplish specific orchestrated goals + and independently triggered. + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + + An optional identifier which can be used to reference the formula elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + The unique identifier for the resource instance within its deployment context. + + + + + + + The name of the resource instance. + + + + + + + The description of the resource instance. + + + + + + References to component or service resources that are used to realize + the resource instance. + + + + + The tasks that comprise the workflow. + + + + + The graph of dependencies between tasks within the workflow. + + + + + Indicates the types of activities performed by the set of workflow tasks. + + + + + + + + + + The trigger that initiated the task. + + + + + + The sequence of steps for the task. + + + + + + + + + + + Represents resources and data brought into a task at runtime by executor + or task commands + + + + + + + + + + Represents resources and data output from a task at runtime by executor + or task commands + + + + + + + + + + + The date and time (timestamp) when the task started. + + + + + + + The date and time (timestamp) when the task ended. + + + + + + A set of named filesystem or data resource shareable by workflow tasks. + + + + + A graph of the component runtime topology for workflow's instance. + A description of the runtime component and service topology. This can describe a partial or + complete topology used to host and execute the task (e.g., hardware, operating systems, + configurations, etc.) + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the workflow elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + References an object by its bom-ref attribute + + + + + + + + + + Reference to an externally accessible resource. + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + The unique identifier for the resource instance within its deployment context. + + + + + + + The name of the resource instance. + + + + + + + The description of the resource instance. + + + + + + + References to component or service resources that are used to realize the resource instance. + + + + + + + Indicates the types of activities performed by the set of workflow tasks. + + + + + + + + + + + + The trigger that initiated the task. + + + + + + + The sequence of steps for the task. + + + + + + + + + + + + Represents resources and data brought into a task at runtime by executor or task commands. + + + + + + + + + + + + Represents resources and data output from a task at runtime by executor or task commands + + + + + + + + + + + + The date and time (timestamp) when the task started. + + + + + + + The date and time (timestamp) when the task ended. + + + + + + + A set of named filesystem or data resource shareable by workflow tasks. + + + + + + + A graph of the component runtime topology for task's instance. + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the task elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + A task that copies software or data used to accomplish other tasks in the workflow. + + + + + A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step. + + + + + A task that checks source code for programmatic and stylistic errors. + + + + + A task that performs a scan against source code, or built or deployed components and services. Scans are typically run to gather or test for security vulnerabilities or policy compliance. + + + + + A task that merges changes or fixes into source code prior to a build step in the workflow. + + + + + A task that builds the source code, dependencies and/or data into an artifact that can be deployed to and executed on target systems. + + + + + A task that verifies the functionality of a component or service. + + + + + A task that delivers a built artifact to one or more target repositories or storage systems. + + + + + A task that deploys a built artifact for execution on one or more target systems. + + + + + A task that releases a built, versioned artifact to a target repository or distribution system. + + + + + A task that cleans unnecessary tools, build artifacts and/or data from workflow storage. + + + + + A workflow task that does not match current task type definitions. + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + A named filesystem or data resource shareable by workflow tasks. + + + + + + + The unique identifier for the resource instance within its deployment context. + + + + + + + The name of the resource instance. + + + + + + + The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping + so other tasks can use their own local name in their steps. + + + + + + + + + + + + The description of the resource instance. + + + + + + + References to component or service resources that are used to realize the resource instance. + + + + + + + Describes the read-write access control for the workspace relative to the owning resource instance. + + + + + + + A path to a location on disk where the workspace will be available to the associated task's steps. + + + + + + + The name of a domain-specific data type the workspace represents. This property is for CI/CD + frameworks that are able to provide access to structured, managed data at a more granular level + than a filesystem. + + + + + + + Identifies the reference to the request for a specific volume type and parameters. + + + + + + + Information about the actual volume instance allocated to the workspace. + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the workflow elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + + + + + + + + An identifiable, logical unit of data storage tied to a physical device. + + + + + + + The unique identifier for the volume instance within its deployment context. + + + + + + + The name of the volume instance + + + + + + + The mode for the volume instance. + + + + + + + The underlying path created from the actual volume. + + + + + + + The allocated size of the volume accessible to the associated workspace. This should include + the scalar size as well as IEC standard unit in either decimal or binary form. + + + + + + + Indicates if the volume persists beyond the life of the resource it is associated with. + + + + + + + Indicates if the volume is remotely (i.e., network) attached. + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + + + + + + + + + + + Executes specific commands or tools in order to accomplish its owning task as part of a sequence. + + + + + + + A name for the step. + + + + + + + A description of the step. + + + + + + + Ordered list of commands or directives for the step + + + + + + + + + + + A text representation of the executed command. + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + The unique identifier for the resource instance within its deployment context. + + + + + + + The name of the resource instance. + + + + + + + The description of the resource instance. + + + + + + + References to component or service resources that are used to realize the resource instance. + + + + + + + The source type of event which caused the trigger to fire. + + + + + + + The event data that caused the associated trigger to activate. + + + + + + A list of conditions used to determine if a trigger should be activated. + + + + + + + A condition that was used to determine a trigger should be activated. + + + + + + + + Describes the set of conditions which cause the trigger to activate. + + + + + + + The logical expression that was evaluated that determined the trigger should be fired. + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + + + + + + + The date and time (timestamp) when the trigger was activated. + + + + + + + Represents resources and data brought into a task at runtime by executor or task commands + + + + + + + + + + + + Represents resources and data output from a task at runtime by executor or task commands + + + + + + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the trigger elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + + + + + + + + + The unique identifier of the event. + + + + + + + A description of the event. + + + + + + + The date and time (timestamp) when the event was received. + + + + + + + Encoding of the raw event data. + + + + + + + References the component or service that was the source of the event + + + + + + + References the component or service that was the target of the event + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + Type that represents various input data types and formats. + + + + + + + + A reference to an independent resource provided as an input to a task by the workflow runtime. + + + + + + + Inputs that have the form of parameters with names and values. + + + + + + + Inputs that have the form of parameters with names and values. + + + + + + + + + + + + + + + + Inputs that have the form of data. + + + + + + + + A references to the component or service that provided the input to the task + (e.g., reference to a service with data flow value of inbound) + + + + + + + A reference to the component or service that received or stored the input if not the task + itself (e.g., a local, named storage workspace) + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + Represents resources and data output from a task at runtime by executor or task commands + + + + + + + + A reference to an independent resource generated as output by the task. + + + + + + + Outputs that have the form of environment variables. + + + + + + + + + + + + + + + + Outputs that have the form of data. + + + + + + + + Describes the type of data output. + + + + + + + Component or service that generated or provided the output from the task (e.g., a build tool) + + + + + + + Component or service that received the output from the task + (e.g., reference to an artifactory service with data flow value of outbound) + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + + + + + + + + + + + + + + + A representation of a functional parameter. + + + + + + + The name of the parameter. + + + + + + + The value of the parameter. + + + + + + + The data type of the parameter. + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + Cryptographic assets have properties that uniquely define them and that make them actionable for + further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) + or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the + algorithm primitive (authenticated encryption) is only defined by the definition of the algorithm variant. + The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference. + + + + + + + Cryptographic assets occur in several forms. Algorithms and protocols are most commonly + implemented in specialized cryptographic libraries. They may however also be 'hardcoded' + in software components. Certificates and related cryptographic material like keys, tokens, + secrets or passwords are other cryptographic assets to be modelled. + + + + + + + + Mathematical function commonly used for data encryption, authentication, and + digital signatures. + + + + + + + An electronic document that is used to provide the identity or validate a public key. + + + + + + + A set of rules and guidelines that govern the behavior and communication with each other. + + + + + + + Other cryptographic assets that are related to algorithms, certificate, and protocols + such as keys and tokens. + + + + + + + + + + Additional properties specific to a cryptographic algorithm. + + + + + + + + Cryptographic building blocks used in higher-level cryptographic systems and + protocols. Primitives represent different cryptographic routines: deterministic + random bit generators (drbg, e.g. CTR_DRBG from NIST SP800-90A-r1), message + authentication codes (mac, e.g. HMAC-SHA-256), blockciphers (e.g. AES), + streamciphers (e.g. Salsa20), signatures (e.g. ECDSA), hash functions (e.g. SHA-256), + public-key encryption schemes (pke, e.g. RSA), extended output functions + (xof, e.g. SHAKE256), key derivation functions (e.g. pbkdf2), key agreement + algorithms (e.g. ECDH), key encapsulation mechanisms (e.g. ML-KEM), authenticated + encryption (ae, e.g. AES-GCM) and the combination of multiple algorithms + (combiner, e.g. SP800-56Cr2). + + + + + + + + Deterministic Random Bit Generator (DRBG) is a type of pseudorandom + number generator designed to produce a sequence of bits from an initial + seed value. DRBGs are commonly used in cryptographic applications where + reproducibility of random values is important. + + + + + + + In cryptography, a Message Authentication Code (MAC) is information + used for authenticating and integrity-checking a message. + + + + + + + A block cipher is a symmetric key algorithm that operates on fixed-size + blocks of data. It encrypts or decrypts the data in block units, + providing confidentiality. Block ciphers are widely used in various + cryptographic modes and protocols for secure data transmission. + + + + + + + A stream cipher is a symmetric key cipher where plaintext digits are + combined with a pseudorandom cipher digit stream (keystream). + + + + + + + In cryptography, a signature is a digital representation of a message + or data that proves its origin, identity, and integrity. Digital + signatures are generated using cryptographic algorithms and are widely + used for authentication and verification in secure communication. + + + + + + + A hash function is a mathematical algorithm that takes an input + (or 'message') and produces a fixed-size string of characters, which is + typically a hash value. Hash functions are commonly used in various + cryptographic applications, including data integrity verification and + password hashing. + + + + + + + Public Key Encryption (PKE) is a type of encryption that uses a pair of + public and private keys for secure communication. The public key is used + for encryption, while the private key is used for decryption. PKE is a + fundamental component of public-key cryptography. + + + + + + + An XOF is an extendable output function that can take arbitrary input + and creates a stream of output, up to a limit determined by the size of + the internal state of the hash function that underlies the XOF. + + + + + + + A Key Derivation Function (KDF) derives key material from another source + of entropy while preserving the entropy of the input. + + + + + + + In cryptography, a key-agreement is a protocol whereby two or more + parties agree on a cryptographic key in such a way that both influence + the outcome. + + + + + + + A Key Encapsulation Mechanism (KEM) algorithm is a mechanism for + transporting random keying material to a recipient using the recipient's + public key. + + + + + + + Authenticated Encryption (AE) is a cryptographic process that provides + both confidentiality and data integrity. It ensures that the encrypted + data has not been tampered with and comes from a legitimate source. + AE is commonly used in secure communication protocols. + + + + + + + A combiner aggregates many candidates for a cryptographic primitive and + generates a new candidate for the same primitive. + + + + + + + Another primitive type. + + + + + + + The primitive is not known. + + + + + + + + + + An identifier for the parameter set of the cryptographic algorithm. Examples: in + AES128, '128' identifies the key length in bits, in SHA256, '256' identifies the + digest length, '128' in SHAKE128 identifies its maximum security level in bits, and + 'SHA2-128s' identifies a parameter set used in SLH-DSA (FIPS205). + + + + + + + The specific underlying Elliptic Curve (EC) definition employed which is an indicator + of the level of security strength, performance and complexity. Absent an + authoritative source of curve names, CycloneDX recommends use of curve names as + defined at https://neuromancer.sk/std/, the source from which can be found at + https://github.com/J08nY/std-curves. + + + + + + + The target and execution environment in which the algorithm is implemented in. + + + + + + + + A software implementation running in plain unencrypted RAM. + + + + + + + A software implementation running in encrypted RAM. + + + + + + A software implementation running in a trusted execution environment. + + + + + + A hardware implementation. + + + + + + Another implementation environment. + + + + + + The execution environment is not known. + + + + + + + + + + The target platform for which the algorithm is implemented. The implementation can + be 'generic', running on any platform or for a specific platform. + + + + + + + + + + + + + + + + + + + + + + + + + The certification that the implementation of the cryptographic algorithm has + received, if any. Certifications include revisions and levels of FIPS 140 or + Common Criteria of different Extended Assurance Levels (CC-EAL). + + + + + + + + No certification obtained + + + + + + + FIPS 140-1 Level 1 + + + + + + + FIPS 140-1 Level 2 + + + + + + + FIPS 140-1 Level 3 + + + + + + + FIPS 140-1 Level 4 + + + + + + + FIPS 140-2 Level 1 + + + + + + + FIPS 140-2 Level 2 + + + + + + + FIPS 140-2 Level 3 + + + + + + + FIPS 140-2 Level 4 + + + + + + + FIPS 140-3 Level 1 + + + + + + + FIPS 140-3 Level 2 + + + + + + + FIPS 140-3 Level 3 + + + + + + + FIPS 140-3 Level 4 + + + + + + + Common Criteria - Evaluation Assurance Level 1 + + + + + + + Common Criteria - Evaluation Assurance Level 1 (Augmented) + + + + + + + Common Criteria - Evaluation Assurance Level 2 + + + + + + + Common Criteria - Evaluation Assurance Level 2 (Augmented) + + + + + + + Common Criteria - Evaluation Assurance Level 3 + + + + + + + Common Criteria - Evaluation Assurance Level 3 (Augmented) + + + + + + + Common Criteria - Evaluation Assurance Level 4 + + + + + + + Common Criteria - Evaluation Assurance Level 4 (Augmented) + + + + + + + Common Criteria - Evaluation Assurance Level 5 + + + + + + + Common Criteria - Evaluation Assurance Level 5 (Augmented) + + + + + + + Common Criteria - Evaluation Assurance Level 6 + + + + + + + Common Criteria - Evaluation Assurance Level 6 (Augmented) + + + + + + + Common Criteria - Evaluation Assurance Level 7 + + + + + + + Common Criteria - Evaluation Assurance Level 7 (Augmented) + + + + + + + Another certification + + + + + + + The certification level is not known + + + + + + + + + + The mode of operation in which the cryptographic algorithm (block cipher) is used. + + + + + + + + Cipher block chaining + + + + + + + Electronic codebook + + + + + + + Counter with cipher block chaining message authentication code + + + + + + + Galois/counter + + + + + + + Cipher feedback + + + + + + + Output feedback + + + + + + + Counter + + + + + + + Another mode of operation + + + + + + + The mode of operation is not known + + + + + + + + + + The padding scheme that is used for the cryptographic algorithm. + + + + + + + + Password-Based Cryptography Specification #5 + + + + + + + Public Key Cryptography Standard: Cryptographic Message Syntax + + + + + + + Public Key Cryptography Standard: RSA Cryptography v1.5 + + + + + + + Optimal asymmetric encryption padding + + + + + + + Raw + + + + + + + Another padding scheme + + + + + + + The padding scheme is not known + + + + + + + + + + The cryptographic functions implemented by the cryptographic algorithm. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The classical security level that a cryptographic algorithm provides (in bits). + + + + + + + + + + + + The NIST security strength category as defined in + https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria). + A value of 0 indicates that none of the categories are met. + + + + + + + + + + + + + + + + Properties for cryptographic assets of asset type 'certificate' + + + + + + + + The subject name for the certificate + + + + + + + The issuer name for the certificate + + + + + + + The date and time according to ISO-8601 standard from which the certificate is valid + + + + + + + The date and time according to ISO-8601 standard from which the certificate is not valid anymore + + + + + + + The bom-ref to signature algorithm used by the certificate + + + + + + + The bom-ref to the public key of the subject + + + + + + + The format of the certificate. Examples include X.509, PEM, DER, and CVC + + + + + + + The file extension of the certificate. Examples include crt, pem, cer, der, and p12. + + + + + + + + + + Properties for cryptographic assets of asset type 'relatedCryptoMaterial' + + + + + + + + The type for the related cryptographic material + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The optional unique identifier for the related cryptographic material. + + + + + + + The key state as defined by NIST SP 800-57. + + + + + + + + + + + + + + + + + The bom-ref to the algorithm used to generate the related cryptographic material. + + + + + + + The date and time (timestamp) when the related cryptographic material was created. + + + + + + + The date and time (timestamp) when the related cryptographic material was activated. + + + + + + + The date and time (timestamp) when the related cryptographic material was updated. + + + + + + + The date and time (timestamp) when the related cryptographic material expires. + + + + + + + The associated value of the cryptographic material. + + + + + + + The size of the cryptographic asset (in bits). + + + + + + + The format of the related cryptographic material (e.g. P8, PEM, DER). + + + + + + + The mechanism by which the cryptographic asset is secured by. + + + + + + + + Specifies the mechanism by which the cryptographic asset is secured by. + Examples include HSM, TPM, XGX, Software, and None. + + + + + + + The bom-ref to the algorithm. + + + + + + + + + + + + + Properties specific to cryptographic assets of type: 'protocol'. + + + + + + + + The concrete protocol type. + + + + + + + + Transport Layer Security + + + + + + + Secure Shell + + + + + + + Internet Protocol Security + + + + + + + Internet Key Exchange + + + + + + + Secure Socket Tunneling Protocol + + + + + + + Wi-Fi Protected Access + + + + + + + Another protocol type + + + + + + + The protocol type is not known + + + + + + + + + + The version of the protocol. Examples include 1.0, 1.2, and 1.99. + + + + + + + A list of cipher suites related to the protocol. + + + + + + + + + + + A common name for the cipher suite. For example: TLS_DHE_RSA_WITH_AES_128_CCM + + + + + + + A list of algorithms related to the cipher suite. + + + + + + + + The bom-ref to algorithm cryptographic asset. + + + + + + + + + + A list of common identifiers for the cipher suite. + + + + + + + + Cipher suite identifier. Examples include 0xC0 and 0x9E. + + + + + + + + + + + + + + + + The IKEv2 transform types supported (types 1-4), defined in RFC7296 section 3.3.2, + and additional properties. + + + + + + + + Transform Type 1: encryption algorithms + + + + + + + Transform Type 2: pseudorandom functions + + + + + + + Transform Type 3: integrity algorithms + + + + + + + Transform Type 4: Key Exchange Method (KE) per RFC9370, formerly called Diffie-Hellman Group (D-H) + + + + + + + Specifies if an Extended Sequence Number (ESN) is used. + + + + + + + IKEv2 Authentication method + + + + + + + + + A protocol-related cryptographic assets + + + + + + + + + The object identifier (OID) of the cryptographic asset. + + + + + + + + + + + + The list of assessors evaluating claims and determining conformance to requirements and confidence in that assessment. + + + + + + + + The assessor who evaluates claims and determines conformance to requirements and confidence in that assessment. + + + + + + + + The boolean indicating if the assessor is outside the organization generating claims. A value of false indicates a self assessor. + + + + + + + The entity issuing the assessment. + + + + + + + + An optional identifier which can be used to reference the object elsewhere in the BOM. + Every bom-ref must be unique within the BOM. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + The list of attestations asserted by an assessor that maps requirements to claims. + + + + + + + + An attestation asserted by an assessor that maps requirements to claims. + + + + + + + + The short description explaining the main points of the attestation. + + + + + + + The `bom-ref` to the assessor asserting the attestation. + + + + + + + The grouping of requirements to claims and the attestors declared conformance and confidence thereof. + + + + + + + + The `bom-ref` to the requirement being attested to. + + + + + + + The list of `bom-ref` to the claims being attested to. + + + + + + + + The `bom-ref` to the claim being attested to. + + + + + + + + + + The list of `bom-ref` to the counter claims being attested to. + + + + + + + + The `bom-ref` to the counter claim being attested to. + + + + + + + + + + The conformance of the claim meeting a requirement. + + + + + + + + The conformance of the claim between and inclusive of 0 and 1, where 1 is 100% conformance. + + + + + + + + + + + + + The rationale for the score of conformance. + + + + + + + The list of `bom-ref` to the evidence provided describing the + mitigation strategies. Each mitigation strategy should include an + explanation of how any weaknesses in the evidence will be mitigated. + + + + + + + + + + + + + + + The confidence of the claim meeting the requirement. + + + + + + + + The confidence of the claim between and inclusive of 0 and 1, where 1 is 100% confidence. + + + + + + + + + + + + + The rationale for the confidence score. + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + + + The list of claims. + + + + + + + + + + + The `bom-ref` to a target representing a specific system, application, + API, module, team, person, process, business unit, company, etc... + that this claim is being applied to. + + + + + + + The specific statement or assertion about the target. + + + + + + + The list of `bom-ref` to the evidence provided describing the + mitigation strategies. Each mitigation strategy should include an + explanation of how any weaknesses in the evidence will be mitigated. + + + + + + + + + + + + The written explanation of why the evidence provided substantiates the claim. + + + + + + + The list of `bom-ref` to evidence that supports this claim. + + + + + + + The list of `bom-ref` to counterEvidence that supports this claim. + + + + + + Provides the ability to document external references related to the claim the BOM describes. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the object elsewhere + in the BOM. Every bom-ref must be unique within the BOM. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + The list of evidence + + + + + + + + The list of evidence + + + + + + + + The reference to the property name as defined in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy/). + + + + + + + The written description of what this evidence is and how it was created. + + + + + + + The output or analysis that supports claims. + + + + + + + + The name of the data. + + + + + + + The contents or references to the contents of the data being described. + + + + + + + An optional way to include textual or encoded data. + + + + + The URL to where the data can be retrieved. + + + + + + + + + Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed. + + + + + + + A description of any sensitive data. + + + + + + + + + + The date and time (timestamp) when the evidence was created. + + + + + The optional date and time (timestamp) when the evidence is no longer valid. + + + + + The author of the evidence. + + + + + The reviewer of the evidence. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the object elsewhere + in the BOM. Every bom-ref must be unique within the BOM. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + The list of targets which claims are made against. + + + + + + + + The list of organizations which claims are made against. + + + + + + + + + + + + The list of components which claims are made against. + + + + + + + + + + + + The list of services which claims are made against. + + + + + + + + + + + + + + + A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment. + It includes a list of authorized signatories who assert the validity of the document on behalf of the organization. + + + + + + + + The brief statement affirmed by an individual regarding all declarations. + This could be an affirmation of acceptance by a third-party auditor or receiving + individual of a file. For example: "I certify, to the best of my knowledge, that all information is correct." + + + + + + + The list of signatories authorized on behalf of an organization to assert validity of this document. + + + + + + + + + + + The signatory's name. + + + + + + + The signatory's role within an organization. + + + + + + + The signatory's organization. + + + + + + + An External reference provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM. + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + A collection of reusable objects that are defined and may be used elsewhere in the BOM. + + + + + + + + + + + The list of standards which may consist of regulations, industry or organizational-specific standards, maturity models, best practices, or any other requirements which can be evaluated against or attested to. + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + A standard may consist of regulations, industry or organizational-specific standards, maturity models, best practices, or any other requirements which can be evaluated against or attested to. + + + + + + + The name of the standard. This will often be a shortened, single name of the standard. + + + + + + + The version of the standard. + + + + + + + The description of the standard. + + + + + + + The owner of the standard, often the entity responsible for its release. + + + + + + + The list of requirements comprising the standard. + + + + + + + + + + + The unique identifier used in the standard to identify a specific requirement. This should match what is in the standard and should not be the requirements bom-ref. + + + + + + + The title of the requirement. + + + + + + + The textual content of the requirement. + + + + + + + The supplemental text that provides additional guidance or context to the requirement, but is not directly part of the requirement. + + + + + + + + + + + + The Common Requirements Enumeration (CRE) identifier(s). CRE is a structured and standardized framework for uniting security standards and guidelines. CRE links each section of a resource to a shared topic identifier (a Common Requirement). Through this shared topic link, all resources map to each other. Use of CRE promotes clear and unambiguous communication among stakeholders. + + + + + + + + + + + + The optional `bom-ref` to a parent requirement. This establishes a hierarchy of requirements. Top-level requirements must not define a parent. Only child requirements should define parents. + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + Provides the ability to document external references related to the BOM or + to the project the BOM describes. + + + + + + + An optional identifier which can be used to reference the object elsewhere + in the BOM. Every bom-ref must be unique within the BOM. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + The list of levels associated with the standard. Some standards have different levels of compliance. + + + + + + + + + + + The identifier used in the standard to identify a specific level. + + + + + + + The title of the level. + + + + + + + The description of the level. + + + + + + + The list of requirement `bom-ref`s that comprise the level. + + + + + + + + + + + + + An optional identifier which can be used to reference the object elsewhere + in the BOM. Every bom-ref must be unique within the BOM. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + Provides the ability to document external references related to the BOM or + to the project the BOM describes. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the object elsewhere + in the BOM. Every bom-ref must be unique within the BOM. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + Textual strings that aid in discovery, search, and retrieval of the associated + object. Tags often serve as a way to group or categorize similar or related objects by various + attributes. + + Examples include: + "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection" + + + + + + + + + + + + Provides additional information about a BOM. + + + + + A list of software and hardware components. + + + + + A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services. + + + + + Provides the ability to document external references related to the BOM or + to the project the BOM describes. + + + + + Provides the ability to document dependency relationships. + + + + + Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described. + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is optional. + + + + + Vulnerabilities identified in components or services. + + + + + Comments made by people, organizations, or tools about any object with + a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike + inventory information, annotations may contain opinion or commentary from various + stakeholders. Annotations may be inline (with inventory) or externalized via BOM-Link, + and may optionally be signed. + + + + + Describes how a component or service was manufactured or deployed. This is + achieved through the use of formulas, workflows, tasks, and steps, which declare the precise + steps to reproduce along with the observed formulas describing the steps which transpired + in the manufacturing process. + + + + + + The list of declarations which describe the conformance to standards. Each declaration may + include attestations, claims, and evidence. + + + + + + + A collection of reusable objects that are defined and may be used elsewhere in the BOM. + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Whenever an existing BOM is modified, either manually or through automated + processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with + multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. + The default version is '1'. + + + + + Every BOM generated SHOULD have a unique serial number, even if the contents of + the BOM have not changed over time. If specified, the serial number must conform to RFC-4122. + Use of serial numbers are recommended. + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + diff --git a/src/main/resources/jsf-0.82.schema.json b/src/main/resources/jsf-0.82.schema.json new file mode 100644 index 0000000000..f46bfb1e52 --- /dev/null +++ b/src/main/resources/jsf-0.82.schema.json @@ -0,0 +1,240 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://cyclonedx.org/schema/jsf-0.82.schema.json", + "type": "object", + "title": "JSON Signature Format (JSF) standard", + "$comment" : "JSON Signature Format schema is published under the terms of the Apache License 2.0. JSF was developed by Anders Rundgren (anders.rundgren.net@gmail.com) as a part of the OpenKeyStore project. This schema supports the entirely of the JSF standard excluding 'extensions'.", + "definitions": { + "signature": { + "type": "object", + "title": "Signature", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "signers": { + "type": "array", + "title": "Signature", + "description": "Unique top level property for Multiple Signatures. (multisignature)", + "items": {"$ref": "#/definitions/signer"} + } + } + }, + { + "additionalProperties": false, + "properties": { + "chain": { + "type": "array", + "title": "Signature", + "description": "Unique top level property for Signature Chains. (signaturechain)", + "items": {"$ref": "#/definitions/signer"} + } + } + }, + { + "title": "Signature", + "description": "Unique top level property for simple signatures. (signaturecore)", + "$ref": "#/definitions/signer" + } + ] + }, + "signer": { + "type": "object", + "title": "Signature", + "required": [ + "algorithm", + "value" + ], + "additionalProperties": false, + "properties": { + "algorithm": { + "oneOf": [ + { + "type": "string", + "title": "Algorithm", + "description": "Signature algorithm. The currently recognized JWA [RFC7518] and RFC8037 [RFC8037] asymmetric key algorithms. Note: Unlike RFC8037 [RFC8037] JSF requires explicit Ed* algorithm names instead of \"EdDSA\".", + "enum": [ + "RS256", + "RS384", + "RS512", + "PS256", + "PS384", + "PS512", + "ES256", + "ES384", + "ES512", + "Ed25519", + "Ed448", + "HS256", + "HS384", + "HS512" + ] + }, + { + "type": "string", + "title": "Algorithm", + "description": "Signature algorithm. Note: If proprietary signature algorithms are added, they must be expressed as URIs.", + "format": "uri" + } + ] + }, + "keyId": { + "type": "string", + "title": "Key ID", + "description": "Optional. Application specific string identifying the signature key." + }, + "publicKey": { + "title": "Public key", + "description": "Optional. Public key object.", + "$ref": "#/definitions/publicKey" + }, + "certificatePath": { + "type": "array", + "title": "Certificate path", + "description": "Optional. Sorted array of X.509 [RFC5280] certificates, where the first element must contain the signature certificate. The certificate path must be contiguous but is not required to be complete.", + "items": { + "type": "string" + } + }, + "excludes": { + "type": "array", + "title": "Excludes", + "description": "Optional. Array holding the names of one or more application level properties that must be excluded from the signature process. Note that the \"excludes\" property itself, must also be excluded from the signature process. Since both the \"excludes\" property and the associated data it points to are unsigned, a conforming JSF implementation must provide options for specifying which properties to accept.", + "items": { + "type": "string" + } + }, + "value": { + "type": "string", + "title": "Signature", + "description": "The signature data. Note that the binary representation must follow the JWA [RFC7518] specifications." + } + } + }, + "keyType": { + "type": "string", + "title": "Key type", + "description": "Key type indicator.", + "enum": [ + "EC", + "OKP", + "RSA" + ] + }, + "publicKey": { + "title": "Public key", + "description": "Optional. Public key object.", + "type": "object", + "required": [ + "kty" + ], + "additionalProperties": true, + "properties": { + "kty": { + "$ref": "#/definitions/keyType" + } + }, + "allOf": [ + { + "if": { + "properties": { "kty": { "const": "EC" } } + }, + "then": { + "required": [ + "kty", + "crv", + "x", + "y" + ], + "additionalProperties": false, + "properties": { + "kty": { + "$ref": "#/definitions/keyType" + }, + "crv": { + "type": "string", + "title": "Curve name", + "description": "EC curve name.", + "enum": [ + "P-256", + "P-384", + "P-521" + ] + }, + "x": { + "type": "string", + "title": "Coordinate", + "description": "EC curve point X. The length of this field must be the full size of a coordinate for the curve specified in the \"crv\" parameter. For example, if the value of \"crv\" is \"P-521\", the decoded argument must be 66 bytes." + }, + "y": { + "type": "string", + "title": "Coordinate", + "description": "EC curve point Y. The length of this field must be the full size of a coordinate for the curve specified in the \"crv\" parameter. For example, if the value of \"crv\" is \"P-256\", the decoded argument must be 32 bytes." + } + } + } + }, + { + "if": { + "properties": { "kty": { "const": "OKP" } } + }, + "then": { + "required": [ + "kty", + "crv", + "x" + ], + "additionalProperties": false, + "properties": { + "kty": { + "$ref": "#/definitions/keyType" + }, + "crv": { + "type": "string", + "title": "Curve name", + "description": "EdDSA curve name.", + "enum": [ + "Ed25519", + "Ed448" + ] + }, + "x": { + "type": "string", + "title": "Coordinate", + "description": "EdDSA curve point X. The length of this field must be the full size of a coordinate for the curve specified in the \"crv\" parameter. For example, if the value of \"crv\" is \"Ed25519\", the decoded argument must be 32 bytes." + } + } + } + }, + { + "if": { + "properties": { "kty": { "const": "RSA" } } + }, + "then": { + "required": [ + "kty", + "n", + "e" + ], + "additionalProperties": false, + "properties": { + "kty": { + "$ref": "#/definitions/keyType" + }, + "n": { + "type": "string", + "title": "Modulus", + "description": "RSA modulus." + }, + "e": { + "type": "string", + "title": "Exponent", + "description": "RSA exponent." + } + } + } + } + ] + } + } +} diff --git a/src/main/resources/license-mapping.json b/src/main/resources/license-mapping.json index ca83611aac..e4f3ef31cf 100644 --- a/src/main/resources/license-mapping.json +++ b/src/main/resources/license-mapping.json @@ -26,7 +26,8 @@ "Apache-2.0 License", "Apache License version 2.0", "Apache 2 Style License", - "ASF 2.0" + "ASF 2.0", + "AL 2.0" ] }, { @@ -153,7 +154,8 @@ "GNU General Public License (GPL) version 2", "GNU General Public License (GPL) version 2.0", "GNU General Public License v2", - "GNU General Public License v2.0" + "GNU General Public License v2.0", + "GPL v2" ] }, { @@ -172,7 +174,14 @@ "GPLv2+CE", "GPLv2 with classpath exception", "GPLv2 license, includes the CLASSPATH exception", - "GNU General Public License, version 2, with the Classpath Exception" + "GNU General Public License, version 2, with the Classpath Exception", + "GNU General Public License, version 2 with the GNU Classpath Exception" + ] + }, + { + "exp": "GPL-3.0-only", + "names": [ + "GENERAL PUBLIC LICENSE, version 3 (GPL-3.0)" ] }, { @@ -222,7 +231,8 @@ "LGPL3.0", "GNU Lesser General Public License (LGPL), version 3", "GNU Lesser General Public License (LGPL), version 3.0", - "GNU Lesser General Public License v3.0" + "GNU Lesser General Public License v3.0", + "GNU LESSER GENERAL PUBLIC LICENSE, version 3 (LGPL-3.0)" ] }, { @@ -251,13 +261,15 @@ { "exp": "MPL-1.1", "names": [ - "MPL 1.1" + "MPL 1.1", + "Mozilla Public License Version 1.1" ] }, { "exp": "MPL-2.0", "names": [ - "MPL 2.0" + "MPL 2.0", + "Mozilla Public License, Version 2.0" ] }, { diff --git a/src/main/resources/licenses/389-exception.txt b/src/main/resources/licenses/389-exception.txt new file mode 100644 index 0000000000..fe5bff900a --- /dev/null +++ b/src/main/resources/licenses/389-exception.txt @@ -0,0 +1,7 @@ +This Program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. + +This Program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with this Program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + +In addition, as a special exception, Red Hat, Inc. gives You the additional right to link the code of this Program with code not covered under the GNU General Public License ("Non-GPL Code") and to distribute linked combinations including the two, subject to the limitations in this paragraph. Non-GPL Code permitted under this exception must only link to the code of this Program through those well defined interfaces identified in the file named EXCEPTION found in the source code files (the "Approved Interfaces"). The files of Non-GPL Code may instantiate templates or use macros or inline functions from the Approved Interfaces without causing the resulting work to be covered by the GNU General Public License. Only Red Hat, Inc. may make changes or additions to the list of Approved Interfaces. You must obey the GNU General Public License in all respects for all of the Program code and other code used in conjunction with the Program except the Non-GPL Code covered by this exception. If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to provide this exception without modification, you must delete this exception statement from your version and license this file solely under the GPL without exception. diff --git a/src/main/resources/licenses/3D-Slicer-1.0.txt b/src/main/resources/licenses/3D-Slicer-1.0.txt new file mode 100644 index 0000000000..38bd5230c6 --- /dev/null +++ b/src/main/resources/licenses/3D-Slicer-1.0.txt @@ -0,0 +1,190 @@ +3D Slicer Contribution and Software License Agreement ("Agreement") +Version 1.0 (December 20, 2005) + +This Agreement covers contributions to and downloads from the 3D +Slicer project ("Slicer") maintained by The Brigham and Women's +Hospital, Inc. ("Brigham"). Part A of this Agreement applies to +contributions of software and/or data to Slicer (including making +revisions of or additions to code and/or data already in Slicer). Part +B of this Agreement applies to downloads of software and/or data from +Slicer. Part C of this Agreement applies to all transactions with +Slicer. If you distribute Software (as defined below) downloaded from +Slicer, all of the paragraphs of Part B of this Agreement must be +included with and apply to such Software. + +Your contribution of software and/or data to Slicer (including prior +to the date of the first publication of this Agreement, each a +"Contribution") and/or downloading, copying, modifying, displaying, +distributing or use of any software and/or data from Slicer +(collectively, the "Software") constitutes acceptance of all of the +terms and conditions of this Agreement. If you do not agree to such +terms and conditions, you have no right to contribute your +Contribution, or to download, copy, modify, display, distribute or use +the Software. + +PART A. CONTRIBUTION AGREEMENT - License to Brigham with Right to +Sublicense ("Contribution Agreement"). + +1. As used in this Contribution Agreement, "you" means the individual + contributing the Contribution to Slicer and the institution or + entity which employs or is otherwise affiliated with such + individual in connection with such Contribution. + +2. This Contribution Agreement applies to all Contributions made to + Slicer, including without limitation Contributions made prior to + the date of first publication of this Agreement. If at any time you + make a Contribution to Slicer, you represent that (i) you are + legally authorized and entitled to make such Contribution and to + grant all licenses granted in this Contribution Agreement with + respect to such Contribution; (ii) if your Contribution includes + any patient data, all such data is de-identified in accordance with + U.S. confidentiality and security laws and requirements, including + but not limited to the Health Insurance Portability and + Accountability Act (HIPAA) and its regulations, and your disclosure + of such data for the purposes contemplated by this Agreement is + properly authorized and in compliance with all applicable laws and + regulations; and (iii) you have preserved in the Contribution all + applicable attributions, copyright notices and licenses for any + third party software or data included in the Contribution. + +3. Except for the licenses granted in this Agreement, you reserve all + right, title and interest in your Contribution. + +4. You hereby grant to Brigham, with the right to sublicense, a + perpetual, worldwide, non-exclusive, no charge, royalty-free, + irrevocable license to use, reproduce, make derivative works of, + display and distribute the Contribution. If your Contribution is + protected by patent, you hereby grant to Brigham, with the right to + sublicense, a perpetual, worldwide, non-exclusive, no-charge, + royalty-free, irrevocable license under your interest in patent + rights covering the Contribution, to make, have made, use, sell and + otherwise transfer your Contribution, alone or in combination with + any other code. + +5. You acknowledge and agree that Brigham may incorporate your + Contribution into Slicer and may make Slicer available to members + of the public on an open source basis under terms substantially in + accordance with the Software License set forth in Part B of this + Agreement. You further acknowledge and agree that Brigham shall + have no liability arising in connection with claims resulting from + your breach of any of the terms of this Agreement. + +6. YOU WARRANT THAT TO THE BEST OF YOUR KNOWLEDGE YOUR CONTRIBUTION + DOES NOT CONTAIN ANY CODE THAT REQUIRES OR PRESCRIBES AN "OPEN + SOURCE LICENSE" FOR DERIVATIVE WORKS (by way of non-limiting + example, the GNU General Public License or other so-called + "reciprocal" license that requires any derived work to be licensed + under the GNU General Public License or other "open source + license"). + +PART B. DOWNLOADING AGREEMENT - License from Brigham with Right to +Sublicense ("Software License"). + +1. As used in this Software License, "you" means the individual + downloading and/or using, reproducing, modifying, displaying and/or + distributing the Software and the institution or entity which + employs or is otherwise affiliated with such individual in + connection therewith. The Brigham and Women's Hospital, + Inc. ("Brigham") hereby grants you, with right to sublicense, with + respect to Brigham's rights in the software, and data, if any, + which is the subject of this Software License (collectively, the + "Software"), a royalty-free, non-exclusive license to use, + reproduce, make derivative works of, display and distribute the + Software, provided that: + +(a) you accept and adhere to all of the terms and conditions of this +Software License; + +(b) in connection with any copy of or sublicense of all or any portion +of the Software, all of the terms and conditions in this Software +License shall appear in and shall apply to such copy and such +sublicense, including without limitation all source and executable +forms and on any user documentation, prefaced with the following +words: "All or portions of this licensed product (such portions are +the "Software") have been obtained under license from The Brigham and +Women's Hospital, Inc. and are subject to the following terms and +conditions:" + +(c) you preserve and maintain all applicable attributions, copyright +notices and licenses included in or applicable to the Software; + +(d) modified versions of the Software must be clearly identified and +marked as such, and must not be misrepresented as being the original +Software; and + +(e) you consider making, but are under no obligation to make, the +source code of any of your modifications to the Software freely +available to others on an open source basis. + +2. The license granted in this Software License includes without + limitation the right to (i) incorporate the Software into + proprietary programs (subject to any restrictions applicable to + such programs), (ii) add your own copyright statement to your + modifications of the Software, and (iii) provide additional or + different license terms and conditions in your sublicenses of + modifications of the Software; provided that in each case your use, + reproduction or distribution of such modifications otherwise + complies with the conditions stated in this Software License. + +3. This Software License does not grant any rights with respect to + third party software, except those rights that Brigham has been + authorized by a third party to grant to you, and accordingly you + are solely responsible for (i) obtaining any permissions from third + parties that you need to use, reproduce, make derivative works of, + display and distribute the Software, and (ii) informing your + sublicensees, including without limitation your end-users, of their + obligations to secure any such required permissions. + +4. The Software has been designed for research purposes only and has + not been reviewed or approved by the Food and Drug Administration + or by any other agency. YOU ACKNOWLEDGE AND AGREE THAT CLINICAL + APPLICATIONS ARE NEITHER RECOMMENDED NOR ADVISED. Any + commercialization of the Software is at the sole risk of the party + or parties engaged in such commercialization. You further agree to + use, reproduce, make derivative works of, display and distribute + the Software in compliance with all applicable governmental laws, + regulations and orders, including without limitation those relating + to export and import control. + +5. The Software is provided "AS IS" and neither Brigham nor any + contributor to the software (each a "Contributor") shall have any + obligation to provide maintenance, support, updates, enhancements + or modifications thereto. BRIGHAM AND ALL CONTRIBUTORS SPECIFICALLY + DISCLAIM ALL EXPRESS AND IMPLIED WARRANTIES OF ANY KIND INCLUDING, + BUT NOT LIMITED TO, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR + A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL + BRIGHAM OR ANY CONTRIBUTOR BE LIABLE TO ANY PARTY FOR DIRECT, + INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY ARISING IN ANY WAY + RELATED TO THE SOFTWARE, EVEN IF BRIGHAM OR ANY CONTRIBUTOR HAS + BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM + EXTENT NOT PROHIBITED BY LAW OR REGULATION, YOU FURTHER ASSUME ALL + LIABILITY FOR YOUR USE, REPRODUCTION, MAKING OF DERIVATIVE WORKS, + DISPLAY, LICENSE OR DISTRIBUTION OF THE SOFTWARE AND AGREE TO + INDEMNIFY AND HOLD HARMLESS BRIGHAM AND ALL CONTRIBUTORS FROM AND + AGAINST ANY AND ALL CLAIMS, SUITS, ACTIONS, DEMANDS AND JUDGMENTS + ARISING THEREFROM. + +6. None of the names, logos or trademarks of Brigham or any of + Brigham's affiliates or any of the Contributors, or any funding + agency, may be used to endorse or promote products produced in + whole or in part by operation of the Software or derived from or + based on the Software without specific prior written permission + from the applicable party. + +7. Any use, reproduction or distribution of the Software which is not + in accordance with this Software License shall automatically revoke + all rights granted to you under this Software License and render + Paragraphs 1 and 2 of this Software License null and void. + +8. This Software License does not grant any rights in or to any + intellectual property owned by Brigham or any Contributor except + those rights expressly granted hereunder. + +PART C. MISCELLANEOUS + +This Agreement shall be governed by and construed in accordance with +the laws of The Commonwealth of Massachusetts without regard to +principles of conflicts of law. This Agreement shall supercede and +replace any license terms that you may have agreed to previously with +respect to Slicer. diff --git a/src/main/resources/licenses/AGPL-1.0.txt b/src/main/resources/licenses/AGPL-1.0.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/AGPL-1.0.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/AGPL-3.0.txt b/src/main/resources/licenses/AGPL-3.0.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/AGPL-3.0.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/AMD-newlib.txt b/src/main/resources/licenses/AMD-newlib.txt new file mode 100644 index 0000000000..1b2f1abd6f --- /dev/null +++ b/src/main/resources/licenses/AMD-newlib.txt @@ -0,0 +1,11 @@ +Copyright 1989, 1990 Advanced Micro Devices, Inc. + +This software is the property of Advanced Micro Devices, Inc (AMD) which +specifically grants the user the right to modify, use and distribute this +software provided this notice is not removed or altered. All other rights +are reserved by AMD. + +AMD MAKES NO WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, WITH REGARD TO THIS +SOFTWARE. IN NO EVENT SHALL AMD BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL +DAMAGES IN CONNECTION WITH OR ARISING FROM THE FURNISHING, PERFORMANCE, OR +USE OF THIS SOFTWARE. diff --git a/src/main/resources/licenses/AML-glslang.txt b/src/main/resources/licenses/AML-glslang.txt new file mode 100644 index 0000000000..2a24aeac22 --- /dev/null +++ b/src/main/resources/licenses/AML-glslang.txt @@ -0,0 +1,41 @@ +Copyright (c) 2002, NVIDIA Corporation. + +NVIDIA Corporation("NVIDIA") supplies this software to you in +consideration of your agreement to the following terms, and your use, +installation, modification or redistribution of this NVIDIA software +constitutes acceptance of these terms. If you do not agree with these +terms, please do not use, install, modify or redistribute this NVIDIA +software. + +In consideration of your agreement to abide by the following terms, and +subject to these terms, NVIDIA grants you a personal, non-exclusive +license, under NVIDIA's copyrights in this original NVIDIA software (the +"NVIDIA Software"), to use, reproduce, modify and redistribute the +NVIDIA Software, with or without modifications, in source and/or binary +forms; provided that if you redistribute the NVIDIA Software, you must +retain the copyright notice of NVIDIA, this notice and the following +text and disclaimers in all such redistributions of the NVIDIA Software. +Neither the name, trademarks, service marks nor logos of NVIDIA +Corporation may be used to endorse or promote products derived from the +NVIDIA Software without specific prior written permission from NVIDIA. +Except as expressly stated in this notice, no other rights or licenses +express or implied, are granted by NVIDIA herein, including but not +limited to any patent rights that may be infringed by your derivative +works or by other works in which the NVIDIA Software may be +incorporated. No hardware is licensed hereunder. + +THE NVIDIA SOFTWARE IS BEING PROVIDED ON AN "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, +INCLUDING WITHOUT LIMITATION, WARRANTIES OR CONDITIONS OF TITLE, +NON-INFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR +ITS USE AND OPERATION EITHER ALONE OR IN COMBINATION WITH OTHER +PRODUCTS. + +IN NO EVENT SHALL NVIDIA BE LIABLE FOR ANY SPECIAL, INDIRECT, +INCIDENTAL, EXEMPLARY, CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, LOST PROFITS; PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) OR ARISING IN ANY WAY +OUT OF THE USE, REPRODUCTION, MODIFICATION AND/OR DISTRIBUTION OF THE +NVIDIA SOFTWARE, HOWEVER CAUSED AND WHETHER UNDER THEORY OF CONTRACT, +TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF +NVIDIA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/main/resources/licenses/APL-1.0.txt b/src/main/resources/licenses/APL-1.0.txt index 261f2d687c..0748f90cd9 100644 --- a/src/main/resources/licenses/APL-1.0.txt +++ b/src/main/resources/licenses/APL-1.0.txt @@ -210,21 +210,21 @@ PART 1: INITIAL CONTRIBUTOR AND DESIGNATED WEB SITE The Initial Contributor is: ____________________________________________________ -  + [Enter full name of Initial Contributor] Address of Initial Contributor: ________________________________________________ -  + ________________________________________________ -  + ________________________________________________ -  + [Enter address above] The Designated Web Site is: __________________________________________________ -  + [Enter URL for Designated Web Site of Initial Contributor] NOTE: The Initial Contributor is to complete this Part 1, along with Parts 2, 3, and 5, and, if applicable, Parts 4 and 6. @@ -237,27 +237,27 @@ The date on which the Initial Work was first available under this License: _____ PART 3: GOVERNING JURISDICTION -For the purposes of this License, the Governing Jurisdiction is _________________________________________________. 
[Initial Contributor to Enter Governing Jurisdiction here] +For the purposes of this License, the Governing Jurisdiction is _________________________________________________. [Initial Contributor to Enter Governing Jurisdiction here] PART 4: THIRD PARTIES For the purposes of this License, "Third Party" has the definition set forth below in the ONE paragraph selected by the Initial Contributor from paragraphs A, B, C, D and E when the Initial Work is distributed or otherwise made available by the Initial Contributor. To select one of the following paragraphs, the Initial Contributor must place an "X" or "x" in the selection box alongside the one respective paragraph selected. SELECTION -  + BOX PARAGRAPH -[  ] A. "THIRD PARTY" means any third party. -  -  -[  ] B. "THIRD PARTY" means any third party except for any of the following: (a) a wholly owned subsidiary of the Subsequent Contributor in question; (b) a legal entity (the "PARENT") that wholly owns the Subsequent Contributor in question; or (c) a wholly owned subsidiary of the wholly owned subsidiary in (a) or of the Parent in (b). -  -  -[  ] C. "THIRD PARTY" means any third party except for any of the following: (a) any Person directly or indirectly owning a majority of the voting interest in the Subsequent Contributor or (b) any Person in which the Subsequent Contributor directly or indirectly owns a majority voting interest. -  -  -[  ] D. "THIRD PARTY" means any third party except for any Person directly or indirectly controlled by the Subsequent Contributor. For purposes of this definition, "control" shall mean the power to direct or cause the direction of, the management and policies of such Person whether through the ownership of voting interests, by contract, or otherwise. -  -  -[  ] E. "THIRD PARTY" means any third party except for any Person directly or indirectly controlling, controlled by, or under common control with the Subsequent Contributor. For purposes of this definition, "control" shall mean the power to direct or cause the direction of, the management and policies of such Person whether through the ownership of voting interests, by contract, or otherwise. +[ ] A. "THIRD PARTY" means any third party. + + +[ ] B. "THIRD PARTY" means any third party except for any of the following: (a) a wholly owned subsidiary of the Subsequent Contributor in question; (b) a legal entity (the "PARENT") that wholly owns the Subsequent Contributor in question; or (c) a wholly owned subsidiary of the wholly owned subsidiary in (a) or of the Parent in (b). + + +[ ] C. "THIRD PARTY" means any third party except for any of the following: (a) any Person directly or indirectly owning a majority of the voting interest in the Subsequent Contributor or (b) any Person in which the Subsequent Contributor directly or indirectly owns a majority voting interest. + + +[ ] D. "THIRD PARTY" means any third party except for any Person directly or indirectly controlled by the Subsequent Contributor. For purposes of this definition, "control" shall mean the power to direct or cause the direction of, the management and policies of such Person whether through the ownership of voting interests, by contract, or otherwise. + + +[ ] E. "THIRD PARTY" means any third party except for any Person directly or indirectly controlling, controlled by, or under common control with the Subsequent Contributor. For purposes of this definition, "control" shall mean the power to direct or cause the direction of, the management and policies of such Person whether through the ownership of voting interests, by contract, or otherwise. The default definition of "THIRD PARTY" is the definition set forth in paragraph A, if NONE OR MORE THAN ONE of paragraphs A, B, C, D or E in this Part 4 are selected by the Initial Contributor. PART 5: NOTICE @@ -271,8 +271,8 @@ PART 6: PATENT LICENSING TERMS For the purposes of this License, paragraphs A, B, C, D and E of this Part 6 of Exhibit A are only incorporated and form part of the terms of the License if the Initial Contributor places an "X" or "x" in the selection box alongside the YES answer to the question immediately below. Is this a Patents-Included License pursuant to Section 2.2 of the License? -YES [      ] -NO [      ] +YES [ ] +NO [ ] By default, if YES is not selected by the Initial Contributor, the answer is NO. diff --git a/src/main/resources/licenses/ASWF-Digital-Assets-1.0.txt b/src/main/resources/licenses/ASWF-Digital-Assets-1.0.txt new file mode 100644 index 0000000000..27e45b19c9 --- /dev/null +++ b/src/main/resources/licenses/ASWF-Digital-Assets-1.0.txt @@ -0,0 +1,17 @@ +ASWF Digital Assets License v1.0 + +License for (the "Asset Name"). + + Copyright . All rights reserved. + +Redistribution and use of these digital assets, with or without modification, solely for education, training, research, software and hardware development, performance benchmarking (including publication of benchmark results and permitting reproducibility of the benchmark results by third parties), or software and hardware product demonstrations, are permitted provided that the following conditions are met: + +1. Redistributions of these digital assets or any part of them must include the above copyright notice, this list of conditions and the disclaimer below. + +2. Publications showing images derived from these digital assets must include the above copyright notice. + +3. The names of copyright holder or the names of its contributors may NOT be used to promote or to imply endorsement, sponsorship, or affiliation with products developed or tested utilizing these digital assets or benchmarking results obtained from these digital assets, without prior written permission from copyright holder. + +4. The assets and their output may only be referred to as the Asset Name listed above, and your use of the Asset Name shall be solely to identify the digital assets. Other than as expressly permitted by this License, you may NOT use any trade names, trademarks, service marks, or product names of the copyright holder for any purpose. + +DISCLAIMER: THESE DIGITAL ASSETS ARE PROVIDED BY THE COPYRIGHT HOLDER "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THESE DIGITAL ASSETS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/main/resources/licenses/ASWF-Digital-Assets-1.1.txt b/src/main/resources/licenses/ASWF-Digital-Assets-1.1.txt new file mode 100644 index 0000000000..566604a100 --- /dev/null +++ b/src/main/resources/licenses/ASWF-Digital-Assets-1.1.txt @@ -0,0 +1,17 @@ +ASWF Digital Assets License v1.1 + +License for (the "Asset Name"). + + Copyright . All rights reserved. + +Redistribution and use of these digital assets, with or without modification, solely for education, training, research, software and hardware development, performance benchmarking (including publication of benchmark results and permitting reproducibility of the benchmark results by third parties), or software and hardware product demonstrations, are permitted provided that the following conditions are met: + +1. Redistributions of these digital assets or any part of them must include the above copyright notice, this list of conditions and the disclaimer below, and if applicable, a description of how the redistributed versions of the digital assets differ from the originals. + +2. Publications showing images derived from these digital assets must include the above copyright notice. + +3. The names of copyright holder or the names of its contributors may NOT be used to promote or to imply endorsement, sponsorship, or affiliation with products developed or tested utilizing these digital assets or benchmarking results obtained from these digital assets, without prior written permission from copyright holder. + +4. The assets and their output may only be referred to as the Asset Name listed above, and your use of the Asset Name shall be solely to identify the digital assets. Other than as expressly permitted by this License, you may NOT use any trade names, trademarks, service marks, or product names of the copyright holder for any purpose. + +DISCLAIMER: THESE DIGITAL ASSETS ARE PROVIDED BY THE COPYRIGHT HOLDER "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THESE DIGITAL ASSETS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/main/resources/licenses/AdaCore-doc.txt b/src/main/resources/licenses/AdaCore-doc.txt new file mode 100644 index 0000000000..0a1dab1b2c --- /dev/null +++ b/src/main/resources/licenses/AdaCore-doc.txt @@ -0,0 +1 @@ +This document may be copied, in whole or in part, in any form or by any means, as is or with alterations, provided that (1) alterations are clearly marked as alterations and (2) this copyright notice is included unmodified in any copy. diff --git a/src/main/resources/licenses/Adobe-Display-PostScript.txt b/src/main/resources/licenses/Adobe-Display-PostScript.txt new file mode 100644 index 0000000000..6df57d3c80 --- /dev/null +++ b/src/main/resources/licenses/Adobe-Display-PostScript.txt @@ -0,0 +1,30 @@ +(c)Copyright 1988,1991 Adobe Systems Incorporated. +All rights reserved. + +Permission to use, copy, modify, distribute, and sublicense this software and its +documentation for any purpose and without fee is hereby granted, provided that +the above copyright notices appear in all copies and that both those copyright +notices and this permission notice appear in supporting documentation and that +the name of Adobe Systems Incorporated not be used in advertising or publicity +pertaining to distribution of the software without specific, written prior +permission. No trademark license to use the Adobe trademarks is hereby +granted. If the Adobe trademark "Display PostScript"(tm) is used to describe +this software, its functionality or for any other purpose, such use shall be +limited to a statement that this software works in conjunction with the Display +PostScript system. Proper trademark attribution to reflect Adobe's ownership +of the trademark shall be given whenever any such reference to the Display +PostScript system is made. + +ADOBE MAKES NO REPRESENTATIONS ABOUT THE SUITABILITY OF THE SOFTWARE FOR ANY +PURPOSE. IT IS PROVIDED "AS IS" WITHOUT EXPRESS OR IMPLIED WARRANTY. ADOBE +DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED +WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON- +INFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL ADOBE BE LIABLE TO YOU +OR ANY OTHER PARTY FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY +DAMAGES WHATSOEVER WHETHER IN AN ACTION OF CONTRACT,NEGLIGENCE, STRICT +LIABILITY OR ANY OTHER ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. ADOBE WILL NOT PROVIDE ANY TRAINING OR OTHER +SUPPORT FOR THE SOFTWARE. + +Adobe, PostScript, and Display PostScript are trademarks of Adobe Systems +Incorporated which may be registered in certain jurisdictions. diff --git a/src/main/resources/licenses/Adobe-Utopia.txt b/src/main/resources/licenses/Adobe-Utopia.txt new file mode 100644 index 0000000000..4aa04503b5 --- /dev/null +++ b/src/main/resources/licenses/Adobe-Utopia.txt @@ -0,0 +1,12 @@ +Permission to use, reproduce, display and distribute the listed typefaces +is hereby granted, provided that the Adobe Copyright notice appears in all +whole and partial copies of the software and that the following trademark +symbol and attribution appear in all unmodified copies of the software: + +The Adobe typefaces (Type 1 font program, bitmaps and Adobe Font Metric +files) donated are: + + Utopia Regular + Utopia Italic + Utopia Bold + Utopia Bold Italic diff --git a/src/main/resources/licenses/Apache-1.1.txt b/src/main/resources/licenses/Apache-1.1.txt index 2f0168af9c..b2e3bf4d89 100644 --- a/src/main/resources/licenses/Apache-1.1.txt +++ b/src/main/resources/licenses/Apache-1.1.txt @@ -1,4 +1,4 @@ -Apache License 1.1 +The Apache Software License, Version 1.1 Copyright (c) 2000 The Apache Software Foundation. All rights reserved. @@ -14,8 +14,8 @@ Alternately, this acknowledgment may appear in the software itself, if and where 4. The names "Apache" and "Apache Software Foundation" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact apache@apache.org. -5. Products derived from this software may not be called "Apache" [ex. "Jakarta," "Apache," or "Apache Commons,"] nor may "Apache" [ex. the names] appear in their name, without prior written permission of the Apache Software Foundation. +5. Products derived from this software may not be called "Apache" nor may "Apache" appear in their name, without prior written permission of the Apache Software Foundation. -THIS SOFTWARE IS PROVIDED ''AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - This software consists of voluntary contributions made by many individuals on behalf of the Apache Software Foundation. For more information on the Apache Software Foundation, please see http://www.apache.org/. Portions of this software are based upon public domain software originally written at the National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign. + This software consists of voluntary contributions made by many individuals on behalf of the Apache Software Foundation. For more information on the Apache Software Foundation, please see . Portions of this software are based upon public domain software originally written at the National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign. diff --git a/src/main/resources/licenses/Asterisk-exception.txt b/src/main/resources/licenses/Asterisk-exception.txt new file mode 100644 index 0000000000..88253f12d3 --- /dev/null +++ b/src/main/resources/licenses/Asterisk-exception.txt @@ -0,0 +1,5 @@ +In addition, when this program is distributed with Asterisk in any +form that would qualify as a 'combined work' or as a 'derivative work' +(but not mere aggregation), you can redistribute and/or modify the +combination under the terms of the license provided with that copy +of Asterisk, instead of the license terms granted here. diff --git a/src/main/resources/licenses/Asterisk-linking-protocols-exception.txt b/src/main/resources/licenses/Asterisk-linking-protocols-exception.txt new file mode 100644 index 0000000000..6705829f47 --- /dev/null +++ b/src/main/resources/licenses/Asterisk-linking-protocols-exception.txt @@ -0,0 +1,13 @@ +Specific permission is also granted to link Asterisk with OpenSSL, OpenH323 +UniMRCP, and/or the UW IMAP Toolkit and distribute the resulting binary files. + +In addition, Asterisk implements several management/control protocols. +This includes the Asterisk Manager Interface (AMI), the Asterisk Gateway +Interface (AGI), and the Asterisk REST Interface (ARI). It is our belief +that applications using these protocols to manage or control an Asterisk +instance do not have to be licensed under the GPL or a compatible license, +as we believe these protocols do not create a 'derivative work' as referred +to in the GPL. However, should any court or other judiciary body find that +these protocols do fall under the terms of the GPL, then we hereby grant you a +license to use these protocols in combination with Asterisk in external +applications licensed under any license you wish. diff --git a/src/main/resources/licenses/Autoconf-exception-2.0.txt b/src/main/resources/licenses/Autoconf-exception-2.0.txt new file mode 100644 index 0000000000..00cddeba4d --- /dev/null +++ b/src/main/resources/licenses/Autoconf-exception-2.0.txt @@ -0,0 +1,5 @@ +As a special exception, the Free Software Foundation gives unlimited permission to copy, distribute and modify the configure scripts that are the output of Autoconf. You need not follow the terms of the GNU General Public License when using or distributing such scripts, even though portions of the text of Autoconf appear in them. The GNU General Public License (GPL) does govern all other use of the material that constitutes the Autoconf program. + +Certain portions of the Autoconf source text are designed to be copied (in certain cases, depending on the input) into the output of Autoconf. We call these the "data" portions. The rest of the Autoconf source text consists of comments plus executable code that decides which of the data portions to output in any given case. We call these comments and executable code the "non-data" portions. Autoconf never copies any of the non-data portions into its output. + +This special exception to the GPL applies to versions of Autoconf released by the Free Software Foundation. When you make and distribute a modified version of Autoconf, you may extend this special exception to the GPL to apply to your modified version as well, *unless* your modified version has the potential to copy into its output some of the text that was the non-data portion of the version that you started with. (In other words, unless your change moves or copies text from the non-data portions to the data portions.) If your modification has such potential, you must delete any notice of this special exception to the GPL from your modified version. diff --git a/src/main/resources/licenses/Autoconf-exception-3.0.txt b/src/main/resources/licenses/Autoconf-exception-3.0.txt new file mode 100644 index 0000000000..f212f9c7bc --- /dev/null +++ b/src/main/resources/licenses/Autoconf-exception-3.0.txt @@ -0,0 +1,26 @@ +AUTOCONF CONFIGURE SCRIPT EXCEPTION + +Version 3.0, 18 August 2009 +Copyright Š 2009 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +This Exception is an additional permission under section 7 of the GNU General Public License, version 3 ("GPLv3"). It applies to a given file that bears a notice placed by the copyright holder of the file stating that the file is governed by GPLv3 along with this Exception. + +The purpose of this Exception is to allow distribution of Autoconf's typical output under terms of the recipient's choice (including proprietary). + +0. Definitions. + +"Covered Code" is the source or object code of a version of Autoconf that is a covered work under this License. + +"Normally Copied Code" for a version of Autoconf means all parts of its Covered Code which that version can copy from its code (i.e., not from its input file) into its minimally verbose, non-debugging and non-tracing output. + +"Ineligible Code" is Covered Code that is not Normally Copied Code. + +1. Grant of Additional Permission. + +You have permission to propagate output of Autoconf, even if such propagation would otherwise violate the terms of GPLv3. However, if by modifying Autoconf you cause any Ineligible Code of the version you received to become Normally Copied Code of your modified version, then you void this Exception for the resulting covered work. If you convey that resulting covered work, you must remove this Exception in accordance with the second paragraph of Section 7 of GPLv3. + +2. No Weakening of Autoconf Copyleft. + +The availability of this Exception does not imply any general presumption that third-party software is unaffected by the copyleft requirements of the license of Autoconf. diff --git a/src/main/resources/licenses/Autoconf-exception-generic-3.0.txt b/src/main/resources/licenses/Autoconf-exception-generic-3.0.txt new file mode 100644 index 0000000000..2d3036772c --- /dev/null +++ b/src/main/resources/licenses/Autoconf-exception-generic-3.0.txt @@ -0,0 +1,6 @@ +As a special exception to the GNU General Public License, if you +distribute this file as part of a program that contains a +configuration script generated by Autoconf, you may include it under +the same distribution terms that you use for the rest of that +program. This Exception is an additional permission under section 7 +of the GNU General Public License, version 3 ("GPLv3"). diff --git a/src/main/resources/licenses/Autoconf-exception-generic.txt b/src/main/resources/licenses/Autoconf-exception-generic.txt new file mode 100644 index 0000000000..b39f827673 --- /dev/null +++ b/src/main/resources/licenses/Autoconf-exception-generic.txt @@ -0,0 +1,4 @@ +As a special exception to the GNU General Public License, +if you distribute this file as part of a program that contains +a configuration script generated by Autoconf, you may include +it under the same distribution terms that you use for the rest of that program. diff --git a/src/main/resources/licenses/Autoconf-exception-macro.txt b/src/main/resources/licenses/Autoconf-exception-macro.txt new file mode 100644 index 0000000000..8b5b4677f3 --- /dev/null +++ b/src/main/resources/licenses/Autoconf-exception-macro.txt @@ -0,0 +1,12 @@ +As a special exception, the respective Autoconf Macro's copyright owner +gives unlimited permission to copy, distribute and modify the configure +scripts that are the output of Autoconf when processing the Macro. You +need not follow the terms of the GNU General Public License when using +or distributing such scripts, even though portions of the text of the +Macro appear in them. The GNU General Public License (GPL) does govern +all other use of the material that constitutes the Autoconf Macro. + +This special exception to the GPL applies to versions of the Autoconf +Macro released by the Autoconf Archive. When you make and distribute a +modified version of the Autoconf Macro, you may extend this special +exception to the GPL to apply to your modified version as well. diff --git a/src/main/resources/licenses/BSD-2-Clause-Darwin.txt b/src/main/resources/licenses/BSD-2-Clause-Darwin.txt new file mode 100644 index 0000000000..d582399763 --- /dev/null +++ b/src/main/resources/licenses/BSD-2-Clause-Darwin.txt @@ -0,0 +1,28 @@ +Copyright (c) Ian F. Darwin 1986, 1987, 1989, 1990, 1991, 1992, 1994, 1995. +Software written by Ian F. Darwin and others; +maintained 1994- Christos Zoulas. + +This software is not subject to any export provision of the United States +Department of Commerce, and may be exported to any country or planet. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice immediately at the beginning of the file, without modification, + this list of conditions, and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. diff --git a/src/main/resources/licenses/BSD-2-Clause-FreeBSD.txt b/src/main/resources/licenses/BSD-2-Clause-FreeBSD.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/BSD-2-Clause-FreeBSD.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/BSD-2-Clause-NetBSD.txt b/src/main/resources/licenses/BSD-2-Clause-NetBSD.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/BSD-2-Clause-NetBSD.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/BSD-2-Clause-first-lines.txt b/src/main/resources/licenses/BSD-2-Clause-first-lines.txt new file mode 100644 index 0000000000..3774caf24a --- /dev/null +++ b/src/main/resources/licenses/BSD-2-Clause-first-lines.txt @@ -0,0 +1,27 @@ +Copyright (C) 2006,2007,2009 NTT (Nippon Telegraph and Telephone +Corporation). All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer as the first lines of this file unmodified. + +2. Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + +THIS SOFTWARE IS PROVIDED BY NTT "AS IS" AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/main/resources/licenses/BSD-3-Clause-HP.txt b/src/main/resources/licenses/BSD-3-Clause-HP.txt new file mode 100644 index 0000000000..e16195729a --- /dev/null +++ b/src/main/resources/licenses/BSD-3-Clause-HP.txt @@ -0,0 +1,23 @@ +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. Neither the name of the HP nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PATENT INFRINGEMENT; PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/src/main/resources/licenses/BSD-3-Clause-Sun.txt b/src/main/resources/licenses/BSD-3-Clause-Sun.txt new file mode 100644 index 0000000000..1d86449d90 --- /dev/null +++ b/src/main/resources/licenses/BSD-3-Clause-Sun.txt @@ -0,0 +1,29 @@ +Copyright (c) 2001-2013 Oracle and/or its affiliates. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +- Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +- Redistribution in binary form must reproduct the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +Neither the name of Sun Microsystems, Inc. or the names of +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +This software is provided "AS IS," without a warranty of any kind. ALL +EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, +INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN AND +ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES OR LIABILITIES +SUFFERED BY LICENSEE AS A RESULT OF OR RELATING TO USE, MODIFICATION +OR DISTRIBUTION OF THE SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL +SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, +OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR +PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF +LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE, +EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. diff --git a/src/main/resources/licenses/BSD-3-Clause-acpica.txt b/src/main/resources/licenses/BSD-3-Clause-acpica.txt new file mode 100644 index 0000000000..9fb56c585a --- /dev/null +++ b/src/main/resources/licenses/BSD-3-Clause-acpica.txt @@ -0,0 +1,26 @@ +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions, and the following disclaimer, + without modification. +2. Redistributions in binary form must reproduce at minimum a disclaimer + substantially similar to the "NO WARRANTY" disclaimer below + ("Disclaimer") and any redistribution must be conditioned upon + including a substantially similar Disclaimer requirement for further + binary redistribution. +3. Neither the names of the above-listed copyright holders nor the names + of any contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/main/resources/licenses/BSD-3-Clause-flex.txt b/src/main/resources/licenses/BSD-3-Clause-flex.txt new file mode 100644 index 0000000000..684b011026 --- /dev/null +++ b/src/main/resources/licenses/BSD-3-Clause-flex.txt @@ -0,0 +1,42 @@ +Flex carries the copyright used for BSD software, slightly modified +because it originated at the Lawrence Berkeley (not Livermore!) Laboratory, +which operates under a contract with the Department of Energy: + +Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007 The Flex Project. + +Copyright (c) 1990, 1997 The Regents of the University of California. +All rights reserved. + +This code is derived from software contributed to Berkeley by +Vern Paxson. + +The United States Government has rights in this work pursuant +to contract no. DE-AC03-76SF00098 between the United States +Department of Energy and the University of California. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +Neither the name of the University nor the names of its contributors +may be used to endorse or promote products derived from this software +without specific prior written permission. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. + +This basically says "do whatever you please with this software except +remove this notice or take advantage of the University's (or the flex +authors') name". + +Note that the "flex.skl" scanner skeleton carries no copyright notice. +You are free to do whatever you please with scanners generated using flex; +for them, you are not even bound by the above copyright. diff --git a/src/main/resources/licenses/BSD-4.3RENO.txt b/src/main/resources/licenses/BSD-4.3RENO.txt new file mode 100644 index 0000000000..c05b03cc0f --- /dev/null +++ b/src/main/resources/licenses/BSD-4.3RENO.txt @@ -0,0 +1,9 @@ +Copyright (c) 1987 Regents of the University of California. +All rights reserved. + +Redistribution and use in source and binary forms are permitted +provided that this notice is preserved and that due credit is given +to the University of California at Berkeley. The name of the University +may not be used to endorse or promote products derived from this +software without specific written prior permission. This software +is provided ``as is'' without express or implied warranty. diff --git a/src/main/resources/licenses/BSD-4.3TAHOE.txt b/src/main/resources/licenses/BSD-4.3TAHOE.txt new file mode 100644 index 0000000000..413098d93c --- /dev/null +++ b/src/main/resources/licenses/BSD-4.3TAHOE.txt @@ -0,0 +1,11 @@ +Copyright (c) 1987 Regents of the University of California. All rights reserved. + +Redistribution and use in source and binary forms are permitted provided +that the above copyright notice and this paragraph are duplicated in all +such forms and that any documentation, advertising materials, and other +materials related to such distribution and use acknowledge that the software +was developed by the University of California, Berkeley. The name of the +University may not be used to endorse or promote products derived from this +software without specific prior written permission. THIS SOFTWARE IS PROVIDED +``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT +LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/main/resources/licenses/BSD-Advertising-Acknowledgement.txt b/src/main/resources/licenses/BSD-Advertising-Acknowledgement.txt new file mode 100644 index 0000000000..cedb72e677 --- /dev/null +++ b/src/main/resources/licenses/BSD-Advertising-Acknowledgement.txt @@ -0,0 +1,37 @@ +Copyright (c) 2001 David Giffin. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright +notice, this list of conditions and the following disclaimer in +the documentation and/or other materials provided with the +distribution. + +3. All advertising materials mentioning features or use of this +software must display the following acknowledgment: +"This product includes software developed by +David Giffin ." + +4. Redistributions of any form whatsoever must retain the following +acknowledgment: +"This product includes software developed by +David Giffin ." + +THIS SOFTWARE IS PROVIDED BY DAVID GIFFIN ``AS IS'' AND ANY +EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID GIFFIN OR +ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/main/resources/licenses/BSD-Attribution-HPND-disclaimer.txt b/src/main/resources/licenses/BSD-Attribution-HPND-disclaimer.txt new file mode 100644 index 0000000000..1272e1fe26 --- /dev/null +++ b/src/main/resources/licenses/BSD-Attribution-HPND-disclaimer.txt @@ -0,0 +1,37 @@ +Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +3. The name "Carnegie Mellon University" must not be used to + endorse or promote products derived from this software without + prior written permission. For permission or any other legal + details, please contact + Office of Technology Transfer + Carnegie Mellon University + 5000 Forbes Avenue + Pittsburgh, PA 15213-3890 + (412) 268-4387, fax: (412) 268-7395 + tech-transfer@andrew.cmu.edu + +4. Redistributions of any form whatsoever must retain the following + acknowledgment: + "This product includes software developed by Computing Services + at Carnegie Mellon University (http://www.cmu.edu/computing/)." + +CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO +THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE +FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN +AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING +OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/src/main/resources/licenses/BSD-Inferno-Nettverk.txt b/src/main/resources/licenses/BSD-Inferno-Nettverk.txt new file mode 100644 index 0000000000..d10fe158a1 --- /dev/null +++ b/src/main/resources/licenses/BSD-Inferno-Nettverk.txt @@ -0,0 +1,41 @@ + Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 + 2017, 2018, 2019, 2020 + Inferno Nettverk A/S, Norway. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. The above copyright notice, this list of conditions and the following + disclaimer must appear in all copies of the software, derivative works + or modified versions, and any portions thereof, aswell as in all + supporting documentation. + 2. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by + Inferno Nettverk A/S, Norway. + 3. The name of the author may not be used to endorse or promote products + derived from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + Inferno Nettverk A/S requests users of this software to return to + + Software Distribution Coordinator or sdc@inet.no + Inferno Nettverk A/S + Oslo Research Park + GaustadallÊen 21 + NO-0349 Oslo + Norway + + any improvements or extensions that they make and grant Inferno Nettverk A/S + the rights to redistribute these changes. diff --git a/src/main/resources/licenses/BSD-Source-beginning-file.txt b/src/main/resources/licenses/BSD-Source-beginning-file.txt new file mode 100644 index 0000000000..6265f97608 --- /dev/null +++ b/src/main/resources/licenses/BSD-Source-beginning-file.txt @@ -0,0 +1,23 @@ +Copyright (c) 1997 Justin T. Gibbs. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions, and the following disclaimer, + without modification, immediately at the beginning of the file. +2. The name of the author may not be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. diff --git a/src/main/resources/licenses/BSD-Systemics-W3Works.txt b/src/main/resources/licenses/BSD-Systemics-W3Works.txt new file mode 100644 index 0000000000..73428e86ca --- /dev/null +++ b/src/main/resources/licenses/BSD-Systemics-W3Works.txt @@ -0,0 +1,62 @@ +Copyright (C) 1995, 1996 Systemics Ltd (http://www.systemics.com/) + +Modifications and Current Implimentation Copyright (C) 2000 W3Works, LLC. + +All rights reserved. + +Current implimentation contains modifications made by W3Works, LLC. The +modifications remain copyright of W3Works, LLC and attribution for these +modification should be made to W3Works, LLC. These modifications and +this copyright must remain with this package. + +Additions to the Restrictions set out below are: +1. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product inculdes software developed by W3Works, LLC (http://www.w3works.com) + + NO ADDITIONAL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, + THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE EXTENDED BY THIS DISTRIBUTION. + + Any subsequent derrivations of this package must retainl this copyright. + + +Original Copyright Below + +This library and applications are FREE FOR COMMERCIAL AND NON-COMMERCIAL USE +as long as the following conditions are adhered to. + +Copyright remains with Systemics Ltd, and as such any Copyright notices +in the code are not to be removed. If this code is used in a product, +Systemics should be given attribution as the author of the parts used. +This can be in the form of a textual message at program startup or +in documentation (online or textual) provided with the package. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by Systemics Ltd (http://www.systemics.com/) + + THIS SOFTWARE IS PROVIDED BY SYSTEMICS LTD ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + + The licence and distribution terms for any publically available version or + derivative of this code cannot be changed. i.e. this code cannot simply be + copied and put under another distribution licence + [including the GNU Public Licence.] diff --git a/src/main/resources/licenses/BSD-Systemics.txt b/src/main/resources/licenses/BSD-Systemics.txt new file mode 100644 index 0000000000..6ca8a26c33 --- /dev/null +++ b/src/main/resources/licenses/BSD-Systemics.txt @@ -0,0 +1,39 @@ +Copyright (C) 1995, 1996 Systemics Ltd (http://www.systemics.com/) +All rights reserved. + +This library and applications are FREE FOR COMMERCIAL AND NON-COMMERCIAL USE +as long as the following conditions are adhered to. + +Copyright remains with Systemics Ltd, and as such any Copyright notices +in the code are not to be removed. If this code is used in a product, +Systemics should be given attribution as the author of the parts used. +This can be in the form of a textual message at program startup or +in documentation (online or textual) provided with the package. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by Systemics Ltd (http://www.systemics.com/) + +THIS SOFTWARE IS PROVIDED BY SYSTEMICS LTD ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +The licence and distribution terms for any publically available version or +derivative of this code cannot be changed. i.e. this code cannot simply be +copied and put under another distribution licence [including the GNU Public Licence.] diff --git a/src/main/resources/licenses/Bison-exception-1.24.txt b/src/main/resources/licenses/Bison-exception-1.24.txt new file mode 100644 index 0000000000..7f3c3009ee --- /dev/null +++ b/src/main/resources/licenses/Bison-exception-1.24.txt @@ -0,0 +1,4 @@ +As a special exception, when this file is copied by Bison into a +Bison output file, you may use that output file without restriction. +This special exception was added by the Free Software Foundation +in version 1.24 of Bison. diff --git a/src/main/resources/licenses/Bison-exception-2.2.txt b/src/main/resources/licenses/Bison-exception-2.2.txt new file mode 100644 index 0000000000..91140decee --- /dev/null +++ b/src/main/resources/licenses/Bison-exception-2.2.txt @@ -0,0 +1,5 @@ +Bison Exception + +As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. + +This special exception was added by the Free Software Foundation in version 2.2 of Bison. diff --git a/src/main/resources/licenses/Bitstream-Charter.txt b/src/main/resources/licenses/Bitstream-Charter.txt new file mode 100644 index 0000000000..7a0cf97a0c --- /dev/null +++ b/src/main/resources/licenses/Bitstream-Charter.txt @@ -0,0 +1,9 @@ +(c) Copyright 1989-1992, Bitstream Inc., Cambridge, MA. + +You are hereby granted permission under all Bitstream propriety rights +to use, copy, modify, sublicense, sell, and redistribute the 4 Bitstream +Charter (r) Type 1 outline fonts and the 4 Courier Type 1 outline fonts for +any purpose and without restriction; provided, that this notice is left +intact on all copies of such fonts and that Bitstream's trademark is acknowledged +as shown below on all unmodified copies of the 4 Charter Type 1 fonts. +BITSTREAM CHARTER is a registered trademark of Bitstream Inc. diff --git a/src/main/resources/licenses/Boehm-GC-without-fee.txt b/src/main/resources/licenses/Boehm-GC-without-fee.txt new file mode 100644 index 0000000000..354d47017e --- /dev/null +++ b/src/main/resources/licenses/Boehm-GC-without-fee.txt @@ -0,0 +1,14 @@ +Copyright (c) 2000 +SWsoft company + +Modifications copyright (c) 2001, 2013. Oracle and/or its affiliates. +All rights reserved. + +This material is provided "as is", with absolutely no warranty expressed +or implied. Any use is at your own risk. + +Permission to use or copy this software for any purpose is hereby granted +without fee, provided the above notices are retained on all copies. +Permission to modify the code and to distribute modified code is granted, +provided the above notices are retained, and a notice that the code was +modified is included with the above copyright notice. diff --git a/src/main/resources/licenses/Boehm-GC.txt b/src/main/resources/licenses/Boehm-GC.txt new file mode 100644 index 0000000000..95427c0b59 --- /dev/null +++ b/src/main/resources/licenses/Boehm-GC.txt @@ -0,0 +1,12 @@ +Copyright (c) ... + +THIS MATERIAL IS PROVIDED AS IS, WITH ABSOLUTELY NO WARRANTY EXPRESSED +OR IMPLIED. ANY USE IS AT YOUR OWN RISK. + +Permission is hereby granted to use or copy this program +for any purpose, provided the above notices are retained on all copies. +Permission to modify the code and to distribute modified code is granted, +provided the above notices are retained, and a notice that the code was +modified is included with the above copyright notice. + +A few files have other copyright holders. diff --git a/src/main/resources/licenses/Bootloader-exception.txt b/src/main/resources/licenses/Bootloader-exception.txt new file mode 100644 index 0000000000..c557826705 --- /dev/null +++ b/src/main/resources/licenses/Bootloader-exception.txt @@ -0,0 +1,10 @@ +Bootloader Exception +-------------------- + +In addition to the permissions in the GNU General Public License, the +authors give you unlimited permission to link or embed compiled bootloader +and related files into combinations with other programs, and to distribute +those combinations without any restriction coming from the use of those +files. (The General Public License restrictions do apply in other respects; +for example, they cover modification of the files, and distribution when +not linked into a combine executable.) diff --git a/src/main/resources/licenses/Brian-Gladman-2-Clause.txt b/src/main/resources/licenses/Brian-Gladman-2-Clause.txt new file mode 100644 index 0000000000..7276f63e9e --- /dev/null +++ b/src/main/resources/licenses/Brian-Gladman-2-Clause.txt @@ -0,0 +1,17 @@ +Copyright (C) 1998-2013, Brian Gladman, Worcester, UK. All + rights reserved. + +The redistribution and use of this software (with or without +changes) is allowed without the payment of fees or royalties +provided that: + + source code distributions include the above copyright notice, + this list of conditions and the following disclaimer; + + binary distributions include the above copyright notice, this + list of conditions and the following disclaimer in their + documentation. + +This software is provided 'as is' with no explicit or implied +warranties in respect of its operation, including, but not limited +to, correctness and fitness for purpose. diff --git a/src/main/resources/licenses/Brian-Gladman-3-Clause.txt b/src/main/resources/licenses/Brian-Gladman-3-Clause.txt new file mode 100644 index 0000000000..984c95e3e8 --- /dev/null +++ b/src/main/resources/licenses/Brian-Gladman-3-Clause.txt @@ -0,0 +1,26 @@ +Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved. + +LICENSE TERMS + +The free distribution and use of this software in both source and binary +form is allowed (with or without changes) provided that: + + 1. distributions of this source code include the above copyright + notice, this list of conditions and the following disclaimer; + + 2. distributions in binary form include the above copyright + notice, this list of conditions and the following disclaimer + in the documentation and/or other associated materials; + + 3. the copyright holder's name is not used to endorse products + built using this software without specific written permission. + +ALTERNATIVELY, provided that this notice is retained in full, this product +may be distributed under the terms of the GNU General Public License (GPL), +in which case the provisions of the GPL apply INSTEAD OF those given above. + +DISCLAIMER + +This software is provided 'as is' with no explicit or implied warranties +in respect of its properties, including, but not limited to, correctness +and/or fitness for purpose. diff --git a/src/main/resources/licenses/CC-BY-3.0-AU.txt b/src/main/resources/licenses/CC-BY-3.0-AU.txt new file mode 100644 index 0000000000..c6cd440054 --- /dev/null +++ b/src/main/resources/licenses/CC-BY-3.0-AU.txt @@ -0,0 +1,136 @@ +Creative Commons Attribution 3.0 Australia + +CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENCE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. +Licence + +THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENCE ("LICENCE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORISED UNDER THIS LICENCE OR COPYRIGHT LAW IS PROHIBITED. + +BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENCE. THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS. + +1. Definitions + + a. "Collection" means the Work in its entirety in unmodified form along with one or more other separate and independent works, assembled into a collective whole. A Collection may, for example, include a periodical, encyclopedia or anthology. A Collection will not be considered a Derivative Work for the purposes of this Licence. + b. "Derivative Work" means material in any form that is created by editing, modifying or adapting the Work, a substantial part of the Work, or the Work and other pre-existing works. Derivative Works may, for example, include a translation, adaptation, musical arrangement, dramatisation, motion picture version, sound recording, art reproduction, abridgment, condensation, or any other form in which the Work may be transformed or adapted, except that a Collection will not be considered a Derivative Work for the purpose of this Licence. For the avoidance of doubt, where the Work is a musical composition or sound recording, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered a Derivative Work for the purpose of this Licence. + c. "Distribute" means to make available to the public by any means, including publication, electronic communication, or broadcast. + d. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this Licence. + e. "Original Author" means the individual, individuals, entity or entities who created the Work. + f. "Reproduce" means to make a copy of the Work in any material form (eg storage in digital form). + g. "Work" means the material (including any work or other subject matter) protected by copyright which is offered under the terms of this Licence. This may include (without limitation) a literary, dramatic, musical or artistic work; a sound recording or cinematograph film; a published edition of a literary, dramatic, musical or artistic work; or a television or sound broadcast. + h. "You" means an individual or entity exercising rights under this Licence who has not previously violated the terms of this Licence with respect to the Work, or who has received express permission from the Licensor to exercise rights under this Licence despite a previous violation. + +2. Fair Dealing and Other Rights + +Nothing in this Licence is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions under copyright law or any other applicable laws. + +3. Licence Grant + +3A Grant of Rights + +Provided that the terms set out in this Licence are satisfied, the Licensor grants to You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) licence to exercise the following rights: + a. Reproduce the Work; + b. incorporate the Work into one or more Collections; + c. Reproduce the Work as incorporated in any Collection; + d. create and Reproduce one or more Derivative Works; and + e. Distribute and publicly perform the Work, a Derivative Work or the Work as incorporated in any Collection. + +3B Media and Formats + +The above rights may be exercised in any media or format whether now known or hereafter created. They include the right to make modifications that are technically necessary to exercise the rights in other media and formats. + +3C Other Rights Reserved + +All rights not expressly granted by the Licensor are reserved. The Licensor waives the right to collect royalties for any exercise by You of the rights granted under this Licence. + +4. Restrictions + +The licence granted above is limited by the following restrictions. + +4A Restrictions on Distribution and Public Performance of the Work + + a. You may Distribute and publicly perform the Work only under the terms of this Licence. + b. You must include a copy of, or the Uniform Resource Identifier (such as a web link) for, this Licence with every copy of the Work You Distribute or publicly perform. + c. You must not offer or impose any terms on the Work that restrict this Licence or the ability of a recipient of the Work from You to exercise the rights granted to them by this Licence. + d. You are not granted the right to sublicense the Work. The rights of recipients of the Work from You are governed by clause 9. + e. You must keep intact all notices that refer to this Licence and to the disclaimer of warranties with every copy of the Work You Distribute or publicly perform. + f. When You Distribute or publicly perform the Work, You must not impose any technological measures on it that restrict the ability of a recipient of the Work from You to exercise the rights granted to them by this Licence. + g. For the avoidance of doubt, while this clause 4A applies to the Work as incorporated into a Collection, it does not require other material within the Collection, or the Collection apart from the Work itself, to be made subject to this Licence. + +4B Attribution and Notice Requirements + + a. When You Distribute or publicly perform the Work or any Derivative Work or Collection You must keep intact all copyright notices for the Work. + b. When You Distribute or publicly perform the Work or any Derivative Work or Collection You must provide, in a manner reasonable to the medium or means You are using: + i. the name or pseudonym (if provided) of the Original Author and/or of any other party (such as a sponsor institute, publishing entity or journal) that the Original Author or Licensor has requested be attributed (such as in the copyright notice or terms of use). In this clause 4B these parties are referred to as "Attribution Parties"; + ii. the title of the Work (if provided); and + iii. to the extent reasonably practicable, any Uniform Resource Identifier (such as a web link) that the Licensor specifies should be associated with the Work that refers to the copyright notice or licensing information for the Work. + c. For any Derivative Work You Distribute or publicly perform, You must take reasonable steps to clearly identify that changes were made to the Work. For example, a translation could be marked "The original work was translated from English to Spanish". + d. In the case of a Derivative Work or Collection, the above attribution should, at a minimum, appear as part of any credits for other contributing authors and be as prominent as the credits for those other authors. + e. You must, to the extent practicable, remove the above attribution from any Collection or Derivative Work if requested to do so by the Licensor or Original Author. + f. For the avoidance of doubt, You may only use the credit required by this clause 4B for the purpose of attribution in the manner set out above. By exercising Your rights under this Licence, You must not assert or imply: + i. any connection between the Original Author, Licensor or any other Attribution Party and You or Your use of the Work; or + ii. sponsorship or endorsement by the Original Author, Licensor or any other Attribution Party of You or Your use of the Work, + without their separate, express prior written permission. + +4C Moral Rights + +Moral rights remain unaffected to the extent they are recognised and nonwaivable at law. In this clause 4C, "moral rights" means the personal rights granted by law to the Original Author of a copyright work. For example, Part IX of the Copyright Act 1968 (Cth) grants authors the right of integrity of authorship, the right of attribution of authorship, and the right not to have authorship falsely attributed. + +5. Representations, Warranties and Disclaimer + +Except as expressly stated in this Licence or otherwise agreed to by the parties in writing, and to the full extent permitted by applicable law, the Licensor offers the Work "as-is" and makes no representations, warranties or conditions of any kind concerning the Work, express, implied, statutory or otherwise. This includes, without limitation, any representations, warranties or conditions regarding: + a. the contents or accuracy of the Work; + i. title, merchantability, or fitness for a particular purpose; + ii. non-infringement; + iii. the absence of latent or other defects; or + iv. the presence or absence of errors, whether or not discoverable. + b. The Trade Practices Act 1974 (Cth), and the corresponding State and Territory fair trading legislation, imply certain warranties and conditions in certain circumstances, such as the right to supply or fitness for purpose of goods or services supplied to a consumer. Clause 5(a) cannot and is not intended to exclude, restrict or modify these warranties. + +6. Limit of Liability + + a. To the full extent permitted by applicable law, and except for any liability arising from contrary agreement, in no event will the Licensor be liable to You on any legal basis (including without limitation, negligence) for any loss or damage whatsoever, including (without limitation): + i. loss of production or operation time, loss, damage or corruption of data or records; or + ii. loss of anticipated savings, opportunity, revenue, profit or goodwill, or other economic loss; or + iii. any special, incidental, consequential, punitive or exemplary damages arising out of or in connection with this Licence or the use of the Work, even if the Licensor has been advised of the possibility of such damages. + b. If applicable legislation implies warranties or conditions, or imposes obligations or liability on the Licensor in respect of this Licence that cannot be wholly or partly excluded, restricted or modified, the Licensor’s liability is limited, to the full extent permitted by the applicable legislation, at its option, to: + i. in the case of goods, any one or more of the following: + * the replacement of the goods or the supply of equivalent goods; + * the repair of the goods; + * the payment of the cost of replacing the goods or of acquiring equivalent goods; + * the payment of the cost of having the goods repaired; or + ii. in the case of services: + * the supplying of the services again; or + * the payment of the cost of having the services supplied again. + c. The Trade Practices Act 1974 (Cth), and the corresponding State and Territory fair trading legislation, restrict the limitation of liability in certain circumstances, such as a contract for the supply of goods or services of a kind ordinarily acquired for personal, domestic, or household use. Clauses 6(a) and 6(b) cannot and are not intended to apply in circumstances where it is prohibited by law. + +7. Termination + +This Licence and the rights granted to You under this Licence shall terminate automatically upon any breach by You of the terms of the Licence. Individuals or entities who have received a Derivative Work or a Collection from You pursuant to this Licence, however, will not have their licences terminated provided they remain in full compliance with those licences. Clauses 1, 2, 5, 6, 7, 8, 9, 10, 11, 12 and 13 shall survive any termination of this Licence. + +8. Licensor’s Rights Retained + +Subject to the above terms, the Licence granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding this, the Licensor reserves the right to release the Work under different licence terms or to stop distributing the Work at any time. However, any such release will not serve to withdraw this Licence (or any other licence that has been granted under the terms of this Licence), and this Licence will continue in full force and effect unless terminated as stated above. + +9. Licence Grant to Recipients of the Work from You + +Each time You Distribute or publicly perform the Work, a Derivative Work or a Collection the Licensor offers the recipient a licence to the Work on the same terms as are granted to You under this Licence. + +10. Severability + +If any provision of this Licence is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this Licence. Without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. + +11. Waivers and Consents + +No term of this Licence shall be deemed waived and no breach consented to unless such waiver or consent is in writing and signed by the relevant party. + +12. Entire Agreement + +This Licence constitutes the entire agreement between the parties. To the full extent permitted by law, there are no understandings, agreements or representations with respect to the Work not specified here. The Licensor shall not be bound by any additional provisions that may appear in any communication from You. This Licence may not be modified without the written agreement of the Licensor and You. + +13. Governing Law + +The construction, validity and performance of this Licence shall be governed by the laws in force in the Australian Capital Territory, Australia. + +Creative Commons Notice + +Creative Commons is not a party to this Licence, and, to the full extent permitted by applicable law, makes no representation or warranty whatsoever in connection with the Work. To the full extent permitted by applicable law, Creative Commons will not be liable to You or any party on any legal theory (including, without limitation, negligence) for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this licence. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of Licensor. Except for the limited purpose of indicating to the public that the Work is licensed under the Licence, neither party will use the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons’ then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. + +Creative Commons may be contacted at https://creativecommons.org/ . diff --git a/src/main/resources/licenses/CC-BY-3.0-IGO.txt b/src/main/resources/licenses/CC-BY-3.0-IGO.txt new file mode 100644 index 0000000000..13ab9536e1 --- /dev/null +++ b/src/main/resources/licenses/CC-BY-3.0-IGO.txt @@ -0,0 +1,101 @@ +Creative Commons Attribution 3.0 IGO + +CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. THE LICENSOR IS NOT NECESSARILY AN INTERGOVERNMENTAL ORGANIZATION (IGO), AS DEFINED IN THE LICENSE BELOW. + +License + +THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("LICENSE"). THE LICENSOR (DEFINED BELOW) HOLDS COPYRIGHT AND OTHER RIGHTS IN THE WORK. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE IS PROHIBITED. + +BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION FOR YOUR ACCEPTANCE AND AGREEMENT TO THE TERMS OF THE LICENSE. + +1. Definitions + + a. "IGO" means, solely and exclusively for purposes of this License, an organization established by a treaty or other instrument governed by international law and possessing its own international legal personality. Other organizations established to carry out activities across national borders and that accordingly enjoy immunity from legal process are also IGOs for the sole and exclusive purposes of this License. IGOs may include as members, in addition to states, other entities. + + b. "Work" means the literary and/or artistic work eligible for copyright protection, whatever may be the mode or form of its expression including digital form, and offered under the terms of this License. It is understood that a database, which by reason of the selection and arrangement of its contents constitutes an intellectual creation, is considered a Work. + + c. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License and may be, but is not necessarily, an IGO. + + d. "You" means an individual or entity exercising rights under this License. + + e. "Reproduce" means to make a copy of the Work in any manner or form, and by any means. + + f. "Distribute" means the activity of making publicly available the Work or Adaptation (or copies of the Work or Adaptation), as applicable, by sale, rental, public lending or any other known form of transfer of ownership or possession of the Work or copy of the Work. + + g. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images. + + h. "Adaptation" means a work derived from or based upon the Work, or upon the Work and other pre-existing works. Adaptations may include works such as translations, derivative works, or any alterations and arrangements of any kind involving the Work. For purposes of this License, where the Work is a musical work, performance, or phonogram, the synchronization of the Work in timed-relation with a moving image is an Adaptation. For the avoidance of doubt, including the Work in a Collection is not an Adaptation. + + i. "Collection" means a collection of literary or artistic works or other works or subject matter other than works listed in Section 1(b) which by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. For the avoidance of doubt, a Collection will not be considered as an Adaptation. + +2. Scope of this License. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright protection. + +3. License Grant. Subject to the terms and conditions of this License, the Licensor hereby grants You a worldwide, royalty-free, non-exclusive license to exercise the rights in the Work as follows: + + a. to Reproduce, Distribute and Publicly Perform the Work, to incorporate the Work into one or more Collections, and to Reproduce, Distribute and Publicly Perform the Work as incorporated in the Collections; and, + + b. to create, Reproduce, Distribute and Publicly Perform Adaptations, provided that You clearly label, demarcate or otherwise identify that changes were made to the original Work. + + c. For the avoidance of doubt: + + i. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; + + ii. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor waives the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; and, + + iii. Voluntary License Schemes. To the extent possible, the Licensor waives the right to collect royalties from You for the exercise of the Licensed Rights, whether directly or through a collecting society under any voluntary licensing scheme. + +This License lasts for the duration of the term of the copyright in the Work licensed by the Licensor. The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. All rights not expressly granted by the Licensor are hereby reserved. + +4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions: + + a. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work (see section 8(a)). You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from a Licensor You must, to the extent practicable, remove from the Collection any credit (inclusive of any logo, trademark, official mark or official emblem) as required by Section 4(b), as requested. If You create an Adaptation, upon notice from a Licensor You must, to the extent practicable, remove from the Adaptation any credit (inclusive of any logo, trademark, official mark or official emblem) as required by Section 4(b), as requested. + + b. If You Distribute, or Publicly Perform the Work or any Adaptations or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) any attributions that the Licensor indicates be associated with the Work as indicated in a copyright notice, (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that the Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work; and, (iv) consistent with Section 3(b), in the case of an Adaptation, a credit identifying the use of the Work in the Adaptation. The credit required by this Section 4(b) may be implemented in any reasonable manner; provided, however, that in the case of an Adaptation or Collection, at a minimum such credit will appear, if a credit for all contributors to the Adaptation or Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Licensor or others designated for attribution, of You or Your use of the Work, without the separate, express prior written permission of the Licensor or such others. + + c. Except as otherwise agreed in writing by the Licensor, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the honor or reputation of the Licensor where moral rights apply. + +5. Representations, Warranties and Disclaimer + +THE LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. + +6. Limitation on Liability + +IN NO EVENT WILL THE LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF THE LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +7. Termination + + a. Subject to the terms and conditions set forth in this License, the license granted here lasts for the duration of the term of the copyright in the Work licensed by the Licensor as stated in Section 3. Notwithstanding the above, the Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated below. + + b. If You fail to comply with this License, then this License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Adaptations or Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License. Notwithstanding the foregoing, this License reinstates automatically as of the date the violation is cured, provided it is cured within 30 days of You discovering the violation, or upon express reinstatement by the Licensor. For the avoidance of doubt, this Section 7(b) does not affect any rights the Licensor may have to seek remedies for violations of this License by You. + +8. Miscellaneous + + a. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License. + + b. Each time You Distribute or Publicly Perform an Adaptation, the Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License. + + c. If any provision of this License is invalid or unenforceable, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. + + d. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the Licensor. + + e. This License constitutes the entire agreement between You and the Licensor with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. The Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You. + + f. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). Interpretation of the scope of the rights granted by the Licensor and the conditions imposed on You under this License, this License, and the rights and conditions set forth herein shall be made with reference to copyright as determined in accordance with general principles of international law, including the above mentioned conventions. + + g. Nothing in this License constitutes or may be interpreted as a limitation upon or waiver of any privileges and immunities that may apply to the Licensor or You, including immunity from the legal processes of any jurisdiction, national court or other authority. + + h. Where the Licensor is an IGO, any and all disputes arising under this License that cannot be settled amicably shall be resolved in accordance with the following procedure: + + i. Pursuant to a notice of mediation communicated by reasonable means by either You or the Licensor to the other, the dispute shall be submitted to non-binding mediation conducted in accordance with rules designated by the Licensor in the copyright notice published with the Work, or if none then in accordance with those communicated in the notice of mediation. The language used in the mediation proceedings shall be English unless otherwise agreed. + + ii. If any such dispute has not been settled within 45 days following the date on which the notice of mediation is provided, either You or the Licensor may, pursuant to a notice of arbitration communicated by reasonable means to the other, elect to have the dispute referred to and finally determined by arbitration. The arbitration shall be conducted in accordance with the rules designated by the Licensor in the copyright notice published with the Work, or if none then in accordance with the UNCITRAL Arbitration Rules as then in force. The arbitral tribunal shall consist of a sole arbitrator and the language of the proceedings shall be English unless otherwise agreed. The place of arbitration shall be where the Licensor has its headquarters. The arbitral proceedings shall be conducted remotely (e.g., via telephone conference or written submissions) whenever practicable. + + iii. Interpretation of this License in any dispute submitted to mediation or arbitration shall be as set forth in Section 8(f), above. + +Creative Commons Notice + +Creative Commons is not a party to this License, and makes no warranty whatsoever in connection with the Work. Creative Commons will not be liable to You or any party on any legal theory for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this license. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of the Licensor. + +Except for the limited purpose of indicating to the public that the Work is licensed under the CCPL, Creative Commons does not authorize the use by either party of the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons' then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. For the avoidance of doubt, this trademark restriction does not form part of this License. + +Creative Commons may be contacted at https://creativecommons.org/. diff --git a/src/main/resources/licenses/CC-BY-3.0.txt b/src/main/resources/licenses/CC-BY-3.0.txt index 465aae75c5..1a16e05564 100644 --- a/src/main/resources/licenses/CC-BY-3.0.txt +++ b/src/main/resources/licenses/CC-BY-3.0.txt @@ -1,93 +1,319 @@ -Creative Commons Attribution 3.0 Unported +Creative Commons Legal Code - CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. +Attribution 3.0 Unported + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR + DAMAGES RESULTING FROM ITS USE. License -THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. +THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE +COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY +COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS +AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. -BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS. +BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE +TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY +BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS +CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND +CONDITIONS. 1. Definitions - a. "Adaptation" means a work based upon the Work, or upon the Work and other pre-existing works, such as a translation, adaptation, derivative work, arrangement of music or other alterations of a literary or artistic work, or phonogram or performance and includes cinematographic adaptations or any other form in which the Work may be recast, transformed, or adapted including in any form recognizably derived from the original, except that a work that constitutes a Collection will not be considered an Adaptation for the purpose of this License. For the avoidance of doubt, where the Work is a musical work, performance or phonogram, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered an Adaptation for the purpose of this License. - - b. "Collection" means a collection of literary or artistic works, such as encyclopedias and anthologies, or performances, phonograms or broadcasts, or other works or subject matter other than works listed in Section 1(f) below, which, by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. A work that constitutes a Collection will not be considered an Adaptation (as defined above) for the purposes of this License. - - c. "Distribute" means to make available to the public the original and copies of the Work or Adaptation, as appropriate, through sale or other transfer of ownership. - - d. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License. - - e. "Original Author" means, in the case of a literary or artistic work, the individual, individuals, entity or entities who created the Work or if no individual or entity can be identified, the publisher; and in addition (i) in the case of a performance the actors, singers, musicians, dancers, and other persons who act, sing, deliver, declaim, play in, interpret or otherwise perform literary or artistic works or expressions of folklore; (ii) in the case of a phonogram the producer being the person or legal entity who first fixes the sounds of a performance or other sounds; and, (iii) in the case of broadcasts, the organization that transmits the broadcast. - - f. "Work" means the literary and/or artistic work offered under the terms of this License including without limitation any production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression including digital form, such as a book, pamphlet and other writing; a lecture, address, sermon or other work of the same nature; a dramatic or dramatico-musical work; a choreographic work or entertainment in dumb show; a musical composition with or without words; a cinematographic work to which are assimilated works expressed by a process analogous to cinematography; a work of drawing, painting, architecture, sculpture, engraving or lithography; a photographic work to which are assimilated works expressed by a process analogous to photography; a work of applied art; an illustration, map, plan, sketch or three-dimensional work relative to geography, topography, architecture or science; a performance; a broadcast; a phonogram; a compilation of data to the extent it is protected as a copyrightable work; or a work performed by a variety or circus performer to the extent it is not otherwise considered a literary or artistic work. - - g. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation. - - h. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images. - - i. "Reproduce" means to make copies of the Work by any means including without limitation by sound or visual recordings and the right of fixation and reproducing fixations of the Work, including storage of a protected performance or phonogram in digital form or other electronic medium. - -2. Fair Dealing Rights. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws. - -3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below: - - a. to Reproduce the Work, to incorporate the Work into one or more Collections, and to Reproduce the Work as incorporated in the Collections; - - b. to create and Reproduce Adaptations provided that any such Adaptation, including any translation in any medium, takes reasonable steps to clearly label, demarcate or otherwise identify that changes were made to the original Work. For example, a translation could be marked "The original work was translated from English to Spanish," or a modification could indicate "The original work has been modified."; - - c. to Distribute and Publicly Perform the Work including as incorporated in Collections; and, - - d. to Distribute and Publicly Perform Adaptations. - - e. For the avoidance of doubt: - - i. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; - - ii. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor waives the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; and, - - iii. Voluntary License Schemes. The Licensor waives the right to collect royalties, whether individually or, in the event that the Licensor is a member of a collecting society that administers voluntary licensing schemes, via that society, from any exercise by You of the rights granted under this License. - -The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. Subject to Section 8(f), all rights not expressly granted by Licensor are hereby reserved. - -4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions: - - a. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from any Licensor You must, to the extent practicable, remove from the Collection any credit as required by Section 4(b), as requested. If You create an Adaptation, upon notice from any Licensor You must, to the extent practicable, remove from the Adaptation any credit as required by Section 4(b), as requested. - - b. If You Distribute, or Publicly Perform the Work or any Adaptations or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or if the Original Author and/or Licensor designate another party or parties (e.g., a sponsor institute, publishing entity, journal) for attribution ("Attribution Parties") in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work; and (iv) , consistent with Section 3(b), in the case of an Adaptation, a credit identifying the use of the Work in the Adaptation (e.g., "French translation of the Work by Original Author," or "Screenplay based on original Work by Original Author"). The credit required by this Section 4 (b) may be implemented in any reasonable manner; provided, however, that in the case of a Adaptation or Collection, at a minimum such credit will appear, if a credit for all contributing authors of the Adaptation or Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties. - - c. Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable law, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author's honor or reputation. Licensor agrees that in those jurisdictions (e.g. Japan), in which any exercise of the right granted in Section 3(b) of this License (the right to make Adaptations) would be deemed to be a distortion, mutilation, modification or other derogatory action prejudicial to the Original Author's honor and reputation, the Licensor will waive or not assert, as appropriate, this Section, to the fullest extent permitted by the applicable national law, to enable You to reasonably exercise Your right under Section 3(b) of this License (right to make Adaptations) but not otherwise. + a. "Adaptation" means a work based upon the Work, or upon the Work and + other pre-existing works, such as a translation, adaptation, + derivative work, arrangement of music or other alterations of a + literary or artistic work, or phonogram or performance and includes + cinematographic adaptations or any other form in which the Work may be + recast, transformed, or adapted including in any form recognizably + derived from the original, except that a work that constitutes a + Collection will not be considered an Adaptation for the purpose of + this License. For the avoidance of doubt, where the Work is a musical + work, performance or phonogram, the synchronization of the Work in + timed-relation with a moving image ("synching") will be considered an + Adaptation for the purpose of this License. + b. "Collection" means a collection of literary or artistic works, such as + encyclopedias and anthologies, or performances, phonograms or + broadcasts, or other works or subject matter other than works listed + in Section 1(f) below, which, by reason of the selection and + arrangement of their contents, constitute intellectual creations, in + which the Work is included in its entirety in unmodified form along + with one or more other contributions, each constituting separate and + independent works in themselves, which together are assembled into a + collective whole. A work that constitutes a Collection will not be + considered an Adaptation (as defined above) for the purposes of this + License. + c. "Distribute" means to make available to the public the original and + copies of the Work or Adaptation, as appropriate, through sale or + other transfer of ownership. + d. "Licensor" means the individual, individuals, entity or entities that + offer(s) the Work under the terms of this License. + e. "Original Author" means, in the case of a literary or artistic work, + the individual, individuals, entity or entities who created the Work + or if no individual or entity can be identified, the publisher; and in + addition (i) in the case of a performance the actors, singers, + musicians, dancers, and other persons who act, sing, deliver, declaim, + play in, interpret or otherwise perform literary or artistic works or + expressions of folklore; (ii) in the case of a phonogram the producer + being the person or legal entity who first fixes the sounds of a + performance or other sounds; and, (iii) in the case of broadcasts, the + organization that transmits the broadcast. + f. "Work" means the literary and/or artistic work offered under the terms + of this License including without limitation any production in the + literary, scientific and artistic domain, whatever may be the mode or + form of its expression including digital form, such as a book, + pamphlet and other writing; a lecture, address, sermon or other work + of the same nature; a dramatic or dramatico-musical work; a + choreographic work or entertainment in dumb show; a musical + composition with or without words; a cinematographic work to which are + assimilated works expressed by a process analogous to cinematography; + a work of drawing, painting, architecture, sculpture, engraving or + lithography; a photographic work to which are assimilated works + expressed by a process analogous to photography; a work of applied + art; an illustration, map, plan, sketch or three-dimensional work + relative to geography, topography, architecture or science; a + performance; a broadcast; a phonogram; a compilation of data to the + extent it is protected as a copyrightable work; or a work performed by + a variety or circus performer to the extent it is not otherwise + considered a literary or artistic work. + g. "You" means an individual or entity exercising rights under this + License who has not previously violated the terms of this License with + respect to the Work, or who has received express permission from the + Licensor to exercise rights under this License despite a previous + violation. + h. "Publicly Perform" means to perform public recitations of the Work and + to communicate to the public those public recitations, by any means or + process, including by wire or wireless means or public digital + performances; to make available to the public Works in such a way that + members of the public may access these Works from a place and at a + place individually chosen by them; to perform the Work to the public + by any means or process and the communication to the public of the + performances of the Work, including by public digital performance; to + broadcast and rebroadcast the Work by any means including signs, + sounds or images. + i. "Reproduce" means to make copies of the Work by any means including + without limitation by sound or visual recordings and the right of + fixation and reproducing fixations of the Work, including storage of a + protected performance or phonogram in digital form or other electronic + medium. + +2. Fair Dealing Rights. Nothing in this License is intended to reduce, +limit, or restrict any uses free from copyright or rights arising from +limitations or exceptions that are provided for in connection with the +copyright protection under copyright law or other applicable laws. + +3. License Grant. Subject to the terms and conditions of this License, +Licensor hereby grants You a worldwide, royalty-free, non-exclusive, +perpetual (for the duration of the applicable copyright) license to +exercise the rights in the Work as stated below: + + a. to Reproduce the Work, to incorporate the Work into one or more + Collections, and to Reproduce the Work as incorporated in the + Collections; + b. to create and Reproduce Adaptations provided that any such Adaptation, + including any translation in any medium, takes reasonable steps to + clearly label, demarcate or otherwise identify that changes were made + to the original Work. For example, a translation could be marked "The + original work was translated from English to Spanish," or a + modification could indicate "The original work has been modified."; + c. to Distribute and Publicly Perform the Work including as incorporated + in Collections; and, + d. to Distribute and Publicly Perform Adaptations. + e. For the avoidance of doubt: + + i. Non-waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme cannot be waived, the Licensor + reserves the exclusive right to collect such royalties for any + exercise by You of the rights granted under this License; + ii. Waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme can be waived, the Licensor waives the + exclusive right to collect such royalties for any exercise by You + of the rights granted under this License; and, + iii. Voluntary License Schemes. The Licensor waives the right to + collect royalties, whether individually or, in the event that the + Licensor is a member of a collecting society that administers + voluntary licensing schemes, via that society, from any exercise + by You of the rights granted under this License. + +The above rights may be exercised in all media and formats whether now +known or hereafter devised. The above rights include the right to make +such modifications as are technically necessary to exercise the rights in +other media and formats. Subject to Section 8(f), all rights not expressly +granted by Licensor are hereby reserved. + +4. Restrictions. The license granted in Section 3 above is expressly made +subject to and limited by the following restrictions: + + a. You may Distribute or Publicly Perform the Work only under the terms + of this License. You must include a copy of, or the Uniform Resource + Identifier (URI) for, this License with every copy of the Work You + Distribute or Publicly Perform. You may not offer or impose any terms + on the Work that restrict the terms of this License or the ability of + the recipient of the Work to exercise the rights granted to that + recipient under the terms of the License. You may not sublicense the + Work. You must keep intact all notices that refer to this License and + to the disclaimer of warranties with every copy of the Work You + Distribute or Publicly Perform. When You Distribute or Publicly + Perform the Work, You may not impose any effective technological + measures on the Work that restrict the ability of a recipient of the + Work from You to exercise the rights granted to that recipient under + the terms of the License. This Section 4(a) applies to the Work as + incorporated in a Collection, but this does not require the Collection + apart from the Work itself to be made subject to the terms of this + License. If You create a Collection, upon notice from any Licensor You + must, to the extent practicable, remove from the Collection any credit + as required by Section 4(b), as requested. If You create an + Adaptation, upon notice from any Licensor You must, to the extent + practicable, remove from the Adaptation any credit as required by + Section 4(b), as requested. + b. If You Distribute, or Publicly Perform the Work or any Adaptations or + Collections, You must, unless a request has been made pursuant to + Section 4(a), keep intact all copyright notices for the Work and + provide, reasonable to the medium or means You are utilizing: (i) the + name of the Original Author (or pseudonym, if applicable) if supplied, + and/or if the Original Author and/or Licensor designate another party + or parties (e.g., a sponsor institute, publishing entity, journal) for + attribution ("Attribution Parties") in Licensor's copyright notice, + terms of service or by other reasonable means, the name of such party + or parties; (ii) the title of the Work if supplied; (iii) to the + extent reasonably practicable, the URI, if any, that Licensor + specifies to be associated with the Work, unless such URI does not + refer to the copyright notice or licensing information for the Work; + and (iv) , consistent with Section 3(b), in the case of an Adaptation, + a credit identifying the use of the Work in the Adaptation (e.g., + "French translation of the Work by Original Author," or "Screenplay + based on original Work by Original Author"). The credit required by + this Section 4 (b) may be implemented in any reasonable manner; + provided, however, that in the case of a Adaptation or Collection, at + a minimum such credit will appear, if a credit for all contributing + authors of the Adaptation or Collection appears, then as part of these + credits and in a manner at least as prominent as the credits for the + other contributing authors. For the avoidance of doubt, You may only + use the credit required by this Section for the purpose of attribution + in the manner set out above and, by exercising Your rights under this + License, You may not implicitly or explicitly assert or imply any + connection with, sponsorship or endorsement by the Original Author, + Licensor and/or Attribution Parties, as appropriate, of You or Your + use of the Work, without the separate, express prior written + permission of the Original Author, Licensor and/or Attribution + Parties. + c. Except as otherwise agreed in writing by the Licensor or as may be + otherwise permitted by applicable law, if You Reproduce, Distribute or + Publicly Perform the Work either by itself or as part of any + Adaptations or Collections, You must not distort, mutilate, modify or + take other derogatory action in relation to the Work which would be + prejudicial to the Original Author's honor or reputation. Licensor + agrees that in those jurisdictions (e.g. Japan), in which any exercise + of the right granted in Section 3(b) of this License (the right to + make Adaptations) would be deemed to be a distortion, mutilation, + modification or other derogatory action prejudicial to the Original + Author's honor and reputation, the Licensor will waive or not assert, + as appropriate, this Section, to the fullest extent permitted by the + applicable national law, to enable You to reasonably exercise Your + right under Section 3(b) of this License (right to make Adaptations) + but not otherwise. 5. Representations, Warranties and Disclaimer -UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. - -6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. +UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR +OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY +KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, +INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, +FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF +LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, +WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION +OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. + +6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE +LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR +ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES +ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS +BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 7. Termination - a. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Adaptations or Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License. - - b. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above. + a. This License and the rights granted hereunder will terminate + automatically upon any breach by You of the terms of this License. + Individuals or entities who have received Adaptations or Collections + from You under this License, however, will not have their licenses + terminated provided such individuals or entities remain in full + compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will + survive any termination of this License. + b. Subject to the above terms and conditions, the license granted here is + perpetual (for the duration of the applicable copyright in the Work). + Notwithstanding the above, Licensor reserves the right to release the + Work under different license terms or to stop distributing the Work at + any time; provided, however that any such election will not serve to + withdraw this License (or any other license that has been, or is + required to be, granted under the terms of this License), and this + License will continue in full force and effect unless terminated as + stated above. 8. Miscellaneous - a. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License. - - b. Each time You Distribute or Publicly Perform an Adaptation, Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License. - - c. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. + a. Each time You Distribute or Publicly Perform the Work or a Collection, + the Licensor offers to the recipient a license to the Work on the same + terms and conditions as the license granted to You under this License. + b. Each time You Distribute or Publicly Perform an Adaptation, Licensor + offers to the recipient a license to the original Work on the same + terms and conditions as the license granted to You under this License. + c. If any provision of this License is invalid or unenforceable under + applicable law, it shall not affect the validity or enforceability of + the remainder of the terms of this License, and without further action + by the parties to this agreement, such provision shall be reformed to + the minimum extent necessary to make such provision valid and + enforceable. + d. No term or provision of this License shall be deemed waived and no + breach consented to unless such waiver or consent shall be in writing + and signed by the party to be charged with such waiver or consent. + e. This License constitutes the entire agreement between the parties with + respect to the Work licensed here. There are no understandings, + agreements or representations with respect to the Work not specified + here. Licensor shall not be bound by any additional provisions that + may appear in any communication from You. This License may not be + modified without the mutual written agreement of the Licensor and You. + f. The rights granted under, and the subject matter referenced, in this + License were drafted utilizing the terminology of the Berne Convention + for the Protection of Literary and Artistic Works (as amended on + September 28, 1979), the Rome Convention of 1961, the WIPO Copyright + Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 + and the Universal Copyright Convention (as revised on July 24, 1971). + These rights and subject matter take effect in the relevant + jurisdiction in which the License terms are sought to be enforced + according to the corresponding provisions of the implementation of + those treaty provisions in the applicable national law. If the + standard suite of rights granted under applicable copyright law + includes additional rights not granted under this License, such + additional rights are deemed to be included in the License; this + License is not intended to restrict the license of any rights under + applicable law. - d. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent. This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. - - e. This License may not be modified without the mutual written agreement of the Licensor and You. - - f. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). These rights and subject matter take effect in the relevant jurisdiction in which the License terms are sought to be enforced according to the corresponding provisions of the implementation of those treaty provisions in the applicable national law. If the standard suite of rights granted under applicable copyright law includes additional rights not granted under this License, such additional rights are deemed to be included in the License; this License is not intended to restrict the license of any rights under applicable law. Creative Commons Notice -Creative Commons is not a party to this License, and makes no warranty whatsoever in connection with the Work. Creative Commons will not be liable to You or any party on any legal theory for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this license. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of Licensor. - -Except for the limited purpose of indicating to the public that the Work is licensed under the CCPL, Creative Commons does not authorize the use by either party of the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons' then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. For the avoidance of doubt, this trademark restriction does not form part of this License. - -Creative Commons may be contacted at http://creativecommons.org/. + Creative Commons is not a party to this License, and makes no warranty + whatsoever in connection with the Work. Creative Commons will not be + liable to You or any party on any legal theory for any damages + whatsoever, including without limitation any general, special, + incidental or consequential damages arising in connection to this + license. Notwithstanding the foregoing two (2) sentences, if Creative + Commons has expressly identified itself as the Licensor hereunder, it + shall have all rights and obligations of Licensor. + + Except for the limited purpose of indicating to the public that the + Work is licensed under the CCPL, Creative Commons does not authorize + the use by either party of the trademark "Creative Commons" or any + related trademark or logo of Creative Commons without the prior + written consent of Creative Commons. Any permitted use will be in + compliance with Creative Commons' then-current trademark usage + guidelines, as may be published on its website or otherwise made + available upon request from time to time. For the avoidance of doubt, + this trademark restriction does not form part of this License. + + Creative Commons may be contacted at https://creativecommons.org/. diff --git a/src/main/resources/licenses/CC-BY-NC-3.0.txt b/src/main/resources/licenses/CC-BY-NC-3.0.txt index 314fdb212b..197ec4de65 100644 --- a/src/main/resources/licenses/CC-BY-NC-3.0.txt +++ b/src/main/resources/licenses/CC-BY-NC-3.0.txt @@ -1,95 +1,334 @@ -Creative Commons Attribution-NonCommercial 3.0 Unported +Creative Commons Legal Code - CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. +Attribution-NonCommercial 3.0 Unported + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR + DAMAGES RESULTING FROM ITS USE. License -THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. +THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE +COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY +COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS +AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. -BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS. +BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE +TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY +BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS +CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND +CONDITIONS. 1. Definitions - a. "Adaptation" means a work based upon the Work, or upon the Work and other pre-existing works, such as a translation, adaptation, derivative work, arrangement of music or other alterations of a literary or artistic work, or phonogram or performance and includes cinematographic adaptations or any other form in which the Work may be recast, transformed, or adapted including in any form recognizably derived from the original, except that a work that constitutes a Collection will not be considered an Adaptation for the purpose of this License. For the avoidance of doubt, where the Work is a musical work, performance or phonogram, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered an Adaptation for the purpose of this License. - - b. "Collection" means a collection of literary or artistic works, such as encyclopedias and anthologies, or performances, phonograms or broadcasts, or other works or subject matter other than works listed in Section 1(f) below, which, by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. A work that constitutes a Collection will not be considered an Adaptation (as defined above) for the purposes of this License. - - c. "Distribute" means to make available to the public the original and copies of the Work or Adaptation, as appropriate, through sale or other transfer of ownership. - - d. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License. - - e. "Original Author" means, in the case of a literary or artistic work, the individual, individuals, entity or entities who created the Work or if no individual or entity can be identified, the publisher; and in addition (i) in the case of a performance the actors, singers, musicians, dancers, and other persons who act, sing, deliver, declaim, play in, interpret or otherwise perform literary or artistic works or expressions of folklore; (ii) in the case of a phonogram the producer being the person or legal entity who first fixes the sounds of a performance or other sounds; and, (iii) in the case of broadcasts, the organization that transmits the broadcast. - - f. "Work" means the literary and/or artistic work offered under the terms of this License including without limitation any production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression including digital form, such as a book, pamphlet and other writing; a lecture, address, sermon or other work of the same nature; a dramatic or dramatico-musical work; a choreographic work or entertainment in dumb show; a musical composition with or without words; a cinematographic work to which are assimilated works expressed by a process analogous to cinematography; a work of drawing, painting, architecture, sculpture, engraving or lithography; a photographic work to which are assimilated works expressed by a process analogous to photography; a work of applied art; an illustration, map, plan, sketch or three-dimensional work relative to geography, topography, architecture or science; a performance; a broadcast; a phonogram; a compilation of data to the extent it is protected as a copyrightable work; or a work performed by a variety or circus performer to the extent it is not otherwise considered a literary or artistic work. - - g. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation. - - h. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images. - - i. "Reproduce" means to make copies of the Work by any means including without limitation by sound or visual recordings and the right of fixation and reproducing fixations of the Work, including storage of a protected performance or phonogram in digital form or other electronic medium. - -2. Fair Dealing Rights. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws. - -3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below: - - a. to Reproduce the Work, to incorporate the Work into one or more Collections, and to Reproduce the Work as incorporated in the Collections; - - b. to create and Reproduce Adaptations provided that any such Adaptation, including any translation in any medium, takes reasonable steps to clearly label, demarcate or otherwise identify that changes were made to the original Work. For example, a translation could be marked "The original work was translated from English to Spanish," or a modification could indicate "The original work has been modified."; - - c. to Distribute and Publicly Perform the Work including as incorporated in Collections; and, - - d. to Distribute and Publicly Perform Adaptations. - -The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. Subject to Section 8(f), all rights not expressly granted by Licensor are hereby reserved, including but not limited to the rights set forth in Section 4(d). - -4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions: - - a. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from any Licensor You must, to the extent practicable, remove from the Collection any credit as required by Section 4(c), as requested. If You create an Adaptation, upon notice from any Licensor You must, to the extent practicable, remove from the Adaptation any credit as required by Section 4(c), as requested. - - b. You may not exercise any of the rights granted to You in Section 3 above in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation. The exchange of the Work for other copyrighted works by means of digital file-sharing or otherwise shall not be considered to be intended for or directed toward commercial advantage or private monetary compensation, provided there is no payment of any monetary compensation in connection with the exchange of copyrighted works. - - c. If You Distribute, or Publicly Perform the Work or any Adaptations or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or if the Original Author and/or Licensor designate another party or parties (e.g., a sponsor institute, publishing entity, journal) for attribution ("Attribution Parties") in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work; and, (iv) consistent with Section 3(b), in the case of an Adaptation, a credit identifying the use of the Work in the Adaptation (e.g., "French translation of the Work by Original Author," or "Screenplay based on original Work by Original Author"). The credit required by this Section 4(c) may be implemented in any reasonable manner; provided, however, that in the case of a Adaptation or Collection, at a minimum such credit will appear, if a credit for all contributing authors of the Adaptation or Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties. - - d. For the avoidance of doubt: - - i. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; - - ii. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License if Your exercise of such rights is for a purpose or use which is otherwise than noncommercial as permitted under Section 4(b) and otherwise waives the right to collect royalties through any statutory or compulsory licensing scheme; and, - - iii. Voluntary License Schemes. The Licensor reserves the right to collect royalties, whether individually or, in the event that the Licensor is a member of a collecting society that administers voluntary licensing schemes, via that society, from any exercise by You of the rights granted under this License that is for a purpose or use which is otherwise than noncommercial as permitted under Section 4(c). - - e. Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable law, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author's honor or reputation. Licensor agrees that in those jurisdictions (e.g. Japan), in which any exercise of the right granted in Section 3(b) of this License (the right to make Adaptations) would be deemed to be a distortion, mutilation, modification or other derogatory action prejudicial to the Original Author's honor and reputation, the Licensor will waive or not assert, as appropriate, this Section, to the fullest extent permitted by the applicable national law, to enable You to reasonably exercise Your right under Section 3(b) of this License (right to make Adaptations) but not otherwise. + a. "Adaptation" means a work based upon the Work, or upon the Work and + other pre-existing works, such as a translation, adaptation, + derivative work, arrangement of music or other alterations of a + literary or artistic work, or phonogram or performance and includes + cinematographic adaptations or any other form in which the Work may be + recast, transformed, or adapted including in any form recognizably + derived from the original, except that a work that constitutes a + Collection will not be considered an Adaptation for the purpose of + this License. For the avoidance of doubt, where the Work is a musical + work, performance or phonogram, the synchronization of the Work in + timed-relation with a moving image ("synching") will be considered an + Adaptation for the purpose of this License. + b. "Collection" means a collection of literary or artistic works, such as + encyclopedias and anthologies, or performances, phonograms or + broadcasts, or other works or subject matter other than works listed + in Section 1(f) below, which, by reason of the selection and + arrangement of their contents, constitute intellectual creations, in + which the Work is included in its entirety in unmodified form along + with one or more other contributions, each constituting separate and + independent works in themselves, which together are assembled into a + collective whole. A work that constitutes a Collection will not be + considered an Adaptation (as defined above) for the purposes of this + License. + c. "Distribute" means to make available to the public the original and + copies of the Work or Adaptation, as appropriate, through sale or + other transfer of ownership. + d. "Licensor" means the individual, individuals, entity or entities that + offer(s) the Work under the terms of this License. + e. "Original Author" means, in the case of a literary or artistic work, + the individual, individuals, entity or entities who created the Work + or if no individual or entity can be identified, the publisher; and in + addition (i) in the case of a performance the actors, singers, + musicians, dancers, and other persons who act, sing, deliver, declaim, + play in, interpret or otherwise perform literary or artistic works or + expressions of folklore; (ii) in the case of a phonogram the producer + being the person or legal entity who first fixes the sounds of a + performance or other sounds; and, (iii) in the case of broadcasts, the + organization that transmits the broadcast. + f. "Work" means the literary and/or artistic work offered under the terms + of this License including without limitation any production in the + literary, scientific and artistic domain, whatever may be the mode or + form of its expression including digital form, such as a book, + pamphlet and other writing; a lecture, address, sermon or other work + of the same nature; a dramatic or dramatico-musical work; a + choreographic work or entertainment in dumb show; a musical + composition with or without words; a cinematographic work to which are + assimilated works expressed by a process analogous to cinematography; + a work of drawing, painting, architecture, sculpture, engraving or + lithography; a photographic work to which are assimilated works + expressed by a process analogous to photography; a work of applied + art; an illustration, map, plan, sketch or three-dimensional work + relative to geography, topography, architecture or science; a + performance; a broadcast; a phonogram; a compilation of data to the + extent it is protected as a copyrightable work; or a work performed by + a variety or circus performer to the extent it is not otherwise + considered a literary or artistic work. + g. "You" means an individual or entity exercising rights under this + License who has not previously violated the terms of this License with + respect to the Work, or who has received express permission from the + Licensor to exercise rights under this License despite a previous + violation. + h. "Publicly Perform" means to perform public recitations of the Work and + to communicate to the public those public recitations, by any means or + process, including by wire or wireless means or public digital + performances; to make available to the public Works in such a way that + members of the public may access these Works from a place and at a + place individually chosen by them; to perform the Work to the public + by any means or process and the communication to the public of the + performances of the Work, including by public digital performance; to + broadcast and rebroadcast the Work by any means including signs, + sounds or images. + i. "Reproduce" means to make copies of the Work by any means including + without limitation by sound or visual recordings and the right of + fixation and reproducing fixations of the Work, including storage of a + protected performance or phonogram in digital form or other electronic + medium. + +2. Fair Dealing Rights. Nothing in this License is intended to reduce, +limit, or restrict any uses free from copyright or rights arising from +limitations or exceptions that are provided for in connection with the +copyright protection under copyright law or other applicable laws. + +3. License Grant. Subject to the terms and conditions of this License, +Licensor hereby grants You a worldwide, royalty-free, non-exclusive, +perpetual (for the duration of the applicable copyright) license to +exercise the rights in the Work as stated below: + + a. to Reproduce the Work, to incorporate the Work into one or more + Collections, and to Reproduce the Work as incorporated in the + Collections; + b. to create and Reproduce Adaptations provided that any such Adaptation, + including any translation in any medium, takes reasonable steps to + clearly label, demarcate or otherwise identify that changes were made + to the original Work. For example, a translation could be marked "The + original work was translated from English to Spanish," or a + modification could indicate "The original work has been modified."; + c. to Distribute and Publicly Perform the Work including as incorporated + in Collections; and, + d. to Distribute and Publicly Perform Adaptations. + +The above rights may be exercised in all media and formats whether now +known or hereafter devised. The above rights include the right to make +such modifications as are technically necessary to exercise the rights in +other media and formats. Subject to Section 8(f), all rights not expressly +granted by Licensor are hereby reserved, including but not limited to the +rights set forth in Section 4(d). + +4. Restrictions. The license granted in Section 3 above is expressly made +subject to and limited by the following restrictions: + + a. You may Distribute or Publicly Perform the Work only under the terms + of this License. You must include a copy of, or the Uniform Resource + Identifier (URI) for, this License with every copy of the Work You + Distribute or Publicly Perform. You may not offer or impose any terms + on the Work that restrict the terms of this License or the ability of + the recipient of the Work to exercise the rights granted to that + recipient under the terms of the License. You may not sublicense the + Work. You must keep intact all notices that refer to this License and + to the disclaimer of warranties with every copy of the Work You + Distribute or Publicly Perform. When You Distribute or Publicly + Perform the Work, You may not impose any effective technological + measures on the Work that restrict the ability of a recipient of the + Work from You to exercise the rights granted to that recipient under + the terms of the License. This Section 4(a) applies to the Work as + incorporated in a Collection, but this does not require the Collection + apart from the Work itself to be made subject to the terms of this + License. If You create a Collection, upon notice from any Licensor You + must, to the extent practicable, remove from the Collection any credit + as required by Section 4(c), as requested. If You create an + Adaptation, upon notice from any Licensor You must, to the extent + practicable, remove from the Adaptation any credit as required by + Section 4(c), as requested. + b. You may not exercise any of the rights granted to You in Section 3 + above in any manner that is primarily intended for or directed toward + commercial advantage or private monetary compensation. The exchange of + the Work for other copyrighted works by means of digital file-sharing + or otherwise shall not be considered to be intended for or directed + toward commercial advantage or private monetary compensation, provided + there is no payment of any monetary compensation in connection with + the exchange of copyrighted works. + c. If You Distribute, or Publicly Perform the Work or any Adaptations or + Collections, You must, unless a request has been made pursuant to + Section 4(a), keep intact all copyright notices for the Work and + provide, reasonable to the medium or means You are utilizing: (i) the + name of the Original Author (or pseudonym, if applicable) if supplied, + and/or if the Original Author and/or Licensor designate another party + or parties (e.g., a sponsor institute, publishing entity, journal) for + attribution ("Attribution Parties") in Licensor's copyright notice, + terms of service or by other reasonable means, the name of such party + or parties; (ii) the title of the Work if supplied; (iii) to the + extent reasonably practicable, the URI, if any, that Licensor + specifies to be associated with the Work, unless such URI does not + refer to the copyright notice or licensing information for the Work; + and, (iv) consistent with Section 3(b), in the case of an Adaptation, + a credit identifying the use of the Work in the Adaptation (e.g., + "French translation of the Work by Original Author," or "Screenplay + based on original Work by Original Author"). The credit required by + this Section 4(c) may be implemented in any reasonable manner; + provided, however, that in the case of a Adaptation or Collection, at + a minimum such credit will appear, if a credit for all contributing + authors of the Adaptation or Collection appears, then as part of these + credits and in a manner at least as prominent as the credits for the + other contributing authors. For the avoidance of doubt, You may only + use the credit required by this Section for the purpose of attribution + in the manner set out above and, by exercising Your rights under this + License, You may not implicitly or explicitly assert or imply any + connection with, sponsorship or endorsement by the Original Author, + Licensor and/or Attribution Parties, as appropriate, of You or Your + use of the Work, without the separate, express prior written + permission of the Original Author, Licensor and/or Attribution + Parties. + d. For the avoidance of doubt: + + i. Non-waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme cannot be waived, the Licensor + reserves the exclusive right to collect such royalties for any + exercise by You of the rights granted under this License; + ii. Waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme can be waived, the Licensor reserves + the exclusive right to collect such royalties for any exercise by + You of the rights granted under this License if Your exercise of + such rights is for a purpose or use which is otherwise than + noncommercial as permitted under Section 4(b) and otherwise waives + the right to collect royalties through any statutory or compulsory + licensing scheme; and, + iii. Voluntary License Schemes. The Licensor reserves the right to + collect royalties, whether individually or, in the event that the + Licensor is a member of a collecting society that administers + voluntary licensing schemes, via that society, from any exercise + by You of the rights granted under this License that is for a + purpose or use which is otherwise than noncommercial as permitted + under Section 4(c). + e. Except as otherwise agreed in writing by the Licensor or as may be + otherwise permitted by applicable law, if You Reproduce, Distribute or + Publicly Perform the Work either by itself or as part of any + Adaptations or Collections, You must not distort, mutilate, modify or + take other derogatory action in relation to the Work which would be + prejudicial to the Original Author's honor or reputation. Licensor + agrees that in those jurisdictions (e.g. Japan), in which any exercise + of the right granted in Section 3(b) of this License (the right to + make Adaptations) would be deemed to be a distortion, mutilation, + modification or other derogatory action prejudicial to the Original + Author's honor and reputation, the Licensor will waive or not assert, + as appropriate, this Section, to the fullest extent permitted by the + applicable national law, to enable You to reasonably exercise Your + right under Section 3(b) of this License (right to make Adaptations) + but not otherwise. 5. Representations, Warranties and Disclaimer -UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. - -6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. +UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR +OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY +KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, +INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, +FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF +LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, +WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION +OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. + +6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE +LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR +ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES +ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS +BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 7. Termination - a. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Adaptations or Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License. - - b. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above. + a. This License and the rights granted hereunder will terminate + automatically upon any breach by You of the terms of this License. + Individuals or entities who have received Adaptations or Collections + from You under this License, however, will not have their licenses + terminated provided such individuals or entities remain in full + compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will + survive any termination of this License. + b. Subject to the above terms and conditions, the license granted here is + perpetual (for the duration of the applicable copyright in the Work). + Notwithstanding the above, Licensor reserves the right to release the + Work under different license terms or to stop distributing the Work at + any time; provided, however that any such election will not serve to + withdraw this License (or any other license that has been, or is + required to be, granted under the terms of this License), and this + License will continue in full force and effect unless terminated as + stated above. 8. Miscellaneous - a. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License. - - b. Each time You Distribute or Publicly Perform an Adaptation, Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License. - - c. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. + a. Each time You Distribute or Publicly Perform the Work or a Collection, + the Licensor offers to the recipient a license to the Work on the same + terms and conditions as the license granted to You under this License. + b. Each time You Distribute or Publicly Perform an Adaptation, Licensor + offers to the recipient a license to the original Work on the same + terms and conditions as the license granted to You under this License. + c. If any provision of this License is invalid or unenforceable under + applicable law, it shall not affect the validity or enforceability of + the remainder of the terms of this License, and without further action + by the parties to this agreement, such provision shall be reformed to + the minimum extent necessary to make such provision valid and + enforceable. + d. No term or provision of this License shall be deemed waived and no + breach consented to unless such waiver or consent shall be in writing + and signed by the party to be charged with such waiver or consent. + e. This License constitutes the entire agreement between the parties with + respect to the Work licensed here. There are no understandings, + agreements or representations with respect to the Work not specified + here. Licensor shall not be bound by any additional provisions that + may appear in any communication from You. This License may not be + modified without the mutual written agreement of the Licensor and You. + f. The rights granted under, and the subject matter referenced, in this + License were drafted utilizing the terminology of the Berne Convention + for the Protection of Literary and Artistic Works (as amended on + September 28, 1979), the Rome Convention of 1961, the WIPO Copyright + Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 + and the Universal Copyright Convention (as revised on July 24, 1971). + These rights and subject matter take effect in the relevant + jurisdiction in which the License terms are sought to be enforced + according to the corresponding provisions of the implementation of + those treaty provisions in the applicable national law. If the + standard suite of rights granted under applicable copyright law + includes additional rights not granted under this License, such + additional rights are deemed to be included in the License; this + License is not intended to restrict the license of any rights under + applicable law. - d. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent. - - e. This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You. - - f. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). These rights and subject matter take effect in the relevant jurisdiction in which the License terms are sought to be enforced according to the corresponding provisions of the implementation of those treaty provisions in the applicable national law. If the standard suite of rights granted under applicable copyright law includes additional rights not granted under this License, such additional rights are deemed to be included in the License; this License is not intended to restrict the license of any rights under applicable law. Creative Commons Notice -Creative Commons is not a party to this License, and makes no warranty whatsoever in connection with the Work. Creative Commons will not be liable to You or any party on any legal theory for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this license. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of Licensor. - -Except for the limited purpose of indicating to the public that the Work is licensed under the CCPL, Creative Commons does not authorize the use by either party of the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons' then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. For the avoidance of doubt, this trademark restriction does not form part of the License. - -Creative Commons may be contacted at http://creativecommons.org/. + Creative Commons is not a party to this License, and makes no warranty + whatsoever in connection with the Work. Creative Commons will not be + liable to You or any party on any legal theory for any damages + whatsoever, including without limitation any general, special, + incidental or consequential damages arising in connection to this + license. Notwithstanding the foregoing two (2) sentences, if Creative + Commons has expressly identified itself as the Licensor hereunder, it + shall have all rights and obligations of Licensor. + + Except for the limited purpose of indicating to the public that the + Work is licensed under the CCPL, Creative Commons does not authorize + the use by either party of the trademark "Creative Commons" or any + related trademark or logo of Creative Commons without the prior + written consent of Creative Commons. Any permitted use will be in + compliance with Creative Commons' then-current trademark usage + guidelines, as may be published on its website or otherwise made + available upon request from time to time. For the avoidance of doubt, + this trademark restriction does not form part of the License. + + Creative Commons may be contacted at https://creativecommons.org/. diff --git a/src/main/resources/licenses/CC-BY-NC-ND-3.0.txt b/src/main/resources/licenses/CC-BY-NC-ND-3.0.txt index 9c30983594..30b08e74db 100644 --- a/src/main/resources/licenses/CC-BY-NC-ND-3.0.txt +++ b/src/main/resources/licenses/CC-BY-NC-ND-3.0.txt @@ -1,89 +1,308 @@ -Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported +Creative Commons Legal Code - CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. +Attribution-NonCommercial-NoDerivs 3.0 Unported + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR + DAMAGES RESULTING FROM ITS USE. License -THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. +THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE +COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY +COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS +AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. -BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS. +BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE +TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY +BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS +CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND +CONDITIONS. 1. Definitions - a. "Adaptation" means a work based upon the Work, or upon the Work and other pre-existing works, such as a translation, adaptation, derivative work, arrangement of music or other alterations of a literary or artistic work, or phonogram or performance and includes cinematographic adaptations or any other form in which the Work may be recast, transformed, or adapted including in any form recognizably derived from the original, except that a work that constitutes a Collection will not be considered an Adaptation for the purpose of this License. For the avoidance of doubt, where the Work is a musical work, performance or phonogram, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered an Adaptation for the purpose of this License. - - b. "Collection" means a collection of literary or artistic works, such as encyclopedias and anthologies, or performances, phonograms or broadcasts, or other works or subject matter other than works listed in Section 1(f) below, which, by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. A work that constitutes a Collection will not be considered an Adaptation (as defined above) for the purposes of this License. - - c. "Distribute" means to make available to the public the original and copies of the Work through sale or other transfer of ownership. - - d. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License. - - e. "Original Author" means, in the case of a literary or artistic work, the individual, individuals, entity or entities who created the Work or if no individual or entity can be identified, the publisher; and in addition (i) in the case of a performance the actors, singers, musicians, dancers, and other persons who act, sing, deliver, declaim, play in, interpret or otherwise perform literary or artistic works or expressions of folklore; (ii) in the case of a phonogram the producer being the person or legal entity who first fixes the sounds of a performance or other sounds; and, (iii) in the case of broadcasts, the organization that transmits the broadcast. - - f. "Work" means the literary and/or artistic work offered under the terms of this License including without limitation any production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression including digital form, such as a book, pamphlet and other writing; a lecture, address, sermon or other work of the same nature; a dramatic or dramatico-musical work; a choreographic work or entertainment in dumb show; a musical composition with or without words; a cinematographic work to which are assimilated works expressed by a process analogous to cinematography; a work of drawing, painting, architecture, sculpture, engraving or lithography; a photographic work to which are assimilated works expressed by a process analogous to photography; a work of applied art; an illustration, map, plan, sketch or three-dimensional work relative to geography, topography, architecture or science; a performance; a broadcast; a phonogram; a compilation of data to the extent it is protected as a copyrightable work; or a work performed by a variety or circus performer to the extent it is not otherwise considered a literary or artistic work. - - g. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation. - - h. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images. - - i. "Reproduce" means to make copies of the Work by any means including without limitation by sound or visual recordings and the right of fixation and reproducing fixations of the Work, including storage of a protected performance or phonogram in digital form or other electronic medium. - -2. Fair Dealing Rights. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws. - -3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below: - - a. to Reproduce the Work, to incorporate the Work into one or more Collections, and to Reproduce the Work as incorporated in the Collections; and, - - b. to Distribute and Publicly Perform the Work including as incorporated in Collections. - -The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats, but otherwise you have no rights to make Adaptations. Subject to 8(f), all rights not expressly granted by Licensor are hereby reserved, including but not limited to the rights set forth in Section 4(d). - -4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions: - - a. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from any Licensor You must, to the extent practicable, remove from the Collection any credit as required by Section 4(c), as requested. - - b. You may not exercise any of the rights granted to You in Section 3 above in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation. The exchange of the Work for other copyrighted works by means of digital file-sharing or otherwise shall not be considered to be intended for or directed toward commercial advantage or private monetary compensation, provided there is no payment of any monetary compensation in connection with the exchange of copyrighted works. - - c. If You Distribute, or Publicly Perform the Work or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or if the Original Author and/or Licensor designate another party or parties (e.g., a sponsor institute, publishing entity, journal) for attribution ("Attribution Parties") in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work. The credit required by this Section 4(c) may be implemented in any reasonable manner; provided, however, that in the case of a Collection, at a minimum such credit will appear, if a credit for all contributing authors of Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties. - - d. For the avoidance of doubt: - - i. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; - - ii. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License if Your exercise of such rights is for a purpose or use which is otherwise than noncommercial as permitted under Section 4(b) and otherwise waives the right to collect royalties through any statutory or compulsory licensing scheme; and, - - iii. Voluntary License Schemes. The Licensor reserves the right to collect royalties, whether individually or, in the event that the Licensor is a member of a collecting society that administers voluntary licensing schemes, via that society, from any exercise by You of the rights granted under this License that is for a purpose or use which is otherwise than noncommercial as permitted under Section 4(b). - - e. Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable law, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author's honor or reputation. + a. "Adaptation" means a work based upon the Work, or upon the Work and + other pre-existing works, such as a translation, adaptation, + derivative work, arrangement of music or other alterations of a + literary or artistic work, or phonogram or performance and includes + cinematographic adaptations or any other form in which the Work may be + recast, transformed, or adapted including in any form recognizably + derived from the original, except that a work that constitutes a + Collection will not be considered an Adaptation for the purpose of + this License. For the avoidance of doubt, where the Work is a musical + work, performance or phonogram, the synchronization of the Work in + timed-relation with a moving image ("synching") will be considered an + Adaptation for the purpose of this License. + b. "Collection" means a collection of literary or artistic works, such as + encyclopedias and anthologies, or performances, phonograms or + broadcasts, or other works or subject matter other than works listed + in Section 1(f) below, which, by reason of the selection and + arrangement of their contents, constitute intellectual creations, in + which the Work is included in its entirety in unmodified form along + with one or more other contributions, each constituting separate and + independent works in themselves, which together are assembled into a + collective whole. A work that constitutes a Collection will not be + considered an Adaptation (as defined above) for the purposes of this + License. + c. "Distribute" means to make available to the public the original and + copies of the Work through sale or other transfer of ownership. + d. "Licensor" means the individual, individuals, entity or entities that + offer(s) the Work under the terms of this License. + e. "Original Author" means, in the case of a literary or artistic work, + the individual, individuals, entity or entities who created the Work + or if no individual or entity can be identified, the publisher; and in + addition (i) in the case of a performance the actors, singers, + musicians, dancers, and other persons who act, sing, deliver, declaim, + play in, interpret or otherwise perform literary or artistic works or + expressions of folklore; (ii) in the case of a phonogram the producer + being the person or legal entity who first fixes the sounds of a + performance or other sounds; and, (iii) in the case of broadcasts, the + organization that transmits the broadcast. + f. "Work" means the literary and/or artistic work offered under the terms + of this License including without limitation any production in the + literary, scientific and artistic domain, whatever may be the mode or + form of its expression including digital form, such as a book, + pamphlet and other writing; a lecture, address, sermon or other work + of the same nature; a dramatic or dramatico-musical work; a + choreographic work or entertainment in dumb show; a musical + composition with or without words; a cinematographic work to which are + assimilated works expressed by a process analogous to cinematography; + a work of drawing, painting, architecture, sculpture, engraving or + lithography; a photographic work to which are assimilated works + expressed by a process analogous to photography; a work of applied + art; an illustration, map, plan, sketch or three-dimensional work + relative to geography, topography, architecture or science; a + performance; a broadcast; a phonogram; a compilation of data to the + extent it is protected as a copyrightable work; or a work performed by + a variety or circus performer to the extent it is not otherwise + considered a literary or artistic work. + g. "You" means an individual or entity exercising rights under this + License who has not previously violated the terms of this License with + respect to the Work, or who has received express permission from the + Licensor to exercise rights under this License despite a previous + violation. + h. "Publicly Perform" means to perform public recitations of the Work and + to communicate to the public those public recitations, by any means or + process, including by wire or wireless means or public digital + performances; to make available to the public Works in such a way that + members of the public may access these Works from a place and at a + place individually chosen by them; to perform the Work to the public + by any means or process and the communication to the public of the + performances of the Work, including by public digital performance; to + broadcast and rebroadcast the Work by any means including signs, + sounds or images. + i. "Reproduce" means to make copies of the Work by any means including + without limitation by sound or visual recordings and the right of + fixation and reproducing fixations of the Work, including storage of a + protected performance or phonogram in digital form or other electronic + medium. + +2. Fair Dealing Rights. Nothing in this License is intended to reduce, +limit, or restrict any uses free from copyright or rights arising from +limitations or exceptions that are provided for in connection with the +copyright protection under copyright law or other applicable laws. + +3. License Grant. Subject to the terms and conditions of this License, +Licensor hereby grants You a worldwide, royalty-free, non-exclusive, +perpetual (for the duration of the applicable copyright) license to +exercise the rights in the Work as stated below: + + a. to Reproduce the Work, to incorporate the Work into one or more + Collections, and to Reproduce the Work as incorporated in the + Collections; and, + b. to Distribute and Publicly Perform the Work including as incorporated + in Collections. + +The above rights may be exercised in all media and formats whether now +known or hereafter devised. The above rights include the right to make +such modifications as are technically necessary to exercise the rights in +other media and formats, but otherwise you have no rights to make +Adaptations. Subject to 8(f), all rights not expressly granted by Licensor +are hereby reserved, including but not limited to the rights set forth in +Section 4(d). + +4. Restrictions. The license granted in Section 3 above is expressly made +subject to and limited by the following restrictions: + + a. You may Distribute or Publicly Perform the Work only under the terms + of this License. You must include a copy of, or the Uniform Resource + Identifier (URI) for, this License with every copy of the Work You + Distribute or Publicly Perform. You may not offer or impose any terms + on the Work that restrict the terms of this License or the ability of + the recipient of the Work to exercise the rights granted to that + recipient under the terms of the License. You may not sublicense the + Work. You must keep intact all notices that refer to this License and + to the disclaimer of warranties with every copy of the Work You + Distribute or Publicly Perform. When You Distribute or Publicly + Perform the Work, You may not impose any effective technological + measures on the Work that restrict the ability of a recipient of the + Work from You to exercise the rights granted to that recipient under + the terms of the License. This Section 4(a) applies to the Work as + incorporated in a Collection, but this does not require the Collection + apart from the Work itself to be made subject to the terms of this + License. If You create a Collection, upon notice from any Licensor You + must, to the extent practicable, remove from the Collection any credit + as required by Section 4(c), as requested. + b. You may not exercise any of the rights granted to You in Section 3 + above in any manner that is primarily intended for or directed toward + commercial advantage or private monetary compensation. The exchange of + the Work for other copyrighted works by means of digital file-sharing + or otherwise shall not be considered to be intended for or directed + toward commercial advantage or private monetary compensation, provided + there is no payment of any monetary compensation in connection with + the exchange of copyrighted works. + c. If You Distribute, or Publicly Perform the Work or Collections, You + must, unless a request has been made pursuant to Section 4(a), keep + intact all copyright notices for the Work and provide, reasonable to + the medium or means You are utilizing: (i) the name of the Original + Author (or pseudonym, if applicable) if supplied, and/or if the + Original Author and/or Licensor designate another party or parties + (e.g., a sponsor institute, publishing entity, journal) for + attribution ("Attribution Parties") in Licensor's copyright notice, + terms of service or by other reasonable means, the name of such party + or parties; (ii) the title of the Work if supplied; (iii) to the + extent reasonably practicable, the URI, if any, that Licensor + specifies to be associated with the Work, unless such URI does not + refer to the copyright notice or licensing information for the Work. + The credit required by this Section 4(c) may be implemented in any + reasonable manner; provided, however, that in the case of a + Collection, at a minimum such credit will appear, if a credit for all + contributing authors of Collection appears, then as part of these + credits and in a manner at least as prominent as the credits for the + other contributing authors. For the avoidance of doubt, You may only + use the credit required by this Section for the purpose of attribution + in the manner set out above and, by exercising Your rights under this + License, You may not implicitly or explicitly assert or imply any + connection with, sponsorship or endorsement by the Original Author, + Licensor and/or Attribution Parties, as appropriate, of You or Your + use of the Work, without the separate, express prior written + permission of the Original Author, Licensor and/or Attribution + Parties. + d. For the avoidance of doubt: + + i. Non-waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme cannot be waived, the Licensor + reserves the exclusive right to collect such royalties for any + exercise by You of the rights granted under this License; + ii. Waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme can be waived, the Licensor reserves + the exclusive right to collect such royalties for any exercise by + You of the rights granted under this License if Your exercise of + such rights is for a purpose or use which is otherwise than + noncommercial as permitted under Section 4(b) and otherwise waives + the right to collect royalties through any statutory or compulsory + licensing scheme; and, + iii. Voluntary License Schemes. The Licensor reserves the right to + collect royalties, whether individually or, in the event that the + Licensor is a member of a collecting society that administers + voluntary licensing schemes, via that society, from any exercise + by You of the rights granted under this License that is for a + purpose or use which is otherwise than noncommercial as permitted + under Section 4(b). + e. Except as otherwise agreed in writing by the Licensor or as may be + otherwise permitted by applicable law, if You Reproduce, Distribute or + Publicly Perform the Work either by itself or as part of any + Collections, You must not distort, mutilate, modify or take other + derogatory action in relation to the Work which would be prejudicial + to the Original Author's honor or reputation. 5. Representations, Warranties and Disclaimer -UNLESS OTHERWISE MUTUALLY AGREED BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. - -6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. +UNLESS OTHERWISE MUTUALLY AGREED BY THE PARTIES IN WRITING, LICENSOR +OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY +KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, +INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, +FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF +LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, +WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION +OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. + +6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE +LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR +ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES +ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS +BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 7. Termination - a. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License. - - b. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above. + a. This License and the rights granted hereunder will terminate + automatically upon any breach by You of the terms of this License. + Individuals or entities who have received Collections from You under + this License, however, will not have their licenses terminated + provided such individuals or entities remain in full compliance with + those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any + termination of this License. + b. Subject to the above terms and conditions, the license granted here is + perpetual (for the duration of the applicable copyright in the Work). + Notwithstanding the above, Licensor reserves the right to release the + Work under different license terms or to stop distributing the Work at + any time; provided, however that any such election will not serve to + withdraw this License (or any other license that has been, or is + required to be, granted under the terms of this License), and this + License will continue in full force and effect unless terminated as + stated above. 8. Miscellaneous - a. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License. - - b. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. - - c. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent. + a. Each time You Distribute or Publicly Perform the Work or a Collection, + the Licensor offers to the recipient a license to the Work on the same + terms and conditions as the license granted to You under this License. + b. If any provision of this License is invalid or unenforceable under + applicable law, it shall not affect the validity or enforceability of + the remainder of the terms of this License, and without further action + by the parties to this agreement, such provision shall be reformed to + the minimum extent necessary to make such provision valid and + enforceable. + c. No term or provision of this License shall be deemed waived and no + breach consented to unless such waiver or consent shall be in writing + and signed by the party to be charged with such waiver or consent. + d. This License constitutes the entire agreement between the parties with + respect to the Work licensed here. There are no understandings, + agreements or representations with respect to the Work not specified + here. Licensor shall not be bound by any additional provisions that + may appear in any communication from You. This License may not be + modified without the mutual written agreement of the Licensor and You. + e. The rights granted under, and the subject matter referenced, in this + License were drafted utilizing the terminology of the Berne Convention + for the Protection of Literary and Artistic Works (as amended on + September 28, 1979), the Rome Convention of 1961, the WIPO Copyright + Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 + and the Universal Copyright Convention (as revised on July 24, 1971). + These rights and subject matter take effect in the relevant + jurisdiction in which the License terms are sought to be enforced + according to the corresponding provisions of the implementation of + those treaty provisions in the applicable national law. If the + standard suite of rights granted under applicable copyright law + includes additional rights not granted under this License, such + additional rights are deemed to be included in the License; this + License is not intended to restrict the license of any rights under + applicable law. - d. This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You. - - e. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). These rights and subject matter take effect in the relevant jurisdiction in which the License terms are sought to be enforced according to the corresponding provisions of the implementation of those treaty provisions in the applicable national law. If the standard suite of rights granted under applicable copyright law includes additional rights not granted under this License, such additional rights are deemed to be included in the License; this License is not intended to restrict the license of any rights under applicable law. Creative Commons Notice -Creative Commons is not a party to this License, and makes no warranty whatsoever in connection with the Work. Creative Commons will not be liable to You or any party on any legal theory for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this license. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of Licensor. - -Except for the limited purpose of indicating to the public that the Work is licensed under the CCPL, Creative Commons does not authorize the use by either party of the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons' then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. For the avoidance of doubt, this trademark restriction does not form part of this License. - -Creative Commons may be contacted at http://creativecommons.org/. + Creative Commons is not a party to this License, and makes no warranty + whatsoever in connection with the Work. Creative Commons will not be + liable to You or any party on any legal theory for any damages + whatsoever, including without limitation any general, special, + incidental or consequential damages arising in connection to this + license. Notwithstanding the foregoing two (2) sentences, if Creative + Commons has expressly identified itself as the Licensor hereunder, it + shall have all rights and obligations of Licensor. + + Except for the limited purpose of indicating to the public that the + Work is licensed under the CCPL, Creative Commons does not authorize + the use by either party of the trademark "Creative Commons" or any + related trademark or logo of Creative Commons without the prior + written consent of Creative Commons. Any permitted use will be in + compliance with Creative Commons' then-current trademark usage + guidelines, as may be published on its website or otherwise made + available upon request from time to time. For the avoidance of doubt, + this trademark restriction does not form part of this License. + + Creative Commons may be contacted at https://creativecommons.org/. diff --git a/src/main/resources/licenses/CC-BY-NC-SA-2.0-DE.txt b/src/main/resources/licenses/CC-BY-NC-SA-2.0-DE.txt new file mode 100644 index 0000000000..ba4b72ac30 --- /dev/null +++ b/src/main/resources/licenses/CC-BY-NC-SA-2.0-DE.txt @@ -0,0 +1,85 @@ +Creative Commons Namensnennung — Nicht-kommerziell — Weitergabe unter gleichen Bedingungen 2.0 + +CREATIVE COMMONS IST KEINE RECHTSANWALTSGESELLSCHAFT UND LEISTET KEINE RECHTSBERATUNG. DIE WEITERGABE DIESES LIZENZENTWURFES FÜHRT ZU KEINEM MANDATSVERHÄLTNIS. CREATIVE COMMONS ERBRINGT DIESE INFORMATIONEN OHNE GEWÄHR. CREATIVE COMMONS ÜBERNIMMT KEINE GEWÄHRLEISTUNG FÜR DIE GELIEFERTEN INFORMATIONEN UND SCHLIEßT DIE HAFTUNG FÜR SCHÄDEN AUS, DIE SICH AUS IHREM GEBRAUCH ERGEBEN. + +Lizenzvertrag + +DAS URHEBERRECHTLICH GESCHÜTZTE WERK ODER DER SONSTIGE SCHUTZGEGENSTAND (WIE UNTEN BESCHRIEBEN) WIRD UNTER DEN BEDINGUNGEN DIESER CREATIVE COMMONS PUBLIC LICENSE („CCPL“ ODER „LIZENZVERTRAG“) ZUR VERFÜGUNG GESTELLT. DER SCHUTZGEGENSTAND IST DURCH DAS URHEBERRECHT UND/ODER EINSCHLÄGIGE GESETZE GESCHÜTZT. + +DURCH DIE AUSÜBUNG EINES DURCH DIESEN LIZENZVERTRAG GEWÄHRTEN RECHTS AN DEM SCHUTZGEGENSTAND ERKLÄREN SIE SICH MIT DEN LIZENZBEDINGUNGEN RECHTSVERBINDLICH EINVERSTANDEN. DER LIZENZGEBER RÄUMT IHNEN DIE HIER BESCHRIEBENEN RECHTE UNTER DER VORAUSSETZUNGEIN, DASS SIE SICH MIT DIESEN VERTRAGSBEDINGUNGEN EINVERSTANDEN ERKLÄREN. + +1. Definitionen + + a. Unter einer „Bearbeitung“ wird eine Übersetzung oder andere Bearbeitung des Werkes verstanden, die Ihre persÃļnliche geistige SchÃļpfung ist. Eine freie Benutzung des Werkes wird nicht als Bearbeitung angesehen. + + b. Unter den „Lizenzelementen“ werden die folgenden Lizenzcharakteristika verstanden, die vom Lizenzgeber ausgewählt und in der Bezeichnung der Lizenz genannt werden: „Namensnennung“, „Nicht-kommerziell“, „Weitergabe unter gleichen Bedingungen“. + + c. Unter dem „Lizenzgeber“ wird die natÃŧrliche oder juristische Person verstanden, die den Schutzgegenstand unter den Bedingungen dieser Lizenz anbietet. + + d. Unter einem „Sammelwerk“ wird eine Sammlung von Werken, Daten oder anderen unabhängigen Elementen verstanden, die aufgrund der Auswahl oder Anordnung der Elemente eine persÃļnliche geistige SchÃļpfung ist. Darunter fallen auch solche Sammelwerke, deren Elemente systematisch oder methodisch angeordnet und einzeln mit Hilfe elektronischer Mittel oder auf andere Weise zugänglich sind (Datenbankwerke). Ein Sammelwerk wird im Zusammenhang mit dieser Lizenz nicht als Bearbeitung (wie oben beschrieben) angesehen. + + e. Mit „SIE“ und „Ihnen“ ist die natÃŧrliche oder juristische Person gemeint, die die durch diese Lizenz gewährten Nutzungsrechte ausÃŧbt und die zuvor die Bedingungen dieser Lizenz im Hinblick auf das Werk nicht verletzt hat, oder die die ausdrÃŧckliche Erlaubnis des Lizenzgebers erhalten hat, die durch diese Lizenz gewährten Nutzungsrechte trotz einer vorherigen Verletzung auszuÃŧben. + + f. Unter dem „Schutzgegenstand“wird das Werk oder Sammelwerk oder das Schutzobjekt eines verwandten Schutzrechts, das Ihnen unter den Bedingungen dieser Lizenz angeboten wird, verstanden + + g. Unter dem „Urheber“ wird die natÃŧrliche Person verstanden, die das Werk geschaffen hat. + + h. Unter einem „verwandten Schutzrecht“ wird das Recht an einem anderen urheberrechtlichen Schutzgegenstand als einem Werk verstanden, zum Beispiel einer wissenschaftlichen Ausgabe, einem nachgelassenen Werk, einem Lichtbild, einer Datenbank, einem Tonträger, einer Funksendung, einem Laufbild oder einer Darbietung eines ausÃŧbenden KÃŧnstlers. + + i. Unter dem „Werk“ wird eine persÃļnliche geistige SchÃļpfung verstanden, die Ihnen unter den Bedingungen dieser Lizenz angeboten wird. + +2. Schranken des Urheberrechts. Diese Lizenz lässt sämtliche Befugnisse unberÃŧhrt, die sich aus den Schranken des Urheberrechts,aus dem ErschÃļpfungsgrundsatz oder anderen Beschränkungen der Ausschließlichkeitsrechte des Rechtsinhabers ergeben. + +3. Lizenzierung. Unter den Bedingungen dieses Lizenzvertrages räumt Ihnen der Lizenzgeber ein lizenzgebÃŧhrenfreies, räumlich und zeitlich (fÃŧr die Dauer des Urheberrechts oder verwandten Schutzrechts) unbeschränktes einfaches Nutzungsrecht ein, den Schutzgegenstand in der folgenden Art und Weise zu nutzen: + + a. den Schutzgegenstand in kÃļrperlicher Form zu verwerten, insbesondere zu vervielfältigen, zu verbreiten und auszustellen; + + b. den Schutzgegenstand in unkÃļrperlicher Form Ãļffentlich wiederzugeben, insbesondere vorzutragen, aufzufÃŧhren und vorzufÃŧhren, Ãļffentlich zugänglich zu machen, zu senden, durch Bild- und Tonträger wiederzugeben sowie Funksendungen und Ãļffentliche Zugänglichmachungen wiederzugeben; + + c. den Schutzgegenstand auf Bild- oder Tonträger aufzunehmen, Lichtbilder davon herzustellen, weiterzusenden und in dem in a. und b. genannten Umfang zu verwerten; + + d. den Schutzgegenstand zu bearbeiten oder in anderer Weise umzugestalten und die Bearbeitungen zu verÃļffentlichen und in dem in a. bis c. genannten Umfang zu verwerten; + +Die genannten Nutzungsrechte kÃļnnen fÃŧr alle bekannten Nutzungsarten ausgeÃŧbt werden. Die genannten Nutzungsrechte beinhalten das Recht, solche Veränderungen an dem Werk vorzunehmen, die technisch erforderlich sind, um die Nutzungsrechte fÃŧr alle Nutzungsarten wahrzunehmen. Insbesondere sind davon die Anpassung an andere Medien und auf andere Dateiformate umfasst. + +4. Beschränkungen. Die Einräumung der Nutzungsrechte gemäß Ziffer 3 erfolgt ausdrÃŧcklich nur unter den folgenden Bedingungen: + + a. Sie dÃŧrfen den Schutzgegenstand ausschließlich unter den Bedingungen dieser Lizenz vervielfältigen, verbreiten oder Ãļffentlich wiedergeben, und Sie mÃŧssen stets eine Kopie oder die vollständige Internetadresse in Form des Uniform-Resource-Identifier (URI) dieser Lizenz beifÃŧgen, wenn Sie den Schutzgegenstandvervielfältigen, verbreiten oder Ãļffentlich wiedergeben. Sie dÃŧrfen keine Vertragsbedingungen anbieten oder fordern, die die Bedingungen dieser Lizenz oder die durch sie gewährten Rechte ändern oder beschränken. Sie dÃŧrfen den Schutzgegenstand nicht unterlizenzieren. Sie mÃŧssen alle Hinweise unverändert lassen, die auf diese Lizenz und den Haftungsausschluss hinweisen. Sie dÃŧrfen den Schutzgegenstand mit keinen technischen Schutzmaßnahmen versehen, die den Zugang oder den Gebrauch des Schutzgegenstandes in einer Weise kontrollieren, die mit den Bedingungen dieser Lizenz im Widerspruch stehen. Die genannten Beschränkungen gelten auch fÃŧr den Fall, dass der Schutzgegenstand einen Bestandteil eines Sammelwerkes bildet; sie verlangen aber nicht, dass das Sammelwerk insgesamt zum Gegenstand dieser Lizenz gemacht wird. Wenn Sie ein Sammelwerk erstellen, mÃŧssen Sie - soweit dies praktikabel ist - auf die Mitteilung eines Lizenzgebers oder Urhebers hin aus dem Sammelwerk jeglichen Hinweis auf diesen Lizenzgeber oder diesen Urheber entfernen. Wenn Sie den Schutzgegenstand bearbeiten, mÃŧssen Sie - soweit dies praktikabel ist- auf die Aufforderung eines Rechtsinhabers hin von der Bearbeitung jeglichen Hinweis auf diesen Rechtsinhaber entfernen. + + b. Sie dÃŧrfen eine Bearbeitung ausschließlich unter den Bedingungen dieser Lizenz, einer späteren Version dieser Lizenz mit denselben Lizenzelementen wie diese Lizenz oder einer Creative Commons iCommons Lizenz, die dieselben Lizenzelemente wie diese Lizenz enthält (z.B. Namensnennung - Nicht-kommerziell - Weitergabe unter gleichen Bedingungen 2.0 Japan), vervielfältigen, verbreiten oder Ãļffentlich wiedergeben. Sie mÃŧssen stets eine Kopie oder die Internetadresse in Form des Uniform-Resource-Identifier (URI) dieser Lizenz oder einer anderen Lizenz der im vorhergehenden Satz beschriebenen Art beifÃŧgen, wenn Sie die Bearbeitung vervielfältigen, verbreiten oder Ãļffentlich wiedergeben. Sie dÃŧrfen keine Vertragsbedingungen anbieten oder fordern, die die Bedingungen dieser Lizenz oder die durch sie gewährten Rechte ändern oder beschränken, und Sie mÃŧssen alle Hinweise unverändert lassen, die auf diese Lizenz und den Haftungsausschluss hinweisen. Sie dÃŧrfen eine Bearbeitung nicht mit technischen Schutzmaßnahmen versehen, die den Zugang oder den Gebrauch der Bearbeitung in einer Weise kontrollieren, die mit den Bedingungen dieser Lizenz im Widerspruch stehen. Die genannten Beschränkungen gelten auch fÃŧr eine Bearbeitung als Bestandteil eines Sammelwerkes; sie erfordern aber nicht, dass das Sammelwerk insgesamt zum Gegenstand dieser Lizenz gemacht wird. + + c. Sie dÃŧrfen die in Ziffer 3 gewährten Nutzungsrechte in keiner Weise verwenden, die hauptsächlich auf einen geschäftlichen Vorteil oder eine vertraglich geschuldete geldwerte VergÃŧtung abzielt oder darauf gerichtet ist. Erhalten Sie im Zusammenhang mit der Einräumung der Nutzungsrechte ebenfalls einen Schutzgegenstand, ohne dass eine vertragliche Verpflichtung hierzu besteht, so wird dies nicht als geschäftlicher Vorteil oder vertraglich geschuldete geldwerte VergÃŧtung angesehen, wenn keine Zahlung oder geldwerte VergÃŧtung in Verbindung mit dem Austausch der Schutzgegenstände geleistet wird (z.B. File-Sharing). + + d. Wenn Sie den Schutzgegenstand oder eine Bearbeitung oder ein Sammelwerk vervielfältigen, verbreiten oder Ãļffentlich wiedergeben, mÃŧssen Sie alle Urhebervermerke fÃŧr den Schutzgegenstand unverändert lassen und die Urheberschaft oder Rechtsinhaberschaft in einer der von Ihnen vorgenommenen Nutzung angemessenen Form anerkennen, indem Sie den Namen (oder das Pseudonym, falls ein solches verwendet wird) des Urhebers oder Rechteinhabers nennen, wenn dieser angegeben ist. Dies gilt auch fÃŧr den Titel des Schutzgegenstandes, wenn dieser angeben ist, sowie - in einem vernÃŧnftigerweise durchfÃŧhrbaren Umfang - fÃŧr die mit dem Schutzgegenstand zu verbindende Internetadresse in Form des Uniform-Resource-Identifier (URI), wie sie der Lizenzgeber angegeben hat, sofern dies geschehen ist, es sei denn, diese Internetadresse verweist nicht auf den Urhebervermerk oder die Lizenzinformationen zu dem Schutzgegenstand. Bei einer Bearbeitung ist ein Hinweis darauf aufzufÃŧhren, in welcher Form der Schutzgegenstand in die Bearbeitung eingegangen ist (z.B. „FranzÃļsische Übersetzung des ... (Werk) durch ... (Urheber)“ oder „Das Drehbuch beruht auf dem Werk des ... (Urheber)“). Ein solcher Hinweis kann in jeder angemessenen Weise erfolgen, wobei jedoch bei einer Bearbeitung, einer Datenbank oder einem Sammelwerk der Hinweis zumindest an gleicher Stelle und in ebenso auffälliger Weise zu erfolgen hat wie vergleichbare Hinweise auf andere Rechtsinhaber. + + e. Obwohl die gemäss Ziffer 3 gewährten Nutzungsrechte in umfassender Weise ausgeÃŧbt werden dÃŧrfen, findet diese Erlaubnis ihre gesetzliche Grenze in den PersÃļnlichkeitsrechten der Urheber und ausÃŧbenden KÃŧnstler, deren berechtigte geistige und persÃļnliche Interessen bzw. deren Ansehen oder Ruf nicht dadurch gefährdet werden dÃŧrfen, dass ein Schutzgegenstand Ãŧber das gesetzlich zulässige Maß hinaus beeinträchtigt wird. + +5. Gewährleistung. Sofern dies von den Vertragsparteien nicht anderweitig schriftlich vereinbart,, bietet der Lizenzgeber keine Gewährleistung fÃŧr die erteilten Rechte, außer fÃŧr den Fall, dass Mängel arglistig verschwiegen wurden. FÃŧr Mängel anderer Art, insbesondere bei der mangelhaften Lieferung von VerkÃļrperungen des Schutzgegenstandes, richtet sich die Gewährleistung nach der Regelung, die die Person, die Ihnen den Schutzgegenstand zur VerfÃŧgung stellt, mit Ihnen außerhalb dieser Lizenz vereinbart, oder - wenn eine solche Regelung nicht getroffen wurde - nach den gesetzlichen Vorschriften. + +6. Haftung. Über die in Ziffer 5 genannte Gewährleistung hinaus haftet Ihnen der Lizenzgeber nur fÃŧr Vorsatz und grobe Fahrlässigkeit. + +7. Vertragsende + + a. Dieser Lizenzvertrag und die durch ihn eingeräumten Nutzungsrechte enden automatisch bei jeder Verletzung der Vertragsbedingungen durch Sie. FÃŧr natÃŧrliche und juristische Personen, die von Ihnen eine Bearbeitung, eine Datenbank oder ein Sammelwerk unter diesen Lizenzbedingungen erhalten haben, gilt die Lizenz jedoch weiter, vorausgesetzt, diese natÃŧrlichen oder juristischen Personen erfÃŧllen sämtliche Vertragsbedingungen. Die Ziffern 1, 2, 5, 6, 7 und 8 gelten bei einer Vertragsbeendigung fort. + + b. Unter den oben genannten Bedingungen erfolgt die Lizenz auf unbegrenzte Zeit (fÃŧr die Dauer des Schutzrechts). Dennoch behält sich der Lizenzgeber das Recht vor, den Schutzgegenstand unter anderen Lizenzbedingungen zu nutzen oder die eigene Weitergabe des Schutzgegenstandes jederzeit zu beenden, vorausgesetzt, dass solche Handlungen nicht dem Widerruf dieser Lizenz dienen (oder jeder anderen Lizenzierung, die auf Grundlage dieser Lizenz erfolgt ist oder erfolgen muss) und diese Lizenz wirksam bleibt, bis Sie unter den oben genannten Voraussetzungen endet. + +8. Schlussbestimmungen + + a. Jedes Mal, wenn Sie den Schutzgegenstand vervielfältigen, verbreiten oder Ãļffentlich wiedergeben, bietet der Lizenzgeber dem Erwerber eine Lizenz fÃŧr den Schutzgegenstand unter denselben Vertragsbedingungen an, unter denen er Ihnen die Lizenz eingeräumt hat. + + b. Jedes Mal, wenn Sie eine Bearbeitung vervielfältigen, verbreiten oder Ãļffentlich wiedergeben, bietet der Lizenzgeber dem Erwerber eine Lizenz fÃŧr den ursprÃŧnglichen Schutzgegenstand unter denselben Vertragsbedingungen an, unter denen er Ihnen die Lizenz eingeräumt hat. + + c. Sollte eine Bestimmung dieses Lizenzvertrages unwirksam sein, so wird die Wirksamkeit der Ãŧbrigen Lizenzbestimmungen dadurch nicht berÃŧhrt, und an die Stelle der unwirksamen Bestimmung tritt eine Ersatzregelung, die dem mit der unwirksamen Bestimmung angestrebten Zweck am nächsten kommt. + + d. Nichts soll dahingehend ausgelegt werden, dass auf eine Bestimmung dieses Lizenzvertrages verzichtet oder einer Vertragsverletzung zugestimmt wird, so lange ein solcher Verzicht oder eine solche Zustimmung nicht schriftlich vorliegen und von der verzichtenden oder zustimmenden Vertragspartei unterschrieben sind + + e. Dieser Lizenzvertrag stellt die vollständige Vereinbarung zwischen den Vertragsparteien hinsichtlich des Schutzgegenstandes dar. Es gibt keine weiteren ergänzenden Vereinbarungen oder mÃŧndlichen Abreden im Hinblick auf den Schutzgegenstand. Der Lizenzgeber ist an keine zusätzlichen Abreden gebunden, die aus irgendeiner Absprache mit Ihnen entstehen kÃļnnten. Der Lizenzvertrag kann nicht ohne eine Ãŧbereinstimmende schriftliche Vereinbarung zwischen dem Lizenzgeber und Ihnen abgeändert werden. + + f. Auf diesen Lizenzvertrag findet das Recht der Bundesrepublik Deutschland Anwendung. + +CREATIVE COMMONS IST KEINE VERTRAGSPARTEI DIESES LIZENZVERTRAGES UND ÜBERNIMMT KEINERLEI GEWÄHRLEISTUNG FÜR DAS WERK. CREATIVE COMMONS IST IHNEN ODER DRITTEN GEGENÜBER NICHT HAFTBAR FÜR SCHÄDEN JEDWEDER ART. UNGEACHTET DER VORSTEHENDEN ZWEI (2) SÄTZE HAT CREATIVE COMMONS ALL RECHTE UND PFLICHTEN EINES LIZENSGEBERS, WENN SICH CREATIVE COMMONS AUSDRÜCKLICH ALS LIZENZGEBER BEZEICHNET. + +AUSSER FÜR DEN BESCHRÄNKTEN ZWECK EINES HINWEISES AN DIE ÖFFENTLICHKEIT, DASS DAS WERK UNTER DER CCPL LIZENSIERT WIRD, DARF KENIE VERTRAGSPARTEI DIE MARKE “CREATIVE COMMONS” ODER EINE ÄHNLICHE MARKE ODER DAS LOGO VON CREATIVE COMMONS OHNE VORHERIGE GENEHMIGUNG VON CREATIVE COMMONS NUTZEN. JEDE GESTATTETE NUTZUNG HAT IN ÜBREEINSTIMMUNG MIT DEN JEWEILS GÜLTIGEN NUTZUNGSBEDINGUNGEN FÜR MARKEN VON CREATIVE COMMONS ZU ERFOLGEN, WIE SIE AUF DER WEBSITE ODER IN ANDERER WEISE AUF ANFRAGE VON ZEIT ZU ZEIT ZUGÄNGLICH GEMACHT WERDEN. + +CREATIVE COMMONS KANN UNTER https://creativecommons.org KONTAKTIERT WERDEN. diff --git a/src/main/resources/licenses/CC-BY-NC-SA-3.0.txt b/src/main/resources/licenses/CC-BY-NC-SA-3.0.txt index 8d1828791a..a50eacf98c 100644 --- a/src/main/resources/licenses/CC-BY-NC-SA-3.0.txt +++ b/src/main/resources/licenses/CC-BY-NC-SA-3.0.txt @@ -1,99 +1,360 @@ -Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported +Creative Commons Legal Code - CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. +Attribution-NonCommercial-ShareAlike 3.0 Unported + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR + DAMAGES RESULTING FROM ITS USE. License -THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. +THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE +COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY +COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS +AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. -BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS. +BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE +TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY +BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS +CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND +CONDITIONS. 1. Definitions - a. "Adaptation" means a work based upon the Work, or upon the Work and other pre-existing works, such as a translation, adaptation, derivative work, arrangement of music or other alterations of a literary or artistic work, or phonogram or performance and includes cinematographic adaptations or any other form in which the Work may be recast, transformed, or adapted including in any form recognizably derived from the original, except that a work that constitutes a Collection will not be considered an Adaptation for the purpose of this License. For the avoidance of doubt, where the Work is a musical work, performance or phonogram, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered an Adaptation for the purpose of this License. - - b. "Collection" means a collection of literary or artistic works, such as encyclopedias and anthologies, or performances, phonograms or broadcasts, or other works or subject matter other than works listed in Section 1(g) below, which, by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. A work that constitutes a Collection will not be considered an Adaptation (as defined above) for the purposes of this License. - - c. "Distribute" means to make available to the public the original and copies of the Work or Adaptation, as appropriate, through sale or other transfer of ownership. - - d. "License Elements" means the following high-level license attributes as selected by Licensor and indicated in the title of this License: Attribution, Noncommercial, ShareAlike. - - e. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License. - - f. "Original Author" means, in the case of a literary or artistic work, the individual, individuals, entity or entities who created the Work or if no individual or entity can be identified, the publisher; and in addition (i) in the case of a performance the actors, singers, musicians, dancers, and other persons who act, sing, deliver, declaim, play in, interpret or otherwise perform literary or artistic works or expressions of folklore; (ii) in the case of a phonogram the producer being the person or legal entity who first fixes the sounds of a performance or other sounds; and, (iii) in the case of broadcasts, the organization that transmits the broadcast. - - g. "Work" means the literary and/or artistic work offered under the terms of this License including without limitation any production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression including digital form, such as a book, pamphlet and other writing; a lecture, address, sermon or other work of the same nature; a dramatic or dramatico-musical work; a choreographic work or entertainment in dumb show; a musical composition with or without words; a cinematographic work to which are assimilated works expressed by a process analogous to cinematography; a work of drawing, painting, architecture, sculpture, engraving or lithography; a photographic work to which are assimilated works expressed by a process analogous to photography; a work of applied art; an illustration, map, plan, sketch or three-dimensional work relative to geography, topography, architecture or science; a performance; a broadcast; a phonogram; a compilation of data to the extent it is protected as a copyrightable work; or a work performed by a variety or circus performer to the extent it is not otherwise considered a literary or artistic work. - - h. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation. - - i. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images. - - j. "Reproduce" means to make copies of the Work by any means including without limitation by sound or visual recordings and the right of fixation and reproducing fixations of the Work, including storage of a protected performance or phonogram in digital form or other electronic medium. - -2. Fair Dealing Rights. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws. - -3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below: - - a. to Reproduce the Work, to incorporate the Work into one or more Collections, and to Reproduce the Work as incorporated in the Collections; - - b. to create and Reproduce Adaptations provided that any such Adaptation, including any translation in any medium, takes reasonable steps to clearly label, demarcate or otherwise identify that changes were made to the original Work. For example, a translation could be marked "The original work was translated from English to Spanish," or a modification could indicate "The original work has been modified."; - - c. to Distribute and Publicly Perform the Work including as incorporated in Collections; and, - - d. to Distribute and Publicly Perform Adaptations. - -The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. Subject to Section 8(f), all rights not expressly granted by Licensor are hereby reserved, including but not limited to the rights described in Section 4(e). - -4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions: - - a. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from any Licensor You must, to the extent practicable, remove from the Collection any credit as required by Section 4(d), as requested. If You create an Adaptation, upon notice from any Licensor You must, to the extent practicable, remove from the Adaptation any credit as required by Section 4(d), as requested. - - b. You may Distribute or Publicly Perform an Adaptation only under: (i) the terms of this License; (ii) a later version of this License with the same License Elements as this License; (iii) a Creative Commons jurisdiction license (either this or a later license version) that contains the same License Elements as this License (e.g., Attribution-NonCommercial-ShareAlike 3.0 US) ("Applicable License"). You must include a copy of, or the URI, for Applicable License with every copy of each Adaptation You Distribute or Publicly Perform. You may not offer or impose any terms on the Adaptation that restrict the terms of the Applicable License or the ability of the recipient of the Adaptation to exercise the rights granted to that recipient under the terms of the Applicable License. You must keep intact all notices that refer to the Applicable License and to the disclaimer of warranties with every copy of the Work as included in the Adaptation You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Adaptation, You may not impose any effective technological measures on the Adaptation that restrict the ability of a recipient of the Adaptation from You to exercise the rights granted to that recipient under the terms of the Applicable License. This Section 4(b) applies to the Adaptation as incorporated in a Collection, but this does not require the Collection apart from the Adaptation itself to be made subject to the terms of the Applicable License. - - c. You may not exercise any of the rights granted to You in Section 3 above in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation. The exchange of the Work for other copyrighted works by means of digital file-sharing or otherwise shall not be considered to be intended for or directed toward commercial advantage or private monetary compensation, provided there is no payment of any monetary compensation in con-nection with the exchange of copyrighted works. - - d. If You Distribute, or Publicly Perform the Work or any Adaptations or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or if the Original Author and/or Licensor designate another party or parties (e.g., a sponsor institute, publishing entity, journal) for attribution ("Attribution Parties") in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work; and, (iv) consistent with Section 3(b), in the case of an Adaptation, a credit identifying the use of the Work in the Adaptation (e.g., "French translation of the Work by Original Author," or "Screenplay based on original Work by Original Author"). The credit required by this Section 4(d) may be implemented in any reasonable manner; provided, however, that in the case of a Adaptation or Collection, at a minimum such credit will appear, if a credit for all contributing authors of the Adaptation or Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties. - - e. For the avoidance of doubt: - - i. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; - - ii. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License if Your exercise of such rights is for a purpose or use which is otherwise than noncommercial as permitted under Section 4(c) and otherwise waives the right to collect royalties through any statutory or compulsory licensing scheme; and, - - iii. Voluntary License Schemes. The Licensor reserves the right to collect royalties, whether individually or, in the event that the Licensor is a member of a collecting society that administers voluntary licensing schemes, via that society, from any exercise by You of the rights granted under this License that is for a purpose or use which is otherwise than noncommercial as permitted under Section 4(c). - - f. Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable law, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author's honor or reputation. Licensor agrees that in those jurisdictions (e.g. Japan), in which any exercise of the right granted in Section 3(b) of this License (the right to make Adaptations) would be deemed to be a distortion, mutilation, modification or other derogatory action prejudicial to the Original Author's honor and reputation, the Licensor will waive or not assert, as appropriate, this Section, to the fullest extent permitted by the applicable national law, to enable You to reasonably exercise Your right under Section 3(b) of this License (right to make Adaptations) but not otherwise. + a. "Adaptation" means a work based upon the Work, or upon the Work and + other pre-existing works, such as a translation, adaptation, + derivative work, arrangement of music or other alterations of a + literary or artistic work, or phonogram or performance and includes + cinematographic adaptations or any other form in which the Work may be + recast, transformed, or adapted including in any form recognizably + derived from the original, except that a work that constitutes a + Collection will not be considered an Adaptation for the purpose of + this License. For the avoidance of doubt, where the Work is a musical + work, performance or phonogram, the synchronization of the Work in + timed-relation with a moving image ("synching") will be considered an + Adaptation for the purpose of this License. + b. "Collection" means a collection of literary or artistic works, such as + encyclopedias and anthologies, or performances, phonograms or + broadcasts, or other works or subject matter other than works listed + in Section 1(g) below, which, by reason of the selection and + arrangement of their contents, constitute intellectual creations, in + which the Work is included in its entirety in unmodified form along + with one or more other contributions, each constituting separate and + independent works in themselves, which together are assembled into a + collective whole. A work that constitutes a Collection will not be + considered an Adaptation (as defined above) for the purposes of this + License. + c. "Distribute" means to make available to the public the original and + copies of the Work or Adaptation, as appropriate, through sale or + other transfer of ownership. + d. "License Elements" means the following high-level license attributes + as selected by Licensor and indicated in the title of this License: + Attribution, Noncommercial, ShareAlike. + e. "Licensor" means the individual, individuals, entity or entities that + offer(s) the Work under the terms of this License. + f. "Original Author" means, in the case of a literary or artistic work, + the individual, individuals, entity or entities who created the Work + or if no individual or entity can be identified, the publisher; and in + addition (i) in the case of a performance the actors, singers, + musicians, dancers, and other persons who act, sing, deliver, declaim, + play in, interpret or otherwise perform literary or artistic works or + expressions of folklore; (ii) in the case of a phonogram the producer + being the person or legal entity who first fixes the sounds of a + performance or other sounds; and, (iii) in the case of broadcasts, the + organization that transmits the broadcast. + g. "Work" means the literary and/or artistic work offered under the terms + of this License including without limitation any production in the + literary, scientific and artistic domain, whatever may be the mode or + form of its expression including digital form, such as a book, + pamphlet and other writing; a lecture, address, sermon or other work + of the same nature; a dramatic or dramatico-musical work; a + choreographic work or entertainment in dumb show; a musical + composition with or without words; a cinematographic work to which are + assimilated works expressed by a process analogous to cinematography; + a work of drawing, painting, architecture, sculpture, engraving or + lithography; a photographic work to which are assimilated works + expressed by a process analogous to photography; a work of applied + art; an illustration, map, plan, sketch or three-dimensional work + relative to geography, topography, architecture or science; a + performance; a broadcast; a phonogram; a compilation of data to the + extent it is protected as a copyrightable work; or a work performed by + a variety or circus performer to the extent it is not otherwise + considered a literary or artistic work. + h. "You" means an individual or entity exercising rights under this + License who has not previously violated the terms of this License with + respect to the Work, or who has received express permission from the + Licensor to exercise rights under this License despite a previous + violation. + i. "Publicly Perform" means to perform public recitations of the Work and + to communicate to the public those public recitations, by any means or + process, including by wire or wireless means or public digital + performances; to make available to the public Works in such a way that + members of the public may access these Works from a place and at a + place individually chosen by them; to perform the Work to the public + by any means or process and the communication to the public of the + performances of the Work, including by public digital performance; to + broadcast and rebroadcast the Work by any means including signs, + sounds or images. + j. "Reproduce" means to make copies of the Work by any means including + without limitation by sound or visual recordings and the right of + fixation and reproducing fixations of the Work, including storage of a + protected performance or phonogram in digital form or other electronic + medium. + +2. Fair Dealing Rights. Nothing in this License is intended to reduce, +limit, or restrict any uses free from copyright or rights arising from +limitations or exceptions that are provided for in connection with the +copyright protection under copyright law or other applicable laws. + +3. License Grant. Subject to the terms and conditions of this License, +Licensor hereby grants You a worldwide, royalty-free, non-exclusive, +perpetual (for the duration of the applicable copyright) license to +exercise the rights in the Work as stated below: + + a. to Reproduce the Work, to incorporate the Work into one or more + Collections, and to Reproduce the Work as incorporated in the + Collections; + b. to create and Reproduce Adaptations provided that any such Adaptation, + including any translation in any medium, takes reasonable steps to + clearly label, demarcate or otherwise identify that changes were made + to the original Work. For example, a translation could be marked "The + original work was translated from English to Spanish," or a + modification could indicate "The original work has been modified."; + c. to Distribute and Publicly Perform the Work including as incorporated + in Collections; and, + d. to Distribute and Publicly Perform Adaptations. + +The above rights may be exercised in all media and formats whether now +known or hereafter devised. The above rights include the right to make +such modifications as are technically necessary to exercise the rights in +other media and formats. Subject to Section 8(f), all rights not expressly +granted by Licensor are hereby reserved, including but not limited to the +rights described in Section 4(e). + +4. Restrictions. The license granted in Section 3 above is expressly made +subject to and limited by the following restrictions: + + a. You may Distribute or Publicly Perform the Work only under the terms + of this License. You must include a copy of, or the Uniform Resource + Identifier (URI) for, this License with every copy of the Work You + Distribute or Publicly Perform. You may not offer or impose any terms + on the Work that restrict the terms of this License or the ability of + the recipient of the Work to exercise the rights granted to that + recipient under the terms of the License. You may not sublicense the + Work. You must keep intact all notices that refer to this License and + to the disclaimer of warranties with every copy of the Work You + Distribute or Publicly Perform. When You Distribute or Publicly + Perform the Work, You may not impose any effective technological + measures on the Work that restrict the ability of a recipient of the + Work from You to exercise the rights granted to that recipient under + the terms of the License. This Section 4(a) applies to the Work as + incorporated in a Collection, but this does not require the Collection + apart from the Work itself to be made subject to the terms of this + License. If You create a Collection, upon notice from any Licensor You + must, to the extent practicable, remove from the Collection any credit + as required by Section 4(d), as requested. If You create an + Adaptation, upon notice from any Licensor You must, to the extent + practicable, remove from the Adaptation any credit as required by + Section 4(d), as requested. + b. You may Distribute or Publicly Perform an Adaptation only under: (i) + the terms of this License; (ii) a later version of this License with + the same License Elements as this License; (iii) a Creative Commons + jurisdiction license (either this or a later license version) that + contains the same License Elements as this License (e.g., + Attribution-NonCommercial-ShareAlike 3.0 US) ("Applicable License"). + You must include a copy of, or the URI, for Applicable License with + every copy of each Adaptation You Distribute or Publicly Perform. You + may not offer or impose any terms on the Adaptation that restrict the + terms of the Applicable License or the ability of the recipient of the + Adaptation to exercise the rights granted to that recipient under the + terms of the Applicable License. You must keep intact all notices that + refer to the Applicable License and to the disclaimer of warranties + with every copy of the Work as included in the Adaptation You + Distribute or Publicly Perform. When You Distribute or Publicly + Perform the Adaptation, You may not impose any effective technological + measures on the Adaptation that restrict the ability of a recipient of + the Adaptation from You to exercise the rights granted to that + recipient under the terms of the Applicable License. This Section 4(b) + applies to the Adaptation as incorporated in a Collection, but this + does not require the Collection apart from the Adaptation itself to be + made subject to the terms of the Applicable License. + c. You may not exercise any of the rights granted to You in Section 3 + above in any manner that is primarily intended for or directed toward + commercial advantage or private monetary compensation. The exchange of + the Work for other copyrighted works by means of digital file-sharing + or otherwise shall not be considered to be intended for or directed + toward commercial advantage or private monetary compensation, provided + there is no payment of any monetary compensation in con-nection with + the exchange of copyrighted works. + d. If You Distribute, or Publicly Perform the Work or any Adaptations or + Collections, You must, unless a request has been made pursuant to + Section 4(a), keep intact all copyright notices for the Work and + provide, reasonable to the medium or means You are utilizing: (i) the + name of the Original Author (or pseudonym, if applicable) if supplied, + and/or if the Original Author and/or Licensor designate another party + or parties (e.g., a sponsor institute, publishing entity, journal) for + attribution ("Attribution Parties") in Licensor's copyright notice, + terms of service or by other reasonable means, the name of such party + or parties; (ii) the title of the Work if supplied; (iii) to the + extent reasonably practicable, the URI, if any, that Licensor + specifies to be associated with the Work, unless such URI does not + refer to the copyright notice or licensing information for the Work; + and, (iv) consistent with Section 3(b), in the case of an Adaptation, + a credit identifying the use of the Work in the Adaptation (e.g., + "French translation of the Work by Original Author," or "Screenplay + based on original Work by Original Author"). The credit required by + this Section 4(d) may be implemented in any reasonable manner; + provided, however, that in the case of a Adaptation or Collection, at + a minimum such credit will appear, if a credit for all contributing + authors of the Adaptation or Collection appears, then as part of these + credits and in a manner at least as prominent as the credits for the + other contributing authors. For the avoidance of doubt, You may only + use the credit required by this Section for the purpose of attribution + in the manner set out above and, by exercising Your rights under this + License, You may not implicitly or explicitly assert or imply any + connection with, sponsorship or endorsement by the Original Author, + Licensor and/or Attribution Parties, as appropriate, of You or Your + use of the Work, without the separate, express prior written + permission of the Original Author, Licensor and/or Attribution + Parties. + e. For the avoidance of doubt: + + i. Non-waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme cannot be waived, the Licensor + reserves the exclusive right to collect such royalties for any + exercise by You of the rights granted under this License; + ii. Waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme can be waived, the Licensor reserves + the exclusive right to collect such royalties for any exercise by + You of the rights granted under this License if Your exercise of + such rights is for a purpose or use which is otherwise than + noncommercial as permitted under Section 4(c) and otherwise waives + the right to collect royalties through any statutory or compulsory + licensing scheme; and, + iii. Voluntary License Schemes. The Licensor reserves the right to + collect royalties, whether individually or, in the event that the + Licensor is a member of a collecting society that administers + voluntary licensing schemes, via that society, from any exercise + by You of the rights granted under this License that is for a + purpose or use which is otherwise than noncommercial as permitted + under Section 4(c). + f. Except as otherwise agreed in writing by the Licensor or as may be + otherwise permitted by applicable law, if You Reproduce, Distribute or + Publicly Perform the Work either by itself or as part of any + Adaptations or Collections, You must not distort, mutilate, modify or + take other derogatory action in relation to the Work which would be + prejudicial to the Original Author's honor or reputation. Licensor + agrees that in those jurisdictions (e.g. Japan), in which any exercise + of the right granted in Section 3(b) of this License (the right to + make Adaptations) would be deemed to be a distortion, mutilation, + modification or other derogatory action prejudicial to the Original + Author's honor and reputation, the Licensor will waive or not assert, + as appropriate, this Section, to the fullest extent permitted by the + applicable national law, to enable You to reasonably exercise Your + right under Section 3(b) of this License (right to make Adaptations) + but not otherwise. 5. Representations, Warranties and Disclaimer -UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING AND TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THIS EXCLUSION MAY NOT APPLY TO YOU. - -6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. +UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING AND TO THE +FULLEST EXTENT PERMITTED BY APPLICABLE LAW, LICENSOR OFFERS THE WORK AS-IS +AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE +WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT +LIMITATION, WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR +PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, +ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT +DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED +WARRANTIES, SO THIS EXCLUSION MAY NOT APPLY TO YOU. + +6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE +LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR +ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES +ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS +BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 7. Termination - a. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Adaptations or Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License. - - b. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above. + a. This License and the rights granted hereunder will terminate + automatically upon any breach by You of the terms of this License. + Individuals or entities who have received Adaptations or Collections + from You under this License, however, will not have their licenses + terminated provided such individuals or entities remain in full + compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will + survive any termination of this License. + b. Subject to the above terms and conditions, the license granted here is + perpetual (for the duration of the applicable copyright in the Work). + Notwithstanding the above, Licensor reserves the right to release the + Work under different license terms or to stop distributing the Work at + any time; provided, however that any such election will not serve to + withdraw this License (or any other license that has been, or is + required to be, granted under the terms of this License), and this + License will continue in full force and effect unless terminated as + stated above. 8. Miscellaneous - a. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License. - - b. Each time You Distribute or Publicly Perform an Adaptation, Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License. - - c. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. + a. Each time You Distribute or Publicly Perform the Work or a Collection, + the Licensor offers to the recipient a license to the Work on the same + terms and conditions as the license granted to You under this License. + b. Each time You Distribute or Publicly Perform an Adaptation, Licensor + offers to the recipient a license to the original Work on the same + terms and conditions as the license granted to You under this License. + c. If any provision of this License is invalid or unenforceable under + applicable law, it shall not affect the validity or enforceability of + the remainder of the terms of this License, and without further action + by the parties to this agreement, such provision shall be reformed to + the minimum extent necessary to make such provision valid and + enforceable. + d. No term or provision of this License shall be deemed waived and no + breach consented to unless such waiver or consent shall be in writing + and signed by the party to be charged with such waiver or consent. + e. This License constitutes the entire agreement between the parties with + respect to the Work licensed here. There are no understandings, + agreements or representations with respect to the Work not specified + here. Licensor shall not be bound by any additional provisions that + may appear in any communication from You. This License may not be + modified without the mutual written agreement of the Licensor and You. + f. The rights granted under, and the subject matter referenced, in this + License were drafted utilizing the terminology of the Berne Convention + for the Protection of Literary and Artistic Works (as amended on + September 28, 1979), the Rome Convention of 1961, the WIPO Copyright + Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 + and the Universal Copyright Convention (as revised on July 24, 1971). + These rights and subject matter take effect in the relevant + jurisdiction in which the License terms are sought to be enforced + according to the corresponding provisions of the implementation of + those treaty provisions in the applicable national law. If the + standard suite of rights granted under applicable copyright law + includes additional rights not granted under this License, such + additional rights are deemed to be included in the License; this + License is not intended to restrict the license of any rights under + applicable law. - d. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent. - - e. This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You. - - f. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). These rights and subject matter take effect in the relevant jurisdiction in which the License terms are sought to be enforced according to the corresponding provisions of the implementation of those treaty provisions in the applicable national law. If the standard suite of rights granted under applicable copyright law includes additional rights not granted under this License, such additional rights are deemed to be included in the License; this License is not intended to restrict the license of any rights under applicable law. Creative Commons Notice -Creative Commons is not a party to this License, and makes no warranty whatsoever in connection with the Work. Creative Commons will not be liable to You or any party on any legal theory for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this license. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of Licensor. - -Except for the limited purpose of indicating to the public that the Work is licensed under the CCPL, Creative Commons does not authorize the use by either party of the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons' then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. For the avoidance of doubt, this trademark restriction does not form part of this License. - -Creative Commons may be contacted at http://creativecommons.org/. + Creative Commons is not a party to this License, and makes no warranty + whatsoever in connection with the Work. Creative Commons will not be + liable to You or any party on any legal theory for any damages + whatsoever, including without limitation any general, special, + incidental or consequential damages arising in connection to this + license. Notwithstanding the foregoing two (2) sentences, if Creative + Commons has expressly identified itself as the Licensor hereunder, it + shall have all rights and obligations of Licensor. + + Except for the limited purpose of indicating to the public that the + Work is licensed under the CCPL, Creative Commons does not authorize + the use by either party of the trademark "Creative Commons" or any + related trademark or logo of Creative Commons without the prior + written consent of Creative Commons. Any permitted use will be in + compliance with Creative Commons' then-current trademark usage + guidelines, as may be published on its website or otherwise made + available upon request from time to time. For the avoidance of doubt, + this trademark restriction does not form part of this License. + + Creative Commons may be contacted at https://creativecommons.org/. diff --git a/src/main/resources/licenses/CC-BY-ND-3.0.txt b/src/main/resources/licenses/CC-BY-ND-3.0.txt index d9265b9f19..2ec9718946 100644 --- a/src/main/resources/licenses/CC-BY-ND-3.0.txt +++ b/src/main/resources/licenses/CC-BY-ND-3.0.txt @@ -1,87 +1,293 @@ -Creative Commons Attribution-NoDerivs 3.0 Unported +Creative Commons Legal Code - CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. +Attribution-NoDerivs 3.0 Unported + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR + DAMAGES RESULTING FROM ITS USE. License -THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. +THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE +COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY +COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS +AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. -BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS. +BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE +TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY +BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS +CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND +CONDITIONS. 1. Definitions - a. "Adaptation" means a work based upon the Work, or upon the Work and other pre-existing works, such as a translation, adaptation, derivative work, arrangement of music or other alterations of a literary or artistic work, or phonogram or performance and includes cinematographic adaptations or any other form in which the Work may be recast, transformed, or adapted including in any form recognizably derived from the original, except that a work that constitutes a Collection will not be considered an Adaptation for the purpose of this License. For the avoidance of doubt, where the Work is a musical work, performance or phonogram, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered an Adaptation for the purpose of this License. - - b. "Collection" means a collection of literary or artistic works, such as encyclopedias and anthologies, or performances, phonograms or broadcasts, or other works or subject matter other than works listed in Section 1(f) below, which, by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. A work that constitutes a Collection will not be considered an Adaptation (as defined above) for the purposes of this License. - - c. "Distribute" means to make available to the public the original and copies of the Work through sale or other transfer of ownership. - - d. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License. - - e. "Original Author" means, in the case of a literary or artistic work, the individual, individuals, entity or entities who created the Work or if no individual or entity can be identified, the publisher; and in addition (i) in the case of a performance the actors, singers, musicians, dancers, and other persons who act, sing, deliver, declaim, play in, interpret or otherwise perform literary or artistic works or expressions of folklore; (ii) in the case of a phonogram the producer being the person or legal entity who first fixes the sounds of a performance or other sounds; and, (iii) in the case of broadcasts, the organization that transmits the broadcast. - - f. "Work" means the literary and/or artistic work offered under the terms of this License including without limitation any production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression including digital form, such as a book, pamphlet and other writing; a lecture, address, sermon or other work of the same nature; a dramatic or dramatico-musical work; a choreographic work or entertainment in dumb show; a musical composition with or without words; a cinematographic work to which are assimilated works expressed by a process analogous to cinematography; a work of drawing, painting, architecture, sculpture, engraving or lithography; a photographic work to which are assimilated works expressed by a process analogous to photography; a work of applied art; an illustration, map, plan, sketch or three-dimensional work relative to geography, topography, architecture or science; a performance; a broadcast; a phonogram; a compilation of data to the extent it is protected as a copyrightable work; or a work performed by a variety or circus performer to the extent it is not otherwise considered a literary or artistic work. - - g. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation. - - h. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images. - - i. "Reproduce" means to make copies of the Work by any means including without limitation by sound or visual recordings and the right of fixation and reproducing fixations of the Work, including storage of a protected performance or phonogram in digital form or other electronic medium. - -2. Fair Dealing Rights. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws. - -3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below: - - a. to Reproduce the Work, to incorporate the Work into one or more Collections, and to Reproduce the Work as incorporated in the Collections; and, - - b. to Distribute and Publicly Perform the Work including as incorporated in Collections. - - c. For the avoidance of doubt: - - i. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; - - ii. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor waives the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; and, - - iii. Voluntary License Schemes. The Licensor waives the right to collect royalties, whether individually or, in the event that the Licensor is a member of a collecting society that administers voluntary licensing schemes, via that society, from any exercise by You of the rights granted under this License. - -The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats, but otherwise you have no rights to make Adaptations. Subject to Section 8(f), all rights not expressly granted by Licensor are hereby reserved. - -4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions: - - a. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from any Licensor You must, to the extent practicable, remove from the Collection any credit as required by Section 4(b), as requested. - - b. If You Distribute, or Publicly Perform the Work or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or if the Original Author and/or Licensor designate another party or parties (e.g., a sponsor institute, publishing entity, journal) for attribution ("Attribution Parties") in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work. The credit required by this Section 4(b) may be implemented in any reasonable manner; provided, however, that in the case of a Collection, at a minimum such credit will appear, if a credit for all contributing authors of the Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties. - - c. Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable law, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author's honor or reputation. + a. "Adaptation" means a work based upon the Work, or upon the Work and + other pre-existing works, such as a translation, adaptation, + derivative work, arrangement of music or other alterations of a + literary or artistic work, or phonogram or performance and includes + cinematographic adaptations or any other form in which the Work may be + recast, transformed, or adapted including in any form recognizably + derived from the original, except that a work that constitutes a + Collection will not be considered an Adaptation for the purpose of + this License. For the avoidance of doubt, where the Work is a musical + work, performance or phonogram, the synchronization of the Work in + timed-relation with a moving image ("synching") will be considered an + Adaptation for the purpose of this License. + b. "Collection" means a collection of literary or artistic works, such as + encyclopedias and anthologies, or performances, phonograms or + broadcasts, or other works or subject matter other than works listed + in Section 1(f) below, which, by reason of the selection and + arrangement of their contents, constitute intellectual creations, in + which the Work is included in its entirety in unmodified form along + with one or more other contributions, each constituting separate and + independent works in themselves, which together are assembled into a + collective whole. A work that constitutes a Collection will not be + considered an Adaptation (as defined above) for the purposes of this + License. + c. "Distribute" means to make available to the public the original and + copies of the Work through sale or other transfer of ownership. + d. "Licensor" means the individual, individuals, entity or entities that + offer(s) the Work under the terms of this License. + e. "Original Author" means, in the case of a literary or artistic work, + the individual, individuals, entity or entities who created the Work + or if no individual or entity can be identified, the publisher; and in + addition (i) in the case of a performance the actors, singers, + musicians, dancers, and other persons who act, sing, deliver, declaim, + play in, interpret or otherwise perform literary or artistic works or + expressions of folklore; (ii) in the case of a phonogram the producer + being the person or legal entity who first fixes the sounds of a + performance or other sounds; and, (iii) in the case of broadcasts, the + organization that transmits the broadcast. + f. "Work" means the literary and/or artistic work offered under the terms + of this License including without limitation any production in the + literary, scientific and artistic domain, whatever may be the mode or + form of its expression including digital form, such as a book, + pamphlet and other writing; a lecture, address, sermon or other work + of the same nature; a dramatic or dramatico-musical work; a + choreographic work or entertainment in dumb show; a musical + composition with or without words; a cinematographic work to which are + assimilated works expressed by a process analogous to cinematography; + a work of drawing, painting, architecture, sculpture, engraving or + lithography; a photographic work to which are assimilated works + expressed by a process analogous to photography; a work of applied + art; an illustration, map, plan, sketch or three-dimensional work + relative to geography, topography, architecture or science; a + performance; a broadcast; a phonogram; a compilation of data to the + extent it is protected as a copyrightable work; or a work performed by + a variety or circus performer to the extent it is not otherwise + considered a literary or artistic work. + g. "You" means an individual or entity exercising rights under this + License who has not previously violated the terms of this License with + respect to the Work, or who has received express permission from the + Licensor to exercise rights under this License despite a previous + violation. + h. "Publicly Perform" means to perform public recitations of the Work and + to communicate to the public those public recitations, by any means or + process, including by wire or wireless means or public digital + performances; to make available to the public Works in such a way that + members of the public may access these Works from a place and at a + place individually chosen by them; to perform the Work to the public + by any means or process and the communication to the public of the + performances of the Work, including by public digital performance; to + broadcast and rebroadcast the Work by any means including signs, + sounds or images. + i. "Reproduce" means to make copies of the Work by any means including + without limitation by sound or visual recordings and the right of + fixation and reproducing fixations of the Work, including storage of a + protected performance or phonogram in digital form or other electronic + medium. + +2. Fair Dealing Rights. Nothing in this License is intended to reduce, +limit, or restrict any uses free from copyright or rights arising from +limitations or exceptions that are provided for in connection with the +copyright protection under copyright law or other applicable laws. + +3. License Grant. Subject to the terms and conditions of this License, +Licensor hereby grants You a worldwide, royalty-free, non-exclusive, +perpetual (for the duration of the applicable copyright) license to +exercise the rights in the Work as stated below: + + a. to Reproduce the Work, to incorporate the Work into one or more + Collections, and to Reproduce the Work as incorporated in the + Collections; and, + b. to Distribute and Publicly Perform the Work including as incorporated + in Collections. + c. For the avoidance of doubt: + + i. Non-waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme cannot be waived, the Licensor + reserves the exclusive right to collect such royalties for any + exercise by You of the rights granted under this License; + ii. Waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme can be waived, the Licensor waives the + exclusive right to collect such royalties for any exercise by You + of the rights granted under this License; and, + iii. Voluntary License Schemes. The Licensor waives the right to + collect royalties, whether individually or, in the event that the + Licensor is a member of a collecting society that administers + voluntary licensing schemes, via that society, from any exercise + by You of the rights granted under this License. + +The above rights may be exercised in all media and formats whether now +known or hereafter devised. The above rights include the right to make +such modifications as are technically necessary to exercise the rights in +other media and formats, but otherwise you have no rights to make +Adaptations. Subject to Section 8(f), all rights not expressly granted by +Licensor are hereby reserved. + +4. Restrictions. The license granted in Section 3 above is expressly made +subject to and limited by the following restrictions: + + a. You may Distribute or Publicly Perform the Work only under the terms + of this License. You must include a copy of, or the Uniform Resource + Identifier (URI) for, this License with every copy of the Work You + Distribute or Publicly Perform. You may not offer or impose any terms + on the Work that restrict the terms of this License or the ability of + the recipient of the Work to exercise the rights granted to that + recipient under the terms of the License. You may not sublicense the + Work. You must keep intact all notices that refer to this License and + to the disclaimer of warranties with every copy of the Work You + Distribute or Publicly Perform. When You Distribute or Publicly + Perform the Work, You may not impose any effective technological + measures on the Work that restrict the ability of a recipient of the + Work from You to exercise the rights granted to that recipient under + the terms of the License. This Section 4(a) applies to the Work as + incorporated in a Collection, but this does not require the Collection + apart from the Work itself to be made subject to the terms of this + License. If You create a Collection, upon notice from any Licensor You + must, to the extent practicable, remove from the Collection any credit + as required by Section 4(b), as requested. + b. If You Distribute, or Publicly Perform the Work or Collections, You + must, unless a request has been made pursuant to Section 4(a), keep + intact all copyright notices for the Work and provide, reasonable to + the medium or means You are utilizing: (i) the name of the Original + Author (or pseudonym, if applicable) if supplied, and/or if the + Original Author and/or Licensor designate another party or parties + (e.g., a sponsor institute, publishing entity, journal) for + attribution ("Attribution Parties") in Licensor's copyright notice, + terms of service or by other reasonable means, the name of such party + or parties; (ii) the title of the Work if supplied; (iii) to the + extent reasonably practicable, the URI, if any, that Licensor + specifies to be associated with the Work, unless such URI does not + refer to the copyright notice or licensing information for the Work. + The credit required by this Section 4(b) may be implemented in any + reasonable manner; provided, however, that in the case of a + Collection, at a minimum such credit will appear, if a credit for all + contributing authors of the Collection appears, then as part of these + credits and in a manner at least as prominent as the credits for the + other contributing authors. For the avoidance of doubt, You may only + use the credit required by this Section for the purpose of attribution + in the manner set out above and, by exercising Your rights under this + License, You may not implicitly or explicitly assert or imply any + connection with, sponsorship or endorsement by the Original Author, + Licensor and/or Attribution Parties, as appropriate, of You or Your + use of the Work, without the separate, express prior written + permission of the Original Author, Licensor and/or Attribution + Parties. + c. Except as otherwise agreed in writing by the Licensor or as may be + otherwise permitted by applicable law, if You Reproduce, Distribute or + Publicly Perform the Work either by itself or as part of any + Collections, You must not distort, mutilate, modify or take other + derogatory action in relation to the Work which would be prejudicial + to the Original Author's honor or reputation. 5. Representations, Warranties and Disclaimer -UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. - -6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. +UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR +OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY +KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, +INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, +FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF +LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, +WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION +OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. + +6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE +LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR +ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES +ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS +BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 7. Termination - a. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License. - - b. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above. + a. This License and the rights granted hereunder will terminate + automatically upon any breach by You of the terms of this License. + Individuals or entities who have received Collections from You under + this License, however, will not have their licenses terminated + provided such individuals or entities remain in full compliance with + those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any + termination of this License. + b. Subject to the above terms and conditions, the license granted here is + perpetual (for the duration of the applicable copyright in the Work). + Notwithstanding the above, Licensor reserves the right to release the + Work under different license terms or to stop distributing the Work at + any time; provided, however that any such election will not serve to + withdraw this License (or any other license that has been, or is + required to be, granted under the terms of this License), and this + License will continue in full force and effect unless terminated as + stated above. 8. Miscellaneous - a. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License. - - b. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. - - c. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent. + a. Each time You Distribute or Publicly Perform the Work or a Collection, + the Licensor offers to the recipient a license to the Work on the same + terms and conditions as the license granted to You under this License. + b. If any provision of this License is invalid or unenforceable under + applicable law, it shall not affect the validity or enforceability of + the remainder of the terms of this License, and without further action + by the parties to this agreement, such provision shall be reformed to + the minimum extent necessary to make such provision valid and + enforceable. + c. No term or provision of this License shall be deemed waived and no + breach consented to unless such waiver or consent shall be in writing + and signed by the party to be charged with such waiver or consent. + d. This License constitutes the entire agreement between the parties with + respect to the Work licensed here. There are no understandings, + agreements or representations with respect to the Work not specified + here. Licensor shall not be bound by any additional provisions that + may appear in any communication from You. This License may not be + modified without the mutual written agreement of the Licensor and You. + e. The rights granted under, and the subject matter referenced, in this + License were drafted utilizing the terminology of the Berne Convention + for the Protection of Literary and Artistic Works (as amended on + September 28, 1979), the Rome Convention of 1961, the WIPO Copyright + Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 + and the Universal Copyright Convention (as revised on July 24, 1971). + These rights and subject matter take effect in the relevant + jurisdiction in which the License terms are sought to be enforced + according to the corresponding provisions of the implementation of + those treaty provisions in the applicable national law. If the + standard suite of rights granted under applicable copyright law + includes additional rights not granted under this License, such + additional rights are deemed to be included in the License; this + License is not intended to restrict the license of any rights under + applicable law. - d. This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You. - - e. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). These rights and subject matter take effect in the relevant jurisdiction in which the License terms are sought to be enforced according to the corresponding provisions of the implementation of those treaty provisions in the applicable national law. If the standard suite of rights granted under applicable copyright law includes additional rights not granted under this License, such additional rights are deemed to be included in the License; this License is not intended to restrict the license of any rights under applicable law. Creative Commons Notice -Creative Commons is not a party to this License, and makes no warranty whatsoever in connection with the Work. Creative Commons will not be liable to You or any party on any legal theory for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this license. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of Licensor. - -Except for the limited purpose of indicating to the public that the Work is licensed under the CCPL, Creative Commons does not authorize the use by either party of the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons' then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. For the avoidance of doubt, this trademark restriction does not form part of this License. - -Creative Commons may be contacted at http://creativecommons.org/. + Creative Commons is not a party to this License, and makes no warranty + whatsoever in connection with the Work. Creative Commons will not be + liable to You or any party on any legal theory for any damages + whatsoever, including without limitation any general, special, + incidental or consequential damages arising in connection to this + license. Notwithstanding the foregoing two (2) sentences, if Creative + Commons has expressly identified itself as the Licensor hereunder, it + shall have all rights and obligations of Licensor. + + Except for the limited purpose of indicating to the public that the + Work is licensed under the CCPL, Creative Commons does not authorize + the use by either party of the trademark "Creative Commons" or any + related trademark or logo of Creative Commons without the prior + written consent of Creative Commons. Any permitted use will be in + compliance with Creative Commons' then-current trademark usage + guidelines, as may be published on its website or otherwise made + available upon request from time to time. For the avoidance of doubt, + this trademark restriction does not form part of this License. + + Creative Commons may be contacted at https://creativecommons.org/. diff --git a/src/main/resources/licenses/CC-BY-SA-3.0-IGO.txt b/src/main/resources/licenses/CC-BY-SA-3.0-IGO.txt new file mode 100644 index 0000000000..2b8b0f8f23 --- /dev/null +++ b/src/main/resources/licenses/CC-BY-SA-3.0-IGO.txt @@ -0,0 +1,107 @@ +Creative Commons Attribution-ShareAlike 3.0 IGO + +CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. THE LICENSOR IS NOT NECESSARILY AN INTERGOVERNMENTAL ORGANIZATION (IGO), AS DEFINED IN THE LICENSE BELOW. + +License + +THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("LICENSE"). THE LICENSOR (DEFINED BELOW) HOLDS COPYRIGHT AND OTHER RIGHTS IN THE WORK. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE IS PROHIBITED. + +BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION FOR YOUR ACCEPTANCE AND AGREEMENT TO THE TERMS OF THE LICENSE. + +1. Definitions + + a. "IGO" means, solely and exclusively for purposes of this License, an organization established by a treaty or other instrument governed by international law and possessing its own international legal personality. Other organizations established to carry out activities across national borders and that accordingly enjoy immunity from legal process are also IGOs for the sole and exclusive purposes of this License. IGOs may include as members, in addition to states, other entities. + + b. "Work" means the literary and/or artistic work eligible for copyright protection, whatever may be the mode or form of its expression including digital form, and offered under the terms of this License. It is understood that a database, which by reason of the selection and arrangement of its contents constitutes an intellectual creation, is considered a Work. + + c. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License and may be, but is not necessarily, an IGO. + + d. "You" means an individual or entity exercising rights under this License. + + e. "License Elements" means the following high-level license attributes as selected by the Licensor and indicated in the title of this License: Attribution, ShareAlike. + + f. "Reproduce" means to make a copy of the Work in any manner or form, and by any means. + + g. "Distribute" means the activity of making publicly available the Work or Adaptation (or copies of the Work or Adaptation), as applicable, by sale, rental, public lending or any other known form of transfer of ownership or possession of the Work or copy of the Work. + + h. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images. + + i. "Adaptation" means a work derived from or based upon the Work, or upon the Work and other pre-existing works. Adaptations may include works such as translations, derivative works, or any alterations and arrangements of any kind involving the Work. For purposes of this License, where the Work is a musical work, performance, or phonogram, the synchronization of the Work in timed-relation with a moving image is an Adaptation. For the avoidance of doubt, including the Work in a Collection is not an Adaptation. + + j. "Collection" means a collection of literary or artistic works or other works or subject matter other than works listed in Section 1(b) which by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. For the avoidance of doubt, a Collection will not be considered as an Adaptation. + + k. "Creative Commons Compatible License" means a license that is listed at https://creativecommons.org/compatiblelicenses that has been approved by Creative Commons as being essentially equivalent to this License, including, at a minimum, because that license: (i) contains terms that have the same purpose, meaning and effect as the License Elements of this License; and, (ii) explicitly permits the relicensing of adaptations of works made available under that license under this License or a Creative Commons jurisdiction license with the same License Elements as this License. + +2. Scope of this License. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright protection. + +3. License Grant. Subject to the terms and conditions of this License, the Licensor hereby grants You a worldwide, royalty-free, non-exclusive license to exercise the rights in the Work as follows: + + a. to Reproduce, Distribute and Publicly Perform the Work, to incorporate the Work into one or more Collections, and to Reproduce, Distribute and Publicly Perform the Work as incorporated in the Collections; and, + + b. to create, Reproduce, Distribute and Publicly Perform Adaptations, provided that You clearly label, demarcate or otherwise identify that changes were made to the original Work. + + c. For the avoidance of doubt: + + i. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; + + ii. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor waives the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; and, + + ii. Voluntary License Schemes. To the extent possible, the Licensor waives the right to collect royalties from You for the exercise of the Licensed Rights, whether directly or through a collecting society under any voluntary licensing scheme. + +This License lasts for the duration of the term of the copyright in the Work licensed by the Licensor. The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. All rights not expressly granted by the Licensor are hereby reserved. + +4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions: + + a. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work (see section 8(a)). You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from a Licensor You must, to the extent practicable, remove from the Collection any credit (inclusive of any logo, trademark, official mark or official emblem) as required by Section 4(c), as requested. If You create an Adaptation, upon notice from a Licensor You must, to the extent practicable, remove from the Adaptation any credit (inclusive of any logo, trademark, official mark or official emblem) as required by Section 4(c), as requested. + + b. You may Distribute or Publicly Perform an Adaptation only under the terms of: (i) this License; (ii) a later version of this License with the same License Elements as this License; (iii) either the unported Creative Commons license or a ported Creative Commons license (either this or a later license version) containing the same License Elements; or (iv) a Creative Commons Compatible License. If You license the Adaptation under one of the licenses mentioned in (iv), You must comply with the terms of that license. If you license the Adaptation under the terms of any of the licenses mentioned in (i), (ii) or (iii) (the "Applicable License"), You must comply with terms of the Applicable License generally and the following provisions: (I) You must include a copy of, or the URI for, the Applicable License with every copy of each Adaptation You Distribute or Publicly Perform. (II) You may not offer or impose any terms on the Adaptation that restrict the terms of the Applicable License or the ability of the recipient of the Adaptation to exercise the rights granted to that recipient under the terms of the Applicable License. (III) You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work as included in the Adaptation You Distribute or Publicly Perform. (IV) When You Distribute or Publicly Perform the Adaptation, You may not impose any effective technological measures on the Adaptation that restrict the ability of a recipient of the Adaptation from You to exercise the rights granted to that recipient under the terms of the Applicable License. This Section 4(b) applies to the Adaptation as incorporated in a Collection, but this does not require the Collection apart from the Adaptation itself to be made subject to the terms of the Applicable License. + + c. If You Distribute, or Publicly Perform the Work or any Adaptations or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) any attributions that the Licensor indicates be associated with the Work as indicated in a copyright notice, (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that the Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work; and, (iv) consistent with Section 3(b), in the case of an Adaptation, a credit identifying the use of the Work in the Adaptation. The credit required by this Section 4(c) may be implemented in any reasonable manner; provided, however, that in the case of an Adaptation or Collection, at a minimum such credit will appear, if a credit for all contributors to the Adaptation or Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Licensor or others designated for attribution, of You or Your use of the Work, without the separate, express prior written permission of the Licensor or such others. + + d. Except as otherwise agreed in writing by the Licensor, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the honor or reputation of the Licensor where moral rights apply. + +5. Representations, Warranties and Disclaimer + +THE LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. + +6. Limitation on Liability + +IN NO EVENT WILL THE LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF THE LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +7. Termination + + a. Subject to the terms and conditions set forth in this License, the license granted here lasts for the duration of the term of the copyright in the Work licensed by the Licensor as stated in Section 3. Notwithstanding the above, the Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated below. + + b. If You fail to comply with this License, then this License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Adaptations or Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License. Notwithstanding the foregoing, this License reinstates automatically as of the date the violation is cured, provided it is cured within 30 days of You discovering the violation, or upon express reinstatement by the Licensor. For the avoidance of doubt, this Section 7(b) does not affect any rights the Licensor may have to seek remedies for violations of this License by You. + +8. Miscellaneous + + a. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License. + + b. Each time You Distribute or Publicly Perform an Adaptation, the Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License. + + c. If any provision of this License is invalid or unenforceable, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. + + d. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the Licensor. + + e. This License constitutes the entire agreement between You and the Licensor with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. The Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You. + + f. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). Interpretation of the scope of the rights granted by the Licensor and the conditions imposed on You under this License, this License, and the rights and conditions set forth herein shall be made with reference to copyright as determined in accordance with general principles of international law, including the above mentioned conventions. + + g. Nothing in this License constitutes or may be interpreted as a limitation upon or waiver of any privileges and immunities that may apply to the Licensor or You, including immunity from the legal processes of any jurisdiction, national court or other authority. + + h. Where the Licensor is an IGO, any and all disputes arising under this License that cannot be settled amicably shall be resolved in accordance with the following procedure: + + i. Pursuant to a notice of mediation communicated by reasonable means by either You or the Licensor to the other, the dispute shall be submitted to non-binding mediation conducted in accordance with rules designated by the Licensor in the copyright notice published with the Work, or if none then in accordance with those communicated in the notice of mediation. The language used in the mediation proceedings shall be English unless otherwise agreed. + + ii. If any such dispute has not been settled within 45 days following the date on which the notice of mediation is provided, either You or the Licensor may, pursuant to a notice of arbitration communicated by reasonable means to the other, elect to have the dispute referred to and finally determined by arbitration. The arbitration shall be conducted in accordance with the rules designated by the Licensor in the copyright notice published with the Work, or if none then in accordance with the UNCITRAL Arbitration Rules as then in force. The arbitral tribunal shall consist of a sole arbitrator and the language of the proceedings shall be English unless otherwise agreed. The place of arbitration shall be where the Licensor has its headquarters. The arbitral proceedings shall be conducted remotely (e.g., via telephone conference or written submissions) whenever practicable. + + iii. Interpretation of this License in any dispute submitted to mediation or arbitration shall be as set forth in Section 8(f), above. + +Creative Commons Notice + +Creative Commons is not a party to this License, and makes no warranty whatsoever in connection with the Work. Creative Commons will not be liable to You or any party on any legal theory for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this license. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of the Licensor. + +Except for the limited purpose of indicating to the public that the Work is licensed under the CCPL, Creative Commons does not authorize the use by either party of the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons' then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. For the avoidance of doubt, this trademark restriction does not form part of this License. + +Creative Commons may be contacted at https://creativecommons.org/. diff --git a/src/main/resources/licenses/CC-BY-SA-3.0.txt b/src/main/resources/licenses/CC-BY-SA-3.0.txt index 39a8591c4a..604209a804 100644 --- a/src/main/resources/licenses/CC-BY-SA-3.0.txt +++ b/src/main/resources/licenses/CC-BY-SA-3.0.txt @@ -1,99 +1,359 @@ -Creative Commons Attribution-ShareAlike 3.0 Unported +Creative Commons Legal Code - CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. +Attribution-ShareAlike 3.0 Unported + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR + DAMAGES RESULTING FROM ITS USE. License -THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. +THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE +COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY +COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS +AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. -BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS. +BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE +TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY +BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS +CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND +CONDITIONS. 1. Definitions - a. "Adaptation" means a work based upon the Work, or upon the Work and other pre-existing works, such as a translation, adaptation, derivative work, arrangement of music or other alterations of a literary or artistic work, or phonogram or performance and includes cinematographic adaptations or any other form in which the Work may be recast, transformed, or adapted including in any form recognizably derived from the original, except that a work that constitutes a Collection will not be considered an Adaptation for the purpose of this License. For the avoidance of doubt, where the Work is a musical work, performance or phonogram, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered an Adaptation for the purpose of this License. - - b. "Collection" means a collection of literary or artistic works, such as encyclopedias and anthologies, or performances, phonograms or broadcasts, or other works or subject matter other than works listed in Section 1(f) below, which, by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. A work that constitutes a Collection will not be considered an Adaptation (as defined below) for the purposes of this License. - - c. "Creative Commons Compatible License" means a license that is listed at http://creativecommons.org/compatiblelicenses that has been approved by Creative Commons as being essentially equivalent to this License, including, at a minimum, because that license: (i) contains terms that have the same purpose, meaning and effect as the License Elements of this License; and, (ii) explicitly permits the relicensing of adaptations of works made available under that license under this License or a Creative Commons jurisdiction license with the same License Elements as this License. - - d. "Distribute" means to make available to the public the original and copies of the Work or Adaptation, as appropriate, through sale or other transfer of ownership. - - e. "License Elements" means the following high-level license attributes as selected by Licensor and indicated in the title of this License: Attribution, ShareAlike. - - f. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License. - - g. "Original Author" means, in the case of a literary or artistic work, the individual, individuals, entity or entities who created the Work or if no individual or entity can be identified, the publisher; and in addition (i) in the case of a performance the actors, singers, musicians, dancers, and other persons who act, sing, deliver, declaim, play in, interpret or otherwise perform literary or artistic works or expressions of folklore; (ii) in the case of a phonogram the producer being the person or legal entity who first fixes the sounds of a performance or other sounds; and, (iii) in the case of broadcasts, the organization that transmits the broadcast. - - h. "Work" means the literary and/or artistic work offered under the terms of this License including without limitation any production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression including digital form, such as a book, pamphlet and other writing; a lecture, address, sermon or other work of the same nature; a dramatic or dramatico-musical work; a choreographic work or entertainment in dumb show; a musical composition with or without words; a cinematographic work to which are assimilated works expressed by a process analogous to cinematography; a work of drawing, painting, architecture, sculpture, engraving or lithography; a photographic work to which are assimilated works expressed by a process analogous to photography; a work of applied art; an illustration, map, plan, sketch or three-dimensional work relative to geography, topography, architecture or science; a performance; a broadcast; a phonogram; a compilation of data to the extent it is protected as a copyrightable work; or a work performed by a variety or circus performer to the extent it is not otherwise considered a literary or artistic work. - - i. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation. - - j. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images. - - k. "Reproduce" means to make copies of the Work by any means including without limitation by sound or visual recordings and the right of fixation and reproducing fixations of the Work, including storage of a protected performance or phonogram in digital form or other electronic medium. - -2. Fair Dealing Rights. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws. - -3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below: - - a. to Reproduce the Work, to incorporate the Work into one or more Collections, and to Reproduce the Work as incorporated in the Collections; - - b. to create and Reproduce Adaptations provided that any such Adaptation, including any translation in any medium, takes reasonable steps to clearly label, demarcate or otherwise identify that changes were made to the original Work. For example, a translation could be marked "The original work was translated from English to Spanish," or a modification could indicate "The original work has been modified."; - - c. to Distribute and Publicly Perform the Work including as incorporated in Collections; and, - - d. to Distribute and Publicly Perform Adaptations. - - e. For the avoidance of doubt: - - i. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; - - ii. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor waives the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; and, - - iii. Voluntary License Schemes. The Licensor waives the right to collect royalties, whether individually or, in the event that the Licensor is a member of a collecting society that administers voluntary licensing schemes, via that society, from any exercise by You of the rights granted under this License. - -The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. Subject to Section 8(f), all rights not expressly granted by Licensor are hereby reserved. - -4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions: - - a. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from any Licensor You must, to the extent practicable, remove from the Collection any credit as required by Section 4(c), as requested. If You create an Adaptation, upon notice from any Licensor You must, to the extent practicable, remove from the Adaptation any credit as required by Section 4(c), as requested. - - b. You may Distribute or Publicly Perform an Adaptation only under the terms of: (i) this License; (ii) a later version of this License with the same License Elements as this License; (iii) a Creative Commons jurisdiction license (either this or a later license version) that contains the same License Elements as this License (e.g., Attribution-ShareAlike 3.0 US)); (iv) a Creative Commons Compatible License. If you license the Adaptation under one of the licenses mentioned in (iv), you must comply with the terms of that license. If you license the Adaptation under the terms of any of the licenses mentioned in (i), (ii) or (iii) (the "Applicable License"), you must comply with the terms of the Applicable License generally and the following provisions: (I) You must include a copy of, or the URI for, the Applicable License with every copy of each Adaptation You Distribute or Publicly Perform; (II) You may not offer or impose any terms on the Adaptation that restrict the terms of the Applicable License or the ability of the recipient of the Adaptation to exercise the rights granted to that recipient under the terms of the Applicable License; (III) You must keep intact all notices that refer to the Applicable License and to the disclaimer of warranties with every copy of the Work as included in the Adaptation You Distribute or Publicly Perform; (IV) when You Distribute or Publicly Perform the Adaptation, You may not impose any effective technological measures on the Adaptation that restrict the ability of a recipient of the Adaptation from You to exercise the rights granted to that recipient under the terms of the Applicable License. This Section 4(b) applies to the Adaptation as incorporated in a Collection, but this does not require the Collection apart from the Adaptation itself to be made subject to the terms of the Applicable License. - - c. If You Distribute, or Publicly Perform the Work or any Adaptations or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or if the Original Author and/or Licensor designate another party or parties (e.g., a sponsor institute, publishing entity, journal) for attribution ("Attribution Parties") in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work; and (iv) , consistent with Ssection 3(b), in the case of an Adaptation, a credit identifying the use of the Work in the Adaptation (e.g., "French translation of the Work by Original Author," or "Screenplay based on original Work by Original Author"). The credit required by this Section 4(c) may be implemented in any reasonable manner; provided, however, that in the case of a Adaptation or Collection, at a minimum such credit will appear, if a credit for all contributing authors of the Adaptation or Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties. - - d. Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable law, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author's honor or reputation. Licensor agrees that in those jurisdictions (e.g. Japan), in which any exercise of the right granted in Section 3(b) of this License (the right to make Adaptations) would be deemed to be a distortion, mutilation, modification or other derogatory action prejudicial to the Original Author's honor and reputation, the Licensor will waive or not assert, as appropriate, this Section, to the fullest extent permitted by the applicable national law, to enable You to reasonably exercise Your right under Section 3(b) of this License (right to make Adaptations) but not otherwise. + a. "Adaptation" means a work based upon the Work, or upon the Work and + other pre-existing works, such as a translation, adaptation, + derivative work, arrangement of music or other alterations of a + literary or artistic work, or phonogram or performance and includes + cinematographic adaptations or any other form in which the Work may be + recast, transformed, or adapted including in any form recognizably + derived from the original, except that a work that constitutes a + Collection will not be considered an Adaptation for the purpose of + this License. For the avoidance of doubt, where the Work is a musical + work, performance or phonogram, the synchronization of the Work in + timed-relation with a moving image ("synching") will be considered an + Adaptation for the purpose of this License. + b. "Collection" means a collection of literary or artistic works, such as + encyclopedias and anthologies, or performances, phonograms or + broadcasts, or other works or subject matter other than works listed + in Section 1(f) below, which, by reason of the selection and + arrangement of their contents, constitute intellectual creations, in + which the Work is included in its entirety in unmodified form along + with one or more other contributions, each constituting separate and + independent works in themselves, which together are assembled into a + collective whole. A work that constitutes a Collection will not be + considered an Adaptation (as defined below) for the purposes of this + License. + c. "Creative Commons Compatible License" means a license that is listed + at https://creativecommons.org/compatiblelicenses that has been + approved by Creative Commons as being essentially equivalent to this + License, including, at a minimum, because that license: (i) contains + terms that have the same purpose, meaning and effect as the License + Elements of this License; and, (ii) explicitly permits the relicensing + of adaptations of works made available under that license under this + License or a Creative Commons jurisdiction license with the same + License Elements as this License. + d. "Distribute" means to make available to the public the original and + copies of the Work or Adaptation, as appropriate, through sale or + other transfer of ownership. + e. "License Elements" means the following high-level license attributes + as selected by Licensor and indicated in the title of this License: + Attribution, ShareAlike. + f. "Licensor" means the individual, individuals, entity or entities that + offer(s) the Work under the terms of this License. + g. "Original Author" means, in the case of a literary or artistic work, + the individual, individuals, entity or entities who created the Work + or if no individual or entity can be identified, the publisher; and in + addition (i) in the case of a performance the actors, singers, + musicians, dancers, and other persons who act, sing, deliver, declaim, + play in, interpret or otherwise perform literary or artistic works or + expressions of folklore; (ii) in the case of a phonogram the producer + being the person or legal entity who first fixes the sounds of a + performance or other sounds; and, (iii) in the case of broadcasts, the + organization that transmits the broadcast. + h. "Work" means the literary and/or artistic work offered under the terms + of this License including without limitation any production in the + literary, scientific and artistic domain, whatever may be the mode or + form of its expression including digital form, such as a book, + pamphlet and other writing; a lecture, address, sermon or other work + of the same nature; a dramatic or dramatico-musical work; a + choreographic work or entertainment in dumb show; a musical + composition with or without words; a cinematographic work to which are + assimilated works expressed by a process analogous to cinematography; + a work of drawing, painting, architecture, sculpture, engraving or + lithography; a photographic work to which are assimilated works + expressed by a process analogous to photography; a work of applied + art; an illustration, map, plan, sketch or three-dimensional work + relative to geography, topography, architecture or science; a + performance; a broadcast; a phonogram; a compilation of data to the + extent it is protected as a copyrightable work; or a work performed by + a variety or circus performer to the extent it is not otherwise + considered a literary or artistic work. + i. "You" means an individual or entity exercising rights under this + License who has not previously violated the terms of this License with + respect to the Work, or who has received express permission from the + Licensor to exercise rights under this License despite a previous + violation. + j. "Publicly Perform" means to perform public recitations of the Work and + to communicate to the public those public recitations, by any means or + process, including by wire or wireless means or public digital + performances; to make available to the public Works in such a way that + members of the public may access these Works from a place and at a + place individually chosen by them; to perform the Work to the public + by any means or process and the communication to the public of the + performances of the Work, including by public digital performance; to + broadcast and rebroadcast the Work by any means including signs, + sounds or images. + k. "Reproduce" means to make copies of the Work by any means including + without limitation by sound or visual recordings and the right of + fixation and reproducing fixations of the Work, including storage of a + protected performance or phonogram in digital form or other electronic + medium. + +2. Fair Dealing Rights. Nothing in this License is intended to reduce, +limit, or restrict any uses free from copyright or rights arising from +limitations or exceptions that are provided for in connection with the +copyright protection under copyright law or other applicable laws. + +3. License Grant. Subject to the terms and conditions of this License, +Licensor hereby grants You a worldwide, royalty-free, non-exclusive, +perpetual (for the duration of the applicable copyright) license to +exercise the rights in the Work as stated below: + + a. to Reproduce the Work, to incorporate the Work into one or more + Collections, and to Reproduce the Work as incorporated in the + Collections; + b. to create and Reproduce Adaptations provided that any such Adaptation, + including any translation in any medium, takes reasonable steps to + clearly label, demarcate or otherwise identify that changes were made + to the original Work. For example, a translation could be marked "The + original work was translated from English to Spanish," or a + modification could indicate "The original work has been modified."; + c. to Distribute and Publicly Perform the Work including as incorporated + in Collections; and, + d. to Distribute and Publicly Perform Adaptations. + e. For the avoidance of doubt: + + i. Non-waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme cannot be waived, the Licensor + reserves the exclusive right to collect such royalties for any + exercise by You of the rights granted under this License; + ii. Waivable Compulsory License Schemes. In those jurisdictions in + which the right to collect royalties through any statutory or + compulsory licensing scheme can be waived, the Licensor waives the + exclusive right to collect such royalties for any exercise by You + of the rights granted under this License; and, + iii. Voluntary License Schemes. The Licensor waives the right to + collect royalties, whether individually or, in the event that the + Licensor is a member of a collecting society that administers + voluntary licensing schemes, via that society, from any exercise + by You of the rights granted under this License. + +The above rights may be exercised in all media and formats whether now +known or hereafter devised. The above rights include the right to make +such modifications as are technically necessary to exercise the rights in +other media and formats. Subject to Section 8(f), all rights not expressly +granted by Licensor are hereby reserved. + +4. Restrictions. The license granted in Section 3 above is expressly made +subject to and limited by the following restrictions: + + a. You may Distribute or Publicly Perform the Work only under the terms + of this License. You must include a copy of, or the Uniform Resource + Identifier (URI) for, this License with every copy of the Work You + Distribute or Publicly Perform. You may not offer or impose any terms + on the Work that restrict the terms of this License or the ability of + the recipient of the Work to exercise the rights granted to that + recipient under the terms of the License. You may not sublicense the + Work. You must keep intact all notices that refer to this License and + to the disclaimer of warranties with every copy of the Work You + Distribute or Publicly Perform. When You Distribute or Publicly + Perform the Work, You may not impose any effective technological + measures on the Work that restrict the ability of a recipient of the + Work from You to exercise the rights granted to that recipient under + the terms of the License. This Section 4(a) applies to the Work as + incorporated in a Collection, but this does not require the Collection + apart from the Work itself to be made subject to the terms of this + License. If You create a Collection, upon notice from any Licensor You + must, to the extent practicable, remove from the Collection any credit + as required by Section 4(c), as requested. If You create an + Adaptation, upon notice from any Licensor You must, to the extent + practicable, remove from the Adaptation any credit as required by + Section 4(c), as requested. + b. You may Distribute or Publicly Perform an Adaptation only under the + terms of: (i) this License; (ii) a later version of this License with + the same License Elements as this License; (iii) a Creative Commons + jurisdiction license (either this or a later license version) that + contains the same License Elements as this License (e.g., + Attribution-ShareAlike 3.0 US)); (iv) a Creative Commons Compatible + License. If you license the Adaptation under one of the licenses + mentioned in (iv), you must comply with the terms of that license. If + you license the Adaptation under the terms of any of the licenses + mentioned in (i), (ii) or (iii) (the "Applicable License"), you must + comply with the terms of the Applicable License generally and the + following provisions: (I) You must include a copy of, or the URI for, + the Applicable License with every copy of each Adaptation You + Distribute or Publicly Perform; (II) You may not offer or impose any + terms on the Adaptation that restrict the terms of the Applicable + License or the ability of the recipient of the Adaptation to exercise + the rights granted to that recipient under the terms of the Applicable + License; (III) You must keep intact all notices that refer to the + Applicable License and to the disclaimer of warranties with every copy + of the Work as included in the Adaptation You Distribute or Publicly + Perform; (IV) when You Distribute or Publicly Perform the Adaptation, + You may not impose any effective technological measures on the + Adaptation that restrict the ability of a recipient of the Adaptation + from You to exercise the rights granted to that recipient under the + terms of the Applicable License. This Section 4(b) applies to the + Adaptation as incorporated in a Collection, but this does not require + the Collection apart from the Adaptation itself to be made subject to + the terms of the Applicable License. + c. If You Distribute, or Publicly Perform the Work or any Adaptations or + Collections, You must, unless a request has been made pursuant to + Section 4(a), keep intact all copyright notices for the Work and + provide, reasonable to the medium or means You are utilizing: (i) the + name of the Original Author (or pseudonym, if applicable) if supplied, + and/or if the Original Author and/or Licensor designate another party + or parties (e.g., a sponsor institute, publishing entity, journal) for + attribution ("Attribution Parties") in Licensor's copyright notice, + terms of service or by other reasonable means, the name of such party + or parties; (ii) the title of the Work if supplied; (iii) to the + extent reasonably practicable, the URI, if any, that Licensor + specifies to be associated with the Work, unless such URI does not + refer to the copyright notice or licensing information for the Work; + and (iv) , consistent with Ssection 3(b), in the case of an + Adaptation, a credit identifying the use of the Work in the Adaptation + (e.g., "French translation of the Work by Original Author," or + "Screenplay based on original Work by Original Author"). The credit + required by this Section 4(c) may be implemented in any reasonable + manner; provided, however, that in the case of a Adaptation or + Collection, at a minimum such credit will appear, if a credit for all + contributing authors of the Adaptation or Collection appears, then as + part of these credits and in a manner at least as prominent as the + credits for the other contributing authors. For the avoidance of + doubt, You may only use the credit required by this Section for the + purpose of attribution in the manner set out above and, by exercising + Your rights under this License, You may not implicitly or explicitly + assert or imply any connection with, sponsorship or endorsement by the + Original Author, Licensor and/or Attribution Parties, as appropriate, + of You or Your use of the Work, without the separate, express prior + written permission of the Original Author, Licensor and/or Attribution + Parties. + d. Except as otherwise agreed in writing by the Licensor or as may be + otherwise permitted by applicable law, if You Reproduce, Distribute or + Publicly Perform the Work either by itself or as part of any + Adaptations or Collections, You must not distort, mutilate, modify or + take other derogatory action in relation to the Work which would be + prejudicial to the Original Author's honor or reputation. Licensor + agrees that in those jurisdictions (e.g. Japan), in which any exercise + of the right granted in Section 3(b) of this License (the right to + make Adaptations) would be deemed to be a distortion, mutilation, + modification or other derogatory action prejudicial to the Original + Author's honor and reputation, the Licensor will waive or not assert, + as appropriate, this Section, to the fullest extent permitted by the + applicable national law, to enable You to reasonably exercise Your + right under Section 3(b) of this License (right to make Adaptations) + but not otherwise. 5. Representations, Warranties and Disclaimer -UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. - -6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. +UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR +OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY +KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, +INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, +FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF +LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, +WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION +OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. + +6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE +LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR +ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES +ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS +BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 7. Termination - a. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Adaptations or Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License. - - b. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above. + a. This License and the rights granted hereunder will terminate + automatically upon any breach by You of the terms of this License. + Individuals or entities who have received Adaptations or Collections + from You under this License, however, will not have their licenses + terminated provided such individuals or entities remain in full + compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will + survive any termination of this License. + b. Subject to the above terms and conditions, the license granted here is + perpetual (for the duration of the applicable copyright in the Work). + Notwithstanding the above, Licensor reserves the right to release the + Work under different license terms or to stop distributing the Work at + any time; provided, however that any such election will not serve to + withdraw this License (or any other license that has been, or is + required to be, granted under the terms of this License), and this + License will continue in full force and effect unless terminated as + stated above. 8. Miscellaneous - a. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License. - - b. Each time You Distribute or Publicly Perform an Adaptation, Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License. - - c. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. + a. Each time You Distribute or Publicly Perform the Work or a Collection, + the Licensor offers to the recipient a license to the Work on the same + terms and conditions as the license granted to You under this License. + b. Each time You Distribute or Publicly Perform an Adaptation, Licensor + offers to the recipient a license to the original Work on the same + terms and conditions as the license granted to You under this License. + c. If any provision of this License is invalid or unenforceable under + applicable law, it shall not affect the validity or enforceability of + the remainder of the terms of this License, and without further action + by the parties to this agreement, such provision shall be reformed to + the minimum extent necessary to make such provision valid and + enforceable. + d. No term or provision of this License shall be deemed waived and no + breach consented to unless such waiver or consent shall be in writing + and signed by the party to be charged with such waiver or consent. + e. This License constitutes the entire agreement between the parties with + respect to the Work licensed here. There are no understandings, + agreements or representations with respect to the Work not specified + here. Licensor shall not be bound by any additional provisions that + may appear in any communication from You. This License may not be + modified without the mutual written agreement of the Licensor and You. + f. The rights granted under, and the subject matter referenced, in this + License were drafted utilizing the terminology of the Berne Convention + for the Protection of Literary and Artistic Works (as amended on + September 28, 1979), the Rome Convention of 1961, the WIPO Copyright + Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 + and the Universal Copyright Convention (as revised on July 24, 1971). + These rights and subject matter take effect in the relevant + jurisdiction in which the License terms are sought to be enforced + according to the corresponding provisions of the implementation of + those treaty provisions in the applicable national law. If the + standard suite of rights granted under applicable copyright law + includes additional rights not granted under this License, such + additional rights are deemed to be included in the License; this + License is not intended to restrict the license of any rights under + applicable law. - d. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent. - - e. This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You. - - f. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). These rights and subject matter take effect in the relevant jurisdiction in which the License terms are sought to be enforced according to the corresponding provisions of the implementation of those treaty provisions in the applicable national law. If the standard suite of rights granted under applicable copyright law includes additional rights not granted under this License, such additional rights are deemed to be included in the License; this License is not intended to restrict the license of any rights under applicable law. Creative Commons Notice -Creative Commons is not a party to this License, and makes no warranty whatsoever in connection with the Work. Creative Commons will not be liable to You or any party on any legal theory for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this license. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of Licensor. - -Except for the limited purpose of indicating to the public that the Work is licensed under the CCPL, Creative Commons does not authorize the use by either party of the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons' then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. For the avoidance of doubt, this trademark restriction does not form part of the License. - -Creative Commons may be contacted at http://creativecommons.org/. + Creative Commons is not a party to this License, and makes no warranty + whatsoever in connection with the Work. Creative Commons will not be + liable to You or any party on any legal theory for any damages + whatsoever, including without limitation any general, special, + incidental or consequential damages arising in connection to this + license. Notwithstanding the foregoing two (2) sentences, if Creative + Commons has expressly identified itself as the Licensor hereunder, it + shall have all rights and obligations of Licensor. + + Except for the limited purpose of indicating to the public that the + Work is licensed under the CCPL, Creative Commons does not authorize + the use by either party of the trademark "Creative Commons" or any + related trademark or logo of Creative Commons without the prior + written consent of Creative Commons. Any permitted use will be in + compliance with Creative Commons' then-current trademark usage + guidelines, as may be published on its website or otherwise made + available upon request from time to time. For the avoidance of doubt, + this trademark restriction does not form part of the License. + + Creative Commons may be contacted at https://creativecommons.org/. diff --git a/src/main/resources/licenses/CC-PDM-1.0.txt b/src/main/resources/licenses/CC-PDM-1.0.txt new file mode 100644 index 0000000000..1dc4e63b87 --- /dev/null +++ b/src/main/resources/licenses/CC-PDM-1.0.txt @@ -0,0 +1,27 @@ +No Copyright + +This work has been identified as being free of known restrictions under +copyright law, including all related and neighboring rights. + + +You can copy, modify, distribute and perform the work, even for commercial +purposes, all without asking permission. See Other Information below. + +Other Information + +The work may not be free of known copyright restrictions in all jurisdictions . + +Persons may have other rights in or related to the work, such as patent or +trademark rights, and others may have rights in how the work is used, such as +publicity or privacy rights. + +In some jurisdictions moral rights of the author may persist beyond the term of +copyright. These rights may include the right to be identified as the author +and the right to object to derogatory treatments. + +Unless expressly stated otherwise, the person who identified the work makes no +warranties about the work, and disclaims liability for all uses of the work, to +the fullest extent permitted by applicable law. + +When using or citing the work, you should not imply endorsement by the author +or the person who identified the work. diff --git a/src/main/resources/licenses/CC-SA-1.0.txt b/src/main/resources/licenses/CC-SA-1.0.txt new file mode 100644 index 0000000000..1a810feaec --- /dev/null +++ b/src/main/resources/licenses/CC-SA-1.0.txt @@ -0,0 +1,198 @@ + Creative Commons Legal Code + + ShareAlike 1.0 + +CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL +SERVICES. DISTRIBUTION OF THIS DRAFT LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT +RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. +CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND +DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. + +License + +THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE +COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY +COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS +AUTHORIZED UNDER THIS LICENSE IS PROHIBITED. + +BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE +BOUND BY THE TERMS OF THIS LICENSE. THE LICENSOR GRANTS YOU THE RIGHTS +CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND +CONDITIONS. + +1. Definitions + + a. "Collective Work" means a work, such as a periodical issue, anthology or + encyclopedia, in which the Work in its entirety in unmodified form, along + with a number of other contributions, constituting separate and independent + works in themselves, are assembled into a collective whole. A work that + constitutes a Collective Work will not be considered a Derivative Work (as + defined below) for the purposes of this License. + b. "Derivative Work" means a work based upon the Work or upon the Work and + other pre-existing works, such as a translation, musical arrangement, + dramatization, fictionalization, motion picture version, sound recording, + art reproduction, abridgment, condensation, or any other form in which the + Work may be recast, transformed, or adapted, except that a work that + constitutes a Collective Work will not be considered a Derivative Work for + the purpose of this License. + c. "Licensor" means the individual or entity that offers the Work under the + terms of this License. + d. "Original Author" means the individual or entity who created the Work. + e. "Work" means the copyrightable work of authorship offered under the terms + of this License. + f. "You" means an individual or entity exercising rights under this License + who has not previously violated the terms of this License with respect to + the Work, or who has received express permission from the Licensor to + exercise rights under this License despite a previous violation. + +2. Fair Use Rights. Nothing in this license is intended to reduce, limit, or +restrict any rights arising from fair use, first sale or other limitations on +the exclusive rights of the copyright owner under copyright law or other +applicable laws. + +3. License Grant. Subject to the terms and conditions of this License, Licensor +hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the +duration of the applicable copyright) license to exercise the rights in the +Work as stated below: + + a. to reproduce the Work, to incorporate the Work into one or more Collective + Works, and to reproduce the Work as incorporated in the Collective Works; + b. to create and reproduce Derivative Works; + c. to distribute copies or phonorecords of, display publicly, perform + publicly, and perform publicly by means of a digital audio transmission the + Work including as incorporated in Collective Works; + d. to distribute copies or phonorecords of, display publicly, perform + publicly, and perform publicly by means of a digital audio transmission + Derivative Works; + +The above rights may be exercised in all media and formats whether now known or +hereafter devised. The above rights include the right to make such +modifications as are technically necessary to exercise the rights in other +media and formats. All rights not expressly granted by Licensor are hereby +reserved. + +4. Restrictions. The license granted in Section 3 above is expressly made +subject to and limited by the following restrictions: + + a. You may distribute, publicly display, publicly perform, or publicly + digitally perform the Work only under the terms of this License, and You + must include a copy of, or the Uniform Resource Identifier for, this + License with every copy or phonorecord of the Work You distribute, publicly + display, publicly perform, or publicly digitally perform. You may not offer + or impose any terms on the Work that alter or restrict the terms of this + License or the recipients' exercise of the rights granted hereunder. You + may not sublicense the Work. You must keep intact all notices that refer to + this License and to the disclaimer of warranties. You may not distribute, + publicly display, publicly perform, or publicly digitally perform the Work + with any technological measures that control access or use of the Work in a + manner inconsistent with the terms of this License Agreement. The above + applies to the Work as incorporated in a Collective Work, but this does not + require the Collective Work apart from the Work itself to be made subject + to the terms of this License. If You create a Collective Work, upon notice + from any Licensor You must, to the extent practicable, remove from the + Collective Work any reference to such Licensor or the Original Author, as + requested. If You create a Derivative Work, upon notice from any Licensor + You must, to the extent practicable, remove from the Derivative Work any + reference to such Licensor or the Original Author, as requested. + b. You may distribute, publicly display, publicly perform, or publicly + digitally perform a Derivative Work only under the terms of this License, + and You must include a copy of, or the Uniform Resource Identifier for, + this License with every copy or phonorecord of each Derivative Work You + distribute, publicly display, publicly perform, or publicly digitally + perform. You may not offer or impose any terms on the Derivative Works that + alter or restrict the terms of this License or the recipients' exercise of + the rights granted hereunder, and You must keep intact all notices that + refer to this License and to the disclaimer of warranties. You may not + distribute, publicly display, publicly perform, or publicly digitally + perform the Derivative Work with any technological measures that control + access or use of the Work in a manner inconsistent with the terms of this + License Agreement. The above applies to the Derivative Work as incorporated + in a Collective Work, but this does not require the Collective Work apart + from the Derivative Work itself to be made subject to the terms of this + License. + +5. Representations, Warranties and Disclaimer + + a. By offering the Work for public release under this License, Licensor + represents and warrants that, to the best of Licensor's knowledge after + reasonable inquiry: + i. Licensor has secured all rights in the Work necessary to grant the + license rights hereunder and to permit the lawful exercise of the + rights granted hereunder without You having any obligation to pay any + royalties, compulsory license fees, residuals or any other payments; + ii. The Work does not infringe the copyright, trademark, publicity rights, + common law rights or any other right of any third party or constitute + defamation, invasion of privacy or other tortious injury to any third + party. + b. EXCEPT AS EXPRESSLY STATED IN THIS LICENSE OR OTHERWISE AGREED IN WRITING + OR REQUIRED BY APPLICABLE LAW, THE WORK IS LICENSED ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, + WITHOUT LIMITATION, ANY WARRANTIES REGARDING THE CONTENTS OR ACCURACY OF + THE WORK. + +6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, +AND EXCEPT FOR DAMAGES ARISING FROM LIABILITY TO A THIRD PARTY RESULTING FROM +BREACH OF THE WARRANTIES IN SECTION 5, IN NO EVENT WILL LICENSOR BE LIABLE TO +YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR +EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF +LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +7. Termination + + a. This License and the rights granted hereunder will terminate automatically + upon any breach by You of the terms of this License. Individuals or + entities who have received Derivative Works or Collective Works from You + under this License, however, will not have their licenses terminated + provided such individuals or entities remain in full compliance with those + licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of + this License. + b. Subject to the above terms and conditions, the license granted here is + perpetual (for the duration of the applicable copyright in the Work). + Notwithstanding the above, Licensor reserves the right to release the Work + under different license terms or to stop distributing the Work at any time; + provided, however that any such election will not serve to withdraw this + License (or any other license that has been, or is required to be, granted + under the terms of this License), and this License will continue in full + force and effect unless terminated as stated above. + +8. Miscellaneous + + a. Each time You distribute or publicly digitally perform the Work or a + Collective Work, the Licensor offers to the recipient a license to the Work + on the same terms and conditions as the license granted to You under this + License. + b. Each time You distribute or publicly digitally perform a Derivative Work, + Licensor offers to the recipient a license to the original Work on the same + terms and conditions as the license granted to You under this License. + c. If any provision of this License is invalid or unenforceable under + applicable law, it shall not affect the validity or enforceability of the + remainder of the terms of this License, and without further action by the + parties to this agreement, such provision shall be reformed to the minimum + extent necessary to make such provision valid and enforceable. + d. No term or provision of this License shall be deemed waived and no breach + consented to unless such waiver or consent shall be in writing and signed + by the party to be charged with such waiver or consent. + e. This License constitutes the entire agreement between the parties with + respect to the Work licensed here. There are no understandings, agreements + or representations with respect to the Work not specified here. Licensor + shall not be bound by any additional provisions that may appear in any + communication from You. This License may not be modified without the mutual + written agreement of the Licensor and You. + +Creative Commons is not a party to this License, and makes no warranty +whatsoever in connection with the Work. Creative Commons will not be liable to +You or any party on any legal theory for any damages whatsoever, including +without limitation any general, special, incidental or consequential damages +arising in connection to this license. Notwithstanding the foregoing two (2) +sentences, if Creative Commons has expressly identified itself as the Licensor +hereunder, it shall have all rights and obligations of Licensor. + +Except for the limited purpose of indicating to the public that the Work is +licensed under the CCPL, neither party will use the trademark "Creative +Commons" or any related trademark or logo of Creative Commons without the prior +written consent of Creative Commons. Any permitted use will be in compliance +with Creative Commons' then-current trademark usage guidelines, as may be +published on its website or otherwise made available upon request from time to +time. + +Creative Commons may be contacted at http://creativecommons.org/. diff --git a/src/main/resources/licenses/CFITSIO.txt b/src/main/resources/licenses/CFITSIO.txt new file mode 100644 index 0000000000..f2c5020572 --- /dev/null +++ b/src/main/resources/licenses/CFITSIO.txt @@ -0,0 +1,7 @@ +Copyright (Unpublished-all rights reserved under the copyright laws of the United States), U.S. Government as represented by the Administrator of the National Aeronautics and Space Administration. No copyright is claimed in the United States under Title 17, U.S. Code. + +Permission to freely use, copy, modify, and distribute this software and its documentation without fee is hereby granted, provided that this copyright notice and disclaimer of warranty appears in all copies. + +DISCLAIMER: + +THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE. IN NO EVENT SHALL NASA BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM, OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY, CONTRACT, TORT , OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER." diff --git a/src/main/resources/licenses/CGAL-linking-exception.txt b/src/main/resources/licenses/CGAL-linking-exception.txt new file mode 100644 index 0000000000..c6dbd55ca6 --- /dev/null +++ b/src/main/resources/licenses/CGAL-linking-exception.txt @@ -0,0 +1,4 @@ +As a special exception, you have permission to link this library +with the CGAL library (http://www.cgal.org) and distribute executables, +as long as you follow the requirements of the GNU GPL in regard to +all of the software in the executable aside from CGAL. diff --git a/src/main/resources/licenses/CLISP-exception-2.0.txt b/src/main/resources/licenses/CLISP-exception-2.0.txt new file mode 100644 index 0000000000..9c981f9b97 --- /dev/null +++ b/src/main/resources/licenses/CLISP-exception-2.0.txt @@ -0,0 +1,15 @@ +Summary: + +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation; see file GNU-GPL. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +Note: + +This copyright does NOT cover user programs that run in CLISP and third-party packages not part of CLISP, if a) They only reference external symbols in CLISP's public packages that define API also provided by many other Common Lisp implementations (namely the packages COMMON-LISP, COMMON-LISP-USER, KEYWORD, CLOS, GRAY, EXT), i.e. if they don't rely on CLISP internals and would as well run in any other Common Lisp implementation. Or b) They only reference external symbols in CLISP's public packages that define API also provided by many other Common Lisp implementations (namely the packages COMMON-LISP, COMMON-LISP-USER, KEYWORD, CLOS, GRAY, EXT) and some external, not CLISP specific, symbols in third-party packages that are released with source code under a GPL compatible license and that run in a great number of Common Lisp implementations, i.e. if they rely on CLISP internals only to the extent needed for gaining some functionality also available in a great number of Common Lisp implementations. Such user programs are not covered by the term """"derived work"""" used in the GNU GPL. Neither is their compiled code, i.e. the result of compiling them by use of the function COMPILE-FILE. We refer to such user programs as """"independent work"""". + +You may copy and distribute memory image files generated by the function SAVEINITMEM, if it was generated only from CLISP and independent work, and provided that you accompany them, in the sense of section 3 of the GNU GPL, with the source code of CLISP - precisely the same CLISP version that was used to build the memory image -, the source or compiled code of the user programs needed to rebuild the memory image (source code for all the parts that are not independent work, see above), and a precise description how to rebuild the memory image from these. + +Foreign non-Lisp code that is linked with CLISP or loaded into CLISP through dynamic linking is not exempted from this copyright. I.e. such code, when distributed for use with CLISP, must be distributed under the GPL. diff --git a/src/main/resources/licenses/CMU-Mach-nodoc.txt b/src/main/resources/licenses/CMU-Mach-nodoc.txt new file mode 100644 index 0000000000..c81d74fee7 --- /dev/null +++ b/src/main/resources/licenses/CMU-Mach-nodoc.txt @@ -0,0 +1,11 @@ +Copyright (C) 2002 Naval Research Laboratory (NRL/CCS) + +Permission to use, copy, modify and distribute this software and +its documentation is hereby granted, provided that both the +copyright notice and this permission notice appear in all copies of +the software, derivative works or modified versions, and any +portions thereof. + +NRL ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION AND +DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER +RESULTING FROM THE USE OF THIS SOFTWARE. diff --git a/src/main/resources/licenses/CMU-Mach.txt b/src/main/resources/licenses/CMU-Mach.txt new file mode 100644 index 0000000000..1bb895d4ec --- /dev/null +++ b/src/main/resources/licenses/CMU-Mach.txt @@ -0,0 +1,22 @@ +Copyright (c) 1991,1990,1989 Carnegie Mellon University +All Rights Reserved. + +Permission to use, copy, modify and distribute this software and its +documentation is hereby granted, provided that both the copyright +notice and this permission notice appear in all copies of the +software, derivative works or modified versions, and any portions +thereof, and that both notices appear in supporting documentation. + +CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" +CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR +ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. + +Carnegie Mellon requests users of this software to return to + + Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU + School of Computer Science + Carnegie Mellon University + Pittsburgh PA 15213-3890 + +any improvements or extensions that they make and grant Carnegie Mellon +the rights to redistribute these changes. diff --git a/src/main/resources/licenses/Caldera-no-preamble.txt b/src/main/resources/licenses/Caldera-no-preamble.txt new file mode 100644 index 0000000000..f70f34b32b --- /dev/null +++ b/src/main/resources/licenses/Caldera-no-preamble.txt @@ -0,0 +1,35 @@ +Copyright(C) Caldera International Inc. 2001-2002. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +Redistributions of source code and documentation must retain the above +copyright notice, this list of conditions and the following disclaimer. + +Redistributions in binary form must reproduce the above copyright +notice, this list of conditions and the following disclaimer in the +documentation and/or other materials provided with the distribution. + +All advertising materials mentioning features or use of this software +must display the following acknowledgement: + + This product includes software developed or owned by Caldera + International, Inc. + +Neither the name of Caldera International, Inc. nor the names of other +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +USE OF THE SOFTWARE PROVIDED FOR UNDER THIS LICENSE BY CALDERA +INTERNATIONAL, INC. AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN +NO EVENT SHALL CALDERA INTERNATIONAL, INC. BE LIABLE FOR ANY DIRECT, +INDIRECT INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/src/main/resources/licenses/Catharon.txt b/src/main/resources/licenses/Catharon.txt new file mode 100644 index 0000000000..8d0ac128bc --- /dev/null +++ b/src/main/resources/licenses/Catharon.txt @@ -0,0 +1,121 @@ + The Catharon Open Source LICENSE + ---------------------------- + + 2000-Jul-04 + + Copyright (C) 2000 by Catharon Productions, Inc. + + + +Introduction +============ + + This license applies to source files distributed by Catharon + Productions, Inc. in several archive packages. This license + applies to all files found in such packages which do not fall + under their own explicit license. + + This license was inspired by the BSD, Artistic, and IJG + (Independent JPEG Group) licenses, which all encourage inclusion + and use of free software in commercial and freeware products + alike. As a consequence, its main points are that: + + o We don't promise that this software works. However, we are + interested in any kind of bug reports. (`as is' distribution) + + o You can use this software for whatever you want, in parts or + full form, without having to pay us. (`royalty-free' usage) + + o You may not pretend that you wrote this software. If you use + it, or only parts of it, in a program, you must acknowledge + somewhere in your documentation that you have used the + Catharon Code. (`credits') + + We specifically permit and encourage the inclusion of this + software, with or without modifications, in commercial products. + We disclaim all warranties covering the packages distributed by + Catharon Productions, Inc. and assume no liability related to + their use. + + +Legal Terms +=========== + +0. Definitions +-------------- + + Throughout this license, the terms `Catharon Package', `package', + and `Catharon Code' refer to the set of files originally + distributed by Catharon Productions, Inc. + + `You' refers to the licensee, or person using the project, where + `using' is a generic term including compiling the project's source + code as well as linking it to form a `program' or `executable'. + This program is referred to as `a program using one of the + Catharon Packages'. + + This license applies to all files distributed in the original + Catharon Package(s), including all source code, binaries and + documentation, unless otherwise stated in the file in its + original, unmodified form as distributed in the original archive. + If you are unsure whether or not a particular file is covered by + this license, you must contact us to verify this. + + The Catharon Packages are copyright (C) 2000 by Catharon + Productions, Inc. All rights reserved except as specified below. + +1. No Warranty +-------------- + + THE CATHARON PACKAGES ARE PROVIDED `AS IS' WITHOUT WARRANTY OF ANY + KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE. IN NO EVENT WILL ANY OF THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY DAMAGES CAUSED BY THE USE OF OR THE INABILITY TO + USE THE CATHARON PACKAGE. + +2. Redistribution +----------------- + + This license grants a worldwide, royalty-free, perpetual and + irrevocable right and license to use, execute, perform, compile, + display, copy, create derivative works of, distribute and + sublicense the Catharon Packages (in both source and object code + forms) and derivative works thereof for any purpose; and to + authorize others to exercise some or all of the rights granted + herein, subject to the following conditions: + + o Redistribution of source code must retain this license file + (`license.txt') unaltered; any additions, deletions or changes + to the original files must be clearly indicated in + accompanying documentation. The copyright notices of the + unaltered, original files must be preserved in all copies of + source files. + + o Redistribution in binary form must provide a disclaimer that + states that the software is based in part on the work of + Catharon Productions, Inc. in the distribution documentation. + + These conditions apply to any software derived from or based on + the Catharon Packages, not just the unmodified files. If you use + our work, you must acknowledge us. However, no fee need be paid + to us. + +3. Advertising +-------------- + + Neither Catharon Productions, Inc. and contributors nor you shall + use the name of the other for commercial, advertising, or + promotional purposes without specific prior written permission. + + We suggest, but do not require, that you use the following phrase + to refer to this software in your documentation: 'this software is + based in part on the Catharon Typography Project'. + + As you have not signed this license, you are not required to + accept it. However, as the Catharon Packages are copyrighted + material, only this license, or another one contracted with the + authors, grants you the right to use, distribute, and modify it. + Therefore, by using, distributing, or modifying the Catharon + Packages, you indicate that you understand and accept all the + terms of this license. diff --git a/src/main/resources/licenses/Classpath-exception-2.0.txt b/src/main/resources/licenses/Classpath-exception-2.0.txt new file mode 100644 index 0000000000..1a0045415c --- /dev/null +++ b/src/main/resources/licenses/Classpath-exception-2.0.txt @@ -0,0 +1,3 @@ +Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. + +As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. diff --git a/src/main/resources/licenses/Clips.txt b/src/main/resources/licenses/Clips.txt new file mode 100644 index 0000000000..ff5afdd293 --- /dev/null +++ b/src/main/resources/licenses/Clips.txt @@ -0,0 +1,15 @@ +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, and/or sell copies of the Software, and to permit persons +to whom the Software is furnished to do so. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT +OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY +CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/src/main/resources/licenses/Cornell-Lossless-JPEG.txt b/src/main/resources/licenses/Cornell-Lossless-JPEG.txt new file mode 100644 index 0000000000..7d2d44394d --- /dev/null +++ b/src/main/resources/licenses/Cornell-Lossless-JPEG.txt @@ -0,0 +1,20 @@ +Copyright (c) 1993 Cornell University, Kongji Huang +All rights reserved. + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose, without fee, and without written +agreement is hereby granted, provided that the above copyright notice +and the following two paragraphs appear in all copies of this +software. + +IN NO EVENT SHALL THE CORNELL UNIVERSITY BE LIABLE TO ANY PARTY FOR +DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF CORNELL +UNIVERSITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +THE CORNELL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE +PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND CORNELL UNIVERSITY HAS +NO OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, +OR MODIFICATIONS. diff --git a/src/main/resources/licenses/Cronyx.txt b/src/main/resources/licenses/Cronyx.txt new file mode 100644 index 0000000000..10fa8e7067 --- /dev/null +++ b/src/main/resources/licenses/Cronyx.txt @@ -0,0 +1,11 @@ +This package contains a set of Russian fonts for X11 Release 6. +Copyright (C) 1994-1995 Cronyx Ltd. +Changes Copyright (C) 1996 by Sergey Vovk +Changes Copyright (C) 1999-2000 by Serge Winitzki +Changes Copyright (C) 1996-2000 by Andrey A. Chernov, Moscow, Russia. + +This software may be used, modified, copied, distributed, and sold, +in both source and binary form provided that the copyright +and these terms are retained. Under no circumstances is the author +responsible for the proper functioning of this software, nor does +the author assume any responsibility for damages incurred with its use. diff --git a/src/main/resources/licenses/Crossword.txt b/src/main/resources/licenses/Crossword.txt index 6be940c33b..35d95a79d7 100644 --- a/src/main/resources/licenses/Crossword.txt +++ b/src/main/resources/licenses/Crossword.txt @@ -1,5 +1,5 @@ Copyright (C) 1995-2009 Gerd Neugebauer cwpuzzle.dtx is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. No author or distributor accepts responsibility to anyone for the consequences of using it or for whether it serves any particular purpose or works at all, unless he says so in writing. -. + Everyone is granted permission to copy, modify and redistribute cwpuzzle.dtx, provided this copyright notice is preserved and any modifications are indicated. diff --git a/src/main/resources/licenses/DEC-3-Clause.txt b/src/main/resources/licenses/DEC-3-Clause.txt new file mode 100644 index 0000000000..112edaa70d --- /dev/null +++ b/src/main/resources/licenses/DEC-3-Clause.txt @@ -0,0 +1,28 @@ +Copyright 1997 Digital Equipment Corporation. +All rights reserved. + +This software is furnished under license and may be used and copied only in +accordance with the following terms and conditions. Subject to these +conditions, you may download, copy, install, use, modify and distribute +this software in source and/or binary form. No title or ownership is +transferred hereby. + +1) Any source code used, modified or distributed must reproduce and retain + this copyright notice and list of conditions as they appear in the + source file. + +2) No right is granted to use any trade name, trademark, or logo of Digital + Equipment Corporation. Neither the "Digital Equipment Corporation" + name nor any trademark or logo of Digital Equipment Corporation may be + used to endorse or promote products derived from this software without + the prior written permission of Digital Equipment Corporation. + +3) This software is provided "AS-IS" and any express or implied warranties, + including but not limited to, any implied warranties of merchantability, + fitness for a particular purpose, or non-infringement are disclaimed. + In no event shall DIGITAL be liable for any damages whatsoever, and in + particular, DIGITAL shall not be liable for special, indirect, + consequential, or incidental damages or damages for lost profits, loss + of revenue or loss of use, whether such damages arise in contract, + negligence, tort, under statute, in equity, at law or otherwise, even + if advised of the possibility of such damage. diff --git a/src/main/resources/licenses/DL-DE-ZERO-2.0.txt b/src/main/resources/licenses/DL-DE-ZERO-2.0.txt new file mode 100644 index 0000000000..7daacde13d --- /dev/null +++ b/src/main/resources/licenses/DL-DE-ZERO-2.0.txt @@ -0,0 +1,25 @@ +DL-DE->Zero-2.0 +Datenlizenz Deutschland – Zero – Version 2.0 + +Jede Nutzung ist ohne Einschränkungen oder Bedingungen zulässig. + +Die bereitgestellten Daten und Metadaten dÃŧrfen fÃŧr die kommerzielle und nicht kommerzielle Nutzung insbesondere + + vervielfältigt, ausgedruckt, präsentiert, verändert, bearbeitet sowie an Dritte Ãŧbermittelt werden; + mit eigenen Daten und Daten Anderer zusammengefÃŧhrt und zu selbständigen neuen Datensätzen verbunden werden; + in interne und externe Geschäftsprozesse, Produkte und Anwendungen in Ãļffentlichen und nicht Ãļffentlichen elektronischen Netzwerken eingebunden werden. + + +Data licence Germany – Zero – version 2.0 + +Any use is permitted without restrictions or conditions. + +The data and meta-data provided may, for commercial and non-commercial use, in particular + + be copied, printed, presented, altered, processed and transmitted to third parties; + be merged with own data and with the data of others and be combined to form new and independent datasets; + be integrated in internal and external business processes, products and applications in public and non-public electronic networks. + + + +URL: https://www.govdata.de/dl-de/zero-2-0 diff --git a/src/main/resources/licenses/DRL-1.1.txt b/src/main/resources/licenses/DRL-1.1.txt new file mode 100644 index 0000000000..a6445601ff --- /dev/null +++ b/src/main/resources/licenses/DRL-1.1.txt @@ -0,0 +1,17 @@ +Detection Rule License (DRL) 1.1 + +Permission is hereby granted, free of charge, to any person obtaining a copy of this rule set and associated documentation files (the "Rules"), to deal in the Rules without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Rules, and to permit persons to whom the Rules are furnished to do so, subject to the following conditions: + +If you share the Rules (including in modified form), you must retain the following if it is supplied within the Rules: + +identification of the authors(s) ("author" field) of the Rule and any others designated to receive attribution, in any reasonable manner requested by the Rule author (including by pseudonym if designated). + +a URI or hyperlink to the Rule set or explicit Rule to the extent reasonably practicable + +indicate the Rules are licensed under this Detection Rule License, and include the text of, or the URI or hyperlink to, this Detection Rule License to the extent reasonably practicable + +If you use the Rules (including in modified form) on data, messages based on matches with the Rules must retain the following if it is supplied within the Rules: + +identification of the authors(s) ("author" field) of the Rule and any others designated to receive attribution, in any reasonable manner requested by the Rule author (including by pseudonym if designated). + +THE RULES ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE RULES OR THE USE OR OTHER DEALINGS IN THE RULES. diff --git a/src/main/resources/licenses/DigiRule-FOSS-exception.txt b/src/main/resources/licenses/DigiRule-FOSS-exception.txt new file mode 100644 index 0000000000..2fa106b38e --- /dev/null +++ b/src/main/resources/licenses/DigiRule-FOSS-exception.txt @@ -0,0 +1,54 @@ +DigiRule Solutions’s FOSS License Exception Terms and Conditions + +1. Definitions. + +“Derivative Work” means a derivative work, as defined under applicable copyright law, formed entirely from the Program and one or more FOSS Applications. + +“FOSS Application” means a free and open source software application distributed subject to a license listed in the section below titled “FOSS License List.” + +“FOSS Notice” means a notice placed by DigiRule Solutions in a copy of the Client Libraries stating that such copy of the Client Libraries may be distributed under DigiRule Solutions's or FOSS License Exception. + +“Independent Work” means portions of the Derivative Work that are not derived from the Program and can reasonably be considered independent and separate works. + +“Program” means a copy of DigiRule Solutions’s Client Libraries that contain a FOSS Notice. + +2. A FOSS application developer (“you” or “your”) may distribute a Derivative Work provided that you and the Derivative Work meet all of the following conditions: + + 1. You obey the GPL in all respects for the Program and all portions (including modifications) of the Program included in the Derivative Work (provided that this condition does not apply to Independent Works); + + 2. The Derivative Work does not include any work licensed under the GPL other than the Program; + + 3. You distribute Independent Works subject to a license listed in the section below titled “FOSS License List”; + + 4. You distribute Independent Works in object code or executable form with the complete corresponding machine-readable source code on the same medium and under the same FOSS license applying to the object code or executable forms; + + 5. All works that are aggregated with the Program or the Derivative Work on a medium or volume of storage are not derivative works of the Program, Derivative Work or FOSS Application, and must reasonably be considered independent and separate works. + +3. DigiRule Solutions reserves all rights not expressly granted in these terms and conditions. If all of the above conditions are not met, then this FOSS License Exception does not apply to you or your Derivative Work. + +FOSS License List +License Name Version(s)/Copyright Date +Release Early Certified Software +Academic Free License 2.0 +Apache Software License 1.0/1.1/2.0 +Apple Public Source License 2.0 +Artistic license From Perl 5.8.0 +BSD license “July 22 1999” +Common Development and Distribution License (CDDL) 1.0 +Common Public License 1.0 +Eclipse Public License 1.0 +GNU Library or “Lesser” General Public License (LGPL) 2.0/2.1/3.0 +Jabber Open Source License 1.0 +MIT License (As listed in file MIT-License.txt) - +Mozilla Public License (MPL) 1.0/1.1 +Open Software License 2.0 +OpenSSL license (with original SSLeay license) “2003” (“1998”) +PHP License 3.0/3.01 +Python license (CNRI Python License) - +Python Software Foundation License 2.1.1 +Sleepycat License “1999” +University of Illinois/NCSA Open Source License - +W3C License “2001” +X11 License “2001” +Zlib/libpng License - +Zope Public License 2.0 diff --git a/src/main/resources/licenses/DocBook-Schema.txt b/src/main/resources/licenses/DocBook-Schema.txt new file mode 100644 index 0000000000..56203a0878 --- /dev/null +++ b/src/main/resources/licenses/DocBook-Schema.txt @@ -0,0 +1,22 @@ +Copyright 1992-2011 HaL Computer Systems, Inc., +O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software +Corporation, Norman Walsh, Sun Microsystems, Inc., and the +Organization for the Advancement of Structured Information +Standards (OASIS). + +Permission to use, copy, modify and distribute the DocBook schema +and its accompanying documentation for any purpose and without fee +is hereby granted in perpetuity, provided that the above copyright +notice and this paragraph appear in all copies. The copyright +holders make no representation about the suitability of the schema +for any purpose. It is provided "as is" without expressed or implied +warranty. + +If you modify the DocBook schema in any way, label your schema as a +variant of DocBook. See the reference documentation +(http://docbook.org/tdg5/en/html/ch05.html#s-notdocbook) +for more information. + +Please direct all questions, bug reports, or suggestions for changes +to the docbook@lists.oasis-open.org mailing list. For more +information, see http://www.oasis-open.org/docbook/. diff --git a/src/main/resources/licenses/DocBook-Stylesheet.txt b/src/main/resources/licenses/DocBook-Stylesheet.txt new file mode 100644 index 0000000000..e986ed4235 --- /dev/null +++ b/src/main/resources/licenses/DocBook-Stylesheet.txt @@ -0,0 +1,13 @@ +Copyright 2005 Norman Walsh, Sun Microsystems, +Inc., and the Organization for the Advancement +of Structured Information Standards (OASIS). + +Release: $Id: db4-upgrade.xsl 8905 2010-09-12 11:47:07Z bobstayton $ + +Permission to use, copy, modify and distribute this stylesheet +and its accompanying documentation for any purpose and +without fee is hereby granted in perpetuity, provided that +the above copyright notice and this paragraph appear in +all copies. The copyright holders make no representation +about the suitability of the schema for any purpose. It +is provided "as is" without expressed or implied warranty. diff --git a/src/main/resources/licenses/DocBook-XML.txt b/src/main/resources/licenses/DocBook-XML.txt new file mode 100644 index 0000000000..9553feee6b --- /dev/null +++ b/src/main/resources/licenses/DocBook-XML.txt @@ -0,0 +1,48 @@ +Copyright +--------- +Copyright (C) 1999-2007 Norman Walsh +Copyright (C) 2003 Jiří Kosek +Copyright (C) 2004-2007 Steve Ball +Copyright (C) 2005-2014 The DocBook Project +Copyright (C) 2011-2012 O'Reilly Media + +Permission is hereby granted, free of charge, to any person +obtaining a copy of this software and associated documentation +files (the ``Software''), to deal in the Software without +restriction, including without limitation the rights to use, +copy, modify, merge, publish, distribute, sublicense, and/or +sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +Except as contained in this notice, the names of individuals +credited with contribution to this software shall not be used in +advertising or otherwise to promote the sale, use or other +dealings in this Software without prior written authorization +from the individuals in question. + +Any stylesheet derived from this Software that is publically +distributed will be identified with a different name and the +version strings in any derived Software will be changed so that +no possibility of confusion between the derived package and this +Software will exist. + +Warranty +-------- +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES +OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL NORMAN WALSH OR ANY OTHER +CONTRIBUTOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +Contacting the Author +--------------------- +The DocBook XSL stylesheets are maintained by Norman Walsh, +, and members of the DocBook Project, + diff --git a/src/main/resources/licenses/Elastic-2.0.txt b/src/main/resources/licenses/Elastic-2.0.txt index 809108b857..9496955678 100644 --- a/src/main/resources/licenses/Elastic-2.0.txt +++ b/src/main/resources/licenses/Elastic-2.0.txt @@ -2,18 +2,18 @@ Elastic License 2.0 URL: https://www.elastic.co/licensing/elastic-license -## Acceptance +Acceptance By using the software, you agree to all of the terms and conditions below. -## Copyright License +Copyright License The licensor grants you a non-exclusive, royalty-free, worldwide, non-sublicensable, non-transferable license to use, copy, distribute, make available, and prepare derivative works of the software, in each case subject to the limitations and conditions below. -## Limitations +Limitations You may not provide the software to third parties as a hosted or managed service, where the service provides users with access to any substantial set of @@ -27,7 +27,7 @@ You may not alter, remove, or obscure any licensing, copyright, or other notices of the licensor in the software. Any use of the licensor’s trademarks is subject to applicable law. -## Patents +Patents The licensor grants you a license, under any patent claims the licensor can license, or becomes able to license, to make, have made, use, sell, offer for @@ -40,7 +40,7 @@ the software granted under these terms ends immediately. If your company makes such a claim, your patent license ends immediately for work on behalf of your company. -## Notices +Notices You must ensure that anyone who gets a copy of any part of the software from you also gets a copy of these terms. @@ -53,7 +53,7 @@ software prominent notices stating that you have modified the software. These terms do not imply any licenses other than those expressly granted in these terms. -## Termination +Termination If you use the software in violation of these terms, such use is not licensed, and your licenses will automatically terminate. If the licensor provides you @@ -63,31 +63,31 @@ reinstated retroactively. However, if you violate these terms after such reinstatement, any additional violation of these terms will cause your licenses to terminate automatically and permanently. -## No Liability +No Liability -*As far as the law allows, the software comes as is, without any warranty or +As far as the law allows, the software comes as is, without any warranty or condition, and the licensor will not be liable to you for any damages arising out of these terms or the use or nature of the software, under any kind of -legal claim.* +legal claim. -## Definitions +Definitions -The **licensor** is the entity offering these terms, and the **software** is the +The licensor is the entity offering these terms, and the software is the software the licensor makes available under these terms, including any portion of it. -**you** refers to the individual or entity agreeing to these terms. +you refers to the individual or entity agreeing to these terms. -**your company** is any legal entity, sole proprietorship, or other kind of +your company is any legal entity, sole proprietorship, or other kind of organization that you work for, plus all organizations that have control over, are under the control of, or are under common control with that -organization. **control** means ownership of substantially all the assets of an +organization. control means ownership of substantially all the assets of an entity, or the power to direct its management and policies by vote, contract, or otherwise. Control can be direct or indirect. -**your licenses** are all the licenses granted to you for the software under +your licenses are all the licenses granted to you for the software under these terms. -**use** means anything you do with the software requiring one of your licenses. +use means anything you do with the software requiring one of your licenses. -**trademark** means trademarks, service marks, and similar rights. +trademark means trademarks, service marks, and similar rights. diff --git a/src/main/resources/licenses/FBM.txt b/src/main/resources/licenses/FBM.txt new file mode 100644 index 0000000000..68d9149b90 --- /dev/null +++ b/src/main/resources/licenses/FBM.txt @@ -0,0 +1,6 @@ +Portions of this code Copyright (C) 1989 by Michael Mauldin. +Permission is granted to use this file in whole or in +part for any purpose, educational, recreational or commercial, +provided that this copyright notice is retained unchanged. +This software is available to all free of charge by anonymous +FTP and in the UUNET archives. diff --git a/src/main/resources/licenses/FLTK-exception.txt b/src/main/resources/licenses/FLTK-exception.txt new file mode 100644 index 0000000000..836c954b33 --- /dev/null +++ b/src/main/resources/licenses/FLTK-exception.txt @@ -0,0 +1,17 @@ +The FLTK library and included programs are provided under the terms of the GNU Library General Public License (LGPL) with the following exceptions: + +Modifications to the FLTK configure script, config header file, and makefiles by themselves to support a specific platform do not constitute a modified or derivative work. + +The authors do request that such modifications be contributed to the FLTK project - send all contributions to "fltk-bugs@fltk.org". + +Widgets that are subclassed from FLTK widgets do not constitute a derivative work. + +Static linking of applications and widgets to the FLTK library does not constitute a derivative work and does not require the author to provide source code for the application or widget, use the shared FLTK libraries, or link their applications or widgets against a user-supplied version of FLTK. + +If you link the application or widget to a modified version of FLTK, then the changes to FLTK must be provided under the terms of the LGPL in sections 1, 2, and 4. + +You do not have to provide a copy of the FLTK license with programs that are linked to the FLTK library, nor do you have to identify the FLTK license in your program or documentation as required by section 6 of the LGPL. + +However, programs must still identify their use of FLTK. The following example statement can be included in user documentation to satisfy this requirement: + +[program/widget] is based in part on the work of the FLTK project (http://www.fltk.org). diff --git a/src/main/resources/licenses/FSFAP-no-warranty-disclaimer.txt b/src/main/resources/licenses/FSFAP-no-warranty-disclaimer.txt new file mode 100644 index 0000000000..2cc8a93320 --- /dev/null +++ b/src/main/resources/licenses/FSFAP-no-warranty-disclaimer.txt @@ -0,0 +1,5 @@ +Copyright (C) 2008 Micah J. Cowan + +Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. diff --git a/src/main/resources/licenses/FSFULLRWD.txt b/src/main/resources/licenses/FSFULLRWD.txt new file mode 100644 index 0000000000..8dc0b2e5f0 --- /dev/null +++ b/src/main/resources/licenses/FSFULLRWD.txt @@ -0,0 +1,11 @@ +Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. + +This Makefile.in is free software; the Free Software Foundation +gives unlimited permission to copy and/or distribute it, +with or without modifications, as long as this notice is preserved. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY, to the extent permitted by law; without +even the implied warranty of MERCHANTABILITY or FITNESS FOR A +PARTICULAR PURPOSE. diff --git a/src/main/resources/licenses/Fawkes-Runtime-exception.txt b/src/main/resources/licenses/Fawkes-Runtime-exception.txt new file mode 100644 index 0000000000..0ec93c748b --- /dev/null +++ b/src/main/resources/licenses/Fawkes-Runtime-exception.txt @@ -0,0 +1 @@ +Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. Additionally if other files instantiate templates or use macros or inline functions from this file, or you compile this file and link it with other files to produce an executable, this file does not by itself cause the resulting executable to be covered by the GNU General Public License. This exception does not however invalidate any other reasons why the executable file might be covered by the GNU General Public License. diff --git a/src/main/resources/licenses/Ferguson-Twofish.txt b/src/main/resources/licenses/Ferguson-Twofish.txt new file mode 100644 index 0000000000..43bb00c3ee --- /dev/null +++ b/src/main/resources/licenses/Ferguson-Twofish.txt @@ -0,0 +1,15 @@ + The author hereby grants a perpetual license to everybody to + use this code for any purpose as long as the copyright message is included + in the source code of this or any derived work. + + Yes, this means that you, your company, your club, and anyone else + can use this code anywhere you want. You can change it and distribute it + under the GPL, include it in your commercial product without releasing + the source code, put it on the web, etc. + The only thing you cannot do is remove my copyright message, + or distribute any source code based on this implementation that does not + include my copyright message. + + I appreciate a mention in the documentation or credits, + but I understand if that is difficult to do. + I also appreciate it if you tell me where and why you used my code. diff --git a/src/main/resources/licenses/Font-exception-2.0.txt b/src/main/resources/licenses/Font-exception-2.0.txt new file mode 100644 index 0000000000..a78eeae73c --- /dev/null +++ b/src/main/resources/licenses/Font-exception-2.0.txt @@ -0,0 +1 @@ +As a special exception, if you create a document which uses this font, and embed this font or unaltered portions of this font into the document, this font does not by itself cause the resulting document to be covered by the GNU General Public License. This exception does not however invalidate any other reasons why the document might be covered by the GNU General Public License. If you modify this font, you may extend this exception to your version of the font, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. diff --git a/src/main/resources/licenses/Furuseth.txt b/src/main/resources/licenses/Furuseth.txt new file mode 100644 index 0000000000..55feeef90b --- /dev/null +++ b/src/main/resources/licenses/Furuseth.txt @@ -0,0 +1,13 @@ +Portions Copyright 1999-2008 Howard Y.H. Chu. +Portions Copyright 1999-2008 Symas Corporation. +Portions Copyright 1998-2003 Hallvard B. Furuseth. +Portions Copyright 2007-2011 Gavin Henry. +Portions Copyright 2007-2011 Suretec Systems Ltd. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that this notice is preserved. +The names of the copyright holders may not be used to endorse or +promote products derived from this software without their specific +prior written permission. This software is provided ``as is'' +without express or implied warranty. diff --git a/src/main/resources/licenses/GCC-exception-2.0-note.txt b/src/main/resources/licenses/GCC-exception-2.0-note.txt new file mode 100644 index 0000000000..654099aac0 --- /dev/null +++ b/src/main/resources/licenses/GCC-exception-2.0-note.txt @@ -0,0 +1,16 @@ + In addition to the permissions in the GNU Lesser General Public + License, the Free Software Foundation gives you unlimited + permission to link the compiled version of this file with other + programs, and to distribute those programs without any restriction + coming from the use of this file. (The GNU Lesser General Public + License restrictions do apply in other respects; for example, they + cover modification of the file, and distribution when not linked + into another program.) + + Note that people who make modified versions of this file are not + obligated to grant this special exception for their modified + versions; it is their choice whether to do so. The GNU Lesser + General Public License gives permission to release a modified + version without this exception; this exception also makes it + possible to release a modified version which carries forward this + exception. diff --git a/src/main/resources/licenses/GCC-exception-2.0.txt b/src/main/resources/licenses/GCC-exception-2.0.txt new file mode 100644 index 0000000000..642ecdd736 --- /dev/null +++ b/src/main/resources/licenses/GCC-exception-2.0.txt @@ -0,0 +1 @@ +In addition to the permissions in the GNU General Public License, the Free Software Foundation gives you unlimited permission to link the compiled version of this file into combinations with other programs, and to distribute those combinations without any restriction coming from the use of this file. (The General Public License restrictions do apply in other respects; for example, they cover modification of the file, and distribution when not linked into a combine executable.) diff --git a/src/main/resources/licenses/GCC-exception-3.1.txt b/src/main/resources/licenses/GCC-exception-3.1.txt new file mode 100644 index 0000000000..3d8345bec5 --- /dev/null +++ b/src/main/resources/licenses/GCC-exception-3.1.txt @@ -0,0 +1,33 @@ +GCC RUNTIME LIBRARY EXCEPTION + +Version 3.1, 31 March 2009 + +General information: http://www.gnu.org/licenses/gcc-exception.html +Copyright (C) 2009 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. +This GCC Runtime Library Exception ("Exception") is an additional permission under section 7 of the GNU General Public License, version 3 ("GPLv3"). It applies to a given file (the "Runtime Library") that bears a notice placed by the copyright holder of the file stating that the file is governed by GPLv3 along with this Exception. + +When you use GCC to compile a program, GCC may combine portions of certain GCC header files and runtime libraries with the compiled program. The purpose of this Exception is to allow compilation of non-GPL (including proprietary) programs to use, in this way, the header files and runtime libraries covered by this Exception. + +0. Definitions. + +A file is an "Independent Module" if it either requires the Runtime Library for execution after a Compilation Process, or makes use of an interface provided by the Runtime Library, but is not otherwise based on the Runtime Library. + +"GCC" means a version of the GNU Compiler Collection, with or without modifications, governed by version 3 (or a specified later version) of the GNU General Public License (GPL) with the option of using any subsequent versions published by the FSF. + +"GPL-compatible Software" is software whose conditions of propagation, modification and use would permit combination with GCC in accord with the license of GCC. + +"Target Code" refers to output from any compiler for a real or virtual target processor architecture, in executable form or suitable for input to an assembler, loader, linker and/or execution phase. Notwithstanding that, Target Code does not include data in any format that is used as a compiler intermediate representation, or used for producing a compiler intermediate representation. + +The "Compilation Process" transforms code entirely represented in non-intermediate languages designed for human-written code, and/or in Java Virtual Machine byte code, into Target Code. Thus, for example, use of source code generators and preprocessors need not be considered part of the Compilation Process, since the Compilation Process can be understood as starting with the output of the generators or preprocessors. + +A Compilation Process is "Eligible" if it is done using GCC, alone or with other GPL-compatible software, or if it is done without using any work based on GCC. For example, using non-GPL-compatible Software to optimize any GCC intermediate representations would not qualify as an Eligible Compilation Process. + +1. Grant of Additional Permission. + +You have permission to propagate a work of Target Code formed by combining the Runtime Library with Independent Modules, even if such propagation would otherwise violate the terms of GPLv3, provided that all Target Code was generated by Eligible Compilation Processes. You may then convey such a combination under terms of your choice, consistent with the licensing of the Independent Modules. + +2. No Weakening of GCC Copyleft. + +The availability of this Exception does not imply any general presumption that third-party software is unaffected by the copyleft requirements of the license of GCC. diff --git a/src/main/resources/licenses/GCR-docs.txt b/src/main/resources/licenses/GCR-docs.txt new file mode 100644 index 0000000000..d5c1293c96 --- /dev/null +++ b/src/main/resources/licenses/GCR-docs.txt @@ -0,0 +1,30 @@ +This work may be reproduced and distributed in whole or in part, in +any medium, physical or electronic, so as long as this copyright +notice remains intact and unchanged on all copies. Commercial +redistribution is permitted and encouraged, but you may not +redistribute, in whole or in part, under terms more restrictive than +those under which you received it. If you redistribute a modified or +translated version of this work, you must also make the source code to +the modified or translated version available in electronic form +without charge. However, mere aggregation as part of a larger work +shall not count as a modification for this purpose. + +All code examples in this work are placed into the public domain, +and may be used, modified and redistributed without restriction. + +BECAUSE THIS WORK IS LICENSED FREE OF CHARGE, THERE IS NO +WARRANTY FOR THE WORK, TO THE EXTENT PERMITTED BY APPLICABLE LAW. +EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR +OTHER PARTIES PROVIDE THE WORK "AS IS" WITHOUT WARRANTY OF ANY +KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. SHOULD THE WORK PROVE DEFECTIVE, YOU ASSUME +THE COST OF ALL NECESSARY REPAIR OR CORRECTION. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN +WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY +AND/OR REDISTRIBUTE THE WORK AS PERMITTED ABOVE, BE LIABLE TO YOU +FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR +CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE +WORK, EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. diff --git a/src/main/resources/licenses/GFDL-1.1.txt b/src/main/resources/licenses/GFDL-1.1.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GFDL-1.1.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GFDL-1.2.txt b/src/main/resources/licenses/GFDL-1.2.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GFDL-1.2.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GFDL-1.3.txt b/src/main/resources/licenses/GFDL-1.3.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GFDL-1.3.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GNAT-exception.txt b/src/main/resources/licenses/GNAT-exception.txt new file mode 100644 index 0000000000..2b5a96a62b --- /dev/null +++ b/src/main/resources/licenses/GNAT-exception.txt @@ -0,0 +1,6 @@ +As a special exception, if other files instantiate generics from this +unit, or you link this unit with other files to produce an executable, +this unit does not by itself cause the resulting executable to be +covered by the GNU General Public License. This exception does not +however invalidate any other reasons why the executable file might be +covered by the GNU Public License. diff --git a/src/main/resources/licenses/GNOME-examples-exception.txt b/src/main/resources/licenses/GNOME-examples-exception.txt new file mode 100644 index 0000000000..0f0cd53b50 --- /dev/null +++ b/src/main/resources/licenses/GNOME-examples-exception.txt @@ -0,0 +1 @@ +As a special exception, the copyright holders give you permission to copy, modify, and distribute the example code contained in this document under the terms of your choosing, without restriction. diff --git a/src/main/resources/licenses/GNU-compiler-exception.txt b/src/main/resources/licenses/GNU-compiler-exception.txt new file mode 100644 index 0000000000..684833ffb4 --- /dev/null +++ b/src/main/resources/licenses/GNU-compiler-exception.txt @@ -0,0 +1,6 @@ +As a special exception, if you link this library with files +compiled with a GNU compiler to produce an executable, this +does not cause the resulting executable to be covered by +the GNU General Public License. This exception does not +however invalidate any other reasons why the executable +file might be covered by the GNU General Public License. diff --git a/src/main/resources/licenses/GPL-1.0+.txt b/src/main/resources/licenses/GPL-1.0+.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GPL-1.0+.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GPL-1.0.txt b/src/main/resources/licenses/GPL-1.0.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GPL-1.0.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GPL-2.0+.txt b/src/main/resources/licenses/GPL-2.0+.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GPL-2.0+.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GPL-2.0-with-GCC-exception.txt b/src/main/resources/licenses/GPL-2.0-with-GCC-exception.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GPL-2.0-with-GCC-exception.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GPL-2.0-with-autoconf-exception.txt b/src/main/resources/licenses/GPL-2.0-with-autoconf-exception.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GPL-2.0-with-autoconf-exception.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GPL-2.0-with-bison-exception.txt b/src/main/resources/licenses/GPL-2.0-with-bison-exception.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GPL-2.0-with-bison-exception.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GPL-2.0-with-classpath-exception.txt b/src/main/resources/licenses/GPL-2.0-with-classpath-exception.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GPL-2.0-with-classpath-exception.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GPL-2.0-with-font-exception.txt b/src/main/resources/licenses/GPL-2.0-with-font-exception.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GPL-2.0-with-font-exception.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GPL-2.0.txt b/src/main/resources/licenses/GPL-2.0.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GPL-2.0.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GPL-3.0+.txt b/src/main/resources/licenses/GPL-3.0+.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GPL-3.0+.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GPL-3.0-389-ds-base-exception.txt b/src/main/resources/licenses/GPL-3.0-389-ds-base-exception.txt new file mode 100644 index 0000000000..52be470c10 --- /dev/null +++ b/src/main/resources/licenses/GPL-3.0-389-ds-base-exception.txt @@ -0,0 +1,10 @@ +Additional permission under GPLv3 section 7: + +If you modify this Program, or any covered work, by +linking or combining it with OpenSSL, or a modified +version of OpenSSL licensed under the OpenSSL license +(https://www.openssl.org/source/license.html), the licensors of this +Program grant you additional permission to convey the resulting work. +Corresponding Source for a non-source form of such a combination +shall include the source code for the parts that are licensed +under the OpenSSL license as well as that of the covered work. diff --git a/src/main/resources/licenses/GPL-3.0-interface-exception.txt b/src/main/resources/licenses/GPL-3.0-interface-exception.txt new file mode 100644 index 0000000000..a86a7fffd7 --- /dev/null +++ b/src/main/resources/licenses/GPL-3.0-interface-exception.txt @@ -0,0 +1,7 @@ +Linking [name of library] statically or dynamically with other modules is making a combined work based on [name of library]. Thus, the terms and conditions of the GNU General Public License cover the whole combination. + +As a special exception, the copyright holders of [name of library] give you permission to combine [name of library] program with free software programs or libraries that are released under the GNU LGPL and with independent modules that communicate with [name of library] solely through the [name of library's interface] interface. You may copy and distribute such a system following the terms of the GNU GPL for [name of library] and the licenses of the other code concerned, provided that you include the source code of that other code when and as the GNU GPL requires distribution of source code and provided that you do not modify the [name of library's interface] interface. + +Note that people who make modified versions of [name of library] are not obligated to grant this special exception for their modified versions; it is their choice whether to do so. The GNU General Public License gives permission to release a modified version without this exception; this exception also makes it possible to release a modified version which carries forward this exception. If you modify the [name of library's interface] interface, this exception does not apply to your modified version of [name of library], and you must remove this exception when you distribute your modified version. + +This exception is an additional permission under section 7 of the GNU General Public License, version 3 ("GPLv3") diff --git a/src/main/resources/licenses/GPL-3.0-linking-exception.txt b/src/main/resources/licenses/GPL-3.0-linking-exception.txt new file mode 100644 index 0000000000..56096c0706 --- /dev/null +++ b/src/main/resources/licenses/GPL-3.0-linking-exception.txt @@ -0,0 +1,3 @@ +Additional permission under GNU GPL version 3 section 7 + +If you modify this Program, or any covered work, by linking or combining it with [name of library] (or a modified version of that library), containing parts covered by the terms of [name of library's license], the licensors of this Program grant you additional permission to convey the resulting work. diff --git a/src/main/resources/licenses/GPL-3.0-linking-source-exception.txt b/src/main/resources/licenses/GPL-3.0-linking-source-exception.txt new file mode 100644 index 0000000000..58a1d1b3a4 --- /dev/null +++ b/src/main/resources/licenses/GPL-3.0-linking-source-exception.txt @@ -0,0 +1,3 @@ +Additional permission under GNU GPL version 3 section 7 + +If you modify this Program, or any covered work, by linking or combining it with [name of library] (or a modified version of that library), containing parts covered by the terms of [name of library's license], the licensors of this Program grant you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of [name of library] used as well as that of the covered work. diff --git a/src/main/resources/licenses/GPL-3.0-with-GCC-exception.txt b/src/main/resources/licenses/GPL-3.0-with-GCC-exception.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GPL-3.0-with-GCC-exception.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GPL-3.0-with-autoconf-exception.txt b/src/main/resources/licenses/GPL-3.0-with-autoconf-exception.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GPL-3.0-with-autoconf-exception.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GPL-3.0.txt b/src/main/resources/licenses/GPL-3.0.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/GPL-3.0.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/GPL-CC-1.0.txt b/src/main/resources/licenses/GPL-CC-1.0.txt new file mode 100644 index 0000000000..a687e0ddb6 --- /dev/null +++ b/src/main/resources/licenses/GPL-CC-1.0.txt @@ -0,0 +1,46 @@ +GPL Cooperation Commitment +Version 1.0 + +Before filing or continuing to prosecute any legal proceeding or claim +(other than a Defensive Action) arising from termination of a Covered +License, we commit to extend to the person or entity ('you') accused +of violating the Covered License the following provisions regarding +cure and reinstatement, taken from GPL version 3. As used here, the +term 'this License' refers to the specific Covered License being +enforced. + + However, if you cease all violation of this License, then your + license from a particular copyright holder is reinstated (a) + provisionally, unless and until the copyright holder explicitly + and finally terminates your license, and (b) permanently, if the + copyright holder fails to notify you of the violation by some + reasonable means prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is + reinstated permanently if the copyright holder notifies you of the + violation by some reasonable means, this is the first time you + have received notice of violation of this License (for any work) + from that copyright holder, and you cure the violation prior to 30 + days after your receipt of the notice. + +We intend this Commitment to be irrevocable, and binding and +enforceable against us and assignees of or successors to our +copyrights. + +Definitions + +'Covered License' means the GNU General Public License, version 2 +(GPLv2), the GNU Lesser General Public License, version 2.1 +(LGPLv2.1), or the GNU Library General Public License, version 2 +(LGPLv2), all as published by the Free Software Foundation. + +'Defensive Action' means a legal proceeding or claim that We bring +against you in response to a prior proceeding or claim initiated by +you or your affiliate. + +'We' means each contributor to this repository as of the date of +inclusion of this file, including subsidiaries of a corporate +contributor. + +This work is available under a Creative Commons Attribution-ShareAlike +4.0 International license (https://creativecommons.org/licenses/by-sa/4.0/). diff --git a/src/main/resources/licenses/GStreamer-exception-2005.txt b/src/main/resources/licenses/GStreamer-exception-2005.txt new file mode 100644 index 0000000000..95ff750da3 --- /dev/null +++ b/src/main/resources/licenses/GStreamer-exception-2005.txt @@ -0,0 +1 @@ +The Totem project hereby grant permission for non-gpl compatible GStreamer plugins to be used and distributed together with GStreamer and Totem. This permission are above and beyond the permissions granted by the GPL license Totem is covered by. diff --git a/src/main/resources/licenses/GStreamer-exception-2008.txt b/src/main/resources/licenses/GStreamer-exception-2008.txt new file mode 100644 index 0000000000..28927e533e --- /dev/null +++ b/src/main/resources/licenses/GStreamer-exception-2008.txt @@ -0,0 +1 @@ +This project hereby grants permission for non-GPL compatible GStreamer plugins to be used and distributed together with GStreamer and this project. This permission is above and beyond the permissions granted by the GPL license by which this project is covered. If you modify this code, you may extend this exception to your version of the code, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. diff --git a/src/main/resources/licenses/Gmsh-exception.txt b/src/main/resources/licenses/Gmsh-exception.txt new file mode 100644 index 0000000000..6d28f704e4 --- /dev/null +++ b/src/main/resources/licenses/Gmsh-exception.txt @@ -0,0 +1,16 @@ +The copyright holders of Gmsh give you permission to combine Gmsh + with code included in the standard release of Netgen (from Joachim + Sch"oberl), METIS (from George Karypis at the University of + Minnesota), OpenCASCADE (from Open CASCADE S.A.S) and ParaView + (from Kitware, Inc.) under their respective licenses. You may copy + and distribute such a system following the terms of the GNU GPL for + Gmsh and the licenses of the other code concerned, provided that + you include the source code of that other code when and as the GNU + GPL requires distribution of source code. + + Note that people who make modified versions of Gmsh are not + obligated to grant this special exception for their modified + versions; it is their choice whether to do so. The GNU General + Public License gives permission to release a modified version + without this exception; this exception also makes it possible to + release a modified version which carries forward this exception. diff --git a/src/main/resources/licenses/Graphics-Gems.txt b/src/main/resources/licenses/Graphics-Gems.txt new file mode 100644 index 0000000000..ec28c46563 --- /dev/null +++ b/src/main/resources/licenses/Graphics-Gems.txt @@ -0,0 +1,5 @@ +LICENSE + +This code repository predates the concept of Open Source, and predates most licenses along such lines. As such, the official license truly is: + +EULA: The Graphics Gems code is copyright-protected. In other words, you cannot claim the text of the code as your own and resell it. Using the code is permitted in any program, product, or library, non-commercial or commercial. Giving credit is not required, though is a nice gesture. The code comes as-is, and if there are any flaws or problems with any Gems code, nobody involved with Gems - authors, editors, publishers, or webmasters - are to be held responsible. Basically, don't be a jerk, and remember that anything free comes with no guarantee. diff --git a/src/main/resources/licenses/Gutmann.txt b/src/main/resources/licenses/Gutmann.txt new file mode 100644 index 0000000000..c33f4ee3a2 --- /dev/null +++ b/src/main/resources/licenses/Gutmann.txt @@ -0,0 +1,2 @@ +You can use this code in whatever way you want, as long as you don't try +to claim you wrote it. diff --git a/src/main/resources/licenses/HIDAPI.txt b/src/main/resources/licenses/HIDAPI.txt new file mode 100644 index 0000000000..e0b5d70c04 --- /dev/null +++ b/src/main/resources/licenses/HIDAPI.txt @@ -0,0 +1,2 @@ +This software may be used by anyone for any reason so long +as the copyright notice in the source files remains intact. diff --git a/src/main/resources/licenses/HP-1986.txt b/src/main/resources/licenses/HP-1986.txt new file mode 100644 index 0000000000..35844cb4d8 --- /dev/null +++ b/src/main/resources/licenses/HP-1986.txt @@ -0,0 +1,10 @@ +(c) Copyright 1986 HEWLETT-PACKARD COMPANY + +To anyone who acknowledges that this file is provided "AS IS" +without any express or implied warranty: permission to use, copy, +modify, and distribute this file for any purpose is hereby granted +without fee, provided that the above copyright notice and this notice +appears in all copies, and that the name of Hewlett-Packard Company +not be used in advertising or publicity pertaining to distribution +of the software without specific, written prior permission. Hewlett-Packard +Company makes no representations about the suitability of this software for any purpose. diff --git a/src/main/resources/licenses/HP-1989.txt b/src/main/resources/licenses/HP-1989.txt new file mode 100644 index 0000000000..7422055d95 --- /dev/null +++ b/src/main/resources/licenses/HP-1989.txt @@ -0,0 +1,16 @@ +Copyright (c) 1990- 1993, 1996 Open Software Foundation, Inc. +Copyright (c) 1989 by Hewlett-Packard Company, Palo Alto, Ca. +Digital Equipment Corporation, Maynard, Mass. +Copyright (c) 1998 Microsoft. +To anyone who acknowledges that this file is provided "AS IS" +without any express or implied warranty: permission to use, copy, +modify, and distribute this file for any purpose is hereby +granted without fee, provided that the above copyright notices and +this notice appears in all source code copies, and that none of +the names of Open Software Foundation, Inc., Hewlett-Packard +Company, Microsoft, or Digital Equipment Corporation be used in +advertising or publicity pertaining to distribution of the software +without specific, written prior permission. Neither Open Software +Foundation, Inc., Hewlett-Packard Company, Microsoft, nor Digital +Equipment Corporation makes any representations about the +suitability of this software for any purpose. diff --git a/src/main/resources/licenses/HPND-DEC.txt b/src/main/resources/licenses/HPND-DEC.txt new file mode 100644 index 0000000000..d014f1fabc --- /dev/null +++ b/src/main/resources/licenses/HPND-DEC.txt @@ -0,0 +1,22 @@ +COPYRIGHT 1990 +DIGITAL EQUIPMENT CORPORATION +MAYNARD, MASSACHUSETTS +ALL RIGHTS RESERVED. + +THE INFORMATION IN THIS SOFTWARE IS SUBJECT TO CHANGE WITHOUT NOTICE AND SHOULD NOT BE CONSTRUED AS A COMMITMENT BY DIGITAL EQUIPMENT CORPORATION. +DIGITAL MAKES NO REPRESENTATIONS ABOUT THE SUITABILITY OF THIS SOFTWARE +FOR ANY PURPOSE. IT IS SUPPLIED "AS IS" WITHOUT EXPRESS OR IMPLIED +WARRANTY. + +IF THE SOFTWARE IS MODIFIED IN A MANNER CREATING DERIVATIVE COPYRIGHT +RIGHTS, APPROPRIATE LEGENDS MAY BE PLACED ON THE DERIVATIVE WORK IN +ADDITION TO THAT SET FORTH ABOVE. + +Permission to use, copy, modify, and distribute this software and +its documentation for any purpose and without fee is hereby granted, +provided that the above copyright notice appear in all copies +and that both that copyright notice and this permission notice appear in supporting +documentation, +and that the name of Digital Equipment Corporation not be +used in advertising or publicity pertaining to distribution of the +software without specific, written prior permission. diff --git a/src/main/resources/licenses/HPND-Fenneberg-Livingston.txt b/src/main/resources/licenses/HPND-Fenneberg-Livingston.txt new file mode 100644 index 0000000000..aaf524f3aa --- /dev/null +++ b/src/main/resources/licenses/HPND-Fenneberg-Livingston.txt @@ -0,0 +1,13 @@ +Copyright (C) 1995,1996,1997,1998 Lars Fenneberg + +Permission to use, copy, modify, and distribute this software for any +purpose and without fee is hereby granted, provided that this copyright and +permission notice appear on all copies and supporting documentation, the +name of Lars Fenneberg not be used in advertising or publicity pertaining to +distribution of the program without specific prior permission, and notice be +given in supporting documentation that copying and distribution is by +permission of Lars Fenneberg. + +Lars Fenneberg makes no representations about the suitability of this +software for any purpose. It is provided "as is" without express or implied +warranty. diff --git a/src/main/resources/licenses/HPND-INRIA-IMAG.txt b/src/main/resources/licenses/HPND-INRIA-IMAG.txt new file mode 100644 index 0000000000..87d09d92cb --- /dev/null +++ b/src/main/resources/licenses/HPND-INRIA-IMAG.txt @@ -0,0 +1,9 @@ +This software is available with usual "research" terms with +the aim of retain credits of the software. Permission to use, +copy, modify and distribute this software for any purpose and +without fee is hereby granted, provided that the above copyright +notice and this permission notice appear in all copies, and +the name of INRIA, IMAG, or any contributor not be used in +advertising or publicity pertaining to this material without +the prior explicit permission. The software is provided "as +is" without any warranties, support or liabilities of any kind. diff --git a/src/main/resources/licenses/HPND-Intel.txt b/src/main/resources/licenses/HPND-Intel.txt new file mode 100644 index 0000000000..98f0ceb4fd --- /dev/null +++ b/src/main/resources/licenses/HPND-Intel.txt @@ -0,0 +1,25 @@ +Copyright (c) 1993 Intel Corporation + +Intel hereby grants you permission to copy, modify, and distribute this +software and its documentation. Intel grants this permission provided +that the above copyright notice appears in all copies and that both the +copyright notice and this permission notice appear in supporting +documentation. In addition, Intel grants this permission provided that +you prominently mark as "not part of the original" any modifications +made to this software or documentation, and that the name of Intel +Corporation not be used in advertising or publicity pertaining to +distribution of the software or the documentation without specific, +written prior permission. + +Intel Corporation provides this AS IS, WITHOUT ANY WARRANTY, EXPRESS OR +IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY +OR FITNESS FOR A PARTICULAR PURPOSE. Intel makes no guarantee or +representations regarding the use of, or the results of the use of, +the software and documentation in terms of correctness, accuracy, +reliability, currentness, or otherwise; and you rely on the software, +documentation and results solely at your own risk. + +IN NO EVENT SHALL INTEL BE LIABLE FOR ANY LOSS OF USE, LOSS OF BUSINESS, +LOSS OF PROFITS, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES +OF ANY KIND. IN NO EVENT SHALL INTEL'S TOTAL LIABILITY EXCEED THE SUM +PAID TO INTEL FOR THE PRODUCT LICENSED HEREUNDER. diff --git a/src/main/resources/licenses/HPND-Kevlin-Henney.txt b/src/main/resources/licenses/HPND-Kevlin-Henney.txt new file mode 100644 index 0000000000..ddf9bd6dca --- /dev/null +++ b/src/main/resources/licenses/HPND-Kevlin-Henney.txt @@ -0,0 +1,10 @@ +Copyright Kevlin Henney, 1997, 2003, 2012. All rights reserved. + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose is hereby granted without fee, provided +that this copyright and permissions notice appear in all copies and +derivatives. + +This software is supplied "as is" without express or implied warranty. + +But that said, if there are any problems please get in touch. diff --git a/src/main/resources/licenses/HPND-MIT-disclaimer.txt b/src/main/resources/licenses/HPND-MIT-disclaimer.txt new file mode 100644 index 0000000000..bf035915cf --- /dev/null +++ b/src/main/resources/licenses/HPND-MIT-disclaimer.txt @@ -0,0 +1,18 @@ + LICENSE + ======= + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, provided +that the original copyright notices appear in all copies and that both +copyright notice and this permission notice appear in supporting +documentation, and that the name of the author not be used in advertising +or publicity pertaining to distribution of the software without specific +prior written permission. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/src/main/resources/licenses/HPND-Markus-Kuhn.txt b/src/main/resources/licenses/HPND-Markus-Kuhn.txt new file mode 100644 index 0000000000..ca41db1618 --- /dev/null +++ b/src/main/resources/licenses/HPND-Markus-Kuhn.txt @@ -0,0 +1,3 @@ +Permission to use, copy, modify, and distribute this software +for any purpose and without fee is hereby granted. The author +disclaims all warranties with regard to this software. diff --git a/src/main/resources/licenses/HPND-Netrek.txt b/src/main/resources/licenses/HPND-Netrek.txt new file mode 100644 index 0000000000..5c3cb650f4 --- /dev/null +++ b/src/main/resources/licenses/HPND-Netrek.txt @@ -0,0 +1,10 @@ +Copyright (C) 1995 S. M. Patel (smpatel@wam.umd.edu) + +Permission to use, copy, modify, and distribute this +software and its documentation for any purpose and without +fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright +notice and this permission notice appear in supporting +documentation. No representations are made about the +suitability of this software for any purpose. It is +provided "as is" without express or implied warranty. diff --git a/src/main/resources/licenses/HPND-Pbmplus.txt b/src/main/resources/licenses/HPND-Pbmplus.txt new file mode 100644 index 0000000000..5627d2646f --- /dev/null +++ b/src/main/resources/licenses/HPND-Pbmplus.txt @@ -0,0 +1,8 @@ +Copyright (C) 1991 by Jef Poskanzer. + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, provided +that the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. This software is provided "as is" without express or +implied warranty. diff --git a/src/main/resources/licenses/HPND-UC-export-US.txt b/src/main/resources/licenses/HPND-UC-export-US.txt new file mode 100644 index 0000000000..015556c5f9 --- /dev/null +++ b/src/main/resources/licenses/HPND-UC-export-US.txt @@ -0,0 +1,10 @@ +Copyright (C) 1985, 1990 Regents of the University of California. + +Permission to use, copy, modify, and distribute this +software and its documentation for any purpose and without +fee is hereby granted, provided that the above copyright +notice appear in all copies. The University of California +makes no representations about the suitability of this +software for any purpose. It is provided "as is" without +express or implied warranty. Export of this software outside +of the United States of America may require an export license. diff --git a/src/main/resources/licenses/HPND-UC.txt b/src/main/resources/licenses/HPND-UC.txt new file mode 100644 index 0000000000..adfbd23862 --- /dev/null +++ b/src/main/resources/licenses/HPND-UC.txt @@ -0,0 +1,8 @@ +Copyright 1989 Regents of the University of California + +Permission to use, +copy, modify, and distribute this software and its documentation for any +purpose and without fee is hereby granted, provided that the above +copyright notice appear in all copies. The University of California makes +no representations about the suitability of this software for any purpose. +It is provided "as is" without express or implied warranty. diff --git a/src/main/resources/licenses/HPND-doc-sell.txt b/src/main/resources/licenses/HPND-doc-sell.txt new file mode 100644 index 0000000000..ad4aed3e60 --- /dev/null +++ b/src/main/resources/licenses/HPND-doc-sell.txt @@ -0,0 +1,9 @@ +Copyright + +Permission to use, copy, modify, distribute, and sell this +documentation for any purpose is hereby granted without fee, +provided that the above copyright notice and this permission +notice appear in all copies. +makes no representations about the suitability for any purpose +of the information in this document. This documentation +is provided "as is" without express or implied warranty. diff --git a/src/main/resources/licenses/HPND-doc.txt b/src/main/resources/licenses/HPND-doc.txt new file mode 100644 index 0000000000..bd85a2816e --- /dev/null +++ b/src/main/resources/licenses/HPND-doc.txt @@ -0,0 +1,8 @@ +Copyright + +Permission to use, copy, modify, and distribute this documentation for +any purpose and without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + makes no representations about the suitability for +any purpose of the information in this document. This documentation is +provided ``as is'' without express or implied warranty. diff --git a/src/main/resources/licenses/HPND-export-US-acknowledgement.txt b/src/main/resources/licenses/HPND-export-US-acknowledgement.txt new file mode 100644 index 0000000000..645df4c9aa --- /dev/null +++ b/src/main/resources/licenses/HPND-export-US-acknowledgement.txt @@ -0,0 +1,22 @@ +Copyright (C) 1994 by the University of Southern California + + EXPORT OF THIS SOFTWARE from the United States of America may + require a specific license from the United States Government. It + is the responsibility of any person or organization + contemplating export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute +this software and its documentation in source and binary forms is +hereby granted, provided that any documentation or other materials +related to such distribution or use acknowledge that the software +was developed by the University of Southern California. + +DISCLAIMER OF WARRANTY. THIS SOFTWARE IS PROVIDED "AS IS". The +University of Southern California MAKES NO REPRESENTATIONS OR +WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not +limitation, the University of Southern California MAKES NO +REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY +PARTICULAR PURPOSE. The University of Southern California shall not +be held liable for any liability nor for any direct, indirect, or +consequential damages with respect to any claim by the user or +distributor of the ksu software. diff --git a/src/main/resources/licenses/HPND-export-US-modify.txt b/src/main/resources/licenses/HPND-export-US-modify.txt new file mode 100644 index 0000000000..3c62651c0f --- /dev/null +++ b/src/main/resources/licenses/HPND-export-US-modify.txt @@ -0,0 +1,24 @@ +Copyright (C) 1994 CyberSAFE Corporation. +Copyright 1990,1991,2007,2008 by the Massachusetts +Institute of Technology. +All Rights Reserved. + +Export of this software from the United States of America may +require a specific license from the United States Government. It +is the responsibility of any person or organization +contemplating export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity +pertaining to distribution of the software without specific, +written prior permission. Furthermore if you modify this software +you must label your software as modified software and not +distribute it in such a fashion that it might be confused with the +original M.I.T. software. Neither M.I.T., the Open Computing +Security Group, nor CyberSAFE Corporation make any representations +about the suitability of this software for any purpose. It is +provided "as is" without express or implied warranty. diff --git a/src/main/resources/licenses/HPND-export-US.txt b/src/main/resources/licenses/HPND-export-US.txt new file mode 100644 index 0000000000..b0cd393969 --- /dev/null +++ b/src/main/resources/licenses/HPND-export-US.txt @@ -0,0 +1,5 @@ +Copyright (C) 1990 by the Massachusetts Institute of Technology + +Export of this software from the United States of America may require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. diff --git a/src/main/resources/licenses/HPND-export2-US.txt b/src/main/resources/licenses/HPND-export2-US.txt new file mode 100644 index 0000000000..1dda23a88c --- /dev/null +++ b/src/main/resources/licenses/HPND-export2-US.txt @@ -0,0 +1,21 @@ +Copyright 2004-2008 Apple Inc. All Rights Reserved. + + Export of this software from the United States of America may + require a specific license from the United States Government. + It is the responsibility of any person or organization + contemplating export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of Apple Inc. not be used in advertising or publicity +pertaining to distribution of the software without specific, +written prior permission. Apple Inc. makes no representations +about the suitability of this software for any purpose. It is +provided "as is" without express or implied warranty. + +THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/main/resources/licenses/HPND-merchantability-variant.txt b/src/main/resources/licenses/HPND-merchantability-variant.txt new file mode 100644 index 0000000000..421b9ff96b --- /dev/null +++ b/src/main/resources/licenses/HPND-merchantability-variant.txt @@ -0,0 +1,9 @@ +Copyright (C) 2004 Christian Groessler + +Permission to use, copy, modify, and distribute this file +for any purpose is hereby granted without fee, provided that +the above copyright notice and this notice appears in all +copies. + +This file is distributed WITHOUT ANY WARRANTY; without even the implied +warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/main/resources/licenses/HPND-sell-MIT-disclaimer-xserver.txt b/src/main/resources/licenses/HPND-sell-MIT-disclaimer-xserver.txt new file mode 100644 index 0000000000..e7bea21d16 --- /dev/null +++ b/src/main/resources/licenses/HPND-sell-MIT-disclaimer-xserver.txt @@ -0,0 +1,12 @@ +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +this permission notice appear in supporting documentation. This permission +notice shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/src/main/resources/licenses/HPND-sell-regexpr.txt b/src/main/resources/licenses/HPND-sell-regexpr.txt new file mode 100644 index 0000000000..b0cd0fb112 --- /dev/null +++ b/src/main/resources/licenses/HPND-sell-regexpr.txt @@ -0,0 +1,9 @@ +Author: Tatu Ylonen + +Copyright (c) 1991 Tatu Ylonen, Espoo, Finland + +Permission to use, copy, modify, distribute, and sell this software +and its documentation for any purpose is hereby granted without +fee, provided that the above copyright notice appear in all copies. +This software is provided "as is" without express or implied +warranty. diff --git a/src/main/resources/licenses/HPND-sell-variant-MIT-disclaimer-rev.txt b/src/main/resources/licenses/HPND-sell-variant-MIT-disclaimer-rev.txt new file mode 100644 index 0000000000..f68aff5c99 --- /dev/null +++ b/src/main/resources/licenses/HPND-sell-variant-MIT-disclaimer-rev.txt @@ -0,0 +1,15 @@ +Disclaimer: + +The software is provided "as is", without warranty of any kind, +express or implied, including but not limited to the warranties +of merchantability, fitness for a particular purpose and +noninfringement. In no event shall the author(s) be liable for +any claim, damages or other liability, whether in an action of +contract, tort or otherwise, arising from, out of or in connection +with the software or the use or other dealings in the software. + +Permission to use, copy, modify, distribute, and sell this +software and its documentation for any purpose is hereby +granted without fee, provided that the above copyright notice +appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation. diff --git a/src/main/resources/licenses/HPND-sell-variant-MIT-disclaimer.txt b/src/main/resources/licenses/HPND-sell-variant-MIT-disclaimer.txt new file mode 100644 index 0000000000..d4464e0c35 --- /dev/null +++ b/src/main/resources/licenses/HPND-sell-variant-MIT-disclaimer.txt @@ -0,0 +1,20 @@ +by Jim Knoble + Copyright (C) 1999,2000,2001 Jim Knoble + + Permission to use, copy, modify, distribute, and sell this software + and its documentation for any purpose is hereby granted without fee, + provided that the above copyright notice appear in all copies and + that both that copyright notice and this permission notice appear in + supporting documentation. + ++------------+ +| Disclaimer | ++------------+ + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + express or implied, including but not limited to the warranties of + merchantability, fitness for a particular purpose and + noninfringement. In no event shall the author(s) be liable for any + claim, damages or other liability, whether in an action of contract, + tort or otherwise, arising from, out of or in connection with the + software or the use or other dealings in the software. diff --git a/src/main/resources/licenses/HPND.txt b/src/main/resources/licenses/HPND.txt index 74abede5f6..ff9ae1b713 100644 --- a/src/main/resources/licenses/HPND.txt +++ b/src/main/resources/licenses/HPND.txt @@ -1,7 +1,7 @@ Historical Permission Notice and Disclaimer - +Copyright -Permission to use, copy, modify and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies, and that both that the copyright notice and this permission notice appear in supporting documentation, and that the name of or not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. +Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies, and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of or not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS,. IN NO EVENT SHALL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/src/main/resources/licenses/IBM-pibs.txt b/src/main/resources/licenses/IBM-pibs.txt index 49454b8b1e..ee9c7be36d 100644 --- a/src/main/resources/licenses/IBM-pibs.txt +++ b/src/main/resources/licenses/IBM-pibs.txt @@ -4,5 +4,5 @@ Any user of this software should understand that IBM cannot provide technical su Any person who transfers this source code or any derivative work must include the IBM copyright notice, this paragraph, and the preceding two paragraphs in the transferred software. -COPYRIGHT   I B M   CORPORATION 2002 -LICENSED MATERIAL  -  PROGRAM PROPERTY OF I B M +COPYRIGHT I B M CORPORATION 2002 +LICENSED MATERIAL - PROGRAM PROPERTY OF I B M diff --git a/src/main/resources/licenses/IEC-Code-Components-EULA.txt b/src/main/resources/licenses/IEC-Code-Components-EULA.txt new file mode 100644 index 0000000000..b74269afd9 --- /dev/null +++ b/src/main/resources/licenses/IEC-Code-Components-EULA.txt @@ -0,0 +1,37 @@ +IEC Code Components End-user licence agreement + +Code Components in IEC standards (International Standards, Technical Specifications or +Technical Reports) which have been identified and approved for licensing, are licensed subject to +the following conditions: + +- Redistributions of software must retain the Copyright Notice, this list of conditions and the +disclaimer below (“Disclaimer”). +- The software license extends to modifications permitted under the relevant IEC standard. +- The software license extends to clarifications and corrections approved by IEC. +- Neither the name of IEC, nor the names of specific contributors, may be used to endorse or +promote products derived from this software without specific prior written permission. The +relevant IEC standard may be referenced when claiming compliance with the relevant IEC +standard. +- The user of Code Components shall attribute each such Code Component to IEC and identify +the IEC standard from which it is taken. Such attribution (e.g., “This code was derived from IEC +[insert standard reference number:publication year] within modifications permitted in the +relevant IEC standard. Please reproduce this note if possible.”), may be placed in the code itself +or any other reasonable location. + +Code Components means components included in IEC standards that are intended to be directly +processed by a computer and also includes any text found between the markers and , or otherwise clearly labeled in this standard as a Code +Component. + +The Disclaimer is: +EACH OF THE CODE COMPONENTS IS PROVIDED BY THE COPYRIGHT HOLDERS AND +CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT +NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER +OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THE CODE +COMPONENTS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/main/resources/licenses/IJG-short.txt b/src/main/resources/licenses/IJG-short.txt new file mode 100644 index 0000000000..bbb0859d80 --- /dev/null +++ b/src/main/resources/licenses/IJG-short.txt @@ -0,0 +1,35 @@ +The authors make NO WARRANTY or representation, either express or +implied, with respect to this software, its quality, accuracy, +merchantability, or fitness for a particular purpose. This software is +provided "AS IS", and you, its user, assume the entire risk as to its +quality and accuracy. + +This software is copyright (C) 1991, 1992, Thomas G. Lane. All Rights +Reserved except as specified below. + +Permission is hereby granted to use, copy, modify, and distribute this +software (or portions thereof) for any purpose, without fee, subject to +these conditions: + +(1) If any part of the source code for this software +is distributed, then this README file must be included, with this +copyright and no-warranty notice unaltered; and any additions, +deletions, or changes to the original files must be clearly indicated +in accompanying documentation. + +(2) If only executable code is +distributed, then the accompanying documentation must state that "this +software is based in part on the work of the Independent JPEG Group". + +(3) Permission for use of this software is granted only if the user +accepts full responsibility for any undesirable consequences; the +authors accept NO LIABILITY for damages of any kind. + +Permission is NOT granted for the use of any IJG author's name or +company name in advertising or publicity relating to this software or +products derived from it. This software may be referred to only as +"the Independent JPEG Group's software". + +We specifically permit and encourage the use of this software as the +basis of commercial products, provided that all warranty or liability +claims are assumed by the product vendor. diff --git a/src/main/resources/licenses/ISC-Veillard.txt b/src/main/resources/licenses/ISC-Veillard.txt new file mode 100644 index 0000000000..c3bd5455c9 --- /dev/null +++ b/src/main/resources/licenses/ISC-Veillard.txt @@ -0,0 +1,9 @@ +Copyright (C) 2003-2012 Daniel Veillard. +Permission to use, copy, +modify, and distribute this software for any purpose with or +without fee is hereby granted, provided that the above copyright +notice and this permission notice appear in all copies. THIS +SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHORS +AND CONTRIBUTORS ACCEPT NO RESPONSIBILITY IN ANY CONCEIVABLE MANNER. diff --git a/src/main/resources/licenses/Independent-modules-exception.txt b/src/main/resources/licenses/Independent-modules-exception.txt new file mode 100644 index 0000000000..8f66dba6ab --- /dev/null +++ b/src/main/resources/licenses/Independent-modules-exception.txt @@ -0,0 +1,18 @@ +This is the file COPYING.FPC, it applies to the Free Pascal Run-Time Library +(RTL) and packages (packages) distributed by members of the Free Pascal +Development Team. + +The source code of the Free Pascal Runtime Libraries and packages are +distributed under the Library GNU General Public License +(see the file COPYING) with the following modification: + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent modules, +and to copy and distribute the resulting executable under terms of your choice, +provided that you also meet, for each linked independent module, the terms +and conditions of the license of that module. An independent module is a module +which is not derived from or based on this library. If you modify this +library, you may extend this exception to your version of the library, but you are +not obligated to do so. If you do not wish to do so, delete this exception +statement from your version. diff --git a/src/main/resources/licenses/Inner-Net-2.0.txt b/src/main/resources/licenses/Inner-Net-2.0.txt new file mode 100644 index 0000000000..f8db440f2a --- /dev/null +++ b/src/main/resources/licenses/Inner-Net-2.0.txt @@ -0,0 +1,34 @@ +The Inner Net License, Version 2.00 + +The author(s) grant permission for redistribution and use in source and +binary forms, with or without modification, of the software and documentation +provided that the following conditions are met: + +0. If you receive a version of the software that is specifically labelled + as not being for redistribution (check the version message and/or README), + you are not permitted to redistribute that version of the software in any + way or form. +1. All terms of the all other applicable copyrights and licenses must be + followed. +2. Redistributions of source code must retain the authors' copyright + notice(s), this list of conditions, and the following disclaimer. +3. Redistributions in binary form must reproduce the authors' copyright + notice(s), this list of conditions, and the following disclaimer in the + documentation and/or other materials provided with the distribution. +4. [The copyright holder has authorized the removal of this clause.] +5. Neither the name(s) of the author(s) nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY ITS AUTHORS AND CONTRIBUTORS ``AS IS'' AND ANY +EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +If these license terms cause you a real problem, contact the author. diff --git a/src/main/resources/licenses/InnoSetup.txt b/src/main/resources/licenses/InnoSetup.txt new file mode 100644 index 0000000000..337584e6d1 --- /dev/null +++ b/src/main/resources/licenses/InnoSetup.txt @@ -0,0 +1,27 @@ +Inno Setup License +================== + +Except where otherwise noted, all of the documentation and software included in the Inno Setup +package is copyrighted by Jordan Russell. + +Copyright (C) 1997-2024 Jordan Russell. All rights reserved. +Portions Copyright (C) 2000-2024 Martijn Laan. All rights reserved. + +This software is provided "as-is," without any express or implied warranty. In no event shall the +author be held liable for any damages arising from the use of this software. + +Permission is granted to anyone to use this software for any purpose, including commercial +applications, and to alter and redistribute it, provided that the following conditions are met: + +1. All redistributions of source code files must retain all copyright notices that are currently in + place, and this list of conditions without modification. + +2. All redistributions in binary form must retain all occurrences of the above copyright notice and + web site addresses that are currently in place (for example, in the About boxes). + +3. The origin of this software must not be misrepresented; you must not claim that you wrote the + original software. If you use this software to distribute a product, an acknowledgment in the + product documentation would be appreciated but is not required. + +4. Modified versions in source or binary form must be plainly marked as such, and must not be + misrepresented as being the original software. diff --git a/src/main/resources/licenses/JPL-image.txt b/src/main/resources/licenses/JPL-image.txt new file mode 100644 index 0000000000..828b1b5424 --- /dev/null +++ b/src/main/resources/licenses/JPL-image.txt @@ -0,0 +1,21 @@ +JPL Image Use Policy + +Unless otherwise noted, images and video on JPL public web sites (public sites ending with a jpl.nasa.gov address) may be used for any purpose without prior permission, subject to the special cases noted below. Publishers who wish to have authorization may print this page and retain it for their records; JPL does not issue image permissions on an image by image basis. + +By electing to download the material from this web site the user agrees: + +1. that Caltech makes no representations or warranties with respect to ownership of copyrights in the images, and does not represent others who may claim to be authors or owners of copyright of any of the images, and makes no warranties as to the quality of the images. Caltech shall not be responsible for any loss or expenses resulting from the use of the images, and you release and hold Caltech harmless from all liability arising from such use. +2. to use a credit line in connection with images. Unless otherwise noted in the caption information for an image, the credit line should be "Courtesy NASA/JPL-Caltech." +3. that the endorsement of any product or service by Caltech, JPL or NASA must not be claimed or implied. + +Special Cases: + +* Prior written approval must be obtained to use the NASA insignia logo (the blue "meatball" insignia), the NASA logotype (the red "worm" logo) and the NASA seal. These images may not be used by persons who are not NASA employees or on products (including Web pages) that are not NASA sponsored. In addition, no image may be used to explicitly or implicitly suggest endorsement by NASA, JPL or Caltech of commercial goods or services. Requests to use NASA logos may be directed to Bert Ulrich, Public Services Division, NASA Headquarters, Code POS, Washington, DC 20546, telephone (202) 358-1713, fax (202) 358-4331, email bert.ulrich@hq.nasa.gov. + +* Prior written approval must be obtained to use the JPL logo (stylized JPL letters in red or other colors). Requests to use the JPL logo may be directed to the Institutional Communications Office, email instcomm@jpl.nasa.gov. + +* If an image includes an identifiable person, using the image for commercial purposes may infringe that person's right of privacy or publicity, and permission should be obtained from the person. NASA and JPL generally do not permit likenesses of current employees to appear on commercial products. For more information, consult the NASA and JPL points of contact listed above. + +* JPL/Caltech contractors and vendors who wish to use JPL images in advertising or public relation materials should direct requests to the Institutional Communications Office, email instcomm@jpl.nasa.gov. + +* Some image and video materials on JPL public web sites are owned by organizations other than JPL or NASA. These owners have agreed to make their images and video available for journalistic, educational and personal uses, but restrictions are placed on commercial uses. To obtain permission for commercial use, contact the copyright owner listed in each image caption. Ownership of images and video by parties other than JPL and NASA is noted in the caption material with each image. diff --git a/src/main/resources/licenses/Kastrup.txt b/src/main/resources/licenses/Kastrup.txt new file mode 100644 index 0000000000..46d1e9e0e4 --- /dev/null +++ b/src/main/resources/licenses/Kastrup.txt @@ -0,0 +1,3 @@ +Copyright(c) 2001 by David Kastrup +Any use of the code is permitted as long as this copyright +notice is preserved in the code. diff --git a/src/main/resources/licenses/Kazlib.txt b/src/main/resources/licenses/Kazlib.txt new file mode 100644 index 0000000000..714f2eabf9 --- /dev/null +++ b/src/main/resources/licenses/Kazlib.txt @@ -0,0 +1,4 @@ +Copyright (C) 1999 Kaz Kylheku + +Free Software License: +All rights are reserved by the author, with the following exceptions: Permission is granted to freely reproduce and distribute this software, possibly in exchange for a fee, provided that this copyright notice appears intact. Permission is also granted to adapt this software to produce derivative works, as long as the modified versions carry this copyright notice and additional notices stating that the work has been modified. This source code may be translated into executable form and incorporated into proprietary software; there is no requirement for such software to contain a copyright notice related to this source. diff --git a/src/main/resources/licenses/Knuth-CTAN.txt b/src/main/resources/licenses/Knuth-CTAN.txt new file mode 100644 index 0000000000..cd91789fd0 --- /dev/null +++ b/src/main/resources/licenses/Knuth-CTAN.txt @@ -0,0 +1,5 @@ +This software is copyrighted. Unlimited copying and redistribution +of this package and/or its individual files are permitted +as long as there are no modifications. Modifications, and +redistribution of modifications, are also permitted, but +only if the resulting package and/or files are renamed. diff --git a/src/main/resources/licenses/LGPL-2.0+.txt b/src/main/resources/licenses/LGPL-2.0+.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/LGPL-2.0+.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/LGPL-2.0-only.txt b/src/main/resources/licenses/LGPL-2.0-only.txt index eb3a4cd1db..843b00b561 100644 --- a/src/main/resources/licenses/LGPL-2.0-only.txt +++ b/src/main/resources/licenses/LGPL-2.0-only.txt @@ -39,6 +39,7 @@ The precise terms and conditions for copying, distribution and modification foll Note that it is possible for a library to be covered by the ordinary General Public License rather than by this special one. +GNU LIBRARY GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Library General Public License (also called "this License"). Each licensee is addressed as "you". diff --git a/src/main/resources/licenses/LGPL-2.0-or-later.txt b/src/main/resources/licenses/LGPL-2.0-or-later.txt index eb3a4cd1db..843b00b561 100644 --- a/src/main/resources/licenses/LGPL-2.0-or-later.txt +++ b/src/main/resources/licenses/LGPL-2.0-or-later.txt @@ -39,6 +39,7 @@ The precise terms and conditions for copying, distribution and modification foll Note that it is possible for a library to be covered by the ordinary General Public License rather than by this special one. +GNU LIBRARY GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Library General Public License (also called "this License"). Each licensee is addressed as "you". diff --git a/src/main/resources/licenses/LGPL-2.0.txt b/src/main/resources/licenses/LGPL-2.0.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/LGPL-2.0.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/LGPL-2.1+.txt b/src/main/resources/licenses/LGPL-2.1+.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/LGPL-2.1+.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/LGPL-2.1-only.txt b/src/main/resources/licenses/LGPL-2.1-only.txt index c9aa53018e..c6487f4fdf 100644 --- a/src/main/resources/licenses/LGPL-2.1-only.txt +++ b/src/main/resources/licenses/LGPL-2.1-only.txt @@ -41,6 +41,7 @@ Although the Lesser General Public License is Less protective of the users' free The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. +GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". diff --git a/src/main/resources/licenses/LGPL-2.1-or-later.txt b/src/main/resources/licenses/LGPL-2.1-or-later.txt index c9aa53018e..c6487f4fdf 100644 --- a/src/main/resources/licenses/LGPL-2.1-or-later.txt +++ b/src/main/resources/licenses/LGPL-2.1-or-later.txt @@ -41,6 +41,7 @@ Although the Lesser General Public License is Less protective of the users' free The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. +GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". diff --git a/src/main/resources/licenses/LGPL-2.1.txt b/src/main/resources/licenses/LGPL-2.1.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/LGPL-2.1.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/LGPL-3.0+.txt b/src/main/resources/licenses/LGPL-3.0+.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/LGPL-3.0+.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/LGPL-3.0-linking-exception.txt b/src/main/resources/licenses/LGPL-3.0-linking-exception.txt new file mode 100644 index 0000000000..186456fb0e --- /dev/null +++ b/src/main/resources/licenses/LGPL-3.0-linking-exception.txt @@ -0,0 +1,16 @@ +As a special exception to the GNU Lesser General Public License version 3 +("LGPL3"), the copyright holders of this Library give you permission to +convey to a third party a Combined Work that links statically or dynamically +to this Library without providing any Minimal Corresponding Source or +Minimal Application Code as set out in 4d or providing the installation +information set out in section 4e, provided that you comply with the other +provisions of LGPL3 and provided that you meet, for the Application the +terms and conditions of the license(s) which apply to the Application. + +Except as stated in this special exception, the provisions of LGPL3 will +continue to comply in full to this Library. If you modify this Library, you +may apply this exception to your version of this Library, but you are not +obliged to do so. If you do not wish to do so, delete this exception +statement from your version. This exception does not (and cannot) modify any +license terms which apply to the Application, with which you must still +comply. diff --git a/src/main/resources/licenses/LGPL-3.0.txt b/src/main/resources/licenses/LGPL-3.0.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/LGPL-3.0.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/LLGPL.txt b/src/main/resources/licenses/LLGPL.txt new file mode 100644 index 0000000000..889d0b92e5 --- /dev/null +++ b/src/main/resources/licenses/LLGPL.txt @@ -0,0 +1,56 @@ +Preamble to the Gnu Lesser General Public License + +Copyright (c) 2016 Franz Inc., Berkeley, CA 94704 + +The concept of the GNU Lesser General Public License version 2.1 ("LGPL") +has been adopted to govern the use and distribution of above-mentioned +application. However, the LGPL uses terminology that is more appropriate +for a program written in C than one written in Lisp. Nevertheless, the +LGPL can still be applied to a Lisp program if certain clarifications +are made. This document details those clarifications. Accordingly, the +license for the open-source Lisp applications consists of this document +plus the LGPL. Wherever there is a conflict between this document and +the LGPL, this document takes precedence over the LGPL. + +A "Library" in Lisp is a collection of Lisp functions, data and foreign +modules. The form of the Library can be Lisp source code (for processing +by an interpreter) or object code (usually the result of compilation of +source code or built with some other mechanisms). Foreign modules are +object code in a form that can be linked into a Lisp executable. When +we speak of functions we do so in the most general way to include, in +addition, methods and unnamed functions. Lisp "data" is also a general +term that includes the data structures resulting from defining Lisp +classes. A Lisp application may include the same set of Lisp objects +as does a Library, but this does not mean that the application is +necessarily a "work based on the Library" it contains. + +The Library consists of everything in the distribution file set before +any modifications are made to the files. If any of the functions or +classes in the Library are redefined in other files, then those +redefinitions ARE considered a work based on the Library. If additional +methods are added to generic functions in the Library, those additional +methods are NOT considered a work based on the Library. If Library classes +are subclassed, these subclasses are NOT considered a work based on the Library. +If the Library is modified to explicitly call other functions that are neither +part of Lisp itself nor an available add-on module to Lisp, then the functions +called by the modified Library ARE considered a work based on the Library. +The goal is to ensure that the Library will compile and run without getting +undefined function errors. + +It is permitted to add proprietary source code to the Library, but it must +be done in a way such that the Library will still run without that proprietary +code present. Section 5 of the LGPL distinguishes between the case of a +library being dynamically linked at runtime and one being statically linked +at build time. Section 5 of the LGPL states that the former results in an +executable that is a "work that uses the Library." Section 5 of the LGPL +states that the latter results in one that is a "derivative of the Library", +which is therefore covered by the LGPL. Since Lisp only offers one choice, +which is to link the Library into an executable at build time, we declare that, +for the purpose applying the LGPL to the Library, an executable that results +from linking a "work that uses the Library" with the Library is considered a +"work that uses the Library" and is therefore NOT covered by the LGPL. + +Because of this declaration, section 6 of LGPL is not applicable to the Library. +However, in connection with each distribution of this executable, you must also +deliver, in accordance with the terms and conditions of the LGPL, the source code +of Library (or your derivative thereof) that is incorporated into this executable. diff --git a/src/main/resources/licenses/LLVM-exception.txt b/src/main/resources/licenses/LLVM-exception.txt new file mode 100644 index 0000000000..fa4b725a0e --- /dev/null +++ b/src/main/resources/licenses/LLVM-exception.txt @@ -0,0 +1,15 @@ +---- LLVM Exceptions to the Apache 2.0 License ---- + + As an exception, if, as a result of your compiling your source code, portions + of this Software are embedded into an Object form of such source code, you + may redistribute such embedded portions in such Object form without complying + with the conditions of Sections 4(a), 4(b) and 4(d) of the License. + + In addition, if you combine or link compiled forms of this Software with + software that is licensed under the GPLv2 ("Combined Software") and if a + court of competent jurisdiction determines that the patent provision (Section + 3), the indemnity provision (Section 9) or other Section of the License + conflicts with the conditions of the GPLv2, you may retroactively and + prospectively choose to deem waived or otherwise exclude such Section(s) of + the License, but only in their entirety and only with respect to the Combined + Software. diff --git a/src/main/resources/licenses/LOOP.txt b/src/main/resources/licenses/LOOP.txt new file mode 100644 index 0000000000..434d2c45e2 --- /dev/null +++ b/src/main/resources/licenses/LOOP.txt @@ -0,0 +1,44 @@ +Portions of LOOP are Copyright (c) 1986 by the Massachusetts Institute of Technology. +All Rights Reserved. + +Permission to use, copy, modify and distribute this software and its +documentation for any purpose and without fee is hereby granted, +provided that the M.I.T. copyright notice appear in all copies and that +both that copyright notice and this permission notice appear in +supporting documentation. The names "M.I.T." and "Massachusetts +Institute of Technology" may not be used in advertising or publicity +pertaining to distribution of the software without specific, written +prior permission. Notice must be given in supporting documentation that +copying distribution is by permission of M.I.T. M.I.T. makes no +representations about the suitability of this software for any purpose. +It is provided "as is" without express or implied warranty. + +Massachusetts Institute of Technology +77 Massachusetts Avenue +Cambridge, Massachusetts 02139 +United States of America ++1-617-253-1000 + +Portions of LOOP are Copyright (c) 1989, 1990, 1991, 1992 by Symbolics, Inc. +All Rights Reserved. + +Permission to use, copy, modify and distribute this software and its +documentation for any purpose and without fee is hereby granted, +provided that the Symbolics copyright notice appear in all copies and +that both that copyright notice and this permission notice appear in +supporting documentation. The name "Symbolics" may not be used in +advertising or publicity pertaining to distribution of the software +without specific, written prior permission. Notice must be given in +supporting documentation that copying distribution is by permission of +Symbolics. Symbolics makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + +Symbolics, CLOE Runtime, and Minima are trademarks, and CLOE, Genera, +and Zetalisp are registered trademarks of Symbolics, Inc. + +Symbolics, Inc. +8 New England Executive Park, East +Burlington, Massachusetts 01803 +United States of America ++1-617-221-1000 diff --git a/src/main/resources/licenses/LPD-document.txt b/src/main/resources/licenses/LPD-document.txt new file mode 100644 index 0000000000..0b46392e2f --- /dev/null +++ b/src/main/resources/licenses/LPD-document.txt @@ -0,0 +1,8 @@ +Copyright (c) 1996 L. Peter Deutsch + +Permission is granted to copy and distribute this +document for any purpose and without charge, including +translations into other languages and incorporation +into compilations, provided that the copyright notice +and this notice are preserved, and that any substantive +changes or deletions from the original are clearly marked. diff --git a/src/main/resources/licenses/LZMA-SDK-9.11-to-9.20.txt b/src/main/resources/licenses/LZMA-SDK-9.11-to-9.20.txt new file mode 100644 index 0000000000..5da25bf883 --- /dev/null +++ b/src/main/resources/licenses/LZMA-SDK-9.11-to-9.20.txt @@ -0,0 +1,8 @@ +LICENSE +------- + +LZMA SDK is written and placed in the public domain by Igor Pavlov. + +Some code in LZMA is based on public domain code from another developers: + 1) PPMd var.H (2001): Dmitry Shkarin + 2) SHA-256: Wei Dai (Crypto++ library) diff --git a/src/main/resources/licenses/LZMA-SDK-9.22.txt b/src/main/resources/licenses/LZMA-SDK-9.22.txt new file mode 100644 index 0000000000..ef4768d2a7 --- /dev/null +++ b/src/main/resources/licenses/LZMA-SDK-9.22.txt @@ -0,0 +1,15 @@ +LICENSE +------- + +LZMA SDK is written and placed in the public domain by Igor Pavlov. + +Some code in LZMA SDK is based on public domain code from another developers: + 1) PPMd var.H (2001): Dmitry Shkarin + 2) SHA-256: Wei Dai (Crypto++ library) + +Anyone is free to copy, modify, publish, use, compile, sell, or distribute the +original LZMA SDK code, either in source code form or as a compiled binary, for +any purpose, commercial or non-commercial, and by any means. + +LZMA SDK code is compatible with open source licenses, for example, you can +include it to GNU GPL or GNU LGPL code. diff --git a/src/main/resources/licenses/LZMA-exception.txt b/src/main/resources/licenses/LZMA-exception.txt new file mode 100644 index 0000000000..6fc9c1352b --- /dev/null +++ b/src/main/resources/licenses/LZMA-exception.txt @@ -0,0 +1,3 @@ +I.6 Special exception for LZMA compression module + +Igor Pavlov and Amir Szekely, the authors of the LZMA compression module for NSIS, expressly permit you to statically or dynamically link your code (or bind by name) to the files from the LZMA compression module for NSIS without subjecting your linked code to the terms of the Common Public license version 1.0. Any modifications or additions to files from the LZMA compression module for NSIS, however, are subject to the terms of the Common Public License version 1.0. diff --git a/src/main/resources/licenses/Latex2e-translated-notice.txt b/src/main/resources/licenses/Latex2e-translated-notice.txt new file mode 100644 index 0000000000..5ac100f4cb --- /dev/null +++ b/src/main/resources/licenses/Latex2e-translated-notice.txt @@ -0,0 +1,26 @@ +Copyright @copyright{} 1989, 1992, 1993, 1994, 1995, 1996, 2014 Free Software +Foundation, Inc. + +Copyright @copyright{} 1995, 1996 Joseph Arceneaux. + +Copyright @copyright{} 1999, Carlo Wood. + +Copyright @copyright{} 2001, David Ingamells. + +Copyright @copyright{} 2013, Łukasz Stelmach. + +Copyright @copyright{} 2015, Tim Hentenaar. + +Permission is granted to make and distribute verbatim copies of +this manual provided the copyright notice and this permission notice +are preserved on all copies. + +Permission is granted to copy and distribute modified versions of this +manual under the conditions for verbatim copying, provided that the entire +resulting derived work is distributed under the terms of a permission +notice identical to this one. + +Permission is granted to copy and distribute translations of this manual +into another language, under the above conditions for modified versions, +except that this permission notice may be stated in a translation approved +by the Foundation. diff --git a/src/main/resources/licenses/Libtool-exception.txt b/src/main/resources/licenses/Libtool-exception.txt new file mode 100644 index 0000000000..729b1e9530 --- /dev/null +++ b/src/main/resources/licenses/Libtool-exception.txt @@ -0,0 +1 @@ +As a special exception to the GNU General Public License, if you distribute this file as part of a program or library that is built using GNU Libtool, you may include this file under the same distribution terms that you use for the rest of that program. diff --git a/src/main/resources/licenses/Linux-man-pages-1-para.txt b/src/main/resources/licenses/Linux-man-pages-1-para.txt new file mode 100644 index 0000000000..6eff9081a0 --- /dev/null +++ b/src/main/resources/licenses/Linux-man-pages-1-para.txt @@ -0,0 +1,4 @@ +Permission is granted to distribute possibly modified +copies of this page provided the header is included +verbatim, and in case of nontrivial modification author +and date of the modification is added to the header. diff --git a/src/main/resources/licenses/Linux-man-pages-copyleft-2-para.txt b/src/main/resources/licenses/Linux-man-pages-copyleft-2-para.txt new file mode 100644 index 0000000000..b0871675b3 --- /dev/null +++ b/src/main/resources/licenses/Linux-man-pages-copyleft-2-para.txt @@ -0,0 +1,8 @@ +Permission is granted to make and distribute verbatim copies of this +manual provided the copyright notice and this permission notice are +preserved on all copies. + +Permission is granted to copy and distribute modified versions of this +manual under the conditions for verbatim copying, provided that the +entire resulting derived work is distributed under the terms of a +permission notice identical to this one. diff --git a/src/main/resources/licenses/Linux-man-pages-copyleft-var.txt b/src/main/resources/licenses/Linux-man-pages-copyleft-var.txt new file mode 100644 index 0000000000..1742303553 --- /dev/null +++ b/src/main/resources/licenses/Linux-man-pages-copyleft-var.txt @@ -0,0 +1,16 @@ +Permission is granted to make and distribute verbatim copies of +this manual provided the copyright notice and this permission +notice are preserved on all copies. + +Permission is granted to copy and distribute modified versions of +this manual under the conditions for verbatim copying, provided +that the entire resulting derived work is distributed under the +terms of a permission notice identical to this one. + +Since the Linux kernel and libraries are constantly changing, this +manual page may be incorrect or out-of-date. The author(s) assume +no responsibility for errors or omissions, or for damages resulting +from the use of the information contained herein. + +Formatted or processed versions of this manual, if unaccompanied by +the source, must acknowledge the copyright and authors of this work. diff --git a/src/main/resources/licenses/Linux-syscall-note.txt b/src/main/resources/licenses/Linux-syscall-note.txt new file mode 100644 index 0000000000..fcd056364e --- /dev/null +++ b/src/main/resources/licenses/Linux-syscall-note.txt @@ -0,0 +1,12 @@ + NOTE! This copyright does *not* cover user programs that use kernel + services by normal system calls - this is merely considered normal use + of the kernel, and does *not* fall under the heading of "derived work". + Also note that the GPL below is copyrighted by the Free Software + Foundation, but the instance of code that it refers to (the Linux + kernel) is copyrighted by me and others who actually wrote it. + + Also note that the only valid version of the GPL as far as the kernel + is concerned is _this_ particular version of the license (ie v2, not + v2.2 or v3.x or whatever), unless explicitly otherwise stated. + + Linus Torvalds diff --git a/src/main/resources/licenses/Lucida-Bitmap-Fonts.txt b/src/main/resources/licenses/Lucida-Bitmap-Fonts.txt new file mode 100644 index 0000000000..35be63ed33 --- /dev/null +++ b/src/main/resources/licenses/Lucida-Bitmap-Fonts.txt @@ -0,0 +1,53 @@ +This is the LEGAL NOTICE pertaining to the Lucida fonts from Bigelow & Holmes: + + NOTICE TO USER: The source code, including the glyphs or icons + forming a par of the OPEN LOOK TM Graphic User Interface, on this + tape and in these files is copyrighted under U.S. and international + laws. Sun Microsystems, Inc. of Mountain View, California owns + the copyright and has design patents pending on many of the icons. + AT&T is the owner of the OPEN LOOK trademark associated with the + materials on this tape. Users and possessors of this source code + are hereby granted a nonexclusive, royalty-free copyright and + design patent license to use this code in individual and + commercial software. A royalty-free, nonexclusive trademark + license to refer to the code and output as "OPEN LOOK" compatible + is available from AT&T if, and only if, the appearance of the + icons or glyphs is not changed in any manner except as absolutely + necessary to accommodate the standard resolution of the screen or + other output device, the code and output is not changed except as + authorized herein, and the code and output is validated by AT&T. + Bigelow & Holmes is the owner of the Lucida (R) trademark for the + fonts and bit-mapped images associated with the materials on this + tape. Users are granted a royalty-free, nonexclusive license to use + the trademark only to identify the fonts and bit-mapped images if, + and only if, the fonts and bit-mapped images are not modified in any + way by the user. + + Any use of this source code must include, in the user documentation + and internal comments to the code, notices to the end user as + follows: + + (c) Copyright 1989 Sun Microsystems, Inc. Sun design patents + pending in the U.S. and foreign countries. OPEN LOOK is a + trademark of AT&T. Used by written permission of the owners. + + (c) Copyright Bigelow & Holmes 1986, 1985. Lucida is a registered + trademark of Bigelow & Holmes. Permission to use the Lucida + trademark is hereby granted only in association with the images + and fonts described in this file. + + SUN MICROSYSTEMS, INC., AT&T, AND BIGELOW & HOLMES + MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY OF + THIS SOURCE CODE FOR ANY PURPOSE. IT IS PROVIDED "AS IS" + WITHOUT EXPRESS OR IMPLIED WARRANTY OF ANY KIND. + SUN MICROSYSTEMS, INC., AT&T AND BIGELOW & HOLMES, + SEVERALLY AND INDIVIDUALLY, DISCLAIM ALL WARRANTIES + WITH REGARD TO THIS SOURCE CODE, INCLUDING ALL IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE. IN NO EVENT SHALL SUN MICROSYSTEMS, + INC., AT&T OR BIGELOW & HOLMES BE LIABLE FOR ANY + SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, + OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA + OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + WITH THE USE OR PERFORMANCE OF THIS SOURCE CODE. diff --git a/src/main/resources/licenses/MIPS.txt b/src/main/resources/licenses/MIPS.txt new file mode 100644 index 0000000000..cf57a05639 --- /dev/null +++ b/src/main/resources/licenses/MIPS.txt @@ -0,0 +1,4 @@ +Copyright (c) 1992, 1991, 1990 MIPS Computer Systems, Inc. +MIPS Computer Systems, Inc. grants reproduction and use +rights to all parties, PROVIDED that this comment is +maintained in the copy. diff --git a/src/main/resources/licenses/MIT-Click.txt b/src/main/resources/licenses/MIT-Click.txt new file mode 100644 index 0000000000..82054edc39 --- /dev/null +++ b/src/main/resources/licenses/MIT-Click.txt @@ -0,0 +1,30 @@ +Portions of this software are subject to the license below. The relevant +source files are clearly marked; they refer to this file using the phrase +"the Click LICENSE file". This license is an MIT license, plus a clause +(taken from the W3C license) requiring prior written permission to use our +names in publicity. + +=========================================================================== + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +The name and trademarks of copyright holders may NOT be used in advertising +or publicity pertaining to the Software without specific, written prior +permission. Title to copyright in this Software and any associated +documentation will at all times remain with copyright holders. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/src/main/resources/licenses/MIT-Festival.txt b/src/main/resources/licenses/MIT-Festival.txt new file mode 100644 index 0000000000..6ec072db0a --- /dev/null +++ b/src/main/resources/licenses/MIT-Festival.txt @@ -0,0 +1,22 @@ +Permission is hereby granted, free of charge, to use and distribute +this software and its documentation without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of this work, and to +permit persons to whom this work is furnished to do so, subject to +the following conditions: +1. The code must retain the above copyright notice, this list of +conditions and the following disclaimer. +2. Any modifications must be clearly marked as such. +3. Original authors' names are not deleted. +4. The authors' names are not used to endorse or promote products +derived from this software without specific prior written +permission. +THE UNIVERSITY OF EDINBURGH AND THE CONTRIBUTORS TO THIS WORK +DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING +ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT +SHALL THE UNIVERSITY OF EDINBURGH NOR THE CONTRIBUTORS BE LIABLE +FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN +AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, +ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF +THIS SOFTWARE. diff --git a/src/main/resources/licenses/MIT-Khronos-old.txt b/src/main/resources/licenses/MIT-Khronos-old.txt new file mode 100644 index 0000000000..430863bc98 --- /dev/null +++ b/src/main/resources/licenses/MIT-Khronos-old.txt @@ -0,0 +1,23 @@ +Copyright (c) 2014-2020 The Khronos Group Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and/or associated documentation files (the "Materials"), +to deal in the Materials without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Materials, and to permit persons to whom the +Materials are furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Materials. + +MODIFICATIONS TO THIS FILE MAY MEAN IT NO LONGER ACCURATELY REFLECTS KHRONOS +STANDARDS. THE UNMODIFIED, NORMATIVE VERSIONS OF KHRONOS SPECIFICATIONS AND +HEADER INFORMATION ARE LOCATED AT https://www.khronos.org/registry/ + +THE MATERIALS ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM,OUT OF OR IN CONNECTION WITH THE MATERIALS OR THE USE OR OTHER DEALINGS +IN THE MATERIALS. diff --git a/src/main/resources/licenses/MIT-Wu.txt b/src/main/resources/licenses/MIT-Wu.txt new file mode 100644 index 0000000000..86eec3c517 --- /dev/null +++ b/src/main/resources/licenses/MIT-Wu.txt @@ -0,0 +1,28 @@ +Copyright (c) 2003-2005 Tom Wu +All Rights Reserved. + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, +EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY +WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL, +INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER +RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF +THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT +OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +In addition, the following condition applies: + +All redistributions must retain an intact copy of this copyright notice +and disclaimer. diff --git a/src/main/resources/licenses/MIT-testregex.txt b/src/main/resources/licenses/MIT-testregex.txt new file mode 100644 index 0000000000..321b4bf9bb --- /dev/null +++ b/src/main/resources/licenses/MIT-testregex.txt @@ -0,0 +1,17 @@ + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of THIS SOFTWARE FILE (the "Software"), to deal in the Software + * without restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, and/or sell copies of the + * Software, and to permit persons to whom the Software is furnished to do + * so, subject to the following disclaimer: + * + * THIS SOFTWARE IS PROVIDED BY AT&T ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL AT&T BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/main/resources/licenses/MIT.txt b/src/main/resources/licenses/MIT.txt index 2071b23b0e..fc2cf8e6b6 100644 --- a/src/main/resources/licenses/MIT.txt +++ b/src/main/resources/licenses/MIT.txt @@ -2,8 +2,17 @@ MIT License Copyright (c) -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and +associated documentation files (the "Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the +following conditions: -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. +The above copyright notice and this permission notice shall be included in all copies or substantial +portions of the Software. -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT +LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO +EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/src/main/resources/licenses/MMIXware.txt b/src/main/resources/licenses/MMIXware.txt new file mode 100644 index 0000000000..04e0814208 --- /dev/null +++ b/src/main/resources/licenses/MMIXware.txt @@ -0,0 +1,17 @@ +copyright 1999 Donald E. Knuth + +This file may be freely copied and distributed, provided that +no changes whatsoever are made. All users are asked to help keep +the MMIXware files consistent and ``uncorrupted,'' +identical everywhere in the world. Changes are permissible only +if the modified file is given a new name, different from the names of +existing files in the MMIXware package, +and only if the modified file is clearly identified +as not being part of that package. +(The CWEB system has a ``change file'' facility by +which users can easily make minor alterations without modifying +the master source files in any way. Everybody is supposed to use +change files instead of changing the files.) +The author has tried his best to produce correct and useful programs, +in order to help promote computer science research, +but no warranty of any kind should be assumed. diff --git a/src/main/resources/licenses/MPEG-SSG.txt b/src/main/resources/licenses/MPEG-SSG.txt new file mode 100644 index 0000000000..a0b6f4ffff --- /dev/null +++ b/src/main/resources/licenses/MPEG-SSG.txt @@ -0,0 +1,23 @@ +Copyright (C) 1994, MPEG Software Simulation Group. All Rights Reserved. */ + +Disclaimer of Warranty + +These software programs are available to the user without any license fee or +royalty on an "as is" basis. The MPEG Software Simulation Group disclaims +any and all warranties, whether express, implied, or statuary, including any +implied warranties or merchantability or of fitness for a particular +purpose. In no event shall the copyright-holder be liable for any +incidental, punitive, or consequential damages of any kind whatsoever +arising from the use of these programs. + +This disclaimer of warranty extends to the user of these programs and user's +customers, employees, agents, transferees, successors, and assigns. + +The MPEG Software Simulation Group does not represent or warrant that the +programs furnished hereunder are free of infringement of any third-party +patents. + +Commercial implementations of MPEG-1 and MPEG-2 video, including shareware, +are subject to royalty fees to patent holders. Many of these patents are +general enough such that they are unavoidable regardless of implementation +design. diff --git a/src/main/resources/licenses/MS-LPL.txt b/src/main/resources/licenses/MS-LPL.txt new file mode 100644 index 0000000000..ea8bffcaae --- /dev/null +++ b/src/main/resources/licenses/MS-LPL.txt @@ -0,0 +1,24 @@ +Microsoft Limited Public License (Ms-LPL) + +This license governs use of the accompanying software. If you use the software, you accept this license. If you do not accept the license, do not use the software. + +1. Definitions +The terms "reproduce," "reproduction," "derivative works," and "distribution" have the same meaning here as under U.S. copyright law. A "contribution" is the original software, or any additions or changes to the software. A "contributor" is any person that distributes its contribution under this license. "Licensed patents" are a contributor's patent claims that read directly on its contribution. + +2. Grant of Rights + (A) Copyright Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free copyright license to reproduce its contribution, prepare derivative works of its contribution, and distribute its contribution or any derivative works that you create. + + (B) Patent Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free license under its licensed patents to make, have made, use, sell, offer for sale, import, and/or otherwise dispose of its contribution in the software or derivative works of the contribution in the software. + +3. Conditions and Limitations + (A) No Trademark License- This license does not grant you rights to use any contributors' name, logo, or trademarks. + + (B) If you bring a patent claim against any contributor over patents that you claim are infringed by the software, your patent license from such contributor to the software ends automatically. + + (C) If you distribute any portion of the software, you must retain all copyright, patent, trademark, and attribution notices that are present in the software. + + (D) If you distribute any portion of the software in source code form, you may do so only under this license by including a complete copy of this license with your distribution. If you distribute any portion of the software in compiled or object code form, you may only do so under a license that complies with this license. + + (E) The software is licensed "as-is." You bear the risk of using it. The contributors give no express warranties, guarantees, or conditions. You may have additional consumer rights under your local laws which this license cannot change. To the extent permitted under your local laws, the contributors exclude the implied warranties of merchantability, fitness for a particular purpose and non-infringement. + + (F) Platform Limitation- The licenses granted in sections 2(A) & 2(B) extend only to the software or derivative works that you create that run on a Microsoft Windows operating system product. diff --git a/src/main/resources/licenses/Mackerras-3-Clause-acknowledgment.txt b/src/main/resources/licenses/Mackerras-3-Clause-acknowledgment.txt new file mode 100644 index 0000000000..5f0187add7 --- /dev/null +++ b/src/main/resources/licenses/Mackerras-3-Clause-acknowledgment.txt @@ -0,0 +1,25 @@ +Copyright (c) 1993-2002 Paul Mackerras. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. The name(s) of the authors of this software must not be used to + endorse or promote products derived from this software without + prior written permission. + +3. Redistributions of any form whatsoever must retain the following + acknowledgment: + "This product includes software developed by Paul Mackerras + ". + +THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO +THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY +SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN +AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING +OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/src/main/resources/licenses/Mackerras-3-Clause.txt b/src/main/resources/licenses/Mackerras-3-Clause.txt new file mode 100644 index 0000000000..6467f0c98e --- /dev/null +++ b/src/main/resources/licenses/Mackerras-3-Clause.txt @@ -0,0 +1,25 @@ +Copyright (c) 1995 Eric Rosenquist. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + 3. The name(s) of the authors of this software must not be used to + endorse or promote products derived from this software without + prior written permission. + + THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/src/main/resources/licenses/Martin-Birgmeier.txt b/src/main/resources/licenses/Martin-Birgmeier.txt new file mode 100644 index 0000000000..48d32f846e --- /dev/null +++ b/src/main/resources/licenses/Martin-Birgmeier.txt @@ -0,0 +1,5 @@ +Copyright (c) 1993 Martin Birgmeier All rights reserved. + +You may redistribute unmodified or modified versions of this source code provided that the above copyright notice and this and the following conditions are retained. + +This software is provided ``as is'', and comes with no warranties of any kind. I shall in no event be liable for anything that happens to anyone/anything when using this software. diff --git a/src/main/resources/licenses/McPhee-slideshow.txt b/src/main/resources/licenses/McPhee-slideshow.txt new file mode 100644 index 0000000000..0ddf7ba350 --- /dev/null +++ b/src/main/resources/licenses/McPhee-slideshow.txt @@ -0,0 +1,6 @@ +Copyright 2001, Patrick TJ McPhee +everyone is welcome to use this code for any purpose, to modify it, and +to copy it in whole or in part for use in other macro sets, with the +conditions that this copyright notice be preserved with any significant +portion of the code, and that modifications to this file be clearly +marked. diff --git a/src/main/resources/licenses/Minpack.txt b/src/main/resources/licenses/Minpack.txt new file mode 100644 index 0000000000..132cc3f33f --- /dev/null +++ b/src/main/resources/licenses/Minpack.txt @@ -0,0 +1,51 @@ +Minpack Copyright Notice (1999) University of Chicago. All rights reserved + +Redistribution and use in source and binary forms, with or +without modification, are permitted provided that the +following conditions are met: + +1. Redistributions of source code must retain the above +copyright notice, this list of conditions and the following +disclaimer. + +2. Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following +disclaimer in the documentation and/or other materials +provided with the distribution. + +3. The end-user documentation included with the +redistribution, if any, must include the following +acknowledgment: + + "This product includes software developed by the + University of Chicago, as Operator of Argonne National + Laboratory. + +Alternately, this acknowledgment may appear in the software +itself, if and wherever such third-party acknowledgments +normally appear. + +4. WARRANTY DISCLAIMER. THE SOFTWARE IS SUPPLIED "AS IS" +WITHOUT WARRANTY OF ANY KIND. THE COPYRIGHT HOLDER, THE +UNITED STATES, THE UNITED STATES DEPARTMENT OF ENERGY, AND +THEIR EMPLOYEES: (1) DISCLAIM ANY WARRANTIES, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES +OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE +OR NON-INFRINGEMENT, (2) DO NOT ASSUME ANY LEGAL LIABILITY +OR RESPONSIBILITY FOR THE ACCURACY, COMPLETENESS, OR +USEFULNESS OF THE SOFTWARE, (3) DO NOT REPRESENT THAT USE OF +THE SOFTWARE WOULD NOT INFRINGE PRIVATELY OWNED RIGHTS, (4) +DO NOT WARRANT THAT THE SOFTWARE WILL FUNCTION +UNINTERRUPTED, THAT IT IS ERROR-FREE OR THAT ANY ERRORS WILL +BE CORRECTED. + +5. LIMITATION OF LIABILITY. IN NO EVENT WILL THE COPYRIGHT +HOLDER, THE UNITED STATES, THE UNITED STATES DEPARTMENT OF +ENERGY, OR THEIR EMPLOYEES: BE LIABLE FOR ANY INDIRECT, +INCIDENTAL, CONSEQUENTIAL, SPECIAL OR PUNITIVE DAMAGES OF +ANY KIND OR NATURE, INCLUDING BUT NOT LIMITED TO LOSS OF +PROFITS OR LOSS OF DATA, FOR ANY REASON WHATSOEVER, WHETHER +SUCH LIABILITY IS ASSERTED ON THE BASIS OF CONTRACT, TORT +(INCLUDING NEGLIGENCE OR STRICT LIABILITY), OR OTHERWISE, +EVEN IF ANY OF SAID PARTIES HAS BEEN WARNED OF THE +POSSIBILITY OF SUCH LOSS OR DAMAGES. diff --git a/src/main/resources/licenses/Motosoto.txt b/src/main/resources/licenses/Motosoto.txt index 4add8c6a39..a25cff026e 100644 --- a/src/main/resources/licenses/Motosoto.txt +++ b/src/main/resources/licenses/Motosoto.txt @@ -1,110 +1,372 @@ MOTOSOTO OPEN SOURCE LICENSE - Version 0.9.1 -This Motosoto Open Source License (the "License") applies to "Community Portal Server" and related software products as well as any updatesor maintenance releases of that software ("Motosoto Products") that are distributed by Motosoto.Com B.V. ("Licensor"). Any Motosoto Product licensed pursuant to this License is a "Licensed Product." Licensed Product, in its entirety, is protected by Dutch copyright law. This License identifies the terms under which you may use, copy, distribute or modify Licensed Product and has been submitted to the Open Software Initiative (OSI) for approval. +This Motosoto Open Source License (the "License") applies to "Community Portal Server" and related +software products as well as any updatesor maintenance releases of that software ("Motosoto +Products") that are distributed by Motosoto.Com B.V. ("Licensor"). Any Motosoto Product licensed +pursuant to this License is a "Licensed Product." Licensed Product, in its entirety, is protected +by Dutch copyright law. This License identifies the terms under which you may use, copy, distribute +or modify Licensed Product and has been submitted to the Open Software Initiative (OSI) for +approval. Preamble -This Preamble is intended to describe, in plain English, the nature and scope of this License. However, this Preamble is not a part of this license. The legal effect of this License is dependent only upon the terms of the License and not this Preamble. This License complies with the Open Source Definition and has been approved by Open Source Initiative. Software distributed under this License may be marked as "OSI Certified Open Source Software." +This Preamble is intended to describe, in plain English, the nature and scope of this License. +However, this Preamble is not a part of this license. The legal effect of this License is dependent +only upon the terms of the License and not this Preamble. This License complies with the Open +Source Definition and has been approved by Open Source Initiative. Software distributed under this +License may be marked as "OSI Certified Open Source Software." This License provides that: -1. You may use, sell or give away the Licensed Product, alone or as a component of an aggregate software distribution containing programs from several different sources. No royalty or other fee is required. +1. You may use, sell or give away the Licensed Product, alone or as a component of an aggregate +software distribution containing programs from several different sources. No royalty or other fee +is required. -2. Both Source Code and executable versions of the Licensed Product, including Modifications made by previous Contributors, are available for your use. (The terms "Licensed Product," "Modifications," "Contributors" and "Source Code" are defined in the License.) +2. Both Source Code and executable versions of the Licensed Product, including Modifications made +by previous Contributors, are available for your use. (The terms "Licensed Product," +"Modifications," "Contributors" and "Source Code" are defined in the License.) -3. You are allowed to make Modifications to the Licensed Product, and you can create Derivative Works from it. (The term "Derivative Works" is defined in the License.) +3. You are allowed to make Modifications to the Licensed Product, and you can create Derivative +Works from it. (The term "Derivative Works" is defined in the License.) -4. By accepting the Licensed Product under the provisions of this License, you agree that any Modifications you make to the Licensed Product and then distribute are governed by the provisions of this License. In particular, you must make the Source Code of your Modifications available to others. +4. By accepting the Licensed Product under the provisions of this License, you agree that any +Modifications you make to the Licensed Product and then distribute are governed by the provisions +of this License. In particular, you must make the Source Code of your Modifications available to +others. -5. You may use the Licensed Product for any purpose, but the Licensor is not providing you any warranty whatsoever, nor is the Licensor accepting any liability in the event that the Licensed Product doesn't work properly or causes you any injury or damages. +5. You may use the Licensed Product for any purpose, but the Licensor is not providing you any +warranty whatsoever, nor is the Licensor accepting any liability in the event that the Licensed +Product doesn't work properly or causes you any injury or damages. -6. If you sublicense the Licensed Product or Derivative Works, you may charge fees for warranty or support, or for accepting indemnity or liability obligations to your customers. You cannot charge for the Source Code. +6. If you sublicense the Licensed Product or Derivative Works, you may charge fees for warranty or +support, or for accepting indemnity or liability obligations to your customers. You cannot charge +for the Source Code. -7. If you assert any patent claims against the Licensor relating to the Licensed Product, or if you breach any terms of the License, your rights to the Licensed Product under this License automatically terminate. +7. If you assert any patent claims against the Licensor relating to the Licensed Product, or if you +breach any terms of the License, your rights to the Licensed Product under this License +automatically terminate. -You may use this License to distribute your own Derivative Works, in which case the provisions of this License will apply to your Derivative Works just as they do to the original Licensed Product. +You may use this License to distribute your own Derivative Works, in which case the provisions of +this License will apply to your Derivative Works just as they do to the original Licensed Product. -Alternatively, you may distribute your Derivative Works under any other OSI-approved Open Source license, or under a proprietary license of your choice. If you use any license other than this License, however, you must continue to fulfill the requirements of this License (including the provisions relating to publishing the Source Code) for those portions of your Derivative Works that consist of the Licensed Product, including the files containing Modifications. +Alternatively, you may distribute your Derivative Works under any other OSI-approved Open Source +license, or under a proprietary license of your choice. If you use any license other than this +License, however, you must continue to fulfill the requirements of this License (including the +provisions relating to publishing the Source Code) for those portions of your Derivative Works that +consist of the Licensed Product, including the files containing Modifications. -New versions of this License may be published from time to time. You may choose to continue to use the license terms in this version of the License or those from the new version. However, only the Licensor has the right to change the License terms as they apply to the Licensed Product. This License relies on precise definitions for certain terms. Those terms are defined when they are first used, and the definitions are repeated for your convenience in a Glossary at the end of the License. +New versions of this License may be published from time to time. You may choose to continue to use +the license terms in this version of the License or those from the new version. However, only the +Licensor has the right to change the License terms as they apply to the Licensed Product. This +License relies on precise definitions for certain terms. Those terms are defined when they are +first used, and the definitions are repeated for your convenience in a Glossary at the end of the +License. License Terms 1. Grant of License From Licensor. -Licensor hereby grants you a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims, to do the following: +Licensor hereby grants you a world-wide, royalty-free, non-exclusive license, subject to third +party intellectual property claims, to do the following: - a. Use, reproduce, modify, display, perform, sublicense and distribute Licensed Product or portions thereof (including Modifications as hereinafter defined), in both Source Code or as an executable program. "Source Code" means the preferred form for making modifications to the Licensed Product, including all modules contained therein, plus any associated interface definition files, scripts used to control compilation and installation of an executable program, or a list of differential comparisons against the Source Code of the Licensed Product. + a. Use, reproduce, modify, display, perform, sublicense and distribute Licensed Product or +portions thereof (including Modifications as hereinafter defined), in both Source Code or as an +executable program. "Source Code" means the preferred form for making modifications to the Licensed +Product, including all modules contained therein, plus any associated interface definition files, +scripts used to control compilation and installation of an executable program, or a list of +differential comparisons against the Source Code of the Licensed Product. - b. Create Derivative Works (as that term is defined under Dutch copyright law) of Licensed Product by adding to or deleting from the substance or structure of said Licensed Product. + b. Create Derivative Works (as that term is defined under Dutch copyright law) of Licensed +Product by adding to or deleting from the substance or structure of said Licensed Product. - c. Under claims of patents now or hereafter owned or controlled by Licensor, to make, use, sell, offer for sale, have made, and/or otherwise dispose of Licensed Product or portions thereof, but solely to the extent that any such claim is necessary to enable you to make, use, sell, offer for sale, have made, and/or otherwise dispose of Licensed Product or portions thereof or Derivative Works thereof. + c. Under claims of patents now or hereafter owned or controlled by Licensor, to make, use, +sell, offer for sale, have made, and/or otherwise dispose of Licensed Product or portions thereof, +but solely to the extent that any such claim is necessary to enable you to make, use, sell, offer +for sale, have made, and/or otherwise dispose of Licensed Product or portions thereof or Derivative +Works thereof. 2. Grant of License to Modifications From Contributor. -"Modifications" means any additions to or deletions from the substance or structure of (i) a file containing Licensed Product, or (ii) any new file that contains any part of Licensed Product. Hereinafter in this License, the term "Licensed Product" shall include all previous Modifications that you receive from any Contributor. By application of the provisions in Section 4(a) below, each person or entity who created or contributed to the creation of, and distributed, a Modification (a "Contributor") hereby grants you a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims, to do the following: +"Modifications" means any additions to or deletions from the substance or structure of (i) a file +containing Licensed Product, or (ii) any new file that contains any part of Licensed Product. +Hereinafter in this License, the term "Licensed Product" shall include all previous Modifications +that you receive from any Contributor. By application of the provisions in Section 4(a) below, each +person or entity who created or contributed to the creation of, and distributed, a Modification (a +"Contributor") hereby grants you a world-wide, royalty-free, non-exclusive license, subject to +third party intellectual property claims, to do the following: - a. Use, reproduce, modify, display, perform, sublicense and distribute any Modifications created by such Contributor or portions thereof, in both Source Code or as an executable program, either on an unmodified basis or as part of Derivative Works. + a. Use, reproduce, modify, display, perform, sublicense and distribute any Modifications +created by such Contributor or portions thereof, in both Source Code or as an executable program, +either on an unmodified basis or as part of Derivative Works. - b. Under claims of patents now or hereafter owned or controlled by Contributor, to make, use, sell, offer for sale, have made, and/or otherwise dispose of Modifications or portions thereof, but solely to the extent that any such claim is necessary to enable you to make, use, sell, offer for sale, have made, and/or otherwise dispose of Modifications or portions thereof or Derivative Works thereof. + b. Under claims of patents now or hereafter owned or controlled by Contributor, to make, use, +sell, offer for sale, have made, and/or otherwise dispose of Modifications or portions thereof, but +solely to the extent that any such claim is necessary to enable you to make, use, sell, offer for +sale, have made, and/or otherwise dispose of Modifications or portions thereof or Derivative Works +thereof. 3. Exclusions From License Grant. -Nothing in this License shall be deemed to grant any rights to trademarks, copyrights, patents, trade secrets or any other intellectual property of Licensor or any Contributor except as expressly stated herein. No patent license is granted separate from the Licensed Product, for code that you delete from the Licensed Product, or for combinations of the Licensed Product with other software or hardware. No right is granted to the trademarks of Licensor or any Contributor even if such marks are included in the Licensed Product. Nothing in this License shall be interpreted to prohibit Licensor from licensing under different terms from this License any code that Licensor otherwise would have a right to license. +Nothing in this License shall be deemed to grant any rights to trademarks, copyrights, patents, +trade secrets or any other intellectual property of Licensor or any Contributor except as expressly +stated herein. No patent license is granted separate from the Licensed Product, for code that you +delete from the Licensed Product, or for combinations of the Licensed Product with other software +or hardware. No right is granted to the trademarks of Licensor or any Contributor even if such +marks are included in the Licensed Product. Nothing in this License shall be interpreted to +prohibit Licensor from licensing under different terms from this License any code that Licensor +otherwise would have a right to license. 4. Your Obligations Regarding Distribution. - a. Application of This License to Your Modifications. As an express condition for your use of the Licensed Product, you hereby agree that any Modifications that you create or to which you contribute, and which you distribute, are governed by the terms of this License including, without limitation, Section 2. Any Modifications that you create or to which you contribute may be distributed only under the terms of this License or a future version of this License released under Section 7. You must include a copy of this License with every copy of the Modifications you distribute. You agree not to offer or impose any terms on any Source Code or executable version of the Licensed Product or Modifications that alter or restrict the applicable version of this License or the recipients' rights hereunder. However, you may include an additional document offering the additional rights described in Section 4(e). - - b. Availability of Source Code. You must make available, under the terms of this License, the Source Code of the Licensed Product and any Modifications that you distribute, either on the same media as you distribute any executable or other form of the Licensed Product, or via a mechanism generally accepted in the software development community for the electronic transfer of data (an "Electronic Distribution Mechanism"). The Source Code for any version of Licensed Product or Modifications that you distribute must remain available for at least twelve (12) months after the date it initially became available, or at least six (6) months after a subsequent version of said Licensed Product or Modifications has been made available. You are responsible for ensuring that the Source Code version remains available even if the Electronic Distribution Mechanism is maintained by a third party. - - c. Description of Modifications. You must cause any Modifications that you create or to which you contribute, and which you distribute, to contain a file documenting the additions, changes or deletions you made to create or contribute to those Modifications, and the dates of any such additions, changes or deletions. You must include a prominent statement that the Modifications are derived, directly or indirectly, from the Licensed Product and include the names of the Licensor and any Contributor to the Licensed Product in (i) the Source Code and (ii) in any notice displayed by a version of the Licensed Product you distribute or in related documentation in which you describe the origin or ownership of the Licensed Product. You may not modify or delete any preexisting copyright notices in the Licensed Product. + a. Application of This License to Your Modifications. As an express condition for your use of +the Licensed Product, you hereby agree that any Modifications that you create or to which you +contribute, and which you distribute, are governed by the terms of this License including, without +limitation, Section 2. Any Modifications that you create or to which you contribute may be +distributed only under the terms of this License or a future version of this License released under +Section 7. You must include a copy of this License with every copy of the Modifications you +distribute. You agree not to offer or impose any terms on any Source Code or executable version of +the Licensed Product or Modifications that alter or restrict the applicable version of this License +or the recipients' rights hereunder. However, you may include an additional document offering the +additional rights described in Section 4(e). + + b. Availability of Source Code. You must make available, under the terms of this License, the +Source Code of the Licensed Product and any Modifications that you distribute, either on the same +media as you distribute any executable or other form of the Licensed Product, or via a mechanism +generally accepted in the software development community for the electronic transfer of data (an +"Electronic Distribution Mechanism"). The Source Code for any version of Licensed Product or +Modifications that you distribute must remain available for at least twelve (12) months after the +date it initially became available, or at least six (6) months after a subsequent version of said +Licensed Product or Modifications has been made available. You are responsible for ensuring that +the Source Code version remains available even if the Electronic Distribution Mechanism is +maintained by a third party. + + c. Description of Modifications. You must cause any Modifications that you create or to which +you contribute, and which you distribute, to contain a file documenting the additions, changes or +deletions you made to create or contribute to those Modifications, and the dates of any such +additions, changes or deletions. You must include a prominent statement that the Modifications are +derived, directly or indirectly, from the Licensed Product and include the names of the Licensor +and any Contributor to the Licensed Product in (i) the Source Code and (ii) in any notice displayed +by a version of the Licensed Product you distribute or in related documentation in which you +describe the origin or ownership of the Licensed Product. You may not modify or delete any +preexisting copyright notices in the Licensed Product. d. Intellectual Property Matters. - i. Third Party Claims. If you have knowledge that a license to a third party's intellectual property right is required to exercise the rights granted by this License, you must include a text file with the Source Code distribution titled "LEGAL" that describes the claim and the party making the claim in sufficient detail that a recipient will know whom to contact. If you obtain such knowledge after you make any Modifications available as described in Section 4(b), you shall promptly modify the LEGAL file in all copies you make available thereafter and shall take other steps (such as notifying appropriate mailing lists or newsgroups) reasonably calculated to inform those who received the Licensed Product from you that new knowledge has been obtained. - - ii. Contributor APIs. If your Modifications include an application programming interface ("API") and you have knowledge of patent licenses that are reasonably necessary to implement that API, you must also include this information in the LEGAL file. - - iii. Representations. You represent that, except as disclosed pursuant to 4(d)(i) above, you believe that any Modifications you distribute are your original creations and that you have sufficient rights to grant the rights conveyed by this License. - - e. Required Notices. You must duplicate this License in any documentation you provide along with the Source Code of any Modifications you create or to which you contribute, and which you distribute, wherever you describe recipients' rights relating to Licensed Product. You must duplicate the notice contained in Exhibit A (the "Notice") in each file of the Source Code of any copy you distribute of the Licensed Product. If you created a Modification, you may add your name as a Contributor to the Notice. If it is not possible to put the Notice in a particular Source Code file due to its structure, then you must include such Notice in a location (such as a relevant directory file) where a user would be likely to look for such a notice. You may choose to offer, and charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Licensed Product. However, you may do so only on your own behalf, and not on behalf of the Licensor or any Contributor. You must make it clear that any such warranty, support, indemnity or liability obligation is offered by you alone, and you hereby agree to indemnify the Licensor and every Contributor for any liability incurred by the Licensor or such Contributor as a result of warranty, support, indemnity or liability terms you offer. - - f. Distribution of Executable Versions. You may distribute Licensed Product as an executable program under a license of your choice that may contain terms different from this License provided (i) you have satisfied the requirements of Sections 4(a) through 4(e) for that distribution, (ii) you include a conspicuous notice in the executable version, related documentation and collateral materials stating that the Source Code version of the Licensed Product is available under the terms of this License, including a description of how and where you have fulfilled the obligations of Section 4(b), (iii) you retain all existing copyright notices in the Licensed Product, and (iv) you make it clear that any terms that differ from this License are offered by you alone, not by Licensor or any Contributor. You hereby agree to indemnify the Licensor and every Contributor for any liability incurred by Licensor or such Contributor as a result of any terms you offer. - - g. Distribution of Derivative Works. You may create Derivative Works (e.g., combinations of some or all of the Licensed Product with other code) and distribute the Derivative Works as products under any other license you select, with the proviso that the requirements of this License are fulfilled for those portions of the Derivative Works that consist of the Licensed Product or any Modifications thereto. + i. Third Party Claims. If you have knowledge that a license to a third party's +intellectual property right is required to exercise the rights granted by this License, you must +include a text file with the Source Code distribution titled "LEGAL" that describes the claim and +the party making the claim in sufficient detail that a recipient will know whom to contact. If you +obtain such knowledge after you make any Modifications available as described in Section 4(b), you +shall promptly modify the LEGAL file in all copies you make available thereafter and shall take +other steps (such as notifying appropriate mailing lists or newsgroups) reasonably calculated to +inform those who received the Licensed Product from you that new knowledge has been obtained. + + ii. Contributor APIs. If your Modifications include an application programming interface +("API") and you have knowledge of patent licenses that are reasonably necessary to implement that +API, you must also include this information in the LEGAL file. + + iii. Representations. You represent that, except as disclosed pursuant to 4(d)(i) above, +you believe that any Modifications you distribute are your original creations and that you have +sufficient rights to grant the rights conveyed by this License. + + e. Required Notices. You must duplicate this License in any documentation you provide along +with the Source Code of any Modifications you create or to which you contribute, and which you +distribute, wherever you describe recipients' rights relating to Licensed Product. You must +duplicate the notice contained in Exhibit A (the "Notice") in each file of the Source Code of any +copy you distribute of the Licensed Product. If you created a Modification, you may add your name +as a Contributor to the Notice. If it is not possible to put the Notice in a particular Source Code +file due to its structure, then you must include such Notice in a location (such as a relevant +directory file) where a user would be likely to look for such a notice. You may choose to offer, +and charge a fee for, warranty, support, indemnity or liability obligations to one or more +recipients of Licensed Product. However, you may do so only on your own behalf, and not on behalf +of the Licensor or any Contributor. You must make it clear that any such warranty, support, +indemnity or liability obligation is offered by you alone, and you hereby agree to indemnify the +Licensor and every Contributor for any liability incurred by the Licensor or such Contributor as a +result of warranty, support, indemnity or liability terms you offer. + + f. Distribution of Executable Versions. You may distribute Licensed Product as an executable +program under a license of your choice that may contain terms different from this License provided +(i) you have satisfied the requirements of Sections 4(a) through 4(e) for that distribution, (ii) +you include a conspicuous notice in the executable version, related documentation and collateral +materials stating that the Source Code version of the Licensed Product is available under the terms +of this License, including a description of how and where you have fulfilled the obligations of +Section 4(b), (iii) you retain all existing copyright notices in the Licensed Product, and (iv) you +make it clear that any terms that differ from this License are offered by you alone, not by +Licensor or any Contributor. You hereby agree to indemnify the Licensor and every Contributor for +any liability incurred by Licensor or such Contributor as a result of any terms you offer. + + g. Distribution of Derivative Works. You may create Derivative Works (e.g., combinations of +some or all of the Licensed Product with other code) and distribute the Derivative Works as +products under any other license you select, with the proviso that the requirements of this License +are fulfilled for those portions of the Derivative Works that consist of the Licensed Product or +any Modifications thereto. 5. Inability to Comply Due to Statute or Regulation. -If it is impossible for you to comply with any of the terms of this License with respect to some or all of the Licensed Product due to statute, judicial order, or regulation, then you must (i) comply with the terms of this License to the maximum extent possible, (ii) cite the statute or regulation that prohibits you from adhering to the License, and (iii) describe the limitations and the code they affect. Such description must be included in the LEGAL file described in Section 4(d), and must be included with all distributions of the Source Code. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill at computer programming to be able to understand it. +If it is impossible for you to comply with any of the terms of this License with respect to some or +all of the Licensed Product due to statute, judicial order, or regulation, then you must (i) comply +with the terms of this License to the maximum extent possible, (ii) cite the statute or regulation +that prohibits you from adhering to the License, and (iii) describe the limitations and the code +they affect. Such description must be included in the LEGAL file described in Section 4(d), and +must be included with all distributions of the Source Code. Except to the extent prohibited by +statute or regulation, such description must be sufficiently detailed for a recipient of ordinary +skill at computer programming to be able to understand it. 6. Application of This License. -This License applies to code to which Licensor or Contributor has attached the Notice in Exhibit A, which is incorporated herein by this reference. +This License applies to code to which Licensor or Contributor has attached the Notice in Exhibit A, +which is incorporated herein by this reference. 7. Versions of This License. - a. Version. The Motosoto Open Source License is derived from the Jabber Open Source License. All changes are related to applicable law and the location of court. + a. Version. The Motosoto Open Source License is derived from the Jabber Open Source License. +All changes are related to applicable law and the location of court. - b. New Versions. Licensor may publish from time to time revised and/or new versions of the License. + b. New Versions. Licensor may publish from time to time revised and/or new versions of the +License. - c. Effect of New Versions. Once Licensed Product has been published under a particular version of the License, you may always continue to use it under the terms of that version. You may also choose to use such Licensed Product under the terms of any subsequent version of the License published by Licensor. No one other than Lic ensor has the right to modify the terms applicable to Licensed Product created under this License. + c. Effect of New Versions. Once Licensed Product has been published under a particular version +of the License, you may always continue to use it under the terms of that version. You may also +choose to use such Licensed Product under the terms of any subsequent version of the License +published by Licensor. No one other than Lic ensor has the right to modify the terms applicable to +Licensed Product created under this License. - d. Derivative Works of this License. If you create or use a modified version of this License, which you may do only in order to apply it to software that is not already a Licensed Product under this License, you must rename your license so that it is not confusingly similar to this License, and must make it clear that your license contains terms that differ from this License. In so naming your license, you may not use any trademark of Licensor or any Contributor. + d. Derivative Works of this License. If you create or use a modified version of this License, +which you may do only in order to apply it to software that is not already a Licensed Product under +this License, you must rename your license so that it is not confusingly similar to this License, +and must make it clear that your license contains terms that differ from this License. In so naming +your license, you may not use any trademark of Licensor or any Contributor. 8. Disclaimer of Warranty. -LICENSED PRODUCT IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE LICENSED PRODUCT IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LICENSED PRODUCT IS WITH YOU. SHOULD LICENSED PRODUCT PROVE DEFECTIVE IN ANY RESPECT, YOU (AND NOT THE LICENSOR OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF LICENSED PRODUCT IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. +LICENSED PRODUCT IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, +EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE LICENSED PRODUCT IS +FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE LICENSED PRODUCT IS WITH YOU. SHOULD LICENSED PRODUCT PROVE +DEFECTIVE IN ANY RESPECT, YOU (AND NOT THE LICENSOR OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF +ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL +PART OF THIS LICENSE. NO USE OF LICENSED PRODUCT IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS +DISCLAIMER. 9. Termination. - a. Automatic Termination Upon Breach. This license and the rights granted hereunder will terminate automatically if you fail to comply with the terms herein and fail to cure such breach within thirty (30) days of becoming aware of the breach. All sublicenses to the Licensed Product that are properly granted shall survive any termination of this license. Provisions that, by their nature, must remain in effect beyond the termination of this License, shall survive. - - b. Termination Upon Assertion of Patent Infringement. If you initiate litigation by asserting a patent infringement claim (excluding declaratory judgment actions) against Licensor or a Contributor (Licensor or Contributor against whom you file such an action is referred to herein as "Respondent") alleging that Licensed Product directly or indirectly infringes any patent, then any and all rights granted by such Respondent to you under Sections 1 or 2 of this License shall terminate prospectively upon sixty (60) days notice from Respondent (the "Notice Period") unless within that Notice Period you either agree in writing (i) to pay Respondent a mutually agreeable reasonably royalty for your past or future use of Licensed Product made by such Respondent, or (ii) withdraw your litigation claim with respect to Licensed Product against such Respondent. If within said Notice Period a reasonable royalty and payment arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Licensor to you under Sections 1 and 2 automatically terminate at the expiration of said Notice Period. - - c. Reasonable Value of This License. If you assert a patent infringement claim against Respondent alleging that Licensed Product directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by said Respondent under Sections 1 and 2 shall be taken into account in determining the amount or value of any payment or license. - - d. No Retroactive Effect of Termination. In the event of termination under Sections 9(a) or 9(b) above, all end user license agreements (excluding licenses to distributors and reselle rs) that have been validly granted by you or any distributor hereunder prior to termination shall survive termination. + a. Automatic Termination Upon Breach. This license and the rights granted hereunder will +terminate automatically if you fail to comply with the terms herein and fail to cure such breach +within thirty (30) days of becoming aware of the breach. All sublicenses to the Licensed Product +that are properly granted shall survive any termination of this license. Provisions that, by their +nature, must remain in effect beyond the termination of this License, shall survive. + + b. Termination Upon Assertion of Patent Infringement. If you initiate litigation by asserting +a patent infringement claim (excluding declaratory judgment actions) against Licensor or a +Contributor (Licensor or Contributor against whom you file such an action is referred to herein as +"Respondent") alleging that Licensed Product directly or indirectly infringes any patent, then any +and all rights granted by such Respondent to you under Sections 1 or 2 of this License shall +terminate prospectively upon sixty (60) days notice from Respondent (the "Notice Period") unless +within that Notice Period you either agree in writing (i) to pay Respondent a mutually agreeable +reasonably royalty for your past or future use of Licensed Product made by such Respondent, or (ii) +withdraw your litigation claim with respect to Licensed Product against such Respondent. If within +said Notice Period a reasonable royalty and payment arrangement are not mutually agreed upon in +writing by the parties or the litigation claim is not withdrawn, the rights granted by Licensor to +you under Sections 1 and 2 automatically terminate at the expiration of said Notice Period. + + c. Reasonable Value of This License. If you assert a patent infringement claim against +Respondent alleging that Licensed Product directly or indirectly infringes any patent where such +claim is resolved (such as by license or settlement) prior to the initiation of patent infringement +litigation, then the reasonable value of the licenses granted by said Respondent under Sections 1 +and 2 shall be taken into account in determining the amount or value of any payment or license. + + d. No Retroactive Effect of Termination. In the event of termination under Sections 9(a) or +9(b) above, all end user license agreements (excluding licenses to distributors and reselle rs) +that have been validly granted by you or any distributor hereunder prior to termination shall +survive termination. 10. Limitation of Liability. -UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL THE LICENSOR, ANY CONTRIBUTOR, OR ANY DISTRIBUTOR OF LICENSED PRODUCT, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY +UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR +OTHERWISE, SHALL THE LICENSOR, ANY CONTRIBUTOR, OR ANY DISTRIBUTOR OF LICENSED PRODUCT, OR ANY +SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR +CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, +WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, +EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF +LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY's +NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE  +EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY  +NOT APPLY TO YOU. + +11. Responsibility for Claims.  + +As between Licensor and Contributors, each party is responsible for claims and damages arising,  +directly or indirectly, out of its utilization of rights under this License. You agree to work with  +Licensor and Contributors to distribute such responsibility on an equitable basis. Nothing herein is  +intended or shall be deemed to constitute any admission of liability. + +12. U.S. Government End Users.  + +The Licensed Product is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995),  +consisting of "commercial computer software" and "commercial computer software documentation,"  +as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and  +48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire  +Licensed Product with only those rights set forth herein. + +13. Miscellaneous.  +This License represents the complete agreement concerning the subject matter hereof. If any  +provision of this License is held to be unenforceable, such provision shall be reformed only  +to the extent necessary to make it enforceable. This License shall be governed by Dutch law  +provisions. The application of the United Nations Convention on Contracts for the International  +Sale of Goods is expressly excluded. You and Licensor expressly waive any rights to a jury trial  +in any litigation concerning Licensed Product or this License. Any law or regulation that provides  +that the language of a contract shall be construed against the drafter shall not apply to this License. + +14. Definition of "You" in This License.  +"You" throughout this License, whether in upper or lower case, means an individual or a legal entity  +exercising rights under, and complying with all of the terms of, this License or a future version of  +this License issued under Section 7. For legal entities, "you" includes any entity that controls, is  +controlled by, or is under common control with you. For purposes of this definition, "control" means  +(i) the power, direct or indirect, to cause the direction or management of such entity, whether by  +contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares,  +or (iii) beneficial ownership of such entity. + +15. Glossary. +All defined terms in this License that are used in more than one Section of this License are  +repeated here, in alphabetical order, for the convenience of the reader. The Section of this  +License in which each defined term is first used is shown in parentheses.  + +Contributor: Each person or entity who created or contributed to the creation of, and distributed, a Modification. (See Section 2) + +Derivative Works: That term as used in this License is defined under Dutch copyright law. (See Section 1(b)) + +License: This Motosoto Open Source License. (See first paragraph of License) + +Licensed Product: Any Motosoto Product licensed pursuant to this License. The term +"Licensed Product" includes all previous Modifications from any Contributor that you receive.  +(See first paragraph of License and Section 2) + +Licensor: Motosoto.Com B.V.. (See first paragraph of License) + +Modifications: Any additions to or deletions from the substance or structure of (i) a file  +containing Licensed Product, or (ii) any new file that contains any part of Licensed Product. (See Section 2) + +Notice: The notice contained in Exhibit A. (See Section 4(e)) + +Source Code: The preferred form for making modifications to the Licensed Product, including  +all modules contained therein, plus any associated interface definition files, scripts used  +to control compilation and installation of an executable program, or a list of differential  +comparisons against the Source Code of the Licensed Product. (See Section 1(a)) + +You: This term is defined in Section 14 of this License. +  +EXHIBIT A +The Notice below must appear in each file of the Source Code of any copy you distribute of the Licensed Product or any Modifications thereto. Contributors to any Modifications may add their own copyright notices to identify their own contributions. + +License: +The contents of this file are subject to the Motosoto Open Source License Version 0.9 (the "License"). You may not copy or use this file, in either source code or executable form, except in compliance with the License. You may obtain a copy of the License at http://www.motosoto.com/license/ or at http://www.opensource.org/. + +Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. + +Copyrights: +Portions created by or assigned to Motosoto.com B.V. are Copyright (c) 2000-2001 Motosoto.com B.V. +All Rights Reserved. Contact information for Motosoto.com B.V. is available at http://www.motosoto.com/. + +Acknowledgements +Special thanks to the Motosoto Open Source Contributors for their suggestions and support of Motosoto. + +Modifications: diff --git a/src/main/resources/licenses/NCBI-PD.txt b/src/main/resources/licenses/NCBI-PD.txt new file mode 100644 index 0000000000..d838cf36b9 --- /dev/null +++ b/src/main/resources/licenses/NCBI-PD.txt @@ -0,0 +1,19 @@ +PUBLIC DOMAIN NOTICE +National Center for Biotechnology Information + +This software is a "United States Government Work" under the terms of the +United States Copyright Act. It was written as part of the authors' +official duties as United States Government employees and thus cannot +be copyrighted. This software is freely available to the public for +use. The National Library of Medicine and the U.S. Government have not +placed any restriction on its use or reproduction. + +Although all reasonable efforts have been taken to ensure the accuracy +and reliability of the software and data, the NLM and the U.S. +Government do not and cannot warrant the performance or results that +may be obtained by using this software or data. The NLM and the U.S. +Government disclaim all warranties, express or implied, including +warranties of performance, merchantability or fitness for any +particular purpose. + +Please cite the author in any work or product based on this material. diff --git a/src/main/resources/licenses/NCGL-UK-2.0.txt b/src/main/resources/licenses/NCGL-UK-2.0.txt index 31fbad6f83..15c4f63c22 100644 --- a/src/main/resources/licenses/NCGL-UK-2.0.txt +++ b/src/main/resources/licenses/NCGL-UK-2.0.txt @@ -12,15 +12,15 @@ The Licensor grants you a worldwide, royalty-free, perpetual, non-exclusive lice This licence does not affect your freedom under fair dealing or fair use or any other copyright or database right exceptions and limitations. You are free to: - copy, publish, distribute and transmit the Information; + copy, publish, distribute and transmit the Information; adapt the Information; exploit the Information for Non-Commercial purposes for example, by combining it with other information in your own product or application. You are not permitted to: - exercise any of the rights granted to you by this licence in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation. + exercise any of the rights granted to you by this licence in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation. You must, where you do any of the above: - acknowledge the source of the Information by including any attribution statement specified by the Information Provider(s) and, where possible, provide a link to this licence; + acknowledge the source of the Information by including any attribution statement specified by the Information Provider(s) and, where possible, provide a link to this licence; If the Information Provider does not provide a specific attribution statement, you must use the following: Contains information licensed under the Non-Commercial Government Licence v2.0. diff --git a/src/main/resources/licenses/NCL.txt b/src/main/resources/licenses/NCL.txt new file mode 100644 index 0000000000..3bfb658c26 --- /dev/null +++ b/src/main/resources/licenses/NCL.txt @@ -0,0 +1,32 @@ +Copyright (c) 2004 the University Corporation for Atmospheric +Research ("UCAR"). All rights reserved. Developed by NCAR's +Computational and Information Systems Laboratory, UCAR, +www.cisl.ucar.edu. + +Redistribution and use of the Software in source and binary forms, +with or without modification, is permitted provided that the +following conditions are met: + +- Neither the names of NCAR's Computational and Information Systems +Laboratory, the University Corporation for Atmospheric Research, +nor the names of its sponsors or contributors may be used to +endorse or promote products derived from this Software without +specific prior written permission. + +- Redistributions of source code must retain the above copyright +notices, this list of conditions, and the disclaimer below. + +- Redistributions in binary form must reproduce the above copyright +notice, this list of conditions, and the disclaimer below in the +documentation and/or other materials provided with the +distribution. + +THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT +HOLDERS BE LIABLE FOR ANY CLAIM, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES OR OTHER LIABILITY, WHETHER IN AN +ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE +SOFTWARE. diff --git a/src/main/resources/licenses/NICTA-1.0.txt b/src/main/resources/licenses/NICTA-1.0.txt new file mode 100644 index 0000000000..04622e308d --- /dev/null +++ b/src/main/resources/licenses/NICTA-1.0.txt @@ -0,0 +1,61 @@ +NICTA Public Software Licence +Version 1.0 + +Copyright Š 2004 National ICT Australia Ltd + +All rights reserved. + +By this licence, National ICT Australia Ltd (NICTA) grants permission, +free of charge, to any person who obtains a copy of this software +and any associated documentation files ("the Software") to use and +deal with the Software in source code and binary forms without +restriction, with or without modification, and to permit persons +to whom the Software is furnished to do so, provided that the +following conditions are met: + +- Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimers. +- Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimers in + the documentation and/or other materials provided with the + distribution. +- The name of NICTA may not be used to endorse or promote products + derived from this Software without specific prior written permission. + +EXCEPT AS EXPRESSLY STATED IN THIS LICENCE AND TO THE FULL EXTENT +PERMITTED BY APPLICABLE LAW, THE SOFTWARE IS PROVIDED "AS-IS" AND +NICTA MAKES NO REPRESENTATIONS, WARRANTIES OR CONDITIONS OF ANY +KIND, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY +REPRESENTATIONS, WARRANTIES OR CONDITIONS REGARDING THE CONTENTS +OR ACCURACY OF THE SOFTWARE, OR OF TITLE, MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, THE ABSENCE OF LATENT +OR OTHER DEFECTS, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR +NOT DISCOVERABLE. + +TO THE FULL EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL +NICTA BE LIABLE ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, +NEGLIGENCE) FOR ANY LOSS OR DAMAGE WHATSOEVER, INCLUDING (WITHOUT +LIMITATION) LOSS OF PRODUCTION OR OPERATION TIME, LOSS, DAMAGE OR +CORRUPTION OF DATA OR RECORDS; OR LOSS OF ANTICIPATED SAVINGS, +OPPORTUNITY, REVENUE, PROFIT OR GOODWILL, OR OTHER ECONOMIC LOSS; +OR ANY SPECIAL, INCIDENTAL, INDIRECT, CONSEQUENTIAL, PUNITIVE OR +EXEMPLARY DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS LICENCE, +THE SOFTWARE OR THE USE OF THE SOFTWARE, EVEN IF NICTA HAS BEEN +ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +If applicable legislation implies warranties or conditions, or +imposes obligations or liability on NICTA in respect of the Software +that cannot be wholly or partly excluded, restricted or modified, +NICTA's liability is limited, to the full extent permitted by the +applicable legislation, at its option, to: + +a. in the case of goods, any one or more of the following: + i. the replacement of the goods or the supply of equivalent goods; + ii. the repair of the goods; + iii. the payment of the cost of replacing the goods or of acquiring + equivalent goods; + iv. the payment of the cost of having the goods repaired; or +b. in the case of services: + i. the supplying of the services again; or + ii. the payment of the cost of having the services supplied + again. diff --git a/src/main/resources/licenses/NIST-Software.txt b/src/main/resources/licenses/NIST-Software.txt new file mode 100644 index 0000000000..0ae22d9052 --- /dev/null +++ b/src/main/resources/licenses/NIST-Software.txt @@ -0,0 +1,28 @@ +NIST-developed software is provided by NIST as a public service. +You may use, copy, and distribute copies of the software in any +medium, provided that you keep intact this entire notice. You may +improve, modify, and create derivative works of the software or any +portion of the software, and you may copy and distribute such +modifications or works. Modified works should carry a notice stating +that you changed the software and should note the date and nature of +any such change. Please explicitly acknowledge the National Institute +of Standards and Technology as the source of the software. + +NIST-developed software is expressly provided "AS IS." NIST MAKES NO +WARRANTY OF ANY KIND, EXPRESS, IMPLIED, IN FACT, OR ARISING BY OPERATION +OF LAW, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND DATA ACCURACY. NIST +NEITHER REPRESENTS NOR WARRANTS THAT THE OPERATION OF THE SOFTWARE WILL BE +UNINTERRUPTED OR ERROR-FREE, OR THAT ANY DEFECTS WILL BE CORRECTED. NIST DOES +NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF THE SOFTWARE OR +THE RESULTS THEREOF, INCLUDING BUT NOT LIMITED TO THE CORRECTNESS, ACCURACY, +RELIABILITY, OR USEFULNESS OF THE SOFTWARE. + +You are solely responsible for determining the appropriateness of using and +distributing the software and you assume all risks associated with its use, +including but not limited to the risks and costs of program errors, compliance +with applicable laws, damage to or loss of data, programs or equipment, and the +unavailability or interruption of operation. This software is not intended to be +used in any situation where a failure could cause risk of injury or damage to +property. The software developed by NIST employees is not subject to copyright +protection within the United States. diff --git a/src/main/resources/licenses/NPL-1.0.txt b/src/main/resources/licenses/NPL-1.0.txt index 7a5030e9f7..65983791a2 100644 --- a/src/main/resources/licenses/NPL-1.0.txt +++ b/src/main/resources/licenses/NPL-1.0.txt @@ -8,20 +8,20 @@ NETSCAPE PUBLIC LICENSE Version 1.0 1.3. ``Covered Code'' means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof. 1.4. ``Electronic Distribution Mechanism'' means a mechanism generally accepted in the software development community for the electronic transfer of data. 1.5. ``Executable'' means Covered Code in any form other than Source Code. - 1.6. ``Initial Developer'' means the individual or entity identified as the Initial Developer in the Source Code notice required byExhibit A. + 1.6. ``Initial Developer'' means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhibit A. 1.7. ``Larger Work'' means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. 1.8. ``License'' means this document. 1.9. ``Modifications'' means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications. B. Any new file that contains any part of the Original Code or previous Modifications. - 1.10. ``Original Code'' means Source Code of computer software code which is described in the Source Code notice required byExhibit A as Original Code, and which, at the time of its release under this License is not already Covered Code governed by this License. + 1.10. ``Original Code'' means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code, and which, at the time of its release under this License is not already Covered Code governed by this License. 1.11. ``Source Code'' means the preferred form of the Covered Code for making modifications to it, including all modules it contains, plus any associated interface definition files, scripts used to control compilation and installation of an Executable, or a list of source code differential comparisons against either the Original Code or another well known, available Covered Code of the Contributor's choice. The Source Code can be in a compressed or archival form, provided the appropriate decompression or de-archiving software is widely available for no charge. 1.12. ``You'' means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License or a future version of this License issued under Section 6.1. For legal entities, ``You'' includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, ``control'' means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of fifty percent (50%) or more of the outstanding shares or beneficial ownership of such entity. 2. Source Code License. 2.1. The Initial Developer Grant. The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims: - a) to use, reproduce, modify, display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, or as part of a Larger Work; and + (a) to use, reproduce, modify, display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, or as part of a Larger Work; and (b) under patents now or hereafter owned or controlled by Initial Developer, to make, have made, use and sell (``Utilize'') the Original Code (or portions thereof), but solely to the extent that any such patent is reasonably necessary to enable You to Utilize the Original Code (or portions thereof) and not to any greater extent that may be necessary to Utilize further Modifications or combinations. 2.2. Contributor Grant. Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims: diff --git a/src/main/resources/licenses/NPL-1.1.txt b/src/main/resources/licenses/NPL-1.1.txt index 62c5296400..0d5457ff04 100644 --- a/src/main/resources/licenses/NPL-1.1.txt +++ b/src/main/resources/licenses/NPL-1.1.txt @@ -2,7 +2,7 @@ Netscape Public LIcense version 1.1 AMENDMENTS -The Netscape Public License Version 1.1 ("NPL") consists of the Mozilla Public License Version 1.1 with the following Amendments, including Exhibit A-Netscape Public License.  Files identified with "Exhibit A-Netscape Public License" are governed by the Netscape Public License Version 1.1. +The Netscape Public License Version 1.1 ("NPL") consists of the Mozilla Public License Version 1.1 with the following Amendments, including Exhibit A-Netscape Public License. Files identified with "Exhibit A-Netscape Public License" are governed by the Netscape Public License Version 1.1. Additional Terms applicable to the Netscape Public License. @@ -28,7 +28,7 @@ Additional Terms applicable to the Netscape Public License. Notwithstanding the limitations of Section 11 above, the provisions regarding litigation in Section 11(a), (b) and (c) of the License shall apply to all disputes relating to this License. EXHIBIT A-Netscape Public License. -   + "The contents of this file are subject to the Netscape Public License Version 1.1 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.mozilla.org/NPL/ Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. @@ -37,8 +37,8 @@ The Original Code is Mozilla Communicator client code, released March 31, 1998. The Initial Developer of the Original Code is Netscape Communications Corporation. Portions created by Netscape are Copyright (C) 1998-1999 Netscape Communications Corporation. All Rights Reserved. Contributor(s): ______________________________________. -   -Alternatively, the contents of this file may be used under the terms of the _____ license (the  "[___] License"), in which case the provisions of [______] License are applicable  instead of those above.  If you wish to allow use of your version of this file only under the terms of the [____] License and not to allow others to use your version of this file under the NPL, indicate your decision by deleting  the provisions above and replace  them with the notice and other provisions required by the [___] License.  If you do not delete the provisions above, a recipient may use your version of this file under either the NPL or the [___] License." + +Alternatively, the contents of this file may be used under the terms of the _____ license (the "[___] License"), in which case the provisions of [______] License are applicable instead of those above. If you wish to allow use of your version of this file only under the terms of the [____] License and not to allow others to use your version of this file under the NPL, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the [___] License. If you do not delete the provisions above, a recipient may use your version of this file under either the NPL or the [___] License." Mozilla Public License Version 1.1 diff --git a/src/main/resources/licenses/Nokia-Qt-exception-1.1.txt b/src/main/resources/licenses/Nokia-Qt-exception-1.1.txt new file mode 100644 index 0000000000..b4ec52b7a1 --- /dev/null +++ b/src/main/resources/licenses/Nokia-Qt-exception-1.1.txt @@ -0,0 +1,16 @@ +Nokia Qt LGPL Exception version 1.1 + +As an additional permission to the GNU Lesser General Public License version 2.1, the object code form of a "work that uses the Library" may incorporate material from a header file that is part of the Library. You may distribute such object code under terms of your choice, provided that: + + (i) the header files of the Library have not been modified; and + (ii) the incorporated material is limited to numerical parameters, data structure layouts, accessors, macros, inline functions and templates; and + (iii) you comply with the terms of Section 6 of the GNU Lesser General Public License version 2.1. + +Moreover, you may apply this exception to a modified version of the Library, provided that such modification does not involve copying material from the Library into the modified Library's header files unless such material is limited to + + (i) numerical parameters; + (ii) data structure layouts; + (iii) accessors; and + (iv) small macros, templates and inline functions of five lines or less in length. + +Furthermore, you are not required to apply this additional permission to a modified version of the Library. diff --git a/src/main/resources/licenses/Nunit.txt b/src/main/resources/licenses/Nunit.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/Nunit.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/OAR.txt b/src/main/resources/licenses/OAR.txt new file mode 100644 index 0000000000..ca5c4b9617 --- /dev/null +++ b/src/main/resources/licenses/OAR.txt @@ -0,0 +1,12 @@ +COPYRIGHT (c) 1989-2013, 2015. +On-Line Applications Research Corporation (OAR). + +Permission to use, copy, modify, and distribute this software for any +purpose without fee is hereby granted, provided that this entire notice +is included in all copies of any software which is or includes a copy +or modification of this software. + +THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED +WARRANTY. IN PARTICULAR, THE AUTHOR MAKES NO REPRESENTATION +OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY OF THIS +SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE. diff --git a/src/main/resources/licenses/OCCT-PL.txt b/src/main/resources/licenses/OCCT-PL.txt index 85df3c73c5..9b6fccc1c9 100644 --- a/src/main/resources/licenses/OCCT-PL.txt +++ b/src/main/resources/licenses/OCCT-PL.txt @@ -6,7 +6,7 @@ OPEN CASCADE releases and makes publicly available the source code of the softwa It is not the purpose of this license to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this license has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. Please read this license carefully and completely before downloading this software. By downloading, using, modifying, distributing and sublicensing this software, you indicate your acceptance to be bound by the terms and conditions of this license. If you do not want to accept or cannot accept for any reasons the terms and conditions of this license, please do not download or use in any manner this software. -  + 1. Definitions Unless there is something in the subject matter or in the context inconsistent therewith, the capitalized terms used in this License shall have the following meaning. @@ -26,13 +26,13 @@ Unless there is something in the subject matter or in the context inconsistent t "Software": means the Original Code, the Modifications, the combination of Original Code and any Modifications or any respective portions thereof. "You" or "Your": means an individual or a legal entity exercising rights under this License -  + 2. Acceptance of license By using, reproducing, modifying, distributing or sublicensing the Software or any portion thereof, You expressly indicate Your acceptance of the terms and conditions of this License and undertake to act in accordance with all the provisions of this License applicable to You. -  + 3. Scope and purpose This License applies to the Software and You may not use, reproduce, modify, distribute, sublicense or circulate the Software, or any portion thereof, except as expressly provided under this License. Any attempt to otherwise use, reproduce, modify, distribute or sublicense the Software is void and will automatically terminate Your rights under this License. -  + 4. Contributor license Subject to the terms and conditions of this License, the Initial Developer and each of the Contributors hereby grant You a world-wide, royalty-free, irrevocable and non-exclusive license under the Applicable Intellectual Property Rights they own or control, to use, reproduce, modify, distribute and sublicense the Software provided that: diff --git a/src/main/resources/licenses/OCCT-exception-1.0.txt b/src/main/resources/licenses/OCCT-exception-1.0.txt new file mode 100644 index 0000000000..d41c35bff5 --- /dev/null +++ b/src/main/resources/licenses/OCCT-exception-1.0.txt @@ -0,0 +1,3 @@ +Open CASCADE Exception (version 1.0) to GNU LGPL version 2.1. + +The object code (i.e. not a source) form of a "work that uses the Library" can incorporate material from a header file that is part of the Library. As a special exception to the GNU Lesser General Public License version 2.1, you may distribute such object code incorporating material from header files provided with the Open CASCADE Technology libraries (including code of CDL generic classes) under terms of your choice, provided that you give prominent notice in supporting documentation to this code that it makes use of or is based on facilities provided by the Open CASCADE Technology software. diff --git a/src/main/resources/licenses/OCaml-LGPL-linking-exception.txt b/src/main/resources/licenses/OCaml-LGPL-linking-exception.txt new file mode 100644 index 0000000000..7fc88d7307 --- /dev/null +++ b/src/main/resources/licenses/OCaml-LGPL-linking-exception.txt @@ -0,0 +1 @@ +As a special exception to the GNU Lesser General Public License, you may link, statically or dynamically, a "work that uses the OCaml Core System" with a publicly distributed version of the OCaml Core System to produce an executable file containing portions of the OCaml Core System, and distribute that executable file under terms of your choice, without any of the additional requirements listed in clause 6 of the GNU Lesser General Public License. By "a publicly distributed version of the OCaml Core System", we mean either the unmodified OCaml Core System as distributed by INRIA, or a modified version of the OCaml Core System that is distributed under the conditions defined in clause 2 of the GNU Lesser General Public License. This exception does not however invalidate any other reasons why the executable file might be covered by the GNU Lesser General Public License. diff --git a/src/main/resources/licenses/OFFIS.txt b/src/main/resources/licenses/OFFIS.txt new file mode 100644 index 0000000000..ad48f181c3 --- /dev/null +++ b/src/main/resources/licenses/OFFIS.txt @@ -0,0 +1,22 @@ +Copyright (C) 1994-2001, OFFIS + +This software and supporting documentation were developed by + +Kuratorium OFFIS e.V. +Healthcare Information and Communication Systems +Escherweg 2 +D-26121 Oldenburg, Germany + +THIS SOFTWARE IS MADE AVAILABLE, AS IS, AND OFFIS MAKES NO WARRANTY +REGARDING THE SOFTWARE, ITS PERFORMANCE, ITS MERCHANTABILITY OR +FITNESS FOR ANY PARTICULAR USE, FREEDOM FROM ANY COMPUTER DISEASES OR +ITS CONFORMITY TO ANY SPECIFICATION. THE ENTIRE RISK AS TO QUALITY AND +PERFORMANCE OF THE SOFTWARE IS WITH THE USER. + +Copyright of the software and supporting documentation is, unless +otherwise stated, owned by OFFIS, and free access is hereby granted as +a license to use this software, copy this software and prepare +derivative works based upon this software. However, any distribution +of this software source code or supporting documentation or derivative +works (source code and supporting documentation) must include the +three paragraphs of this copyright notice. diff --git a/src/main/resources/licenses/OGL-UK-1.0.txt b/src/main/resources/licenses/OGL-UK-1.0.txt index a761c9916f..867c0e353b 100644 --- a/src/main/resources/licenses/OGL-UK-1.0.txt +++ b/src/main/resources/licenses/OGL-UK-1.0.txt @@ -10,20 +10,20 @@ The Licensor grants you a worldwide, royalty-free, perpetual, non-exclusive lice This licence does not affect your freedom under fair dealing or fair use or any other copyright or database right exceptions and limitations. You are free to: - copy, publish, distribute and transmit the Information; + copy, publish, distribute and transmit the Information; adapt the Information; exploit the Information commercially for example, by combining it with other Information, or by including it in your own product or application. You must, where you do any of the above: - acknowledge the source of the Information by including any attribution statement specified by the Information Provider(s) and, where possible, provide a link to this licence; -  If the Information Provider does not provide a specific attribution statement, or if you are using Information from several Information Providers and multiple attributions are not practical in your product or application, you may consider using the following:
 Contains public sector information licensed under the Open Government Licence v1.0. + acknowledge the source of the Information by including any attribution statement specified by the Information Provider(s) and, where possible, provide a link to this licence; + If the Information Provider does not provide a specific attribution statement, or if you are using Information from several Information Providers and multiple attributions are not practical in your product or application, you may consider using the following: Contains public sector information licensed under the Open Government Licence v1.0. ensure that you do not use the Information in a way that suggests any official status or that the Information Provider endorses you or your use of the Information; ensure that you do not mislead others or misrepresent the Information or its source; ensure that your use of the Information does not breach the Data Protection Act 1998 or the Privacy and Electronic Communications (EC Directive) Regulations 2003. These are important conditions of this licence and if you fail to comply with them the rights granted to you under this licence, or any similar licence granted by the Licensor, will end automatically. - Exemptions + Exemptions This licence does not cover the use of: - personal data in the Information; @@ -48,22 +48,22 @@ Definitions In this licence, the terms below have the following meanings: -‘Information’
means information protected by copyright or by database right (for example, literary and artistic works, content, data and source code) offered for use under the terms of this licence. +‘Information’ means information protected by copyright or by database right (for example, literary and artistic works, content, data and source code) offered for use under the terms of this licence. -‘Information Provider’
means the person or organisation providing the Information under this licence. +‘Information Provider’ means the person or organisation providing the Information under this licence. -‘Licensor’
means any Information Provider which has the authority to offer Information under the terms of this licence or the Controller of Her Majesty’s Stationery Office, who has the authority to offer Information subject to Crown copyright and Crown database rights and Information subject to copyright and database right that has been assigned to or acquired by the Crown, under the terms of this licence. +‘Licensor’ means any Information Provider which has the authority to offer Information under the terms of this licence or the Controller of Her Majesty’s Stationery Office, who has the authority to offer Information subject to Crown copyright and Crown database rights and Information subject to copyright and database right that has been assigned to or acquired by the Crown, under the terms of this licence. -‘Use’
as a verb, means doing any act which is restricted by copyright or database right, whether in the original medium or in any other medium, and includes without limitation distributing, copying, adapting, modifying as may be technically necessary to use it in a different mode or format. +‘Use’ as a verb, means doing any act which is restricted by copyright or database right, whether in the original medium or in any other medium, and includes without limitation distributing, copying, adapting, modifying as may be technically necessary to use it in a different mode or format. -‘You’
means the natural or legal person, or body of persons corporate or incorporate, acquiring rights under this licence. +‘You’ means the natural or legal person, or body of persons corporate or incorporate, acquiring rights under this licence. About the Open Government Licence The Controller of Her Majesty’s Stationery Office (HMSO) has developed this licence as a tool to enable Information Providers in the public sector to license the use and re-use of their Information under a common open licence. The Controller invites public sector bodies owning their own copyright and database rights to permit the use of their Information under this licence. -The Controller of HMSO has authority to license Information subject to copyright and database right owned by the Crown. The extent of the Controller’s offer to license this Information under the terms of this licence is set out in the UK Government Licensing Framework. +The Controller of HMSO has authority to license Information subject to copyright and database right owned by the Crown. The extent of the Controller’s offer to license this Information under the terms of this licence is set out in the UK Government Licensing Framework. This is version 1.0 of the Open Government Licence. The Controller of HMSO may, from time to time, issue new versions of the Open Government Licence. However, you may continue to use Information licensed under this version should you wish to do so. These terms have been aligned to be interoperable with any Creative Commons Attribution Licence, which covers copyright, and Open Data Commons Attribution License, which covers database rights and applicable copyrights. -Further context, best practice and guidance can be found in the UK Government Licensing Framework section on The National Archives website. +Further context, best practice and guidance can be found in the UK Government Licensing Framework section on The National Archives website. diff --git a/src/main/resources/licenses/OLFL-1.3.txt b/src/main/resources/licenses/OLFL-1.3.txt new file mode 100644 index 0000000000..77ffc8dc07 --- /dev/null +++ b/src/main/resources/licenses/OLFL-1.3.txt @@ -0,0 +1,220 @@ +Open Logistics Foundation License +Version 1.3, January 2023 +https://www.openlogisticsfoundation.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION AND DISTRIBUTION + +§1 Definitions + +(1) "Subject Matter of the License" shall mean the works of software components +in Source or Object form as well as any other components protected under +copyright, design and/or patent law which are made available under this License. + +(2) "License" shall mean the terms and conditions for the use, reproduction and +distribution of the Subject Matter of the License in accordance with the +provisions of this document. + +(3) "Licensor(s)" shall mean the copyright holder(s) or the entity authorized by +law or contract by the copyright holder(s) to grant the License. + +(4) "You" (or "Your") shall mean a natural or legal person exercising the +permissions granted by this License. + +(5) "Source" form shall mean the preferred form for making modifications, +including but not limited to software source code, documentation source, and +configuration files. + +(6) "Object" form shall mean any form resulting from mechanical transformation +or translation of a Source form, including but not limited to compiled object +code, generated documentation, and conversions to other media types. + +(7) "Derivative Works" shall mean any work, whether in Source or Object form or +any other form, that is based on (or derived from) the Subject Matter of the +License and for which the editorial revisions, annotations, elaborations, or +other modifications represent, as a whole, an original work of authorship. For +the purposes of this License, Derivative Works shall not include works that +remain separable from, or merely link (or bind by name) to the interfaces of, +the Subject Matter of the License and Derivative Works thereof. + +(8) "Contribution" shall mean any proprietary work, including the original +version of the Subject Matter of the License and any changes or additions to +such work, or Derivative Works of such work, that the rights holder, or a +natural or legal person authorized to make submissions, intentionally submits to +a Licensor to be incorporated into the Subject Matter of the License. For the +purposes of this definition, "submit" shall mean any form of electronic or +written communication which is sent to a Licensor or its representatives for the +purpose of discussing or improving the Subject Matter of the License, including +but not limited to communications sent via electronic mailing lists, source code +control systems and issue tracking systems; however, communications that are +clearly marked by the copyright holder as "not a contribution" or otherwise +identified as such in writing are excluded. + +(9) "Contributor" shall mean the Licensor(s) and/or any natural or legal person +on whose behalf the Licensor(s) receive(s) any Contribution subsequently +incorporated into the Subject Matter of the License. + +§2 Grant of usage rights + +Subject to the terms and conditions of this License and compliance with the +provisions of this License, You are hereby granted by each Contributor, insofar +as applicable to the respective Subject Matter of the License the + +- royalty-free and non-exclusive, +- sub-licensable for commercial and non-commercial purposes, +- worldwide and perpetual, +- irrevocable and non-terminable + +right to reproduce, prepare Derivative Works of, publicly display, publicly +perform, and distribute the Subject Matter of the License and such Derivative +Works in any form. This right of use includes but is not limited to the right + +- to use the Subject Matter of the License in any hardware and software + environment (with regard to the software and data components), in particular + to store or load it permanently or temporarily, to display it and run it, + including to the extent reproductions are necessary to that end, +- to otherwise modify, interpret, edit or redesign it, +- to store, reproduce, exhibit, publish, distribute it in tangible or intangible + form, on any medium or in any other way, for commercial and non-commercial + purposes, in particular to communicate it privately or publicly, including via + image, audio and other information carriers, irrespective of whether by wire + or wireless means, +- to use it in databases, data networks and online services, including the right + to make the software and data components of the Subject Matter of the License + available in Source or Object form to users of the aforementioned databases, + networks and online services for research and retrieval purposes, +- to allow third parties to use or operate it, +- to use it for own purposes but also to provide services to third parties, +- to distribute it + +in its original or modified, interpreted, edited or redesigned form. + +The foregoing right of use relates to the Subject Matter of the License, in +particular to its Source and Object form of software components (including +design rights, where applicable). + +§3 Grant of patent license + +Subject to the terms and conditions of this License and compliance with the +provisions of this License, You are hereby granted by each Contributor a +- royalty-free and non-exclusive, +- worldwide and perpetual, +- irrevocable (with the exception of the restrictions set out in this Section 3) + +patent license in all rights deriving from the patents, owned and licensable by +the Contributor at the time of the submission of the Contribution, to + +- produce, +- have produced, +- use, +- offer for sale, +- sell, +- import and otherwise transfer + +the Subject Matter of the License. + +However, said patent license shall cover only those rights deriving from the +patents of the respective Contributors which are indispensable in order not to +infringe that patent and only to the extent that the use of the Contributor’s +respective Contributions, whether alone or in combination with other +Contributions of the Contributors or any third parties together with the Subject +Matter of the License for which these Contributions were submitted, would +otherwise infringe that patent. The grant of license shall not include rights +deriving from the patents which may in future become necessary for their lawful +use due to subsequent modifications to the Subject Matter or Contributions made +by third parties after the original submission. + +In the event that You institute patent litigation against any entity or person +(including a counterclaim or countersuit in a legal action), alleging that the +Subject Matter of the License or a Contribution incorporated or contained +therein constitutes patent infringement or indirect infringement, all patent +licenses which have been granted to You under this License for the Subject +Matter of the License as well as this License itself shall be deemed terminated +as of the date on which the action is filed. + +§4 Distribution + +You may reproduce and distribute copies of the Subject Matter of the License or +Derivative Works on any medium, with or without modifications (with regard to +software components in Source or Object form), provided that You comply with +the following rules: + +- You must provide all other recipients of the Subject Matter of the License or + of Derivative Works with a copy of this License and inform them that the + Subject Matter of the License was originally licensed under this License. +- You must ensure that modified files contain prominent notices indicating that + You have modified the files. +- You must retain all copyright, patent, trademark and attribution notices in + the Subject Matter of the License in the Source form of any Derivative Works + You distribute, with the exception of those notices that do not pertain to any + part of the Derivative Works. + +You may add Your own copyright notices to Your modifications and state any +additional or different license conditions and conditions for the use, +reproduction or distribution of Your modifications or for those Derivative Works +as a whole, provided that Your use, reproduction and distribution of the work +complies with the terms and conditions set out in this License in all other +respects. + +§5 Submission of Contributions + +Unless expressly stated otherwise, every Contribution that You have +intentionally submitted for inclusion in the Subject Matter of the License is +subject to this License without any additional terms or conditions applying. +Irrespective of the above, none of the terms or conditions contained herein may +be interpreted to supersede or modify the terms or conditions of any separate +licensing agreement that You may have concluded with a Licensor for such +Contributions, such as a so-called "Contributor License Agreement" (CLA). + +§6 Trademarks + +This License does not grant permission to use the trade names, trademarks, +service marks or product names of the Licensor(s) or of a Contributor. + +§7 Limited warranty + +This License is granted free of charge and thus constitutes a gift. Accordingly, +any warranty is excluded. The Subject Matter of the License is a work in +progress; it is constantly being improved by countless Contributors. The Subject +Matter of the License is not complete and may therefore contain errors ("bugs") +or additional patents of Contributors or third parties, as is inherent in this +type of development. + +§8 Limitation of liability + +Except in cases of intentional and grossly negligent conduct, the Contributors, +their legal representatives, trustees, officers and employees shall not be +liable for direct or indirect, material or immaterial loss or damage of any kind +arising from the License or the use of the Subject Matter of the License; this +applies, among other things, but not exclusively, to loss of goodwill, loss of +production, computer failures or errors, loss of data or economic loss or +damage, even if the Contributor has been notified of the possibility of such +loss or damage. Irrespective of the above, the Licensor shall only be liable +within the scope of statutory product liability to the extent that the +respective provisions are applicable to the Subject Matter of the License or the +Contribution. + +Except in cases of intentional conduct, the Contributors, their legal +representatives, trustees, officers and employees shall not be liable for any +infringement of third-party patent or intellectual property rights arising from +the Contributions nor do they warrant that the Contributions are accurate, +devoid of mistakes, complete and/or fit for any particular purpose. + +§9 Provision of warranties or assumption of additional liability in the event of +distribution of the Subject Matter of the License + +In the event of distribution of the Subject Matter of the License or Derivative +Works, You are free to accept support, warranty, indemnity or other liability +obligations and/or rights consistent with this License and to charge a fee in +return. However, in accepting such obligations, You may act only on Your own +behalf and on Your sole responsibility, not on behalf of any other Contributor, +and You hereby agree to indemnify, defend, and hold each Contributor harmless +for any liability incurred by, or claims asserted against, such Contributor by +reason of Your accepting any such warranty or additional liability. + +§10 Applicable law + +This License is governed by German law, excluding its conflict of laws +provisions and the provisions of the UN Convention on Contracts for the +International Sale of Goods (CISG). + +END OF TERMS AND CONDITIONS diff --git a/src/main/resources/licenses/OPL-UK-3.0.txt b/src/main/resources/licenses/OPL-UK-3.0.txt new file mode 100644 index 0000000000..ee8ca4dd81 --- /dev/null +++ b/src/main/resources/licenses/OPL-UK-3.0.txt @@ -0,0 +1,114 @@ +United Kingdom Open Parliament Licence v3.0 + +Open Parliament Licence + +You are encouraged to use and re-use the information that +is available under this licence freely and flexibly, with +only a few conditions. Using information under this licence + +Use of copyright and database right material made +available under this licence (the ‘information’) indicates +your acceptance of the terms and conditions below. + +The Licensor grants you a worldwide, royalty-free, +perpetual, non-exclusive licence to use the +information subject to the conditions below. + +This licence does not affect your freedom under +fair dealing or fair use or any other copyright +or database right exceptions and limitations. + +You are free to: + * copy, publish, distribute and transmit the information + * adapt the information + * exploit the information commercially and non-commercially, + for example, by combining it with other information, + or by including it in your own product or application + +You must (where you do any of the above): + * acknowledge the source of the information in your + product or application by including the following + attribution statement and, where possible, provide a + link to this licence: Contains Parliamentary information + licensed under the Open Parliament Licence v3.0. + +These are important conditions of this licence and +if you fail to comply with them the rights granted to +you under this licence, or any similar licence granted +by the Licensor, will end automatically. + +Exemptions + +This licence does not cover the use of: + * personal data in the information; + * information that has neither been published nor disclosed + under information access legislation (including the + Freedom of Information Acts for the UK and Scotland) by or + with the consent of the Licensor; + * the Royal Arms and the Crowned Portcullis; + * third party rights the Licensor is not authorised to license; + * information subject to other intellectual property rights, + including patents, trademarks, and design rights + +Non-endorsment + +This licence does not grant you any right to use the +information in a way that suggests any official status or +that the Licensor endorses you or your use of the Information. + +No warranty + +The information is licensed ‘as is’ and the +Licensor excludes all representations, warranties, +obligations and liabilities in relation to the +information to the maximum extent permitted by law. +The Licensor is not liable for any errors or omissions in +the information and shall not be liable for any loss, injury +or damage of any kind caused by its use. The Licensor does +not guarantee the continued supply of the information. + +Governing law + +This licence is governed by the laws of England and Wales. + +Definitions + +In this licence, the terms below have the following meanings: + +‘Information’ means information protected by copyright +or by database right (for example, literary and +artistic works, content, data and source code) +offered for use under the terms of this licence. + +‘Information Provider’ means either House of Parliament. + +‘Licensor’ means— +(a) in relation to copyright, the Speaker of the House of +Commons and the Clerk of the Parliaments representing +the House of Commons and House of Lords respectively, and +(b) in relation to database right, the Corporate +Officer of the House of Commons and the Corporate +Officer of the House of Lords respectively. + +‘Use’ means doing any act which is restricted by copyright +or database right, whether in the original medium or in any +other medium, and includes without limitation distributing, +copying, adapting and modifying as may be technically +necessary to use it in a different mode or format. + +‘You’ means the natural or legal person, or body of persons +corporate or incorporate, acquiring rights under this licence. + +About the Open Parliament Licence + +This is version 3.0 of the Open Parliament Licence. The +Licensor may, from time to time, issue new versions of the +Open Parliament Licence. However, you may continue to use +information licensed under this version should you wish to do so. + +The information licensed under the Open Parliament +Licence includes Parliamentary information in which +Crown copyright subsists. Further context, best practice +and guidance relating to the re-use of public sector +information can be found in the UK Government Licensing +Framework section on The National Archives website. diff --git a/src/main/resources/licenses/OSET-PL-2.1.txt b/src/main/resources/licenses/OSET-PL-2.1.txt index 15f0c7758c..e0ed2e1398 100644 --- a/src/main/resources/licenses/OSET-PL-2.1.txt +++ b/src/main/resources/licenses/OSET-PL-2.1.txt @@ -100,7 +100,8 @@ If it is impossible for You to comply with any of the terms of this License with 5.1 Failure to Comply The rights granted under this License will terminate automatically if You fail to comply with any of its terms. However, if You become compliant, then the rights granted under this License from a particular Contributor are reinstated (a) provisionally, unless and until such Contributor explicitly and finally terminates Your grants, and (b) on an ongoing basis, if such Contributor fails to notify You of the non-compliance by some reasonable means prior to 60-days after You have come back into compliance. Moreover, Your grants from a particular Contributor are reinstated on an ongoing basis if such Contributor notifies You of the non-compliance by some reasonable means, this is the first time You have received notice of non-compliance with this License from such Contributor, and You become compliant prior to 30-days after Your receipt of the notice. - 5.2 Patent Infringement Claims
 If You initiate litigation against any entity by asserting a patent infringement claim (excluding declaratory judgment actions, counter-claims, and cross-claims) alleging that a Contributor Version directly or indirectly infringes any patent, then the rights granted to You by any and all Contributors for the Covered Software under Section 2.1 of this License shall terminate. + 5.2 Patent Infringement Claims + If You initiate litigation against any entity by asserting a patent infringement claim (excluding declaratory judgment actions, counter-claims, and cross-claims) alleging that a Contributor Version directly or indirectly infringes any patent, then the rights granted to You by any and all Contributors for the Covered Software under Section 2.1 of this License shall terminate. 5.3 Additional Compliance Terms Notwithstanding the foregoing in this Section 5, for purposes of this Section, if You breach Section 3.1 (Distribution of Source Form), Section 3.2 (Distribution of Executable Form), Section 3.3 (Distribution of a Larger Work), or Section 3.4 (Notices), then becoming compliant as described in Section 5.1 must also include, no later than 30 days after receipt by You of notice of such violation by a Contributor, making the Covered Software available in Source Code Form as required by this License on a publicly available computer network for a period of no less than three (3) years. diff --git a/src/main/resources/licenses/OpenJDK-assembly-exception-1.0.txt b/src/main/resources/licenses/OpenJDK-assembly-exception-1.0.txt new file mode 100644 index 0000000000..3a35f11ed2 --- /dev/null +++ b/src/main/resources/licenses/OpenJDK-assembly-exception-1.0.txt @@ -0,0 +1,31 @@ +The OpenJDK source code made available by Oracle America, Inc. +(Oracle) at openjdk.java.net ("OpenJDK Code") is distributed +under the terms of the GNU General Public License + version 2 only +("GPL2"), with the following clarification and special +exception. + +Linking this OpenJDK Code statically or dynamically with +other code is making a combined work based on this +library. Thus, the terms and conditions of GPL2 cover the +whole combination. + +As a special exception, Oracle gives you permission to +link this OpenJDK Code with certain code licensed by +Oracle as indicated at +http://openjdk.java.net/legal/exception-modules-2007-05-08.html +("Designated Exception Modules") to produce an +executable, regardless of the license terms of the +Designated Exception Modules, and to copy and distribute +the resulting executable under GPL2, provided that the +Designated Exception Modules continue to be governed by +the licenses under which they were offered by Oracle. + +As such, it allows licensees and sublicensees of Oracle's GPL2 +OpenJDK Code to build an executable that includes those +portions of necessary code that Oracle could not provide under +GPL2 (or that Oracle has provided under GPL2 with the Classpath +exception). If you modify or add to the OpenJDK code, that new +GPL2 code may still be combined with Designated Exception +Modules if the new code is made subject to this exception by +its copyright holder. diff --git a/src/main/resources/licenses/OpenPBS-2.3.txt b/src/main/resources/licenses/OpenPBS-2.3.txt new file mode 100644 index 0000000000..61f52c2202 --- /dev/null +++ b/src/main/resources/licenses/OpenPBS-2.3.txt @@ -0,0 +1,76 @@ + + OpenPBS (Portable Batch System) v2.3 Software License + +Copyright (c) 1999-2000 Veridian Information Solutions, Inc. +All rights reserved. + +--------------------------------------------------------------------------- +For a license to use or redistribute the OpenPBS software under conditions +other than those described below, or to purchase support for this software, +please contact Veridian Systems, PBS Products Department ("Licensor") at: + + www.OpenPBS.org +1 650 967-4675 sales@OpenPBS.org + 877 902-4PBS (US toll-free) +--------------------------------------------------------------------------- + +This license covers use of the OpenPBS v2.3 software (the "Software") at +your site or location, and, for certain users, redistribution of the +Software to other sites and locations. Use and redistribution of +OpenPBS v2.3 in source and binary forms, with or without modification, +are permitted provided that all of the following conditions are met. +After December 31, 2001, only conditions 3-6 must be met: + +1. Commercial and/or non-commercial use of the Software is permitted + provided a current software registration is on file at www.OpenPBS.org. + If use of this software contributes to a publication, product, or + service, proper attribution must be given; see www.OpenPBS.org/credit.html + +2. Redistribution in any form is only permitted for non-commercial, + non-profit purposes. There can be no charge for the Software or any + software incorporating the Software. Further, there can be no + expectation of revenue generated as a consequence of redistributing + the Software. + +3. Any Redistribution of source code must retain the above copyright notice + and the acknowledgment contained in paragraph 6, this list of conditions + and the disclaimer contained in paragraph 7. + +4. Any Redistribution in binary form must reproduce the above copyright + notice and the acknowledgment contained in paragraph 6, this list of + conditions and the disclaimer contained in paragraph 7 in the + documentation and/or other materials provided with the distribution. + +5. Redistributions in any form must be accompanied by information on how to + obtain complete source code for the OpenPBS software and any + modifications and/or additions to the OpenPBS software. The source code + must either be included in the distribution or be available for no more + than the cost of distribution plus a nominal fee, and all modifications + and additions to the Software must be freely redistributable by any party + (including Licensor) without restriction. + +6. All advertising materials mentioning features or use of the Software must + display the following acknowledgment: + + "This product includes software developed by NASA Ames Research Center, + Lawrence Livermore National Laboratory, and Veridian Information Solutions, + Inc. Visit www.OpenPBS.org for OpenPBS software support, + products, and information." + +7. DISCLAIMER OF WARRANTY + +THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. ANY EXPRESS +OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT +ARE EXPRESSLY DISCLAIMED. + +IN NO EVENT SHALL VERIDIAN CORPORATION, ITS AFFILIATED COMPANIES, OR THE +U.S. GOVERNMENT OR ANY OF ITS AGENCIES BE LIABLE FOR ANY DIRECT OR INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, +OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +This license will be governed by the laws of the Commonwealth of Virginia, +without reference to its choice of law rules. diff --git a/src/main/resources/licenses/OpenSSL-standalone.txt b/src/main/resources/licenses/OpenSSL-standalone.txt new file mode 100644 index 0000000000..82b14c736d --- /dev/null +++ b/src/main/resources/licenses/OpenSSL-standalone.txt @@ -0,0 +1,50 @@ +Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + 3. All advertising materials mentioning features or use of this + software must display the following acknowledgment: + "This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + + 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + endorse or promote products derived from this software without + prior written permission. For written permission, please contact + openssl-core@openssl.org. + + 5. Products derived from this software may not be called "OpenSSL" + nor may "OpenSSL" appear in their names without prior written + permission of the OpenSSL Project. + + 6. Redistributions of any form whatsoever must retain the following + acknowledgment: + "This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit (http://www.openssl.org/)" + + THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + ==================================================================== + + This product includes cryptographic software written by Eric Young + (eay@cryptsoft.com). This product includes software written by Tim + Hudson (tjh@cryptsoft.com). diff --git a/src/main/resources/licenses/OpenVision.txt b/src/main/resources/licenses/OpenVision.txt new file mode 100644 index 0000000000..983505389e --- /dev/null +++ b/src/main/resources/licenses/OpenVision.txt @@ -0,0 +1,33 @@ +Copyright, OpenVision Technologies, Inc., 1993-1996, All Rights +Reserved + +WARNING: Retrieving the OpenVision Kerberos Administration system +source code, as described below, indicates your acceptance of the +following terms. If you do not agree to the following terms, do +not retrieve the OpenVision Kerberos administration system. + +You may freely use and distribute the Source Code and Object Code +compiled from it, with or without modification, but this Source +Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY, +INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR +FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER +EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY +FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR +CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, +WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE +CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY +OTHER REASON. + +OpenVision retains all copyrights in the donated Source Code. +OpenVision also retains copyright to derivative works of the Source +Code, whether created by OpenVision or by a third party. The +OpenVision copyright notice must be preserved if derivative works +are made based on the donated Source Code. + +OpenVision Technologies, Inc. has donated this Kerberos +Administration system to MIT for inclusion in the standard Kerberos +5 distribution. This donation underscores our commitment to +continuing Kerberos technology development and our gratitude for +the valuable work which has been performed by MIT and the Kerberos +community. diff --git a/src/main/resources/licenses/PADL.txt b/src/main/resources/licenses/PADL.txt new file mode 100644 index 0000000000..84ba0b4db9 --- /dev/null +++ b/src/main/resources/licenses/PADL.txt @@ -0,0 +1,6 @@ +Portions (C) Copyright PADL Software Pty Ltd. 1999 + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that this notice is preserved +and that due credit is given to PADL Software Pty Ltd. This software +is provided ``as is'' without express or implied warranty. diff --git a/src/main/resources/licenses/PCRE2-exception.txt b/src/main/resources/licenses/PCRE2-exception.txt new file mode 100644 index 0000000000..eb7fd11767 --- /dev/null +++ b/src/main/resources/licenses/PCRE2-exception.txt @@ -0,0 +1,8 @@ +EXEMPTION FOR BINARY LIBRARY-LIKE PACKAGES +------------------------------------------ + +The second condition in the BSD licence (covering binary redistributions) does +not apply all the way down a chain of software. If binary package A includes +PCRE2, it must respect the condition, but if package B is software that +includes package A, the condition is not imposed on package B unless it uses +PCRE2 independently. diff --git a/src/main/resources/licenses/PPL.txt b/src/main/resources/licenses/PPL.txt new file mode 100644 index 0000000000..013303699e --- /dev/null +++ b/src/main/resources/licenses/PPL.txt @@ -0,0 +1,96 @@ +Peer Production License + +Created by John Magyar, B.A., J.D. and Dmytri Kleiner, the following Peer Production License, a model for a Copyfarleft license, has been derived from the Creative Commons ‘Attribution-NonCommercial-ShareAlike' license available at http://creativecommons.org/licenses/by-nc-sa/3.0/legalcode. + +LICENSE + +THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS COPYFARLEFT PUBLIC LICENSE ("LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND ALL OTHER APPLICABLE LAWS. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED IN THIS LICENSE, YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN AS CONSIDERATION FOR ACCEPTING THE TERMS AND CONDITIONS OF THIS LICENSE AND FOR AGREEING TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS LICENSE. + +1. DEFINITIONS + + a. "Adaptation" means a work based upon the Work, or upon the Work and other pre-existing works, such as a translation, adaptation, derivative work, arrangement of music or other alterations of a literary or artistic work, or phonogram or performance and includes cinematographic adaptations or any other form in which the Work may be recast, transformed, or adapted including in any form recognizably derived from the original, except that a work that constitutes a Collection will not be considered an Adaptation for the purpose of this License. For the avoidance of doubt, where the Work is a musical work, performance or phonogram, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered an Adaptation for the purpose of this License. + + b. "Collection" means a collection of literary or artistic works, such as encyclopedias and anthologies, or performances, phonograms or broadcasts, or other works or subject matter other than works listed in Section 1(f) below, which, by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. A work that constitutes a Collection will not be considered an Adaptation (as defined above) for the purposes of this License. + + c. "Distribute" means to make available to the public the original and copies of the Work or Adaptation, as appropriate, through sale, gift or any other transfer of possession or ownership. + + d. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License. + + e. "Original Author" means, in the case of a literary or artistic work, the individual, individuals, entity or entities who created the Work or if no individual or entity can be identified, the publisher; and in addition (i) in the case of a performance the actors, singers, musicians, dancers, and other persons who act, sing, deliver, declaim, play in, interpret or otherwise perform literary or artistic works or expressions of folklore; (ii) in the case of a phonogram the producer being the person or legal entity who first fixes the sounds of a performance or other sounds; and, (iii) in the case of broadcasts, the organization that transmits the broadcast. + + f. "Work" means the literary and/or artistic work offered under the terms of this License including without limitation any production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression including digital form, such as a book, pamphlet and other writing; a lecture, address, sermon or other work of the same nature; a dramatic or dramatico-musical work; a choreographic work or entertainment in dumb show; a musical composition with or without words; a cinematographic work to which are assimilated works expressed by a process analogous to cinematography; a work of drawing, painting, architecture, sculpture, engraving or lithography; a photographic work to which are assimilated works expressed by a process analogous to photography; a work of applied art; an illustration, map, plan, sketch or three-dimensional work relative to geography, topography, architecture or science; a performance; a broadcast; a phonogram; a compilation of data to the extent it is protected as a copyrightable work; or a work performed by a variety or circus performer to the extent it is not otherwise considered a literary or artistic work. + + g. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation. + + h. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images. + + i. "Reproduce" means to make copies of the Work by any means including without limitation by sound or visual recordings and the right of fixation and reproducing fixations of the Work, including storage of a protected performance or phonogram in digital form or other electronic medium. + +2. FAIR DEALING RIGHTS +Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws. + +3. LICENSE GRANT +Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below: + + a. to Reproduce the Work, to incorporate the Work into one or more Collections, and to Reproduce the Work as incorporated in the Collections; + + b. to create and Reproduce Adaptations provided that any such Adaptation, including any translation in any medium, takes reasonable steps to clearly label, demarcate or otherwise identify that changes were made to the original Work. For example, a translation could be marked "The original work was translated from English to Spanish," or a modification could indicate "The original work has been modified."; + + c. to Distribute and Publicly Perform the Work including as incorporated in Collections; and, + + d. to Distribute and Publicly Perform Adaptations. The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. Subject to Section 8(f), all rights not expressly granted by Licensor are hereby reserved, including but not limited to the rights set forth in Section 4(f). + +4. RESTRICTIONS +The license granted in Section 3 above is expressly made subject to and limited by the following restrictions: + + a. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from any Licensor You must, to the extent practicable, remove from the Collection any credit as required by Section 4(d), as requested. If You create an Adaptation, upon notice from any Licensor You must, to the extent practicable, remove from the Adaptation any credit as required by Section 4(d), as requested. + + b. Subject to the exception in Section 4(c), you may not exercise any of the rights granted to You in Section 3 above in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation. The exchange of the Work for other copyrighted works by means of digital file-sharing or otherwise shall not be considered to be intended for or directed toward commercial advantage or private monetary compensation, provided there is no payment of any monetary compensation in connection with the exchange of copyrighted works. + + c. You may exercise the rights granted in Section 3 for commercial purposes only if: + + i. You are a worker-owned business or worker-owned collective; and + + ii. all financial gain, surplus, profits and benefits produced by the business or collective are distributed among the worker-owners + + d. Any use by a business that is privately owned and managed, and that seeks to generate profit from the labor of employees paid by salary or other wages, is not permitted under this license. + + e. If You Distribute, or Publicly Perform the Work or any Adaptations or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or if the Original Author and/or Licensor designate another party or parties (e.g., a sponsor institute, publishing entity, journal) for attribution ("Attribution Parties") in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work; and, (iv) consistent with Section 3(b), in the case of an Adaptation, a credit identifying the use of the Work in the Adaptation (e.g., "French translation of the Work by Original Author," or "Screenplay based on original Work by Original Author"). The credit required by this Section 4(d) may be implemented in any reasonable manner; provided, however, that in the case of a Adaptation or Collection, at a minimum such credit will appear, if a credit for all contributing authors of the Adaptation or Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties. + + f. For the avoidance of doubt: + + i. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; + + ii. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License if Your exercise of such rights is for a purpose or use which is otherwise than noncommercial as permitted under Section 4(b) and otherwise waives the right to collect royalties through any statutory or compulsory licensing scheme; and, + + iii.Voluntary License Schemes. The Licensor reserves the right to collect royalties, whether individually or, in the event that the Licensor is a member of a collecting society that administers voluntary licensing schemes, via that society, from any exercise by You of the rights granted under this License that is for a purpose or use which is otherwise than noncommercial as permitted under Section 4(b). + + g. Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable law, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author's honor or reputation. Licensor agrees that in those jurisdictions (e.g. Japan), in which any exercise of the right granted in Section 3(b) of this License (the right to make Adaptations) would be deemed to be a distortion, mutilation, modification or other derogatory action prejudicial to the Original Author's honor and reputation, the Licensor will waive or not assert, as appropriate, this Section, to the fullest extent permitted by the applicable national law, to enable You to reasonably exercise Your right under Section 3(b) of this License (right to make Adaptations) but not otherwise. + +5. REPRESENTATIONS, WARRANTIES AND DISCLAIMER + +UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. + +6. LIMITATION ON LIABILITY + +EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +7. TERMINATION + + a. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Adaptations or Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License. + + b. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above. + +8. MISCELLANEOUS + + a. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License. + + b. Each time You Distribute or Publicly Perform an Adaptation, Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License. + + c. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. + + d. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent. + + e. This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You. + + f. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). These rights and subject matter take effect in the relevant jurisdiction in which the License terms are sought to be enforced according to the corresponding provisions of the implementation of those treaty provisions in the applicable national law. If the standard suite of rights granted under applicable copyright law includes additional rights not granted under this License, such additional rights are deemed to be included in the License; this License is not intended to restrict the license of any rights under applicable law. diff --git a/src/main/resources/licenses/PS-or-PDF-font-exception-20170817.txt b/src/main/resources/licenses/PS-or-PDF-font-exception-20170817.txt new file mode 100644 index 0000000000..cf22439fff --- /dev/null +++ b/src/main/resources/licenses/PS-or-PDF-font-exception-20170817.txt @@ -0,0 +1,8 @@ +The font and related files in this directory are distributed under the +GNU AFFERO GENERAL PUBLIC LICENSE Version 3 (see the file COPYING), with +the following exemption: + +As a special exception, permission is granted to include these font +programs in a Postscript or PDF file that consists of a document that +contains text to be displayed or printed using this font, regardless +of the conditions or license applying to the document itself. diff --git a/src/main/resources/licenses/Pixar.txt b/src/main/resources/licenses/Pixar.txt new file mode 100644 index 0000000000..c7533090bb --- /dev/null +++ b/src/main/resources/licenses/Pixar.txt @@ -0,0 +1,174 @@ + + Modified Apache 2.0 License + + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor + and its affiliates, except as required to comply with Section 4(c) of + the License and to reproduce the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. diff --git a/src/main/resources/licenses/Python-2.0.1.txt b/src/main/resources/licenses/Python-2.0.1.txt new file mode 100644 index 0000000000..22f32578d4 --- /dev/null +++ b/src/main/resources/licenses/Python-2.0.1.txt @@ -0,0 +1,193 @@ +PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2 +-------------------------------------------- + +1. This LICENSE AGREEMENT is between the Python Software Foundation +("PSF"), and the Individual or Organization ("Licensee") accessing and +otherwise using this software ("Python") in source or binary form and +its associated documentation. + +2. Subject to the terms and conditions of this License Agreement, PSF hereby +grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, +analyze, test, perform and/or display publicly, prepare derivative works, +distribute, and otherwise use Python alone or in any derivative version, +provided, however, that PSF's License Agreement and PSF's notice of copyright, +i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 Python Software Foundation; +All Rights Reserved" are retained in Python alone or in any derivative version +prepared by Licensee. + +3. In the event Licensee prepares a derivative work that is based on +or incorporates Python or any part thereof, and wants to make +the derivative work available to others as provided herein, then +Licensee hereby agrees to include in any such work a brief summary of +the changes made to Python. + +4. PSF is making Python available to Licensee on an "AS IS" +basis. PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR +IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND +DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS +FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT +INFRINGE ANY THIRD PARTY RIGHTS. + +5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON +FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS +A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON, +OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. + +6. This License Agreement will automatically terminate upon a material +breach of its terms and conditions. + +7. Nothing in this License Agreement shall be deemed to create any +relationship of agency, partnership, or joint venture between PSF and +Licensee. This License Agreement does not grant permission to use PSF +trademarks or trade name in a trademark sense to endorse or promote +products or services of Licensee, or any third party. + +8. By copying, installing or otherwise using Python, Licensee +agrees to be bound by the terms and conditions of this License +Agreement. + + +BEOPEN.COM LICENSE AGREEMENT FOR PYTHON 2.0 +------------------------------------------- + +BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1 + +1. This LICENSE AGREEMENT is between BeOpen.com ("BeOpen"), having an +office at 160 Saratoga Avenue, Santa Clara, CA 95051, and the +Individual or Organization ("Licensee") accessing and otherwise using +this software in source or binary form and its associated +documentation ("the Software"). + +2. Subject to the terms and conditions of this BeOpen Python License +Agreement, BeOpen hereby grants Licensee a non-exclusive, +royalty-free, world-wide license to reproduce, analyze, test, perform +and/or display publicly, prepare derivative works, distribute, and +otherwise use the Software alone or in any derivative version, +provided, however, that the BeOpen Python License is retained in the +Software, alone or in any derivative version prepared by Licensee. + +3. BeOpen is making the Software available to Licensee on an "AS IS" +basis. BEOPEN MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR +IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, BEOPEN MAKES NO AND +DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS +FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE SOFTWARE WILL NOT +INFRINGE ANY THIRD PARTY RIGHTS. + +4. BEOPEN SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF THE +SOFTWARE FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS +AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THE SOFTWARE, OR ANY +DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. + +5. This License Agreement will automatically terminate upon a material +breach of its terms and conditions. + +6. This License Agreement shall be governed by and interpreted in all +respects by the law of the State of California, excluding conflict of +law provisions. Nothing in this License Agreement shall be deemed to +create any relationship of agency, partnership, or joint venture +between BeOpen and Licensee. This License Agreement does not grant +permission to use BeOpen trademarks or trade names in a trademark +sense to endorse or promote products or services of Licensee, or any +third party. As an exception, the "BeOpen Python" logos available at +http://www.pythonlabs.com/logos.html may be used according to the +permissions granted on that web page. + +7. By copying, installing or otherwise using the software, Licensee +agrees to be bound by the terms and conditions of this License +Agreement. + + +CNRI LICENSE AGREEMENT FOR PYTHON 1.6.1 +--------------------------------------- + +1. This LICENSE AGREEMENT is between the Corporation for National +Research Initiatives, having an office at 1895 Preston White Drive, +Reston, VA 20191 ("CNRI"), and the Individual or Organization +("Licensee") accessing and otherwise using Python 1.6.1 software in +source or binary form and its associated documentation. + +2. Subject to the terms and conditions of this License Agreement, CNRI +hereby grants Licensee a nonexclusive, royalty-free, world-wide +license to reproduce, analyze, test, perform and/or display publicly, +prepare derivative works, distribute, and otherwise use Python 1.6.1 +alone or in any derivative version, provided, however, that CNRI's +License Agreement and CNRI's notice of copyright, i.e., "Copyright (c) +1995-2001 Corporation for National Research Initiatives; All Rights +Reserved" are retained in Python 1.6.1 alone or in any derivative +version prepared by Licensee. Alternately, in lieu of CNRI's License +Agreement, Licensee may substitute the following text (omitting the +quotes): "Python 1.6.1 is made available subject to the terms and +conditions in CNRI's License Agreement. This Agreement together with +Python 1.6.1 may be located on the internet using the following +unique, persistent identifier (known as a handle): 1895.22/1013. This +Agreement may also be obtained from a proxy server on the internet +using the following URL: http://hdl.handle.net/1895.22/1013". + +3. In the event Licensee prepares a derivative work that is based on +or incorporates Python 1.6.1 or any part thereof, and wants to make +the derivative work available to others as provided herein, then +Licensee hereby agrees to include in any such work a brief summary of +the changes made to Python 1.6.1. + +4. CNRI is making Python 1.6.1 available to Licensee on an "AS IS" +basis. CNRI MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR +IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, CNRI MAKES NO AND +DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS +FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON 1.6.1 WILL NOT +INFRINGE ANY THIRD PARTY RIGHTS. + +5. CNRI SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON +1.6.1 FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS +A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON 1.6.1, +OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. + +6. This License Agreement will automatically terminate upon a material +breach of its terms and conditions. + +7. This License Agreement shall be governed by the federal +intellectual property law of the United States, including without +limitation the federal copyright law, and, to the extent such +U.S. federal law does not apply, by the law of the Commonwealth of +Virginia, excluding Virginia's conflict of law provisions. +Notwithstanding the foregoing, with regard to derivative works based +on Python 1.6.1 that incorporate non-separable material that was +previously distributed under the GNU General Public License (GPL), the +law of the Commonwealth of Virginia shall govern this License +Agreement only as to issues arising under or with respect to +Paragraphs 4, 5, and 7 of this License Agreement. Nothing in this +License Agreement shall be deemed to create any relationship of +agency, partnership, or joint venture between CNRI and Licensee. This +License Agreement does not grant permission to use CNRI trademarks or +trade name in a trademark sense to endorse or promote products or +services of Licensee, or any third party. + +8. By clicking on the "ACCEPT" button where indicated, or by copying, +installing or otherwise using Python 1.6.1, Licensee agrees to be +bound by the terms and conditions of this License Agreement. + + ACCEPT + + +CWI LICENSE AGREEMENT FOR PYTHON 0.9.0 THROUGH 1.2 +-------------------------------------------------- + +Copyright (c) 1991 - 1995, Stichting Mathematisch Centrum Amsterdam, +The Netherlands. All rights reserved. + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, +provided that the above copyright notice appear in all copies and that +both that copyright notice and this permission notice appear in +supporting documentation, and that the name of Stichting Mathematisch +Centrum or CWI not be used in advertising or publicity pertaining to +distribution of the software without specific, written prior +permission. + +STICHTING MATHEMATISCH CENTRUM DISCLAIMS ALL WARRANTIES WITH REGARD TO +THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS, IN NO EVENT SHALL STICHTING MATHEMATISCH CENTRUM BE LIABLE +FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/src/main/resources/licenses/QPL-1.0-INRIA-2004-exception.txt b/src/main/resources/licenses/QPL-1.0-INRIA-2004-exception.txt new file mode 100644 index 0000000000..2418a26377 --- /dev/null +++ b/src/main/resources/licenses/QPL-1.0-INRIA-2004-exception.txt @@ -0,0 +1,5 @@ +As a special exception to the Q Public Licence, you may develop +application programs, reusable components and other software items +that link with the original or modified versions of the Software +and are not made available to the general public, without any of the +additional requirements listed in clause 6c of the Q Public licence. diff --git a/src/main/resources/licenses/QPL-1.0-INRIA-2004.txt b/src/main/resources/licenses/QPL-1.0-INRIA-2004.txt new file mode 100644 index 0000000000..45d946e2e2 --- /dev/null +++ b/src/main/resources/licenses/QPL-1.0-INRIA-2004.txt @@ -0,0 +1,102 @@ + THE Q PUBLIC LICENSE version 1.0 + + Copyright (C) 1999 Troll Tech AS, Norway. + Everyone is permitted to copy and + distribute this license document. + +The intent of this license is to establish freedom to share and change +the software regulated by this license under the open source model. + +This license applies to any software containing a notice placed by the +copyright holder saying that it may be distributed under the terms of +the Q Public License version 1.0. Such software is herein referred to +as the Software. This license covers modification and distribution of +the Software, use of third-party application programs based on the +Software, and development of free software which uses the Software. + + Granted Rights + +1. You are granted the non-exclusive rights set forth in this license +provided you agree to and comply with any and all conditions in this +license. Whole or partial distribution of the Software, or software +items that link with the Software, in any form signifies acceptance of +this license. + +2. You may copy and distribute the Software in unmodified form +provided that the entire package, including - but not restricted to - +copyright, trademark notices and disclaimers, as released by the +initial developer of the Software, is distributed. + +3. You may make modifications to the Software and distribute your +modifications, in a form that is separate from the Software, such as +patches. The following restrictions apply to modifications: + + a. Modifications must not alter or remove any copyright notices + in the Software. + + b. When modifications to the Software are released under this + license, a non-exclusive royalty-free right is granted to the + initial developer of the Software to distribute your + modification in future versions of the Software provided such + versions remain available under these terms in addition to any + other license(s) of the initial developer. + +4. You may distribute machine-executable forms of the Software or +machine-executable forms of modified versions of the Software, +provided that you meet these restrictions: + + a. You must include this license document in the distribution. + + b. You must ensure that all recipients of the machine-executable + forms are also able to receive the complete machine-readable + source code to the distributed Software, including all + modifications, without any charge beyond the costs of data + transfer, and place prominent notices in the distribution + explaining this. + + c. You must ensure that all modifications included in the + machine-executable forms are available under the terms of this + license. + +5. You may use the original or modified versions of the Software to +compile, link and run application programs legally developed by you or +by others. + +6. You may develop application programs, reusable components and other +software items that link with the original or modified versions of the +Software. These items, when distributed, are subject to the following +requirements: + + a. You must ensure that all recipients of machine-executable + forms of these items are also able to receive and use the + complete machine-readable source code to the items without any + charge beyond the costs of data transfer. + + b. You must explicitly license all recipients of your items to + use and re-distribute original and modified versions of the + items in both machine-executable and source code forms. The + recipients must be able to do so without any charges whatsoever, + and they must be able to re-distribute to anyone they choose. + + c. If the items are not available to the general public, and the + initial developer of the Software requests a copy of the items, + then you must supply one. + + Limitations of Liability + +In no event shall the initial developers or copyright holders be +liable for any damages whatsoever, including - but not restricted to - +lost revenue or profits or other direct, indirect, special, incidental +or consequential damages, even if they have been advised of the +possibility of such damages, except to the extent invariable law, if +any, provides otherwise. + + No Warranty + +The Software and this license document are provided AS IS with NO +WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + + Choice of Law + +This license is governed by the Laws of France. diff --git a/src/main/resources/licenses/Qt-GPL-exception-1.0.txt b/src/main/resources/licenses/Qt-GPL-exception-1.0.txt new file mode 100644 index 0000000000..761d0327a4 --- /dev/null +++ b/src/main/resources/licenses/Qt-GPL-exception-1.0.txt @@ -0,0 +1,21 @@ +The Qt Company GPL Exception 1.0 + +Exception 1: + +As a special exception you may create a larger work which contains the +output of this application and distribute that work under terms of your +choice, so long as the work is not otherwise derived from or based on +this application and so long as the work does not in itself generate +output that contains the output from this application in its original +or modified form. + +Exception 2: + +As a special exception, you have permission to combine this application +with Plugins licensed under the terms of your choice, to produce an +executable, and to copy and distribute the resulting executable under +the terms of your choice. However, the executable must be accompanied +by a prominent notice offering all users of the executable the entire +source code to this application, excluding the source code of the +independent modules, but including any changes you have made to this +application, under the terms of this license. diff --git a/src/main/resources/licenses/Qt-LGPL-exception-1.1.txt b/src/main/resources/licenses/Qt-LGPL-exception-1.1.txt new file mode 100644 index 0000000000..bd94b5538f --- /dev/null +++ b/src/main/resources/licenses/Qt-LGPL-exception-1.1.txt @@ -0,0 +1,22 @@ +The Qt Company Qt LGPL Exception version 1.1 + +As an additional permission to the GNU Lesser General Public License version +2.1, the object code form of a "work that uses the Library" may incorporate +material from a header file that is part of the Library. You may distribute +such object code under terms of your choice, provided that: + (i) the header files of the Library have not been modified; and + (ii) the incorporated material is limited to numerical parameters, data + structure layouts, accessors, macros, inline functions and + templates; and + (iii) you comply with the terms of Section 6 of the GNU Lesser General + Public License version 2.1. + +Moreover, you may apply this exception to a modified version of the Library, +provided that such modification does not involve copying material from the +Library into the modified Library's header files unless such material is +limited to (i) numerical parameters; (ii) data structure layouts; +(iii) accessors; and (iv) small macros, templates and inline functions of +five lines or less in length. + +Furthermore, you are not required to apply this additional permission to a +modified version of the Library. diff --git a/src/main/resources/licenses/Qwt-exception-1.0.txt b/src/main/resources/licenses/Qwt-exception-1.0.txt new file mode 100644 index 0000000000..b45cdd0b54 --- /dev/null +++ b/src/main/resources/licenses/Qwt-exception-1.0.txt @@ -0,0 +1,12 @@ +Qwt License Version 1.0, +January 1, 2003 + +The Qwt library and included programs are provided under the terms of the GNU LESSER GENERAL PUBLIC LICENSE (LGPL) with the following exceptions: + +1. Widgets that are subclassed from Qwt widgets do not constitute a derivative work. + +2. Static linking of applications and widgets to the Qwt library does not constitute a derivative work and does not require the author to provide source code for the application or widget, use the shared Qwt libraries, or link their applications or widgets against a user-supplied version of Qwt. If you link the application or widget to a modified version of Qwt, then the changes to Qwt must be provided under the terms of the LGPL in sections 1, 2, and 4. + +3. You do not have to provide a copy of the Qwt license with programs that are linked to the Qwt library, nor do you have to identify the Qwt license in your program or documentation as required by section 6 of the LGPL. + +However, programs must still identify their use of Qwt. The following example statement can be included in user documentation to satisfy this requirement: [program/widget] is based in part on the work of the Qwt project (http://qwt.sf.net)." diff --git a/src/main/resources/licenses/RRDtool-FLOSS-exception-2.0.txt b/src/main/resources/licenses/RRDtool-FLOSS-exception-2.0.txt new file mode 100644 index 0000000000..d88dae5868 --- /dev/null +++ b/src/main/resources/licenses/RRDtool-FLOSS-exception-2.0.txt @@ -0,0 +1,66 @@ +FLOSS License Exception +======================= +(Adapted from http://www.mysql.com/company/legal/licensing/foss-exception.html) + +I want specified Free/Libre and Open Source Software ("FLOSS") +applications to be able to use specified GPL-licensed RRDtool +libraries (the "Program") despite the fact that not all FLOSS licenses are +compatible with version 2 of the GNU General Public License (the "GPL"). + +As a special exception to the terms and conditions of version 2.0 of the GPL: + +You are free to distribute a Derivative Work that is formed entirely from +the Program and one or more works (each, a "FLOSS Work") licensed under one +or more of the licenses listed below, as long as: + +1. You obey the GPL in all respects for the Program and the Derivative +Work, except for identifiable sections of the Derivative Work which are +not derived from the Program, and which can reasonably be considered +independent and separate works in themselves, + +2. all identifiable sections of the Derivative Work which are not derived +from the Program, and which can reasonably be considered independent and +separate works in themselves, + +1. are distributed subject to one of the FLOSS licenses listed +below, and + +2. the object code or executable form of those sections are +accompanied by the complete corresponding machine-readable source +code for those sections on the same medium and under the same FLOSS +license as the corresponding object code or executable forms of +those sections, and + +3. any works which are aggregated with the Program or with a Derivative +Work on a volume of a storage or distribution medium in accordance with +the GPL, can reasonably be considered independent and separate works in +themselves which are not derivatives of either the Program, a Derivative +Work or a FLOSS Work. + +If the above conditions are not met, then the Program may only be copied, +modified, distributed or used under the terms and conditions of the GPL. + +FLOSS License List +================== +License name Version(s)/Copyright Date +Academic Free License 2.0 +Apache Software License 1.0/1.1/2.0 +Apple Public Source License 2.0 +Artistic license From Perl 5.8.0 +BSD license "July 22 1999" +Common Public License 1.0 +GNU Library or "Lesser" General Public License (LGPL) 2.0/2.1 +IBM Public License, Version 1.0 +Jabber Open Source License 1.0 +MIT License (As listed in file MIT-License.txt) - +Mozilla Public License (MPL) 1.0/1.1 +Open Software License 2.0 +OpenSSL license (with original SSLeay license) "2003" ("1998") +PHP License 3.01 +Python license (CNRI Python License) - +Python Software Foundation License 2.1.1 +Sleepycat License "1999" +W3C License "2001" +X11 License "2001" +Zlib/libpng License - +Zope Public License 2.0/2.1 diff --git a/src/main/resources/licenses/Ruby-pty.txt b/src/main/resources/licenses/Ruby-pty.txt new file mode 100644 index 0000000000..c817762f84 --- /dev/null +++ b/src/main/resources/licenses/Ruby-pty.txt @@ -0,0 +1,10 @@ +(c) Copyright 1998 by Akinori Ito. + +This software may be redistributed freely for this purpose, in full +or in part, provided that this entire copyright notice is included +on any copies of this software and applications and derivations thereof. + +This software is provided on an "as is" basis, without warranty of any +kind, either expressed or implied, as to any matter including, but not +limited to warranty of fitness of purpose, or merchantability, or +results obtained from use of this software. diff --git a/src/main/resources/licenses/SANE-exception.txt b/src/main/resources/licenses/SANE-exception.txt new file mode 100644 index 0000000000..198a8c67cc --- /dev/null +++ b/src/main/resources/licenses/SANE-exception.txt @@ -0,0 +1,20 @@ +As a special exception, the authors of sane-airscan give permission for +additional uses of the libraries contained in this release of sane-airscan. + +The exception is that, if you link a sane-airscan library with other files +to produce an executable, this does not by itself cause the +resulting executable to be covered by the GNU General Public +License. Your use of that executable is in no way restricted on +account of linking the sane-airscan library code into it. + +This exception does not, however, invalidate any other reasons why +the executable file might be covered by the GNU General Public +License. + +If you submit changes to sane-airscan to the maintainers to be included in +a subsequent release, you agree by submitting the changes that +those changes may be distributed with this exception intact. + +If you write modifications of your own for sane-airscan, it is your choice +whether to permit this exception to apply to your modifications. +If you do not wish that, delete this exception notice. diff --git a/src/main/resources/licenses/SAX-PD-2.0.txt b/src/main/resources/licenses/SAX-PD-2.0.txt new file mode 100644 index 0000000000..b329db3bb5 --- /dev/null +++ b/src/main/resources/licenses/SAX-PD-2.0.txt @@ -0,0 +1,10 @@ +SAX2 is Free! + +I hereby abandon any property rights to SAX 2.0 (the Simple API for +XML), and release all of the SAX 2.0 source code, compiled code, and +documentation contained in this distribution into the Public Domain. +SAX comes with NO WARRANTY or guarantee of fitness for any +purpose. + +David Megginson, david@megginson.com +2000-05-05 diff --git a/src/main/resources/licenses/SGI-OpenGL.txt b/src/main/resources/licenses/SGI-OpenGL.txt new file mode 100644 index 0000000000..2b4c542aa0 --- /dev/null +++ b/src/main/resources/licenses/SGI-OpenGL.txt @@ -0,0 +1,34 @@ +(c) Copyright 1993, Silicon Graphics, Inc. +ALL RIGHTS RESERVED +Permission to use, copy, modify, and distribute this software for +any purpose and without fee is hereby granted, provided that the above +copyright notice appear in all copies and that both the copyright notice +and this permission notice appear in supporting documentation, and that +the name of Silicon Graphics, Inc. not be used in advertising +or publicity pertaining to distribution of the software without specific, +written prior permission. + +THE MATERIAL EMBODIED ON THIS SOFTWARE IS PROVIDED TO YOU "AS-IS" +AND WITHOUT WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR OTHERWISE, +INCLUDING WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY OR +FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SILICON +GRAPHICS, INC. BE LIABLE TO YOU OR ANYONE ELSE FOR ANY DIRECT, +SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY +KIND, OR ANY DAMAGES WHATSOEVER, INCLUDING WITHOUT LIMITATION, +LOSS OF PROFIT, LOSS OF USE, SAVINGS OR REVENUE, OR THE CLAIMS OF +THIRD PARTIES, WHETHER OR NOT SILICON GRAPHICS, INC. HAS BEEN +ADVISED OF THE POSSIBILITY OF SUCH LOSS, HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE +POSSESSION, USE OR PERFORMANCE OF THIS SOFTWARE. + +US Government Users Restricted Rights +Use, duplication, or disclosure by the Government is subject to +restrictions set forth in FAR 52.227.19(c)(2) or subparagraph +(c)(1)(ii) of the Rights in Technical Data and Computer Software +clause at DFARS 252.227-7013 and/or in similar or successor +clauses in the FAR or the DOD or NASA FAR Supplement. +Unpublished-- rights reserved under the copyright laws of the +United States. Contractor/manufacturer is Silicon Graphics, +Inc., 2011 N. Shoreline Blvd., Mountain View, CA 94039-7311. + +OpenGL(TM) is a trademark of Silicon Graphics, Inc. diff --git a/src/main/resources/licenses/SGP4.txt b/src/main/resources/licenses/SGP4.txt new file mode 100644 index 0000000000..1b86e057c7 --- /dev/null +++ b/src/main/resources/licenses/SGP4.txt @@ -0,0 +1 @@ +There is no license associated with the code and you may use it for any purpose—personal or commercial—as you wish. We ask only that you include citations in your documentation and source code to show the source of the code and provide links to the main page, to facilitate communications regarding any questions on the theory or source code. diff --git a/src/main/resources/licenses/SHL-2.0.txt b/src/main/resources/licenses/SHL-2.0.txt new file mode 100644 index 0000000000..9218b47a72 --- /dev/null +++ b/src/main/resources/licenses/SHL-2.0.txt @@ -0,0 +1,22 @@ +# Solderpad Hardware Licence Version 2.0 + +This licence (the “Licence”) operates as a wraparound licence to the Apache License Version 2.0 (the “Apache License”) and grants to You the rights, and imposes the obligations, set out in the Apache License (which can be found here: http://apache.org/licenses/LICENSE-2.0), with the following extensions. It must be read in conjunction with the Apache License. Section 1 below modifies definitions in the Apache License, and section 2 below replaces sections 2 of the Apache License. You may, at your option, choose to treat any Work released under this License as released under the Apache License (thus ignoring all sections written below entirely). Words in italics indicate changes rom the Apache License, but are indicative and not to be taken into account in interpretation. + +1. The definitions set out in the Apache License are modified as follows: + +Copyright any reference to ‘copyright’ (whether capitalised or not) includes ‘Rights’ (as defined below). + +Contribution also includes any design, as well as any work of authorship. + +Derivative Works shall not include works that remain reversibly separable from, or merely link (or bind by name) or physically connect to or interoperate with the interfaces of the Work and Derivative Works thereof. + +Object form shall mean any form resulting from mechanical transformation or translation of a Source form or the application of a Source form to physical material, including but not limited to compiled object code, generated documentation, the instantiation of a hardware design or physical object and conversions to other media types, including intermediate forms such as bytecodes, FPGA bitstreams, moulds, artwork and semiconductor topographies (mask works). + +Rights means copyright and any similar right including design right (whether registered or unregistered), semiconductor topography (mask) rights and database rights (but excluding Patents and Trademarks). + +Source form shall mean the preferred form for making modifications, including but not limited to source code, net lists, board layouts, CAD files, documentation source, and configuration files. +Work also includes a design or work of authorship, whether in Source form or other Object form. + +2. Grant of Licence + +2.1 Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable license under the Rights to reproduce, prepare Derivative Works of, make, adapt, repair, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form and do anything in relation to the Work as if the Rights did not exist. diff --git a/src/main/resources/licenses/SHL-2.1.txt b/src/main/resources/licenses/SHL-2.1.txt new file mode 100644 index 0000000000..c9ae53741f --- /dev/null +++ b/src/main/resources/licenses/SHL-2.1.txt @@ -0,0 +1,45 @@ +SOLDERPAD HARDWARE LICENSE VERSION 2.1 + +This license operates as a wraparound license to the Apache License Version 2.0 (the "Apache License") and incorporates the terms and conditions of the Apache License (which can be found here: http://apache.org/licenses/LICENSE-2.0), with the following additions and modifications. It must be read in conjunction with the Apache License. Section 1 below modifies definitions and terminology in the Apache License and Section 2 below replaces Section 2 of the Apache License. The Appendix replaces the Appendix in the Apache License. You may, at your option, choose to treat any Work released under this license as released under the Apache License (thus ignoring all sections written below entirely). + +1. Terminology in the Apache License is supplemented or modified as follows: + +"Authorship": any reference to 'authorship' shall be taken to read "authorship or design". + +"Copyright owner": any reference to 'copyright owner' shall be taken to read "Rights owner". + +"Copyright statement": the reference to 'copyright statement' shall be taken to read 'copyright or other statement pertaining to Rights' + +The following new definition shall be added to the Definitions section of the Apache License: + +"Rights" means copyright and any similar right including design right (whether registered or unregistered), rights in semiconductor topographies (mask works) and database rights (but excluding Patents and Trademarks). + +The following definitions shall replace the corresponding definitions in the Apache License: + +"License" shall mean this Solderpad Hardware License version 2.1, being the terms and conditions for use, manufacture, instantiation, adaptation, reproduction, and distribution as defined by Sections 1 through 9 of this document. + +"Licensor" shall mean the Rights owner or entity authorized by the Rights owner that is granting the License. + +"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship or design. For the purposes of this License, Derivative Works shall not include works that remain reversibly separable from, or merely link (or bind by name) or physically connect to or interoperate with the Work and Derivative Works thereof. + +"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form or the application of a Source form to physical material, including but not limited to compiled object code, generated documentation, the instantiation of a hardware design or physical object or material and conversions to other media types, including intermediate forms such as bytecodes, FPGA bitstreams, moulds, artwork and semiconductor topographies (mask works). + +"Source" form shall mean the preferred form for making modifications, including but not limited to source code, net lists, board layouts, CAD files, documentation source, and configuration files. + +"Work" shall mean the work of authorship or design, whether in Source or Object form, made available under the License, as indicated by a notice relating to Rights that is included in or attached to the work (an example is provided in the Appendix below). + +2. Grant of License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable license under the Rights to reproduce, prepare Derivative Works of, make, adapt, repair, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form and do anything in relation to the Work as if the Rights did not exist. + + +APPENDIX + +Copyright [yyyy] [name of copyright owner] +SPDX-License-Identifier: Apache-2.0 WITH SHL-2.1 + +Licensed under the Solderpad Hardware License v 2.1 (the "License"); you may not use this file except in compliance with the License, or, at your option, the Apache License version 2.0. +You may obtain a copy of the License at + +https://solderpad.org/licenses/SHL-2.1/ + +Unless required by applicable law or agreed to in writing, any work distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and limitations under the License. diff --git a/src/main/resources/licenses/SISSL.txt b/src/main/resources/licenses/SISSL.txt index 7d6ad9d66c..af38d02d92 100644 --- a/src/main/resources/licenses/SISSL.txt +++ b/src/main/resources/licenses/SISSL.txt @@ -36,13 +36,13 @@ Sun Industry Standards Source License - Version 1.1 2.0 SOURCE CODE LICENSE - 2.1 The Initial Developer Grant The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims:  + 2.1 The Initial Developer Grant The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims: (a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer to use, reproduce, modify, display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, and/or as part of a Larger Work; and (b) under Patents Claims infringed by the making, using or selling of Original Code, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Code (or portions thereof). (c) the licenses granted in this Section 2.1(a) and (b) are effective on the date Initial Developer first distributes Original Code under the terms of this License. - (d) Notwithstanding Section 2.1(b) above, no patent license is granted: 1) for code that You delete from the Original Code; 2) separate from the Original Code; or 3) for infringements caused by: i) the modification of the Original Code or ii) the combination of the Original Code with other software or devices, including but not limited to Modifications.  + (d) Notwithstanding Section 2.1(b) above, no patent license is granted: 1) for code that You delete from the Original Code; 2) separate from the Original Code; or 3) for infringements caused by: i) the modification of the Original Code or ii) the combination of the Original Code with other software or devices, including but not limited to Modifications. 3.0 DISTRIBUTION OBLIGATIONS @@ -92,14 +92,14 @@ This License represents the complete agreement concerning subject matter hereof. EXHIBIT A - Sun Standards License -"The contents of this file are subject to the Sun Standards License Version 1.1 (the "License"); You may not use this file except in compliance with the License. You may obtain a copy of the License at _______________________________. +"The contents of this file are subject to the Sun Standards License Version 1.1 (the "License"); You may not use this file except in compliance with the License. You may obtain a copy of the License at _______________________________. -Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either  +Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. The Original Code is ______________________________________. -The Initial Developer of the Original Code is:  +The Initial Developer of the Original Code is: Sun Microsystems, Inc.. Portions created by: _______________________________________ diff --git a/src/main/resources/licenses/SL.txt b/src/main/resources/licenses/SL.txt new file mode 100644 index 0000000000..cc3857d224 --- /dev/null +++ b/src/main/resources/licenses/SL.txt @@ -0,0 +1,4 @@ +Everyone is permitted to do anything on this program including copying, +modifying, and improving, unless you try to pretend that you wrote it. +i.e., the above copyright notice has to appear in all copies. +THE AUTHOR DISCLAIMS ANY RESPONSIBILITY WITH REGARD TO THIS SOFTWARE. diff --git a/src/main/resources/licenses/SMAIL-GPL.txt b/src/main/resources/licenses/SMAIL-GPL.txt new file mode 100644 index 0000000000..be799ec39d --- /dev/null +++ b/src/main/resources/licenses/SMAIL-GPL.txt @@ -0,0 +1,144 @@ +SMAIL GENERAL PUBLIC LICENSE + (Clarified 11 Feb 1988) + + Copyright (C) 1988 Landon Curt Noll & Ronald S. Karr + Copyright (C) 1992 Ronald S. Karr + Copyleft (GNU) 1988 Landon Curt Noll & Ronald S. Karr + + Everyone is permitted to copy and distribute verbatim copies + of this license, but changing it is not allowed. You can also + use this wording to make the terms for other programs. + + The license agreements of most software companies keep you at the +mercy of those companies. By contrast, our general public license is +intended to give everyone the right to share SMAIL. To make sure that +you get the rights we want you to have, we need to make restrictions +that forbid anyone to deny you these rights or to ask you to surrender +the rights. Hence this license agreement. + + Specifically, we want to make sure that you have the right to give +away copies of SMAIL, that you receive source code or else can get it +if you want it, that you can change SMAIL or use pieces of it in new +free programs, and that you know you can do these things. + + To make sure that everyone has such rights, we have to forbid you to +deprive anyone else of these rights. For example, if you distribute +copies of SMAIL, you must give the recipients all the rights that you +have. You must make sure that they, too, receive or can get the +source code. And you must tell them their rights. + + Also, for our own protection, we must make certain that everyone +finds out that there is no warranty for SMAIL. If SMAIL is modified by +someone else and passed on, we want its recipients to know that what +they have is not what we distributed, so that any problems introduced +by others will not reflect on our reputation. + + Therefore we (Landon Curt Noll and Ronald S. Karr) make the following +terms which say what you must do to be allowed to distribute or change +SMAIL. + + + COPYING POLICIES + + 1. You may copy and distribute verbatim copies of SMAIL source code +as you receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy a valid copyright notice "Copyright +(C) 1988 Landon Curt Noll & Ronald S. Karr" (or with whatever year is +appropriate); keep intact the notices on all files that refer to this +License Agreement and to the absence of any warranty; and give any +other recipients of the SMAIL program a copy of this License +Agreement along with the program. You may charge a distribution fee +for the physical act of transferring a copy. + + 2. You may modify your copy or copies of SMAIL or any portion of it, +and copy and distribute such modifications under the terms of +Paragraph 1 above, provided that you also do the following: + + a) cause the modified files to carry prominent notices stating + that you changed the files and the date of any change; and + + b) cause the whole of any work that you distribute or publish, + that in whole or in part contains or is a derivative of SMAIL or + any part thereof, to be licensed at no charge to all third + parties on terms identical to those contained in this License + Agreement (except that you may choose to grant more extensive + warranty protection to some or all third parties, at your option). + + c) You may charge a distribution fee for the physical act of + transferring a copy, and you may at your option offer warranty + protection in exchange for a fee. + +Mere aggregation of another unrelated program with this program (or its +derivative) on a volume of a storage or distribution medium does not bring +the other program under the scope of these terms. + + 3. You may copy and distribute SMAIL (or a portion or derivative of it, +under Paragraph 2) in object code or executable form under the terms of +Paragraphs 1 and 2 above provided that you also do one of the following: + + a) accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of + Paragraphs 1 and 2 above; or, + + b) accompany it with a written offer, valid for at least three + years, to give any third party free (except for a nominal + shipping charge) a complete machine-readable copy of the + corresponding source code, to be distributed under the terms of + Paragraphs 1 and 2 above; or, + + c) accompany it with the information you received as to where the + corresponding source code may be obtained. (This alternative is + allowed only for non-commercial distribution and only if you + received the program in object code or executable form alone.) + +For an executable file, complete source code means all the source code for +all modules it contains; but, as a special exception, it need not include +source code for modules which are standard libraries that accompany the +operating system on which the executable file runs. + + 4. You may not copy, sublicense, distribute or transfer SMAIL +except as expressly provided under this License Agreement. Any attempt +otherwise to copy, sublicense, distribute or transfer SMAIL is void and +your rights to use the program under this License agreement shall be +automatically terminated. However, parties who have received computer +software programs from you with this License Agreement will not have +their licenses terminated so long as such parties remain in full compliance. + + 5. If you wish to incorporate parts of SMAIL into other free +programs whose distribution conditions are different, write to Landon +Curt Noll & Ronald S. Karr via the Free Software Foundation at 51 +Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. We have not yet +worked out a simple rule that can be stated here, but we will often +permit this. We will be guided by the two goals of preserving the +free status of all derivatives of our free software and of promoting +the sharing and reuse of software. + +Your comments and suggestions about our licensing policies and our +software are welcome! This contract was based on the contract made by +the Free Software Foundation. Please contact the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, +USA, or call (617) 542-5942 for details on copylefted material in +general. + + NO WARRANTY + + BECAUSE SMAIL IS LICENSED FREE OF CHARGE, WE PROVIDE ABSOLUTELY NO +WARRANTY, TO THE EXTENT PERMITTED BY APPLICABLE STATE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING, LANDON CURT NOLL & RONALD S. KARR AND/OR +OTHER PARTIES PROVIDE SMAIL "AS IS" WITHOUT WARRANTY OF ANY KIND, +EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF SMAIL IS WITH +YOU. SHOULD SMAIL PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL +NECESSARY SERVICING, REPAIR OR CORRECTION. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW WILL LANDON CURT NOLL & +RONALD S. KARR AND/OR ANY OTHER PARTY WHO MAY MODIFY AND REDISTRIBUTE +SMAIL AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +LOST PROFITS, LOST MONIES, OR OTHER SPECIAL, INCIDENTAL OR +CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE +(INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED +INACCURATE OR LOSSES SUSTAINED BY THIRD PARTIES OR A FAILURE OF THE +PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS) SMAIL, EVEN IF YOU HAVE +BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY +ANY OTHER PARTY. diff --git a/src/main/resources/licenses/SSLeay-standalone.txt b/src/main/resources/licenses/SSLeay-standalone.txt new file mode 100644 index 0000000000..61618b40eb --- /dev/null +++ b/src/main/resources/licenses/SSLeay-standalone.txt @@ -0,0 +1,58 @@ +Original SSLeay License + ----------------------- + + Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + All rights reserved. + + This package is an SSL implementation written + by Eric Young (eay@cryptsoft.com). + The implementation was written so as to conform with Netscapes SSL. + + This library is free for commercial and non-commercial use as long as + the following conditions are aheared to. The following conditions + apply to all code found in this distribution, be it the RC4, RSA, + lhash, DES, etc., code; not just the SSL code. The SSL documentation + included with this distribution is covered by the same copyright terms + except that the holder is Tim Hudson (tjh@cryptsoft.com). + + Copyright remains Eric Young's, and as such any Copyright notices in + the code are not to be removed. + If this package is used in a product, Eric Young should be given attribution + as the author of the parts of the library used. + This can be in the form of a textual message at program startup or + in documentation (online or textual) provided with the package. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + "This product includes cryptographic software written by + Eric Young (eay@cryptsoft.com)" + The word 'cryptographic' can be left out if the rouines from the library + being used are not cryptographic related :-). + 4. If you include any Windows specific code (or a derivative thereof) from + the apps directory (application code) you must include an acknowledgement: + "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + + THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + + The licence and distribution terms for any publically available version or + derivative of this code cannot be changed. i.e. this code cannot simply be + copied and put under another distribution licence + [including the GNU Public Licence.] diff --git a/src/main/resources/licenses/SWI-exception.txt b/src/main/resources/licenses/SWI-exception.txt new file mode 100644 index 0000000000..9ccfb9b89c --- /dev/null +++ b/src/main/resources/licenses/SWI-exception.txt @@ -0,0 +1,6 @@ +As a special exception, if you link this library with other files, +compiled with a Free Software compiler, to produce an executable, this +library does not by itself cause the resulting executable to be covered +by the GNU General Public License. This exception does not however +invalidate any other reasons why the executable file might be covered by +the GNU General Public License. diff --git a/src/main/resources/licenses/Sendmail-Open-Source-1.1.txt b/src/main/resources/licenses/Sendmail-Open-Source-1.1.txt new file mode 100644 index 0000000000..054f719ee5 --- /dev/null +++ b/src/main/resources/licenses/Sendmail-Open-Source-1.1.txt @@ -0,0 +1,75 @@ +SENDMAIL OPEN SOURCE LICENSE + +The following license terms and conditions apply to this open source +software ("Software"), unless a different license is obtained directly +from Sendmail, Inc. ("Sendmail") located at 6475 Christie Ave, Suite 350, +Emeryville, CA 94608, USA. + +Use, modification and redistribution (including distribution of any +modified or derived work) of the Software in source and binary forms is +permitted only if each of the following conditions of 1-6 are met: + +1. Redistributions of the Software qualify as "freeware" or "open + source software" under one of the following terms: + + (a) Redistributions are made at no charge beyond the reasonable + cost of materials and delivery; or + + (b) Redistributions are accompanied by a copy of the modified + Source Code (on an acceptable machine-readable medium) or by an + irrevocable offer to provide a copy of the modified Source Code + (on an acceptable machine-readable medium) for up to three years + at the cost of materials and delivery. Such redistributions must + allow further use, modification, and redistribution of the Source + Code under substantially the same terms as this license. For + the purposes of redistribution "Source Code" means the complete + human-readable, compilable, linkable, and operational source + code of the redistributed module(s) including all modifications. + +2. Redistributions of the Software Source Code must retain the + copyright notices as they appear in each Source Code file, these + license terms and conditions, and the disclaimer/limitation of + liability set forth in paragraph 6 below. Redistributions of the + Software Source Code must also comply with the copyright notices + and/or license terms and conditions imposed by contributors on + embedded code. The contributors' license terms and conditions + and/or copyright notices are contained in the Source Code + distribution. + +3. Redistributions of the Software in binary form must reproduce the + Copyright Notice described below, these license terms and conditions, + and the disclaimer/limitation of liability set forth in paragraph + 6 below, in the documentation and/or other materials provided with + the binary distribution. For the purposes of binary distribution, + "Copyright Notice" refers to the following language: "Copyright (c) + 1998-2009 Sendmail, Inc. All rights reserved." + +4. Neither the name, trademark or logo of Sendmail, Inc. (including + without limitation its subsidiaries or affiliates) or its contributors + may be used to endorse or promote products, or software or services + derived from this Software without specific prior written permission. + The name "sendmail" is a registered trademark and service mark of + Sendmail, Inc. + +5. We reserve the right to cancel this license if you do not comply with + the terms. This license is governed by California law and both of us + agree that for any dispute arising out of or relating to this Software, + that jurisdiction and venue is proper in San Francisco or Alameda + counties. These license terms and conditions reflect the complete + agreement for the license of the Software (which means this supercedes + prior or contemporaneous agreements or representations). If any term + or condition under this license is found to be invalid, the remaining + terms and conditions still apply. + +6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY + SENDMAIL AND ITS CONTRIBUTORS "AS IS" WITHOUT WARRANTY OF ANY KIND + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A + PARTICULAR PURPOSE ARE EXPRESSLY DISCLAIMED. IN NO EVENT SHALL SENDMAIL + OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, + OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + WITHOUT LIMITATION NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. diff --git a/src/main/resources/licenses/Soundex.txt b/src/main/resources/licenses/Soundex.txt new file mode 100644 index 0000000000..16c3fa7664 --- /dev/null +++ b/src/main/resources/licenses/Soundex.txt @@ -0,0 +1,9 @@ +(c) Copyright 1998-2007 by Mark Mielke + +Freedom to use these sources for whatever you want, as long as credit +is given where credit is due, is hereby granted. You may make modifications +where you see fit but leave this copyright somewhere visible. As well, try +to initial any changes you make so that if I like the changes I can +incorporate them into later versions. + + - Mark Mielke diff --git a/src/main/resources/licenses/StandardML-NJ.txt b/src/main/resources/licenses/StandardML-NJ.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/StandardML-NJ.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/Sun-PPP-2000.txt b/src/main/resources/licenses/Sun-PPP-2000.txt new file mode 100644 index 0000000000..914c19544a --- /dev/null +++ b/src/main/resources/licenses/Sun-PPP-2000.txt @@ -0,0 +1,13 @@ +Copyright (c) 2000 by Sun Microsystems, Inc. +All rights reserved. + +Permission to use, copy, modify, and distribute this software and its +documentation is hereby granted, provided that the above copyright +notice appears in all copies. + +SUN MAKES NO REPRESENTATION OR WARRANTIES ABOUT THE SUITABILITY OF +THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SUN SHALL NOT BE LIABLE FOR +ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR +DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES diff --git a/src/main/resources/licenses/Sun-PPP.txt b/src/main/resources/licenses/Sun-PPP.txt new file mode 100644 index 0000000000..5f94a13437 --- /dev/null +++ b/src/main/resources/licenses/Sun-PPP.txt @@ -0,0 +1,13 @@ +Copyright (c) 2001 by Sun Microsystems, Inc. +All rights reserved. + +Non-exclusive rights to redistribute, modify, translate, and use +this software in source and binary forms, in whole or in part, is +hereby granted, provided that the above copyright notice is +duplicated in any source form, and that neither the name of the +copyright holder nor the author is used to endorse or promote +products derived from this software. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/main/resources/licenses/SunPro.txt b/src/main/resources/licenses/SunPro.txt new file mode 100644 index 0000000000..1ccb78add0 --- /dev/null +++ b/src/main/resources/licenses/SunPro.txt @@ -0,0 +1,6 @@ +Copyright (C) 1993 by Sun Microsystems, Inc. All rights reserved. + +Developed at SunSoft, a Sun Microsystems, Inc. business. +Permission to use, copy, modify, and distribute this +software is freely granted, provided that this notice +is preserved. diff --git a/src/main/resources/licenses/Swift-exception.txt b/src/main/resources/licenses/Swift-exception.txt new file mode 100644 index 0000000000..32b573cea5 --- /dev/null +++ b/src/main/resources/licenses/Swift-exception.txt @@ -0,0 +1,6 @@ +### Runtime Library Exception to the Apache 2.0 License: ### + +As an exception, if you use this Software to compile your source code and +portions of this Software are embedded into the binary product as a result, +you may redistribute such product without providing attribution as would +otherwise be required by Sections 4(a), 4(b) and 4(d) of the License. diff --git a/src/main/resources/licenses/Symlinks.txt b/src/main/resources/licenses/Symlinks.txt new file mode 100644 index 0000000000..35420d2ba9 --- /dev/null +++ b/src/main/resources/licenses/Symlinks.txt @@ -0,0 +1,10 @@ + My "symlinks" utility pre-dates the "open source licensing" +fad by a number of years. Just to clarify, this is 100% +freeware, written entirely by myself. The intent is to use +it to detect missing/obsolete symlink targets on an installed +distro, before creating the "gold" (or "final") release discs. + +Use and distribute and modify as you (or anyone +else) sees fit. There have no formal restrictions or +requirements whatsoever regarding distribution of either +binaries or source code, whether modified or original. diff --git a/src/main/resources/licenses/TGPPL-1.0.txt b/src/main/resources/licenses/TGPPL-1.0.txt new file mode 100644 index 0000000000..fbafe92c82 --- /dev/null +++ b/src/main/resources/licenses/TGPPL-1.0.txt @@ -0,0 +1,181 @@ +======================================================= +Transitive Grace Period Public Licence ("TGPPL") v. 1.0 +======================================================= + +This Transitive Grace Period Public Licence (the "License") applies to any +original work of authorship (the "Original Work") whose owner (the +"Licensor") has placed the following licensing notice adjacent to the +copyright notice for the Original Work: + + *Licensed under the Transitive Grace Period Public Licence version 1.0* + +1. **Grant of Copyright License.** Licensor grants You a worldwide, + royalty-free, non-exclusive, sublicensable license, for the duration of + the copyright, to do the following: + + a. to reproduce the Original Work in copies, either alone or as part of a + collective work; + + b. to translate, adapt, alter, transform, modify, or arrange the Original + Work, thereby creating derivative works ("Derivative Works") based upon + the Original Work; + + c. to distribute or communicate copies of the Original Work and Derivative + Works to the public, with the proviso that copies of Original Work or + Derivative Works that You distribute or communicate shall be licensed + under this Transitive Grace Period Public Licence no later than 12 + months after You distributed or communicated said copies; + + d. to perform the Original Work publicly; and + + e. to display the Original Work publicly. + +2. **Grant of Patent License.** Licensor grants You a worldwide, + royalty-free, non-exclusive, sublicensable license, under patent claims + owned or controlled by the Licensor that are embodied in the Original + Work as furnished by the Licensor, for the duration of the patents, to + make, use, sell, offer for sale, have made, and import the Original Work + and Derivative Works. + +3. **Grant of Source Code License.** The term "Source Code" means the + preferred form of the Original Work for making modifications to it and + all available documentation describing how to modify the Original + Work. Licensor agrees to provide a machine-readable copy of the Source + Code of the Original Work along with each copy of the Original Work that + Licensor distributes. Licensor reserves the right to satisfy this + obligation by placing a machine-readable copy of the Source Code in an + information repository reasonably calculated to permit inexpensive and + convenient access by You for as long as Licensor continues to distribute + the Original Work. + +4. **Exclusions From License Grant.** Neither the names of Licensor, nor the + names of any contributors to the Original Work, nor any of their + trademarks or service marks, may be used to endorse or promote products + derived from this Original Work without express prior permission of the + Licensor. Except as expressly stated herein, nothing in this License + grants any license to Licensor's trademarks, copyrights, patents, trade + secrets or any other intellectual property. No patent license is granted + to make, use, sell, offer for sale, have made, or import embodiments of + any patent claims other than the licensed claims defined in Section 2. No + license is granted to the trademarks of Licensor even if such marks are + included in the Original Work. Nothing in this License shall be + interpreted to prohibit Licensor from licensing under terms different + from this License any Original Work that Licensor otherwise would have a + right to license. + +5. **External Deployment.** The term "External Deployment" means the use, + distribution, or communication of the Original Work or Derivative Works + in any way such that the Original Work or Derivative Works may be used by + anyone other than You, whether those works are distributed or + communicated to those persons or made available as an application + intended for use over a network. As an express condition for the grants + of license hereunder, You must treat any External Deployment by You of + the Original Work or a Derivative Work as a distribution under section + 1(c). + +6. **Attribution Rights.** You must retain, in the Source Code of any + Derivative Works that You create, all copyright, patent, or trademark + notices from the Source Code of the Original Work, as well as any notices + of licensing and any descriptive text identified therein as an + "Attribution Notice." You must cause the Source Code for any Derivative + Works that You create to carry a prominent Attribution Notice reasonably + calculated to inform recipients that You have modified the Original Work. + +7. **Warranty of Provenance and Disclaimer of Warranty.** Licensor warrants + that the copyright in and to the Original Work and the patent rights + granted herein by Licensor are owned by the Licensor or are sublicensed + to You under the terms of this License with the permission of the + contributor(s) of those copyrights and patent rights. Except as expressly + stated in the immediately preceding sentence, the Original Work is + provided under this License on an "AS IS" BASIS and WITHOUT WARRANTY, + either express or implied, including, without limitation, the warranties + of non-infringement, merchantability or fitness for a particular + purpose. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH + YOU. This DISCLAIMER OF WARRANTY constitutes an essential part of this + License. No license to the Original Work is granted by this License + except under this disclaimer. + +8. **Limitation of Liability.** Under no circumstances and under no legal + theory, whether in tort (including negligence), contract, or otherwise, + shall the Licensor be liable to anyone for any indirect, special, + incidental, or consequential damages of any character arising as a result + of this License or the use of the Original Work including, without + limitation, damages for loss of goodwill, work stoppage, computer failure + or malfunction, or any and all other commercial damages or losses. This + limitation of liability shall not apply to the extent applicable law + prohibits such limitation. + +9. **Acceptance and Termination.** If, at any time, You expressly assented + to this License, that assent indicates your clear and irrevocable + acceptance of this License and all of its terms and conditions. If You + distribute or communicate copies of the Original Work or a Derivative + Work, You must make a reasonable effort under the circumstances to obtain + the express assent of recipients to the terms of this License. This + License conditions your rights to undertake the activities listed in + Section 1, including your right to create Derivative Works based upon the + Original Work, and doing so without honoring these terms and conditions + is prohibited by copyright law and international treaty. Nothing in this + License is intended to affect copyright exceptions and limitations + (including 'fair use' or 'fair dealing'). This License shall terminate + immediately and You may no longer exercise any of the rights granted to + You by this License upon your failure to honor the conditions in Section + 1(c). + +10. **Termination for Patent Action.** This License shall terminate + automatically and You may no longer exercise any of the rights granted to + You by this License as of the date You commence an action, including a + cross-claim or counterclaim, against Licensor or any licensee alleging + that the Original Work infringes a patent. This termination provision + shall not apply for an action alleging patent infringement by + combinations of the Original Work with other software or hardware. + +11. **Jurisdiction, Venue and Governing Law.** Any action or suit relating to + this License may be brought only in the courts of a jurisdiction wherein + the Licensor resides or in which Licensor conducts its primary business, + and under the laws of that jurisdiction excluding its conflict-of-law + provisions. The application of the United Nations Convention on Contracts + for the International Sale of Goods is expressly excluded. Any use of the + Original Work outside the scope of this License or after its termination + shall be subject to the requirements and penalties of copyright or patent + law in the appropriate jurisdiction. This section shall survive the + termination of this License. + +12. **Attorneys' Fees.** In any action to enforce the terms of this License + or seeking damages relating thereto, the prevailing party shall be + entitled to recover its costs and expenses, including, without + limitation, reasonable attorneys' fees and costs incurred in connection + with such action, including any appeal of such action. This section shall + survive the termination of this License. + +13. **Miscellaneous.** If any provision of this License is held to be + unenforceable, such provision shall be reformed only to the extent + necessary to make it enforceable. + +14. **Definition of "You" in This License.** "You" throughout this License, + whether in upper or lower case, means an individual or a legal entity + exercising rights under, and complying with all of the terms of, this + License. For legal entities, "You" includes any entity that controls, is + controlled by, or is under common control with you. For purposes of this + definition, "control" means (i) the power, direct or indirect, to cause + the direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + +15. **Right to Use.** You may use the Original Work in all ways not otherwise + restricted or conditioned by this License or by law, and Licensor + promises not to interfere with or be responsible for such uses by You. + +16. **Modification of This License.** This License is Copyright Š 2007 Zooko + Wilcox-O'Hearn. Permission is granted to copy, distribute, or communicate + this License without modification. Nothing in this License permits You to + modify this License as applied to the Original Work or to Derivative + Works. However, You may modify the text of this License and copy, + distribute or communicate your modified version (the "Modified License") + and apply it to other original works of authorship subject to the + following conditions: (i) You may not indicate in any way that your + Modified License is the "Transitive Grace Period Public Licence" or + "TGPPL" and you may not use those names in the name of your Modified + License; and (ii) You must replace the notice specified in the first + paragraph above with the notice "Licensed under " or with a notice of your own that is not confusingly similar to + the notice in this License. diff --git a/src/main/resources/licenses/TPDL.txt b/src/main/resources/licenses/TPDL.txt new file mode 100644 index 0000000000..d950f8f19e --- /dev/null +++ b/src/main/resources/licenses/TPDL.txt @@ -0,0 +1,2 @@ +Copyright (C) 1996-2010 David Muir Sharnoff. Copyright (C) 2011 Google, Inc. +License hereby granted for anyone to use, modify or redistribute this module at their own risk. Please feed useful changes back to cpan@dave.sharnoff.org. diff --git a/src/main/resources/licenses/TPL-1.0.txt b/src/main/resources/licenses/TPL-1.0.txt new file mode 100644 index 0000000000..1634db4912 --- /dev/null +++ b/src/main/resources/licenses/TPL-1.0.txt @@ -0,0 +1,475 @@ +THOR Public Licence (TPL) + +0. Notes of Origin + +0.1 As required by paragraph 6.3 of the "Mozilla Public Licence", +"MPL" in the following, it is hereby stated that this Licence +condition ("TPL") differs in the following items from the original +"Mozilla Public Licence" as provided by "Netscape Communications +Corporation": + +a) Paragraphs 6.2 and 6.3 of the MPL has been modified to bind licence +modifications to the Author of this Licence, Thomas Richter. + +b) Paragraph 11 has been modified to gover this Licence by German +law rather than Californian Law. + +c) The licence has been renamed to "TPL" and "THOR Public +Licence". All references towards "MPL" have been removed except in +section 0 to indicate the difference from "MPL". + +No other modifications have been made. + + +1. Definitions. + +1.0.1. "Commercial Use" means distribution or otherwise making the +Covered Code available to a third party. + +1.1. "Contributor" means each entity that creates or contributes to +the creation of Modifications. + +1.2. "Contributor Version" means the combination of the Original Code, +prior Modifications used by a Contributor, and the Modifications made +by that particular Contributor. + +1.3. "Covered Code" means the Original Code or Modifications or the +combination of the Original Code and Modifications, in each case +including portions thereof. + +1.4. "Electronic Distribution Mechanism" means a mechanism generally +accepted in the software development community for the electronic +transfer of data. + +1.5. "Executable" means Covered Code in any form other than Source +Code. + +1.6. "Initial Developer" means the individual or entity identified as +the Initial Developer in the Source Code notice required by Exhibit A. + +1.7. "Larger Work" means a work which combines Covered Code or +portions thereof with code not governed by the terms of this License. + +1.8. "License" means this document. + +1.8.1. "Licensable" means having the right to grant, to the maximum +extent possible, whether at the time of the initial grant or +subsequently acquired, any and all of the rights conveyed herein. + +1.9. "Modifications" means any addition to or deletion from the +substance or structure of either the Original Code or any previous +Modifications. When Covered Code is released as a series of files, a +Modification is: A. Any addition to or deletion from the contents of a +file containing Original Code or previous Modifications. + +B. Any new file that contains any part of the Original Code or +previous Modifications. + +1.10. "Original Code" means Source Code of computer software code +which is described in the Source Code notice required by Exhibit A as +Original Code, and which, at the time of its release under this +License is not already Covered Code governed by this License. + +1.10.1. "Patent Claims" means any patent claim(s), now owned or +hereafter acquired, including without limitation, method, process, and +apparatus claims, in any patent Licensable by grantor. + +1.11. "Source Code" means the preferred form of the Covered Code for +making modifications to it, including all modules it contains, plus +any associated interface definition files, scripts used to control +compilation and installation of an Executable, or source code +differential comparisons against either the Original Code or another +well known, available Covered Code of the Contributor's choice. The +Source Code can be in a compressed or archival form, provided the +appropriate decompression or de-archiving software is widely available +for no charge. + +1.12. "You" (or "Your") means an individual or a legal entity +exercising rights under, and complying with all of the terms of, this +License or a future version of this License issued under Section +6.1. For legal entities, "You" includes any entity which controls, is +controlled by, or is under common control with You. For purposes of +this definition, "control" means (a) the power, direct or indirect, to +cause the direction or management of such entity, whether by contract +or otherwise, or (b) ownership of more than fifty percent (50%) of the +outstanding shares or beneficial ownership of such entity. + +2. Source Code License. + +2.1. The Initial Developer Grant. The Initial Developer hereby grants +You a world-wide, royalty-free, non-exclusive license, subject to +third party intellectual property claims: (a) under intellectual +property rights (other than patent or trademark) Licensable by Initial +Developer to use, reproduce, modify, display, perform, sublicense and +distribute the Original Code (or portions thereof) with or without +Modifications, and/or as part of a Larger Work; and + +(b) under Patents Claims infringed by the making, using or selling of +Original Code, to make, have made, use, practice, sell, and offer for +sale, and/or otherwise dispose of the Original Code (or portions +thereof). + +(c) the licenses granted in this Section 2.1(a) and (b) are effective +on the date Initial Developer first distributes Original Code under +the terms of this License. + +(d) Notwithstanding Section 2.1(b) above, no patent license is +granted: 1) for code that You delete from the Original Code; 2) +separate from the Original Code; or 3) for infringements caused by: i) +the modification of the Original Code or ii) the combination of the +Original Code with other software or devices. + +2.2. Contributor Grant. Subject to third party intellectual property +claims, each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license + +(a) under intellectual property rights (other than patent or +trademark) Licensable by Contributor, to use, reproduce, modify, +display, perform, sublicense and distribute the Modifications created +by such Contributor (or portions thereof) either on an unmodified +basis, with other Modifications, as Covered Code and/or as part of a +Larger Work; and + +(b) under Patent Claims infringed by the making, using, or selling of +Modifications made by that Contributor either alone and/or in +combination with its Contributor Version (or portions of such +combination), to make, use, sell, offer for sale, have made, and/or +otherwise dispose of: 1) Modifications made by that Contributor (or +portions thereof); and 2) the combination of Modifications made by +that Contributor with its Contributor Version (or portions of such +combination). + +(c) the licenses granted in Sections 2.2(a) and 2.2(b) are effective +on the date Contributor first makes Commercial Use of the Covered +Code. + +(d) Notwithstanding Section 2.2(b) above, no patent license is +granted: 1) for any code that Contributor has deleted from the +Contributor Version; 2) separate from the Contributor Version; 3) for +infringements caused by: i) third party modifications of Contributor +Version or ii) the combination of Modifications made by that +Contributor with other software (except as part of the Contributor +Version) or other devices; or 4) under Patent Claims infringed by +Covered Code in the absence of Modifications made by that Contributor. + + +3. Distribution Obligations. + +3.1. Application of License. The Modifications which You create or to +which You contribute are governed by the terms of this License, +including without limitation Section 2.2. The Source Code version of +Covered Code may be distributed only under the terms of this License +or a future version of this License released under Section 6.1, and +You must include a copy of this License with every copy of the Source +Code You distribute. You may not offer or impose any terms on any +Source Code version that alters or restricts the applicable version of +this License or the recipients' rights hereunder. However, You may +include an additional document offering the additional rights +described in Section 3.5. + +3.2. Availability of Source Code. Any Modification which You create +or to which You contribute must be made available in Source Code form +under the terms of this License either on the same media as an +Executable version or via an accepted Electronic Distribution +Mechanism to anyone to whom you made an Executable version available; +and if made available via Electronic Distribution Mechanism, must +remain available for at least twelve (12) months after the date it +initially became available, or at least six (6) months after a +subsequent version of that particular Modification has been made +available to such recipients. You are responsible for ensuring that +the Source Code version remains available even if the Electronic +Distribution Mechanism is maintained by a third party. + +3.3. Description of Modifications. You must cause all Covered Code to +which You contribute to contain a file documenting the changes You +made to create that Covered Code and the date of any change. You must +include a prominent statement that the Modification is derived, +directly or indirectly, from Original Code provided by the Initial +Developer and including the name of the Initial Developer in (a) the +Source Code, and (b) in any notice in an Executable version or related +documentation in which You describe the origin or ownership of the +Covered Code. + +3.4. Intellectual Property Matters (a) Third Party Claims. If +Contributor has knowledge that a license under a third party's +intellectual property rights is required to exercise the rights +granted by such Contributor under Sections 2.1 or 2.2, Contributor +must include a text file with the Source Code distribution titled +"LEGAL" which describes the claim and the party making the claim in +sufficient detail that a recipient will know whom to contact. If +Contributor obtains such knowledge after the Modification is made +available as described in Section 3.2, Contributor shall promptly +modify the LEGAL file in all copies Contributor makes available +thereafter and shall take other steps (such as notifying appropriate +mailing lists or newsgroups) reasonably calculated to inform those who +received the Covered Code that new knowledge has been obtained. + +(b) Contributor APIs. If Contributor's Modifications include an +application programming interface and Contributor has knowledge of +patent licenses which are reasonably necessary to implement that API, +Contributor must also include this information in the LEGAL file. + +(c) Representations. Contributor represents that, except as disclosed +pursuant to Section 3.4(a) above, Contributor believes that +Contributor's Modifications are Contributor's original creation(s) +and/or Contributor has sufficient rights to grant the rights conveyed +by this License. + + +3.5. Required Notices. You must duplicate the notice in Exhibit A in +each file of the Source Code. If it is not possible to put such +notice in a particular Source Code file due to its structure, then You +must include such notice in a location (such as a relevant directory) +where a user would be likely to look for such a notice. If You +created one or more Modification(s) You may add your name as a +Contributor to the notice described in Exhibit A. You must also +duplicate this License in any documentation for the Source Code where +You describe recipients' rights or ownership rights relating to +Covered Code. You may choose to offer, and to charge a fee for, +warranty, support, indemnity or liability obligations to one or more +recipients of Covered Code. However, You may do so only on Your own +behalf, and not on behalf of the Initial Developer or any +Contributor. You must make it absolutely clear than any such warranty, +support, indemnity or liability obligation is offered by You alone, +and You hereby agree to indemnify the Initial Developer and every +Contributor for any liability incurred by the Initial Developer or +such Contributor as a result of warranty, support, indemnity or +liability terms You offer. + +3.6. Distribution of Executable Versions. You may distribute Covered +Code in Executable form only if the requirements of Section 3.1-3.5 +have been met for that Covered Code, and if You include a notice +stating that the Source Code version of the Covered Code is available +under the terms of this License, including a description of how and +where You have fulfilled the obligations of Section 3.2. The notice +must be conspicuously included in any notice in an Executable version, +related documentation or collateral in which You describe recipients' +rights relating to the Covered Code. You may distribute the Executable +version of Covered Code or ownership rights under a license of Your +choice, which may contain terms different from this License, provided +that You are in compliance with the terms of this License and that the +license for the Executable version does not attempt to limit or alter +the recipient's rights in the Source Code version from the rights set +forth in this License. If You distribute the Executable version under +a different license You must make it absolutely clear that any terms +which differ from this License are offered by You alone, not by the +Initial Developer or any Contributor. You hereby agree to indemnify +the Initial Developer and every Contributor for any liability incurred +by the Initial Developer or such Contributor as a result of any such +terms You offer. + +3.7. Larger Works. You may create a Larger Work by combining Covered +Code with other code not governed by the terms of this License and +distribute the Larger Work as a single product. In such a case, You +must make sure the requirements of this License are fulfilled for the +Covered Code. + +4. Inability to Comply Due to Statute or Regulation. + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Code due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description +must be included in the LEGAL file described in Section 3.4 and must +be included with all distributions of the Source Code. Except to the +extent prohibited by statute or regulation, such description must be +sufficiently detailed for a recipient of ordinary skill to be able to +understand it. + +5. Application of this License. + +This License applies to code to which the Initial Developer has +attached the notice in Exhibit A and to related Covered Code. + +6. Versions of the License. + +6.1. New Versions. Thomas Richter may publish revised and/or new +versions of the License from time to time. Each version will be given +a distinguishing version number. + +6.2. Effect of New Versions. Once Covered Code has been published +under a particular version of the License, You may always continue to +use it under the terms of that version. You may also choose to use +such Covered Code under the terms of any subsequent version of the +License published by Thomas Richter. No one other than Thomas Richter +has the right to modify the terms applicable to Covered Code created +under this License. + +6.3. Derivative Works. If You create or use a modified version of +this License (which you may only do in order to apply it to code which +is not already Covered Code governed by this License), You must (a) +rename Your license so that the phrases "TPL", "THOR Software", +"Thomas Richter" or any confusingly similar phrase do not appear in +your license (except to note that your license differs from this +License) and (b) otherwise make it clear that Your version of the +license contains terms which differ from the THOR Public +License. (Filling in the name of the Initial Developer, Original Code +or Contributor in the notice described in Exhibit A shall not of +themselves be deemed to be modifications of this License.) + +7. DISCLAIMER OF WARRANTY. + +COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, +WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF +DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR +NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF +THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE +IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER +CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR +CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART +OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER +EXCEPT UNDER THIS DISCLAIMER. + +8. TERMINATION. + +8.1. This License and the rights granted hereunder will terminate +automatically if You fail to comply with terms herein and fail to cure +such breach within 30 days of becoming aware of the breach. All +sublicenses to the Covered Code which are properly granted shall +survive any termination of this License. Provisions which, by their +nature, must remain in effect beyond the termination of this License +shall survive. + +8.2. If You initiate litigation by asserting a patent infringement +claim (excluding declatory judgment actions) against Initial Developer +or a Contributor (the Initial Developer or Contributor against whom +You file such action is referred to as "Participant") alleging that: + +(a) such Participant's Contributor Version directly or indirectly +infringes any patent, then any and all rights granted by such +Participant to You under Sections 2.1 and/or 2.2 of this License +shall, upon 60 days notice from Participant terminate prospectively, +unless if within 60 days after receipt of notice You either: (i) agree +in writing to pay Participant a mutually agreeable reasonable royalty +for Your past and future use of Modifications made by such +Participant, or (ii) withdraw Your litigation claim with respect to +the Contributor Version against such Participant. If within 60 days +of notice, a reasonable royalty and payment arrangement are not +mutually agreed upon in writing by the parties or the litigation claim +is not withdrawn, the rights granted by Participant to You under +Sections 2.1 and/or 2.2 automatically terminate at the expiration of +the 60 day notice period specified above. + +(b) any software, hardware, or device, other than such Participant's +Contributor Version, directly or indirectly infringes any patent, then +any rights granted to You by such Participant under Sections 2.1(b) +and 2.2(b) are revoked effective as of the date You first made, used, +sold, distributed, or had made, Modifications made by that +Participant. + +8.3. If You assert a patent infringement claim against Participant +alleging that such Participant's Contributor Version directly or +indirectly infringes any patent where such claim is resolved (such as +by license or settlement) prior to the initiation of patent +infringement litigation, then the reasonable value of the licenses +granted by such Participant under Sections 2.1 or 2.2 shall be taken +into account in determining the amount or value of any payment or +license. + +8.4. In the event of termination under Sections 8.1 or 8.2 above, all +end user license agreements (excluding distributors and resellers) +which have been validly granted by You or any distributor hereunder +prior to termination shall survive termination. + +9. LIMITATION OF LIABILITY. + +UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT +(INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL +DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, +OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR +ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY +CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, +WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER +COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN +INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF +LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY +RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW +PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE +EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO +THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. + +10. U.S. GOVERNMENT END USERS. + +The Covered Code is a "commercial item," as that term is defined in 48 +C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer software" +and "commercial computer software documentation," as such terms are +used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 +C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), +all U.S. Government End Users acquire Covered Code with only those +rights set forth herein. + +11. MISCELLANEOUS. + +This License represents the complete agreement concerning subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. This License shall be governed by +German law provisions (except to the extent applicable law, if any, +provides otherwise), excluding its conflict-of-law provisions. With +respect to disputes in which at least one party is a citizen of, or an +entity chartered or registered to do business in Federal Republic of +Germany, any litigation relating to this License shall be subject to +the jurisdiction of the Federal Courts of the Federal Republic of +Germany, with the losing party responsible for costs, including +without limitation, court costs and reasonable attorneys' fees and +expenses. Any law or regulation which provides that the language of a +contract shall be construed against the drafter shall not apply to +this License. + +12. RESPONSIBILITY FOR CLAIMS. + +As between Initial Developer and the Contributors, each party is +responsible for claims and damages arising, directly or indirectly, +out of its utilization of rights under this License and You agree to +work with Initial Developer and Contributors to distribute such +responsibility on an equitable basis. Nothing herein is intended or +shall be deemed to constitute any admission of liability. + +13. MULTIPLE-LICENSED CODE. + +Initial Developer may designate portions of the Covered Code as +Multiple-Licensed. Multiple-Licensed means that the Initial Developer +permits you to utilize portions of the Covered Code under Your choice +of the TPL or the alternative licenses, if any, specified by the +Initial Developer in the file described in Exhibit A. + + +EXHIBIT A - THOR Public License. + +The contents of this file are subject to the THOR Public License +Version 1.0 (the "License"); you may not use this file except in +compliance with the License. + +Software distributed under the License is distributed on an "AS IS" +basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +the License for the specificlanguage governing rights and limitations +under the License. + +The Original Code is ______________________________________. + +The Initial Developer of the Original Code is _____________. + +Portions created by ______________________ are +Copyright (C) ______ _______________________. + +All Rights Reserved. + +Contributor(s): ______________________________________. + +Alternatively, the contents of this file may be used under the terms +of the _____ license (the [___] License), in which case the provisions +of [______] License are applicable instead of those above. If you +wish to allow use of your version of this file only under the terms of +the [____] License and not to allow others to use your version of this +file under the TPL, indicate your decision by deleting the provisions +above and replace them with the notice and other provisions required +by the [___] License. If you do not delete the provisions above, a +recipient may use your version of this file under either the TPL or +the [___] License." + +[NOTE: The text of this Exhibit A may differ slightly from the text of +the notices in the Source Code files of the Original Code. You should +use the text of this Exhibit A rather than the text found in the +Original Code Source Code for Your Modifications.] diff --git a/src/main/resources/licenses/TTWL.txt b/src/main/resources/licenses/TTWL.txt new file mode 100644 index 0000000000..c13d3fbe04 --- /dev/null +++ b/src/main/resources/licenses/TTWL.txt @@ -0,0 +1,8 @@ +Copyright (C) 1996-2002,2005,2006 David Muir Sharnoff. +Copyright (C) 2005 Aristotle Pagaltzis +Copyright (C) 2012-2013 Google, Inc. + +This module may be modified, used, copied, and redistributed at your own risk. +Although allowed by the preceding license, please do not publicly +redistribute modified versions of this code with the name "Text::Tabs" +unless it passes the unmodified Text::Tabs test suite. diff --git a/src/main/resources/licenses/TTYP0.txt b/src/main/resources/licenses/TTYP0.txt new file mode 100644 index 0000000000..3df2e4c4e9 --- /dev/null +++ b/src/main/resources/licenses/TTYP0.txt @@ -0,0 +1,29 @@ +THE TTYP0 LICENSE + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this font software and associated files (the "Software"), +to deal in the Software without restriction, including without +limitation the rights to use, copy, modify, merge, publish, +distribute, embed, sublicense, and/or sell copies of the Software, +and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +(1) The above copyright notice, this permission notice, and the + disclaimer below shall be included in all copies or substantial + portions of the Software. + +(2) If the design of any glyphs in the fonts that are contained in the + Software or generated during the installation process is modified + or if additional glyphs are added to the fonts, the fonts + must be renamed. The new names may not contain the word "UW", + irrespective of capitalisation; the new names may contain the word + "ttyp0", irrespective of capitalisation, only if preceded by a + foundry name different from "UW". + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/src/main/resources/licenses/TermReadKey.txt b/src/main/resources/licenses/TermReadKey.txt new file mode 100644 index 0000000000..ee668e0f31 --- /dev/null +++ b/src/main/resources/licenses/TermReadKey.txt @@ -0,0 +1 @@ +Unlimited distribution and/or modification is allowed as long as this copyright notice remains intact. diff --git a/src/main/resources/licenses/Texinfo-exception.txt b/src/main/resources/licenses/Texinfo-exception.txt new file mode 100644 index 0000000000..931a4070b4 --- /dev/null +++ b/src/main/resources/licenses/Texinfo-exception.txt @@ -0,0 +1,4 @@ +As a special exception, when this file is read by TeX when +processing a Texinfo source document, you may use the result without +restriction. This Exception is an additional permission under +section 7 of the GNU General Public License, version 3 ("GPLv3"). diff --git a/src/main/resources/licenses/ThirdEye.txt b/src/main/resources/licenses/ThirdEye.txt new file mode 100644 index 0000000000..ce75b566e3 --- /dev/null +++ b/src/main/resources/licenses/ThirdEye.txt @@ -0,0 +1,7 @@ +(C) Copyright 1984 by Third Eye Software, Inc. + +Third Eye Software, Inc. grants reproduction and use rights to +all parties, PROVIDED that this comment is maintained in the copy. + +Third Eye makes no claims about the applicability of this +symbol table to a particular use. diff --git a/src/main/resources/licenses/TrustedQSL.txt b/src/main/resources/licenses/TrustedQSL.txt new file mode 100644 index 0000000000..982d4269f6 --- /dev/null +++ b/src/main/resources/licenses/TrustedQSL.txt @@ -0,0 +1,58 @@ +Copyright (C) 2001-2015 American Radio Relay League, Inc. All rights +reserved. + +Portions (C) 2003-2023 The TrustedQSL Developers. Please see the AUTHORS.txt +file for contributors. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Any redistribution of source code must retain the above copyright +notice, this list of conditions and the disclaimer shown in +Paragraph 5 (below). + +2. Redistribution in binary form must reproduce the above copyright +notice, this list of conditions and the disclaimer shown in +Paragraph 5 (below) in the documentation and/or other materials +provided with the distribution. + +3. Products derived from or including this software may not use +"Logbook of the World" or "LoTW" or any other American Radio Relay +League, Incorporated trademarks or servicemarks in their names +without prior written permission of the ARRL. See Paragraph 6 +(below) for contact information. + +4. Use of this software does not imply endorsement by ARRL of +products derived from or including this software and vendors may not +claim such endorsement. + +5. Disclaimer: This software is provided "as-is" without +representation, guarantee or warranty of any kind, either express or +implied, including but not limited to the implied warranties of +merchantability or of fitness for a particular purpose. The entire +risk as to the quality and performance of the software is solely +with you. Should the software prove defective, you (and not the +American Radio Relay League, its officers, directors, employees or +agents) assume the entire cost of all necessary servicing, repair or +correction. In no event will ARRL be liable to you or to any third +party for any damages, whether direct or indirect, including lost +profits, lost savings, or other incidental or consequential damages +arising out of the use or inability to use such software, regardless +of whether ARRL has been advised of the possibility of such damages. + +6. Contact information: + +American Radio Relay League, Inc. +Attn: Logbook of the World Manager +225 Main St +Newington, CT 06111 +voice: 860-594-0200 +fax: 860-594-0259 +email: logbook@arrl.org +Worldwide Web: www.arrl.org + +This software consists of voluntary contributions made by many +individuals on behalf of the ARRL. More information on the "Logbook +of The World" project and the ARRL is available from the ARRL Web +site at www.arrl.org. diff --git a/src/main/resources/licenses/UBDL-exception.txt b/src/main/resources/licenses/UBDL-exception.txt new file mode 100644 index 0000000000..780ddcd775 --- /dev/null +++ b/src/main/resources/licenses/UBDL-exception.txt @@ -0,0 +1,59 @@ +UNMODIFIED BINARY DISTRIBUTION LICENCE + + +PREAMBLE + +The GNU General Public License provides a legal guarantee that +software covered by it remains free (in the sense of freedom, not +price). It achieves this guarantee by imposing obligations on anyone +who chooses to distribute the software. + +Some of these obligations may be seen as unnecessarily burdensome. In +particular, when the source code for the software is already publicly +and freely available, there is minimal value in imposing upon each +distributor the obligation to provide the complete source code (or an +equivalent written offer to provide the complete source code). + +This Licence allows for the distribution of unmodified binaries built +from publicly available source code, without imposing the obligations +of the GNU General Public License upon anyone who chooses to +distribute only the unmodified binaries built from that source code. + +The extra permissions granted by this Licence apply only to unmodified +binaries built from source code which has already been made available +to the public in accordance with the terms of the GNU General Public +Licence. Nothing in this Licence allows for the creation of +closed-source modified versions of the Program. Any modified versions +of the Program are subject to the usual terms and conditions of the +GNU General Public License. + + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +This Licence applies to any Program or other work which contains a +notice placed by the copyright holder saying it may be distributed +under the terms of this Unmodified Binary Distribution Licence. All +terms used in the text of this Licence are to be interpreted as they +are used in version 2 of the GNU General Public License as published +by the Free Software Foundation. + +If you have made this Program available to the public in both source +code and executable form in accordance with the terms of the GNU +General Public License as published by the Free Software Foundation; +either version 2 of the License, or (at your option) any later +version, then you are hereby granted an additional permission to use, +copy, and distribute the unmodified executable form of this Program +(the "Unmodified Binary") without restriction, including the right to +permit persons to whom the Unmodified Binary is furnished to do +likewise, subject to the following conditions: + +- when started running, the Program must display an announcement which + includes the details of your existing publication of the Program + made in accordance with the terms of the GNU General Public License. + For example, the Program could display the URL of the publicly + available source code from which the Unmodified Binary was built. + +- when exercising your right to grant permissions under this Licence, + you do not need to refer directly to the text of this Licence, but + you may not grant permissions beyond those granted to you by this + Licence. diff --git a/src/main/resources/licenses/UCAR.txt b/src/main/resources/licenses/UCAR.txt new file mode 100644 index 0000000000..36e1810283 --- /dev/null +++ b/src/main/resources/licenses/UCAR.txt @@ -0,0 +1,32 @@ +Copyright 2014 University Corporation for Atmospheric Research and contributors. +All rights reserved. + +This software was developed by the Unidata Program Center of the +University Corporation for Atmospheric Research (UCAR) +. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + 1) Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + 2) Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + 3) Neither the names of the development group, the copyright holders, nor the + names of contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + 4) This license shall terminate automatically and you may no longer exercise + any of the rights granted to you by this license as of the date you + commence an action, including a cross-claim or counterclaim, against + the copyright holders or any contributor alleging that this software + infringes a patent. This termination provision shall not apply for an + action alleging patent infringement by combinations of this software with + other software or hardware. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE CONTRIBUTORS +OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE. diff --git a/src/main/resources/licenses/UMich-Merit.txt b/src/main/resources/licenses/UMich-Merit.txt new file mode 100644 index 0000000000..93e304b90e --- /dev/null +++ b/src/main/resources/licenses/UMich-Merit.txt @@ -0,0 +1,19 @@ +[C] The Regents of the University of Michigan and Merit Network, Inc. 1992, +1993, 1994, 1995 All Rights Reserved + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, provided +that the above copyright notice and this permission notice appear in all +copies of the software and derivative works or modified versions thereof, +and that both the copyright notice and this permission and disclaimer +notice appear in supporting documentation. + +THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER +EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE REGENTS OF THE +UNIVERSITY OF MICHIGAN AND MERIT NETWORK, INC. DO NOT WARRANT THAT THE +FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET LICENSEE'S REQUIREMENTS OR +THAT OPERATION WILL BE UNINTERRUPTED OR ERROR FREE. The Regents of the +University of Michigan and Merit Network, Inc. shall not be liable for any +special, indirect, incidental or consequential damages with respect to any +claim by Licensee or any third party arising from use of the software. diff --git a/src/main/resources/licenses/URT-RLE.txt b/src/main/resources/licenses/URT-RLE.txt new file mode 100644 index 0000000000..11dad58c21 --- /dev/null +++ b/src/main/resources/licenses/URT-RLE.txt @@ -0,0 +1,15 @@ + * This software is copyrighted as noted below. It may be freely copied, + * modified, and redistributed, provided that the copyright notice is + * preserved on all copies. + * + * There is no warranty or other guarantee of fitness for this software, + * it is provided solely "as is". Bug reports or fixes may be sent + * to the author, who may or may not act on them as he desires. + * + * You may not include this software in a program or other software product + * without supplying the source, or without informing the end-user that the + * source is available for no extra charge. + * + * If you modify this software, you should include a notice giving the + * name of the person performing the modification, the date of modification, + * and the reason for such modification. diff --git a/src/main/resources/licenses/Ubuntu-font-1.0.txt b/src/main/resources/licenses/Ubuntu-font-1.0.txt new file mode 100644 index 0000000000..ae78a8f94e --- /dev/null +++ b/src/main/resources/licenses/Ubuntu-font-1.0.txt @@ -0,0 +1,96 @@ +------------------------------- +UBUNTU FONT LICENCE Version 1.0 +------------------------------- + +PREAMBLE +This licence allows the licensed fonts to be used, studied, modified and +redistributed freely. The fonts, including any derivative works, can be +bundled, embedded, and redistributed provided the terms of this licence +are met. The fonts and derivatives, however, cannot be released under +any other licence. The requirement for fonts to remain under this +licence does not require any document created using the fonts or their +derivatives to be published under this licence, as long as the primary +purpose of the document is not to be a vehicle for the distribution of +the fonts. + +DEFINITIONS +"Font Software" refers to the set of files released by the Copyright +Holder(s) under this licence and clearly marked as such. This may +include source files, build scripts and documentation. + +"Original Version" refers to the collection of Font Software components +as received under this licence. + +"Modified Version" refers to any derivative made by adding to, deleting, +or substituting -- in part or in whole -- any of the components of the +Original Version, by changing formats or by porting the Font Software to +a new environment. + +"Copyright Holder(s)" refers to all individuals and companies who have a +copyright ownership of the Font Software. + +"Substantially Changed" refers to Modified Versions which can be easily +identified as dissimilar to the Font Software by users of the Font +Software comparing the Original Version with the Modified Version. + +To "Propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification and with or without charging +a redistribution fee), making available to the public, and in some +countries other activities as well. + +PERMISSION & CONDITIONS +This licence does not grant any rights under trademark law and all such +rights are reserved. + +Permission is hereby granted, free of charge, to any person obtaining a +copy of the Font Software, to propagate the Font Software, subject to +the below conditions: + +1) Each copy of the Font Software must contain the above copyright +notice and this licence. These can be included either as stand-alone +text files, human-readable headers or in the appropriate machine- +readable metadata fields within text or binary files as long as those +fields can be easily viewed by the user. + +2) The font name complies with the following: +(a) The Original Version must retain its name, unmodified. +(b) Modified Versions which are Substantially Changed must be renamed to +avoid use of the name of the Original Version or similar names entirely. +(c) Modified Versions which are not Substantially Changed must be +renamed to both (i) retain the name of the Original Version and (ii) add +additional naming elements to distinguish the Modified Version from the +Original Version. The name of such Modified Versions must be the name of +the Original Version, with "derivative X" where X represents the name of +the new work, appended to that name. + +3) The name(s) of the Copyright Holder(s) and any contributor to the +Font Software shall not be used to promote, endorse or advertise any +Modified Version, except (i) as required by this licence, (ii) to +acknowledge the contribution(s) of the Copyright Holder(s) or (iii) with +their explicit written permission. + +4) The Font Software, modified or unmodified, in part or in whole, must +be distributed entirely under this licence, and must not be distributed +under any other licence. The requirement for fonts to remain under this +licence does not affect any document created using the Font Software, +except any version of the Font Software extracted from a document +created using the Font Software may only be distributed under this +licence. + +TERMINATION +This licence becomes null and void if any of the above conditions are +not met. + +DISCLAIMER +THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF +COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL +DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM OTHER +DEALINGS IN THE FONT SOFTWARE. diff --git a/src/main/resources/licenses/Unicode-3.0.txt b/src/main/resources/licenses/Unicode-3.0.txt new file mode 100644 index 0000000000..11f2842a30 --- /dev/null +++ b/src/main/resources/licenses/Unicode-3.0.txt @@ -0,0 +1,39 @@ +UNICODE LICENSE V3 + +COPYRIGHT AND PERMISSION NOTICE + +Copyright Š 1991-2023 Unicode, Inc. + +NOTICE TO USER: Carefully read the following legal agreement. BY +DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING DATA FILES, AND/OR +SOFTWARE, YOU UNEQUIVOCALLY ACCEPT, AND AGREE TO BE BOUND BY, ALL OF THE +TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE, DO NOT +DOWNLOAD, INSTALL, COPY, DISTRIBUTE OR USE THE DATA FILES OR SOFTWARE. + +Permission is hereby granted, free of charge, to any person obtaining a +copy of data files and any associated documentation (the "Data Files") or +software and any associated documentation (the "Software") to deal in the +Data Files or Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, and/or sell +copies of the Data Files or Software, and to permit persons to whom the +Data Files or Software are furnished to do so, provided that either (a) +this copyright and permission notice appear with all copies of the Data +Files or Software, or (b) this copyright and permission notice appear in +associated Documentation. + +THE DATA FILES AND SOFTWARE ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY +KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF +THIRD PARTY RIGHTS. + +IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE +BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, +OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, +WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, +ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THE DATA +FILES OR SOFTWARE. + +Except as contained in this notice, the name of a copyright holder shall +not be used in advertising or otherwise to promote the sale, use or other +dealings in these Data Files or Software without prior written +authorization of the copyright holder. diff --git a/src/main/resources/licenses/Universal-FOSS-exception-1.0.txt b/src/main/resources/licenses/Universal-FOSS-exception-1.0.txt new file mode 100644 index 0000000000..4a79cbdcf6 --- /dev/null +++ b/src/main/resources/licenses/Universal-FOSS-exception-1.0.txt @@ -0,0 +1,11 @@ +The Universal FOSS Exception, Version 1.0 + +In addition to the rights set forth in the other license(s) included in the distribution for this software, data, and/or documentation (collectively the "Software," and such licenses collectively with this additional permission the "Software License"), the copyright holders wish to facilitate interoperability with other software, data, and/or documentation distributed with complete corresponding source under a license that is OSI-approved and/or categorized by the FSF as free (collectively "Other FOSS"). We therefore hereby grant the following additional permission with respect to the use and distribution of the Software with Other FOSS, and the constants, function signatures, data structures and other invocation methods used to run or interact with each of them (as to each, such software's "Interfaces"): + +(i) The Software's Interfaces may, to the extent permitted by the license of the Other FOSS, be copied into, used and distributed in the Other FOSS in order to enable interoperability, without requiring a change to the license of the Other FOSS other than as to any Interfaces of the Software embedded therein. The Software's Interfaces remain at all times under the Software License, including without limitation as used in the Other FOSS (which upon any such use also then contains a portion of the Software under the Software License). + +(ii) The Other FOSS's Interfaces may, to the extent permitted by the license of the Other FOSS, be copied into, used and distributed in the Software in order to enable interoperability, without requiring that such Interfaces be licensed under the terms of the Software License or otherwise altering their original terms, if this does not require any portion of the Software other than such Interfaces to be licensed under the terms other than the Software License. + +(iii) If only Interfaces and no other code is copied between the Software and the Other FOSS in either direction, the use and/or distribution of the Software with the Other FOSS shall not be deemed to require that the Other FOSS be licensed under the license of the Software, other than as to any Interfaces of the Software copied into the Other FOSS. This includes, by way of example and without limitation, statically or dynamically linking the Software together with Other FOSS after enabling interoperability using the Interfaces of one or both, and distributing the resulting combination under different licenses for the respective portions thereof. + +For avoidance of doubt, a license which is OSI-approved or categorized by the FSF as free, includes, for the purpose of this permission, such licenses with additional permissions, and any license that has previously been so-approved or categorized as free, even if now deprecated or otherwise no longer recognized as approved or free. Nothing in this additional permission grants any right to distribute any portion of the Software on terms other than those of the Software License or grants any additional permission of any kind for use or distribution of the Software in conjunction with software other than Other FOSS. diff --git a/src/main/resources/licenses/UnixCrypt.txt b/src/main/resources/licenses/UnixCrypt.txt new file mode 100644 index 0000000000..280853382b --- /dev/null +++ b/src/main/resources/licenses/UnixCrypt.txt @@ -0,0 +1,6 @@ +Copyright (c) 1996 Aki Yoshida. All rights reserved. + +Permission to use, copy, modify and distribute this software +for non-commercial or commercial purposes and without fee is +hereby granted provided that this copyright notice appears in +all copies. diff --git a/src/main/resources/licenses/W3C-19980720.txt b/src/main/resources/licenses/W3C-19980720.txt index a8554039ef..134879044d 100644 --- a/src/main/resources/licenses/W3C-19980720.txt +++ b/src/main/resources/licenses/W3C-19980720.txt @@ -4,7 +4,7 @@ Copyright (c) 1994-2002 World Wide Web Consortium, (Massachusetts Institute of T This W3C work (including software, documents, or other related items) is being provided by the copyright holders under the following license. By obtaining, using and/or copying this work, you (the licensee) agree that you have read, understood, and will comply with the following terms and conditions: -Permission to use, copy, modify, and distribute this software and its documentation, with or without modification,  for any purpose and without fee or royalty is hereby granted, provided that you include the following on ALL copies of the software and documentation or portions thereof, including modifications, that you make: +Permission to use, copy, modify, and distribute this software and its documentation, with or without modification, for any purpose and without fee or royalty is hereby granted, provided that you include the following on ALL copies of the software and documentation or portions thereof, including modifications, that you make: 1. The full text of this NOTICE in a location viewable to users of the redistributed or derivative work. diff --git a/src/main/resources/licenses/Widget-Workshop.txt b/src/main/resources/licenses/Widget-Workshop.txt new file mode 100644 index 0000000000..d4df9b5067 --- /dev/null +++ b/src/main/resources/licenses/Widget-Workshop.txt @@ -0,0 +1,19 @@ +Copyright (c) 1996 Widget Workshop, Inc. All Rights Reserved. + +Permission to use, copy, modify, and distribute this software and +its documentation for NON-COMMERCIAL or COMMERCIAL purposes and +without fee is hereby granted, provided that this copyright notice +is kept intact. WIDGET WORKSHOP MAKES NO REPRESENTATIONS OR WARRANTIES +ABOUT THE SUITABILITY OF THE SOFTWARE, EITHER EXPRESS OR IMPLIED, +INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. WIDGET WORKSHOP +SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT +OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. +THIS SOFTWARE IS NOT DESIGNED OR INTENDED FOR USE OR RESALE AS ON-LINE +CONTROL EQUIPMENT IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE PERFORMANCE, +SUCH AS IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR +COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, DIRECT LIFE SUPPORT MACHINES, +OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF THE SOFTWARE COULD LEAD +DIRECTLY TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL +DAMAGE ("HIGH RISK ACTIVITIES"). WIDGET WORKSHOP SPECIFICALLY DISCLAIMS +ANY EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR HIGH RISK ACTIVITIES. diff --git a/src/main/resources/licenses/WxWindows-exception-3.1.txt b/src/main/resources/licenses/WxWindows-exception-3.1.txt new file mode 100644 index 0000000000..9e71b0ae3f --- /dev/null +++ b/src/main/resources/licenses/WxWindows-exception-3.1.txt @@ -0,0 +1,9 @@ +EXCEPTION NOTICE + +1. As a special exception, the copyright holders of this library give permission for additional uses of the text contained in this release of the library as licenced under the wxWindows Library Licence, applying either version 3.1 of the Licence, or (at your option) any later version of the Licence as published by the copyright holders of version 3.1 of the Licence document. + +2. The exception is that you may use, copy, link, modify and distribute under your own terms, binary object code versions of works based on the Library. + +3. If you copy code from files distributed under the terms of the GNU General Public Licence or the GNU Library General Public Licence into a copy of this library, as this licence permits, the exception does not apply to the code that you add in this way. To avoid misleading anyone as to the status of such modified files, you must delete this exception notice from such code and/or adjust the licensing conditions notice accordingly. + +4. If you write modifications of your own for this library, it is your choice whether to permit this exception to apply to your modifications. If you do not wish that, you must delete the exception notice from such code and/or adjust the licensing conditions notice accordingly. diff --git a/src/main/resources/licenses/X11-swapped.txt b/src/main/resources/licenses/X11-swapped.txt new file mode 100644 index 0000000000..b023bd546e --- /dev/null +++ b/src/main/resources/licenses/X11-swapped.txt @@ -0,0 +1,23 @@ +Copyright (c) 2008-2010 Derick Eddington. All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +Except as contained in this notice, the name(s) of the above copyright +holders shall not be used in advertising or otherwise to promote the sale, +use or other dealings in this Software without prior written authorization. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/src/main/resources/licenses/Xdebug-1.03.txt b/src/main/resources/licenses/Xdebug-1.03.txt new file mode 100644 index 0000000000..548e74455c --- /dev/null +++ b/src/main/resources/licenses/Xdebug-1.03.txt @@ -0,0 +1,60 @@ +-------------------------------------------------------------------- + The Xdebug License, version 1.03 + (Based on "The PHP License", version 3.01) + Copyright (c) 2003-2022 Derick Rethans. All rights reserved. +-------------------------------------------------------------------- + +Redistribution and use in source and binary forms, with or without +modification, is permitted provided that the following conditions +are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + 3. The name "Xdebug" must not be used to endorse or promote products + derived from this software without prior written permission. For + written permission, please contact derick@xdebug.org. + + 4. Products derived from this software may not be called "Xdebug", nor + may "Xdebug" appear in their name, without prior written permission + from derick@xdebug.org. + + 5. Derick Rethans may publish revised and/or new versions of the + license from time to time. Each version will be given a + distinguishing version number. Once covered code has been + published under a particular version of the license, you may + always continue to use it under the terms of that version. You + may also choose to use such covered code under the terms of any + subsequent version of the license published by Derick Rethans. No + one other than Derick Rethans has the right to modify the terms + applicable to covered code created under this License. + + 6. Redistributions of any form whatsoever must retain the following + acknowledgment: "This product includes Xdebug software, freely + available from ". + +THIS SOFTWARE IS PROVIDED BY DERICK RETHANS ``AS IS'' AND ANY +EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR +ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +-------------------------------------------------------------------- + +This software consists of voluntary contributions made by some +individuals on behalf of Derick Rethans. + +Derick Rethans can be contacted via e-mail at derick@xdebug.org. + +For more information on Xdebug, please see . diff --git a/src/main/resources/licenses/Xfig.txt b/src/main/resources/licenses/Xfig.txt new file mode 100644 index 0000000000..c2d56093d5 --- /dev/null +++ b/src/main/resources/licenses/Xfig.txt @@ -0,0 +1,7 @@ +Any party obtaining a copy of these files is granted, free of charge, +a full and unrestricted irrevocable, world-wide, paid up, royalty-free, +nonexclusive right and license to deal in this software and documentation +files (the "Software"), including without limitation the rights to use, +copy, modify, merge, publish and/or distribute copies of the Software, +and to permit persons who receive copies from any such party to do so, +with the only requirement being that this copyright notice remain intact. diff --git a/src/main/resources/licenses/Zeeff.txt b/src/main/resources/licenses/Zeeff.txt new file mode 100644 index 0000000000..408efb2ffd --- /dev/null +++ b/src/main/resources/licenses/Zeeff.txt @@ -0,0 +1,3 @@ +Copyright 1988 Jon Zeeff (zeeff@b-tech.ann-arbor.mi.us) +You can use this code in any manner, as long as you leave my +name on it and don't hold me responsible for any problems with it. diff --git a/src/main/resources/licenses/any-OSI-perl-modules.txt b/src/main/resources/licenses/any-OSI-perl-modules.txt new file mode 100644 index 0000000000..108db04581 --- /dev/null +++ b/src/main/resources/licenses/any-OSI-perl-modules.txt @@ -0,0 +1,11 @@ +This software may be redistributed under the terms of the GPL, LGPL, +modified BSD, or Artistic license, or any of the other OSI approved +licenses listed at http://www.opensource.org/licenses/alphabetical. +Distribution is allowed under all of these licenses, or any smaller +subset of multiple or just one of these licenses. + +When using a packaged version, please refer to the package metadata to see +under which license terms it was distributed. Alternatively, a distributor +may choose to replace the LICENSE section of the documentation and/or +include a LICENSE file to reflect the license(s) they chose to redistribute +under. diff --git a/src/main/resources/licenses/any-OSI.txt b/src/main/resources/licenses/any-OSI.txt new file mode 100644 index 0000000000..5f69e02b8a --- /dev/null +++ b/src/main/resources/licenses/any-OSI.txt @@ -0,0 +1,3 @@ +Pick your favourite OSI approved license :) + +http://www.opensource.org/licenses/alphabetical diff --git a/src/main/resources/licenses/bcrypt-Solar-Designer.txt b/src/main/resources/licenses/bcrypt-Solar-Designer.txt new file mode 100644 index 0000000000..8cb05017fc --- /dev/null +++ b/src/main/resources/licenses/bcrypt-Solar-Designer.txt @@ -0,0 +1,11 @@ +Written by Solar Designer in 1998-2014. +No copyright is claimed, and the software is hereby placed in the public +domain. In case this attempt to disclaim copyright and place the software +in the public domain is deemed null and void, then the software is +Copyright (c) 1998-2014 Solar Designer and it is hereby released to the +general public under the following terms: + +Redistribution and use in source and binary forms, with or without +modification, are permitted. + +There's ABSOLUTELY NO WARRANTY, express or implied. diff --git a/src/main/resources/licenses/bzip2-1.0.5.txt b/src/main/resources/licenses/bzip2-1.0.5.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/bzip2-1.0.5.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/check-cvs.txt b/src/main/resources/licenses/check-cvs.txt new file mode 100644 index 0000000000..85fee4791e --- /dev/null +++ b/src/main/resources/licenses/check-cvs.txt @@ -0,0 +1,2 @@ +Permission is granted to copy and/or distribute this file, with or +without modifications, provided this notice is preserved. diff --git a/src/main/resources/licenses/checkmk.txt b/src/main/resources/licenses/checkmk.txt new file mode 100644 index 0000000000..46c6b74278 --- /dev/null +++ b/src/main/resources/licenses/checkmk.txt @@ -0,0 +1,9 @@ +# Copyright (c) 2006, 2010 Micah Cowan +# +# Redistribution of this program in any form, with or without +# modifications, is permitted, provided that the above copyright is +# retained in distributions of this program in source form. +# +# (This is a free, non-copyleft license compatible with pretty much any +# other free or proprietary license, including the GPL. It's essentially +# a scaled-down version of the "modified" BSD license.) diff --git a/src/main/resources/licenses/cryptsetup-OpenSSL-exception.txt b/src/main/resources/licenses/cryptsetup-OpenSSL-exception.txt new file mode 100644 index 0000000000..25c1c420d2 --- /dev/null +++ b/src/main/resources/licenses/cryptsetup-OpenSSL-exception.txt @@ -0,0 +1,12 @@ +In addition, as a special exception, the copyright holders give +permission to link the code of portions of this program with the OpenSSL +library under certain conditions as described in each individual source +file, and distribute linked combinations including the two. + +You must obey the GNU General Public License in all respects for all of +the code used other than OpenSSL. If you modify file(s) with this +exception, you may extend this exception to your version of the file(s), +but you are not obligated to do so. If you do not wish to do so, delete +this exception statement from your version. If you delete this exception +statement from all source files in the program, then also delete it +here. diff --git a/src/main/resources/licenses/cve-tou.txt b/src/main/resources/licenses/cve-tou.txt new file mode 100644 index 0000000000..c7b2f02e3e --- /dev/null +++ b/src/main/resources/licenses/cve-tou.txt @@ -0,0 +1,16 @@ +CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, +no-charge, royalty-free, irrevocable copyright license to reproduce, prepare +derivative works of, publicly display, publicly perform, sublicense, and +distribute Common Vulnerabilities and Exposures (CVEÂŽ). Any copy you make for +such purposes is authorized provided that you reproduce MITRE's copyright +designation and this license in any such copy. + +DISCLAIMERS + +ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN PROVIDED BY MITRE ARE +PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE +REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF +TRUSTEES, OFFICERS, AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE +INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/main/resources/licenses/deprecated_AGPL-1.0.txt b/src/main/resources/licenses/deprecated_AGPL-1.0.txt new file mode 100644 index 0000000000..a00f82e601 --- /dev/null +++ b/src/main/resources/licenses/deprecated_AGPL-1.0.txt @@ -0,0 +1,86 @@ +AFFERO GENERAL PUBLIC LICENSE +Version 1, March 2002 Copyright Š 2002 Affero Inc. 510 Third Street - Suite 225, San Francisco, CA 94107, USA + +This license is a modified version of the GNU General Public License copyright (C) 1989, 1991 Free Software Foundation, Inc. made with their permission. Section 2(d) has been added to cover use of software over a computer network. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the Affero General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This Public License applies to most of Affero's software and to any other program whose authors commit to using it. (Some other Affero software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not price. This General Public License is designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. + +For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. + +We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. + +Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. + +Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. + +The precise terms and conditions for copying, distribution and modification follow. + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this Affero General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. + +1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. + +You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + +2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. + b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. + c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) + d) If the Program as you received it is intended to interact with users through a computer network and if, in the version you received, any user interacting with the Program was given the opportunity to request transmission to that user of the Program's complete source code, you must not remove that facility from your modified version of the Program or work based on the Program, and must offer an equivalent opportunity for all users interacting with your Program through a computer network to request immediate transmission by HTTP of the complete source code of your modified version or other derivative work. + +These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + +3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: + a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + +If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. + +4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + +5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. + +6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. + +7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + +This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + +8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + +9. Affero Inc. may publish revised and/or new versions of the Affero General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by Affero, Inc. If the Program does not specify a version number of this License, you may choose any version ever published by Affero, Inc. + +You may also choose to redistribute modified versions of this program under any version of the Free Software Foundation's GNU General Public License version 3 or higher, so long as that version of the GNU GPL includes terms and conditions substantially equivalent to those of this license. + +10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by Affero, Inc., write to us; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + +NO WARRANTY + +11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. diff --git a/src/main/resources/licenses/deprecated_AGPL-3.0.txt b/src/main/resources/licenses/deprecated_AGPL-3.0.txt new file mode 100644 index 0000000000..0c97efd25b --- /dev/null +++ b/src/main/resources/licenses/deprecated_AGPL-3.0.txt @@ -0,0 +1,235 @@ +GNU AFFERO GENERAL PUBLIC LICENSE +Version 3, 19 November 2007 + +Copyright (C) 2007 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + + Preamble + +The GNU Affero General Public License is a free, copyleft license for software and other kinds of works, specifically designed to ensure cooperation with the community in the case of network server software. + +The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, our General Public Licenses are intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. + +Developers that use our General Public Licenses protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License which gives you legal permission to copy, distribute and/or modify the software. + +A secondary benefit of defending all users' freedom is that improvements made in alternate versions of the program, if they receive widespread use, become available for other developers to incorporate. Many developers of free software are heartened and encouraged by the resulting cooperation. However, in the case of software used on network servers, this result may fail to come about. The GNU General Public License permits making a modified version and letting the public access it on a server without ever releasing its source code to the public. + +The GNU Affero General Public License is designed specifically to ensure that, in such cases, the modified source code becomes available to the community. It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version. + +An older license, called the Affero General Public License and published by Affero, was designed to accomplish similar goals. This is a different license, not a version of the Affero GPL, but Affero has released a new version of the Affero GPL which permits relicensing under this license. + +The precise terms and conditions for copying, distribution and modification follow. + + TERMS AND CONDITIONS + +0. Definitions. + +"This License" refers to version 3 of the GNU Affero General Public License. + +"Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. + +"The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. + +To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. + +A "covered work" means either the unmodified Program or a work based on the Program. + +To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. + +To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. + +An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. + +1. Source Code. +The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. + +A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. + +The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. + +The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same work. + +2. Basic Permissions. +All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. + +3. Protecting Users' Legal Rights From Anti-Circumvention Law. +No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. + +When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. + +4. Conveying Verbatim Copies. +You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. + +5. Conveying Modified Source Versions. +You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". + + c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. + +A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. + +6. Conveying Non-Source Forms. +You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: + + a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. + + d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. + +A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. + +"Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. + +If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). + +The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. + +Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. + +7. Additional Terms. +"Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or authors of the material; or + + e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. + +All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. + +8. Termination. + +You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). + +However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. + +Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. + +9. Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. + +10. Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. + +An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. + +11. Patents. + +A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". + +A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. + +In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. + +If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. + +A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. + +12. No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. + +13. Remote Network Interaction; Use with the GNU General Public License. + +Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph. + +Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the work with which it is combined will remain governed by version 3 of the GNU General Public License. + +14. Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions of the GNU Affero General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU Affero General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU Affero General Public License, you may choose any version ever published by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future versions of the GNU Affero General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. + +Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. + +15. Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +17. Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If your software can interact with users remotely through a computer network, you should also make sure that it provides a way for users to get its source. For example, if your program is a web application, its interface could display a "Source" link that leads users to an archive of the code. There are many ways you could offer source, and different solutions will be better for different programs; see section 13 for the specific requirements. + +You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see . diff --git a/src/main/resources/licenses/deprecated_BSD-2-Clause-FreeBSD.txt b/src/main/resources/licenses/deprecated_BSD-2-Clause-FreeBSD.txt new file mode 100644 index 0000000000..4774804e2a --- /dev/null +++ b/src/main/resources/licenses/deprecated_BSD-2-Clause-FreeBSD.txt @@ -0,0 +1,13 @@ +The FreeBSD Copyright + +Copyright 1992-2012 The FreeBSD Project. All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +The views and conclusions contained in the software and documentation are those of the authors and should not be interpreted as representing official policies, either expressed or implied, of the FreeBSD Project. diff --git a/src/main/resources/licenses/deprecated_BSD-2-Clause-NetBSD.txt b/src/main/resources/licenses/deprecated_BSD-2-Clause-NetBSD.txt new file mode 100644 index 0000000000..9e4e8130c8 --- /dev/null +++ b/src/main/resources/licenses/deprecated_BSD-2-Clause-NetBSD.txt @@ -0,0 +1,11 @@ +Copyright (c) 2008 The NetBSD Foundation, Inc. All rights reserved. + +This code is derived from software contributed to The NetBSD Foundation by + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/main/resources/licenses/deprecated_GFDL-1.1.txt b/src/main/resources/licenses/deprecated_GFDL-1.1.txt new file mode 100644 index 0000000000..e60192009a --- /dev/null +++ b/src/main/resources/licenses/deprecated_GFDL-1.1.txt @@ -0,0 +1,119 @@ +GNU Free Documentation License +Version 1.1, March 2000 + +Copyright (C) 2000 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +0. PREAMBLE + +The purpose of this License is to make a manual, textbook, or other written document "free" in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others. + +This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software. + +We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference. + +1. APPLICABILITY AND DEFINITIONS + +This License applies to any manual or other work that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. The "Document", below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as "you". + +A "Modified Version" of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language. + +A "Secondary Section" is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (For example, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them. + +The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License. + +The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License. + +A "Transparent" copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, whose contents can be viewed and edited directly and straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup has been designed to thwart or discourage subsequent modification by readers is not Transparent. A copy that is not "Transparent" is called "Opaque". + +Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML designed for human modification. Opaque formats include PostScript, PDF, proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML produced by some word processors for output purposes only. + +The "Title Page" means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, "Title Page" means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text. + +2. VERBATIM COPYING + +You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3. + +You may also lend copies, under the same conditions stated above, and you may publicly display copies. + +3. COPYING IN QUANTITY + +If you publish printed copies of the Document numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects. + +If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages. + +If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a publicly-accessible computer-network location containing a complete Transparent copy of the Document, free of added material, which the general network-using public has access to download anonymously at no charge using public-standard network protocols. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public. + +It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document. + +4. MODIFICATIONS + +You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version: + + A. Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions (which should, if there were any, be listed in the History section of the Document). You may use the same title as a previous version if the original publisher of that version gives permission. + B. List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified Version, together with at least five of the principal authors of the Document (all of its principal authors, if it has less than five). + C. State on the Title page the name of the publisher of the Modified Version, as the publisher. + D. Preserve all the copyright notices of the Document. + E. Add an appropriate copyright notice for your modifications adjacent to the other copyright notices. + F. Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under the terms of this License, in the form shown in the Addendum below. + G. Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document's license notice. + H. Include an unaltered copy of this License. + I. Preserve the section entitled "History", and its title, and add to it an item stating at least the title, year, new authors, and publisher of the Modified Version as given on the Title Page. If there is no section entitled "History" in the Document, create one stating the title, year, authors, and publisher of the Document as given on its Title Page, then add an item describing the Modified Version as stated in the previous sentence. + J. Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and likewise the network locations given in the Document for previous versions it was based on. These may be placed in the "History" section. You may omit a network location for a work that was published at least four years before the Document itself, or if the original publisher of the version it refers to gives permission. + K. In any section entitled "Acknowledgements" or "Dedications", preserve the section's title, and preserve in the section all the substance and tone of each of the contributor acknowledgements and/or dedications given therein. + L. Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent are not considered part of the section titles. + M. Delete any section entitled "Endorsements". Such a section may not be included in the Modified Version. + N. Do not retitle any existing section as "Endorsements" or to conflict in title with any Invariant Section. + +If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles. + +You may add a section entitled "Endorsements", provided it contains nothing but endorsements of your Modified Version by various parties--for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard. + +You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one. + +The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version. + +5. COMBINING DOCUMENTS + +You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice. + +The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work. + +In the combination, you must combine any sections entitled "History" in the various original documents, forming one section entitled "History"; likewise combine any sections entitled "Acknowledgements", and any sections entitled "Dedications". You must delete all sections entitled "Endorsements." + +6. COLLECTIONS OF DOCUMENTS + +You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects. + +You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document. + +7. AGGREGATION WITH INDEPENDENT WORKS + +A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, does not as a whole count as a Modified Version of the Document, provided no compilation copyright is claimed for the compilation. Such a compilation is called an "aggregate", and this License does not apply to the other self-contained works thus compiled with the Document, on account of their being thus compiled, if they are not themselves derivative works of the Document. + +If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one quarter of the entire aggregate, the Document's Cover Texts may be placed on covers that surround only the Document within the aggregate. Otherwise they must appear on covers around the whole aggregate. + +8. TRANSLATION + +Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License provided that you also include the original English version of this License. In case of a disagreement between the translation and the original English version of this License, the original English version will prevail. + +9. TERMINATION + +You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to copy, modify, sublicense or distribute the Document is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + +10. FUTURE REVISIONS OF THIS LICENSE + +The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See http://www.gnu.org/copyleft/. + +Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License "or any later version" applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation. + +ADDENDUM: How to use this License for your documents + +To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page: + + Copyright (c) YEAR YOUR NAME. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST. A copy of the license is included in the section entitled "GNU Free Documentation License". + +If you have no Invariant Sections, write "with no Invariant Sections" instead of saying which ones are invariant. If you have no Front-Cover Texts, write "no Front-Cover Texts" instead of "Front-Cover Texts being LIST"; likewise for Back-Cover Texts. + +If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software. diff --git a/src/main/resources/licenses/deprecated_GFDL-1.2.txt b/src/main/resources/licenses/deprecated_GFDL-1.2.txt new file mode 100644 index 0000000000..83c375aba1 --- /dev/null +++ b/src/main/resources/licenses/deprecated_GFDL-1.2.txt @@ -0,0 +1,130 @@ +GNU Free Documentation License +Version 1.2, November 2002 + +Copyright (C) 2000,2001,2002 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +0. PREAMBLE + +The purpose of this License is to make a manual, textbook, or other functional and useful document "free" in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others. + +This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software. + +We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference. + +1. APPLICABILITY AND DEFINITIONS + +This License applies to any manual or other work, in any medium, that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. Such a notice grants a world-wide, royalty-free license, unlimited in duration, to use that work under the conditions stated herein. The "Document", below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as "you". You accept the license if you copy, modify or distribute the work in a way requiring permission under copyright law. + +A "Modified Version" of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language. + +A "Secondary Section" is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (Thus, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them. + +The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License. If a section does not fit the above definition of Secondary then it is not allowed to be designated as Invariant. The Document may contain zero Invariant Sections. If the Document does not identify any Invariant Sections then there are none. + +The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License. A Front-Cover Text may be at most 5 words, and a Back-Cover Text may be at most 25 words. + +A "Transparent" copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, that is suitable for revising the document straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup, or absence of markup, has been arranged to thwart or discourage subsequent modification by readers is not Transparent. An image format is not Transparent if used for any substantial amount of text. A copy that is not "Transparent" is called "Opaque". + +Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML, PostScript or PDF designed for human modification. Examples of transparent image formats include PNG, XCF and JPG. Opaque formats include proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML, PostScript or PDF produced by some word processors for output purposes only. + +The "Title Page" means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, "Title Page" means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text. + +A section "Entitled XYZ" means a named subunit of the Document whose title either is precisely XYZ or contains XYZ in parentheses following text that translates XYZ in another language. (Here XYZ stands for a specific section name mentioned below, such as "Acknowledgements", "Dedications", "Endorsements", or "History".) To "Preserve the Title" of such a section when you modify the Document means that it remains a section "Entitled XYZ" according to this definition. + +The Document may include Warranty Disclaimers next to the notice which states that this License applies to the Document. These Warranty Disclaimers are considered to be included by reference in this License, but only as regards disclaiming warranties: any other implication that these Warranty Disclaimers may have is void and has no effect on the meaning of this License. + +2. VERBATIM COPYING + +You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3. + +You may also lend copies, under the same conditions stated above, and you may publicly display copies. + +3. COPYING IN QUANTITY + +If you publish printed copies (or copies in media that commonly have printed covers) of the Document, numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects. + +If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages. + +If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a computer-network location from which the general network-using public has access to download using public-standard network protocols a complete Transparent copy of the Document, free of added material. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public. + +It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document. + +4. MODIFICATIONS + +You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version: + + A. Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions (which should, if there were any, be listed in the History section of the Document). You may use the same title as a previous version if the original publisher of that version gives permission. + B. List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified Version, together with at least five of the principal authors of the Document (all of its principal authors, if it has fewer than five), unless they release you from this requirement. + C. State on the Title page the name of the publisher of the Modified Version, as the publisher. + D. Preserve all the copyright notices of the Document. + E. Add an appropriate copyright notice for your modifications adjacent to the other copyright notices. + F. Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under the terms of this License, in the form shown in the Addendum below. + G. Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document's license notice. + H. Include an unaltered copy of this License. + I. Preserve the section Entitled "History", Preserve its Title, and add to it an item stating at least the title, year, new authors, and publisher of the Modified Version as given on the Title Page. If there is no section Entitled "History" in the Document, create one stating the title, year, authors, and publisher of the Document as given on its Title Page, then add an item describing the Modified Version as stated in the previous sentence. + J. Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and likewise the network locations given in the Document for previous versions it was based on. These may be placed in the "History" section. You may omit a network location for a work that was published at least four years before the Document itself, or if the original publisher of the version it refers to gives permission. + K. For any section Entitled "Acknowledgements" or "Dedications", Preserve the Title of the section, and preserve in the section all the substance and tone of each of the contributor acknowledgements and/or dedications given therein. + L. Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent are not considered part of the section titles. + M. Delete any section Entitled "Endorsements". Such a section may not be included in the Modified Version. + N. Do not retitle any existing section to be Entitled "Endorsements" or to conflict in title with any Invariant Section. + O. Preserve any Warranty Disclaimers. + +If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles. + +You may add a section Entitled "Endorsements", provided it contains nothing but endorsements of your Modified Version by various parties--for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard. + +You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one. + +The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version. + +5. COMBINING DOCUMENTS + +You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice, and that you preserve all their Warranty Disclaimers. + +The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work. + +In the combination, you must combine any sections Entitled "History" in the various original documents, forming one section Entitled "History"; likewise combine any sections Entitled "Acknowledgements", and any sections Entitled "Dedications". You must delete all sections Entitled "Endorsements". + +6. COLLECTIONS OF DOCUMENTS + +You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects. + +You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document. + +7. AGGREGATION WITH INDEPENDENT WORKS + +A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, is called an "aggregate" if the copyright resulting from the compilation is not used to limit the legal rights of the compilation's users beyond what the individual works permit. When the Document is included in an aggregate, this License does not apply to the other works in the aggregate which are not themselves derivative works of the Document. + +If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one half of the entire aggregate, the Document's Cover Texts may be placed on covers that bracket the Document within the aggregate, or the electronic equivalent of covers if the Document is in electronic form. Otherwise they must appear on printed covers that bracket the whole aggregate. + +8. TRANSLATION + +Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License, and all the license notices in the Document, and any Warranty Disclaimers, provided that you also include the original English version of this License and the original versions of those notices and disclaimers. In case of a disagreement between the translation and the original version of this License or a notice or disclaimer, the original version will prevail. + +If a section in the Document is Entitled "Acknowledgements", "Dedications", or "History", the requirement (section 4) to Preserve its Title (section 1) will typically require changing the actual title. + +9. TERMINATION + +You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to copy, modify, sublicense or distribute the Document is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + +10. FUTURE REVISIONS OF THIS LICENSE + +The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See http://www.gnu.org/copyleft/. + +Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License "or any later version" applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation. + +ADDENDUM: How to use this License for your documents + +To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page: + + Copyright (c) YEAR YOUR NAME. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". + +If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, replace the "with...Texts." line with this: + + with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST. + +If you have Invariant Sections without Cover Texts, or some other combination of the three, merge those two alternatives to suit the situation. + +If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software. diff --git a/src/main/resources/licenses/deprecated_GFDL-1.3.txt b/src/main/resources/licenses/deprecated_GFDL-1.3.txt new file mode 100644 index 0000000000..b51dc2ab16 --- /dev/null +++ b/src/main/resources/licenses/deprecated_GFDL-1.3.txt @@ -0,0 +1,149 @@ +GNU Free Documentation License +Version 1.3, 3 November 2008 + +Copyright (C) 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +0. PREAMBLE + +The purpose of this License is to make a manual, textbook, or other functional and useful document "free" in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others. + +This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software. + +We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference. + +1. APPLICABILITY AND DEFINITIONS + +This License applies to any manual or other work, in any medium, that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. Such a notice grants a world-wide, royalty-free license, unlimited in duration, to use that work under the conditions stated herein. The "Document", below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as "you". You accept the license if you copy, modify or distribute the work in a way requiring permission under copyright law. + +A "Modified Version" of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language. + +A "Secondary Section" is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (Thus, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them. + +The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License. If a section does not fit the above definition of Secondary then it is not allowed to be designated as Invariant. The Document may contain zero Invariant Sections. If the Document does not identify any Invariant Sections then there are none. + +The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License. A Front-Cover Text may be at most 5 words, and a Back-Cover Text may be at most 25 words. + +A "Transparent" copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, that is suitable for revising the document straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup, or absence of markup, has been arranged to thwart or discourage subsequent modification by readers is not Transparent. An image format is not Transparent if used for any substantial amount of text. A copy that is not "Transparent" is called "Opaque". + +Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML, PostScript or PDF designed for human modification. Examples of transparent image formats include PNG, XCF and JPG. Opaque formats include proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML, PostScript or PDF produced by some word processors for output purposes only. + +The "Title Page" means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, "Title Page" means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text. + +The "publisher" means any person or entity that distributes copies of the Document to the public. + +A section "Entitled XYZ" means a named subunit of the Document whose title either is precisely XYZ or contains XYZ in parentheses following text that translates XYZ in another language. (Here XYZ stands for a specific section name mentioned below, such as "Acknowledgements", "Dedications", "Endorsements", or "History".) To "Preserve the Title" of such a section when you modify the Document means that it remains a section "Entitled XYZ" according to this definition. + +The Document may include Warranty Disclaimers next to the notice which states that this License applies to the Document. These Warranty Disclaimers are considered to be included by reference in this License, but only as regards disclaiming warranties: any other implication that these Warranty Disclaimers may have is void and has no effect on the meaning of this License. + +2. VERBATIM COPYING + +You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3. + +You may also lend copies, under the same conditions stated above, and you may publicly display copies. + +3. COPYING IN QUANTITY + +If you publish printed copies (or copies in media that commonly have printed covers) of the Document, numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects. + +If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages. + +If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a computer-network location from which the general network-using public has access to download using public-standard network protocols a complete Transparent copy of the Document, free of added material. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public. + +It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document. + +4. MODIFICATIONS + +You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version: + + A. Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions (which should, if there were any, be listed in the History section of the Document). You may use the same title as a previous version if the original publisher of that version gives permission. + B. List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified Version, together with at least five of the principal authors of the Document (all of its principal authors, if it has fewer than five), unless they release you from this requirement. + C. State on the Title page the name of the publisher of the Modified Version, as the publisher. + D. Preserve all the copyright notices of the Document. + E. Add an appropriate copyright notice for your modifications adjacent to the other copyright notices. + F. Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under the terms of this License, in the form shown in the Addendum below. + G. Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document's license notice. H. Include an unaltered copy of this License. + I. Preserve the section Entitled "History", Preserve its Title, and add to it an item stating at least the title, year, new authors, and publisher of the Modified Version as given on the Title Page. If there is no section Entitled "History" in the Document, create one stating the title, year, authors, and publisher of the Document as given on its Title Page, then add an item describing the Modified Version as stated in the previous sentence. + J. Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and likewise the network locations given in the Document for previous versions it was based on. These may be placed in the "History" section. You may omit a network location for a work that was published at least four years before the Document itself, or if the original publisher of the version it refers to gives permission. + K. For any section Entitled "Acknowledgements" or "Dedications", Preserve the Title of the section, and preserve in the section all the substance and tone of each of the contributor acknowledgements and/or dedications given therein. + L. Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent are not considered part of the section titles. + M. Delete any section Entitled "Endorsements". Such a section may not be included in the Modified Version. + N. Do not retitle any existing section to be Entitled "Endorsements" or to conflict in title with any Invariant Section. + O. Preserve any Warranty Disclaimers. + +If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles. + +You may add a section Entitled "Endorsements", provided it contains nothing but endorsements of your Modified Version by various parties--for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard. + +You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one. + +The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version. + +5. COMBINING DOCUMENTS + +You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice, and that you preserve all their Warranty Disclaimers. + +The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work. + +In the combination, you must combine any sections Entitled "History" in the various original documents, forming one section Entitled "History"; likewise combine any sections Entitled "Acknowledgements", and any sections Entitled "Dedications". You must delete all sections Entitled "Endorsements". + +6. COLLECTIONS OF DOCUMENTS + +You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects. + +You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document. + +7. AGGREGATION WITH INDEPENDENT WORKS + +A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, is called an "aggregate" if the copyright resulting from the compilation is not used to limit the legal rights of the compilation's users beyond what the individual works permit. When the Document is included in an aggregate, this License does not apply to the other works in the aggregate which are not themselves derivative works of the Document. + +If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one half of the entire aggregate, the Document's Cover Texts may be placed on covers that bracket the Document within the aggregate, or the electronic equivalent of covers if the Document is in electronic form. Otherwise they must appear on printed covers that bracket the whole aggregate. + +8. TRANSLATION + +Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License, and all the license notices in the Document, and any Warranty Disclaimers, provided that you also include the original English version of this License and the original versions of those notices and disclaimers. In case of a disagreement between the translation and the original version of this License or a notice or disclaimer, the original version will prevail. + +If a section in the Document is Entitled "Acknowledgements", "Dedications", or "History", the requirement (section 4) to Preserve its Title (section 1) will typically require changing the actual title. + +9. TERMINATION + +You may not copy, modify, sublicense, or distribute the Document except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, or distribute it is void, and will automatically terminate your rights under this License. + +However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. + +Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, receipt of a copy of some or all of the same material does not give you any rights to use it. + +10. FUTURE REVISIONS OF THIS LICENSE + +The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See http://www.gnu.org/copyleft/. + +Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License "or any later version" applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation. If the Document specifies that a proxy can decide which future versions of this License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Document. + +11. RELICENSING + +"Massive Multiauthor Collaboration Site" (or "MMC Site") means any World Wide Web server that publishes copyrightable works and also provides prominent facilities for anybody to edit those works. A public wiki that anybody can edit is an example of such a server. A "Massive Multiauthor Collaboration" (or "MMC") contained in the site means any set of copyrightable works thus published on the MMC site. + +"CC-BY-SA" means the Creative Commons Attribution-Share Alike 3.0 license published by Creative Commons Corporation, a not-for-profit corporation with a principal place of business in San Francisco, California, as well as future copyleft versions of that license published by that same organization. + +"Incorporate" means to publish or republish a Document, in whole or in part, as part of another Document. + +An MMC is "eligible for relicensing" if it is licensed under this License, and if all works that were first published under this License somewhere other than this MMC, and subsequently incorporated in whole or in part into the MMC, (1) had no cover texts or invariant sections, and (2) were thus incorporated prior to November 1, 2008. + +The operator of an MMC Site may republish an MMC contained in the site under CC-BY-SA on the same site at any time before August 1, 2009, provided the MMC is eligible for relicensing. + +ADDENDUM: How to use this License for your documents + +To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page: + + Copyright (c) YEAR YOUR NAME. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". + +If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, replace the "with...Texts." line with this: + + with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST. + +If you have Invariant Sections without Cover Texts, or some other combination of the three, merge those two alternatives to suit the situation. + +If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software. diff --git a/src/main/resources/licenses/deprecated_GPL-1.0+.txt b/src/main/resources/licenses/deprecated_GPL-1.0+.txt new file mode 100644 index 0000000000..3d69a51fe4 --- /dev/null +++ b/src/main/resources/licenses/deprecated_GPL-1.0+.txt @@ -0,0 +1,85 @@ +GNU GENERAL PUBLIC LICENSE +Version 1, February 1989 + +Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. + +When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. + +For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. + +We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. + +Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. + +The precise terms and conditions for copying, distribution and modification follow. + +GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". + 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. + 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: + a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and + b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). + c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. + d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. + + 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: + a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, + b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, + c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) + Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. + + 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. + 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. + 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. + 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. + + 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 9. + BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS + +Appendix: How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + +Copyright (C) 19yy + +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this when it starts in an interactive mode: + +Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. + +, 1 April 1989 Ty Coon, President of Vice + +That's all there is to it! diff --git a/src/main/resources/licenses/deprecated_GPL-1.0.txt b/src/main/resources/licenses/deprecated_GPL-1.0.txt new file mode 100644 index 0000000000..b3a222308b --- /dev/null +++ b/src/main/resources/licenses/deprecated_GPL-1.0.txt @@ -0,0 +1,100 @@ +GNU GENERAL PUBLIC LICENSE +Version 1, February 1989 + +Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. + +When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. + +For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. + +We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. + +Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. + +The precise terms and conditions for copying, distribution and modification follow. + +GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". + +1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. + +2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: + + a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and + + b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). + + c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. + + d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + +Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. + +3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: + + a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, + + b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, + + c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) + +Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. + +4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. + +5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. + +6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. + +7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. + +8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + +NO WARRANTY + +9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +END OF TERMS AND CONDITIONS + +Appendix: How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. + + , 1 April 1989 Ty Coon, President of Vice + +That's all there is to it! diff --git a/src/main/resources/licenses/deprecated_GPL-2.0+.txt b/src/main/resources/licenses/deprecated_GPL-2.0+.txt new file mode 100644 index 0000000000..ab803558b5 --- /dev/null +++ b/src/main/resources/licenses/deprecated_GPL-2.0+.txt @@ -0,0 +1,100 @@ +GNU GENERAL PUBLIC LICENSE +Version 2, June 1991 + +Copyright (C) 1989, 1991 Free Software Foundation, Inc. +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. + +For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. + +We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. + +Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. + +Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. + +The precise terms and conditions for copying, distribution and modification follow. + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". + Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. + You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. + b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. + c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) + These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + + Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. + + In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: + a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) + The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + + If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. + 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. + 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. + If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. + + It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + + This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. + + 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + +Copyright (C) + +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA . + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this when it starts in an interactive mode: + +Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. + +< signature of Ty Coon > , 1 April 1989 Ty Coon, President of Vice diff --git a/src/main/resources/licenses/deprecated_GPL-2.0-with-GCC-exception.txt b/src/main/resources/licenses/deprecated_GPL-2.0-with-GCC-exception.txt new file mode 100644 index 0000000000..54151eeb42 --- /dev/null +++ b/src/main/resources/licenses/deprecated_GPL-2.0-with-GCC-exception.txt @@ -0,0 +1,5 @@ +insert GPL v2 license text here + +GCC Linking Exception + +In addition to the permissions in the GNU General Public License, the Free Software Foundation gives you unlimited permission to link the compiled version of this file into combinations with other programs, and to distribute those combinations without any restriction coming from the use of this file. (The General Public License restrictions do apply in other respects; for example, they cover modification of the file, and distribution when not linked into a combine executable. diff --git a/src/main/resources/licenses/deprecated_GPL-2.0-with-autoconf-exception.txt b/src/main/resources/licenses/deprecated_GPL-2.0-with-autoconf-exception.txt new file mode 100644 index 0000000000..9ddaaa7b0a --- /dev/null +++ b/src/main/resources/licenses/deprecated_GPL-2.0-with-autoconf-exception.txt @@ -0,0 +1,9 @@ +insert GPL v2 license text here + +Autoconf Exception + +As a special exception, the Free Software Foundation gives unlimited permission to copy, distribute and modify the configure scripts that are the output of Autoconf. You need not follow the terms of the GNU General Public License when using or distributing such scripts, even though portions of the text of Autoconf appear in them. The GNU General Public License (GPL) does govern all other use of the material that constitutes the Autoconf program. + +Certain portions of the Autoconf source text are designed to be copied (in certain cases, depending on the input) into the output of Autoconf. We call these the "data" portions. The rest of the Autoconf source text consists of comments plus executable code that decides which of the data portions to output in any given case. We call these comments and executable code the "non-data" portions. Autoconf never copies any of the non-data portions into its output. + +This special exception to the GPL applies to versions of Autoconf released by the Free Software Foundation. When you make and distribute a modified version of Autoconf, you may extend this special exception to the GPL to apply to your modified version as well, *unless* your modified version has the potential to copy into its output some of the text that was the non-data portion of the version that you started with. (In other words, unless your change moves or copies text from the non-data portions to the data portions.) If your modification has such potential, you must delete any notice of this special exception to the GPL from your modified version. diff --git a/src/main/resources/licenses/deprecated_GPL-2.0-with-bison-exception.txt b/src/main/resources/licenses/deprecated_GPL-2.0-with-bison-exception.txt new file mode 100644 index 0000000000..45dca5a0a2 --- /dev/null +++ b/src/main/resources/licenses/deprecated_GPL-2.0-with-bison-exception.txt @@ -0,0 +1,4 @@ +Bison Exception +As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. + +This special exception was added by the Free Software Foundation in version 2.2 of Bison. diff --git a/src/main/resources/licenses/deprecated_GPL-2.0-with-classpath-exception.txt b/src/main/resources/licenses/deprecated_GPL-2.0-with-classpath-exception.txt new file mode 100644 index 0000000000..550746ce27 --- /dev/null +++ b/src/main/resources/licenses/deprecated_GPL-2.0-with-classpath-exception.txt @@ -0,0 +1,7 @@ +insert GPL v2 license text here + +Class Path Exception + +Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. + +As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. diff --git a/src/main/resources/licenses/deprecated_GPL-2.0-with-font-exception.txt b/src/main/resources/licenses/deprecated_GPL-2.0-with-font-exception.txt new file mode 100644 index 0000000000..b56ffe2584 --- /dev/null +++ b/src/main/resources/licenses/deprecated_GPL-2.0-with-font-exception.txt @@ -0,0 +1,5 @@ +insert GPL v2 license text here + +Font Exception + +As a special exception, if you create a document which uses this font, and embed this font or unaltered portions of this font into the document, this font does not by itself cause the resulting document to be covered by the GNU General Public License. This exception does not however invalidate any other reasons why the document might be covered by the GNU General Public License. If you modify this font, you may extend this exception to your version of the font, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. diff --git a/src/main/resources/licenses/deprecated_GPL-2.0.txt b/src/main/resources/licenses/deprecated_GPL-2.0.txt new file mode 100644 index 0000000000..17cb286430 --- /dev/null +++ b/src/main/resources/licenses/deprecated_GPL-2.0.txt @@ -0,0 +1,117 @@ +GNU GENERAL PUBLIC LICENSE +Version 2, June 1991 + +Copyright (C) 1989, 1991 Free Software Foundation, Inc. +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. + +For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. + +We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. + +Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. + +Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. + +The precise terms and conditions for copying, distribution and modification follow. + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. + +1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. + +You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + +2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. + + c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + +3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + +If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. + +4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + +5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. + +6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. + +7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + +This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + +8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + +9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. + +10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + +NO WARRANTY + +11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + one line to give the program's name and an idea of what it does. Copyright (C) yyyy name of author + + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. + +signature of Ty Coon, 1 April 1989 Ty Coon, President of Vice diff --git a/src/main/resources/licenses/deprecated_GPL-3.0+.txt b/src/main/resources/licenses/deprecated_GPL-3.0+.txt new file mode 100644 index 0000000000..642bad9fad --- /dev/null +++ b/src/main/resources/licenses/deprecated_GPL-3.0+.txt @@ -0,0 +1,200 @@ +GNU GENERAL PUBLIC LICENSE +Version 3, 29 June 2007 + +Copyright Š 2007 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The GNU General Public License is a free, copyleft license for software and other kinds of works. + +The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. + +To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. + +For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. + +Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. + +For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. + +Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. + +Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. + +The precise terms and conditions for copying, distribution and modification follow. + +TERMS AND CONDITIONS + + 0. Definitions. + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based on the Program. + + To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. + + 1. Source Code. + The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. + A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. + + The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. + + The Corresponding Source for a work in source code form is that same work. + + 2. Basic Permissions. + All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. + You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. + When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. + + 4. Conveying Verbatim Copies. + You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. + You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: + a) The work must carry prominent notices stating that you modified it, and giving a relevant date. + b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". + c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. + d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. + A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. + + 6. Conveying Non-Source Forms. + You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: + a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. + b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. + c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. + d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. + e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. + A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. + + If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). + + The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. + + 7. Additional Terms. + "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. + When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or + b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or + c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or + d) Limiting the use for publicity purposes of names of licensors or authors of the material; or + e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or + f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. + All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. + + 8. Termination. + You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). + However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. + + Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. + + 9. Acceptance Not Required for Having Copies. + You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. + 10. Automatic Licensing of Downstream Recipients. + Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. + An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. + + 11. Patents. + A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". + A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. + + If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. + + A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. + 13. Use with the GNU Affero General Public License. + Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. + 14. Revised Versions of this License. + The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. + + Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. + + 15. Disclaimer of Warranty. + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + 16. Limitation of Liability. + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + 17. Interpretation of Sections 15 and 16. +If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + +Copyright (C) + +This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: + + Copyright (C) +This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. +This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". + +You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . + +The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . diff --git a/src/main/resources/licenses/deprecated_GPL-3.0-with-GCC-exception.txt b/src/main/resources/licenses/deprecated_GPL-3.0-with-GCC-exception.txt new file mode 100644 index 0000000000..1351ee8a37 --- /dev/null +++ b/src/main/resources/licenses/deprecated_GPL-3.0-with-GCC-exception.txt @@ -0,0 +1,32 @@ +īģŋinsert GPL v3 text here + +GCC RUNTIME LIBRARY EXCEPTION + +Version 3.1, 31 March 2009 + +General information: http://www.gnu.org/licenses/gcc-exception.html + +Copyright (C) 2009 Free Software Foundation, Inc. +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. +This GCC Runtime Library Exception ("Exception") is an additional permission under section 7 of the GNU General Public License, version 3 ("GPLv3"). It applies to a given file (the "Runtime Library") that bears a notice placed by the copyright holder of the file stating that the file is governed by GPLv3 along with this Exception. + +When you use GCC to compile a program, GCC may combine portions of certain GCC header files and runtime libraries with the compiled program. The purpose of this Exception is to allow compilation of non-GPL (including proprietary) programs to use, in this way, the header files and runtime libraries covered by this Exception. + + 0. Definitions. + A file is an "Independent Module" if it either requires the Runtime Library for execution after a Compilation Process, or makes use of an interface provided by the Runtime Library, but is not otherwise based on the Runtime Library. + + "GCC" means a version of the GNU Compiler Collection, with or without modifications, governed by version 3 (or a specified later version) of the GNU General Public License (GPL) with the option of using any subsequent versions published by the FSF. + + "GPL-compatible Software" is software whose conditions of propagation, modification and use would permit combination with GCC in accord with the license of GCC. + + "Target Code" refers to output from any compiler for a real or virtual target processor architecture, in executable form or suitable for input to an assembler, loader, linker and/or execution phase. Notwithstanding that, Target Code does not include data in any format that is used as a compiler intermediate representation, or used for producing a compiler intermediate representation. + + The "Compilation Process" transforms code entirely represented in non-intermediate languages designed for human-written code, and/or in Java Virtual Machine byte code, into Target Code. Thus, for example, use of source code generators and preprocessors need not be considered part of the Compilation Process, since the Compilation Process can be understood as starting with the output of the generators or preprocessors. + + A Compilation Process is "Eligible" if it is done using GCC, alone or with other GPL-compatible software, or if it is done without using any work based on GCC. For example, using non-GPL-compatible Software to optimize any GCC intermediate representations would not qualify as an Eligible Compilation Process. + + 1. Grant of Additional Permission. + You have permission to propagate a work of Target Code formed by combining the Runtime Library with Independent Modules, even if such propagation would otherwise violate the terms of GPLv3, provided that all Target Code was generated by Eligible Compilation Processes. You may then convey such a combination under terms of your choice, consistent with the licensing of the Independent Modules. + + 2. No Weakening of GCC Copyleft. +The availability of this Exception does not imply any general presumption that third-party software is unaffected by the copyleft requirements of the license of GCC. diff --git a/src/main/resources/licenses/deprecated_GPL-3.0-with-autoconf-exception.txt b/src/main/resources/licenses/deprecated_GPL-3.0-with-autoconf-exception.txt new file mode 100644 index 0000000000..d0a28eabad --- /dev/null +++ b/src/main/resources/licenses/deprecated_GPL-3.0-with-autoconf-exception.txt @@ -0,0 +1,28 @@ +insert GPL v3 text here + +AUTOCONF CONFIGURE SCRIPT EXCEPTION + +Version 3.0, 18 August 2009 + +Copyright Š 2009 Free Software Foundation, Inc. >http://fsf.org/< + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +This Exception is an additional permission under section 7 of the GNU General Public License, version 3 ("GPLv3"). It applies to a given file that bears a notice placed by the copyright holder of the file stating that the file is governed by GPLv3 along with this Exception. + +The purpose of this Exception is to allow distribution of Autoconf's typical output under terms of the recipient's choice (including proprietary). + + 0. Definitions. + "Covered Code" is the source or object code of a version of Autoconf that is a covered work under this License. + + "Normally Copied Code" for a version of Autoconf means all parts of its Covered Code which that version can copy from its code (i.e., not from its input file) into its minimally verbose, non-debugging and non-tracing output. + + "Ineligible Code" is Covered Code that is not Normally Copied Code. + + 1. Grant of Additional Permission. + You have permission to propagate output of Autoconf, even if such propagation would otherwise violate the terms of GPLv3. However, if by modifying Autoconf you cause any Ineligible Code of the version you received to become Normally Copied Code of your modified version, then you void this Exception for the resulting covered work. If you convey that resulting covered work, you must remove this Exception in accordance with the second paragraph of Section 7 of GPLv3. + + 2. No Weakening of Autoconf Copyleft. + The availability of this Exception does not imply any general presumption that third-party software is unaffected by the copyleft requirements of the license of Autoconf. + + diff --git a/src/main/resources/licenses/deprecated_GPL-3.0.txt b/src/main/resources/licenses/deprecated_GPL-3.0.txt new file mode 100644 index 0000000000..f6cdd22a6c --- /dev/null +++ b/src/main/resources/licenses/deprecated_GPL-3.0.txt @@ -0,0 +1,232 @@ +GNU GENERAL PUBLIC LICENSE +Version 3, 29 June 2007 + +Copyright Š 2007 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The GNU General Public License is a free, copyleft license for software and other kinds of works. + +The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. + +To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. + +For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. + +Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. + +For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. + +Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. + +Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. + +The precise terms and conditions for copying, distribution and modification follow. + +TERMS AND CONDITIONS + +0. Definitions. + +“This License” refers to version 3 of the GNU General Public License. + +“Copyright” also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. + +“The Program” refers to any copyrightable work licensed under this License. Each licensee is addressed as “you”. “Licensees” and “recipients” may be individuals or organizations. + +To “modify” a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a “modified version” of the earlier work or a work “based on” the earlier work. + +A “covered work” means either the unmodified Program or a work based on the Program. + +To “propagate” a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. + +To “convey” a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. + +An interactive user interface displays “Appropriate Legal Notices” to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. + +1. Source Code. +The “source code” for a work means the preferred form of the work for making modifications to it. “Object code” means any non-source form of a work. + +A “Standard Interface” means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. + +The “System Libraries” of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A “Major Component”, in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. + +The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same work. + +2. Basic Permissions. +All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. + +3. Protecting Users' Legal Rights From Anti-Circumvention Law. +No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. + +When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. + +4. Conveying Verbatim Copies. +You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. + +5. Conveying Modified Source Versions. +You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to “keep intact all notices”. + + c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. + +A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an “aggregate” if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. + +6. Conveying Non-Source Forms. +You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: + + a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. + + d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. + +A “User Product” is either (1) a “consumer product”, which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, “normally used” refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. + +“Installation Information” for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. + +If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). + +The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. + +Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. + +7. Additional Terms. +“Additional permissions” are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or authors of the material; or + + e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. + +All other non-permissive additional terms are considered “further restrictions” within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. + +8. Termination. +You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). + +However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. + +Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. + +9. Acceptance Not Required for Having Copies. +You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. + +10. Automatic Licensing of Downstream Recipients. +Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. + +An “entity transaction” is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. + +11. Patents. +A “contributor” is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's “contributor version”. + +A contributor's “essential patent claims” are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, “control” includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. + +In the following three paragraphs, a “patent license” is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To “grant” such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. + +If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. “Knowingly relying” means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. + +A patent license is “discriminatory” if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. + +12. No Surrender of Others' Freedom. +If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. + +13. Use with the GNU Affero General Public License. +Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. + +14. Revised Versions of this License. +The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License “or any later version” applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. + +Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. + +15. Disclaimer of Warranty. +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. Limitation of Liability. +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +17. Interpretation of Sections 15 and 16. +If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the “copyright” line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an “about box”. + +You should also get your employer (if you work as a programmer) or school, if any, to sign a “copyright disclaimer” for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . + +The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . diff --git a/src/main/resources/licenses/deprecated_LGPL-2.0+.txt b/src/main/resources/licenses/deprecated_LGPL-2.0+.txt new file mode 100644 index 0000000000..13fb4ef8fe --- /dev/null +++ b/src/main/resources/licenses/deprecated_LGPL-2.0+.txt @@ -0,0 +1,149 @@ +GNU LIBRARY GENERAL PUBLIC LICENSE + +Version 2, June 1991 + +Copyright (C) 1991 Free Software Foundation, Inc. +51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +[This is the first released version of the library GPL. It is numbered 2 because it goes with version 2 of the ordinary GPL.] + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. + +This license, the Library General Public License, applies to some specially designated Free Software Foundation software, and to any other libraries whose authors decide to use it. You can use it for your libraries, too. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library, or if you modify it. + +For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link a program with the library, you must provide complete object files to the recipients so that they can relink them with the library, after making changes to the library and recompiling it. And you must show them these terms so they know their rights. + +Our method of protecting your rights has two steps: (1) copyright the library, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the library. + +Also, for each distributor's protection, we want to make certain that everyone understands that there is no warranty for this free library. If the library is modified by someone else and passed on, we want its recipients to know that what they have is not the original version, so that any problems introduced by others will not reflect on the original authors' reputations. + +Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that companies distributing free software will individually obtain patent licenses, thus in effect transforming the program into proprietary software. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. + +Most GNU software, including some libraries, is covered by the ordinary GNU General Public License, which was designed for utility programs. This license, the GNU Library General Public License, applies to certain designated libraries. This license is quite different from the ordinary one; be sure to read it in full, and don't assume that anything in it is the same as in the ordinary license. + +The reason we have a separate public license for some libraries is that they blur the distinction we usually make between modifying or adding to a program and simply using it. Linking a program with a library, without changing the library, is in some sense simply using the library, and is analogous to running a utility program or application program. However, in a textual and legal sense, the linked executable is a combined work, a derivative of the original library, and the ordinary General Public License treats it as such. + +Because of this blurred distinction, using the ordinary General Public License for libraries did not effectively promote software sharing, because most developers did not use the libraries. We concluded that weaker conditions might promote sharing better. + +However, unrestricted linking of non-free programs would deprive the users of those programs of all benefit from the free status of the libraries themselves. This Library General Public License is intended to permit developers of non-free programs to use free libraries, while preserving your freedom as a user of such programs to change the free libraries that are incorporated in them. (We have not seen how to achieve this as regards changes in header files, but we have achieved it as regards changes in the actual functions of the Library.) The hope is that this will lead to faster development of free libraries. + +The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, while the latter only works together with the library. + +Note that it is possible for a library to be covered by the ordinary General Public License rather than by this special one. + +GNU LIBRARY GENERAL PUBLIC LICENSE + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License Agreement applies to any software library which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Library General Public License (also called "this License"). Each licensee is addressed as "you". + A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. + + The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) + + "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. + + Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. + + 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. + You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + a) The modified work must itself be a software library. + b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. + c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. + d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. + (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) + + These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + + Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. + + In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + + 3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. + Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. + + This option is useful when you wish to copy part of the code of the Library into a program that is not a library. + + 4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. + If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. + + 5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. + However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. + + When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. + + If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) + + Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. + + 6. As an exception to the Sections above, you may also compile or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. + You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: + + a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) + b) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. + c) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. + d) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. + For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + + It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. + + 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: + + a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. + b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. + 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + 9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. + 10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. + 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. + If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. + + It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + + This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + + 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + 13. The Free Software Foundation may publish revised and/or new versions of the Library General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. + + 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + NO WARRANTY + + 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Libraries + +If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). + +To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + +one line to give the library's name and an idea of what it does. +Copyright (C) year name of author + +This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. + +This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. + +You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in +the library `Frob' (a library for tweaking knobs) written +by James Random Hacker. + +signature of Ty Coon, 1 April 1990 +Ty Coon, President of Vice + +That's all there is to it! diff --git a/src/main/resources/licenses/deprecated_LGPL-2.0.txt b/src/main/resources/licenses/deprecated_LGPL-2.0.txt new file mode 100644 index 0000000000..843b00b561 --- /dev/null +++ b/src/main/resources/licenses/deprecated_LGPL-2.0.txt @@ -0,0 +1,175 @@ +GNU LIBRARY GENERAL PUBLIC LICENSE + +Version 2, June 1991 + +Copyright (C) 1991 Free Software Foundation, Inc. +51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +[This is the first released version of the library GPL. It is numbered 2 because it goes with version 2 of the ordinary GPL.] + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. + +This license, the Library General Public License, applies to some specially designated Free Software Foundation software, and to any other libraries whose authors decide to use it. You can use it for your libraries, too. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library, or if you modify it. + +For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link a program with the library, you must provide complete object files to the recipients so that they can relink them with the library, after making changes to the library and recompiling it. And you must show them these terms so they know their rights. + +Our method of protecting your rights has two steps: (1) copyright the library, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the library. + +Also, for each distributor's protection, we want to make certain that everyone understands that there is no warranty for this free library. If the library is modified by someone else and passed on, we want its recipients to know that what they have is not the original version, so that any problems introduced by others will not reflect on the original authors' reputations. + +Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that companies distributing free software will individually obtain patent licenses, thus in effect transforming the program into proprietary software. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. + +Most GNU software, including some libraries, is covered by the ordinary GNU General Public License, which was designed for utility programs. This license, the GNU Library General Public License, applies to certain designated libraries. This license is quite different from the ordinary one; be sure to read it in full, and don't assume that anything in it is the same as in the ordinary license. + +The reason we have a separate public license for some libraries is that they blur the distinction we usually make between modifying or adding to a program and simply using it. Linking a program with a library, without changing the library, is in some sense simply using the library, and is analogous to running a utility program or application program. However, in a textual and legal sense, the linked executable is a combined work, a derivative of the original library, and the ordinary General Public License treats it as such. + +Because of this blurred distinction, using the ordinary General Public License for libraries did not effectively promote software sharing, because most developers did not use the libraries. We concluded that weaker conditions might promote sharing better. + +However, unrestricted linking of non-free programs would deprive the users of those programs of all benefit from the free status of the libraries themselves. This Library General Public License is intended to permit developers of non-free programs to use free libraries, while preserving your freedom as a user of such programs to change the free libraries that are incorporated in them. (We have not seen how to achieve this as regards changes in header files, but we have achieved it as regards changes in the actual functions of the Library.) The hope is that this will lead to faster development of free libraries. + +The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, while the latter only works together with the library. + +Note that it is possible for a library to be covered by the ordinary General Public License rather than by this special one. + +GNU LIBRARY GENERAL PUBLIC LICENSE +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License Agreement applies to any software library which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Library General Public License (also called "this License"). Each licensee is addressed as "you". + +A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. + +The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) + +"Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. + +Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. + +1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. + +You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + +2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. + +(For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) + +These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. + +In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + +3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. + +Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. + +This option is useful when you wish to copy part of the code of the Library into a program that is not a library. + +4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. + +If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. + +5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. + +However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. + +When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. + +If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) + +Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. + +6. As an exception to the Sections above, you may also compile or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. + +You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: + + a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) + + b) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. + + c) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. + + d) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. + +For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + +It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. + +7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: + + a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. + + b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. + +8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + +9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. + +10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. + +11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. + +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + +This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + +12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + +13. The Free Software Foundation may publish revised and/or new versions of the Library General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. + +14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + +NO WARRANTY + +15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Libraries + +If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). + +To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + one line to give the library's name and an idea of what it does. + Copyright (C) year name of author + + This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in +the library `Frob' (a library for tweaking knobs) written +by James Random Hacker. + +signature of Ty Coon, 1 April 1990 +Ty Coon, President of Vice + +That's all there is to it! diff --git a/src/main/resources/licenses/deprecated_LGPL-2.1+.txt b/src/main/resources/licenses/deprecated_LGPL-2.1+.txt new file mode 100644 index 0000000000..61a5f69800 --- /dev/null +++ b/src/main/resources/licenses/deprecated_LGPL-2.1+.txt @@ -0,0 +1,150 @@ +GNU LESSER GENERAL PUBLIC LICENSE + +Version 2.1, February 1999 + +Copyright (C) 1991, 1999 Free Software Foundation, Inc. +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. + +This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. + +When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things. + +To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. + +For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. + +We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. + +To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. + +Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license. + +Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. + +When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library. + +We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. + +For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. + +In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system. + +Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. + +The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. + +GNU LESSER GENERAL PUBLIC LICENSE + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". + A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. + + The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) + + "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. + + Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. + + 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. + You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + a) The modified work must itself be a software library. + b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. + c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. + d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. + (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) + + These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + + Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. + + In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + + 3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. + Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. + + This option is useful when you wish to copy part of the code of the Library into a program that is not a library. + + 4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. + If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. + + 5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. + However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. + + When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. + + If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) + + Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. + + 6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. + You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: + + a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) + b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with. + c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. + d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. + e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. + For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + + It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. + + 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: + a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. + b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. + 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + 9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. + 10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. + 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. + If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. + + It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + + This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + + 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + 13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. + + 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + NO WARRANTY + + 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Libraries + +If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). + +To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + +Copyright (C) + +This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. + +This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in +the library `Frob' (a library for tweaking knobs) written +by James Random Hacker. + +< signature of Ty Coon > , 1 April 1990 +Ty Coon, President of Vice +That's all there is to it! diff --git a/src/main/resources/licenses/deprecated_LGPL-2.1.txt b/src/main/resources/licenses/deprecated_LGPL-2.1.txt new file mode 100644 index 0000000000..c6487f4fdf --- /dev/null +++ b/src/main/resources/licenses/deprecated_LGPL-2.1.txt @@ -0,0 +1,176 @@ +GNU LESSER GENERAL PUBLIC LICENSE + +Version 2.1, February 1999 + +Copyright (C) 1991, 1999 Free Software Foundation, Inc. +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. + +This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. + +When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things. + +To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. + +For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. + +We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. + +To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. + +Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license. + +Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. + +When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library. + +We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. + +For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. + +In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system. + +Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. + +The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. + +GNU LESSER GENERAL PUBLIC LICENSE +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". + +A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. + +The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) + +"Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. + +Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. + +1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. + +You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + +2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. + +(For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) + +These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. + +In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + +3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. + +Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. + +This option is useful when you wish to copy part of the code of the Library into a program that is not a library. + +4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. + +If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. + +5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. + +However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. + +When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. + +If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) + +Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. + +6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. + +You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: + + a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) + + b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with. + + c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. + + d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. + + e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. + +For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + +It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. + +7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: + + a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. + + b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. + +8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + +9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. + +10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. + +11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. + +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + +This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + +12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + +13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. + +14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + +NO WARRANTY + +15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Libraries + +If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). + +To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + one line to give the library's name and an idea of what it does. + Copyright (C) year name of author + + This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in +the library `Frob' (a library for tweaking knobs) written +by James Random Hacker. + +signature of Ty Coon, 1 April 1990 +Ty Coon, President of Vice +That's all there is to it! diff --git a/src/main/resources/licenses/deprecated_LGPL-3.0+.txt b/src/main/resources/licenses/deprecated_LGPL-3.0+.txt new file mode 100644 index 0000000000..cd2d2ee007 --- /dev/null +++ b/src/main/resources/licenses/deprecated_LGPL-3.0+.txt @@ -0,0 +1,253 @@ +GNU LESSER GENERAL PUBLIC LICENSE +Version 3, 29 June 2007 + +Copyright (C) 2007 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. + + 0. Additional Definitions. + + As used herein, "this License" refers to version 3 of the GNU Lesser General Public License, and the "GNU GPL" refers to version 3 of the GNU General Public License. + + "The Library" refers to a covered work governed by this License, other than an Application or a Combined Work as defined below. + + An "Application" is any work that makes use of an interface provided by the Library, but which is not otherwise based on the Library. Defining a subclass of a class defined by the Library is deemed a mode of using an interface provided by the Library. + + A "Combined Work" is a work produced by combining or linking an Application with the Library. The particular version of the Library with which the Combined Work was made is also called the "Linked Version". + + The "Minimal Corresponding Source" for a Combined Work means the Corresponding Source for the Combined Work, excluding any source code for portions of the Combined Work that, considered in isolation, are based on the Application, and not on the Linked Version. + + The "Corresponding Application Code" for a Combined Work means the object code and/or source code for the Application, including any data and utility programs needed for reproducing the Combined Work from the Application, but excluding the System Libraries of the Combined Work. + + 1. Exception to Section 3 of the GNU GPL. + You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL. + 2. Conveying Modified Versions. + If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: + a) under this License, provided that you make a good faith effort to ensure that, in the event an Application does not supply the function or data, the facility still operates, and performs whatever part of its purpose remains meaningful, or + b) under the GNU GPL, with none of the additional permissions of this License applicable to that copy. + 3. Object Code Incorporating Material from Library Header Files. + The object code form of an Application may incorporate material from a header file that is part of the Library. You may convey such object code under terms of your choice, provided that, if the incorporated material is not limited to numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length), you do both of the following: + a) Give prominent notice with each copy of the object code that the Library is used in it and that the Library and its use are covered by this License. + b) Accompany the object code with a copy of the GNU GPL and this license document. + 4. Combined Works. + You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: + a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License. + b) Accompany the Combined Work with a copy of the GNU GPL and this license document. + c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document. + d) Do one of the following: + 0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source. + 1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version. + e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version. (If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.) + 5. Combined Libraries. + You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: + a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities, conveyed under the terms of this License. + b) Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. + 6. Revised Versions of the GNU Lesser General Public License. + The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the Library as you received it specifies that a certain numbered version of the GNU Lesser General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that published version or of any later version published by the Free Software Foundation. If the Library as you received it does not specify a version number of the GNU Lesser General Public License, you may choose any version of the GNU Lesser General Public License ever published by the Free Software Foundation. + + If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library. + + GNU GENERAL PUBLIC LICENSE +Version 3, 29 June 2007 + +Copyright Š 2007 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The GNU General Public License is a free, copyleft license for software and other kinds of works. + +The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. + +To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. + +For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. + +Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. + +For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. + +Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. + +Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. + +The precise terms and conditions for copying, distribution and modification follow. + +TERMS AND CONDITIONS + + 0. Definitions. + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based on the Program. + + To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. + + 1. Source Code. + The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. + A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. + + The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. + + The Corresponding Source for a work in source code form is that same work. + + 2. Basic Permissions. + All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. + You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. + When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. + + 4. Conveying Verbatim Copies. + You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. + You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: + a) The work must carry prominent notices stating that you modified it, and giving a relevant date. + b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". + c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. + d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. + A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. + + 6. Conveying Non-Source Forms. + You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: + a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. + b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. + c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. + d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. + e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. + A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. + + If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). + + The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. + + 7. Additional Terms. + "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. + When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or + b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or + c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or + d) Limiting the use for publicity purposes of names of licensors or authors of the material; or + e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or + f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. + All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. + + 8. Termination. + You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). + However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. + + Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. + + 9. Acceptance Not Required for Having Copies. + You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. + 10. Automatic Licensing of Downstream Recipients. + Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. + An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. + + 11. Patents. + A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". + A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. + + If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. + + A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. + 13. Use with the GNU Affero General Public License. + Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. + 14. Revised Versions of this License. + The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. + + Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. + + 15. Disclaimer of Warranty. + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + 16. Limitation of Liability. + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + 17. Interpretation of Sections 15 and 16. + If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + +Copyright (C) + +This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: + + Copyright (C) +This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. +This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". + +You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . + +The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . diff --git a/src/main/resources/licenses/deprecated_LGPL-3.0.txt b/src/main/resources/licenses/deprecated_LGPL-3.0.txt new file mode 100644 index 0000000000..513d1c01fe --- /dev/null +++ b/src/main/resources/licenses/deprecated_LGPL-3.0.txt @@ -0,0 +1,304 @@ +GNU LESSER GENERAL PUBLIC LICENSE +Version 3, 29 June 2007 + +Copyright (C) 2007 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. + +0. Additional Definitions. + +As used herein, "this License" refers to version 3 of the GNU Lesser General Public License, and the "GNU GPL" refers to version 3 of the GNU General Public License. + +"The Library" refers to a covered work governed by this License, other than an Application or a Combined Work as defined below. + +An "Application" is any work that makes use of an interface provided by the Library, but which is not otherwise based on the Library. Defining a subclass of a class defined by the Library is deemed a mode of using an interface provided by the Library. + +A "Combined Work" is a work produced by combining or linking an Application with the Library. The particular version of the Library with which the Combined Work was made is also called the "Linked Version". + +The "Minimal Corresponding Source" for a Combined Work means the Corresponding Source for the Combined Work, excluding any source code for portions of the Combined Work that, considered in isolation, are based on the Application, and not on the Linked Version. + +The "Corresponding Application Code" for a Combined Work means the object code and/or source code for the Application, including any data and utility programs needed for reproducing the Combined Work from the Application, but excluding the System Libraries of the Combined Work. + +1. Exception to Section 3 of the GNU GPL. +You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL. + +2. Conveying Modified Versions. +If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: + + a) under this License, provided that you make a good faith effort to ensure that, in the event an Application does not supply the function or data, the facility still operates, and performs whatever part of its purpose remains meaningful, or + + b) under the GNU GPL, with none of the additional permissions of this License applicable to that copy. + +3. Object Code Incorporating Material from Library Header Files. +The object code form of an Application may incorporate material from a header file that is part of the Library. You may convey such object code under terms of your choice, provided that, if the incorporated material is not limited to numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length), you do both of the following: + + a) Give prominent notice with each copy of the object code that the Library is used in it and that the Library and its use are covered by this License. + + b) Accompany the object code with a copy of the GNU GPL and this license document. + +4. Combined Works. +You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: + + a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License. + + b) Accompany the Combined Work with a copy of the GNU GPL and this license document. + + c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document. + + d) Do one of the following: + + 0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source. + + 1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version. + + e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version. (If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.) + +5. Combined Libraries. +You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: + + a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities, conveyed under the terms of this License. + + b) Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. + +6. Revised Versions of the GNU Lesser General Public License. +The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Library as you received it specifies that a certain numbered version of the GNU Lesser General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that published version or of any later version published by the Free Software Foundation. If the Library as you received it does not specify a version number of the GNU Lesser General Public License, you may choose any version of the GNU Lesser General Public License ever published by the Free Software Foundation. + +If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall +apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library. + +GNU GENERAL PUBLIC LICENSE +Version 3, 29 June 2007 + +Copyright Š 2007 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The GNU General Public License is a free, copyleft license for software and other kinds of works. + +The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. + +To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. + +For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. + +Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. + +For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. + +Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. + +Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. + +The precise terms and conditions for copying, distribution and modification follow. + +TERMS AND CONDITIONS + +0. Definitions. + +“This License” refers to version 3 of the GNU General Public License. + +“Copyright” also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. + +“The Program” refers to any copyrightable work licensed under this License. Each licensee is addressed as “you”. “Licensees” and “recipients” may be individuals or organizations. + +To “modify” a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a “modified version” of the earlier work or a work “based on” the earlier work. + +A “covered work” means either the unmodified Program or a work based on the Program. + +To “propagate” a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. + +To “convey” a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. + +An interactive user interface displays “Appropriate Legal Notices” to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. + +1. Source Code. +The “source code” for a work means the preferred form of the work for making modifications to it. “Object code” means any non-source form of a work. + +A “Standard Interface” means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. + +The “System Libraries” of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A “Major Component”, in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. + +The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same work. + +2. Basic Permissions. +All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. + +3. Protecting Users' Legal Rights From Anti-Circumvention Law. +No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. + +When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. + +4. Conveying Verbatim Copies. +You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. + +5. Conveying Modified Source Versions. +You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to “keep intact all notices”. + + c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. + +A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an “aggregate” if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. + +6. Conveying Non-Source Forms. +You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: + + a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. + + d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. + +A “User Product” is either (1) a “consumer product”, which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, “normally used” refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. + +“Installation Information” for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. + +If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). + +The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. + +Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. + +7. Additional Terms. +“Additional permissions” are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or authors of the material; or + + e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. + +All other non-permissive additional terms are considered “further restrictions” within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. + +8. Termination. +You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). + +However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. + +Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. + +9. Acceptance Not Required for Having Copies. +You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. + +10. Automatic Licensing of Downstream Recipients. +Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. + +An “entity transaction” is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. + +11. Patents. +A “contributor” is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's “contributor version”. + +A contributor's “essential patent claims” are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, “control” includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. + +In the following three paragraphs, a “patent license” is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To “grant” such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. + +If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. “Knowingly relying” means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. + +A patent license is “discriminatory” if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. + +12. No Surrender of Others' Freedom. +If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. + +13. Use with the GNU Affero General Public License. +Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. + +14. Revised Versions of this License. +The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License “or any later version” applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. + +Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. + +15. Disclaimer of Warranty. +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. Limitation of Liability. +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +17. Interpretation of Sections 15 and 16. +If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the “copyright” line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an “about box”. + +You should also get your employer (if you work as a programmer) or school, if any, to sign a “copyright disclaimer” for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . + +The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . diff --git a/src/main/resources/licenses/Net-SNMP.txt b/src/main/resources/licenses/deprecated_Net-SNMP.txt similarity index 100% rename from src/main/resources/licenses/Net-SNMP.txt rename to src/main/resources/licenses/deprecated_Net-SNMP.txt diff --git a/src/main/resources/licenses/deprecated_Nunit.txt b/src/main/resources/licenses/deprecated_Nunit.txt new file mode 100644 index 0000000000..43b82201a7 --- /dev/null +++ b/src/main/resources/licenses/deprecated_Nunit.txt @@ -0,0 +1,14 @@ +Copyright Š 2002-2004 James W. Newkirk, Michael C. Two, Alexei A. Vorontsov, Charlie Poole +Copyright Š 2000-2004 Philip A. Craig + +This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. + +Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: + +1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment (see the following) in the product documentation is required. + +Portions Copyright Š 2002-2004 James W. Newkirk, Michael C. Two, Alexei A. Vorontsov, Charlie Poole or Copyright Š 2000-2004 Philip A. Craig + +2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. + +3. This notice may not be removed or altered from any source distribution. diff --git a/src/main/resources/licenses/deprecated_StandardML-NJ.txt b/src/main/resources/licenses/deprecated_StandardML-NJ.txt new file mode 100644 index 0000000000..0bd89e47ec --- /dev/null +++ b/src/main/resources/licenses/deprecated_StandardML-NJ.txt @@ -0,0 +1,8 @@ +STANDARD ML OF NEW JERSEY COPYRIGHT NOTICE, LICENSE AND DISCLAIMER. + +Copyright (c) 2001-2011 by The Fellowship of SML/NJ +Copyright (c) 1989-2001 by Lucent Technologies + +Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both the copyright notice and this permission notice and warranty disclaimer appear in supporting documentation, and that the name of Lucent Technologies, Bell Labs or any Lucent entity not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. + +Lucent disclaims all warranties with regard to this software, including all implied warranties of merchantability and fitness. In no event shall Lucent be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of this software. diff --git a/src/main/resources/licenses/deprecated_bzip2-1.0.5.txt b/src/main/resources/licenses/deprecated_bzip2-1.0.5.txt new file mode 100644 index 0000000000..a6957df123 --- /dev/null +++ b/src/main/resources/licenses/deprecated_bzip2-1.0.5.txt @@ -0,0 +1,18 @@ +Version 1.0.5 of 10 December 2007 + +Copyright Š 1996-2007 Julian Seward + +This program, bzip2, the associated library libbzip2, and all documentation, are copyright Š 1996-2007 Julian Seward. All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + + â€ĸ Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + + â€ĸ The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. + + â€ĸ Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. + + â€ĸ The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +PATENTS: To the best of my knowledge, bzip2 and libbzip2 do not use any patented algorithms. However, I do not have the resources to carry out a patent search. Therefore I cannot give any guarantee of the above statement. diff --git a/src/main/resources/licenses/deprecated_eCos-2.0.txt b/src/main/resources/licenses/deprecated_eCos-2.0.txt new file mode 100644 index 0000000000..f14828799a --- /dev/null +++ b/src/main/resources/licenses/deprecated_eCos-2.0.txt @@ -0,0 +1,16 @@ +The eCos license version 2.0 +This file is part of eCos, the Embedded Configurable Operating System. Copyright (C) 1998, 1999, 2000, 2001, 2002 Red Hat, Inc. + +eCos is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 or (at your option) any later version. + +eCos is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with eCos; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + +As a special exception, if other files instantiate templates or use macros or inline functions from this file, or you compile this file and link it with other works to produce a work based on this file, this file does not by itself cause the resulting work to be covered by the GNU General Public License. However the source code for this file must still be made available in accordance with section (3) of the GNU General Public License. + +This exception does not invalidate any other reasons why a work based on this file might be covered by the GNU General Public License. + +Alternative licenses for eCos may be arranged by contacting Red Hat, Inc. at http://sources.redhat.com/ecos/ecos-license/ ------------------------------------------- + +####ECOSGPLCOPYRIGHTEND#### diff --git a/src/main/resources/licenses/deprecated_wxWindows.txt b/src/main/resources/licenses/deprecated_wxWindows.txt new file mode 100644 index 0000000000..32ac9c1c11 --- /dev/null +++ b/src/main/resources/licenses/deprecated_wxWindows.txt @@ -0,0 +1,6 @@ +EXCEPTION NOTICE + + 1. As a special exception, the copyright holders of this library give permission for additional uses of the text contained in this release of the library as licenced under the wxWindows Library Licence, applying either version 3.1 of the Licence, or (at your option) any later version of the Licence as published by the copyright holders of version 3.1 of the Licence document. + 2. The exception is that you may use, copy, link, modify and distribute under your own terms, binary object code versions of works based on the Library. + 3. If you copy code from files distributed under the terms of the GNU General Public Licence or the GNU Library General Public Licence into a copy of this library, as this licence permits, the exception does not apply to the code that you add in this way. To avoid misleading anyone as to the status of such modified files, you must delete this exception notice from such code and/or adjust the licensing conditions notice accordingly. + 4. If you write modifications of your own for this library, it is your choice whether to permit this exception to apply to your modifications. If you do not wish that, you must delete the exception notice from such code and/or adjust the licensing conditions notice accordingly. diff --git a/src/main/resources/licenses/dtoa.txt b/src/main/resources/licenses/dtoa.txt new file mode 100644 index 0000000000..6de2b084fc --- /dev/null +++ b/src/main/resources/licenses/dtoa.txt @@ -0,0 +1,14 @@ +The author of this software is David M. Gay. + +Copyright (c) 1991, 2000, 2001 by Lucent Technologies. + +Permission to use, copy, modify, and distribute this software for any +purpose without fee is hereby granted, provided that this entire notice +is included in all copies of any software which is or includes a copy +or modification of this software and in all copies of the supporting +documentation for such software. + +THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED +WARRANTY. IN PARTICULAR, NEITHER THE AUTHOR NOR LUCENT MAKES ANY +REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY +OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE. diff --git a/src/main/resources/licenses/eCos-2.0.txt b/src/main/resources/licenses/eCos-2.0.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/eCos-2.0.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/eCos-exception-2.0.txt b/src/main/resources/licenses/eCos-exception-2.0.txt new file mode 100644 index 0000000000..a0bf0077c5 --- /dev/null +++ b/src/main/resources/licenses/eCos-exception-2.0.txt @@ -0,0 +1,3 @@ +As a special exception, if other files instantiate templates or use macros or inline functions from this file, or you compile this file and link it with other works to produce a work based on this file, this file does not by itself cause the resulting work to be covered by the GNU General Public License. However the source code for this file must still be made available in accordance with section (3) of the GNU General Public License. + +This exception does not invalidate any other reasons why a work based on this file might be covered by the GNU General Public License. diff --git a/src/main/resources/licenses/erlang-otp-linking-exception.txt b/src/main/resources/licenses/erlang-otp-linking-exception.txt new file mode 100644 index 0000000000..ca8b775480 --- /dev/null +++ b/src/main/resources/licenses/erlang-otp-linking-exception.txt @@ -0,0 +1,11 @@ +If you modify this Program, or any covered work, by linking or +combining it with runtime libraries of Erlang/OTP as released by +Ericsson on https://www.erlang.org (or a modified version of these +libraries), containing parts covered by the terms of the Erlang Public +License (https://www.erlang.org/EPLICENSE), the licensors of this +Program grant you additional permission to convey the resulting work +without the need to license the runtime libraries of Erlang/OTP under +the GNU Affero General Public License. Corresponding Source for a +non-source form of such a combination shall include the source code +for the parts of the runtime libraries of Erlang/OTP used as well as +that of the covered work. diff --git a/src/main/resources/licenses/fmt-exception.txt b/src/main/resources/licenses/fmt-exception.txt new file mode 100644 index 0000000000..6036f7d360 --- /dev/null +++ b/src/main/resources/licenses/fmt-exception.txt @@ -0,0 +1,6 @@ +--- Optional exception to the license --- + +As an exception, if, as a result of your compiling your source code, portions +of this Software are embedded into a machine-executable object form of such +source code, you may redistribute such embedded portions in such object form +without including the above copyright and permission notices. diff --git a/src/main/resources/licenses/freertos-exception-2.0.txt b/src/main/resources/licenses/freertos-exception-2.0.txt new file mode 100644 index 0000000000..0105e95971 --- /dev/null +++ b/src/main/resources/licenses/freertos-exception-2.0.txt @@ -0,0 +1,19 @@ +Any FreeRTOS source code, whether modified or in its original release form, or whether in whole or in part, can only be distributed by you under the terms of the GNU General Public License plus this exception. An independent module is a module which is not derived from or based on FreeRTOS. + +EXCEPTION TEXT: + +Clause 1 + +Linking FreeRTOS statically or dynamically with other modules is making a combined work based on FreeRTOS. Thus, the terms and conditions of the GNU General Public License cover the whole combination. + +As a special exception, the copyright holder of FreeRTOS gives you permission to link FreeRTOS with independent modules that communicate with FreeRTOS solely through the FreeRTOS API interface, regardless of the license terms of these independent modules, and to copy and distribute the resulting combined work under terms of your choice, provided that + +Every copy of the combined work is accompanied by a written statement that details to the recipient the version of FreeRTOS used and an offer by yourself to provide the FreeRTOS source code (including any modifications you may have made) should the recipient request it. + +The combined work is not itself an RTOS, scheduler, kernel or related product. + +The independent modules add significant and primary functionality to FreeRTOS and do not merely extend the existing functionality already present in FreeRTOS. + +Clause 2 + +FreeRTOS may not be used for any competitive or comparative purpose, including the publication of any form of run time or compile time metric, without the express permission of Real Time Engineers Ltd. (this is the norm within the industry and is intended to ensure information accuracy). diff --git a/src/main/resources/licenses/fwlw.txt b/src/main/resources/licenses/fwlw.txt new file mode 100644 index 0000000000..472a85a564 --- /dev/null +++ b/src/main/resources/licenses/fwlw.txt @@ -0,0 +1,5 @@ +Copyright (C) 1993,1995 by Donald Arseneau +Vancouver, Canada, email asnd@triumf.ca + +This software package may be freely used, transmitted, reproduced, or modified provided that +this notice is left intact. diff --git a/src/main/resources/licenses/generic-xts.txt b/src/main/resources/licenses/generic-xts.txt new file mode 100644 index 0000000000..bf08a2b421 --- /dev/null +++ b/src/main/resources/licenses/generic-xts.txt @@ -0,0 +1,17 @@ +Copyright (C) 2008, Damien Miller +Copyright (C) 2011, Alex Hornung + +Permission to use, copy, and modify this software with or without fee +is hereby granted, provided that this entire notice is included in +all copies of any software which is or includes a copy or +modification of this software. +You may use this code under the GNU public license if you so wish. Please +contribute changes back to the authors under this freer than GPL license +so that we may further the use of strong encryption without limitations to +all. + +THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR +IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY +REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE +MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR +PURPOSE. diff --git a/src/main/resources/licenses/gnu-javamail-exception.txt b/src/main/resources/licenses/gnu-javamail-exception.txt new file mode 100644 index 0000000000..8f3b9ab0d0 --- /dev/null +++ b/src/main/resources/licenses/gnu-javamail-exception.txt @@ -0,0 +1 @@ +As a special exception, if you link this library with other files to produce an executable, this library does not by itself cause the resulting executable to be covered by the GNU General Public License. This exception does not however invalidate any other reasons why the executable file might be covered by the GNU General Public License. diff --git a/src/main/resources/licenses/gtkbook.txt b/src/main/resources/licenses/gtkbook.txt new file mode 100644 index 0000000000..91215e80d6 --- /dev/null +++ b/src/main/resources/licenses/gtkbook.txt @@ -0,0 +1,6 @@ +Copyright 2005 Syd Logan, All Rights Reserved + +This code is distributed without warranty. You are free to use +this code for any purpose, however, if this code is republished or +redistributed in its original form, as hardcopy or electronically, +then you must include this copyright notice along with the code. diff --git a/src/main/resources/licenses/harbour-exception.txt b/src/main/resources/licenses/harbour-exception.txt new file mode 100644 index 0000000000..25d75e9fc7 --- /dev/null +++ b/src/main/resources/licenses/harbour-exception.txt @@ -0,0 +1,23 @@ +As a special exception, the Harbour Project gives permission for +additional uses of the text contained in its release of Harbour. + +The exception is that, if you link the Harbour libraries with other +files to produce an executable, this does not by itself cause the +resulting executable to be covered by the GNU General Public License. +Your use of that executable is in no way restricted on account of +linking the Harbour library code into it. + +This exception does not however invalidate any other reasons why +the executable file might be covered by the GNU General Public License. + +This exception applies only to the code released by the Harbour +Project under the name Harbour. If you copy code from other +Harbour Project or Free Software Foundation releases into a copy of +Harbour, as the General Public License permits, the exception does +not apply to the code that you add in this way. To avoid misleading +anyone as to the status of such modified files, you must delete +this exception notice from them. + +If you write modifications of your own for Harbour, it is your choice +whether to permit this exception to apply to your modifications. +If you do not wish that, delete this exception notice. diff --git a/src/main/resources/licenses/hdparm.txt b/src/main/resources/licenses/hdparm.txt new file mode 100644 index 0000000000..280a1c0797 --- /dev/null +++ b/src/main/resources/licenses/hdparm.txt @@ -0,0 +1,9 @@ +BSD-Style Open Source License: + +You may freely use, modify, and redistribute the hdparm program, +as either binary or source, or both. + +The only condition is that my name and copyright notice +remain in the source code as-is. + +Mark Lord (mlord@pobox.com) diff --git a/src/main/resources/licenses/i2p-gpl-java-exception.txt b/src/main/resources/licenses/i2p-gpl-java-exception.txt new file mode 100644 index 0000000000..2b7277d778 --- /dev/null +++ b/src/main/resources/licenses/i2p-gpl-java-exception.txt @@ -0,0 +1 @@ +In addition, as a special exception, <> gives permission to link the code of this program with the proprietary Java implementation provided by Sun (or other vendors as well), and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than the proprietary Java implementation. If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. diff --git a/src/main/resources/licenses/libpng-2.0.txt b/src/main/resources/licenses/libpng-2.0.txt index 1cc8b0deb3..72ae6e44ef 100644 --- a/src/main/resources/licenses/libpng-2.0.txt +++ b/src/main/resources/licenses/libpng-2.0.txt @@ -10,7 +10,7 @@ PNG Reference Library License version 2 The software is supplied "as is", without warranty of any kind, express or implied, including, without limitation, the warranties of merchantability, fitness for a particular purpose, title, and -non-infringement. In no even shall the Copyright owners, or +non-infringement. In no event shall the Copyright owners, or anyone distributing the software, be liable for any damages or other liability, whether in contract, tort or otherwise, arising from, out of, or in connection with the software, or the use or diff --git a/src/main/resources/licenses/libpri-OpenH323-exception.txt b/src/main/resources/licenses/libpri-OpenH323-exception.txt new file mode 100644 index 0000000000..490d9596d6 --- /dev/null +++ b/src/main/resources/licenses/libpri-OpenH323-exception.txt @@ -0,0 +1,4 @@ +As a special exception, libpri may also be linked to the +OpenH323 library, so long as the entirity of the derivative +work (as defined within the GPL) is licensed either under +the MPL of the OpenH323 license or the GPL of libpri. diff --git a/src/main/resources/licenses/libutil-David-Nugent.txt b/src/main/resources/licenses/libutil-David-Nugent.txt new file mode 100644 index 0000000000..e04b03e340 --- /dev/null +++ b/src/main/resources/licenses/libutil-David-Nugent.txt @@ -0,0 +1,15 @@ +Copyright (c) 1995 David Nugent +All rights reserved. + + +Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice immediately at the beginning of the file, without modification, this list of conditions, and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +3. This work was done expressly for inclusion into FreeBSD. Other use is permitted provided this notation is included. + +4. Absolutely no warranty of function or purpose is made by the author David Nugent. + +5. Modifications may be freely made to this file providing the above conditions are met. diff --git a/src/main/resources/licenses/licenses.json b/src/main/resources/licenses/licenses.json index 9df08fc794..541444700e 100644 --- a/src/main/resources/licenses/licenses.json +++ b/src/main/resources/licenses/licenses.json @@ -1,11 +1,11 @@ { - "licenseListVersion": "3.21", + "licenseListVersion": "3.26.0", "licenses": [ { "reference": "https://spdx.org/licenses/0BSD.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/0BSD.json", - "referenceNumber": 534, + "referenceNumber": 502, "name": "BSD Zero Clause License", "licenseId": "0BSD", "seeAlso": [ @@ -14,31 +14,48 @@ ], "isOsiApproved": true }, + { + "reference": "https://spdx.org/licenses/3D-Slicer-1.0.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/3D-Slicer-1.0.json", + "referenceNumber": 490, + "name": "3D Slicer License v1.0", + "licenseId": "3D-Slicer-1.0", + "seeAlso": [ + "https://slicer.org/LICENSE", + "https://github.com/Slicer/Slicer/blob/main/License.txt" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/AAL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/AAL.json", - "referenceNumber": 152, + "referenceNumber": 136, "name": "Attribution Assurance License", "licenseId": "AAL", - "seeAlso": ["https://opensource.org/licenses/attribution"], + "seeAlso": [ + "https://opensource.org/licenses/attribution" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/Abstyles.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Abstyles.json", - "referenceNumber": 225, + "referenceNumber": 641, "name": "Abstyles License", "licenseId": "Abstyles", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Abstyles"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Abstyles" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/AdaCore-doc.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/AdaCore-doc.json", - "referenceNumber": 396, + "referenceNumber": 403, "name": "AdaCore Doc License", "licenseId": "AdaCore-doc", "seeAlso": [ @@ -52,398 +69,526 @@ "reference": "https://spdx.org/licenses/Adobe-2006.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Adobe-2006.json", - "referenceNumber": 106, + "referenceNumber": 131, "name": "Adobe Systems Incorporated Source Code License Agreement", "licenseId": "Adobe-2006", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/AdobeLicense"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/AdobeLicense" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Adobe-Display-PostScript.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Adobe-Display-PostScript.json", + "referenceNumber": 366, + "name": "Adobe Display PostScript License", + "licenseId": "Adobe-Display-PostScript", + "seeAlso": [ + "https://gitlab.freedesktop.org/xorg/xserver/-/blob/master/COPYING?ref_type\u003dheads#L752" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Adobe-Glyph.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Adobe-Glyph.json", - "referenceNumber": 92, + "referenceNumber": 510, "name": "Adobe Glyph List License", "licenseId": "Adobe-Glyph", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/MIT#AdobeGlyph"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/MIT#AdobeGlyph" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Adobe-Utopia.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Adobe-Utopia.json", + "referenceNumber": 591, + "name": "Adobe Utopia Font License", + "licenseId": "Adobe-Utopia", + "seeAlso": [ + "https://gitlab.freedesktop.org/xorg/font/adobe-utopia-100dpi/-/blob/master/COPYING?ref_type\u003dheads" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/ADSL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/ADSL.json", - "referenceNumber": 73, + "referenceNumber": 45, "name": "Amazon Digital Services License", "licenseId": "ADSL", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/AmazonDigitalServicesLicense"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/AmazonDigitalServicesLicense" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/AFL-1.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/AFL-1.1.json", - "referenceNumber": 463, + "referenceNumber": 428, "name": "Academic Free License v1.1", "licenseId": "AFL-1.1", "seeAlso": [ "http://opensource.linux-mirror.org/licenses/afl-1.1.txt", "http://wayback.archive.org/web/20021004124254/http://www.opensource.org/licenses/academic.php" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/AFL-1.2.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/AFL-1.2.json", - "referenceNumber": 306, + "referenceNumber": 292, "name": "Academic Free License v1.2", "licenseId": "AFL-1.2", "seeAlso": [ "http://opensource.linux-mirror.org/licenses/afl-1.2.txt", "http://wayback.archive.org/web/20021204204652/http://www.opensource.org/licenses/academic.php" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/AFL-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/AFL-2.0.json", - "referenceNumber": 154, + "referenceNumber": 356, "name": "Academic Free License v2.0", "licenseId": "AFL-2.0", - "seeAlso": ["http://wayback.archive.org/web/20060924134533/http://www.opensource.org/licenses/afl-2.0.txt"], - "isOsiApproved": true + "seeAlso": [ + "http://wayback.archive.org/web/20060924134533/http://www.opensource.org/licenses/afl-2.0.txt" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/AFL-2.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/AFL-2.1.json", - "referenceNumber": 305, + "referenceNumber": 219, "name": "Academic Free License v2.1", "licenseId": "AFL-2.1", - "seeAlso": ["http://opensource.linux-mirror.org/licenses/afl-2.1.txt"], - "isOsiApproved": true + "seeAlso": [ + "http://opensource.linux-mirror.org/licenses/afl-2.1.txt" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/AFL-3.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/AFL-3.0.json", - "referenceNumber": 502, + "referenceNumber": 121, "name": "Academic Free License v3.0", "licenseId": "AFL-3.0", "seeAlso": [ "http://www.rosenlaw.com/AFL3.0.htm", "https://opensource.org/licenses/afl-3.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Afmparse.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Afmparse.json", - "referenceNumber": 111, + "referenceNumber": 328, "name": "Afmparse License", "licenseId": "Afmparse", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Afmparse"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Afmparse" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/AGPL-1.0.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/AGPL-1.0.json", - "referenceNumber": 256, + "referenceNumber": 326, "name": "Affero General Public License v1.0", "licenseId": "AGPL-1.0", - "seeAlso": ["http://www.affero.org/oagpl.html"], - "isOsiApproved": false + "seeAlso": [ + "http://www.affero.org/oagpl.html" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/AGPL-1.0-only.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/AGPL-1.0-only.json", - "referenceNumber": 389, + "referenceNumber": 404, "name": "Affero General Public License v1.0 only", "licenseId": "AGPL-1.0-only", - "seeAlso": ["http://www.affero.org/oagpl.html"], + "seeAlso": [ + "http://www.affero.org/oagpl.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/AGPL-1.0-or-later.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/AGPL-1.0-or-later.json", - "referenceNumber": 35, + "referenceNumber": 444, "name": "Affero General Public License v1.0 or later", "licenseId": "AGPL-1.0-or-later", - "seeAlso": ["http://www.affero.org/oagpl.html"], + "seeAlso": [ + "http://www.affero.org/oagpl.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/AGPL-3.0.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/AGPL-3.0.json", - "referenceNumber": 232, + "referenceNumber": 517, "name": "GNU Affero General Public License v3.0", "licenseId": "AGPL-3.0", "seeAlso": [ "https://www.gnu.org/licenses/agpl.txt", "https://opensource.org/licenses/AGPL-3.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/AGPL-3.0-only.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/AGPL-3.0-only.json", - "referenceNumber": 34, + "referenceNumber": 180, "name": "GNU Affero General Public License v3.0 only", "licenseId": "AGPL-3.0-only", "seeAlso": [ "https://www.gnu.org/licenses/agpl.txt", "https://opensource.org/licenses/AGPL-3.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/AGPL-3.0-or-later.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/AGPL-3.0-or-later.json", - "referenceNumber": 217, + "referenceNumber": 543, "name": "GNU Affero General Public License v3.0 or later", "licenseId": "AGPL-3.0-or-later", "seeAlso": [ "https://www.gnu.org/licenses/agpl.txt", "https://opensource.org/licenses/AGPL-3.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Aladdin.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/Aladdin.json", - "referenceNumber": 63, + "referenceNumber": 67, "name": "Aladdin Free Public License", "licenseId": "Aladdin", - "seeAlso": ["http://pages.cs.wisc.edu/~ghost/doc/AFPL/6.01/Public.htm"], + "seeAlso": [ + "http://pages.cs.wisc.edu/~ghost/doc/AFPL/6.01/Public.htm" + ], + "isOsiApproved": false, + "isFsfLibre": false + }, + { + "reference": "https://spdx.org/licenses/AMD-newlib.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/AMD-newlib.json", + "referenceNumber": 413, + "name": "AMD newlib License", + "licenseId": "AMD-newlib", + "seeAlso": [ + "https://sourceware.org/git/?p\u003dnewlib-cygwin.git;a\u003dblob;f\u003dnewlib/libc/sys/a29khif/_close.S;h\u003d04f52ae00de1dafbd9055ad8d73c5c697a3aae7f;hb\u003dHEAD" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/AMDPLPA.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/AMDPLPA.json", - "referenceNumber": 386, - "name": "AMD's plpa_map.c License", + "referenceNumber": 529, + "name": "AMD\u0027s plpa_map.c License", "licenseId": "AMDPLPA", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/AMD_plpa_map_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/AMD_plpa_map_License" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/AML.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/AML.json", - "referenceNumber": 147, + "referenceNumber": 553, "name": "Apple MIT License", "licenseId": "AML", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Apple_MIT_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Apple_MIT_License" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/AML-glslang.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/AML-glslang.json", + "referenceNumber": 27, + "name": "AML glslang variant License", + "licenseId": "AML-glslang", + "seeAlso": [ + "https://github.com/KhronosGroup/glslang/blob/main/LICENSE.txt#L949", + "https://docs.omniverse.nvidia.com/install-guide/latest/common/licenses.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/AMPAS.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/AMPAS.json", - "referenceNumber": 90, + "referenceNumber": 79, "name": "Academy of Motion Picture Arts and Sciences BSD", "licenseId": "AMPAS", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/BSD#AMPASBSD"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/BSD#AMPASBSD" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/ANTLR-PD.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/ANTLR-PD.json", - "referenceNumber": 448, + "referenceNumber": 454, "name": "ANTLR Software Rights Notice", "licenseId": "ANTLR-PD", - "seeAlso": ["http://www.antlr2.org/license.html"], + "seeAlso": [ + "http://www.antlr2.org/license.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/ANTLR-PD-fallback.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/ANTLR-PD-fallback.json", - "referenceNumber": 201, + "referenceNumber": 635, "name": "ANTLR Software Rights Notice with license fallback", "licenseId": "ANTLR-PD-fallback", - "seeAlso": ["http://www.antlr2.org/license.html"], + "seeAlso": [ + "http://www.antlr2.org/license.html" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/any-OSI.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/any-OSI.json", + "referenceNumber": 117, + "name": "Any OSI License", + "licenseId": "any-OSI", + "seeAlso": [ + "https://metacpan.org/pod/Exporter::Tidy#LICENSE" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/any-OSI-perl-modules.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/any-OSI-perl-modules.json", + "referenceNumber": 286, + "name": "Any OSI License - Perl Modules", + "licenseId": "any-OSI-perl-modules", + "seeAlso": [ + "https://metacpan.org/release/JUERD/Exporter-Tidy-0.09/view/Tidy.pm#LICENSE", + "https://metacpan.org/pod/Qmail::Deliverable::Client#LICENSE", + "https://metacpan.org/pod/Net::MQTT::Simple#LICENSE" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Apache-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Apache-1.0.json", - "referenceNumber": 434, + "referenceNumber": 347, "name": "Apache License 1.0", "licenseId": "Apache-1.0", - "seeAlso": ["http://www.apache.org/licenses/LICENSE-1.0"], - "isOsiApproved": false + "seeAlso": [ + "http://www.apache.org/licenses/LICENSE-1.0" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Apache-1.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Apache-1.1.json", - "referenceNumber": 524, + "referenceNumber": 628, "name": "Apache License 1.1", "licenseId": "Apache-1.1", "seeAlso": [ "http://apache.org/licenses/LICENSE-1.1", "https://opensource.org/licenses/Apache-1.1" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Apache-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Apache-2.0.json", - "referenceNumber": 264, + "referenceNumber": 418, "name": "Apache License 2.0", "licenseId": "Apache-2.0", "seeAlso": [ "https://www.apache.org/licenses/LICENSE-2.0", "https://opensource.org/licenses/Apache-2.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/APAFML.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/APAFML.json", - "referenceNumber": 184, + "referenceNumber": 575, "name": "Adobe Postscript AFM License", "licenseId": "APAFML", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/AdobePostscriptAFM"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/AdobePostscriptAFM" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/APL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/APL-1.0.json", - "referenceNumber": 410, + "referenceNumber": 233, "name": "Adaptive Public License 1.0", "licenseId": "APL-1.0", - "seeAlso": ["https://opensource.org/licenses/APL-1.0"], + "seeAlso": [ + "https://opensource.org/licenses/APL-1.0" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/App-s2p.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/App-s2p.json", - "referenceNumber": 150, + "referenceNumber": 612, "name": "App::s2p License", "licenseId": "App-s2p", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/App-s2p"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/App-s2p" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/APSL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/APSL-1.0.json", - "referenceNumber": 177, + "referenceNumber": 263, "name": "Apple Public Source License 1.0", "licenseId": "APSL-1.0", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Apple_Public_Source_License_1.0"], - "isOsiApproved": true + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Apple_Public_Source_License_1.0" + ], + "isOsiApproved": true, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/APSL-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/APSL-1.1.json", - "referenceNumber": 536, + "referenceNumber": 381, "name": "Apple Public Source License 1.1", "licenseId": "APSL-1.1", - "seeAlso": ["http://www.opensource.apple.com/source/IOSerialFamily/IOSerialFamily-7/APPLE_LICENSE"], + "seeAlso": [ + "http://www.opensource.apple.com/source/IOSerialFamily/IOSerialFamily-7/APPLE_LICENSE" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/APSL-1.2.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/APSL-1.2.json", - "referenceNumber": 479, + "referenceNumber": 262, "name": "Apple Public Source License 1.2", "licenseId": "APSL-1.2", - "seeAlso": ["http://www.samurajdata.se/opensource/mirror/licenses/apsl.php"], + "seeAlso": [ + "http://www.samurajdata.se/opensource/mirror/licenses/apsl.php" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/APSL-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/APSL-2.0.json", - "referenceNumber": 183, + "referenceNumber": 438, "name": "Apple Public Source License 2.0", "licenseId": "APSL-2.0", - "seeAlso": ["http://www.opensource.apple.com/license/apsl/"], - "isOsiApproved": true + "seeAlso": [ + "http://www.opensource.apple.com/license/apsl/" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Arphic-1999.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Arphic-1999.json", - "referenceNumber": 78, + "referenceNumber": 122, "name": "Arphic Public License", "licenseId": "Arphic-1999", - "seeAlso": ["http://ftp.gnu.org/gnu/non-gnu/chinese-fonts-truetype/LICENSE"], + "seeAlso": [ + "http://ftp.gnu.org/gnu/non-gnu/chinese-fonts-truetype/LICENSE" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Artistic-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/Artistic-1.0.json", - "referenceNumber": 282, + "referenceNumber": 580, "name": "Artistic License 1.0", "licenseId": "Artistic-1.0", - "seeAlso": ["https://opensource.org/licenses/Artistic-1.0"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/Artistic-1.0" + ], + "isOsiApproved": true, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/Artistic-1.0-cl8.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Artistic-1.0-cl8.json", - "referenceNumber": 210, + "referenceNumber": 205, "name": "Artistic License 1.0 w/clause 8", "licenseId": "Artistic-1.0-cl8", - "seeAlso": ["https://opensource.org/licenses/Artistic-1.0"], + "seeAlso": [ + "https://opensource.org/licenses/Artistic-1.0" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/Artistic-1.0-Perl.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Artistic-1.0-Perl.json", - "referenceNumber": 550, + "referenceNumber": 183, "name": "Artistic License 1.0 (Perl)", "licenseId": "Artistic-1.0-Perl", - "seeAlso": ["http://dev.perl.org/licenses/artistic.html"], + "seeAlso": [ + "http://dev.perl.org/licenses/artistic.html" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/Artistic-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Artistic-2.0.json", - "referenceNumber": 148, + "referenceNumber": 519, "name": "Artistic License 2.0", "licenseId": "Artistic-2.0", "seeAlso": [ @@ -451,63 +596,86 @@ "https://www.perlfoundation.org/artistic-license-20.html", "https://opensource.org/licenses/artistic-license-2.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/ASWF-Digital-Assets-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/ASWF-Digital-Assets-1.0.json", - "referenceNumber": 277, + "referenceNumber": 380, "name": "ASWF Digital Assets License version 1.0", "licenseId": "ASWF-Digital-Assets-1.0", - "seeAlso": ["https://github.com/AcademySoftwareFoundation/foundation/blob/main/digital_assets/aswf_digital_assets_license_v1.0.txt"], + "seeAlso": [ + "https://github.com/AcademySoftwareFoundation/foundation/blob/main/digital_assets/aswf_digital_assets_license_v1.0.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/ASWF-Digital-Assets-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/ASWF-Digital-Assets-1.1.json", - "referenceNumber": 266, + "referenceNumber": 7, "name": "ASWF Digital Assets License 1.1", "licenseId": "ASWF-Digital-Assets-1.1", - "seeAlso": ["https://github.com/AcademySoftwareFoundation/foundation/blob/main/digital_assets/aswf_digital_assets_license_v1.1.txt"], + "seeAlso": [ + "https://github.com/AcademySoftwareFoundation/foundation/blob/main/digital_assets/aswf_digital_assets_license_v1.1.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Baekmuk.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Baekmuk.json", - "referenceNumber": 76, + "referenceNumber": 434, "name": "Baekmuk License", "licenseId": "Baekmuk", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing:Baekmuk?rd=Licensing/Baekmuk"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing:Baekmuk?rd\u003dLicensing/Baekmuk" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Bahyph.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Bahyph.json", - "referenceNumber": 4, + "referenceNumber": 312, "name": "Bahyph License", "licenseId": "Bahyph", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Bahyph"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Bahyph" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Barr.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Barr.json", - "referenceNumber": 401, + "referenceNumber": 93, "name": "Barr License", "licenseId": "Barr", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Barr"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Barr" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/bcrypt-Solar-Designer.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/bcrypt-Solar-Designer.json", + "referenceNumber": 624, + "name": "bcrypt Solar Designer License", + "licenseId": "bcrypt-Solar-Designer", + "seeAlso": [ + "https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/ext/mri/crypt_blowfish.c" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Beerware.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Beerware.json", - "referenceNumber": 487, + "referenceNumber": 429, "name": "Beerware License", "licenseId": "Beerware", "seeAlso": [ @@ -520,7 +688,7 @@ "reference": "https://spdx.org/licenses/Bitstream-Charter.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Bitstream-Charter.json", - "referenceNumber": 175, + "referenceNumber": 530, "name": "Bitstream Charter Font License", "licenseId": "Bitstream-Charter", "seeAlso": [ @@ -533,7 +701,7 @@ "reference": "https://spdx.org/licenses/Bitstream-Vera.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Bitstream-Vera.json", - "referenceNumber": 505, + "referenceNumber": 194, "name": "Bitstream Vera Font License", "licenseId": "Bitstream-Vera", "seeAlso": [ @@ -546,32 +714,36 @@ "reference": "https://spdx.org/licenses/BitTorrent-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BitTorrent-1.0.json", - "referenceNumber": 500, + "referenceNumber": 669, "name": "BitTorrent Open Source License v1.0", "licenseId": "BitTorrent-1.0", - "seeAlso": ["http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/licenses/BitTorrent?r1=1.1&r2=1.1.1.1&diff_format=s"], + "seeAlso": [ + "http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/licenses/BitTorrent?r1\u003d1.1\u0026r2\u003d1.1.1.1\u0026diff_format\u003ds" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BitTorrent-1.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/BitTorrent-1.1.json", - "referenceNumber": 77, + "referenceNumber": 583, "name": "BitTorrent Open Source License v1.1", "licenseId": "BitTorrent-1.1", - "seeAlso": ["http://directory.fsf.org/wiki/License:BitTorrentOSL1.1"], - "isOsiApproved": false + "seeAlso": [ + "http://directory.fsf.org/wiki/License:BitTorrentOSL1.1" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/blessing.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/blessing.json", - "referenceNumber": 444, + "referenceNumber": 667, "name": "SQLite Blessing", "licenseId": "blessing", "seeAlso": [ - "https://www.sqlite.org/src/artifact/e33a4df7e32d742a?ln=4-9", + "https://www.sqlite.org/src/artifact/e33a4df7e32d742a?ln\u003d4-9", "https://sqlite.org/src/artifact/df5091916dbb40e6" ], "isOsiApproved": false @@ -580,17 +752,19 @@ "reference": "https://spdx.org/licenses/BlueOak-1.0.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BlueOak-1.0.0.json", - "referenceNumber": 428, + "referenceNumber": 191, "name": "Blue Oak Model License 1.0.0", "licenseId": "BlueOak-1.0.0", - "seeAlso": ["https://blueoakcouncil.org/license/1.0.0"], - "isOsiApproved": false + "seeAlso": [ + "https://blueoakcouncil.org/license/1.0.0" + ], + "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/Boehm-GC.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Boehm-GC.json", - "referenceNumber": 314, + "referenceNumber": 540, "name": "Boehm-Demers-Weiser GC License", "licenseId": "Boehm-GC", "seeAlso": [ @@ -600,84 +774,148 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/Boehm-GC-without-fee.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Boehm-GC-without-fee.json", + "referenceNumber": 606, + "name": "Boehm-Demers-Weiser GC License (without fee)", + "licenseId": "Boehm-GC-without-fee", + "seeAlso": [ + "https://github.com/MariaDB/server/blob/11.6/libmysqld/lib_sql.cc" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/Borceux.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Borceux.json", - "referenceNumber": 327, + "referenceNumber": 500, "name": "Borceux license", "licenseId": "Borceux", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Borceux"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Borceux" + ], "isOsiApproved": false }, { - "reference": "https://spdx.org/licenses/Brian-Gladman-3-Clause.html", + "reference": "https://spdx.org/licenses/Brian-Gladman-2-Clause.html", "isDeprecatedLicenseId": false, - "detailsUrl": "https://spdx.org/licenses/Brian-Gladman-3-Clause.json", - "referenceNumber": 131, + "detailsUrl": "https://spdx.org/licenses/Brian-Gladman-2-Clause.json", + "referenceNumber": 582, + "name": "Brian Gladman 2-Clause License", + "licenseId": "Brian-Gladman-2-Clause", + "seeAlso": [ + "https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L140-L156", + "https://web.mit.edu/kerberos/krb5-1.21/doc/mitK5license.html" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Brian-Gladman-3-Clause.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Brian-Gladman-3-Clause.json", + "referenceNumber": 360, "name": "Brian Gladman 3-Clause License", "licenseId": "Brian-Gladman-3-Clause", - "seeAlso": ["https://github.com/SWI-Prolog/packages-clib/blob/master/sha1/brg_endian.h"], + "seeAlso": [ + "https://github.com/SWI-Prolog/packages-clib/blob/master/sha1/brg_endian.h" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-1-Clause.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-1-Clause.json", - "referenceNumber": 200, + "referenceNumber": 101, "name": "BSD 1-Clause License", "licenseId": "BSD-1-Clause", - "seeAlso": ["https://svnweb.freebsd.org/base/head/include/ifaddrs.h?revision=326823"], + "seeAlso": [ + "https://svnweb.freebsd.org/base/head/include/ifaddrs.h?revision\u003d326823" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/BSD-2-Clause.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause.json", - "referenceNumber": 269, + "referenceNumber": 61, "name": "BSD 2-Clause \"Simplified\" License", "licenseId": "BSD-2-Clause", - "seeAlso": ["https://opensource.org/licenses/BSD-2-Clause"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/BSD-2-Clause" + ], + "isOsiApproved": true, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/BSD-2-Clause-Darwin.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-Darwin.json", + "referenceNumber": 300, + "name": "BSD 2-Clause - Ian Darwin variant", + "licenseId": "BSD-2-Clause-Darwin", + "seeAlso": [ + "https://github.com/file/file/blob/master/COPYING" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/BSD-2-Clause-first-lines.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-first-lines.json", + "referenceNumber": 271, + "name": "BSD 2-Clause - first lines requirement", + "licenseId": "BSD-2-Clause-first-lines", + "seeAlso": [ + "https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L664-L690", + "https://web.mit.edu/kerberos/krb5-1.21/doc/mitK5license.html" + ], + "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-2-Clause-FreeBSD.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-FreeBSD.json", - "referenceNumber": 22, + "referenceNumber": 388, "name": "BSD 2-Clause FreeBSD License", "licenseId": "BSD-2-Clause-FreeBSD", - "seeAlso": ["http://www.freebsd.org/copyright/freebsd-license.html"], - "isOsiApproved": false + "seeAlso": [ + "http://www.freebsd.org/copyright/freebsd-license.html" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/BSD-2-Clause-NetBSD.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-NetBSD.json", - "referenceNumber": 365, + "referenceNumber": 230, "name": "BSD 2-Clause NetBSD License", "licenseId": "BSD-2-Clause-NetBSD", - "seeAlso": ["http://www.netbsd.org/about/redistribution.html#default"], - "isOsiApproved": false + "seeAlso": [ + "http://www.netbsd.org/about/redistribution.html#default" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/BSD-2-Clause-Patent.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-Patent.json", - "referenceNumber": 494, + "referenceNumber": 601, "name": "BSD-2-Clause Plus Patent License", "licenseId": "BSD-2-Clause-Patent", - "seeAlso": ["https://opensource.org/licenses/BSDplusPatent"], + "seeAlso": [ + "https://opensource.org/licenses/BSDplusPatent" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/BSD-2-Clause-Views.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-Views.json", - "referenceNumber": 552, + "referenceNumber": 568, "name": "BSD 2-Clause with views sentence", "licenseId": "BSD-2-Clause-Views", "seeAlso": [ @@ -690,63 +928,107 @@ { "reference": "https://spdx.org/licenses/BSD-3-Clause.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause.json", - "referenceNumber": 320, + "referenceNumber": 258, "name": "BSD 3-Clause \"New\" or \"Revised\" License", "licenseId": "BSD-3-Clause", "seeAlso": [ "https://opensource.org/licenses/BSD-3-Clause", "https://www.eclipse.org/org/documents/edl-v10.php" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/BSD-3-Clause-acpica.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-acpica.json", + "referenceNumber": 613, + "name": "BSD 3-Clause acpica variant", + "licenseId": "BSD-3-Clause-acpica", + "seeAlso": [ + "https://github.com/acpica/acpica/blob/master/source/common/acfileio.c#L119" + ], + "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-3-Clause-Attribution.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Attribution.json", - "referenceNumber": 195, + "referenceNumber": 511, "name": "BSD with attribution", "licenseId": "BSD-3-Clause-Attribution", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/BSD_with_Attribution"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/BSD_with_Attribution" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-3-Clause-Clear.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Clear.json", - "referenceNumber": 233, + "referenceNumber": 26, "name": "BSD 3-Clause Clear License", "licenseId": "BSD-3-Clause-Clear", - "seeAlso": ["http://labs.metacarta.com/license-explanation.html#license"], + "seeAlso": [ + "http://labs.metacarta.com/license-explanation.html#license" + ], + "isOsiApproved": false, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/BSD-3-Clause-flex.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-flex.json", + "referenceNumber": 99, + "name": "BSD 3-Clause Flex variant", + "licenseId": "BSD-3-Clause-flex", + "seeAlso": [ + "https://github.com/westes/flex/blob/master/COPYING" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/BSD-3-Clause-HP.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-HP.json", + "referenceNumber": 346, + "name": "Hewlett-Packard BSD variant license", + "licenseId": "BSD-3-Clause-HP", + "seeAlso": [ + "https://github.com/zdohnal/hplip/blob/master/COPYING#L939" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-3-Clause-LBNL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-LBNL.json", - "referenceNumber": 45, + "referenceNumber": 243, "name": "Lawrence Berkeley National Labs BSD variant license", "licenseId": "BSD-3-Clause-LBNL", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/LBNLBSD"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/LBNLBSD" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/BSD-3-Clause-Modification.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Modification.json", - "referenceNumber": 202, + "referenceNumber": 489, "name": "BSD 3-Clause Modification", "licenseId": "BSD-3-Clause-Modification", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing:BSD#Modification_Variant"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing:BSD#Modification_Variant" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Military-License.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Military-License.json", - "referenceNumber": 341, + "referenceNumber": 102, "name": "BSD 3-Clause No Military License", "licenseId": "BSD-3-Clause-No-Military-License", "seeAlso": [ @@ -759,37 +1041,43 @@ "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License.json", - "referenceNumber": 331, + "referenceNumber": 545, "name": "BSD 3-Clause No Nuclear License", "licenseId": "BSD-3-Clause-No-Nuclear-License", - "seeAlso": ["http://download.oracle.com/otn-pub/java/licenses/bsd.txt?AuthParam=1467140197_43d516ce1776bd08a58235a7785be1cc"], + "seeAlso": [ + "http://download.oracle.com/otn-pub/java/licenses/bsd.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License-2014.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License-2014.json", - "referenceNumber": 442, + "referenceNumber": 185, "name": "BSD 3-Clause No Nuclear License 2014", "licenseId": "BSD-3-Clause-No-Nuclear-License-2014", - "seeAlso": ["https://java.net/projects/javaeetutorial/pages/BerkeleyLicense"], + "seeAlso": [ + "https://java.net/projects/javaeetutorial/pages/BerkeleyLicense" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-Warranty.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-Warranty.json", - "referenceNumber": 79, + "referenceNumber": 465, "name": "BSD 3-Clause No Nuclear Warranty", "licenseId": "BSD-3-Clause-No-Nuclear-Warranty", - "seeAlso": ["https://jogamp.org/git/?p=gluegen.git;a=blob_plain;f=LICENSE.txt"], + "seeAlso": [ + "https://jogamp.org/git/?p\u003dgluegen.git;a\u003dblob_plain;f\u003dLICENSE.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-3-Clause-Open-MPI.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Open-MPI.json", - "referenceNumber": 483, + "referenceNumber": 108, "name": "BSD 3-Clause Open MPI variant", "licenseId": "BSD-3-Clause-Open-MPI", "seeAlso": [ @@ -798,57 +1086,78 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/BSD-3-Clause-Sun.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Sun.json", + "referenceNumber": 496, + "name": "BSD 3-Clause Sun Microsystems", + "licenseId": "BSD-3-Clause-Sun", + "seeAlso": [ + "https://github.com/xmlark/msv/blob/b9316e2f2270bc1606952ea4939ec87fbba157f3/xsdlib/src/main/java/com/sun/msv/datatype/regexp/InternalImpl.java" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/BSD-4-Clause.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/BSD-4-Clause.json", - "referenceNumber": 471, + "referenceNumber": 416, "name": "BSD 4-Clause \"Original\" or \"Old\" License", "licenseId": "BSD-4-Clause", - "seeAlso": ["http://directory.fsf.org/wiki/License:BSD_4Clause"], - "isOsiApproved": false + "seeAlso": [ + "http://directory.fsf.org/wiki/License:BSD_4Clause" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/BSD-4-Clause-Shortened.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-4-Clause-Shortened.json", - "referenceNumber": 41, + "referenceNumber": 387, "name": "BSD 4 Clause Shortened", "licenseId": "BSD-4-Clause-Shortened", - "seeAlso": ["https://metadata.ftp-master.debian.org/changelogs//main/a/arpwatch/arpwatch_2.1a15-7_copyright"], + "seeAlso": [ + "https://metadata.ftp-master.debian.org/changelogs//main/a/arpwatch/arpwatch_2.1a15-7_copyright" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-4-Clause-UC.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-4-Clause-UC.json", - "referenceNumber": 160, + "referenceNumber": 123, "name": "BSD-4-Clause (University of California-Specific)", "licenseId": "BSD-4-Clause-UC", - "seeAlso": ["http://www.freebsd.org/copyright/license.html"], + "seeAlso": [ + "http://www.freebsd.org/copyright/license.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-4.3RENO.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-4.3RENO.json", - "referenceNumber": 130, + "referenceNumber": 373, "name": "BSD 4.3 RENO License", "licenseId": "BSD-4.3RENO", - "seeAlso": ["https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=libiberty/strcasecmp.c;h=131d81c2ce7881fa48c363dc5bf5fb302c61ce0b;hb=HEAD"], + "seeAlso": [ + "https://sourceware.org/git/?p\u003dbinutils-gdb.git;a\u003dblob;f\u003dlibiberty/strcasecmp.c;h\u003d131d81c2ce7881fa48c363dc5bf5fb302c61ce0b;hb\u003dHEAD", + "https://git.openldap.org/openldap/openldap/-/blob/master/COPYRIGHT#L55-63" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-4.3TAHOE.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-4.3TAHOE.json", - "referenceNumber": 507, + "referenceNumber": 355, "name": "BSD 4.3 TAHOE License", "licenseId": "BSD-4.3TAHOE", "seeAlso": [ "https://github.com/389ds/389-ds-base/blob/main/ldap/include/sysexits-compat.h#L15", - "https://git.savannah.gnu.org/cgit/indent.git/tree/doc/indent.texi?id=a74c6b4ee49397cf330b333da1042bffa60ed14f#n1788" + "https://git.savannah.gnu.org/cgit/indent.git/tree/doc/indent.texi?id\u003da74c6b4ee49397cf330b333da1042bffa60ed14f#n1788" ], "isOsiApproved": false }, @@ -856,71 +1165,129 @@ "reference": "https://spdx.org/licenses/BSD-Advertising-Acknowledgement.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-Advertising-Acknowledgement.json", - "referenceNumber": 367, + "referenceNumber": 488, "name": "BSD Advertising Acknowledgement License", "licenseId": "BSD-Advertising-Acknowledgement", - "seeAlso": ["https://github.com/python-excel/xlrd/blob/master/LICENSE#L33"], + "seeAlso": [ + "https://github.com/python-excel/xlrd/blob/master/LICENSE#L33" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-Attribution-HPND-disclaimer.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-Attribution-HPND-disclaimer.json", - "referenceNumber": 280, + "referenceNumber": 69, "name": "BSD with Attribution and HPND disclaimer", "licenseId": "BSD-Attribution-HPND-disclaimer", - "seeAlso": ["https://github.com/cyrusimap/cyrus-sasl/blob/master/COPYING"], + "seeAlso": [ + "https://github.com/cyrusimap/cyrus-sasl/blob/master/COPYING" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/BSD-Inferno-Nettverk.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/BSD-Inferno-Nettverk.json", + "referenceNumber": 197, + "name": "BSD-Inferno-Nettverk", + "licenseId": "BSD-Inferno-Nettverk", + "seeAlso": [ + "https://www.inet.no/dante/LICENSE" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-Protection.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-Protection.json", - "referenceNumber": 126, + "referenceNumber": 546, "name": "BSD Protection License", "licenseId": "BSD-Protection", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/BSD_Protection_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/BSD_Protection_License" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/BSD-Source-beginning-file.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/BSD-Source-beginning-file.json", + "referenceNumber": 421, + "name": "BSD Source Code Attribution - beginning of file variant", + "licenseId": "BSD-Source-beginning-file", + "seeAlso": [ + "https://github.com/lattera/freebsd/blob/master/sys/cam/cam.c#L4" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSD-Source-Code.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BSD-Source-Code.json", - "referenceNumber": 397, + "referenceNumber": 214, "name": "BSD Source Code Attribution", "licenseId": "BSD-Source-Code", - "seeAlso": ["https://github.com/robbiehanson/CocoaHTTPServer/blob/master/LICENSE.txt"], + "seeAlso": [ + "https://github.com/robbiehanson/CocoaHTTPServer/blob/master/LICENSE.txt" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/BSD-Systemics.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/BSD-Systemics.json", + "referenceNumber": 160, + "name": "Systemics BSD variant license", + "licenseId": "BSD-Systemics", + "seeAlso": [ + "https://metacpan.org/release/DPARIS/Crypt-DES-2.07/source/COPYRIGHT" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/BSD-Systemics-W3Works.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/BSD-Systemics-W3Works.json", + "referenceNumber": 652, + "name": "Systemics W3Works BSD variant license", + "licenseId": "BSD-Systemics-W3Works", + "seeAlso": [ + "https://metacpan.org/release/DPARIS/Crypt-Blowfish-2.14/source/COPYRIGHT#L7" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/BSL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/BSL-1.0.json", - "referenceNumber": 467, + "referenceNumber": 272, "name": "Boost Software License 1.0", "licenseId": "BSL-1.0", "seeAlso": [ "http://www.boost.org/LICENSE_1_0.txt", "https://opensource.org/licenses/BSL-1.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/BUSL-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/BUSL-1.1.json", - "referenceNumber": 255, + "referenceNumber": 318, "name": "Business Source License 1.1", "licenseId": "BUSL-1.1", - "seeAlso": ["https://mariadb.com/bsl11/"], + "seeAlso": [ + "https://mariadb.com/bsl11/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/bzip2-1.0.5.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/bzip2-1.0.5.json", - "referenceNumber": 245, + "referenceNumber": 556, "name": "bzip2 and libbzip2 License v1.0.5", "licenseId": "bzip2-1.0.5", "seeAlso": [ @@ -933,12 +1300,13 @@ "reference": "https://spdx.org/licenses/bzip2-1.0.6.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/bzip2-1.0.6.json", - "referenceNumber": 392, + "referenceNumber": 638, "name": "bzip2 and libbzip2 License v1.0.6", "licenseId": "bzip2-1.0.6", "seeAlso": [ - "https://sourceware.org/git/?p=bzip2.git;a=blob;f=LICENSE;hb=bzip2-1.0.6", - "http://bzip.org/1.0.5/bzip2-manual-1.0.5.html" + "https://sourceware.org/git/?p\u003dbzip2.git;a\u003dblob;f\u003dLICENSE;hb\u003dbzip2-1.0.6", + "http://bzip.org/1.0.5/bzip2-manual-1.0.5.html", + "https://sourceware.org/cgit/valgrind/tree/mpi/libmpiwrap.c" ], "isOsiApproved": false }, @@ -946,7 +1314,7 @@ "reference": "https://spdx.org/licenses/C-UDA-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/C-UDA-1.0.json", - "referenceNumber": 191, + "referenceNumber": 345, "name": "Computational Use of Data Agreement v1.0", "licenseId": "C-UDA-1.0", "seeAlso": [ @@ -959,7 +1327,7 @@ "reference": "https://spdx.org/licenses/CAL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CAL-1.0.json", - "referenceNumber": 551, + "referenceNumber": 137, "name": "Cryptographic Autonomy License 1.0", "licenseId": "CAL-1.0", "seeAlso": [ @@ -972,7 +1340,7 @@ "reference": "https://spdx.org/licenses/CAL-1.0-Combined-Work-Exception.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CAL-1.0-Combined-Work-Exception.json", - "referenceNumber": 316, + "referenceNumber": 660, "name": "Cryptographic Autonomy License 1.0 (Combined Work Exception)", "licenseId": "CAL-1.0-Combined-Work-Exception", "seeAlso": [ @@ -985,571 +1353,742 @@ "reference": "https://spdx.org/licenses/Caldera.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Caldera.json", - "referenceNumber": 178, + "referenceNumber": 323, "name": "Caldera License", "licenseId": "Caldera", - "seeAlso": ["http://www.lemis.com/grog/UNIX/ancient-source-all.pdf"], + "seeAlso": [ + "http://www.lemis.com/grog/UNIX/ancient-source-all.pdf" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Caldera-no-preamble.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Caldera-no-preamble.json", + "referenceNumber": 630, + "name": "Caldera License (without preamble)", + "licenseId": "Caldera-no-preamble", + "seeAlso": [ + "https://github.com/apache/apr/blob/trunk/LICENSE#L298C6-L298C29" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Catharon.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Catharon.json", + "referenceNumber": 397, + "name": "Catharon License", + "licenseId": "Catharon", + "seeAlso": [ + "https://github.com/scummvm/scummvm/blob/v2.8.0/LICENSES/CatharonLicense.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CATOSL-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CATOSL-1.1.json", - "referenceNumber": 253, + "referenceNumber": 175, "name": "Computer Associates Trusted Open Source License 1.1", "licenseId": "CATOSL-1.1", - "seeAlso": ["https://opensource.org/licenses/CATOSL-1.1"], + "seeAlso": [ + "https://opensource.org/licenses/CATOSL-1.1" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/CC-BY-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-1.0.json", - "referenceNumber": 205, + "referenceNumber": 232, "name": "Creative Commons Attribution 1.0 Generic", "licenseId": "CC-BY-1.0", - "seeAlso": ["https://creativecommons.org/licenses/by/1.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by/1.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-2.0.json", - "referenceNumber": 61, + "referenceNumber": 473, "name": "Creative Commons Attribution 2.0 Generic", "licenseId": "CC-BY-2.0", - "seeAlso": ["https://creativecommons.org/licenses/by/2.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by/2.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-2.5.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-2.5.json", - "referenceNumber": 171, + "referenceNumber": 521, "name": "Creative Commons Attribution 2.5 Generic", "licenseId": "CC-BY-2.5", - "seeAlso": ["https://creativecommons.org/licenses/by/2.5/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by/2.5/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-2.5-AU.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-2.5-AU.json", - "referenceNumber": 128, + "referenceNumber": 459, "name": "Creative Commons Attribution 2.5 Australia", "licenseId": "CC-BY-2.5-AU", - "seeAlso": ["https://creativecommons.org/licenses/by/2.5/au/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by/2.5/au/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-3.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0.json", - "referenceNumber": 433, + "referenceNumber": 107, "name": "Creative Commons Attribution 3.0 Unported", "licenseId": "CC-BY-3.0", - "seeAlso": ["https://creativecommons.org/licenses/by/3.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by/3.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-3.0-AT.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-AT.json", - "referenceNumber": 7, + "referenceNumber": 130, "name": "Creative Commons Attribution 3.0 Austria", "licenseId": "CC-BY-3.0-AT", - "seeAlso": ["https://creativecommons.org/licenses/by/3.0/at/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by/3.0/at/legalcode" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/CC-BY-3.0-AU.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-AU.json", + "referenceNumber": 256, + "name": "Creative Commons Attribution 3.0 Australia", + "licenseId": "CC-BY-3.0-AU", + "seeAlso": [ + "https://creativecommons.org/licenses/by/3.0/au/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-3.0-DE.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-DE.json", - "referenceNumber": 317, + "referenceNumber": 91, "name": "Creative Commons Attribution 3.0 Germany", "licenseId": "CC-BY-3.0-DE", - "seeAlso": ["https://creativecommons.org/licenses/by/3.0/de/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by/3.0/de/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-3.0-IGO.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-IGO.json", - "referenceNumber": 141, + "referenceNumber": 213, "name": "Creative Commons Attribution 3.0 IGO", "licenseId": "CC-BY-3.0-IGO", - "seeAlso": ["https://creativecommons.org/licenses/by/3.0/igo/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by/3.0/igo/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-3.0-NL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-NL.json", - "referenceNumber": 193, + "referenceNumber": 402, "name": "Creative Commons Attribution 3.0 Netherlands", "licenseId": "CC-BY-3.0-NL", - "seeAlso": ["https://creativecommons.org/licenses/by/3.0/nl/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by/3.0/nl/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-3.0-US.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-US.json", - "referenceNumber": 156, + "referenceNumber": 275, "name": "Creative Commons Attribution 3.0 United States", "licenseId": "CC-BY-3.0-US", - "seeAlso": ["https://creativecommons.org/licenses/by/3.0/us/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by/3.0/us/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-4.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/CC-BY-4.0.json", - "referenceNumber": 499, + "referenceNumber": 494, "name": "Creative Commons Attribution 4.0 International", "licenseId": "CC-BY-4.0", - "seeAlso": ["https://creativecommons.org/licenses/by/4.0/legalcode"], - "isOsiApproved": false + "seeAlso": [ + "https://creativecommons.org/licenses/by/4.0/legalcode" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/CC-BY-NC-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-1.0.json", - "referenceNumber": 292, + "referenceNumber": 414, "name": "Creative Commons Attribution Non Commercial 1.0 Generic", "licenseId": "CC-BY-NC-1.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nc/1.0/legalcode"], - "isOsiApproved": false + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc/1.0/legalcode" + ], + "isOsiApproved": false, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-2.0.json", - "referenceNumber": 143, + "referenceNumber": 57, "name": "Creative Commons Attribution Non Commercial 2.0 Generic", "licenseId": "CC-BY-NC-2.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nc/2.0/legalcode"], - "isOsiApproved": false + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc/2.0/legalcode" + ], + "isOsiApproved": false, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-2.5.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-2.5.json", - "referenceNumber": 457, + "referenceNumber": 332, "name": "Creative Commons Attribution Non Commercial 2.5 Generic", "licenseId": "CC-BY-NC-2.5", - "seeAlso": ["https://creativecommons.org/licenses/by-nc/2.5/legalcode"], - "isOsiApproved": false + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc/2.5/legalcode" + ], + "isOsiApproved": false, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-3.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-3.0.json", - "referenceNumber": 216, + "referenceNumber": 226, "name": "Creative Commons Attribution Non Commercial 3.0 Unported", "licenseId": "CC-BY-NC-3.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nc/3.0/legalcode"], - "isOsiApproved": false + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc/3.0/legalcode" + ], + "isOsiApproved": false, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-3.0-DE.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-3.0-DE.json", - "referenceNumber": 196, + "referenceNumber": 204, "name": "Creative Commons Attribution Non Commercial 3.0 Germany", "licenseId": "CC-BY-NC-3.0-DE", - "seeAlso": ["https://creativecommons.org/licenses/by-nc/3.0/de/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc/3.0/de/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-4.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-4.0.json", - "referenceNumber": 248, + "referenceNumber": 464, "name": "Creative Commons Attribution Non Commercial 4.0 International", "licenseId": "CC-BY-NC-4.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nc/4.0/legalcode"], - "isOsiApproved": false + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc/4.0/legalcode" + ], + "isOsiApproved": false, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-ND-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-1.0.json", - "referenceNumber": 368, + "referenceNumber": 190, "name": "Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic", "licenseId": "CC-BY-NC-ND-1.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nd-nc/1.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nd-nc/1.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-ND-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-2.0.json", - "referenceNumber": 462, + "referenceNumber": 242, "name": "Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic", "licenseId": "CC-BY-NC-ND-2.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-nd/2.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-nd/2.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-ND-2.5.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-2.5.json", - "referenceNumber": 464, + "referenceNumber": 358, "name": "Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic", "licenseId": "CC-BY-NC-ND-2.5", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-nd/2.5/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-nd/2.5/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-ND-3.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-3.0.json", - "referenceNumber": 478, + "referenceNumber": 51, "name": "Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported", "licenseId": "CC-BY-NC-ND-3.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-nd/3.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-nd/3.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-DE.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-DE.json", - "referenceNumber": 384, + "referenceNumber": 676, "name": "Creative Commons Attribution Non Commercial No Derivatives 3.0 Germany", "licenseId": "CC-BY-NC-ND-3.0-DE", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-nd/3.0/de/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-nd/3.0/de/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-IGO.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-IGO.json", - "referenceNumber": 211, + "referenceNumber": 109, "name": "Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO", "licenseId": "CC-BY-NC-ND-3.0-IGO", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-nd/3.0/igo/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-nd/3.0/igo/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-ND-4.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-4.0.json", - "referenceNumber": 466, + "referenceNumber": 184, "name": "Creative Commons Attribution Non Commercial No Derivatives 4.0 International", "licenseId": "CC-BY-NC-ND-4.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-SA-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-1.0.json", - "referenceNumber": 132, + "referenceNumber": 650, "name": "Creative Commons Attribution Non Commercial Share Alike 1.0 Generic", "licenseId": "CC-BY-NC-SA-1.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-sa/1.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-sa/1.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.0.json", - "referenceNumber": 420, + "referenceNumber": 2, "name": "Creative Commons Attribution Non Commercial Share Alike 2.0 Generic", "licenseId": "CC-BY-NC-SA-2.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-sa/2.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-sa/2.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-DE.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-DE.json", - "referenceNumber": 452, + "referenceNumber": 310, "name": "Creative Commons Attribution Non Commercial Share Alike 2.0 Germany", "licenseId": "CC-BY-NC-SA-2.0-DE", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-sa/2.0/de/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-sa/2.0/de/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-FR.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-FR.json", - "referenceNumber": 29, + "referenceNumber": 264, "name": "Creative Commons Attribution-NonCommercial-ShareAlike 2.0 France", "licenseId": "CC-BY-NC-SA-2.0-FR", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-sa/2.0/fr/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-sa/2.0/fr/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-UK.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-UK.json", - "referenceNumber": 460, + "referenceNumber": 70, "name": "Creative Commons Attribution Non Commercial Share Alike 2.0 England and Wales", "licenseId": "CC-BY-NC-SA-2.0-UK", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-sa/2.0/uk/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-sa/2.0/uk/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.5.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.5.json", - "referenceNumber": 8, + "referenceNumber": 148, "name": "Creative Commons Attribution Non Commercial Share Alike 2.5 Generic", "licenseId": "CC-BY-NC-SA-2.5", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-sa/2.5/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-sa/2.5/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-SA-3.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-3.0.json", - "referenceNumber": 271, + "referenceNumber": 572, "name": "Creative Commons Attribution Non Commercial Share Alike 3.0 Unported", "licenseId": "CC-BY-NC-SA-3.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-sa/3.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-sa/3.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-DE.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-DE.json", - "referenceNumber": 504, + "referenceNumber": 625, "name": "Creative Commons Attribution Non Commercial Share Alike 3.0 Germany", "licenseId": "CC-BY-NC-SA-3.0-DE", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-sa/3.0/de/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-sa/3.0/de/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-IGO.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-IGO.json", - "referenceNumber": 14, + "referenceNumber": 239, "name": "Creative Commons Attribution Non Commercial Share Alike 3.0 IGO", "licenseId": "CC-BY-NC-SA-3.0-IGO", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-sa/3.0/igo/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-sa/3.0/igo/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-NC-SA-4.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-4.0.json", - "referenceNumber": 338, + "referenceNumber": 437, "name": "Creative Commons Attribution Non Commercial Share Alike 4.0 International", "licenseId": "CC-BY-NC-SA-4.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-ND-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-1.0.json", - "referenceNumber": 115, + "referenceNumber": 337, "name": "Creative Commons Attribution No Derivatives 1.0 Generic", "licenseId": "CC-BY-ND-1.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nd/1.0/legalcode"], - "isOsiApproved": false + "seeAlso": [ + "https://creativecommons.org/licenses/by-nd/1.0/legalcode" + ], + "isOsiApproved": false, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/CC-BY-ND-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-2.0.json", - "referenceNumber": 116, + "referenceNumber": 293, "name": "Creative Commons Attribution No Derivatives 2.0 Generic", "licenseId": "CC-BY-ND-2.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nd/2.0/legalcode"], - "isOsiApproved": false + "seeAlso": [ + "https://creativecommons.org/licenses/by-nd/2.0/legalcode" + ], + "isOsiApproved": false, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/CC-BY-ND-2.5.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-2.5.json", - "referenceNumber": 13, + "referenceNumber": 674, "name": "Creative Commons Attribution No Derivatives 2.5 Generic", "licenseId": "CC-BY-ND-2.5", - "seeAlso": ["https://creativecommons.org/licenses/by-nd/2.5/legalcode"], - "isOsiApproved": false + "seeAlso": [ + "https://creativecommons.org/licenses/by-nd/2.5/legalcode" + ], + "isOsiApproved": false, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/CC-BY-ND-3.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-3.0.json", - "referenceNumber": 31, + "referenceNumber": 616, "name": "Creative Commons Attribution No Derivatives 3.0 Unported", "licenseId": "CC-BY-ND-3.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nd/3.0/legalcode"], - "isOsiApproved": false + "seeAlso": [ + "https://creativecommons.org/licenses/by-nd/3.0/legalcode" + ], + "isOsiApproved": false, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/CC-BY-ND-3.0-DE.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-3.0-DE.json", - "referenceNumber": 322, + "referenceNumber": 386, "name": "Creative Commons Attribution No Derivatives 3.0 Germany", "licenseId": "CC-BY-ND-3.0-DE", - "seeAlso": ["https://creativecommons.org/licenses/by-nd/3.0/de/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-nd/3.0/de/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-ND-4.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-4.0.json", - "referenceNumber": 44, + "referenceNumber": 95, "name": "Creative Commons Attribution No Derivatives 4.0 International", "licenseId": "CC-BY-ND-4.0", - "seeAlso": ["https://creativecommons.org/licenses/by-nd/4.0/legalcode"], - "isOsiApproved": false + "seeAlso": [ + "https://creativecommons.org/licenses/by-nd/4.0/legalcode" + ], + "isOsiApproved": false, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/CC-BY-SA-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-1.0.json", - "referenceNumber": 71, + "referenceNumber": 595, "name": "Creative Commons Attribution Share Alike 1.0 Generic", "licenseId": "CC-BY-SA-1.0", - "seeAlso": ["https://creativecommons.org/licenses/by-sa/1.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-sa/1.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-SA-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.0.json", - "referenceNumber": 252, + "referenceNumber": 534, "name": "Creative Commons Attribution Share Alike 2.0 Generic", "licenseId": "CC-BY-SA-2.0", - "seeAlso": ["https://creativecommons.org/licenses/by-sa/2.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-sa/2.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-SA-2.0-UK.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.0-UK.json", - "referenceNumber": 72, + "referenceNumber": 267, "name": "Creative Commons Attribution Share Alike 2.0 England and Wales", "licenseId": "CC-BY-SA-2.0-UK", - "seeAlso": ["https://creativecommons.org/licenses/by-sa/2.0/uk/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-sa/2.0/uk/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-SA-2.1-JP.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.1-JP.json", - "referenceNumber": 54, + "referenceNumber": 18, "name": "Creative Commons Attribution Share Alike 2.1 Japan", "licenseId": "CC-BY-SA-2.1-JP", - "seeAlso": ["https://creativecommons.org/licenses/by-sa/2.1/jp/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-sa/2.1/jp/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-SA-2.5.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.5.json", - "referenceNumber": 378, + "referenceNumber": 617, "name": "Creative Commons Attribution Share Alike 2.5 Generic", "licenseId": "CC-BY-SA-2.5", - "seeAlso": ["https://creativecommons.org/licenses/by-sa/2.5/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-sa/2.5/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-SA-3.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-3.0.json", - "referenceNumber": 139, + "referenceNumber": 63, "name": "Creative Commons Attribution Share Alike 3.0 Unported", "licenseId": "CC-BY-SA-3.0", - "seeAlso": ["https://creativecommons.org/licenses/by-sa/3.0/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-sa/3.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-SA-3.0-AT.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-3.0-AT.json", - "referenceNumber": 189, + "referenceNumber": 532, "name": "Creative Commons Attribution Share Alike 3.0 Austria", "licenseId": "CC-BY-SA-3.0-AT", - "seeAlso": ["https://creativecommons.org/licenses/by-sa/3.0/at/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-sa/3.0/at/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-SA-3.0-DE.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-3.0-DE.json", - "referenceNumber": 385, + "referenceNumber": 182, "name": "Creative Commons Attribution Share Alike 3.0 Germany", "licenseId": "CC-BY-SA-3.0-DE", - "seeAlso": ["https://creativecommons.org/licenses/by-sa/3.0/de/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-sa/3.0/de/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-SA-3.0-IGO.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-3.0-IGO.json", - "referenceNumber": 213, + "referenceNumber": 627, "name": "Creative Commons Attribution-ShareAlike 3.0 IGO", "licenseId": "CC-BY-SA-3.0-IGO", - "seeAlso": ["https://creativecommons.org/licenses/by-sa/3.0/igo/legalcode"], + "seeAlso": [ + "https://creativecommons.org/licenses/by-sa/3.0/igo/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC-BY-SA-4.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-4.0.json", - "referenceNumber": 342, + "referenceNumber": 44, "name": "Creative Commons Attribution Share Alike 4.0 International", "licenseId": "CC-BY-SA-4.0", - "seeAlso": ["https://creativecommons.org/licenses/by-sa/4.0/legalcode"], - "isOsiApproved": false + "seeAlso": [ + "https://creativecommons.org/licenses/by-sa/4.0/legalcode" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/CC-PDDC.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CC-PDDC.json", - "referenceNumber": 240, + "referenceNumber": 602, "name": "Creative Commons Public Domain Dedication and Certification", "licenseId": "CC-PDDC", - "seeAlso": ["https://creativecommons.org/licenses/publicdomain/"], + "seeAlso": [ + "https://creativecommons.org/licenses/publicdomain/" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/CC-PDM-1.0.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/CC-PDM-1.0.json", + "referenceNumber": 565, + "name": "Creative Commons Public Domain Mark 1.0 Universal", + "licenseId": "CC-PDM-1.0", + "seeAlso": [ + "https://creativecommons.org/publicdomain/mark/1.0/", + "https://creativecommons.org/share-your-work/cclicenses/" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/CC-SA-1.0.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/CC-SA-1.0.json", + "referenceNumber": 321, + "name": "Creative Commons Share Alike 1.0 Generic", + "licenseId": "CC-SA-1.0", + "seeAlso": [ + "https://creativecommons.org/licenses/sa/1.0/legalcode" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CC0-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/CC0-1.0.json", - "referenceNumber": 279, + "referenceNumber": 111, "name": "Creative Commons Zero v1.0 Universal", "licenseId": "CC0-1.0", - "seeAlso": ["https://creativecommons.org/publicdomain/zero/1.0/legalcode"], - "isOsiApproved": false + "seeAlso": [ + "https://creativecommons.org/publicdomain/zero/1.0/legalcode" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/CDDL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/CDDL-1.0.json", - "referenceNumber": 187, + "referenceNumber": 284, "name": "Common Development and Distribution License 1.0", "licenseId": "CDDL-1.0", - "seeAlso": ["https://opensource.org/licenses/cddl1"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/cddl1" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/CDDL-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CDDL-1.1.json", - "referenceNumber": 352, + "referenceNumber": 198, "name": "Common Development and Distribution License 1.1", "licenseId": "CDDL-1.1", "seeAlso": [ @@ -1562,7 +2101,7 @@ "reference": "https://spdx.org/licenses/CDL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CDL-1.0.json", - "referenceNumber": 12, + "referenceNumber": 539, "name": "Common Documentation License 1.0", "licenseId": "CDL-1.0", "seeAlso": [ @@ -1576,94 +2115,112 @@ "reference": "https://spdx.org/licenses/CDLA-Permissive-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CDLA-Permissive-1.0.json", - "referenceNumber": 238, + "referenceNumber": 524, "name": "Community Data License Agreement Permissive 1.0", "licenseId": "CDLA-Permissive-1.0", - "seeAlso": ["https://cdla.io/permissive-1-0"], + "seeAlso": [ + "https://cdla.io/permissive-1-0" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CDLA-Permissive-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CDLA-Permissive-2.0.json", - "referenceNumber": 270, + "referenceNumber": 636, "name": "Community Data License Agreement Permissive 2.0", "licenseId": "CDLA-Permissive-2.0", - "seeAlso": ["https://cdla.dev/permissive-2-0"], + "seeAlso": [ + "https://cdla.dev/permissive-2-0" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CDLA-Sharing-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CDLA-Sharing-1.0.json", - "referenceNumber": 535, + "referenceNumber": 161, "name": "Community Data License Agreement Sharing 1.0", "licenseId": "CDLA-Sharing-1.0", - "seeAlso": ["https://cdla.io/sharing-1-0"], + "seeAlso": [ + "https://cdla.io/sharing-1-0" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CECILL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CECILL-1.0.json", - "referenceNumber": 376, + "referenceNumber": 66, "name": "CeCILL Free Software License Agreement v1.0", "licenseId": "CECILL-1.0", - "seeAlso": ["http://www.cecill.info/licences/Licence_CeCILL_V1-fr.html"], + "seeAlso": [ + "http://www.cecill.info/licences/Licence_CeCILL_V1-fr.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CECILL-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CECILL-1.1.json", - "referenceNumber": 522, + "referenceNumber": 343, "name": "CeCILL Free Software License Agreement v1.1", "licenseId": "CECILL-1.1", - "seeAlso": ["http://www.cecill.info/licences/Licence_CeCILL_V1.1-US.html"], + "seeAlso": [ + "http://www.cecill.info/licences/Licence_CeCILL_V1.1-US.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CECILL-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/CECILL-2.0.json", - "referenceNumber": 149, + "referenceNumber": 113, "name": "CeCILL Free Software License Agreement v2.0", "licenseId": "CECILL-2.0", - "seeAlso": ["http://www.cecill.info/licences/Licence_CeCILL_V2-en.html"], - "isOsiApproved": false + "seeAlso": [ + "http://www.cecill.info/licences/Licence_CeCILL_V2-en.html" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/CECILL-2.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CECILL-2.1.json", - "referenceNumber": 226, + "referenceNumber": 154, "name": "CeCILL Free Software License Agreement v2.1", "licenseId": "CECILL-2.1", - "seeAlso": ["http://www.cecill.info/licences/Licence_CeCILL_V2.1-en.html"], + "seeAlso": [ + "http://www.cecill.info/licences/Licence_CeCILL_V2.1-en.html" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/CECILL-B.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/CECILL-B.json", - "referenceNumber": 308, + "referenceNumber": 657, "name": "CeCILL-B Free Software License Agreement", "licenseId": "CECILL-B", - "seeAlso": ["http://www.cecill.info/licences/Licence_CeCILL-B_V1-en.html"], - "isOsiApproved": false + "seeAlso": [ + "http://www.cecill.info/licences/Licence_CeCILL-B_V1-en.html" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/CECILL-C.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/CECILL-C.json", - "referenceNumber": 129, + "referenceNumber": 276, "name": "CeCILL-C Free Software License Agreement", "licenseId": "CECILL-C", - "seeAlso": ["http://www.cecill.info/licences/Licence_CeCILL-C_V1-en.html"], - "isOsiApproved": false + "seeAlso": [ + "http://www.cecill.info/licences/Licence_CeCILL-C_V1-en.html" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/CERN-OHL-1.1.html", @@ -1672,192 +2229,250 @@ "referenceNumber": 348, "name": "CERN Open Hardware Licence v1.1", "licenseId": "CERN-OHL-1.1", - "seeAlso": ["https://www.ohwr.org/project/licenses/wikis/cern-ohl-v1.1"], + "seeAlso": [ + "https://www.ohwr.org/project/licenses/wikis/cern-ohl-v1.1" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CERN-OHL-1.2.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CERN-OHL-1.2.json", - "referenceNumber": 473, + "referenceNumber": 143, "name": "CERN Open Hardware Licence v1.2", "licenseId": "CERN-OHL-1.2", - "seeAlso": ["https://www.ohwr.org/project/licenses/wikis/cern-ohl-v1.2"], + "seeAlso": [ + "https://www.ohwr.org/project/licenses/wikis/cern-ohl-v1.2" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CERN-OHL-P-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CERN-OHL-P-2.0.json", - "referenceNumber": 439, + "referenceNumber": 422, "name": "CERN Open Hardware Licence Version 2 - Permissive", "licenseId": "CERN-OHL-P-2.0", - "seeAlso": ["https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2"], + "seeAlso": [ + "https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/CERN-OHL-S-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CERN-OHL-S-2.0.json", - "referenceNumber": 497, + "referenceNumber": 306, "name": "CERN Open Hardware Licence Version 2 - Strongly Reciprocal", "licenseId": "CERN-OHL-S-2.0", - "seeAlso": ["https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2"], + "seeAlso": [ + "https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/CERN-OHL-W-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CERN-OHL-W-2.0.json", - "referenceNumber": 493, + "referenceNumber": 268, "name": "CERN Open Hardware Licence Version 2 - Weakly Reciprocal", "licenseId": "CERN-OHL-W-2.0", - "seeAlso": ["https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2"], + "seeAlso": [ + "https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/CFITSIO.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CFITSIO.json", - "referenceNumber": 395, + "referenceNumber": 598, "name": "CFITSIO License", "licenseId": "CFITSIO", - "seeAlso": ["https://heasarc.gsfc.nasa.gov/docs/software/fitsio/c/f_user/node9.html"], + "seeAlso": [ + "https://heasarc.gsfc.nasa.gov/docs/software/fitsio/c/f_user/node9.html", + "https://heasarc.gsfc.nasa.gov/docs/software/ftools/fv/doc/license.html" + ], "isOsiApproved": false }, { - "reference": "https://spdx.org/licenses/checkmk.html", + "reference": "https://spdx.org/licenses/check-cvs.html", "isDeprecatedLicenseId": false, - "detailsUrl": "https://spdx.org/licenses/checkmk.json", - "referenceNumber": 475, - "name": "Checkmk License", - "licenseId": "checkmk", - "seeAlso": ["https://github.com/libcheck/check/blob/master/checkmk/checkmk.in"], - "isOsiApproved": false + "detailsUrl": "https://spdx.org/licenses/check-cvs.json", + "referenceNumber": 411, + "name": "check-cvs License", + "licenseId": "check-cvs", + "seeAlso": [ + "http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/contrib/check_cvs.in?revision\u003d1.1.4.3\u0026view\u003dmarkup\u0026pathrev\u003dcvs1-11-23#l2" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/checkmk.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/checkmk.json", + "referenceNumber": 13, + "name": "Checkmk License", + "licenseId": "checkmk", + "seeAlso": [ + "https://github.com/libcheck/check/blob/master/checkmk/checkmk.in" + ], + "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/ClArtistic.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/ClArtistic.json", - "referenceNumber": 412, + "referenceNumber": 236, "name": "Clarified Artistic License", "licenseId": "ClArtistic", "seeAlso": [ "http://gianluca.dellavedova.org/2011/01/03/clarified-artistic-license/", "http://www.ncftp.com/ncftp/doc/LICENSE.txt" ], - "isOsiApproved": false + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Clips.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Clips.json", - "referenceNumber": 28, + "referenceNumber": 392, "name": "Clips License", "licenseId": "Clips", - "seeAlso": ["https://github.com/DrItanium/maya/blob/master/LICENSE.CLIPS"], + "seeAlso": [ + "https://github.com/DrItanium/maya/blob/master/LICENSE.CLIPS" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CMU-Mach.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CMU-Mach.json", - "referenceNumber": 355, + "referenceNumber": 35, "name": "CMU Mach License", "licenseId": "CMU-Mach", - "seeAlso": ["https://www.cs.cmu.edu/~410/licenses.html"], + "seeAlso": [ + "https://www.cs.cmu.edu/~410/licenses.html" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/CMU-Mach-nodoc.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/CMU-Mach-nodoc.json", + "referenceNumber": 255, + "name": "CMU Mach - no notices-in-documentation variant", + "licenseId": "CMU-Mach-nodoc", + "seeAlso": [ + "https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L718-L728", + "https://web.mit.edu/kerberos/krb5-1.21/doc/mitK5license.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CNRI-Jython.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CNRI-Jython.json", - "referenceNumber": 491, + "referenceNumber": 270, "name": "CNRI Jython License", "licenseId": "CNRI-Jython", - "seeAlso": ["http://www.jython.org/license.html"], + "seeAlso": [ + "http://www.jython.org/license.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CNRI-Python.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CNRI-Python.json", - "referenceNumber": 120, + "referenceNumber": 287, "name": "CNRI Python License", "licenseId": "CNRI-Python", - "seeAlso": ["https://opensource.org/licenses/CNRI-Python"], + "seeAlso": [ + "https://opensource.org/licenses/CNRI-Python" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/CNRI-Python-GPL-Compatible.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CNRI-Python-GPL-Compatible.json", - "referenceNumber": 404, + "referenceNumber": 646, "name": "CNRI Python Open Source GPL Compatible License Agreement", "licenseId": "CNRI-Python-GPL-Compatible", - "seeAlso": ["http://www.python.org/download/releases/1.6.1/download_win/"], + "seeAlso": [ + "http://www.python.org/download/releases/1.6.1/download_win/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/COIL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/COIL-1.0.json", - "referenceNumber": 203, + "referenceNumber": 193, "name": "Copyfree Open Innovation License", "licenseId": "COIL-1.0", - "seeAlso": ["https://coil.apotheon.org/plaintext/01.0.txt"], + "seeAlso": [ + "https://coil.apotheon.org/plaintext/01.0.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Community-Spec-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Community-Spec-1.0.json", - "referenceNumber": 347, + "referenceNumber": 29, "name": "Community Specification License 1.0", "licenseId": "Community-Spec-1.0", - "seeAlso": ["https://github.com/CommunitySpecification/1.0/blob/master/1._Community_Specification_License-v1.md"], + "seeAlso": [ + "https://github.com/CommunitySpecification/1.0/blob/master/1._Community_Specification_License-v1.md" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Condor-1.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Condor-1.1.json", - "referenceNumber": 351, + "referenceNumber": 274, "name": "Condor Public License v1.1", "licenseId": "Condor-1.1", "seeAlso": [ "http://research.cs.wisc.edu/condor/license.html#condor", "http://web.archive.org/web/20111123062036/http://research.cs.wisc.edu/condor/license.html#condor" ], - "isOsiApproved": false + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/copyleft-next-0.3.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/copyleft-next-0.3.0.json", - "referenceNumber": 258, + "referenceNumber": 308, "name": "copyleft-next 0.3.0", "licenseId": "copyleft-next-0.3.0", - "seeAlso": ["https://github.com/copyleft-next/copyleft-next/blob/master/Releases/copyleft-next-0.3.0"], + "seeAlso": [ + "https://github.com/copyleft-next/copyleft-next/blob/master/Releases/copyleft-next-0.3.0" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/copyleft-next-0.3.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/copyleft-next-0.3.1.json", - "referenceNumber": 265, + "referenceNumber": 302, "name": "copyleft-next 0.3.1", "licenseId": "copyleft-next-0.3.1", - "seeAlso": ["https://github.com/copyleft-next/copyleft-next/blob/master/Releases/copyleft-next-0.3.1"], + "seeAlso": [ + "https://github.com/copyleft-next/copyleft-next/blob/master/Releases/copyleft-next-0.3.1" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Cornell-Lossless-JPEG.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Cornell-Lossless-JPEG.json", - "referenceNumber": 375, + "referenceNumber": 176, "name": "Cornell Lossless JPEG License", "licenseId": "Cornell-Lossless-JPEG", "seeAlso": [ @@ -1870,91 +2485,134 @@ { "reference": "https://spdx.org/licenses/CPAL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/CPAL-1.0.json", - "referenceNumber": 411, + "referenceNumber": 301, "name": "Common Public Attribution License 1.0", "licenseId": "CPAL-1.0", - "seeAlso": ["https://opensource.org/licenses/CPAL-1.0"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/CPAL-1.0" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/CPL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/CPL-1.0.json", - "referenceNumber": 488, + "referenceNumber": 41, "name": "Common Public License 1.0", "licenseId": "CPL-1.0", - "seeAlso": ["https://opensource.org/licenses/CPL-1.0"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/CPL-1.0" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/CPOL-1.02.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/CPOL-1.02.json", - "referenceNumber": 381, + "referenceNumber": 420, "name": "Code Project Open License 1.02", "licenseId": "CPOL-1.02", - "seeAlso": ["http://www.codeproject.com/info/cpol10.aspx"], + "seeAlso": [ + "http://www.codeproject.com/info/cpol10.aspx" + ], + "isOsiApproved": false, + "isFsfLibre": false + }, + { + "reference": "https://spdx.org/licenses/Cronyx.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Cronyx.json", + "referenceNumber": 335, + "name": "Cronyx License", + "licenseId": "Cronyx", + "seeAlso": [ + "https://gitlab.freedesktop.org/xorg/font/alias/-/blob/master/COPYING", + "https://gitlab.freedesktop.org/xorg/font/cronyx-cyrillic/-/blob/master/COPYING", + "https://gitlab.freedesktop.org/xorg/font/misc-cyrillic/-/blob/master/COPYING", + "https://gitlab.freedesktop.org/xorg/font/screen-cyrillic/-/blob/master/COPYING" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Crossword.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Crossword.json", - "referenceNumber": 260, + "referenceNumber": 344, "name": "Crossword License", "licenseId": "Crossword", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Crossword"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Crossword" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CrystalStacker.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CrystalStacker.json", - "referenceNumber": 105, + "referenceNumber": 31, "name": "CrystalStacker License", "licenseId": "CrystalStacker", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing:CrystalStacker?rd=Licensing/CrystalStacker"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing:CrystalStacker?rd\u003dLicensing/CrystalStacker" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/CUA-OPL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/CUA-OPL-1.0.json", - "referenceNumber": 108, + "referenceNumber": 151, "name": "CUA Office Public License v1.0", "licenseId": "CUA-OPL-1.0", - "seeAlso": ["https://opensource.org/licenses/CUA-OPL-1.0"], + "seeAlso": [ + "https://opensource.org/licenses/CUA-OPL-1.0" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/Cube.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Cube.json", - "referenceNumber": 182, + "referenceNumber": 103, "name": "Cube License", "licenseId": "Cube", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Cube"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Cube" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/curl.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/curl.json", - "referenceNumber": 332, + "referenceNumber": 587, "name": "curl License", "licenseId": "curl", - "seeAlso": ["https://github.com/bagder/curl/blob/master/COPYING"], + "seeAlso": [ + "https://github.com/bagder/curl/blob/master/COPYING" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/cve-tou.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/cve-tou.json", + "referenceNumber": 15, + "name": "Common Vulnerability Enumeration ToU License", + "licenseId": "cve-tou", + "seeAlso": [ + "https://www.cve.org/Legal/TermsOfUse" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/D-FSL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/D-FSL-1.0.json", - "referenceNumber": 337, + "referenceNumber": 265, "name": "Deutsche Freie Software Lizenz", "licenseId": "D-FSL-1.0", "seeAlso": [ @@ -1969,31 +2627,59 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/DEC-3-Clause.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/DEC-3-Clause.json", + "referenceNumber": 460, + "name": "DEC 3-Clause License", + "licenseId": "DEC-3-Clause", + "seeAlso": [ + "https://gitlab.freedesktop.org/xorg/xserver/-/blob/master/COPYING?ref_type\u003dheads#L239" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/diffmark.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/diffmark.json", - "referenceNumber": 302, + "referenceNumber": 277, "name": "diffmark license", "licenseId": "diffmark", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/diffmark"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/diffmark" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/DL-DE-BY-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/DL-DE-BY-2.0.json", - "referenceNumber": 93, - "name": "Data licence Germany \u2013 attribution \u2013 version 2.0", + "referenceNumber": 141, + "name": "Data licence Germany – attribution – version 2.0", "licenseId": "DL-DE-BY-2.0", - "seeAlso": ["https://www.govdata.de/dl-de/by-2-0"], + "seeAlso": [ + "https://www.govdata.de/dl-de/by-2-0" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/DL-DE-ZERO-2.0.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/DL-DE-ZERO-2.0.json", + "referenceNumber": 470, + "name": "Data licence Germany – zero – version 2.0", + "licenseId": "DL-DE-ZERO-2.0", + "seeAlso": [ + "https://www.govdata.de/dl-de/zero-2-0" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/DOC.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/DOC.json", - "referenceNumber": 262, + "referenceNumber": 177, "name": "DOC License", "licenseId": "DOC", "seeAlso": [ @@ -2002,93 +2688,158 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/DocBook-Schema.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/DocBook-Schema.json", + "referenceNumber": 305, + "name": "DocBook Schema License", + "licenseId": "DocBook-Schema", + "seeAlso": [ + "https://github.com/docbook/xslt10-stylesheets/blob/efd62655c11cc8773708df7a843613fa1e932bf8/xsl/assembly/schema/docbook51b7.rnc" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/DocBook-Stylesheet.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/DocBook-Stylesheet.json", + "referenceNumber": 250, + "name": "DocBook Stylesheet License", + "licenseId": "DocBook-Stylesheet", + "seeAlso": [ + "http://www.docbook.org/xml/5.0/docbook-5.0.zip" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/DocBook-XML.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/DocBook-XML.json", + "referenceNumber": 221, + "name": "DocBook XML License", + "licenseId": "DocBook-XML", + "seeAlso": [ + "https://github.com/docbook/xslt10-stylesheets/blob/efd62655c11cc8773708df7a843613fa1e932bf8/xsl/COPYING#L27" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/Dotseqn.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Dotseqn.json", - "referenceNumber": 95, + "referenceNumber": 456, "name": "Dotseqn License", "licenseId": "Dotseqn", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Dotseqn"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Dotseqn" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/DRL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/DRL-1.0.json", - "referenceNumber": 325, + "referenceNumber": 331, "name": "Detection Rule License 1.0", "licenseId": "DRL-1.0", - "seeAlso": ["https://github.com/Neo23x0/sigma/blob/master/LICENSE.Detection.Rules.md"], + "seeAlso": [ + "https://github.com/Neo23x0/sigma/blob/master/LICENSE.Detection.Rules.md" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/DRL-1.1.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/DRL-1.1.json", + "referenceNumber": 632, + "name": "Detection Rule License 1.1", + "licenseId": "DRL-1.1", + "seeAlso": [ + "https://github.com/SigmaHQ/Detection-Rule-License/blob/6ec7fbde6101d101b5b5d1fcb8f9b69fbc76c04a/LICENSE.Detection.Rules.md" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/DSDP.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/DSDP.json", - "referenceNumber": 379, + "referenceNumber": 0, "name": "DSDP License", "licenseId": "DSDP", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/DSDP"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/DSDP" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/dtoa.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/dtoa.json", - "referenceNumber": 144, + "referenceNumber": 124, "name": "David M. Gay dtoa License", "licenseId": "dtoa", - "seeAlso": ["https://github.com/SWI-Prolog/swipl-devel/blob/master/src/os/dtoa.c"], + "seeAlso": [ + "https://github.com/SWI-Prolog/swipl-devel/blob/master/src/os/dtoa.c", + "https://sourceware.org/git/?p\u003dnewlib-cygwin.git;a\u003dblob;f\u003dnewlib/libc/stdlib/mprec.h;hb\u003dHEAD" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/dvipdfm.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/dvipdfm.json", - "referenceNumber": 289, + "referenceNumber": 299, "name": "dvipdfm License", "licenseId": "dvipdfm", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/dvipdfm"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/dvipdfm" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/ECL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/ECL-1.0.json", - "referenceNumber": 242, + "referenceNumber": 38, "name": "Educational Community License v1.0", "licenseId": "ECL-1.0", - "seeAlso": ["https://opensource.org/licenses/ECL-1.0"], + "seeAlso": [ + "https://opensource.org/licenses/ECL-1.0" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/ECL-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/ECL-2.0.json", - "referenceNumber": 246, + "referenceNumber": 174, "name": "Educational Community License v2.0", "licenseId": "ECL-2.0", - "seeAlso": ["https://opensource.org/licenses/ECL-2.0"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/ECL-2.0" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/eCos-2.0.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/eCos-2.0.json", - "referenceNumber": 40, + "referenceNumber": 8, "name": "eCos license version 2.0", "licenseId": "eCos-2.0", - "seeAlso": ["https://www.gnu.org/licenses/ecos-license.html"], - "isOsiApproved": false + "seeAlso": [ + "https://www.gnu.org/licenses/ecos-license.html" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/EFL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/EFL-1.0.json", - "referenceNumber": 485, + "referenceNumber": 201, "name": "Eiffel Forum License v1.0", "licenseId": "EFL-1.0", "seeAlso": [ @@ -2100,22 +2851,22 @@ { "reference": "https://spdx.org/licenses/EFL-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/EFL-2.0.json", - "referenceNumber": 437, + "referenceNumber": 525, "name": "Eiffel Forum License v2.0", "licenseId": "EFL-2.0", "seeAlso": [ "http://www.eiffel-nice.org/license/eiffel-forum-license-2.html", "https://opensource.org/licenses/EFL-2.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/eGenix.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/eGenix.json", - "referenceNumber": 170, + "referenceNumber": 134, "name": "eGenix.com Public License 1.1.0", "licenseId": "eGenix", "seeAlso": [ @@ -2128,7 +2879,7 @@ "reference": "https://spdx.org/licenses/Elastic-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Elastic-2.0.json", - "referenceNumber": 547, + "referenceNumber": 40, "name": "Elastic License 2.0", "licenseId": "Elastic-2.0", "seeAlso": [ @@ -2141,65 +2892,71 @@ "reference": "https://spdx.org/licenses/Entessa.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Entessa.json", - "referenceNumber": 89, + "referenceNumber": 202, "name": "Entessa Public License v1.0", "licenseId": "Entessa", - "seeAlso": ["https://opensource.org/licenses/Entessa"], + "seeAlso": [ + "https://opensource.org/licenses/Entessa" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/EPICS.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/EPICS.json", - "referenceNumber": 508, + "referenceNumber": 165, "name": "EPICS Open License", "licenseId": "EPICS", - "seeAlso": ["https://epics.anl.gov/license/open.php"], + "seeAlso": [ + "https://epics.anl.gov/license/open.php" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/EPL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/EPL-1.0.json", - "referenceNumber": 388, + "referenceNumber": 89, "name": "Eclipse Public License 1.0", "licenseId": "EPL-1.0", "seeAlso": [ "http://www.eclipse.org/legal/epl-v10.html", "https://opensource.org/licenses/EPL-1.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/EPL-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/EPL-2.0.json", - "referenceNumber": 114, + "referenceNumber": 378, "name": "Eclipse Public License 2.0", "licenseId": "EPL-2.0", "seeAlso": [ "https://www.eclipse.org/legal/epl-2.0", "https://www.opensource.org/licenses/EPL-2.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/ErlPL-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/ErlPL-1.1.json", - "referenceNumber": 228, + "referenceNumber": 590, "name": "Erlang Public License v1.1", "licenseId": "ErlPL-1.1", - "seeAlso": ["http://www.erlang.org/EPLICENSE"], + "seeAlso": [ + "http://www.erlang.org/EPLICENSE" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/etalab-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/etalab-2.0.json", - "referenceNumber": 273, + "referenceNumber": 596, "name": "Etalab Open License 2.0", "licenseId": "etalab-2.0", "seeAlso": [ @@ -2211,36 +2968,35 @@ { "reference": "https://spdx.org/licenses/EUDatagrid.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/EUDatagrid.json", - "referenceNumber": 30, + "referenceNumber": 119, "name": "EU DataGrid Software License", "licenseId": "EUDatagrid", "seeAlso": [ "http://eu-datagrid.web.cern.ch/eu-datagrid/license.html", "https://opensource.org/licenses/EUDatagrid" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/EUPL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/EUPL-1.0.json", - "referenceNumber": 361, + "referenceNumber": 187, "name": "European Union Public License 1.0", "licenseId": "EUPL-1.0", "seeAlso": [ "http://ec.europa.eu/idabc/en/document/7330.html", - "http://ec.europa.eu/idabc/servlets/Doc027f.pdf?id=31096" + "http://ec.europa.eu/idabc/servlets/Doc027f.pdf?id\u003d31096" ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/EUPL-1.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/EUPL-1.1.json", - "referenceNumber": 109, + "referenceNumber": 474, "name": "European Union Public License 1.1", "licenseId": "EUPL-1.1", "seeAlso": [ @@ -2248,14 +3004,14 @@ "https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/eupl1.1.-licence-en_0.pdf", "https://opensource.org/licenses/EUPL-1.1" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/EUPL-1.2.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/EUPL-1.2.json", - "referenceNumber": 166, + "referenceNumber": 398, "name": "European Union Public License 1.2", "licenseId": "EUPL-1.2", "seeAlso": [ @@ -2263,39 +3019,54 @@ "https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/eupl_v1.2_en.pdf", "https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%20EN.txt", "https://joinup.ec.europa.eu/sites/default/files/inline-files/EUPL%20v1_2%20EN(1).txt", - "http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32017D0863", + "http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri\u003dCELEX:32017D0863", "https://opensource.org/licenses/EUPL-1.2" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Eurosym.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Eurosym.json", - "referenceNumber": 49, + "referenceNumber": 319, "name": "Eurosym License", "licenseId": "Eurosym", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Eurosym"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Eurosym" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Fair.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Fair.json", - "referenceNumber": 436, + "referenceNumber": 245, "name": "Fair License", "licenseId": "Fair", "seeAlso": [ - "http://fairlicense.org/", + "https://web.archive.org/web/20150926120323/http://fairlicense.org/", "https://opensource.org/licenses/Fair" ], "isOsiApproved": true }, + { + "reference": "https://spdx.org/licenses/FBM.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/FBM.json", + "referenceNumber": 235, + "name": "Fuzzy Bitmap License", + "licenseId": "FBM", + "seeAlso": [ + "https://github.com/SWI-Prolog/packages-xpce/blob/161a40cd82004f731ba48024f9d30af388a7edf5/src/img/gifwrite.c#L21-L26" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/FDK-AAC.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/FDK-AAC.json", - "referenceNumber": 159, + "referenceNumber": 294, "name": "Fraunhofer FDK AAC Codec Library", "licenseId": "FDK-AAC", "seeAlso": [ @@ -2305,82 +3076,119 @@ "isOsiApproved": false }, { - "reference": "https://spdx.org/licenses/Frameworx-1.0.html", + "reference": "https://spdx.org/licenses/Ferguson-Twofish.html", "isDeprecatedLicenseId": false, - "detailsUrl": "https://spdx.org/licenses/Frameworx-1.0.json", - "referenceNumber": 207, - "name": "Frameworx Open License 1.0", - "licenseId": "Frameworx-1.0", - "seeAlso": ["https://opensource.org/licenses/Frameworx-1.0"], + "detailsUrl": "https://spdx.org/licenses/Ferguson-Twofish.json", + "referenceNumber": 338, + "name": "Ferguson Twofish License", + "licenseId": "Ferguson-Twofish", + "seeAlso": [ + "https://github.com/wernerd/ZRTPCPP/blob/6b3cd8e6783642292bad0c21e3e5e5ce45ff3e03/cryptcommon/twofish.c#L113C3-L127" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Frameworx-1.0.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Frameworx-1.0.json", + "referenceNumber": 229, + "name": "Frameworx Open License 1.0", + "licenseId": "Frameworx-1.0", + "seeAlso": [ + "https://opensource.org/licenses/Frameworx-1.0" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/FreeBSD-DOC.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/FreeBSD-DOC.json", - "referenceNumber": 168, + "referenceNumber": 254, "name": "FreeBSD Documentation License", "licenseId": "FreeBSD-DOC", - "seeAlso": ["https://www.freebsd.org/copyright/freebsd-doc-license/"], + "seeAlso": [ + "https://www.freebsd.org/copyright/freebsd-doc-license/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/FreeImage.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/FreeImage.json", - "referenceNumber": 533, + "referenceNumber": 260, "name": "FreeImage Public License v1.0", "licenseId": "FreeImage", - "seeAlso": ["http://freeimage.sourceforge.net/freeimage-license.txt"], + "seeAlso": [ + "http://freeimage.sourceforge.net/freeimage-license.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/FSFAP.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/FSFAP.json", - "referenceNumber": 340, + "referenceNumber": 116, "name": "FSF All Permissive License", "licenseId": "FSFAP", - "seeAlso": ["https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html"], + "seeAlso": [ + "https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html" + ], + "isOsiApproved": false, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/FSFAP-no-warranty-disclaimer.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/FSFAP-no-warranty-disclaimer.json", + "referenceNumber": 579, + "name": "FSF All Permissive License (without Warranty)", + "licenseId": "FSFAP-no-warranty-disclaimer", + "seeAlso": [ + "https://git.savannah.gnu.org/cgit/wget.git/tree/util/trunc.c?h\u003dv1.21.3\u0026id\u003d40747a11e44ced5a8ac628a41f879ced3e2ebce9#n6" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/FSFUL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/FSFUL.json", - "referenceNumber": 393, + "referenceNumber": 578, "name": "FSF Unlimited License", "licenseId": "FSFUL", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/FSF_Unlimited_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/FSF_Unlimited_License" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/FSFULLR.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/FSFULLR.json", - "referenceNumber": 528, + "referenceNumber": 52, "name": "FSF Unlimited License (with License Retention)", "licenseId": "FSFULLR", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/FSF_Unlimited_License#License_Retention_Variant"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/FSF_Unlimited_License#License_Retention_Variant" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/FSFULLRWD.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/FSFULLRWD.json", - "referenceNumber": 512, + "referenceNumber": 199, "name": "FSF Unlimited License (With License Retention and Warranty Disclaimer)", "licenseId": "FSFULLRWD", - "seeAlso": ["https://lists.gnu.org/archive/html/autoconf/2012-04/msg00061.html"], + "seeAlso": [ + "https://lists.gnu.org/archive/html/autoconf/2012-04/msg00061.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/FTL.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/FTL.json", - "referenceNumber": 209, + "referenceNumber": 304, "name": "Freetype Project License", "licenseId": "FTL", "seeAlso": [ @@ -2388,555 +3196,738 @@ "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/FTL.TXT", "http://gitlab.freedesktop.org/freetype/freetype/-/raw/master/docs/FTL.TXT" ], + "isOsiApproved": false, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/Furuseth.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Furuseth.json", + "referenceNumber": 563, + "name": "Furuseth License", + "licenseId": "Furuseth", + "seeAlso": [ + "https://git.openldap.org/openldap/openldap/-/blob/master/COPYRIGHT?ref_type\u003dheads#L39-51" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/fwlw.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/fwlw.json", + "referenceNumber": 81, + "name": "fwlw License", + "licenseId": "fwlw", + "seeAlso": [ + "https://mirrors.nic.cz/tex-archive/macros/latex/contrib/fwlw/README" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/GCR-docs.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/GCR-docs.json", + "referenceNumber": 135, + "name": "Gnome GCR Documentation License", + "licenseId": "GCR-docs", + "seeAlso": [ + "https://github.com/GNOME/gcr/blob/master/docs/COPYING" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GD.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GD.json", - "referenceNumber": 294, + "referenceNumber": 333, "name": "GD License", "licenseId": "GD", - "seeAlso": ["https://libgd.github.io/manuals/2.3.0/files/license-txt.html"], + "seeAlso": [ + "https://libgd.github.io/manuals/2.3.0/files/license-txt.html" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/generic-xts.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/generic-xts.json", + "referenceNumber": 476, + "name": "Generic XTS License", + "licenseId": "generic-xts", + "seeAlso": [ + "https://github.com/mhogomchungu/zuluCrypt/blob/master/external_libraries/tcplay/generic_xts.c" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GFDL-1.1.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GFDL-1.1.json", - "referenceNumber": 59, + "referenceNumber": 279, "name": "GNU Free Documentation License v1.1", "licenseId": "GFDL-1.1", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"], - "isOsiApproved": false + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GFDL-1.1-invariants-only.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-invariants-only.json", - "referenceNumber": 521, + "referenceNumber": 452, "name": "GNU Free Documentation License v1.1 only - invariants", "licenseId": "GFDL-1.1-invariants-only", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GFDL-1.1-invariants-or-later.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-invariants-or-later.json", - "referenceNumber": 275, + "referenceNumber": 153, "name": "GNU Free Documentation License v1.1 or later - invariants", "licenseId": "GFDL-1.1-invariants-or-later", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GFDL-1.1-no-invariants-only.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-no-invariants-only.json", - "referenceNumber": 124, + "referenceNumber": 215, "name": "GNU Free Documentation License v1.1 only - no invariants", "licenseId": "GFDL-1.1-no-invariants-only", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GFDL-1.1-no-invariants-or-later.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-no-invariants-or-later.json", - "referenceNumber": 391, + "referenceNumber": 626, "name": "GNU Free Documentation License v1.1 or later - no invariants", "licenseId": "GFDL-1.1-no-invariants-or-later", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GFDL-1.1-only.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-only.json", - "referenceNumber": 11, + "referenceNumber": 610, "name": "GNU Free Documentation License v1.1 only", "licenseId": "GFDL-1.1-only", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"], - "isOsiApproved": false + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GFDL-1.1-or-later.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-or-later.json", - "referenceNumber": 197, + "referenceNumber": 162, "name": "GNU Free Documentation License v1.1 or later", "licenseId": "GFDL-1.1-or-later", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"], - "isOsiApproved": false + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GFDL-1.2.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GFDL-1.2.json", - "referenceNumber": 188, + "referenceNumber": 643, "name": "GNU Free Documentation License v1.2", "licenseId": "GFDL-1.2", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"], - "isOsiApproved": false + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GFDL-1.2-invariants-only.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-invariants-only.json", - "referenceNumber": 194, + "referenceNumber": 200, "name": "GNU Free Documentation License v1.2 only - invariants", "licenseId": "GFDL-1.2-invariants-only", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GFDL-1.2-invariants-or-later.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-invariants-or-later.json", - "referenceNumber": 313, + "referenceNumber": 357, "name": "GNU Free Documentation License v1.2 or later - invariants", "licenseId": "GFDL-1.2-invariants-or-later", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GFDL-1.2-no-invariants-only.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-no-invariants-only.json", - "referenceNumber": 427, + "referenceNumber": 42, "name": "GNU Free Documentation License v1.2 only - no invariants", "licenseId": "GFDL-1.2-no-invariants-only", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GFDL-1.2-no-invariants-or-later.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-no-invariants-or-later.json", - "referenceNumber": 285, + "referenceNumber": 329, "name": "GNU Free Documentation License v1.2 or later - no invariants", "licenseId": "GFDL-1.2-no-invariants-or-later", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GFDL-1.2-only.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-only.json", - "referenceNumber": 244, + "referenceNumber": 663, "name": "GNU Free Documentation License v1.2 only", "licenseId": "GFDL-1.2-only", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"], - "isOsiApproved": false + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GFDL-1.2-or-later.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-or-later.json", - "referenceNumber": 349, + "referenceNumber": 436, "name": "GNU Free Documentation License v1.2 or later", "licenseId": "GFDL-1.2-or-later", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"], - "isOsiApproved": false + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GFDL-1.3.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GFDL-1.3.json", - "referenceNumber": 435, + "referenceNumber": 379, "name": "GNU Free Documentation License v1.3", "licenseId": "GFDL-1.3", - "seeAlso": ["https://www.gnu.org/licenses/fdl-1.3.txt"], - "isOsiApproved": false + "seeAlso": [ + "https://www.gnu.org/licenses/fdl-1.3.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GFDL-1.3-invariants-only.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-invariants-only.json", - "referenceNumber": 37, + "referenceNumber": 555, "name": "GNU Free Documentation License v1.3 only - invariants", "licenseId": "GFDL-1.3-invariants-only", - "seeAlso": ["https://www.gnu.org/licenses/fdl-1.3.txt"], + "seeAlso": [ + "https://www.gnu.org/licenses/fdl-1.3.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GFDL-1.3-invariants-or-later.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-invariants-or-later.json", - "referenceNumber": 406, + "referenceNumber": 504, "name": "GNU Free Documentation License v1.3 or later - invariants", "licenseId": "GFDL-1.3-invariants-or-later", - "seeAlso": ["https://www.gnu.org/licenses/fdl-1.3.txt"], + "seeAlso": [ + "https://www.gnu.org/licenses/fdl-1.3.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GFDL-1.3-no-invariants-only.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-no-invariants-only.json", - "referenceNumber": 249, + "referenceNumber": 5, "name": "GNU Free Documentation License v1.3 only - no invariants", "licenseId": "GFDL-1.3-no-invariants-only", - "seeAlso": ["https://www.gnu.org/licenses/fdl-1.3.txt"], + "seeAlso": [ + "https://www.gnu.org/licenses/fdl-1.3.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GFDL-1.3-no-invariants-or-later.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-no-invariants-or-later.json", - "referenceNumber": 523, + "referenceNumber": 528, "name": "GNU Free Documentation License v1.3 or later - no invariants", "licenseId": "GFDL-1.3-no-invariants-or-later", - "seeAlso": ["https://www.gnu.org/licenses/fdl-1.3.txt"], + "seeAlso": [ + "https://www.gnu.org/licenses/fdl-1.3.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GFDL-1.3-only.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-only.json", - "referenceNumber": 283, + "referenceNumber": 311, "name": "GNU Free Documentation License v1.3 only", "licenseId": "GFDL-1.3-only", - "seeAlso": ["https://www.gnu.org/licenses/fdl-1.3.txt"], - "isOsiApproved": false + "seeAlso": [ + "https://www.gnu.org/licenses/fdl-1.3.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GFDL-1.3-or-later.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-or-later.json", - "referenceNumber": 336, + "referenceNumber": 142, "name": "GNU Free Documentation License v1.3 or later", "licenseId": "GFDL-1.3-or-later", - "seeAlso": ["https://www.gnu.org/licenses/fdl-1.3.txt"], - "isOsiApproved": false + "seeAlso": [ + "https://www.gnu.org/licenses/fdl-1.3.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Giftware.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Giftware.json", - "referenceNumber": 329, + "referenceNumber": 656, "name": "Giftware License", "licenseId": "Giftware", - "seeAlso": ["http://liballeg.org/license.html#allegro-4-the-giftware-license"], + "seeAlso": [ + "http://liballeg.org/license.html#allegro-4-the-giftware-license" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GL2PS.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GL2PS.json", - "referenceNumber": 461, + "referenceNumber": 639, "name": "GL2PS License", "licenseId": "GL2PS", - "seeAlso": ["http://www.geuz.org/gl2ps/COPYING.GL2PS"], + "seeAlso": [ + "http://www.geuz.org/gl2ps/COPYING.GL2PS" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Glide.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Glide.json", - "referenceNumber": 353, + "referenceNumber": 203, "name": "3dfx Glide License", "licenseId": "Glide", - "seeAlso": ["http://www.users.on.net/~triforce/glidexp/COPYING.txt"], + "seeAlso": [ + "http://www.users.on.net/~triforce/glidexp/COPYING.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Glulxe.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Glulxe.json", - "referenceNumber": 530, + "referenceNumber": 483, "name": "Glulxe License", "licenseId": "Glulxe", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Glulxe"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Glulxe" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GLWTPL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GLWTPL.json", - "referenceNumber": 318, + "referenceNumber": 9, "name": "Good Luck With That Public License", "licenseId": "GLWTPL", - "seeAlso": ["https://github.com/me-shaon/GLWTPL/commit/da5f6bc734095efbacb442c0b31e33a65b9d6e85"], + "seeAlso": [ + "https://github.com/me-shaon/GLWTPL/commit/da5f6bc734095efbacb442c0b31e33a65b9d6e85" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/gnuplot.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/gnuplot.json", - "referenceNumber": 455, + "referenceNumber": 389, "name": "gnuplot License", "licenseId": "gnuplot", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Gnuplot"], - "isOsiApproved": false + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Gnuplot" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GPL-1.0.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/GPL-1.0.json", - "referenceNumber": 212, + "referenceNumber": 227, "name": "GNU General Public License v1.0 only", "licenseId": "GPL-1.0", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GPL-1.0+.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/GPL-1.0+.json", - "referenceNumber": 219, + "referenceNumber": 297, "name": "GNU General Public License v1.0 or later", "licenseId": "GPL-1.0+", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GPL-1.0-only.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GPL-1.0-only.json", - "referenceNumber": 235, + "referenceNumber": 353, "name": "GNU General Public License v1.0 only", "licenseId": "GPL-1.0-only", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GPL-1.0-or-later.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/GPL-1.0-or-later.json", - "referenceNumber": 85, + "referenceNumber": 376, "name": "GNU General Public License v1.0 or later", "licenseId": "GPL-1.0-or-later", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GPL-2.0.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GPL-2.0.json", - "referenceNumber": 1, + "referenceNumber": 188, "name": "GNU General Public License v2.0 only", "licenseId": "GPL-2.0", "seeAlso": [ "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", "https://opensource.org/licenses/GPL-2.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GPL-2.0+.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GPL-2.0+.json", - "referenceNumber": 509, + "referenceNumber": 600, "name": "GNU General Public License v2.0 or later", "licenseId": "GPL-2.0+", "seeAlso": [ "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", "https://opensource.org/licenses/GPL-2.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GPL-2.0-only.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GPL-2.0-only.json", - "referenceNumber": 438, + "referenceNumber": 172, "name": "GNU General Public License v2.0 only", "licenseId": "GPL-2.0-only", "seeAlso": [ "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", + "https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt", "https://opensource.org/licenses/GPL-2.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GPL-2.0-or-later.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GPL-2.0-or-later.json", - "referenceNumber": 17, + "referenceNumber": 424, "name": "GNU General Public License v2.0 or later", "licenseId": "GPL-2.0-or-later", "seeAlso": [ "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", "https://opensource.org/licenses/GPL-2.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GPL-2.0-with-autoconf-exception.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-autoconf-exception.json", - "referenceNumber": 296, + "referenceNumber": 629, "name": "GNU General Public License v2.0 w/Autoconf exception", "licenseId": "GPL-2.0-with-autoconf-exception", - "seeAlso": ["http://ac-archive.sourceforge.net/doc/copyright.html"], + "seeAlso": [ + "http://ac-archive.sourceforge.net/doc/copyright.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GPL-2.0-with-bison-exception.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-bison-exception.json", - "referenceNumber": 68, + "referenceNumber": 37, "name": "GNU General Public License v2.0 w/Bison exception", "licenseId": "GPL-2.0-with-bison-exception", - "seeAlso": ["http://git.savannah.gnu.org/cgit/bison.git/tree/data/yacc.c?id=193d7c7054ba7197b0789e14965b739162319b5e#n141"], + "seeAlso": [ + "http://git.savannah.gnu.org/cgit/bison.git/tree/data/yacc.c?id\u003d193d7c7054ba7197b0789e14965b739162319b5e#n141" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GPL-2.0-with-classpath-exception.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-classpath-exception.json", - "referenceNumber": 261, + "referenceNumber": 410, "name": "GNU General Public License v2.0 w/Classpath exception", "licenseId": "GPL-2.0-with-classpath-exception", - "seeAlso": ["https://www.gnu.org/software/classpath/license.html"], + "seeAlso": [ + "https://www.gnu.org/software/classpath/license.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GPL-2.0-with-font-exception.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-font-exception.json", - "referenceNumber": 87, + "referenceNumber": 548, "name": "GNU General Public License v2.0 w/Font exception", "licenseId": "GPL-2.0-with-font-exception", - "seeAlso": ["https://www.gnu.org/licenses/gpl-faq.html#FontException"], + "seeAlso": [ + "https://www.gnu.org/licenses/gpl-faq.html#FontException" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GPL-2.0-with-GCC-exception.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-GCC-exception.json", - "referenceNumber": 468, + "referenceNumber": 492, "name": "GNU General Public License v2.0 w/GCC Runtime Library exception", "licenseId": "GPL-2.0-with-GCC-exception", - "seeAlso": ["https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=gcc/libgcc1.c;h=762f5143fc6eed57b6797c82710f3538aa52b40b;hb=cb143a3ce4fb417c68f5fa2691a1b1b1053dfba9#l10"], + "seeAlso": [ + "https://gcc.gnu.org/git/?p\u003dgcc.git;a\u003dblob;f\u003dgcc/libgcc1.c;h\u003d762f5143fc6eed57b6797c82710f3538aa52b40b;hb\u003dcb143a3ce4fb417c68f5fa2691a1b1b1053dfba9#l10" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GPL-3.0.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GPL-3.0.json", - "referenceNumber": 55, + "referenceNumber": 671, "name": "GNU General Public License v3.0 only", "licenseId": "GPL-3.0", "seeAlso": [ "https://www.gnu.org/licenses/gpl-3.0-standalone.html", "https://opensource.org/licenses/GPL-3.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GPL-3.0+.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GPL-3.0+.json", - "referenceNumber": 146, + "referenceNumber": 501, "name": "GNU General Public License v3.0 or later", "licenseId": "GPL-3.0+", "seeAlso": [ "https://www.gnu.org/licenses/gpl-3.0-standalone.html", "https://opensource.org/licenses/GPL-3.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GPL-3.0-only.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GPL-3.0-only.json", - "referenceNumber": 174, + "referenceNumber": 584, "name": "GNU General Public License v3.0 only", "licenseId": "GPL-3.0-only", "seeAlso": [ "https://www.gnu.org/licenses/gpl-3.0-standalone.html", "https://opensource.org/licenses/GPL-3.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GPL-3.0-or-later.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/GPL-3.0-or-later.json", - "referenceNumber": 425, + "referenceNumber": 448, "name": "GNU General Public License v3.0 or later", "licenseId": "GPL-3.0-or-later", "seeAlso": [ "https://www.gnu.org/licenses/gpl-3.0-standalone.html", "https://opensource.org/licenses/GPL-3.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/GPL-3.0-with-autoconf-exception.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/GPL-3.0-with-autoconf-exception.json", - "referenceNumber": 484, + "referenceNumber": 659, "name": "GNU General Public License v3.0 w/Autoconf exception", "licenseId": "GPL-3.0-with-autoconf-exception", - "seeAlso": ["https://www.gnu.org/licenses/autoconf-exception-3.0.html"], + "seeAlso": [ + "https://www.gnu.org/licenses/autoconf-exception-3.0.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/GPL-3.0-with-GCC-exception.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/GPL-3.0-with-GCC-exception.json", - "referenceNumber": 446, + "referenceNumber": 173, "name": "GNU General Public License v3.0 w/GCC Runtime Library exception", "licenseId": "GPL-3.0-with-GCC-exception", - "seeAlso": ["https://www.gnu.org/licenses/gcc-exception-3.1.html"], + "seeAlso": [ + "https://www.gnu.org/licenses/gcc-exception-3.1.html" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/Graphics-Gems.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Graphics-Gems.json", - "referenceNumber": 315, + "referenceNumber": 55, "name": "Graphics Gems License", "licenseId": "Graphics-Gems", - "seeAlso": ["https://github.com/erich666/GraphicsGems/blob/master/LICENSE.md"], + "seeAlso": [ + "https://github.com/erich666/GraphicsGems/blob/master/LICENSE.md" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/gSOAP-1.3b.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/gSOAP-1.3b.json", - "referenceNumber": 556, + "referenceNumber": 315, "name": "gSOAP Public License v1.3b", "licenseId": "gSOAP-1.3b", - "seeAlso": ["http://www.cs.fsu.edu/~engelen/license.html"], - "isOsiApproved": false + "seeAlso": [ + "http://www.cs.fsu.edu/~engelen/license.html" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/gtkbook.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/gtkbook.json", + "referenceNumber": 361, + "name": "gtkbook License", + "licenseId": "gtkbook", + "seeAlso": [ + "https://github.com/slogan621/gtkbook", + "https://github.com/oetiker/rrdtool-1.x/blob/master/src/plbasename.c#L8-L11" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Gutmann.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Gutmann.json", + "referenceNumber": 146, + "name": "Gutmann License", + "licenseId": "Gutmann", + "seeAlso": [ + "https://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c" + ], + "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/HaskellReport.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/HaskellReport.json", - "referenceNumber": 135, + "referenceNumber": 592, "name": "Haskell Language Report License", "licenseId": "HaskellReport", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Haskell_Language_Report_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Haskell_Language_Report_License" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/hdparm.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/hdparm.json", + "referenceNumber": 139, + "name": "hdparm License", + "licenseId": "hdparm", + "seeAlso": [ + "https://github.com/Distrotech/hdparm/blob/4517550db29a91420fb2b020349523b1b4512df2/LICENSE.TXT" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HIDAPI.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HIDAPI.json", + "referenceNumber": 637, + "name": "HIDAPI License", + "licenseId": "HIDAPI", + "seeAlso": [ + "https://github.com/signal11/hidapi/blob/master/LICENSE-orig.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Hippocratic-2.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Hippocratic-2.1.json", - "referenceNumber": 5, + "referenceNumber": 282, "name": "Hippocratic License 2.1", "licenseId": "Hippocratic-2.1", "seeAlso": [ @@ -2949,43 +3940,258 @@ "reference": "https://spdx.org/licenses/HP-1986.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/HP-1986.json", - "referenceNumber": 98, + "referenceNumber": 156, "name": "Hewlett-Packard 1986 License", "licenseId": "HP-1986", - "seeAlso": ["https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=newlib/libc/machine/hppa/memchr.S;h=1cca3e5e8867aa4bffef1f75a5c1bba25c0c441e;hb=HEAD#l2"], + "seeAlso": [ + "https://sourceware.org/git/?p\u003dnewlib-cygwin.git;a\u003dblob;f\u003dnewlib/libc/machine/hppa/memchr.S;h\u003d1cca3e5e8867aa4bffef1f75a5c1bba25c0c441e;hb\u003dHEAD#l2" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HP-1989.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HP-1989.json", + "referenceNumber": 210, + "name": "Hewlett-Packard 1989 License", + "licenseId": "HP-1989", + "seeAlso": [ + "https://github.com/bleargh45/Data-UUID/blob/master/LICENSE" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/HPND.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/HPND.json", - "referenceNumber": 172, + "referenceNumber": 382, "name": "Historical Permission Notice and Disclaimer", "licenseId": "HPND", - "seeAlso": ["https://opensource.org/licenses/HPND"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/HPND", + "http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/2002-November/006304.html" + ], + "isOsiApproved": true, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/HPND-DEC.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-DEC.json", + "referenceNumber": 457, + "name": "Historical Permission Notice and Disclaimer - DEC variant", + "licenseId": "HPND-DEC", + "seeAlso": [ + "https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/blob/master/COPYING?ref_type\u003dheads#L69" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-doc.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-doc.json", + "referenceNumber": 441, + "name": "Historical Permission Notice and Disclaimer - documentation variant", + "licenseId": "HPND-doc", + "seeAlso": [ + "https://gitlab.freedesktop.org/xorg/lib/libxext/-/blob/master/COPYING?ref_type\u003dheads#L185-197", + "https://gitlab.freedesktop.org/xorg/lib/libxtst/-/blob/master/COPYING?ref_type\u003dheads#L70-77" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-doc-sell.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-doc-sell.json", + "referenceNumber": 679, + "name": "Historical Permission Notice and Disclaimer - documentation sell variant", + "licenseId": "HPND-doc-sell", + "seeAlso": [ + "https://gitlab.freedesktop.org/xorg/lib/libxtst/-/blob/master/COPYING?ref_type\u003dheads#L108-117", + "https://gitlab.freedesktop.org/xorg/lib/libxext/-/blob/master/COPYING?ref_type\u003dheads#L153-162" + ], + "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/HPND-export-US.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/HPND-export-US.json", - "referenceNumber": 272, + "referenceNumber": 157, "name": "HPND with US Government export control warning", "licenseId": "HPND-export-US", - "seeAlso": ["https://www.kermitproject.org/ck90.html#source"], + "seeAlso": [ + "https://www.kermitproject.org/ck90.html#source" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-export-US-acknowledgement.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-export-US-acknowledgement.json", + "referenceNumber": 56, + "name": "HPND with US Government export control warning and acknowledgment", + "licenseId": "HPND-export-US-acknowledgement", + "seeAlso": [ + "https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L831-L852", + "https://web.mit.edu/kerberos/krb5-1.21/doc/mitK5license.html" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-export-US-modify.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-export-US-modify.json", + "referenceNumber": 475, + "name": "HPND with US Government export control warning and modification rqmt", + "licenseId": "HPND-export-US-modify", + "seeAlso": [ + "https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L1157-L1182", + "https://github.com/pythongssapi/k5test/blob/v0.10.3/K5TEST-LICENSE.txt" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-export2-US.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-export2-US.json", + "referenceNumber": 621, + "name": "HPND with US Government export control and 2 disclaimers", + "licenseId": "HPND-export2-US", + "seeAlso": [ + "https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L111-L133", + "https://web.mit.edu/kerberos/krb5-1.21/doc/mitK5license.html" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-Fenneberg-Livingston.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-Fenneberg-Livingston.json", + "referenceNumber": 407, + "name": "Historical Permission Notice and Disclaimer - Fenneberg-Livingston variant", + "licenseId": "HPND-Fenneberg-Livingston", + "seeAlso": [ + "https://github.com/FreeRADIUS/freeradius-client/blob/master/COPYRIGHT#L32", + "https://github.com/radcli/radcli/blob/master/COPYRIGHT#L34" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-INRIA-IMAG.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-INRIA-IMAG.json", + "referenceNumber": 611, + "name": "Historical Permission Notice and Disclaimer - INRIA-IMAG variant", + "licenseId": "HPND-INRIA-IMAG", + "seeAlso": [ + "https://github.com/ppp-project/ppp/blob/master/pppd/ipv6cp.c#L75-L83" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-Intel.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-Intel.json", + "referenceNumber": 86, + "name": "Historical Permission Notice and Disclaimer - Intel variant", + "licenseId": "HPND-Intel", + "seeAlso": [ + "https://sourceware.org/git/?p\u003dnewlib-cygwin.git;a\u003dblob;f\u003dnewlib/libc/machine/i960/memcpy.S;hb\u003dHEAD" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-Kevlin-Henney.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-Kevlin-Henney.json", + "referenceNumber": 278, + "name": "Historical Permission Notice and Disclaimer - Kevlin Henney variant", + "licenseId": "HPND-Kevlin-Henney", + "seeAlso": [ + "https://github.com/mruby/mruby/blob/83d12f8d52522cdb7c8cc46fad34821359f453e6/mrbgems/mruby-dir/src/Win/dirent.c#L127-L140" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/HPND-Markus-Kuhn.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/HPND-Markus-Kuhn.json", - "referenceNumber": 118, + "referenceNumber": 445, "name": "Historical Permission Notice and Disclaimer - Markus Kuhn variant", "licenseId": "HPND-Markus-Kuhn", "seeAlso": [ "https://www.cl.cam.ac.uk/~mgk25/ucs/wcwidth.c", - "https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=readline/readline/support/wcwidth.c;h=0f5ec995796f4813abbcf4972aec0378ab74722a;hb=HEAD#l55" + "https://sourceware.org/git/?p\u003dbinutils-gdb.git;a\u003dblob;f\u003dreadline/readline/support/wcwidth.c;h\u003d0f5ec995796f4813abbcf4972aec0378ab74722a;hb\u003dHEAD#l55" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-merchantability-variant.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-merchantability-variant.json", + "referenceNumber": 207, + "name": "Historical Permission Notice and Disclaimer - merchantability variant", + "licenseId": "HPND-merchantability-variant", + "seeAlso": [ + "https://sourceware.org/git/?p\u003dnewlib-cygwin.git;a\u003dblob;f\u003dnewlib/libc/misc/fini.c;hb\u003dHEAD" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-MIT-disclaimer.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-MIT-disclaimer.json", + "referenceNumber": 455, + "name": "Historical Permission Notice and Disclaimer with MIT disclaimer", + "licenseId": "HPND-MIT-disclaimer", + "seeAlso": [ + "https://metacpan.org/release/NLNETLABS/Net-DNS-SEC-1.22/source/LICENSE" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-Netrek.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-Netrek.json", + "referenceNumber": 608, + "name": "Historical Permission Notice and Disclaimer - Netrek variant", + "licenseId": "HPND-Netrek", + "seeAlso": [], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-Pbmplus.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-Pbmplus.json", + "referenceNumber": 675, + "name": "Historical Permission Notice and Disclaimer - Pbmplus variant", + "licenseId": "HPND-Pbmplus", + "seeAlso": [ + "https://sourceforge.net/p/netpbm/code/HEAD/tree/super_stable/netpbm.c#l8" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-sell-MIT-disclaimer-xserver.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-sell-MIT-disclaimer-xserver.json", + "referenceNumber": 649, + "name": "Historical Permission Notice and Disclaimer - sell xserver variant with MIT disclaimer", + "licenseId": "HPND-sell-MIT-disclaimer-xserver", + "seeAlso": [ + "https://gitlab.freedesktop.org/xorg/xserver/-/blob/master/COPYING?ref_type\u003dheads#L1781" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-sell-regexpr.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-sell-regexpr.json", + "referenceNumber": 527, + "name": "Historical Permission Notice and Disclaimer - sell regexpr variant", + "licenseId": "HPND-sell-regexpr", + "seeAlso": [ + "https://gitlab.com/bacula-org/bacula/-/blob/Branch-11.0/bacula/LICENSE-FOSS?ref_type\u003dheads#L245" ], "isOsiApproved": false }, @@ -2993,57 +4199,104 @@ "reference": "https://spdx.org/licenses/HPND-sell-variant.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/HPND-sell-variant.json", - "referenceNumber": 424, + "referenceNumber": 231, "name": "Historical Permission Notice and Disclaimer - sell variant", "licenseId": "HPND-sell-variant", - "seeAlso": ["https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/sunrpc/auth_gss/gss_generic_token.c?h=v4.19"], + "seeAlso": [ + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/sunrpc/auth_gss/gss_generic_token.c?h\u003dv4.19", + "https://github.com/kfish/xsel/blob/master/COPYING" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/HPND-sell-variant-MIT-disclaimer.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/HPND-sell-variant-MIT-disclaimer.json", - "referenceNumber": 103, + "referenceNumber": 75, "name": "HPND sell variant with MIT disclaimer", "licenseId": "HPND-sell-variant-MIT-disclaimer", - "seeAlso": ["https://github.com/sigmavirus24/x11-ssh-askpass/blob/master/README"], + "seeAlso": [ + "https://github.com/sigmavirus24/x11-ssh-askpass/blob/master/README" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-sell-variant-MIT-disclaimer-rev.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-sell-variant-MIT-disclaimer-rev.json", + "referenceNumber": 661, + "name": "HPND sell variant with MIT disclaimer - reverse", + "licenseId": "HPND-sell-variant-MIT-disclaimer-rev", + "seeAlso": [ + "https://github.com/sigmavirus24/x11-ssh-askpass/blob/master/dynlist.c" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-UC.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-UC.json", + "referenceNumber": 466, + "name": "Historical Permission Notice and Disclaimer - University of California variant", + "licenseId": "HPND-UC", + "seeAlso": [ + "https://core.tcl-lang.org/tk/file?name\u003dcompat/unistd.h" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/HPND-UC-export-US.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/HPND-UC-export-US.json", + "referenceNumber": 90, + "name": "Historical Permission Notice and Disclaimer - University of California, US export warning", + "licenseId": "HPND-UC-export-US", + "seeAlso": [ + "https://github.com/RTimothyEdwards/magic/blob/master/LICENSE" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/HTMLTIDY.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/HTMLTIDY.json", - "referenceNumber": 538, + "referenceNumber": 78, "name": "HTML Tidy License", "licenseId": "HTMLTIDY", - "seeAlso": ["https://github.com/htacg/tidy-html5/blob/next/README/LICENSE.md"], + "seeAlso": [ + "https://github.com/htacg/tidy-html5/blob/next/README/LICENSE.md" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/IBM-pibs.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/IBM-pibs.json", - "referenceNumber": 96, + "referenceNumber": 417, "name": "IBM PowerPC Initialization and Boot Software", "licenseId": "IBM-pibs", - "seeAlso": ["http://git.denx.de/?p=u-boot.git;a=blob;f=arch/powerpc/cpu/ppc4xx/miiphy.c;h=297155fdafa064b955e53e9832de93bfb0cfb85b;hb=9fab4bf4cc077c21e43941866f3f2c196f28670d"], + "seeAlso": [ + "http://git.denx.de/?p\u003du-boot.git;a\u003dblob;f\u003darch/powerpc/cpu/ppc4xx/miiphy.c;h\u003d297155fdafa064b955e53e9832de93bfb0cfb85b;hb\u003d9fab4bf4cc077c21e43941866f3f2c196f28670d" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/ICU.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/ICU.json", - "referenceNumber": 254, + "referenceNumber": 520, "name": "ICU License", "licenseId": "ICU", - "seeAlso": ["http://source.icu-project.org/repos/icu/icu/trunk/license.html"], - "isOsiApproved": false + "seeAlso": [ + "http://source.icu-project.org/repos/icu/icu/trunk/license.html" + ], + "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/IEC-Code-Components-EULA.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/IEC-Code-Components-EULA.json", - "referenceNumber": 546, + "referenceNumber": 211, "name": "IEC Code Components End-user licence agreement", "licenseId": "IEC-Code-Components-EULA", "seeAlso": [ @@ -3056,141 +4309,172 @@ { "reference": "https://spdx.org/licenses/IJG.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/IJG.json", - "referenceNumber": 110, + "referenceNumber": 672, "name": "Independent JPEG Group License", "licenseId": "IJG", - "seeAlso": ["http://dev.w3.org/cvsweb/Amaya/libjpeg/Attic/README?rev=1.2"], - "isOsiApproved": false + "seeAlso": [ + "http://dev.w3.org/cvsweb/Amaya/libjpeg/Attic/README?rev\u003d1.2" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/IJG-short.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/IJG-short.json", - "referenceNumber": 373, + "referenceNumber": 493, "name": "Independent JPEG Group License - short", "licenseId": "IJG-short", - "seeAlso": ["https://sourceforge.net/p/xmedcon/code/ci/master/tree/libs/ljpg/"], + "seeAlso": [ + "https://sourceforge.net/p/xmedcon/code/ci/master/tree/libs/ljpg/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/ImageMagick.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/ImageMagick.json", - "referenceNumber": 287, + "referenceNumber": 581, "name": "ImageMagick License", "licenseId": "ImageMagick", - "seeAlso": ["http://www.imagemagick.org/script/license.php"], + "seeAlso": [ + "http://www.imagemagick.org/script/license.php" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/iMatix.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/iMatix.json", - "referenceNumber": 430, + "referenceNumber": 129, "name": "iMatix Standard Function Library Agreement", "licenseId": "iMatix", - "seeAlso": ["http://legacy.imatix.com/html/sfl/sfl4.htm#license"], - "isOsiApproved": false + "seeAlso": [ + "http://legacy.imatix.com/html/sfl/sfl4.htm#license" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Imlib2.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Imlib2.json", - "referenceNumber": 477, + "referenceNumber": 365, "name": "Imlib2 License", "licenseId": "Imlib2", "seeAlso": [ "http://trac.enlightenment.org/e/browser/trunk/imlib2/COPYING", "https://git.enlightenment.org/legacy/imlib2.git/tree/COPYING" ], - "isOsiApproved": false + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Info-ZIP.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Info-ZIP.json", - "referenceNumber": 366, + "referenceNumber": 10, "name": "Info-ZIP License", "licenseId": "Info-ZIP", - "seeAlso": ["http://www.info-zip.org/license.html"], + "seeAlso": [ + "http://www.info-zip.org/license.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Inner-Net-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Inner-Net-2.0.json", - "referenceNumber": 241, + "referenceNumber": 352, "name": "Inner Net License v2.0", "licenseId": "Inner-Net-2.0", "seeAlso": [ "https://fedoraproject.org/wiki/Licensing/Inner_Net_License", - "https://sourceware.org/git/?p=glibc.git;a=blob;f=LICENSES;h=530893b1dc9ea00755603c68fb36bd4fc38a7be8;hb=HEAD#l207" + "https://sourceware.org/git/?p\u003dglibc.git;a\u003dblob;f\u003dLICENSES;h\u003d530893b1dc9ea00755603c68fb36bd4fc38a7be8;hb\u003dHEAD#l207" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/InnoSetup.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/InnoSetup.json", + "referenceNumber": 19, + "name": "Inno Setup License", + "licenseId": "InnoSetup", + "seeAlso": [ + "https://github.com/jrsoftware/issrc/blob/HEAD/license.txt" ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Intel.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Intel.json", - "referenceNumber": 486, + "referenceNumber": 462, "name": "Intel Open Source License", "licenseId": "Intel", - "seeAlso": ["https://opensource.org/licenses/Intel"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/Intel" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Intel-ACPI.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Intel-ACPI.json", - "referenceNumber": 65, + "referenceNumber": 509, "name": "Intel ACPI Software License Agreement", "licenseId": "Intel-ACPI", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Intel_ACPI_Software_License_Agreement"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Intel_ACPI_Software_License_Agreement" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Interbase-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Interbase-1.0.json", - "referenceNumber": 553, + "referenceNumber": 569, "name": "Interbase Public License v1.0", "licenseId": "Interbase-1.0", - "seeAlso": ["https://web.archive.org/web/20060319014854/http://info.borland.com/devsupport/interbase/opensource/IPL.html"], + "seeAlso": [ + "https://web.archive.org/web/20060319014854/http://info.borland.com/devsupport/interbase/opensource/IPL.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/IPA.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/IPA.json", - "referenceNumber": 383, + "referenceNumber": 49, "name": "IPA Font License", "licenseId": "IPA", - "seeAlso": ["https://opensource.org/licenses/IPA"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/IPA" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/IPL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/IPL-1.0.json", - "referenceNumber": 220, + "referenceNumber": 20, "name": "IBM Public License v1.0", "licenseId": "IPL-1.0", - "seeAlso": ["https://opensource.org/licenses/IPL-1.0"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/IPL-1.0" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/ISC.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/ISC.json", - "referenceNumber": 263, + "referenceNumber": 593, "name": "ISC License", "licenseId": "ISC", "seeAlso": [ @@ -3198,13 +4482,28 @@ "https://www.isc.org/downloads/software-support-policy/isc-license/", "https://opensource.org/licenses/ISC" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/ISC-Veillard.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/ISC-Veillard.json", + "referenceNumber": 401, + "name": "ISC Veillard variant", + "licenseId": "ISC-Veillard", + "seeAlso": [ + "https://raw.githubusercontent.com/GNOME/libxml2/4c2e7c651f6c2f0d1a74f350cbda95f7df3e7017/hash.c", + "https://github.com/GNOME/libxml2/blob/master/dict.c", + "https://sourceforge.net/p/ctrio/git/ci/master/tree/README" + ], + "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Jam.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Jam.json", - "referenceNumber": 445, + "referenceNumber": 409, "name": "Jam License", "licenseId": "Jam", "seeAlso": [ @@ -3217,215 +4516,256 @@ "reference": "https://spdx.org/licenses/JasPer-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/JasPer-2.0.json", - "referenceNumber": 537, + "referenceNumber": 316, "name": "JasPer License", "licenseId": "JasPer-2.0", - "seeAlso": ["http://www.ece.uvic.ca/~mdadams/jasper/LICENSE"], + "seeAlso": [ + "http://www.ece.uvic.ca/~mdadams/jasper/LICENSE" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/JPL-image.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/JPL-image.json", - "referenceNumber": 81, + "referenceNumber": 195, "name": "JPL Image Use Policy", "licenseId": "JPL-image", - "seeAlso": ["https://www.jpl.nasa.gov/jpl-image-use-policy"], + "seeAlso": [ + "https://www.jpl.nasa.gov/jpl-image-use-policy" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/JPNIC.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/JPNIC.json", - "referenceNumber": 50, + "referenceNumber": 22, "name": "Japan Network Information Center License", "licenseId": "JPNIC", - "seeAlso": ["https://gitlab.isc.org/isc-projects/bind9/blob/master/COPYRIGHT#L366"], + "seeAlso": [ + "https://gitlab.isc.org/isc-projects/bind9/blob/master/COPYRIGHT#L366" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/JSON.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/JSON.json", - "referenceNumber": 543, + "referenceNumber": 662, "name": "JSON License", "licenseId": "JSON", - "seeAlso": ["http://www.json.org/license.html"], + "seeAlso": [ + "http://www.json.org/license.html" + ], + "isOsiApproved": false, + "isFsfLibre": false + }, + { + "reference": "https://spdx.org/licenses/Kastrup.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Kastrup.json", + "referenceNumber": 468, + "name": "Kastrup License", + "licenseId": "Kastrup", + "seeAlso": [ + "https://ctan.math.utah.edu/ctan/tex-archive/macros/generic/kastrup/binhex.dtx" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Kazlib.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Kazlib.json", - "referenceNumber": 229, + "referenceNumber": 71, "name": "Kazlib License", "licenseId": "Kazlib", - "seeAlso": ["http://git.savannah.gnu.org/cgit/kazlib.git/tree/except.c?id=0062df360c2d17d57f6af19b0e444c51feb99036"], + "seeAlso": [ + "http://git.savannah.gnu.org/cgit/kazlib.git/tree/except.c?id\u003d0062df360c2d17d57f6af19b0e444c51feb99036" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Knuth-CTAN.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Knuth-CTAN.json", - "referenceNumber": 222, + "referenceNumber": 505, "name": "Knuth CTAN License", "licenseId": "Knuth-CTAN", - "seeAlso": ["https://ctan.org/license/knuth"], + "seeAlso": [ + "https://ctan.org/license/knuth" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/LAL-1.2.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LAL-1.2.json", - "referenceNumber": 176, + "referenceNumber": 484, "name": "Licence Art Libre 1.2", "licenseId": "LAL-1.2", - "seeAlso": ["http://artlibre.org/licence/lal/licence-art-libre-12/"], + "seeAlso": [ + "http://artlibre.org/licence/lal/licence-art-libre-12/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/LAL-1.3.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LAL-1.3.json", - "referenceNumber": 515, + "referenceNumber": 363, "name": "Licence Art Libre 1.3", "licenseId": "LAL-1.3", - "seeAlso": ["https://artlibre.org/"], + "seeAlso": [ + "https://artlibre.org/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Latex2e.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Latex2e.json", - "referenceNumber": 303, + "referenceNumber": 83, "name": "Latex2e License", "licenseId": "Latex2e", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Latex2e"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Latex2e" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Latex2e-translated-notice.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Latex2e-translated-notice.json", - "referenceNumber": 26, + "referenceNumber": 48, "name": "Latex2e with translated notice permission", "licenseId": "Latex2e-translated-notice", - "seeAlso": ["https://git.savannah.gnu.org/cgit/indent.git/tree/doc/indent.texi?id=a74c6b4ee49397cf330b333da1042bffa60ed14f#n74"], + "seeAlso": [ + "https://git.savannah.gnu.org/cgit/indent.git/tree/doc/indent.texi?id\u003da74c6b4ee49397cf330b333da1042bffa60ed14f#n74" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Leptonica.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Leptonica.json", - "referenceNumber": 206, + "referenceNumber": 391, "name": "Leptonica License", "licenseId": "Leptonica", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Leptonica"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Leptonica" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/LGPL-2.0.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/LGPL-2.0.json", - "referenceNumber": 470, + "referenceNumber": 570, "name": "GNU Library General Public License v2 only", "licenseId": "LGPL-2.0", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/LGPL-2.0+.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/LGPL-2.0+.json", - "referenceNumber": 82, + "referenceNumber": 412, "name": "GNU Library General Public License v2 or later", "licenseId": "LGPL-2.0+", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/LGPL-2.0-only.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LGPL-2.0-only.json", - "referenceNumber": 19, + "referenceNumber": 458, "name": "GNU Library General Public License v2 only", "licenseId": "LGPL-2.0-only", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/LGPL-2.0-or-later.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LGPL-2.0-or-later.json", - "referenceNumber": 350, + "referenceNumber": 168, "name": "GNU Library General Public License v2 or later", "licenseId": "LGPL-2.0-or-later", - "seeAlso": ["https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"], + "seeAlso": [ + "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/LGPL-2.1.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/LGPL-2.1.json", - "referenceNumber": 554, + "referenceNumber": 224, "name": "GNU Lesser General Public License v2.1 only", "licenseId": "LGPL-2.1", "seeAlso": [ "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", "https://opensource.org/licenses/LGPL-2.1" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/LGPL-2.1+.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/LGPL-2.1+.json", - "referenceNumber": 198, + "referenceNumber": 566, "name": "GNU Lesser General Public License v2.1 or later", "licenseId": "LGPL-2.1+", "seeAlso": [ "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", "https://opensource.org/licenses/LGPL-2.1" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/LGPL-2.1-only.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/LGPL-2.1-only.json", - "referenceNumber": 359, + "referenceNumber": 59, "name": "GNU Lesser General Public License v2.1 only", "licenseId": "LGPL-2.1-only", "seeAlso": [ "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", "https://opensource.org/licenses/LGPL-2.1" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/LGPL-2.1-or-later.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/LGPL-2.1-or-later.json", - "referenceNumber": 66, + "referenceNumber": 97, "name": "GNU Lesser General Public License v2.1 or later", "licenseId": "LGPL-2.1-or-later", "seeAlso": [ "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html", "https://opensource.org/licenses/LGPL-2.1" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/LGPL-3.0.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/LGPL-3.0.json", - "referenceNumber": 298, + "referenceNumber": 372, "name": "GNU Lesser General Public License v3.0 only", "licenseId": "LGPL-3.0", "seeAlso": [ @@ -3433,14 +4773,14 @@ "https://www.gnu.org/licenses/lgpl+gpl-3.0.txt", "https://opensource.org/licenses/LGPL-3.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/LGPL-3.0+.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/LGPL-3.0+.json", - "referenceNumber": 231, + "referenceNumber": 405, "name": "GNU Lesser General Public License v3.0 or later", "licenseId": "LGPL-3.0+", "seeAlso": [ @@ -3448,14 +4788,14 @@ "https://www.gnu.org/licenses/lgpl+gpl-3.0.txt", "https://opensource.org/licenses/LGPL-3.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/LGPL-3.0-only.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/LGPL-3.0-only.json", - "referenceNumber": 10, + "referenceNumber": 571, "name": "GNU Lesser General Public License v3.0 only", "licenseId": "LGPL-3.0-only", "seeAlso": [ @@ -3463,14 +4803,14 @@ "https://www.gnu.org/licenses/lgpl+gpl-3.0.txt", "https://opensource.org/licenses/LGPL-3.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/LGPL-3.0-or-later.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/LGPL-3.0-or-later.json", - "referenceNumber": 293, + "referenceNumber": 313, "name": "GNU Lesser General Public License v3.0 or later", "licenseId": "LGPL-3.0-or-later", "seeAlso": [ @@ -3478,63 +4818,74 @@ "https://www.gnu.org/licenses/lgpl+gpl-3.0.txt", "https://opensource.org/licenses/LGPL-3.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/LGPLLR.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LGPLLR.json", - "referenceNumber": 56, + "referenceNumber": 76, "name": "Lesser General Public License For Linguistic Resources", "licenseId": "LGPLLR", - "seeAlso": ["http://www-igm.univ-mlv.fr/~unitex/lgpllr.html"], + "seeAlso": [ + "http://www-igm.univ-mlv.fr/~unitex/lgpllr.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Libpng.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Libpng.json", - "referenceNumber": 21, + "referenceNumber": 648, "name": "libpng License", "licenseId": "Libpng", - "seeAlso": ["http://www.libpng.org/pub/png/src/libpng-LICENSE.txt"], + "seeAlso": [ + "http://www.libpng.org/pub/png/src/libpng-LICENSE.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/libpng-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/libpng-2.0.json", - "referenceNumber": 453, + "referenceNumber": 390, "name": "PNG Reference Library version 2", "licenseId": "libpng-2.0", - "seeAlso": ["http://www.libpng.org/pub/png/src/libpng-LICENSE.txt"], + "seeAlso": [ + "http://www.libpng.org/pub/png/src/libpng-LICENSE.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/libselinux-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/libselinux-1.0.json", - "referenceNumber": 501, + "referenceNumber": 406, "name": "libselinux public domain notice", "licenseId": "libselinux-1.0", - "seeAlso": ["https://github.com/SELinuxProject/selinux/blob/master/libselinux/LICENSE"], + "seeAlso": [ + "https://github.com/SELinuxProject/selinux/blob/master/libselinux/LICENSE" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/libtiff.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/libtiff.json", - "referenceNumber": 227, + "referenceNumber": 589, "name": "libtiff License", "licenseId": "libtiff", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/libtiff"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/libtiff" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/libutil-David-Nugent.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/libutil-David-Nugent.json", - "referenceNumber": 531, + "referenceNumber": 218, "name": "libutil David Nugent License", "licenseId": "libutil-David-Nugent", "seeAlso": [ @@ -3547,8 +4898,8 @@ "reference": "https://spdx.org/licenses/LiLiQ-P-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LiLiQ-P-1.1.json", - "referenceNumber": 48, - "name": "Licence Libre du QuÊbec \u2013 Permissive version 1.1", + "referenceNumber": 289, + "name": "Licence Libre du QuÊbec – Permissive version 1.1", "licenseId": "LiLiQ-P-1.1", "seeAlso": [ "https://forge.gouv.qc.ca/licence/fr/liliq-v1-1/", @@ -3560,8 +4911,8 @@ "reference": "https://spdx.org/licenses/LiLiQ-R-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LiLiQ-R-1.1.json", - "referenceNumber": 418, - "name": "Licence Libre du QuÊbec \u2013 RÊciprocitÊ version 1.1", + "referenceNumber": 354, + "name": "Licence Libre du QuÊbec – RÊciprocitÊ version 1.1", "licenseId": "LiLiQ-R-1.1", "seeAlso": [ "https://www.forge.gouv.qc.ca/participez/licence-logicielle/licence-libre-du-quebec-liliq-en-francais/licence-libre-du-quebec-reciprocite-liliq-r-v1-1/", @@ -3573,8 +4924,8 @@ "reference": "https://spdx.org/licenses/LiLiQ-Rplus-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LiLiQ-Rplus-1.1.json", - "referenceNumber": 286, - "name": "Licence Libre du QuÊbec \u2013 RÊciprocitÊ forte version 1.1", + "referenceNumber": 222, + "name": "Licence Libre du QuÊbec – RÊciprocitÊ forte version 1.1", "licenseId": "LiLiQ-Rplus-1.1", "seeAlso": [ "https://www.forge.gouv.qc.ca/participez/licence-logicielle/licence-libre-du-quebec-liliq-en-francais/licence-libre-du-quebec-reciprocite-forte-liliq-r-v1-1/", @@ -3586,27 +4937,31 @@ "reference": "https://spdx.org/licenses/Linux-man-pages-1-para.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Linux-man-pages-1-para.json", - "referenceNumber": 409, + "referenceNumber": 419, "name": "Linux man-pages - 1 paragraph", "licenseId": "Linux-man-pages-1-para", - "seeAlso": ["https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/man2/getcpu.2#n4"], + "seeAlso": [ + "https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/man2/getcpu.2#n4" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Linux-man-pages-copyleft.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Linux-man-pages-copyleft.json", - "referenceNumber": 469, + "referenceNumber": 585, "name": "Linux man-pages Copyleft", "licenseId": "Linux-man-pages-copyleft", - "seeAlso": ["https://www.kernel.org/doc/man-pages/licenses.html"], + "seeAlso": [ + "https://www.kernel.org/doc/man-pages/licenses.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Linux-man-pages-copyleft-2-para.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Linux-man-pages-copyleft-2-para.json", - "referenceNumber": 167, + "referenceNumber": 633, "name": "Linux man-pages Copyleft - 2 paragraphs", "licenseId": "Linux-man-pages-copyleft-2-para", "seeAlso": [ @@ -3619,32 +4974,36 @@ "reference": "https://spdx.org/licenses/Linux-man-pages-copyleft-var.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Linux-man-pages-copyleft-var.json", - "referenceNumber": 400, + "referenceNumber": 480, "name": "Linux man-pages Copyleft Variant", "licenseId": "Linux-man-pages-copyleft-var", - "seeAlso": ["https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/man2/set_mempolicy.2#n5"], + "seeAlso": [ + "https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/man2/set_mempolicy.2#n5" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Linux-OpenIB.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Linux-OpenIB.json", - "referenceNumber": 25, + "referenceNumber": 383, "name": "Linux Kernel Variant of OpenIB.org license", "licenseId": "Linux-OpenIB", - "seeAlso": ["https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/infiniband/core/sa.h"], + "seeAlso": [ + "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/infiniband/core/sa.h" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/LOOP.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LOOP.json", - "referenceNumber": 357, + "referenceNumber": 132, "name": "Common Lisp LOOP License", "licenseId": "LOOP", "seeAlso": [ "https://gitlab.com/embeddable-common-lisp/ecl/-/blob/develop/src/lsp/loop.lsp", - "http://git.savannah.gnu.org/cgit/gcl.git/tree/gcl/lsp/gcl_loop.lsp?h=Version_2_6_13pre", + "http://git.savannah.gnu.org/cgit/gcl.git/tree/gcl/lsp/gcl_loop.lsp?h\u003dVersion_2_6_13pre", "https://sourceforge.net/p/sbcl/sbcl/ci/master/tree/src/code/loop.lisp", "https://github.com/cl-adams/adams/blob/master/LICENSE.md", "https://github.com/blakemcbride/eclipse-lisp/blob/master/lisp/loop.lisp", @@ -3652,77 +5011,100 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/LPD-document.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/LPD-document.json", + "referenceNumber": 341, + "name": "LPD Documentation License", + "licenseId": "LPD-document", + "seeAlso": [ + "https://github.com/Cyan4973/xxHash/blob/dev/doc/xxhash_spec.md", + "https://www.ietf.org/rfc/rfc1952.txt" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/LPL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LPL-1.0.json", - "referenceNumber": 102, + "referenceNumber": 537, "name": "Lucent Public License Version 1.0", "licenseId": "LPL-1.0", - "seeAlso": ["https://opensource.org/licenses/LPL-1.0"], + "seeAlso": [ + "https://opensource.org/licenses/LPL-1.0" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/LPL-1.02.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/LPL-1.02.json", - "referenceNumber": 0, + "referenceNumber": 269, "name": "Lucent Public License v1.02", "licenseId": "LPL-1.02", "seeAlso": [ "http://plan9.bell-labs.com/plan9/license.html", "https://opensource.org/licenses/LPL-1.02" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/LPPL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LPPL-1.0.json", - "referenceNumber": 541, + "referenceNumber": 653, "name": "LaTeX Project Public License v1.0", "licenseId": "LPPL-1.0", - "seeAlso": ["http://www.latex-project.org/lppl/lppl-1-0.txt"], + "seeAlso": [ + "http://www.latex-project.org/lppl/lppl-1-0.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/LPPL-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LPPL-1.1.json", - "referenceNumber": 99, + "referenceNumber": 538, "name": "LaTeX Project Public License v1.1", "licenseId": "LPPL-1.1", - "seeAlso": ["http://www.latex-project.org/lppl/lppl-1-1.txt"], + "seeAlso": [ + "http://www.latex-project.org/lppl/lppl-1-1.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/LPPL-1.2.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/LPPL-1.2.json", - "referenceNumber": 429, + "referenceNumber": 104, "name": "LaTeX Project Public License v1.2", "licenseId": "LPPL-1.2", - "seeAlso": ["http://www.latex-project.org/lppl/lppl-1-2.txt"], - "isOsiApproved": false + "seeAlso": [ + "http://www.latex-project.org/lppl/lppl-1-2.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/LPPL-1.3a.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/LPPL-1.3a.json", - "referenceNumber": 516, + "referenceNumber": 523, "name": "LaTeX Project Public License v1.3a", "licenseId": "LPPL-1.3a", - "seeAlso": ["http://www.latex-project.org/lppl/lppl-1-3a.txt"], - "isOsiApproved": false + "seeAlso": [ + "http://www.latex-project.org/lppl/lppl-1-3a.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/LPPL-1.3c.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LPPL-1.3c.json", - "referenceNumber": 237, + "referenceNumber": 11, "name": "LaTeX Project Public License v1.3c", "licenseId": "LPPL-1.3c", "seeAlso": [ @@ -3731,11 +5113,35 @@ ], "isOsiApproved": true }, + { + "reference": "https://spdx.org/licenses/lsof.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/lsof.json", + "referenceNumber": 259, + "name": "lsof License", + "licenseId": "lsof", + "seeAlso": [ + "https://github.com/lsof-org/lsof/blob/master/COPYING" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Lucida-Bitmap-Fonts.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Lucida-Bitmap-Fonts.json", + "referenceNumber": 330, + "name": "Lucida Bitmap Fonts License", + "licenseId": "Lucida-Bitmap-Fonts", + "seeAlso": [ + "https://gitlab.freedesktop.org/xorg/font/bh-100dpi/-/blob/master/COPYING?ref_type\u003dheads" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/LZMA-SDK-9.11-to-9.20.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LZMA-SDK-9.11-to-9.20.json", - "referenceNumber": 431, + "referenceNumber": 273, "name": "LZMA SDK License (versions 9.11 to 9.20)", "licenseId": "LZMA-SDK-9.11-to-9.20", "seeAlso": [ @@ -3748,7 +5154,7 @@ "reference": "https://spdx.org/licenses/LZMA-SDK-9.22.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/LZMA-SDK-9.22.json", - "referenceNumber": 449, + "referenceNumber": 446, "name": "LZMA SDK License (versions 9.22 and beyond)", "licenseId": "LZMA-SDK-9.22", "seeAlso": [ @@ -3757,41 +5163,107 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/Mackerras-3-Clause.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Mackerras-3-Clause.json", + "referenceNumber": 503, + "name": "Mackerras 3-Clause License", + "licenseId": "Mackerras-3-Clause", + "seeAlso": [ + "https://github.com/ppp-project/ppp/blob/master/pppd/chap_ms.c#L6-L28" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Mackerras-3-Clause-acknowledgment.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Mackerras-3-Clause-acknowledgment.json", + "referenceNumber": 564, + "name": "Mackerras 3-Clause - acknowledgment variant", + "licenseId": "Mackerras-3-Clause-acknowledgment", + "seeAlso": [ + "https://github.com/ppp-project/ppp/blob/master/pppd/auth.c#L6-L28" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/magaz.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/magaz.json", + "referenceNumber": 217, + "name": "magaz License", + "licenseId": "magaz", + "seeAlso": [ + "https://mirrors.nic.cz/tex-archive/macros/latex/contrib/magaz/magaz.tex" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/mailprio.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/mailprio.json", + "referenceNumber": 62, + "name": "mailprio License", + "licenseId": "mailprio", + "seeAlso": [ + "https://fossies.org/linux/sendmail/contrib/mailprio" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/MakeIndex.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MakeIndex.json", - "referenceNumber": 123, + "referenceNumber": 291, "name": "MakeIndex License", "licenseId": "MakeIndex", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/MakeIndex"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/MakeIndex" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Martin-Birgmeier.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Martin-Birgmeier.json", - "referenceNumber": 380, + "referenceNumber": 186, "name": "Martin Birgmeier License", "licenseId": "Martin-Birgmeier", - "seeAlso": ["https://github.com/Perl/perl5/blob/blead/util.c#L6136"], + "seeAlso": [ + "https://github.com/Perl/perl5/blob/blead/util.c#L6136" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/McPhee-slideshow.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/McPhee-slideshow.json", + "referenceNumber": 189, + "name": "McPhee Slideshow License", + "licenseId": "McPhee-slideshow", + "seeAlso": [ + "https://mirror.las.iastate.edu/tex-archive/graphics/metapost/contrib/macros/slideshow/slideshow.mp" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/metamail.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/metamail.json", - "referenceNumber": 474, + "referenceNumber": 512, "name": "metamail License", "licenseId": "metamail", - "seeAlso": ["https://github.com/Dual-Life/mime-base64/blob/master/Base64.xs#L12"], + "seeAlso": [ + "https://github.com/Dual-Life/mime-base64/blob/master/Base64.xs#L12" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Minpack.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Minpack.json", - "referenceNumber": 300, + "referenceNumber": 609, "name": "Minpack License", "licenseId": "Minpack", "seeAlso": [ @@ -3800,32 +5272,48 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/MIPS.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/MIPS.json", + "referenceNumber": 550, + "name": "MIPS License", + "licenseId": "MIPS", + "seeAlso": [ + "https://sourceware.org/cgit/binutils-gdb/tree/include/coff/sym.h#n11" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/MirOS.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MirOS.json", - "referenceNumber": 443, + "referenceNumber": 16, "name": "The MirOS Licence", "licenseId": "MirOS", - "seeAlso": ["https://opensource.org/licenses/MirOS"], + "seeAlso": [ + "https://opensource.org/licenses/MirOS" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/MIT.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/MIT.json", - "referenceNumber": 223, + "referenceNumber": 144, "name": "MIT License", "licenseId": "MIT", - "seeAlso": ["https://opensource.org/licenses/MIT"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/license/mit/" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/MIT-0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MIT-0.json", - "referenceNumber": 369, + "referenceNumber": 127, "name": "MIT No Attribution", "licenseId": "MIT-0", "seeAlso": [ @@ -3839,21 +5327,35 @@ "reference": "https://spdx.org/licenses/MIT-advertising.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MIT-advertising.json", - "referenceNumber": 382, + "referenceNumber": 246, "name": "Enlightenment License (e16)", "licenseId": "MIT-advertising", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/MIT_With_Advertising"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/MIT_With_Advertising" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/MIT-Click.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/MIT-Click.json", + "referenceNumber": 374, + "name": "MIT Click License", + "licenseId": "MIT-Click", + "seeAlso": [ + "https://github.com/kohler/t1utils/blob/master/LICENSE" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/MIT-CMU.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MIT-CMU.json", - "referenceNumber": 24, + "referenceNumber": 469, "name": "CMU License", "licenseId": "MIT-CMU", "seeAlso": [ - "https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT#CMU_Style", + "https://fedoraproject.org/wiki/Licensing:MIT?rd\u003dLicensing/MIT#CMU_Style", "https://github.com/python-pillow/Pillow/blob/fffb426092c8db24a5f4b6df243a8a3c01fb63cd/LICENSE" ], "isOsiApproved": false @@ -3862,27 +5364,31 @@ "reference": "https://spdx.org/licenses/MIT-enna.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MIT-enna.json", - "referenceNumber": 465, + "referenceNumber": 196, "name": "enna License", "licenseId": "MIT-enna", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/MIT#enna"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/MIT#enna" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/MIT-feh.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MIT-feh.json", - "referenceNumber": 234, + "referenceNumber": 223, "name": "feh License", "licenseId": "MIT-feh", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/MIT#feh"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/MIT#feh" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/MIT-Festival.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MIT-Festival.json", - "referenceNumber": 423, + "referenceNumber": 167, "name": "MIT Festival Variant", "licenseId": "MIT-Festival", "seeAlso": [ @@ -3891,11 +5397,23 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/MIT-Khronos-old.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/MIT-Khronos-old.json", + "referenceNumber": 340, + "name": "MIT Khronos - old variant", + "licenseId": "MIT-Khronos-old", + "seeAlso": [ + "https://github.com/KhronosGroup/SPIRV-Cross/blob/main/LICENSES/LicenseRef-KhronosFreeUse.txt" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/MIT-Modern-Variant.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MIT-Modern-Variant.json", - "referenceNumber": 548, + "referenceNumber": 573, "name": "MIT License Modern Variant", "licenseId": "MIT-Modern-Variant", "seeAlso": [ @@ -3909,7 +5427,7 @@ "reference": "https://spdx.org/licenses/MIT-open-group.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MIT-open-group.json", - "referenceNumber": 46, + "referenceNumber": 552, "name": "MIT Open Group variant", "licenseId": "MIT-open-group", "seeAlso": [ @@ -3920,61 +5438,107 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/MIT-testregex.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/MIT-testregex.json", + "referenceNumber": 133, + "name": "MIT testregex Variant", + "licenseId": "MIT-testregex", + "seeAlso": [ + "https://github.com/dotnet/runtime/blob/55e1ac7c07df62c4108d4acedf78f77574470ce5/src/libraries/System.Text.RegularExpressions/tests/FunctionalTests/AttRegexTests.cs#L12-L28" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/MIT-Wu.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MIT-Wu.json", - "referenceNumber": 421, + "referenceNumber": 467, "name": "MIT Tom Wu Variant", "licenseId": "MIT-Wu", - "seeAlso": ["https://github.com/chromium/octane/blob/master/crypto.js"], + "seeAlso": [ + "https://github.com/chromium/octane/blob/master/crypto.js" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/MITNFA.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MITNFA.json", - "referenceNumber": 145, + "referenceNumber": 588, "name": "MIT +no-false-attribs license", "licenseId": "MITNFA", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/MITNFA"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/MITNFA" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/MMIXware.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/MMIXware.json", + "referenceNumber": 54, + "name": "MMIXware License", + "licenseId": "MMIXware", + "seeAlso": [ + "https://gitlab.lrz.de/mmix/mmixware/-/blob/master/boilerplate.w" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Motosoto.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Motosoto.json", - "referenceNumber": 358, + "referenceNumber": 208, "name": "Motosoto License", "licenseId": "Motosoto", - "seeAlso": ["https://opensource.org/licenses/Motosoto"], + "seeAlso": [ + "https://opensource.org/licenses/Motosoto" + ], "isOsiApproved": true }, + { + "reference": "https://spdx.org/licenses/MPEG-SSG.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/MPEG-SSG.json", + "referenceNumber": 597, + "name": "MPEG Software Simulation", + "licenseId": "MPEG-SSG", + "seeAlso": [ + "https://sourceforge.net/p/netpbm/code/HEAD/tree/super_stable/converter/ppm/ppmtompeg/jrevdct.c#l1189" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/mpi-permissive.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/mpi-permissive.json", - "referenceNumber": 295, + "referenceNumber": 482, "name": "mpi Permissive License", "licenseId": "mpi-permissive", - "seeAlso": ["https://sources.debian.org/src/openmpi/4.1.0-10/ompi/debuggers/msgq_interface.h/?hl=19#L19"], + "seeAlso": [ + "https://sources.debian.org/src/openmpi/4.1.0-10/ompi/debuggers/msgq_interface.h/?hl\u003d19#L19" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/mpich2.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/mpich2.json", - "referenceNumber": 281, + "referenceNumber": 118, "name": "mpich2 License", "licenseId": "mpich2", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/MIT"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/MIT" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/MPL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MPL-1.0.json", - "referenceNumber": 94, + "referenceNumber": 32, "name": "Mozilla Public License 1.0", "licenseId": "MPL-1.0", "seeAlso": [ @@ -3986,36 +5550,36 @@ { "reference": "https://spdx.org/licenses/MPL-1.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/MPL-1.1.json", - "referenceNumber": 192, + "referenceNumber": 25, "name": "Mozilla Public License 1.1", "licenseId": "MPL-1.1", "seeAlso": [ "http://www.mozilla.org/MPL/MPL-1.1.html", "https://opensource.org/licenses/MPL-1.1" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/MPL-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/MPL-2.0.json", - "referenceNumber": 236, + "referenceNumber": 249, "name": "Mozilla Public License 2.0", "licenseId": "MPL-2.0", "seeAlso": [ "https://www.mozilla.org/MPL/2.0/", "https://opensource.org/licenses/MPL-2.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/MPL-2.0-no-copyleft-exception.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MPL-2.0-no-copyleft-exception.json", - "referenceNumber": 67, + "referenceNumber": 350, "name": "Mozilla Public License 2.0 (no copyleft exception)", "licenseId": "MPL-2.0-no-copyleft-exception", "seeAlso": [ @@ -4028,17 +5592,19 @@ "reference": "https://spdx.org/licenses/mplus.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/mplus.json", - "referenceNumber": 157, + "referenceNumber": 85, "name": "mplus Font License", "licenseId": "mplus", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing:Mplus?rd=Licensing/mplus"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing:Mplus?rd\u003dLicensing/mplus" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/MS-LPL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MS-LPL.json", - "referenceNumber": 181, + "referenceNumber": 370, "name": "Microsoft Limited Public License", "licenseId": "MS-LPL", "seeAlso": [ @@ -4051,46 +5617,48 @@ { "reference": "https://spdx.org/licenses/MS-PL.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/MS-PL.json", - "referenceNumber": 345, + "referenceNumber": 430, "name": "Microsoft Public License", "licenseId": "MS-PL", "seeAlso": [ "http://www.microsoft.com/opensource/licenses.mspx", "https://opensource.org/licenses/MS-PL" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/MS-RL.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/MS-RL.json", - "referenceNumber": 23, + "referenceNumber": 285, "name": "Microsoft Reciprocal License", "licenseId": "MS-RL", "seeAlso": [ "http://www.microsoft.com/opensource/licenses.mspx", "https://opensource.org/licenses/MS-RL" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/MTLL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MTLL.json", - "referenceNumber": 80, + "referenceNumber": 620, "name": "Matrix Template Library License", "licenseId": "MTLL", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Matrix_Template_Library_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Matrix_Template_Library_License" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/MulanPSL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MulanPSL-1.0.json", - "referenceNumber": 290, + "referenceNumber": 599, "name": "Mulan Permissive Software License, Version 1", "licenseId": "MulanPSL-1.0", "seeAlso": [ @@ -4103,37 +5671,43 @@ "reference": "https://spdx.org/licenses/MulanPSL-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/MulanPSL-2.0.json", - "referenceNumber": 490, + "referenceNumber": 327, "name": "Mulan Permissive Software License, Version 2", "licenseId": "MulanPSL-2.0", - "seeAlso": ["https://license.coscl.org.cn/MulanPSL2/"], + "seeAlso": [ + "https://license.coscl.org.cn/MulanPSL2" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/Multics.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Multics.json", - "referenceNumber": 247, + "referenceNumber": 427, "name": "Multics License", "licenseId": "Multics", - "seeAlso": ["https://opensource.org/licenses/Multics"], + "seeAlso": [ + "https://opensource.org/licenses/Multics" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/Mup.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Mup.json", - "referenceNumber": 480, + "referenceNumber": 371, "name": "Mup License", "licenseId": "Mup", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Mup"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Mup" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/NAIST-2003.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NAIST-2003.json", - "referenceNumber": 39, + "referenceNumber": 220, "name": "Nara Institute of Science and Technology License (2003)", "licenseId": "NAIST-2003", "seeAlso": [ @@ -4145,116 +5719,160 @@ { "reference": "https://spdx.org/licenses/NASA-1.3.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/NASA-1.3.json", - "referenceNumber": 360, + "referenceNumber": 486, "name": "NASA Open Source Agreement 1.3", "licenseId": "NASA-1.3", "seeAlso": [ "http://ti.arc.nasa.gov/opensource/nosa/", "https://opensource.org/licenses/NASA-1.3" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/Naumen.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Naumen.json", - "referenceNumber": 339, + "referenceNumber": 594, "name": "Naumen Public License", "licenseId": "Naumen", - "seeAlso": ["https://opensource.org/licenses/Naumen"], + "seeAlso": [ + "https://opensource.org/licenses/Naumen" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/NBPL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NBPL-1.0.json", - "referenceNumber": 517, + "referenceNumber": 240, "name": "Net Boolean Public License v1", "licenseId": "NBPL-1.0", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=37b4b3f6cc4bf34e1d3dec61e69914b9819d8894"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d37b4b3f6cc4bf34e1d3dec61e69914b9819d8894" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/NCBI-PD.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/NCBI-PD.json", + "referenceNumber": 395, + "name": "NCBI Public Domain Notice", + "licenseId": "NCBI-PD", + "seeAlso": [ + "https://github.com/ncbi/sra-tools/blob/e8e5b6af4edc460156ad9ce5902d0779cffbf685/LICENSE", + "https://github.com/ncbi/datasets/blob/0ea4cd16b61e5b799d9cc55aecfa016d6c9bd2bf/LICENSE.md", + "https://github.com/ncbi/gprobe/blob/de64d30fee8b4c4013094d7d3139ea89b5dd1ace/LICENSE", + "https://github.com/ncbi/egapx/blob/08930b9dec0c69b2d1a05e5153c7b95ef0a3eb0f/LICENSE", + "https://github.com/ncbi/datasets/blob/master/LICENSE.md" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/NCGL-UK-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NCGL-UK-2.0.json", - "referenceNumber": 113, + "referenceNumber": 212, "name": "Non-Commercial Government Licence", "licenseId": "NCGL-UK-2.0", - "seeAlso": ["http://www.nationalarchives.gov.uk/doc/non-commercial-government-licence/version/2/"], + "seeAlso": [ + "http://www.nationalarchives.gov.uk/doc/non-commercial-government-licence/version/2/" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/NCL.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/NCL.json", + "referenceNumber": 152, + "name": "NCL Source Code License", + "licenseId": "NCL", + "seeAlso": [ + "https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/modules/module-filter-chain/pffft.c?ref_type\u003dheads#L1-52" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/NCSA.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/NCSA.json", - "referenceNumber": 199, + "referenceNumber": 478, "name": "University of Illinois/NCSA Open Source License", "licenseId": "NCSA", "seeAlso": [ "http://otm.illinois.edu/uiuc_openSource", "https://opensource.org/licenses/NCSA" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Net-SNMP.html", - "isDeprecatedLicenseId": false, + "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/Net-SNMP.json", - "referenceNumber": 74, + "referenceNumber": 440, "name": "Net-SNMP License", "licenseId": "Net-SNMP", - "seeAlso": ["http://net-snmp.sourceforge.net/about/license.html"], + "seeAlso": [ + "http://net-snmp.sourceforge.net/about/license.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/NetCDF.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NetCDF.json", - "referenceNumber": 321, + "referenceNumber": 303, "name": "NetCDF license", "licenseId": "NetCDF", - "seeAlso": ["http://www.unidata.ucar.edu/software/netcdf/copyright.html"], + "seeAlso": [ + "http://www.unidata.ucar.edu/software/netcdf/copyright.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Newsletr.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Newsletr.json", - "referenceNumber": 539, + "referenceNumber": 163, "name": "Newsletr License", "licenseId": "Newsletr", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Newsletr"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Newsletr" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/NGPL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NGPL.json", - "referenceNumber": 301, + "referenceNumber": 115, "name": "Nethack General Public License", "licenseId": "NGPL", - "seeAlso": ["https://opensource.org/licenses/NGPL"], + "seeAlso": [ + "https://opensource.org/licenses/NGPL" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/NICTA-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NICTA-1.0.json", - "referenceNumber": 545, + "referenceNumber": 536, "name": "NICTA Public Software License, Version 1.0", "licenseId": "NICTA-1.0", - "seeAlso": ["https://opensource.apple.com/source/mDNSResponder/mDNSResponder-320.10/mDNSPosix/nss_ReadMe.txt"], + "seeAlso": [ + "https://opensource.apple.com/source/mDNSResponder/mDNSResponder-320.10/mDNSPosix/nss_ReadMe.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/NIST-PD.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NIST-PD.json", - "referenceNumber": 346, + "referenceNumber": 1, "name": "NIST Public Domain Notice", "licenseId": "NIST-PD", "seeAlso": [ @@ -4267,7 +5885,7 @@ "reference": "https://spdx.org/licenses/NIST-PD-fallback.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NIST-PD-fallback.json", - "referenceNumber": 319, + "referenceNumber": 463, "name": "NIST Public Domain Notice with license fallback", "licenseId": "NIST-PD-fallback", "seeAlso": [ @@ -4280,152 +5898,180 @@ "reference": "https://spdx.org/licenses/NIST-Software.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NIST-Software.json", - "referenceNumber": 413, + "referenceNumber": 471, "name": "NIST Software License", "licenseId": "NIST-Software", - "seeAlso": ["https://github.com/open-quantum-safe/liboqs/blob/40b01fdbb270f8614fde30e65d30e9da18c02393/src/common/rand/rand_nist.c#L1-L15"], + "seeAlso": [ + "https://github.com/open-quantum-safe/liboqs/blob/40b01fdbb270f8614fde30e65d30e9da18c02393/src/common/rand/rand_nist.c#L1-L15" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/NLOD-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NLOD-1.0.json", - "referenceNumber": 525, + "referenceNumber": 3, "name": "Norwegian Licence for Open Government Data (NLOD) 1.0", "licenseId": "NLOD-1.0", - "seeAlso": ["http://data.norge.no/nlod/en/1.0"], + "seeAlso": [ + "http://data.norge.no/nlod/en/1.0" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/NLOD-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NLOD-2.0.json", - "referenceNumber": 52, + "referenceNumber": 60, "name": "Norwegian Licence for Open Government Data (NLOD) 2.0", "licenseId": "NLOD-2.0", - "seeAlso": ["http://data.norge.no/nlod/en/2.0"], + "seeAlso": [ + "http://data.norge.no/nlod/en/2.0" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/NLPL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NLPL.json", - "referenceNumber": 529, + "referenceNumber": 477, "name": "No Limit Public License", "licenseId": "NLPL", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/NLPL"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/NLPL" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Nokia.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Nokia.json", - "referenceNumber": 88, + "referenceNumber": 678, "name": "Nokia Open Source License", "licenseId": "Nokia", - "seeAlso": ["https://opensource.org/licenses/nokia"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/nokia" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/NOSL.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/NOSL.json", - "referenceNumber": 417, + "referenceNumber": 80, "name": "Netizen Open Source License", "licenseId": "NOSL", - "seeAlso": ["http://bits.netizen.com.au/licenses/NOSL/nosl.txt"], - "isOsiApproved": false + "seeAlso": [ + "http://bits.netizen.com.au/licenses/NOSL/nosl.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Noweb.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Noweb.json", - "referenceNumber": 398, + "referenceNumber": 64, "name": "Noweb License", "licenseId": "Noweb", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Noweb"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Noweb" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/NPL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/NPL-1.0.json", - "referenceNumber": 53, + "referenceNumber": 112, "name": "Netscape Public License v1.0", "licenseId": "NPL-1.0", - "seeAlso": ["http://www.mozilla.org/MPL/NPL/1.0/"], - "isOsiApproved": false + "seeAlso": [ + "http://www.mozilla.org/MPL/NPL/1.0/" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/NPL-1.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/NPL-1.1.json", - "referenceNumber": 51, + "referenceNumber": 491, "name": "Netscape Public License v1.1", "licenseId": "NPL-1.1", - "seeAlso": ["http://www.mozilla.org/MPL/NPL/1.1/"], - "isOsiApproved": false + "seeAlso": [ + "http://www.mozilla.org/MPL/NPL/1.1/" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/NPOSL-3.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NPOSL-3.0.json", - "referenceNumber": 555, + "referenceNumber": 507, "name": "Non-Profit Open Software License 3.0", "licenseId": "NPOSL-3.0", - "seeAlso": ["https://opensource.org/licenses/NOSL3.0"], + "seeAlso": [ + "https://opensource.org/licenses/NOSL3.0" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/NRL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NRL.json", - "referenceNumber": 458, + "referenceNumber": 442, "name": "NRL License", "licenseId": "NRL", - "seeAlso": ["http://web.mit.edu/network/isakmp/nrllicense.html"], + "seeAlso": [ + "http://web.mit.edu/network/isakmp/nrllicense.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/NTP.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NTP.json", - "referenceNumber": 2, + "referenceNumber": 228, "name": "NTP License", "licenseId": "NTP", - "seeAlso": ["https://opensource.org/licenses/NTP"], + "seeAlso": [ + "https://opensource.org/licenses/NTP" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/NTP-0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/NTP-0.json", - "referenceNumber": 476, + "referenceNumber": 586, "name": "NTP No Attribution", "licenseId": "NTP-0", - "seeAlso": ["https://github.com/tytso/e2fsprogs/blob/master/lib/et/et_name.c"], + "seeAlso": [ + "https://github.com/tytso/e2fsprogs/blob/master/lib/et/et_name.c" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Nunit.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Nunit.json", - "referenceNumber": 456, + "referenceNumber": 605, "name": "Nunit License", "licenseId": "Nunit", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Nunit"], - "isOsiApproved": false + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Nunit" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/O-UDA-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/O-UDA-1.0.json", - "referenceNumber": 542, + "referenceNumber": 84, "name": "Open Use of Data Agreement v1.0", "licenseId": "O-UDA-1.0", "seeAlso": [ @@ -4434,21 +6080,35 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/OAR.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/OAR.json", + "referenceNumber": 77, + "name": "OAR License", + "licenseId": "OAR", + "seeAlso": [ + "https://sourceware.org/git/?p\u003dnewlib-cygwin.git;a\u003dblob;f\u003dnewlib/libc/string/strsignal.c;hb\u003dHEAD#l35" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/OCCT-PL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OCCT-PL.json", - "referenceNumber": 309, + "referenceNumber": 547, "name": "Open CASCADE Technology Public License", "licenseId": "OCCT-PL", - "seeAlso": ["http://www.opencascade.com/content/occt-public-license"], + "seeAlso": [ + "http://www.opencascade.com/content/occt-public-license" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OCLC-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OCLC-2.0.json", - "referenceNumber": 370, + "referenceNumber": 179, "name": "OCLC Research Public License 2.0", "licenseId": "OCLC-2.0", "seeAlso": [ @@ -4460,91 +6120,101 @@ { "reference": "https://spdx.org/licenses/ODbL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/ODbL-1.0.json", - "referenceNumber": 356, + "referenceNumber": 615, "name": "Open Data Commons Open Database License v1.0", "licenseId": "ODbL-1.0", "seeAlso": [ "http://www.opendatacommons.org/licenses/odbl/1.0/", "https://opendatacommons.org/licenses/odbl/1-0/" ], - "isOsiApproved": false + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/ODC-By-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/ODC-By-1.0.json", - "referenceNumber": 64, + "referenceNumber": 192, "name": "Open Data Commons Attribution License v1.0", "licenseId": "ODC-By-1.0", - "seeAlso": ["https://opendatacommons.org/licenses/by/1.0/"], + "seeAlso": [ + "https://opendatacommons.org/licenses/by/1.0/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OFFIS.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OFFIS.json", - "referenceNumber": 104, + "referenceNumber": 423, "name": "OFFIS License", "licenseId": "OFFIS", - "seeAlso": ["https://sourceforge.net/p/xmedcon/code/ci/master/tree/libs/dicom/README"], + "seeAlso": [ + "https://sourceforge.net/p/xmedcon/code/ci/master/tree/libs/dicom/README" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OFL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/OFL-1.0.json", - "referenceNumber": 419, + "referenceNumber": 98, "name": "SIL Open Font License 1.0", "licenseId": "OFL-1.0", - "seeAlso": ["http://scripts.sil.org/cms/scripts/page.php?item_id=OFL10_web"], - "isOsiApproved": false + "seeAlso": [ + "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL10_web" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/OFL-1.0-no-RFN.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OFL-1.0-no-RFN.json", - "referenceNumber": 354, + "referenceNumber": 362, "name": "SIL Open Font License 1.0 with no Reserved Font Name", "licenseId": "OFL-1.0-no-RFN", - "seeAlso": ["http://scripts.sil.org/cms/scripts/page.php?item_id=OFL10_web"], + "seeAlso": [ + "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL10_web" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OFL-1.0-RFN.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OFL-1.0-RFN.json", - "referenceNumber": 250, + "referenceNumber": 622, "name": "SIL Open Font License 1.0 with Reserved Font Name", "licenseId": "OFL-1.0-RFN", - "seeAlso": ["http://scripts.sil.org/cms/scripts/page.php?item_id=OFL10_web"], + "seeAlso": [ + "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL10_web" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OFL-1.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/OFL-1.1.json", - "referenceNumber": 3, + "referenceNumber": 433, "name": "SIL Open Font License 1.1", "licenseId": "OFL-1.1", "seeAlso": [ - "http://scripts.sil.org/cms/scripts/page.php?item_id=OFL_web", + "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL_web", "https://opensource.org/licenses/OFL-1.1" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/OFL-1.1-no-RFN.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OFL-1.1-no-RFN.json", - "referenceNumber": 117, + "referenceNumber": 562, "name": "SIL Open Font License 1.1 with no Reserved Font Name", "licenseId": "OFL-1.1-no-RFN", "seeAlso": [ - "http://scripts.sil.org/cms/scripts/page.php?item_id=OFL_web", + "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL_web", "https://opensource.org/licenses/OFL-1.1" ], "isOsiApproved": true @@ -4553,11 +6223,11 @@ "reference": "https://spdx.org/licenses/OFL-1.1-RFN.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OFL-1.1-RFN.json", - "referenceNumber": 518, + "referenceNumber": 88, "name": "SIL Open Font License 1.1 with Reserved Font Name", "licenseId": "OFL-1.1-RFN", "seeAlso": [ - "http://scripts.sil.org/cms/scripts/page.php?item_id=OFL_web", + "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL_web", "https://opensource.org/licenses/OFL-1.1" ], "isOsiApproved": true @@ -4566,67 +6236,79 @@ "reference": "https://spdx.org/licenses/OGC-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OGC-1.0.json", - "referenceNumber": 15, + "referenceNumber": 533, "name": "OGC Software License, Version 1.0", "licenseId": "OGC-1.0", - "seeAlso": ["https://www.ogc.org/ogc/software/1.0"], + "seeAlso": [ + "https://www.ogc.org/ogc/software/1.0" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OGDL-Taiwan-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OGDL-Taiwan-1.0.json", - "referenceNumber": 284, + "referenceNumber": 247, "name": "Taiwan Open Government Data License, version 1.0", "licenseId": "OGDL-Taiwan-1.0", - "seeAlso": ["https://data.gov.tw/license"], + "seeAlso": [ + "https://data.gov.tw/license" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OGL-Canada-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OGL-Canada-2.0.json", - "referenceNumber": 214, + "referenceNumber": 673, "name": "Open Government Licence - Canada", "licenseId": "OGL-Canada-2.0", - "seeAlso": ["https://open.canada.ca/en/open-government-licence-canada"], + "seeAlso": [ + "https://open.canada.ca/en/open-government-licence-canada" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OGL-UK-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OGL-UK-1.0.json", - "referenceNumber": 165, + "referenceNumber": 171, "name": "Open Government Licence v1.0", "licenseId": "OGL-UK-1.0", - "seeAlso": ["http://www.nationalarchives.gov.uk/doc/open-government-licence/version/1/"], + "seeAlso": [ + "http://www.nationalarchives.gov.uk/doc/open-government-licence/version/1/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OGL-UK-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OGL-UK-2.0.json", - "referenceNumber": 304, + "referenceNumber": 400, "name": "Open Government Licence v2.0", "licenseId": "OGL-UK-2.0", - "seeAlso": ["http://www.nationalarchives.gov.uk/doc/open-government-licence/version/2/"], + "seeAlso": [ + "http://www.nationalarchives.gov.uk/doc/open-government-licence/version/2/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OGL-UK-3.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OGL-UK-3.0.json", - "referenceNumber": 415, + "referenceNumber": 385, "name": "Open Government Licence v3.0", "licenseId": "OGL-UK-3.0", - "seeAlso": ["http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/"], + "seeAlso": [ + "http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OGTSL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OGTSL.json", - "referenceNumber": 133, + "referenceNumber": 614, "name": "Open Group Test Suite License", "licenseId": "OGTSL", "seeAlso": [ @@ -4639,169 +6321,201 @@ "reference": "https://spdx.org/licenses/OLDAP-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-1.1.json", - "referenceNumber": 208, + "referenceNumber": 209, "name": "Open LDAP Public License v1.1", "licenseId": "OLDAP-1.1", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=806557a5ad59804ef3a44d5abfbe91d706b0791f"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d806557a5ad59804ef3a44d5abfbe91d706b0791f" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OLDAP-1.2.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-1.2.json", - "referenceNumber": 100, + "referenceNumber": 33, "name": "Open LDAP Public License v1.2", "licenseId": "OLDAP-1.2", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=42b0383c50c299977b5893ee695cf4e486fb0dc7"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d42b0383c50c299977b5893ee695cf4e486fb0dc7" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OLDAP-1.3.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-1.3.json", - "referenceNumber": 328, + "referenceNumber": 58, "name": "Open LDAP Public License v1.3", "licenseId": "OLDAP-1.3", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=e5f8117f0ce088d0bd7a8e18ddf37eaa40eb09b1"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003de5f8117f0ce088d0bd7a8e18ddf37eaa40eb09b1" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OLDAP-1.4.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-1.4.json", - "referenceNumber": 333, + "referenceNumber": 508, "name": "Open LDAP Public License v1.4", "licenseId": "OLDAP-1.4", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=c9f95c2f3f2ffb5e0ae55fe7388af75547660941"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dc9f95c2f3f2ffb5e0ae55fe7388af75547660941" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OLDAP-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-2.0.json", - "referenceNumber": 519, + "referenceNumber": 261, "name": "Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B)", "licenseId": "OLDAP-2.0", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=cbf50f4e1185a21abd4c0a54d3f4341fe28f36ea"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dcbf50f4e1185a21abd4c0a54d3f4341fe28f36ea" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OLDAP-2.0.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-2.0.1.json", - "referenceNumber": 324, + "referenceNumber": 634, "name": "Open LDAP Public License v2.0.1", "licenseId": "OLDAP-2.0.1", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=b6d68acd14e51ca3aab4428bf26522aa74873f0e"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003db6d68acd14e51ca3aab4428bf26522aa74873f0e" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OLDAP-2.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-2.1.json", - "referenceNumber": 402, + "referenceNumber": 94, "name": "Open LDAP Public License v2.1", "licenseId": "OLDAP-2.1", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=b0d176738e96a0d3b9f85cb51e140a86f21be715"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003db0d176738e96a0d3b9f85cb51e140a86f21be715" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OLDAP-2.2.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-2.2.json", - "referenceNumber": 163, + "referenceNumber": 369, "name": "Open LDAP Public License v2.2", "licenseId": "OLDAP-2.2", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=470b0c18ec67621c85881b2733057fecf4a1acc3"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d470b0c18ec67621c85881b2733057fecf4a1acc3" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OLDAP-2.2.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-2.2.1.json", - "referenceNumber": 451, + "referenceNumber": 542, "name": "Open LDAP Public License v2.2.1", "licenseId": "OLDAP-2.2.1", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=4bc786f34b50aa301be6f5600f58a980070f481e"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d4bc786f34b50aa301be6f5600f58a980070f481e" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OLDAP-2.2.2.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-2.2.2.json", - "referenceNumber": 140, + "referenceNumber": 105, "name": "Open LDAP Public License 2.2.2", "licenseId": "OLDAP-2.2.2", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=df2cc1e21eb7c160695f5b7cffd6296c151ba188"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003ddf2cc1e21eb7c160695f5b7cffd6296c151ba188" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OLDAP-2.3.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/OLDAP-2.3.json", - "referenceNumber": 33, + "referenceNumber": 288, "name": "Open LDAP Public License v2.3", "licenseId": "OLDAP-2.3", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=d32cf54a32d581ab475d23c810b0a7fbaf8d63c3"], - "isOsiApproved": false + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dd32cf54a32d581ab475d23c810b0a7fbaf8d63c3" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/OLDAP-2.4.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-2.4.json", - "referenceNumber": 447, + "referenceNumber": 359, "name": "Open LDAP Public License v2.4", "licenseId": "OLDAP-2.4", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=cd1284c4a91a8a380d904eee68d1583f989ed386"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dcd1284c4a91a8a380d904eee68d1583f989ed386" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OLDAP-2.5.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-2.5.json", - "referenceNumber": 549, + "referenceNumber": 181, "name": "Open LDAP Public License v2.5", "licenseId": "OLDAP-2.5", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=6852b9d90022e8593c98205413380536b1b5a7cf"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d6852b9d90022e8593c98205413380536b1b5a7cf" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OLDAP-2.6.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-2.6.json", - "referenceNumber": 297, + "referenceNumber": 544, "name": "Open LDAP Public License v2.6", "licenseId": "OLDAP-2.6", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=1cae062821881f41b73012ba816434897abf4205"], + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d1cae062821881f41b73012ba816434897abf4205" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OLDAP-2.7.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/OLDAP-2.7.json", - "referenceNumber": 134, + "referenceNumber": 618, "name": "Open LDAP Public License v2.7", "licenseId": "OLDAP-2.7", - "seeAlso": ["http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=47c2415c1df81556eeb39be6cad458ef87c534a2"], - "isOsiApproved": false + "seeAlso": [ + "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d47c2415c1df81556eeb39be6cad458ef87c534a2" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/OLDAP-2.8.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLDAP-2.8.json", - "referenceNumber": 540, + "referenceNumber": 14, "name": "Open LDAP Public License v2.8", "licenseId": "OLDAP-2.8", - "seeAlso": ["http://www.openldap.org/software/release/license.html"], + "seeAlso": [ + "http://www.openldap.org/software/release/license.html" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/OLFL-1.3.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OLFL-1.3.json", - "referenceNumber": 482, + "referenceNumber": 351, "name": "Open Logistics Foundation License Version 1.3", "licenseId": "OLFL-1.3", "seeAlso": [ @@ -4814,17 +6528,19 @@ "reference": "https://spdx.org/licenses/OML.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OML.json", - "referenceNumber": 155, + "referenceNumber": 453, "name": "Open Market License", "licenseId": "OML", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Open_Market_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Open_Market_License" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OpenPBS-2.3.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OpenPBS-2.3.json", - "referenceNumber": 377, + "referenceNumber": 140, "name": "OpenPBS v2.3 Software License", "licenseId": "OpenPBS-2.3", "seeAlso": [ @@ -4836,43 +6552,74 @@ { "reference": "https://spdx.org/licenses/OpenSSL.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/OpenSSL.json", - "referenceNumber": 276, + "referenceNumber": 393, "name": "OpenSSL License", "licenseId": "OpenSSL", - "seeAlso": ["http://www.openssl.org/source/license.html"], + "seeAlso": [ + "http://www.openssl.org/source/license.html" + ], + "isOsiApproved": false, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/OpenSSL-standalone.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/OpenSSL-standalone.json", + "referenceNumber": 449, + "name": "OpenSSL License - standalone", + "licenseId": "OpenSSL-standalone", + "seeAlso": [ + "https://library.netapp.com/ecm/ecm_download_file/ECMP1196395", + "https://hstechdocs.helpsystems.com/manuals/globalscape/archive/cuteftp6/open_ssl_license_agreement.htm" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/OpenVision.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/OpenVision.json", + "referenceNumber": 23, + "name": "OpenVision License", + "licenseId": "OpenVision", + "seeAlso": [ + "https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L66-L98", + "https://web.mit.edu/kerberos/krb5-1.21/doc/mitK5license.html", + "https://fedoraproject.org/wiki/Licensing:MIT#OpenVision_Variant" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OPL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/OPL-1.0.json", - "referenceNumber": 510, + "referenceNumber": 43, "name": "Open Public License v1.0", "licenseId": "OPL-1.0", "seeAlso": [ "http://old.koalateam.com/jackaroo/OPL_1_0.TXT", "https://fedoraproject.org/wiki/Licensing/Open_Public_License" ], - "isOsiApproved": false + "isOsiApproved": false, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/OPL-UK-3.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OPL-UK-3.0.json", - "referenceNumber": 257, + "referenceNumber": 248, "name": "United Kingdom Open Parliament Licence v3.0", "licenseId": "OPL-UK-3.0", - "seeAlso": ["https://www.parliament.uk/site-information/copyright-parliament/open-parliament-licence/"], + "seeAlso": [ + "https://www.parliament.uk/site-information/copyright-parliament/open-parliament-licence/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/OPUBL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OPUBL-1.0.json", - "referenceNumber": 514, + "referenceNumber": 241, "name": "Open Publication License v1.0", "licenseId": "OPUBL-1.0", "seeAlso": [ @@ -4886,7 +6633,7 @@ "reference": "https://spdx.org/licenses/OSET-PL-2.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/OSET-PL-2.1.json", - "referenceNumber": 274, + "referenceNumber": 658, "name": "OSET Public License version 2.1", "licenseId": "OSET-PL-2.1", "seeAlso": [ @@ -4898,90 +6645,112 @@ { "reference": "https://spdx.org/licenses/OSL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/OSL-1.0.json", - "referenceNumber": 371, + "referenceNumber": 554, "name": "Open Software License 1.0", "licenseId": "OSL-1.0", - "seeAlso": ["https://opensource.org/licenses/OSL-1.0"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/OSL-1.0" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/OSL-1.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/OSL-1.1.json", - "referenceNumber": 310, + "referenceNumber": 481, "name": "Open Software License 1.1", "licenseId": "OSL-1.1", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/OSL1.1"], - "isOsiApproved": false + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/OSL1.1" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/OSL-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/OSL-2.0.json", - "referenceNumber": 405, + "referenceNumber": 377, "name": "Open Software License 2.0", "licenseId": "OSL-2.0", - "seeAlso": ["http://web.archive.org/web/20041020171434/http://www.rosenlaw.com/osl2.0.html"], - "isOsiApproved": true + "seeAlso": [ + "http://web.archive.org/web/20041020171434/http://www.rosenlaw.com/osl2.0.html" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/OSL-2.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/OSL-2.1.json", - "referenceNumber": 251, + "referenceNumber": 368, "name": "Open Software License 2.1", "licenseId": "OSL-2.1", "seeAlso": [ "http://web.archive.org/web/20050212003940/http://www.rosenlaw.com/osl21.htm", "https://opensource.org/licenses/OSL-2.1" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/OSL-3.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/OSL-3.0.json", - "referenceNumber": 20, + "referenceNumber": 30, "name": "Open Software License 3.0", "licenseId": "OSL-3.0", "seeAlso": [ "https://web.archive.org/web/20120101081418/http://rosenlaw.com:80/OSL3.0.htm", "https://opensource.org/licenses/OSL-3.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/PADL.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/PADL.json", + "referenceNumber": 535, + "name": "PADL License", + "licenseId": "PADL", + "seeAlso": [ + "https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/os-local.c?ref_type\u003dheads#L19-23" + ], + "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Parity-6.0.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Parity-6.0.0.json", - "referenceNumber": 69, + "referenceNumber": 17, "name": "The Parity Public License 6.0.0", "licenseId": "Parity-6.0.0", - "seeAlso": ["https://paritylicense.com/versions/6.0.0.html"], + "seeAlso": [ + "https://paritylicense.com/versions/6.0.0.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Parity-7.0.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Parity-7.0.0.json", - "referenceNumber": 323, + "referenceNumber": 324, "name": "The Parity Public License 7.0.0", "licenseId": "Parity-7.0.0", - "seeAlso": ["https://paritylicense.com/versions/7.0.0.html"], + "seeAlso": [ + "https://paritylicense.com/versions/7.0.0.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/PDDL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/PDDL-1.0.json", - "referenceNumber": 42, - "name": "Open Data Commons Public Domain Dedication & License 1.0", + "referenceNumber": 149, + "name": "Open Data Commons Public Domain Dedication \u0026 License 1.0", "licenseId": "PDDL-1.0", "seeAlso": [ "http://opendatacommons.org/licenses/pddl/1.0/", @@ -4993,7 +6762,7 @@ "reference": "https://spdx.org/licenses/PHP-3.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/PHP-3.0.json", - "referenceNumber": 450, + "referenceNumber": 138, "name": "PHP License v3.0", "licenseId": "PHP-3.0", "seeAlso": [ @@ -5005,49 +6774,95 @@ { "reference": "https://spdx.org/licenses/PHP-3.01.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/PHP-3.01.json", - "referenceNumber": 58, + "referenceNumber": 666, "name": "PHP License v3.01", "licenseId": "PHP-3.01", - "seeAlso": ["http://www.php.net/license/3_01.txt"], - "isOsiApproved": true + "seeAlso": [ + "http://www.php.net/license/3_01.txt" + ], + "isOsiApproved": true, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/Pixar.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Pixar.json", + "referenceNumber": 607, + "name": "Pixar License", + "licenseId": "Pixar", + "seeAlso": [ + "https://github.com/PixarAnimationStudios/OpenSubdiv/raw/v3_5_0/LICENSE.txt", + "https://graphics.pixar.com/opensubdiv/docs/license.html", + "https://github.com/PixarAnimationStudios/OpenSubdiv/blob/v3_5_0/opensubdiv/version.cpp#L2-L22" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/pkgconf.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/pkgconf.json", + "referenceNumber": 664, + "name": "pkgconf License", + "licenseId": "pkgconf", + "seeAlso": [ + "https://github.com/pkgconf/pkgconf/blob/master/cli/main.c#L8" + ], + "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Plexus.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Plexus.json", - "referenceNumber": 97, + "referenceNumber": 39, "name": "Plexus Classworlds License", "licenseId": "Plexus", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Plexus_Classworlds_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Plexus_Classworlds_License" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/pnmstitch.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/pnmstitch.json", + "referenceNumber": 266, + "name": "pnmstitch License", + "licenseId": "pnmstitch", + "seeAlso": [ + "https://sourceforge.net/p/netpbm/code/HEAD/tree/super_stable/editor/pnmstitch.c#l2" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/PolyForm-Noncommercial-1.0.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/PolyForm-Noncommercial-1.0.0.json", - "referenceNumber": 112, + "referenceNumber": 561, "name": "PolyForm Noncommercial License 1.0.0", "licenseId": "PolyForm-Noncommercial-1.0.0", - "seeAlso": ["https://polyformproject.org/licenses/noncommercial/1.0.0"], + "seeAlso": [ + "https://polyformproject.org/licenses/noncommercial/1.0.0" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/PolyForm-Small-Business-1.0.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/PolyForm-Small-Business-1.0.0.json", - "referenceNumber": 161, + "referenceNumber": 155, "name": "PolyForm Small Business License 1.0.0", "licenseId": "PolyForm-Small-Business-1.0.0", - "seeAlso": ["https://polyformproject.org/licenses/small-business/1.0.0"], + "seeAlso": [ + "https://polyformproject.org/licenses/small-business/1.0.0" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/PostgreSQL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/PostgreSQL.json", - "referenceNumber": 527, + "referenceNumber": 645, "name": "PostgreSQL License", "licenseId": "PostgreSQL", "seeAlso": [ @@ -5056,52 +6871,75 @@ ], "isOsiApproved": true }, + { + "reference": "https://spdx.org/licenses/PPL.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/PPL.json", + "referenceNumber": 87, + "name": "Peer Production License", + "licenseId": "PPL", + "seeAlso": [ + "https://wiki.p2pfoundation.net/Peer_Production_License", + "http://www.networkcultures.org/_uploads/%233notebook_telekommunist.pdf" + ], + "isOsiApproved": false, + "isFsfLibre": false + }, { "reference": "https://spdx.org/licenses/PSF-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/PSF-2.0.json", - "referenceNumber": 86, + "referenceNumber": 479, "name": "Python Software Foundation License 2.0", "licenseId": "PSF-2.0", - "seeAlso": ["https://opensource.org/licenses/Python-2.0"], + "seeAlso": [ + "https://opensource.org/licenses/Python-2.0", + "https://matplotlib.org/stable/project/license.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/psfrag.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/psfrag.json", - "referenceNumber": 190, + "referenceNumber": 100, "name": "psfrag License", "licenseId": "psfrag", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/psfrag"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/psfrag" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/psutils.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/psutils.json", - "referenceNumber": 27, + "referenceNumber": 50, "name": "psutils License", "licenseId": "psutils", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/psutils"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/psutils" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Python-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Python-2.0.json", - "referenceNumber": 459, + "referenceNumber": 651, "name": "Python License 2.0", "licenseId": "Python-2.0", - "seeAlso": ["https://opensource.org/licenses/Python-2.0"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/Python-2.0" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Python-2.0.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Python-2.0.1.json", - "referenceNumber": 307, + "referenceNumber": 290, "name": "Python License 2.0.1", "licenseId": "Python-2.0.1", "seeAlso": [ @@ -5111,22 +6949,35 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/python-ldap.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/python-ldap.json", + "referenceNumber": 531, + "name": "Python ldap License", + "licenseId": "python-ldap", + "seeAlso": [ + "https://github.com/python-ldap/python-ldap/blob/main/LICENCE" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/Qhull.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Qhull.json", - "referenceNumber": 158, + "referenceNumber": 435, "name": "Qhull License", "licenseId": "Qhull", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Qhull"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Qhull" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/QPL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/QPL-1.0.json", - "referenceNumber": 472, + "referenceNumber": 169, "name": "Q Public License 1.0", "licenseId": "QPL-1.0", "seeAlso": [ @@ -5134,88 +6985,113 @@ "https://opensource.org/licenses/QPL-1.0", "https://doc.qt.io/archives/3.3/license.html" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/QPL-1.0-INRIA-2004.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/QPL-1.0-INRIA-2004.json", - "referenceNumber": 62, + "referenceNumber": 461, "name": "Q Public License 1.0 - INRIA 2004 variant", "licenseId": "QPL-1.0-INRIA-2004", - "seeAlso": ["https://github.com/maranget/hevea/blob/master/LICENSE"], + "seeAlso": [ + "https://github.com/maranget/hevea/blob/master/LICENSE" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/radvd.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/radvd.json", + "referenceNumber": 425, + "name": "radvd License", + "licenseId": "radvd", + "seeAlso": [ + "https://github.com/radvd-project/radvd/blob/master/COPYRIGHT" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Rdisc.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Rdisc.json", - "referenceNumber": 224, + "referenceNumber": 74, "name": "Rdisc License", "licenseId": "Rdisc", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Rdisc_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Rdisc_License" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/RHeCos-1.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/RHeCos-1.1.json", - "referenceNumber": 422, + "referenceNumber": 4, "name": "Red Hat eCos Public License v1.1", "licenseId": "RHeCos-1.1", - "seeAlso": ["http://ecos.sourceware.org/old-license.html"], - "isOsiApproved": false + "seeAlso": [ + "http://ecos.sourceware.org/old-license.html" + ], + "isOsiApproved": false, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/RPL-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/RPL-1.1.json", - "referenceNumber": 16, + "referenceNumber": 281, "name": "Reciprocal Public License 1.1", "licenseId": "RPL-1.1", - "seeAlso": ["https://opensource.org/licenses/RPL-1.1"], + "seeAlso": [ + "https://opensource.org/licenses/RPL-1.1" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/RPL-1.5.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/RPL-1.5.json", - "referenceNumber": 136, + "referenceNumber": 677, "name": "Reciprocal Public License 1.5", "licenseId": "RPL-1.5", - "seeAlso": ["https://opensource.org/licenses/RPL-1.5"], + "seeAlso": [ + "https://opensource.org/licenses/RPL-1.5" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/RPSL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/RPSL-1.0.json", - "referenceNumber": 230, + "referenceNumber": 668, "name": "RealNetworks Public Source License v1.0", "licenseId": "RPSL-1.0", "seeAlso": [ "https://helixcommunity.org/content/rpsl", "https://opensource.org/licenses/RPSL-1.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/RSA-MD.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/RSA-MD.json", - "referenceNumber": 506, + "referenceNumber": 178, "name": "RSA Message-Digest License", "licenseId": "RSA-MD", - "seeAlso": ["http://www.faqs.org/rfcs/rfc1321.html"], + "seeAlso": [ + "http://www.faqs.org/rfcs/rfc1321.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/RSCPL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/RSCPL.json", - "referenceNumber": 169, + "referenceNumber": 6, "name": "Ricoh Source Code Public License", "licenseId": "RSCPL", "seeAlso": [ @@ -5227,49 +7103,83 @@ { "reference": "https://spdx.org/licenses/Ruby.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Ruby.json", - "referenceNumber": 60, + "referenceNumber": 244, "name": "Ruby License", "licenseId": "Ruby", - "seeAlso": ["http://www.ruby-lang.org/en/LICENSE.txt"], + "seeAlso": [ + "https://www.ruby-lang.org/en/about/license.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/Ruby-pty.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Ruby-pty.json", + "referenceNumber": 558, + "name": "Ruby pty extension license", + "licenseId": "Ruby-pty", + "seeAlso": [ + "https://github.com/ruby/ruby/blob/9f6deaa6888a423720b4b127b5314f0ad26cc2e6/ext/pty/pty.c#L775-L786", + "https://github.com/ruby/ruby/commit/0a64817fb80016030c03518fb9459f63c11605ea#diff-ef5fa30838d6d0cecad9e675cc50b24628cfe2cb277c346053fafcc36c91c204", + "https://github.com/ruby/ruby/commit/0a64817fb80016030c03518fb9459f63c11605ea#diff-fedf217c1ce44bda01f0a678d3ff8b198bed478754d699c527a698ad933979a0" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SAX-PD.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SAX-PD.json", - "referenceNumber": 390, + "referenceNumber": 166, "name": "Sax Public Domain Notice", "licenseId": "SAX-PD", - "seeAlso": ["http://www.saxproject.org/copying.html"], + "seeAlso": [ + "http://www.saxproject.org/copying.html" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/SAX-PD-2.0.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/SAX-PD-2.0.json", + "referenceNumber": 497, + "name": "Sax Public Domain Notice 2.0", + "licenseId": "SAX-PD-2.0", + "seeAlso": [ + "http://www.saxproject.org/copying.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Saxpath.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Saxpath.json", - "referenceNumber": 372, + "referenceNumber": 298, "name": "Saxpath License", "licenseId": "Saxpath", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Saxpath_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Saxpath_License" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SCEA.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SCEA.json", - "referenceNumber": 173, + "referenceNumber": 518, "name": "SCEA Shared Source License", "licenseId": "SCEA", - "seeAlso": ["http://research.scea.com/scea_shared_source_license.html"], + "seeAlso": [ + "http://research.scea.com/scea_shared_source_license.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SchemeReport.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SchemeReport.json", - "referenceNumber": 38, + "referenceNumber": 339, "name": "Scheme Language Report License", "licenseId": "SchemeReport", "seeAlso": [], @@ -5279,7 +7189,7 @@ "reference": "https://spdx.org/licenses/Sendmail.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Sendmail.json", - "referenceNumber": 18, + "referenceNumber": 394, "name": "Sendmail License", "licenseId": "Sendmail", "seeAlso": [ @@ -5292,7 +7202,7 @@ "reference": "https://spdx.org/licenses/Sendmail-8.23.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Sendmail-8.23.json", - "referenceNumber": 344, + "referenceNumber": 34, "name": "Sendmail License 8.23", "licenseId": "Sendmail-8.23", "seeAlso": [ @@ -5301,168 +7211,269 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/Sendmail-Open-Source-1.1.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Sendmail-Open-Source-1.1.json", + "referenceNumber": 317, + "name": "Sendmail Open Source License v1.1", + "licenseId": "Sendmail-Open-Source-1.1", + "seeAlso": [ + "https://github.com/trusteddomainproject/OpenDMARC/blob/master/LICENSE.Sendmail" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/SGI-B-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SGI-B-1.0.json", - "referenceNumber": 122, + "referenceNumber": 515, "name": "SGI Free Software License B v1.0", "licenseId": "SGI-B-1.0", - "seeAlso": ["http://oss.sgi.com/projects/FreeB/SGIFreeSWLicB.1.0.html"], + "seeAlso": [ + "http://oss.sgi.com/projects/FreeB/SGIFreeSWLicB.1.0.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SGI-B-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SGI-B-1.1.json", - "referenceNumber": 330, + "referenceNumber": 46, "name": "SGI Free Software License B v1.1", "licenseId": "SGI-B-1.1", - "seeAlso": ["http://oss.sgi.com/projects/FreeB/"], + "seeAlso": [ + "http://oss.sgi.com/projects/FreeB/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SGI-B-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/SGI-B-2.0.json", - "referenceNumber": 278, + "referenceNumber": 551, "name": "SGI Free Software License B v2.0", "licenseId": "SGI-B-2.0", - "seeAlso": ["http://oss.sgi.com/projects/FreeB/SGIFreeSWLicB.2.0.pdf"], + "seeAlso": [ + "http://oss.sgi.com/projects/FreeB/SGIFreeSWLicB.2.0.pdf" + ], + "isOsiApproved": false, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/SGI-OpenGL.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/SGI-OpenGL.json", + "referenceNumber": 73, + "name": "SGI OpenGL License", + "licenseId": "SGI-OpenGL", + "seeAlso": [ + "https://gitlab.freedesktop.org/mesa/glw/-/blob/master/README?ref_type\u003dheads" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SGP4.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SGP4.json", - "referenceNumber": 520, + "referenceNumber": 24, "name": "SGP4 Permission Notice", "licenseId": "SGP4", - "seeAlso": ["https://celestrak.org/publications/AIAA/2006-6753/faq.php"], + "seeAlso": [ + "https://celestrak.org/publications/AIAA/2006-6753/faq.php" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SHL-0.5.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SHL-0.5.json", - "referenceNumber": 511, + "referenceNumber": 159, "name": "Solderpad Hardware License v0.5", "licenseId": "SHL-0.5", - "seeAlso": ["https://solderpad.org/licenses/SHL-0.5/"], + "seeAlso": [ + "https://solderpad.org/licenses/SHL-0.5/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SHL-0.51.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SHL-0.51.json", - "referenceNumber": 492, + "referenceNumber": 522, "name": "Solderpad Hardware License, Version 0.51", "licenseId": "SHL-0.51", - "seeAlso": ["https://solderpad.org/licenses/SHL-0.51/"], + "seeAlso": [ + "https://solderpad.org/licenses/SHL-0.51/" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SimPL-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SimPL-2.0.json", - "referenceNumber": 387, + "referenceNumber": 560, "name": "Simple Public License 2.0", "licenseId": "SimPL-2.0", - "seeAlso": ["https://opensource.org/licenses/SimPL-2.0"], + "seeAlso": [ + "https://opensource.org/licenses/SimPL-2.0" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/SISSL.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/SISSL.json", - "referenceNumber": 186, + "referenceNumber": 349, "name": "Sun Industry Standards Source License v1.1", "licenseId": "SISSL", "seeAlso": [ "http://www.openoffice.org/licenses/sissl_license.html", "https://opensource.org/licenses/SISSL" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/SISSL-1.2.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SISSL-1.2.json", - "referenceNumber": 267, + "referenceNumber": 670, "name": "Sun Industry Standards Source License v1.2", "licenseId": "SISSL-1.2", - "seeAlso": ["http://gridscheduler.sourceforge.net/Gridengine_SISSL_license.html"], + "seeAlso": [ + "http://gridscheduler.sourceforge.net/Gridengine_SISSL_license.html" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/SL.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/SL.json", + "referenceNumber": 295, + "name": "SL License", + "licenseId": "SL", + "seeAlso": [ + "https://github.com/mtoyoda/sl/blob/master/LICENSE" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Sleepycat.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Sleepycat.json", - "referenceNumber": 162, + "referenceNumber": 120, "name": "Sleepycat License", "licenseId": "Sleepycat", - "seeAlso": ["https://opensource.org/licenses/Sleepycat"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/Sleepycat" + ], + "isOsiApproved": true, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/SMAIL-GPL.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/SMAIL-GPL.json", + "referenceNumber": 485, + "name": "SMAIL General Public License", + "licenseId": "SMAIL-GPL", + "seeAlso": [ + "https://sources.debian.org/copyright/license/debianutils/4.11.2/" + ], + "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SMLNJ.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/SMLNJ.json", - "referenceNumber": 243, + "referenceNumber": 506, "name": "Standard ML of New Jersey License", "licenseId": "SMLNJ", - "seeAlso": ["https://www.smlnj.org/license.html"], - "isOsiApproved": false + "seeAlso": [ + "https://www.smlnj.org/license.html" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/SMPPL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SMPPL.json", - "referenceNumber": 399, + "referenceNumber": 325, "name": "Secure Messaging Protocol Public License", "licenseId": "SMPPL", - "seeAlso": ["https://github.com/dcblake/SMP/blob/master/Documentation/License.txt"], + "seeAlso": [ + "https://github.com/dcblake/SMP/blob/master/Documentation/License.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SNIA.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SNIA.json", - "referenceNumber": 334, + "referenceNumber": 92, "name": "SNIA Public License 1.1", "licenseId": "SNIA", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/SNIA_Public_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/SNIA_Public_License" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/snprintf.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/snprintf.json", - "referenceNumber": 142, + "referenceNumber": 604, "name": "snprintf License", "licenseId": "snprintf", - "seeAlso": ["https://github.com/openssh/openssh-portable/blob/master/openbsd-compat/bsd-snprintf.c#L2"], + "seeAlso": [ + "https://github.com/openssh/openssh-portable/blob/master/openbsd-compat/bsd-snprintf.c#L2" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/softSurfer.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/softSurfer.json", + "referenceNumber": 96, + "name": "softSurfer License", + "licenseId": "softSurfer", + "seeAlso": [ + "https://github.com/mm2/Little-CMS/blob/master/src/cmssm.c#L207", + "https://fedoraproject.org/wiki/Licensing/softSurfer" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Soundex.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Soundex.json", + "referenceNumber": 65, + "name": "Soundex License", + "licenseId": "Soundex", + "seeAlso": [ + "https://metacpan.org/release/RJBS/Text-Soundex-3.05/source/Soundex.pm#L3-11" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Spencer-86.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Spencer-86.json", - "referenceNumber": 311, + "referenceNumber": 21, "name": "Spencer License 86", "licenseId": "Spencer-86", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Henry_Spencer_Reg-Ex_Library_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Henry_Spencer_Reg-Ex_Library_License" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Spencer-94.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Spencer-94.json", - "referenceNumber": 394, + "referenceNumber": 472, "name": "Spencer License 94", "licenseId": "Spencer-94", "seeAlso": [ @@ -5475,38 +7486,56 @@ "reference": "https://spdx.org/licenses/Spencer-99.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Spencer-99.json", - "referenceNumber": 164, + "referenceNumber": 432, "name": "Spencer License 99", "licenseId": "Spencer-99", - "seeAlso": ["http://www.opensource.apple.com/source/tcl/tcl-5/tcl/generic/regfronts.c"], + "seeAlso": [ + "http://www.opensource.apple.com/source/tcl/tcl-5/tcl/generic/regfronts.c" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SPL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/SPL-1.0.json", - "referenceNumber": 441, + "referenceNumber": 487, "name": "Sun Public License v1.0", "licenseId": "SPL-1.0", - "seeAlso": ["https://opensource.org/licenses/SPL-1.0"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/SPL-1.0" + ], + "isOsiApproved": true, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/ssh-keyscan.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/ssh-keyscan.json", + "referenceNumber": 431, + "name": "ssh-keyscan License", + "licenseId": "ssh-keyscan", + "seeAlso": [ + "https://github.com/openssh/openssh-portable/blob/master/LICENCE#L82" + ], + "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SSH-OpenSSH.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SSH-OpenSSH.json", - "referenceNumber": 481, + "referenceNumber": 68, "name": "SSH OpenSSH license", "licenseId": "SSH-OpenSSH", - "seeAlso": ["https://github.com/openssh/openssh-portable/blob/1b11ea7c58cd5c59838b5fa574cd456d6047b2d4/LICENCE#L10"], + "seeAlso": [ + "https://github.com/openssh/openssh-portable/blob/1b11ea7c58cd5c59838b5fa574cd456d6047b2d4/LICENCE#L10" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SSH-short.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SSH-short.json", - "referenceNumber": 151, + "referenceNumber": 170, "name": "SSH short notice", "licenseId": "SSH-short", "seeAlso": [ @@ -5516,42 +7545,84 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/SSLeay-standalone.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/SSLeay-standalone.json", + "referenceNumber": 53, + "name": "SSLeay License - standalone", + "licenseId": "SSLeay-standalone", + "seeAlso": [ + "https://www.tq-group.com/filedownloads/files/software-license-conditions/OriginalSSLeay/OriginalSSLeay.pdf" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/SSPL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SSPL-1.0.json", - "referenceNumber": 218, + "referenceNumber": 631, "name": "Server Side Public License, v 1", "licenseId": "SSPL-1.0", - "seeAlso": ["https://www.mongodb.com/licensing/server-side-public-license"], + "seeAlso": [ + "https://www.mongodb.com/licensing/server-side-public-license" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/StandardML-NJ.html", "isDeprecatedLicenseId": true, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/StandardML-NJ.json", - "referenceNumber": 299, + "referenceNumber": 280, "name": "Standard ML of New Jersey License", "licenseId": "StandardML-NJ", - "seeAlso": ["https://www.smlnj.org/license.html"], - "isOsiApproved": false + "seeAlso": [ + "https://www.smlnj.org/license.html" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/SugarCRM-1.1.3.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SugarCRM-1.1.3.json", - "referenceNumber": 363, + "referenceNumber": 128, "name": "SugarCRM Public License v1.1.3", "licenseId": "SugarCRM-1.1.3", - "seeAlso": ["http://www.sugarcrm.com/crm/SPL"], + "seeAlso": [ + "http://www.sugarcrm.com/crm/SPL" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Sun-PPP.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Sun-PPP.json", + "referenceNumber": 541, + "name": "Sun PPP License", + "licenseId": "Sun-PPP", + "seeAlso": [ + "https://github.com/ppp-project/ppp/blob/master/pppd/eap.c#L7-L16" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Sun-PPP-2000.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Sun-PPP-2000.json", + "referenceNumber": 514, + "name": "Sun PPP License (2000)", + "licenseId": "Sun-PPP-2000", + "seeAlso": [ + "https://github.com/ppp-project/ppp/blob/master/modules/ppp_ahdlc.c#L7-L19" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/SunPro.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SunPro.json", - "referenceNumber": 495, + "referenceNumber": 237, "name": "SunPro License", "licenseId": "SunPro", "seeAlso": [ @@ -5564,37 +7635,55 @@ "reference": "https://spdx.org/licenses/SWL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/SWL.json", - "referenceNumber": 180, + "referenceNumber": 655, "name": "Scheme Widget Library (SWL) Software License Agreement", "licenseId": "SWL", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/SWL"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/SWL" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/swrule.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/swrule.json", + "referenceNumber": 283, + "name": "swrule License", + "licenseId": "swrule", + "seeAlso": [ + "https://ctan.math.utah.edu/ctan/tex-archive/macros/generic/misc/swrule.sty" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Symlinks.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Symlinks.json", - "referenceNumber": 259, + "referenceNumber": 557, "name": "Symlinks License", "licenseId": "Symlinks", - "seeAlso": ["https://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg11494.html"], + "seeAlso": [ + "https://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg11494.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/TAPR-OHL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/TAPR-OHL-1.0.json", - "referenceNumber": 496, + "referenceNumber": 252, "name": "TAPR Open Hardware License v1.0", "licenseId": "TAPR-OHL-1.0", - "seeAlso": ["https://www.tapr.org/OHL"], + "seeAlso": [ + "https://www.tapr.org/OHL" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/TCL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/TCL.json", - "referenceNumber": 125, + "referenceNumber": 576, "name": "TCL/TK License", "licenseId": "TCL", "seeAlso": [ @@ -5607,77 +7696,140 @@ "reference": "https://spdx.org/licenses/TCP-wrappers.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/TCP-wrappers.json", - "referenceNumber": 84, + "referenceNumber": 126, "name": "TCP Wrappers License", "licenseId": "TCP-wrappers", - "seeAlso": ["http://rc.quest.com/topics/openssh/license.php#tcpwrappers"], + "seeAlso": [ + "http://rc.quest.com/topics/openssh/license.php#tcpwrappers" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/TermReadKey.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/TermReadKey.json", - "referenceNumber": 489, + "referenceNumber": 642, "name": "TermReadKey License", "licenseId": "TermReadKey", - "seeAlso": ["https://github.com/jonathanstowe/TermReadKey/blob/master/README#L9-L10"], + "seeAlso": [ + "https://github.com/jonathanstowe/TermReadKey/blob/master/README#L9-L10" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/TGPPL-1.0.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/TGPPL-1.0.json", + "referenceNumber": 603, + "name": "Transitive Grace Period Public Licence 1.0", + "licenseId": "TGPPL-1.0", + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/TGPPL", + "https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/COPYING.TGPPL.rst" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/ThirdEye.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/ThirdEye.json", + "referenceNumber": 320, + "name": "ThirdEye License", + "licenseId": "ThirdEye", + "seeAlso": [ + "https://sourceware.org/cgit/binutils-gdb/tree/include/coff/symconst.h#n11" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/threeparttable.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/threeparttable.json", + "referenceNumber": 364, + "name": "threeparttable License", + "licenseId": "threeparttable", + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Threeparttable" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/TMate.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/TMate.json", - "referenceNumber": 36, + "referenceNumber": 164, "name": "TMate Open Source License", "licenseId": "TMate", - "seeAlso": ["http://svnkit.com/license.html"], + "seeAlso": [ + "http://svnkit.com/license.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/TORQUE-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/TORQUE-1.1.json", - "referenceNumber": 416, + "referenceNumber": 498, "name": "TORQUE v2.5+ Software License v1.1", "licenseId": "TORQUE-1.1", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/TORQUEv1.1"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/TORQUEv1.1" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/TOSL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/TOSL.json", - "referenceNumber": 426, + "referenceNumber": 640, "name": "Trusster Open Source License", "licenseId": "TOSL", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/TOSL"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/TOSL" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/TPDL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/TPDL.json", - "referenceNumber": 432, + "referenceNumber": 443, "name": "Time::ParseDate License", "licenseId": "TPDL", - "seeAlso": ["https://metacpan.org/pod/Time::ParseDate#LICENSE"], + "seeAlso": [ + "https://metacpan.org/pod/Time::ParseDate#LICENSE" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/TPL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/TPL-1.0.json", - "referenceNumber": 221, + "referenceNumber": 251, "name": "THOR Public License 1.0", "licenseId": "TPL-1.0", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing:ThorPublicLicense"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing:ThorPublicLicense" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/TrustedQSL.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/TrustedQSL.json", + "referenceNumber": 396, + "name": "TrustedQSL License", + "licenseId": "TrustedQSL", + "seeAlso": [ + "https://sourceforge.net/p/trustedqsl/tqsl/ci/master/tree/LICENSE.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/TTWL.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/TTWL.json", - "referenceNumber": 403, + "referenceNumber": 106, "name": "Text-Tabs+Wrap License", "licenseId": "TTWL", "seeAlso": [ @@ -5686,61 +7838,132 @@ ], "isOsiApproved": false }, + { + "reference": "https://spdx.org/licenses/TTYP0.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/TTYP0.json", + "referenceNumber": 336, + "name": "TTYP0 License", + "licenseId": "TTYP0", + "seeAlso": [ + "https://people.mpi-inf.mpg.de/~uwe/misc/uw-ttyp0/" + ], + "isOsiApproved": false + }, { "reference": "https://spdx.org/licenses/TU-Berlin-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/TU-Berlin-1.0.json", - "referenceNumber": 91, + "referenceNumber": 296, "name": "Technische Universitaet Berlin License 1.0", "licenseId": "TU-Berlin-1.0", - "seeAlso": ["https://github.com/swh/ladspa/blob/7bf6f3799fdba70fda297c2d8fd9f526803d9680/gsm/COPYRIGHT"], + "seeAlso": [ + "https://github.com/swh/ladspa/blob/7bf6f3799fdba70fda297c2d8fd9f526803d9680/gsm/COPYRIGHT" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/TU-Berlin-2.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/TU-Berlin-2.0.json", - "referenceNumber": 326, + "referenceNumber": 499, "name": "Technische Universitaet Berlin License 2.0", "licenseId": "TU-Berlin-2.0", - "seeAlso": ["https://github.com/CorsixTH/deps/blob/fd339a9f526d1d9c9f01ccf39e438a015da50035/licences/libgsm.txt"], + "seeAlso": [ + "https://github.com/CorsixTH/deps/blob/fd339a9f526d1d9c9f01ccf39e438a015da50035/licences/libgsm.txt" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Ubuntu-font-1.0.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Ubuntu-font-1.0.json", + "referenceNumber": 72, + "name": "Ubuntu Font Licence v1.0", + "licenseId": "Ubuntu-font-1.0", + "seeAlso": [ + "https://ubuntu.com/legal/font-licence", + "https://assets.ubuntu.com/v1/81e5605d-ubuntu-font-licence-1.0.txt" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/UCAR.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/UCAR.json", - "referenceNumber": 454, + "referenceNumber": 559, "name": "UCAR License", "licenseId": "UCAR", - "seeAlso": ["https://github.com/Unidata/UDUNITS-2/blob/master/COPYRIGHT"], + "seeAlso": [ + "https://github.com/Unidata/UDUNITS-2/blob/master/COPYRIGHT" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/UCL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/UCL-1.0.json", - "referenceNumber": 414, + "referenceNumber": 619, "name": "Upstream Compatibility License v1.0", "licenseId": "UCL-1.0", - "seeAlso": ["https://opensource.org/licenses/UCL-1.0"], + "seeAlso": [ + "https://opensource.org/licenses/UCL-1.0" + ], + "isOsiApproved": true + }, + { + "reference": "https://spdx.org/licenses/ulem.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/ulem.json", + "referenceNumber": 495, + "name": "ulem License", + "licenseId": "ulem", + "seeAlso": [ + "https://mirrors.ctan.org/macros/latex/contrib/ulem/README" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/UMich-Merit.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/UMich-Merit.json", + "referenceNumber": 225, + "name": "Michigan/Merit Networks License", + "licenseId": "UMich-Merit", + "seeAlso": [ + "https://github.com/radcli/radcli/blob/master/COPYRIGHT#L64" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Unicode-3.0.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Unicode-3.0.json", + "referenceNumber": 447, + "name": "Unicode License v3", + "licenseId": "Unicode-3.0", + "seeAlso": [ + "https://www.unicode.org/license.txt" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/Unicode-DFS-2015.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Unicode-DFS-2015.json", - "referenceNumber": 291, + "referenceNumber": 125, "name": "Unicode License Agreement - Data Files and Software (2015)", "licenseId": "Unicode-DFS-2015", - "seeAlso": ["https://web.archive.org/web/20151224134844/http://unicode.org/copyright.html"], + "seeAlso": [ + "https://web.archive.org/web/20151224134844/http://unicode.org/copyright.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Unicode-DFS-2016.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Unicode-DFS-2016.json", - "referenceNumber": 544, + "referenceNumber": 665, "name": "Unicode License Agreement - Data Files and Software (2016)", "licenseId": "Unicode-DFS-2016", "seeAlso": [ @@ -5754,7 +7977,7 @@ "reference": "https://spdx.org/licenses/Unicode-TOU.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Unicode-TOU.json", - "referenceNumber": 268, + "referenceNumber": 574, "name": "Unicode Terms of Use", "licenseId": "Unicode-TOU", "seeAlso": [ @@ -5767,7 +7990,7 @@ "reference": "https://spdx.org/licenses/UnixCrypt.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/UnixCrypt.json", - "referenceNumber": 47, + "referenceNumber": 253, "name": "UnixCrypt License", "licenseId": "UnixCrypt", "seeAlso": [ @@ -5780,201 +8003,272 @@ { "reference": "https://spdx.org/licenses/Unlicense.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Unlicense.json", - "referenceNumber": 137, + "referenceNumber": 150, "name": "The Unlicense", "licenseId": "Unlicense", - "seeAlso": ["https://unlicense.org/"], - "isOsiApproved": true + "seeAlso": [ + "https://unlicense.org/" + ], + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/UPL-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/UPL-1.0.json", - "referenceNumber": 204, + "referenceNumber": 342, "name": "Universal Permissive License v1.0", "licenseId": "UPL-1.0", - "seeAlso": ["https://opensource.org/licenses/UPL"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/UPL" + ], + "isOsiApproved": true, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/URT-RLE.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/URT-RLE.json", + "referenceNumber": 526, + "name": "Utah Raster Toolkit Run Length Encoded License", + "licenseId": "URT-RLE", + "seeAlso": [ + "https://sourceforge.net/p/netpbm/code/HEAD/tree/super_stable/converter/other/pnmtorle.c", + "https://sourceforge.net/p/netpbm/code/HEAD/tree/super_stable/converter/other/rletopnm.c" + ], + "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Vim.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Vim.json", - "referenceNumber": 526, + "referenceNumber": 28, "name": "Vim License", "licenseId": "Vim", - "seeAlso": ["http://vimdoc.sourceforge.net/htmldoc/uganda.html"], - "isOsiApproved": false + "seeAlso": [ + "http://vimdoc.sourceforge.net/htmldoc/uganda.html" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/VOSTROM.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/VOSTROM.json", - "referenceNumber": 6, + "referenceNumber": 439, "name": "VOSTROM Public License for Open Source", "licenseId": "VOSTROM", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/VOSTROM"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/VOSTROM" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/VSL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/VSL-1.0.json", - "referenceNumber": 153, + "referenceNumber": 238, "name": "Vovida Software License v1.0", "licenseId": "VSL-1.0", - "seeAlso": ["https://opensource.org/licenses/VSL-1.0"], + "seeAlso": [ + "https://opensource.org/licenses/VSL-1.0" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/W3C.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/W3C.json", - "referenceNumber": 335, + "referenceNumber": 216, "name": "W3C Software Notice and License (2002-12-31)", "licenseId": "W3C", "seeAlso": [ "http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231.html", "https://opensource.org/licenses/W3C" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/W3C-19980720.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/W3C-19980720.json", - "referenceNumber": 408, + "referenceNumber": 206, "name": "W3C Software Notice and License (1998-07-20)", "licenseId": "W3C-19980720", - "seeAlso": ["http://www.w3.org/Consortium/Legal/copyright-software-19980720.html"], + "seeAlso": [ + "http://www.w3.org/Consortium/Legal/copyright-software-19980720.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/W3C-20150513.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/W3C-20150513.json", - "referenceNumber": 9, + "referenceNumber": 375, "name": "W3C Software Notice and Document License (2015-05-13)", "licenseId": "W3C-20150513", - "seeAlso": ["https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document"], - "isOsiApproved": false + "seeAlso": [ + "https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document", + "https://www.w3.org/copyright/software-license-2015/", + "https://www.w3.org/copyright/software-license-2023/" + ], + "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/w3m.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/w3m.json", - "referenceNumber": 32, + "referenceNumber": 82, "name": "w3m License", "licenseId": "w3m", - "seeAlso": ["https://github.com/tats/w3m/blob/master/COPYING"], + "seeAlso": [ + "https://github.com/tats/w3m/blob/master/COPYING" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Watcom-1.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": false, "detailsUrl": "https://spdx.org/licenses/Watcom-1.0.json", - "referenceNumber": 185, + "referenceNumber": 322, "name": "Sybase Open Watcom Public License 1.0", "licenseId": "Watcom-1.0", - "seeAlso": ["https://opensource.org/licenses/Watcom-1.0"], - "isOsiApproved": true + "seeAlso": [ + "https://opensource.org/licenses/Watcom-1.0" + ], + "isOsiApproved": true, + "isFsfLibre": false }, { "reference": "https://spdx.org/licenses/Widget-Workshop.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Widget-Workshop.json", - "referenceNumber": 364, + "referenceNumber": 647, "name": "Widget Workshop License", "licenseId": "Widget-Workshop", - "seeAlso": ["https://github.com/novnc/noVNC/blob/master/core/crypto/des.js#L24"], + "seeAlso": [ + "https://github.com/novnc/noVNC/blob/master/core/crypto/des.js#L24" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Wsuipa.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Wsuipa.json", - "referenceNumber": 440, + "referenceNumber": 399, "name": "Wsuipa License", "licenseId": "Wsuipa", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Wsuipa"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Wsuipa" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/WTFPL.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/WTFPL.json", - "referenceNumber": 513, + "referenceNumber": 234, "name": "Do What The F*ck You Want To Public License", "licenseId": "WTFPL", "seeAlso": [ "http://www.wtfpl.net/about/", "http://sam.zoy.org/wtfpl/COPYING" ], + "isOsiApproved": false, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/wwl.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/wwl.json", + "referenceNumber": 114, + "name": "WWL License", + "licenseId": "wwl", + "seeAlso": [ + "http://www.db.net/downloads/wwl+db-1.3.tgz" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/wxWindows.html", "isDeprecatedLicenseId": true, "detailsUrl": "https://spdx.org/licenses/wxWindows.json", - "referenceNumber": 57, + "referenceNumber": 147, "name": "wxWindows Library License", "licenseId": "wxWindows", - "seeAlso": ["https://opensource.org/licenses/WXwindows"], + "seeAlso": [ + "https://opensource.org/licenses/WXwindows" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/X11.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/X11.json", - "referenceNumber": 503, + "referenceNumber": 309, "name": "X11 License", "licenseId": "X11", - "seeAlso": ["http://www.xfree86.org/3.3.6/COPYRIGHT2.html#3"], - "isOsiApproved": false + "seeAlso": [ + "http://www.xfree86.org/3.3.6/COPYRIGHT2.html#3" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/X11-distribute-modifications-variant.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/X11-distribute-modifications-variant.json", - "referenceNumber": 288, + "referenceNumber": 307, "name": "X11 License Distribution Modification Variant", "licenseId": "X11-distribute-modifications-variant", - "seeAlso": ["https://github.com/mirror/ncurses/blob/master/COPYING"], + "seeAlso": [ + "https://github.com/mirror/ncurses/blob/master/COPYING" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/X11-swapped.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/X11-swapped.json", + "referenceNumber": 158, + "name": "X11 swapped final paragraphs", + "licenseId": "X11-swapped", + "seeAlso": [ + "https://github.com/fedeinthemix/chez-srfi/blob/master/srfi/LICENSE" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Xdebug-1.03.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Xdebug-1.03.json", - "referenceNumber": 127, + "referenceNumber": 408, "name": "Xdebug License v 1.03", "licenseId": "Xdebug-1.03", - "seeAlso": ["https://github.com/xdebug/xdebug/blob/master/LICENSE"], + "seeAlso": [ + "https://github.com/xdebug/xdebug/blob/master/LICENSE" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Xerox.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Xerox.json", - "referenceNumber": 179, + "referenceNumber": 577, "name": "Xerox License", "licenseId": "Xerox", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Xerox"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Xerox" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Xfig.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Xfig.json", - "referenceNumber": 239, + "referenceNumber": 426, "name": "Xfig License", "licenseId": "Xfig", "seeAlso": [ @@ -5987,187 +8281,253 @@ { "reference": "https://spdx.org/licenses/XFree86-1.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/XFree86-1.1.json", - "referenceNumber": 138, + "referenceNumber": 47, "name": "XFree86 License 1.1", "licenseId": "XFree86-1.1", - "seeAlso": ["http://www.xfree86.org/current/LICENSE4.html"], - "isOsiApproved": false + "seeAlso": [ + "http://www.xfree86.org/current/LICENSE4.html" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/xinetd.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/xinetd.json", - "referenceNumber": 312, + "referenceNumber": 415, "name": "xinetd License", "licenseId": "xinetd", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Xinetd_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Xinetd_License" + ], + "isOsiApproved": false, + "isFsfLibre": true + }, + { + "reference": "https://spdx.org/licenses/xkeyboard-config-Zinoviev.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/xkeyboard-config-Zinoviev.json", + "referenceNumber": 451, + "name": "xkeyboard-config Zinoviev License", + "licenseId": "xkeyboard-config-Zinoviev", + "seeAlso": [ + "https://gitlab.freedesktop.org/xkeyboard-config/xkeyboard-config/-/blob/master/COPYING?ref_type\u003dheads#L178" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/xlock.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/xlock.json", - "referenceNumber": 343, + "referenceNumber": 516, "name": "xlock License", "licenseId": "xlock", - "seeAlso": ["https://fossies.org/linux/tiff/contrib/ras/ras2tif.c"], + "seeAlso": [ + "https://fossies.org/linux/tiff/contrib/ras/ras2tif.c" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Xnet.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Xnet.json", - "referenceNumber": 119, + "referenceNumber": 367, "name": "X.Net License", "licenseId": "Xnet", - "seeAlso": ["https://opensource.org/licenses/Xnet"], + "seeAlso": [ + "https://opensource.org/licenses/Xnet" + ], "isOsiApproved": true }, { "reference": "https://spdx.org/licenses/xpp.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/xpp.json", - "referenceNumber": 407, + "referenceNumber": 36, "name": "XPP License", "licenseId": "xpp", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/xpp"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/xpp" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/XSkat.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/XSkat.json", - "referenceNumber": 43, + "referenceNumber": 145, "name": "XSkat License", "licenseId": "XSkat", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/XSkat_License"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/XSkat_License" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/xzoom.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/xzoom.json", + "referenceNumber": 644, + "name": "xzoom License", + "licenseId": "xzoom", + "seeAlso": [ + "https://metadata.ftp-master.debian.org/changelogs//main/x/xzoom/xzoom_0.3-27_copyright" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/YPL-1.0.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/YPL-1.0.json", - "referenceNumber": 75, + "referenceNumber": 549, "name": "Yahoo! Public License v1.0", "licenseId": "YPL-1.0", - "seeAlso": ["http://www.zimbra.com/license/yahoo_public_license_1.0.html"], + "seeAlso": [ + "http://www.zimbra.com/license/yahoo_public_license_1.0.html" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/YPL-1.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/YPL-1.1.json", - "referenceNumber": 215, + "referenceNumber": 654, "name": "Yahoo! Public License v1.1", "licenseId": "YPL-1.1", - "seeAlso": ["http://www.zimbra.com/license/yahoo_public_license_1.1.html"], - "isOsiApproved": false + "seeAlso": [ + "http://www.zimbra.com/license/yahoo_public_license_1.1.html" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Zed.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Zed.json", - "referenceNumber": 532, + "referenceNumber": 513, "name": "Zed License", "licenseId": "Zed", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/Zed"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/Zed" + ], + "isOsiApproved": false + }, + { + "reference": "https://spdx.org/licenses/Zeeff.html", + "isDeprecatedLicenseId": false, + "detailsUrl": "https://spdx.org/licenses/Zeeff.json", + "referenceNumber": 384, + "name": "Zeeff License", + "licenseId": "Zeeff", + "seeAlso": [ + "ftp://ftp.tin.org/pub/news/utils/newsx/newsx-1.6.tar.gz" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Zend-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Zend-2.0.json", - "referenceNumber": 374, + "referenceNumber": 334, "name": "Zend License v2.0", "licenseId": "Zend-2.0", - "seeAlso": ["https://web.archive.org/web/20130517195954/http://www.zend.com/license/2_00.txt"], - "isOsiApproved": false + "seeAlso": [ + "https://web.archive.org/web/20130517195954/http://www.zend.com/license/2_00.txt" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Zimbra-1.3.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Zimbra-1.3.json", - "referenceNumber": 107, + "referenceNumber": 450, "name": "Zimbra Public License v1.3", "licenseId": "Zimbra-1.3", - "seeAlso": ["http://web.archive.org/web/20100302225219/http://www.zimbra.com/license/zimbra-public-license-1-3.html"], - "isOsiApproved": false + "seeAlso": [ + "http://web.archive.org/web/20100302225219/http://www.zimbra.com/license/zimbra-public-license-1-3.html" + ], + "isOsiApproved": false, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/Zimbra-1.4.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/Zimbra-1.4.json", - "referenceNumber": 121, + "referenceNumber": 257, "name": "Zimbra Public License v1.4", "licenseId": "Zimbra-1.4", - "seeAlso": ["http://www.zimbra.com/legal/zimbra-public-license-1-4"], + "seeAlso": [ + "http://www.zimbra.com/legal/zimbra-public-license-1-4" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/Zlib.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/Zlib.json", - "referenceNumber": 70, + "referenceNumber": 567, "name": "zlib License", "licenseId": "Zlib", "seeAlso": [ "http://www.zlib.net/zlib_license.html", "https://opensource.org/licenses/Zlib" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/zlib-acknowledgement.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/zlib-acknowledgement.json", - "referenceNumber": 362, + "referenceNumber": 12, "name": "zlib/libpng License with Acknowledgement", "licenseId": "zlib-acknowledgement", - "seeAlso": ["https://fedoraproject.org/wiki/Licensing/ZlibWithAcknowledgement"], + "seeAlso": [ + "https://fedoraproject.org/wiki/Licensing/ZlibWithAcknowledgement" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/ZPL-1.1.html", "isDeprecatedLicenseId": false, "detailsUrl": "https://spdx.org/licenses/ZPL-1.1.json", - "referenceNumber": 498, + "referenceNumber": 314, "name": "Zope Public License 1.1", "licenseId": "ZPL-1.1", - "seeAlso": ["http://old.zope.org/Resources/License/ZPL-1.1"], + "seeAlso": [ + "http://old.zope.org/Resources/License/ZPL-1.1" + ], "isOsiApproved": false }, { "reference": "https://spdx.org/licenses/ZPL-2.0.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/ZPL-2.0.json", - "referenceNumber": 83, + "referenceNumber": 623, "name": "Zope Public License 2.0", "licenseId": "ZPL-2.0", "seeAlso": [ "http://old.zope.org/Resources/License/ZPL-2.0", "https://opensource.org/licenses/ZPL-2.0" ], - "isOsiApproved": true + "isOsiApproved": true, + "isFsfLibre": true }, { "reference": "https://spdx.org/licenses/ZPL-2.1.html", "isDeprecatedLicenseId": false, - "isFsfLibre": true, "detailsUrl": "https://spdx.org/licenses/ZPL-2.1.json", - "referenceNumber": 101, + "referenceNumber": 110, "name": "Zope Public License 2.1", "licenseId": "ZPL-2.1", - "seeAlso": ["http://old.zope.org/Resources/ZPL/"], - "isOsiApproved": true + "seeAlso": [ + "http://old.zope.org/Resources/ZPL/" + ], + "isOsiApproved": true, + "isFsfLibre": true } ], - "releaseDate": "2023-06-18" + "releaseDate": "2024-12-30T00:00:00Z" } \ No newline at end of file diff --git a/src/main/resources/licenses/lsof.txt b/src/main/resources/licenses/lsof.txt new file mode 100644 index 0000000000..279721a90a --- /dev/null +++ b/src/main/resources/licenses/lsof.txt @@ -0,0 +1,26 @@ +Copyright 2002 Purdue Research Foundation, West Lafayette, +Indiana 47907. All rights reserved. + +Written by Victor A. Abell + +This software is not subject to any license of the American +Telephone and Telegraph Company or the Regents of the +University of California. + +Permission is granted to anyone to use this software for +any purpose on any computer system, and to alter it and +redistribute it freely, subject to the following +restrictions: + +1. Neither the authors nor Purdue University are responsible + for any consequences of the use of this software. + +2. The origin of this software must not be misrepresented, + either by explicit claim or by omission. Credit to the + authors and Purdue University must appear in documentation + and sources. + +3. Altered versions must be plainly marked as such, and must + not be misrepresented as being the original software. + +4. This notice may not be removed or altered. diff --git a/src/main/resources/licenses/magaz.txt b/src/main/resources/licenses/magaz.txt new file mode 100644 index 0000000000..34d033c03e --- /dev/null +++ b/src/main/resources/licenses/magaz.txt @@ -0,0 +1,4 @@ +Copyright 1999-2011, Donald Arseneau, asnd@triumf.ca, Vancouver, Canada + +This software may be freely used, transmitted, reproduced, or modified provided that +the copyright notice and this permission is retained. diff --git a/src/main/resources/licenses/mailprio.txt b/src/main/resources/licenses/mailprio.txt new file mode 100644 index 0000000000..e004e4b683 --- /dev/null +++ b/src/main/resources/licenses/mailprio.txt @@ -0,0 +1,9 @@ +Copyright 1994, 1996, Tony Sanders + +Rights are hereby granted to download, use, modify, sell, copy, and +redistribute this software so long as the original copyright notice +and this list of conditions remain intact and modified versions are +noted as such. + +I would also very much appreciate it if you could send me a copy of +any changes you make so I can possibly integrate them into my version. diff --git a/src/main/resources/licenses/metamail.txt b/src/main/resources/licenses/metamail.txt new file mode 100644 index 0000000000..be7a8a4e5a --- /dev/null +++ b/src/main/resources/licenses/metamail.txt @@ -0,0 +1,12 @@ +Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore) + +Permission to use, copy, modify, and distribute this material +for any purpose and without fee is hereby granted, provided +that the above copyright notice and this permission notice +appear in all copies, and that the name of Bellcore not be +used in advertising or publicity pertaining to this +material without the specific, prior written permission +of an authorized representative of Bellcore. BELLCORE +MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY +OF THIS MATERIAL FOR ANY PURPOSE. IT IS PROVIDED "AS IS", +WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. diff --git a/src/main/resources/licenses/mif-exception.txt b/src/main/resources/licenses/mif-exception.txt new file mode 100644 index 0000000000..ceb2626c6f --- /dev/null +++ b/src/main/resources/licenses/mif-exception.txt @@ -0,0 +1 @@ +As a special exception, you may use this file as part of a free software library without restriction. Specifically, if other files instantiate templates or use macros or inline functions from this file, or you compile this file and link it with other files to produce an executable, this file does not by itself cause the resulting executable to be covered by the GNU General Public License. This exception does not however invalidate any other reasons why the executable file might be covered by the GNU General Public License. diff --git a/src/main/resources/licenses/mpi-permissive.txt b/src/main/resources/licenses/mpi-permissive.txt new file mode 100644 index 0000000000..2abcbe3ab0 --- /dev/null +++ b/src/main/resources/licenses/mpi-permissive.txt @@ -0,0 +1,15 @@ +* Copyright (C) 2000-2004 by Etnus, LLC + * + * Permission is hereby granted to use, reproduce, prepare derivative + * works, and to redistribute to others. + * + * DISCLAIMER + * + * Neither Etnus, nor any of their employees, makes any warranty + * express or implied, or assumes any legal liability or + * responsibility for the accuracy, completeness, or usefulness of any + * information, apparatus, product, or process disclosed, or + * represents that its use would not infringe privately owned rights. + * + * This code was written by + * James Cownie: Etnus, LLC. diff --git a/src/main/resources/licenses/mxml-exception.txt b/src/main/resources/licenses/mxml-exception.txt new file mode 100644 index 0000000000..32928e8dd6 --- /dev/null +++ b/src/main/resources/licenses/mxml-exception.txt @@ -0,0 +1,16 @@ +Mini-XML + +Copyright Š 2003-2024 by Michael R Sweet + + +(Optional) Exceptions to the Apache 2.0 License: +================================================ + +In addition, if you combine or link compiled forms of this Software with +software that is licensed under the GPLv2 or LGPLv2 (“Combined Software”) and if +a court of competent jurisdiction determines that the patent provision (Section +3), the indemnity provision (Section 9) or other Section of the License +conflicts with the conditions of the GPLv2 or LGPLv2, you may retroactively and +prospectively choose to deem waived or otherwise exclude such Section(s) of the +License, but only in their entirety and only with respect to the Combined +Software. diff --git a/src/main/resources/licenses/openvpn-openssl-exception.txt b/src/main/resources/licenses/openvpn-openssl-exception.txt new file mode 100644 index 0000000000..e9e0a367ea --- /dev/null +++ b/src/main/resources/licenses/openvpn-openssl-exception.txt @@ -0,0 +1,3 @@ +Special exception for linking OpenVPN with OpenSSL: + +In addition, as a special exception, OpenVPN Technologies, Inc. gives permission to link the code of this program with the OpenSSL Library (or with modified versions of OpenSSL that use the same license as OpenSSL), and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. diff --git a/src/main/resources/licenses/pkgconf.txt b/src/main/resources/licenses/pkgconf.txt new file mode 100644 index 0000000000..b8b2ffd996 --- /dev/null +++ b/src/main/resources/licenses/pkgconf.txt @@ -0,0 +1,7 @@ +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +This software is provided 'as is' and without any warranty, express or +implied. In no event shall the authors be liable for any damages arising +from the use of this software. diff --git a/src/main/resources/licenses/pnmstitch.txt b/src/main/resources/licenses/pnmstitch.txt new file mode 100644 index 0000000000..cb9dc762d9 --- /dev/null +++ b/src/main/resources/licenses/pnmstitch.txt @@ -0,0 +1,23 @@ +Copyright (c) 2002 Mark Salyzyn +All rights reserved. + +TERMS AND CONDITIONS OF USE + +Redistribution and use in source form, with or without modification, are +permitted provided that redistributions of source code must retain the +above copyright notice, this list of conditions and the following +disclaimer. + +This software is provided `as is' by Mark Salyzyn and any express or implied +warranties, including, but not limited to, the implied warranties of +merchantability and fitness for a particular purpose, are disclaimed. In no +event shall Mark Salyzyn be liable for any direct, indirect, incidental, +special, exemplary or consequential damages (including, but not limited to, +procurement of substitute goods or services; loss of use, data, or profits; +or business interruptions) however caused and on any theory of liability, +whether in contract, strict liability, or tort (including negligence or +otherwise) arising in any way out of the use of this software, even if +advised of the possibility of such damage. + +Any restrictions or encumberances added to this source code or derivitives, +is prohibited. diff --git a/src/main/resources/licenses/python-ldap.txt b/src/main/resources/licenses/python-ldap.txt new file mode 100644 index 0000000000..733e8cfc0a --- /dev/null +++ b/src/main/resources/licenses/python-ldap.txt @@ -0,0 +1,10 @@ +The python-ldap package is distributed under Python-style license. + +Standard disclaimer: + This software is made available by the author(s) to the public for free + and "as is". All users of this free software are solely and entirely + responsible for their own choice and use of this software for their + own purposes. By using this software, each user agrees that the + author(s) shall not be liable for damages of any kind in relation to + its use or performance. The author(s) do not warrant that this software + is fit for any purpose. diff --git a/src/main/resources/licenses/radvd.txt b/src/main/resources/licenses/radvd.txt new file mode 100644 index 0000000000..4e77909ed7 --- /dev/null +++ b/src/main/resources/licenses/radvd.txt @@ -0,0 +1,37 @@ + The author(s) grant permission for redistribution and use in source and +binary forms, with or without modification, of the software and documentation +provided that the following conditions are met: + +0. If you receive a version of the software that is specifically labelled + as not being for redistribution (check the version message and/or README), + you are not permitted to redistribute that version of the software in any + way or form. +1. All terms of all other applicable copyrights and licenses must be + followed. +2. Redistributions of source code must retain the authors' copyright + notice(s), this list of conditions, and the following disclaimer. +3. Redistributions in binary form must reproduce the authors' copyright + notice(s), this list of conditions, and the following disclaimer in the + documentation and/or other materials provided with the distribution. +4. All advertising materials mentioning features or use of this software + must display the following acknowledgement with the name(s) of the + authors as specified in the copyright notice(s) substituted where + indicated: + + This product includes software developed by the authors which are + mentioned at the start of the source files and other contributors. + +5. Neither the name(s) of the author(s) nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY ITS AUTHORS AND CONTRIBUTORS ``AS IS'' AND ANY +EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/main/resources/licenses/romic-exception.txt b/src/main/resources/licenses/romic-exception.txt new file mode 100644 index 0000000000..57def44818 --- /dev/null +++ b/src/main/resources/licenses/romic-exception.txt @@ -0,0 +1,6 @@ +Additional permission under the GNU Affero GPL version 3 section 7: + +If you modify this Program, or any covered work, by linking or +combining it with other code, such other code is not for that reason +alone subject to any of the requirements of the GNU Affero GPL +version 3. diff --git a/src/main/resources/licenses/snprintf.txt b/src/main/resources/licenses/snprintf.txt new file mode 100644 index 0000000000..9e4ae73daa --- /dev/null +++ b/src/main/resources/licenses/snprintf.txt @@ -0,0 +1,3 @@ +Copyright Patrick Powell 1995 + +This code is based on code written by Patrick Powell (papowell@astart.com) It may be used for any purpose as long as this notice remains intact on all source code distributions diff --git a/src/main/resources/licenses/softSurfer.txt b/src/main/resources/licenses/softSurfer.txt new file mode 100644 index 0000000000..1bbc88c34c --- /dev/null +++ b/src/main/resources/licenses/softSurfer.txt @@ -0,0 +1,6 @@ +Copyright 2001, softSurfer (www.softsurfer.com) +This code may be freely used and modified for any purpose +providing that this copyright notice is included with it. +SoftSurfer makes no warranty for this code, and cannot be held +liable for any real or imagined damage resulting from its use. +Users of this code must verify correctness for their application. diff --git a/src/main/resources/licenses/ssh-keyscan.txt b/src/main/resources/licenses/ssh-keyscan.txt new file mode 100644 index 0000000000..6c97472c1e --- /dev/null +++ b/src/main/resources/licenses/ssh-keyscan.txt @@ -0,0 +1,5 @@ +* Copyright 1995, 1996 by David Mazieres . +* +* Modification and redistribution in source and binary forms is +* permitted provided that due credit is given to the author and the +* OpenBSD project by leaving this copyright notice intact. diff --git a/src/main/resources/licenses/stunnel-exception.txt b/src/main/resources/licenses/stunnel-exception.txt new file mode 100644 index 0000000000..5e38d00a0f --- /dev/null +++ b/src/main/resources/licenses/stunnel-exception.txt @@ -0,0 +1,5 @@ +Linking stunnel statically or dynamically with other modules is making a combined work based on stunnel. Thus, the terms and conditions of the GNU General Public License cover the whole combination. + +In addition, as a special exception, the copyright holder of stunnel gives you permission to combine stunnel with free software programs or libraries that are released under the GNU LGPL and with code included in the standard release of OpenSSL under the OpenSSL License (or modified versions of such code, with unchanged license). You may copy and distribute such a system following the terms of the GNU GPL for stunnel and the licenses of the other code concerned. + +Note that people who make modified versions of stunnel are not obligated to grant this special exception for their modified versions; it is their choice whether to do so. The GNU General Public License gives permission to release a modified version without this exception; this exception also makes it possible to release a modified version which carries forward this exception. diff --git a/src/main/resources/licenses/swrule.txt b/src/main/resources/licenses/swrule.txt new file mode 100644 index 0000000000..aebc5fd6d3 --- /dev/null +++ b/src/main/resources/licenses/swrule.txt @@ -0,0 +1 @@ +The style package is copyrighted but may be used and extended in any way, as long as a pointer to the original author is maintained. The author is not liable for any problem that may or may not result from using this package. Use at your own risk. diff --git a/src/main/resources/licenses/threeparttable.txt b/src/main/resources/licenses/threeparttable.txt new file mode 100644 index 0000000000..498b728226 --- /dev/null +++ b/src/main/resources/licenses/threeparttable.txt @@ -0,0 +1,3 @@ +This file may be distributed, modified, and used in other works with just +one restriction: modified versions must clearly indicate the modification +(a name change, or a displayed message, or ?). diff --git a/src/main/resources/licenses/u-boot-exception-2.0.txt b/src/main/resources/licenses/u-boot-exception-2.0.txt new file mode 100644 index 0000000000..3158dade32 --- /dev/null +++ b/src/main/resources/licenses/u-boot-exception-2.0.txt @@ -0,0 +1,6 @@ +The U-Boot License Exception: + +Even though U-Boot in general is covered by the GPL-2.0/GPL-2.0+, this does *not* cover the so-called "standalone" applications that use U-Boot services by means of the jump table provided by U-Boot exactly for this purpose - this is merely considered normal use of U-Boot, and does *not* fall under the heading of "derived work". + +The header files "include/image.h" and "arch/*/include/asm/u-boot.h" define interfaces to U-Boot. Including these (unmodified) header files in another file is considered normal use of U-Boot, and does *not* fall under the heading of "derived work". +-- Wolfgang Denk diff --git a/src/main/resources/licenses/ulem.txt b/src/main/resources/licenses/ulem.txt new file mode 100644 index 0000000000..ee49efe8dd --- /dev/null +++ b/src/main/resources/licenses/ulem.txt @@ -0,0 +1,4 @@ +Copyright 1989-2019 by Donald Arseneau (Vancouver, Canada, asnd@triumf.ca) + +This software may be freely transmitted, reproduced, or modified +for any purpose provided that this copyright notice is left intact. diff --git a/src/main/resources/licenses/vsftpd-openssl-exception.txt b/src/main/resources/licenses/vsftpd-openssl-exception.txt new file mode 100644 index 0000000000..a864761e48 --- /dev/null +++ b/src/main/resources/licenses/vsftpd-openssl-exception.txt @@ -0,0 +1,5 @@ +vsftpd is licensed under version 2 of the GNU GPL. +As copyright holder, I give permission for vsftpd to be linked to the OpenSSL +libraries. This includes permission for vsftpd binaries to be distributed +linked against the OpenSSL libraries. All other obligations under the GPL v2 +remain intact. diff --git a/src/main/resources/licenses/w3m.txt b/src/main/resources/licenses/w3m.txt new file mode 100644 index 0000000000..37081007bf --- /dev/null +++ b/src/main/resources/licenses/w3m.txt @@ -0,0 +1,11 @@ +(C) Copyright 1994-2002 by Akinori Ito +(C) Copyright 2002-2011 by Akinori Ito, Hironori Sakamoto, Fumitoshi Ukai + +Use, modification and redistribution of this software is hereby granted, +provided that this entire copyright notice is included on any copies of +this software and applications and derivations thereof. + +This software is provided on an "as is" basis, without warranty of any +kind, either expressed or implied, as to any matter including, but not +limited to warranty of fitness of purpose, or merchantability, or +results obtained from use of this software. diff --git a/src/main/resources/licenses/wwl.txt b/src/main/resources/licenses/wwl.txt new file mode 100644 index 0000000000..12486ff638 --- /dev/null +++ b/src/main/resources/licenses/wwl.txt @@ -0,0 +1,5 @@ +db@FreeBSD.ORG wrote this file. As long as you retain this notice you +can do whatever you want with this code, except you may not +license it under any form of the GPL. +A postcard or QSL card showing me you appreciate +this code would be nice. Diane Bruce va3db diff --git a/src/main/resources/licenses/wxWindows.txt b/src/main/resources/licenses/wxWindows.txt deleted file mode 100644 index 1becba2bb0..0000000000 --- a/src/main/resources/licenses/wxWindows.txt +++ /dev/null @@ -1 +0,0 @@ -404: Not Found \ No newline at end of file diff --git a/src/main/resources/licenses/x11vnc-openssl-exception.txt b/src/main/resources/licenses/x11vnc-openssl-exception.txt new file mode 100644 index 0000000000..040e31c7a9 --- /dev/null +++ b/src/main/resources/licenses/x11vnc-openssl-exception.txt @@ -0,0 +1,9 @@ +In addition, as a special exception, Karl J. Runge +gives permission to link the code of its release of x11vnc with the +OpenSSL project's "OpenSSL" library (or with modified versions of it +that use the same license as the "OpenSSL" library), and distribute +the linked executables. You must obey the GNU General Public License +in all respects for all of the code used other than "OpenSSL". If you +modify this file, you may extend this exception to your version of the +file, but you are not obligated to do so. If you do not wish to do +so, delete this exception statement from your version. diff --git a/src/main/resources/licenses/xkeyboard-config-Zinoviev.txt b/src/main/resources/licenses/xkeyboard-config-Zinoviev.txt new file mode 100644 index 0000000000..509fc255e2 --- /dev/null +++ b/src/main/resources/licenses/xkeyboard-config-Zinoviev.txt @@ -0,0 +1,15 @@ +Copyright (C) 1999, 2000 by Anton Zinoviev + +This software may be used, modified, copied, distributed, and sold, +in both source and binary form provided that the above copyright +and these terms are retained. Under no circumstances is the author +responsible for the proper functioning of this software, nor does +the author assume any responsibility for damages incurred with its +use. + +Permission is granted to anyone to use, distribute and modify +this file in any way, provided that the above copyright notice +is left intact and the author of the modification summarizes +the changes in this header. + +This file is distributed without any expressed or implied warranty. diff --git a/src/main/resources/licenses/xlock.txt b/src/main/resources/licenses/xlock.txt new file mode 100644 index 0000000000..39ccda0b4d --- /dev/null +++ b/src/main/resources/licenses/xlock.txt @@ -0,0 +1,14 @@ +Copyright (c) 1990 by Sun Microsystems, Inc. +Author: Patrick J. Naughton naughton@wind.sun.com + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, +provided that the above copyright notice appear in all copies and +that both that copyright notice and this permission notice appear in +supporting documentation. + +This file is provided AS IS with no warranties of any kind. The author +shall have no liability with respect to the infringement of copyrights, +trade secrets or any patents by this file or any part thereof. In no event +will the author be liable for any lost revenue or profits or other special, +indirect and consequential damages. diff --git a/src/main/resources/licenses/xzoom.txt b/src/main/resources/licenses/xzoom.txt new file mode 100644 index 0000000000..f312dedbc2 --- /dev/null +++ b/src/main/resources/licenses/xzoom.txt @@ -0,0 +1,12 @@ +Copyright Itai Nahshon 1995, 1996. +This program is distributed with no warranty. + +Source files for this program may be distributed freely. +Modifications to this file are okay as long as: + a. This copyright notice and comment are preserved and + left at the top of the file. + b. The man page is fixed to reflect the change. + c. The author of this change adds his name and change + description to the list of changes below. +Executable files may be distributed with sources, or with +exact location where the source code can be obtained. diff --git a/src/main/resources/spdx.schema.json b/src/main/resources/spdx.schema.json index f04d013c74..552c631f22 100644 --- a/src/main/resources/spdx.schema.json +++ b/src/main/resources/spdx.schema.json @@ -1,15 +1,18 @@ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/spdx.schema.json", - "$comment": "v1.0-3.21", + "$comment": "v1.0-3.26.0", "type": "string", "enum": [ "0BSD", + "3D-Slicer-1.0", "AAL", "Abstyles", "AdaCore-doc", "Adobe-2006", + "Adobe-Display-PostScript", "Adobe-Glyph", + "Adobe-Utopia", "ADSL", "AFL-1.1", "AFL-1.2", @@ -24,11 +27,15 @@ "AGPL-3.0-only", "AGPL-3.0-or-later", "Aladdin", + "AMD-newlib", "AMDPLPA", "AML", + "AML-glslang", "AMPAS", "ANTLR-PD", "ANTLR-PD-fallback", + "any-OSI", + "any-OSI-perl-modules", "Apache-1.0", "Apache-1.1", "Apache-2.0", @@ -49,6 +56,7 @@ "Baekmuk", "Bahyph", "Barr", + "bcrypt-Solar-Designer", "Beerware", "Bitstream-Charter", "Bitstream-Vera", @@ -57,17 +65,24 @@ "blessing", "BlueOak-1.0.0", "Boehm-GC", + "Boehm-GC-without-fee", "Borceux", + "Brian-Gladman-2-Clause", "Brian-Gladman-3-Clause", "BSD-1-Clause", "BSD-2-Clause", + "BSD-2-Clause-Darwin", + "BSD-2-Clause-first-lines", "BSD-2-Clause-FreeBSD", "BSD-2-Clause-NetBSD", "BSD-2-Clause-Patent", "BSD-2-Clause-Views", "BSD-3-Clause", + "BSD-3-Clause-acpica", "BSD-3-Clause-Attribution", "BSD-3-Clause-Clear", + "BSD-3-Clause-flex", + "BSD-3-Clause-HP", "BSD-3-Clause-LBNL", "BSD-3-Clause-Modification", "BSD-3-Clause-No-Military-License", @@ -75,6 +90,7 @@ "BSD-3-Clause-No-Nuclear-License-2014", "BSD-3-Clause-No-Nuclear-Warranty", "BSD-3-Clause-Open-MPI", + "BSD-3-Clause-Sun", "BSD-4-Clause", "BSD-4-Clause-Shortened", "BSD-4-Clause-UC", @@ -82,8 +98,12 @@ "BSD-4.3TAHOE", "BSD-Advertising-Acknowledgement", "BSD-Attribution-HPND-disclaimer", + "BSD-Inferno-Nettverk", "BSD-Protection", + "BSD-Source-beginning-file", "BSD-Source-Code", + "BSD-Systemics", + "BSD-Systemics-W3Works", "BSL-1.0", "BUSL-1.1", "bzip2-1.0.5", @@ -92,6 +112,8 @@ "CAL-1.0", "CAL-1.0-Combined-Work-Exception", "Caldera", + "Caldera-no-preamble", + "Catharon", "CATOSL-1.1", "CC-BY-1.0", "CC-BY-2.0", @@ -99,6 +121,7 @@ "CC-BY-2.5-AU", "CC-BY-3.0", "CC-BY-3.0-AT", + "CC-BY-3.0-AU", "CC-BY-3.0-DE", "CC-BY-3.0-IGO", "CC-BY-3.0-NL", @@ -144,6 +167,8 @@ "CC-BY-SA-3.0-IGO", "CC-BY-SA-4.0", "CC-PDDC", + "CC-PDM-1.0", + "CC-SA-1.0", "CC0-1.0", "CDDL-1.0", "CDDL-1.1", @@ -163,10 +188,12 @@ "CERN-OHL-S-2.0", "CERN-OHL-W-2.0", "CFITSIO", + "check-cvs", "checkmk", "ClArtistic", "Clips", "CMU-Mach", + "CMU-Mach-nodoc", "CNRI-Jython", "CNRI-Python", "CNRI-Python-GPL-Compatible", @@ -179,17 +206,25 @@ "CPAL-1.0", "CPL-1.0", "CPOL-1.02", + "Cronyx", "Crossword", "CrystalStacker", "CUA-OPL-1.0", "Cube", "curl", + "cve-tou", "D-FSL-1.0", + "DEC-3-Clause", "diffmark", "DL-DE-BY-2.0", + "DL-DE-ZERO-2.0", "DOC", + "DocBook-Schema", + "DocBook-Stylesheet", + "DocBook-XML", "Dotseqn", "DRL-1.0", + "DRL-1.1", "DSDP", "dtoa", "dvipdfm", @@ -212,16 +247,23 @@ "EUPL-1.2", "Eurosym", "Fair", + "FBM", "FDK-AAC", + "Ferguson-Twofish", "Frameworx-1.0", "FreeBSD-DOC", "FreeImage", "FSFAP", + "FSFAP-no-warranty-disclaimer", "FSFUL", "FSFULLR", "FSFULLRWD", "FTL", + "Furuseth", + "fwlw", + "GCR-docs", "GD", + "generic-xts", "GFDL-1.1", "GFDL-1.1-invariants-only", "GFDL-1.1-invariants-or-later", @@ -270,14 +312,38 @@ "GPL-3.0-with-GCC-exception", "Graphics-Gems", "gSOAP-1.3b", + "gtkbook", + "Gutmann", "HaskellReport", + "hdparm", + "HIDAPI", "Hippocratic-2.1", "HP-1986", + "HP-1989", "HPND", + "HPND-DEC", + "HPND-doc", + "HPND-doc-sell", "HPND-export-US", + "HPND-export-US-acknowledgement", + "HPND-export-US-modify", + "HPND-export2-US", + "HPND-Fenneberg-Livingston", + "HPND-INRIA-IMAG", + "HPND-Intel", + "HPND-Kevlin-Henney", "HPND-Markus-Kuhn", + "HPND-merchantability-variant", + "HPND-MIT-disclaimer", + "HPND-Netrek", + "HPND-Pbmplus", + "HPND-sell-MIT-disclaimer-xserver", + "HPND-sell-regexpr", "HPND-sell-variant", "HPND-sell-variant-MIT-disclaimer", + "HPND-sell-variant-MIT-disclaimer-rev", + "HPND-UC", + "HPND-UC-export-US", "HTMLTIDY", "IBM-pibs", "ICU", @@ -289,17 +355,20 @@ "Imlib2", "Info-ZIP", "Inner-Net-2.0", + "InnoSetup", "Intel", "Intel-ACPI", "Interbase-1.0", "IPA", "IPL-1.0", "ISC", + "ISC-Veillard", "Jam", "JasPer-2.0", "JPL-image", "JPNIC", "JSON", + "Kastrup", "Kazlib", "Knuth-CTAN", "LAL-1.2", @@ -334,6 +403,7 @@ "Linux-man-pages-copyleft-var", "Linux-OpenIB", "LOOP", + "LPD-document", "LPL-1.0", "LPL-1.02", "LPPL-1.0", @@ -341,25 +411,38 @@ "LPPL-1.2", "LPPL-1.3a", "LPPL-1.3c", + "lsof", + "Lucida-Bitmap-Fonts", "LZMA-SDK-9.11-to-9.20", "LZMA-SDK-9.22", + "Mackerras-3-Clause", + "Mackerras-3-Clause-acknowledgment", + "magaz", + "mailprio", "MakeIndex", "Martin-Birgmeier", + "McPhee-slideshow", "metamail", "Minpack", + "MIPS", "MirOS", "MIT", "MIT-0", "MIT-advertising", + "MIT-Click", "MIT-CMU", "MIT-enna", "MIT-feh", "MIT-Festival", + "MIT-Khronos-old", "MIT-Modern-Variant", "MIT-open-group", + "MIT-testregex", "MIT-Wu", "MITNFA", + "MMIXware", "Motosoto", + "MPEG-SSG", "mpi-permissive", "mpich2", "MPL-1.0", @@ -379,7 +462,9 @@ "NASA-1.3", "Naumen", "NBPL-1.0", + "NCBI-PD", "NCGL-UK-2.0", + "NCL", "NCSA", "Net-SNMP", "NetCDF", @@ -403,6 +488,7 @@ "NTP-0", "Nunit", "O-UDA-1.0", + "OAR", "OCCT-PL", "OCLC-2.0", "ODbL-1.0", @@ -441,6 +527,8 @@ "OML", "OpenPBS-2.3", "OpenSSL", + "OpenSSL-standalone", + "OpenVision", "OPL-1.0", "OPL-UK-3.0", "OPUBL-1.0", @@ -450,23 +538,30 @@ "OSL-2.0", "OSL-2.1", "OSL-3.0", + "PADL", "Parity-6.0.0", "Parity-7.0.0", "PDDL-1.0", "PHP-3.0", "PHP-3.01", + "Pixar", + "pkgconf", "Plexus", + "pnmstitch", "PolyForm-Noncommercial-1.0.0", "PolyForm-Small-Business-1.0.0", "PostgreSQL", + "PPL", "PSF-2.0", "psfrag", "psutils", "Python-2.0", "Python-2.0.1", + "python-ldap", "Qhull", "QPL-1.0", "QPL-1.0-INRIA-2004", + "radvd", "Rdisc", "RHeCos-1.1", "RPL-1.1", @@ -475,58 +570,81 @@ "RSA-MD", "RSCPL", "Ruby", + "Ruby-pty", "SAX-PD", + "SAX-PD-2.0", "Saxpath", "SCEA", "SchemeReport", "Sendmail", "Sendmail-8.23", + "Sendmail-Open-Source-1.1", "SGI-B-1.0", "SGI-B-1.1", "SGI-B-2.0", + "SGI-OpenGL", "SGP4", "SHL-0.5", "SHL-0.51", "SimPL-2.0", "SISSL", "SISSL-1.2", + "SL", "Sleepycat", + "SMAIL-GPL", "SMLNJ", "SMPPL", "SNIA", "snprintf", + "softSurfer", + "Soundex", "Spencer-86", "Spencer-94", "Spencer-99", "SPL-1.0", + "ssh-keyscan", "SSH-OpenSSH", "SSH-short", + "SSLeay-standalone", "SSPL-1.0", "StandardML-NJ", "SugarCRM-1.1.3", + "Sun-PPP", + "Sun-PPP-2000", "SunPro", "SWL", + "swrule", "Symlinks", "TAPR-OHL-1.0", "TCL", "TCP-wrappers", "TermReadKey", + "TGPPL-1.0", + "ThirdEye", + "threeparttable", "TMate", "TORQUE-1.1", "TOSL", "TPDL", "TPL-1.0", + "TrustedQSL", "TTWL", + "TTYP0", "TU-Berlin-1.0", "TU-Berlin-2.0", + "Ubuntu-font-1.0", "UCAR", "UCL-1.0", + "ulem", + "UMich-Merit", + "Unicode-3.0", "Unicode-DFS-2015", "Unicode-DFS-2016", "Unicode-TOU", "UnixCrypt", "Unlicense", "UPL-1.0", + "URT-RLE", "Vim", "VOSTROM", "VSL-1.0", @@ -538,21 +656,26 @@ "Widget-Workshop", "Wsuipa", "WTFPL", + "wwl", "wxWindows", "X11", "X11-distribute-modifications-variant", + "X11-swapped", "Xdebug-1.03", "Xerox", "Xfig", "XFree86-1.1", "xinetd", + "xkeyboard-config-Zinoviev", "xlock", "Xnet", "xpp", "XSkat", + "xzoom", "YPL-1.0", "YPL-1.1", "Zed", + "Zeeff", "Zend-2.0", "Zimbra-1.3", "Zimbra-1.4", @@ -563,32 +686,45 @@ "ZPL-2.1", "389-exception", "Asterisk-exception", + "Asterisk-linking-protocols-exception", "Autoconf-exception-2.0", "Autoconf-exception-3.0", "Autoconf-exception-generic", + "Autoconf-exception-generic-3.0", "Autoconf-exception-macro", + "Bison-exception-1.24", "Bison-exception-2.2", "Bootloader-exception", + "CGAL-linking-exception", "Classpath-exception-2.0", "CLISP-exception-2.0", "cryptsetup-OpenSSL-exception", "DigiRule-FOSS-exception", "eCos-exception-2.0", + "erlang-otp-linking-exception", "Fawkes-Runtime-exception", "FLTK-exception", + "fmt-exception", "Font-exception-2.0", "freertos-exception-2.0", "GCC-exception-2.0", + "GCC-exception-2.0-note", "GCC-exception-3.1", + "Gmsh-exception", "GNAT-exception", + "GNOME-examples-exception", + "GNU-compiler-exception", "gnu-javamail-exception", + "GPL-3.0-389-ds-base-exception", "GPL-3.0-interface-exception", "GPL-3.0-linking-exception", "GPL-3.0-linking-source-exception", "GPL-CC-1.0", "GStreamer-exception-2005", "GStreamer-exception-2008", + "harbour-exception", "i2p-gpl-java-exception", + "Independent-modules-exception", "KiCad-libraries-exception", "LGPL-3.0-linking-exception", "libpri-OpenH323-exception", @@ -598,21 +734,29 @@ "LLVM-exception", "LZMA-exception", "mif-exception", + "mxml-exception", "Nokia-Qt-exception-1.1", "OCaml-LGPL-linking-exception", "OCCT-exception-1.0", "OpenJDK-assembly-exception-1.0", "openvpn-openssl-exception", + "PCRE2-exception", "PS-or-PDF-font-exception-20170817", "QPL-1.0-INRIA-2004-exception", "Qt-GPL-exception-1.0", "Qt-LGPL-exception-1.1", "Qwt-exception-1.0", + "romic-exception", + "RRDtool-FLOSS-exception-2.0", + "SANE-exception", "SHL-2.0", "SHL-2.1", + "stunnel-exception", "SWI-exception", "Swift-exception", + "Texinfo-exception", "u-boot-exception-2.0", + "UBDL-exception", "Universal-FOSS-exception-1.0", "vsftpd-openssl-exception", "WxWindows-exception-3.1", diff --git a/src/main/resources/spdx.xsd b/src/main/resources/spdx.xsd index 5d086dbe15..6e90a9e432 100644 --- a/src/main/resources/spdx.xsd +++ b/src/main/resources/spdx.xsd @@ -2,7 +2,7 @@ + version="1.0-3.26.0"> @@ -12,6 +12,11 @@ BSD Zero Clause License + + + 3D Slicer License v1.0 + + Attribution Assurance License @@ -32,11 +37,21 @@ Adobe Systems Incorporated Source Code License Agreement + + + Adobe Display PostScript License + + Adobe Glyph List License + + + Adobe Utopia Font License + + Amazon Digital Services License @@ -107,6 +122,11 @@ Aladdin Free Public License + + + AMD newlib License + + AMD's plpa_map.c License @@ -117,6 +137,11 @@ Apple MIT License + + + AML glslang variant License + + Academy of Motion Picture Arts and Sciences BSD @@ -132,6 +157,16 @@ ANTLR Software Rights Notice with license fallback + + + Any OSI License + + + + + Any OSI License - Perl Modules + + Apache License 1.0 @@ -232,6 +267,11 @@ Barr License + + + bcrypt Solar Designer License + + Beerware License @@ -272,11 +312,21 @@ Boehm-Demers-Weiser GC License + + + Boehm-Demers-Weiser GC License (without fee) + + Borceux license + + + Brian Gladman 2-Clause License + + Brian Gladman 3-Clause License @@ -292,6 +342,16 @@ BSD 2-Clause "Simplified" License + + + BSD 2-Clause - Ian Darwin variant + + + + + BSD 2-Clause - first lines requirement + + BSD 2-Clause FreeBSD License @@ -317,6 +377,11 @@ BSD 3-Clause "New" or "Revised" License + + + BSD 3-Clause acpica variant + + BSD with attribution @@ -327,6 +392,16 @@ BSD 3-Clause Clear License + + + BSD 3-Clause Flex variant + + + + + Hewlett-Packard BSD variant license + + Lawrence Berkeley National Labs BSD variant license @@ -362,6 +437,11 @@ BSD 3-Clause Open MPI variant + + + BSD 3-Clause Sun Microsystems + + BSD 4-Clause "Original" or "Old" License @@ -397,16 +477,36 @@ BSD with Attribution and HPND disclaimer + + + BSD-Inferno-Nettverk + + BSD Protection License + + + BSD Source Code Attribution - beginning of file variant + + BSD Source Code Attribution + + + Systemics BSD variant license + + + + + Systemics W3Works BSD variant license + + Boost Software License 1.0 @@ -447,6 +547,16 @@ Caldera License + + + Caldera License (without preamble) + + + + + Catharon License + + Computer Associates Trusted Open Source License 1.1 @@ -482,6 +592,11 @@ Creative Commons Attribution 3.0 Austria + + + Creative Commons Attribution 3.0 Australia + + Creative Commons Attribution 3.0 Germany @@ -707,6 +822,16 @@ Creative Commons Public Domain Dedication and Certification + + + Creative Commons Public Domain Mark 1.0 Universal + + + + + Creative Commons Share Alike 1.0 Generic + + Creative Commons Zero v1.0 Universal @@ -802,6 +927,11 @@ CFITSIO License + + + check-cvs License + + Checkmk License @@ -822,6 +952,11 @@ CMU Mach License + + + CMU Mach - no notices-in-documentation variant + + CNRI Jython License @@ -882,6 +1017,11 @@ Code Project Open License 1.02 + + + Cronyx License + + Crossword License @@ -907,11 +1047,21 @@ curl License + + + Common Vulnerability Enumeration ToU License + + Deutsche Freie Software Lizenz + + + DEC 3-Clause License + + diffmark license @@ -922,11 +1072,31 @@ Data licence Germany – attribution – version 2.0 + + + Data licence Germany – zero – version 2.0 + + DOC License + + + DocBook Schema License + + + + + DocBook Stylesheet License + + + + + DocBook XML License + + Dotseqn License @@ -937,6 +1107,11 @@ Detection Rule License 1.0 + + + Detection Rule License 1.1 + + DSDP License @@ -1047,11 +1222,21 @@ Fair License + + + Fuzzy Bitmap License + + Fraunhofer FDK AAC Codec Library + + + Ferguson Twofish License + + Frameworx Open License 1.0 @@ -1072,6 +1257,11 @@ FSF All Permissive License + + + FSF All Permissive License (without Warranty) + + FSF Unlimited License @@ -1092,11 +1282,31 @@ Freetype Project License + + + Furuseth License + + + + + fwlw License + + + + + Gnome GCR Documentation License + + GD License + + + Generic XTS License + + GNU Free Documentation License v1.1 @@ -1337,11 +1547,31 @@ gSOAP Public License v1.3b + + + gtkbook License + + + + + Gutmann License + + Haskell Language Report License + + + hdparm License + + + + + HIDAPI License + + Hippocratic License 2.1 @@ -1352,21 +1582,106 @@ Hewlett-Packard 1986 License + + + Hewlett-Packard 1989 License + + Historical Permission Notice and Disclaimer + + + Historical Permission Notice and Disclaimer - DEC variant + + + + + Historical Permission Notice and Disclaimer - documentation variant + + + + + Historical Permission Notice and Disclaimer - documentation sell variant + + HPND with US Government export control warning + + + HPND with US Government export control warning and acknowledgment + + + + + HPND with US Government export control warning and modification rqmt + + + + + HPND with US Government export control and 2 disclaimers + + + + + Historical Permission Notice and Disclaimer - Fenneberg-Livingston variant + + + + + Historical Permission Notice and Disclaimer - INRIA-IMAG variant + + + + + Historical Permission Notice and Disclaimer - Intel variant + + + + + Historical Permission Notice and Disclaimer - Kevlin Henney variant + + Historical Permission Notice and Disclaimer - Markus Kuhn variant + + + Historical Permission Notice and Disclaimer - merchantability variant + + + + + Historical Permission Notice and Disclaimer with MIT disclaimer + + + + + Historical Permission Notice and Disclaimer - Netrek variant + + + + + Historical Permission Notice and Disclaimer - Pbmplus variant + + + + + Historical Permission Notice and Disclaimer - sell xserver variant with MIT disclaimer + + + + + Historical Permission Notice and Disclaimer - sell regexpr variant + + Historical Permission Notice and Disclaimer - sell variant @@ -1377,6 +1692,21 @@ HPND sell variant with MIT disclaimer + + + HPND sell variant with MIT disclaimer - reverse + + + + + Historical Permission Notice and Disclaimer - University of California variant + + + + + Historical Permission Notice and Disclaimer - University of California, US export warning + + HTML Tidy License @@ -1432,6 +1762,11 @@ Inner Net License v2.0 + + + Inno Setup License + + Intel Open Source License @@ -1462,6 +1797,11 @@ ISC License + + + ISC Veillard variant + + Jam License @@ -1487,6 +1827,11 @@ JSON License + + + Kastrup License + + Kazlib License @@ -1657,6 +2002,11 @@ Common Lisp LOOP License + + + LPD Documentation License + + Lucent Public License Version 1.0 @@ -1692,6 +2042,16 @@ LaTeX Project Public License v1.3c + + + lsof License + + + + + Lucida Bitmap Fonts License + + LZMA SDK License (versions 9.11 to 9.20) @@ -1702,6 +2062,26 @@ LZMA SDK License (versions 9.22 and beyond) + + + Mackerras 3-Clause License + + + + + Mackerras 3-Clause - acknowledgment variant + + + + + magaz License + + + + + mailprio License + + MakeIndex License @@ -1712,6 +2092,11 @@ Martin Birgmeier License + + + McPhee Slideshow License + + metamail License @@ -1722,6 +2107,11 @@ Minpack License + + + MIPS License + + The MirOS Licence @@ -1742,6 +2132,11 @@ Enlightenment License (e16) + + + MIT Click License + + CMU License @@ -1762,6 +2157,11 @@ MIT Festival Variant + + + MIT Khronos - old variant + + MIT License Modern Variant @@ -1772,6 +2172,11 @@ MIT Open Group variant + + + MIT testregex Variant + + MIT Tom Wu Variant @@ -1782,11 +2187,21 @@ MIT +no-false-attribs license + + + MMIXware License + + Motosoto License + + + MPEG Software Simulation + + mpi Permissive License @@ -1882,11 +2297,21 @@ Net Boolean Public License v1 + + + NCBI Public Domain Notice + + Non-Commercial Government Licence + + + NCL Source Code License + + University of Illinois/NCSA Open Source License @@ -2002,6 +2427,11 @@ Open Use of Data Agreement v1.0 + + + OAR License + + Open CASCADE Technology Public License @@ -2192,6 +2622,16 @@ OpenSSL License + + + OpenSSL License - standalone + + + + + OpenVision License + + Open Public License v1.0 @@ -2237,6 +2677,11 @@ Open Software License 3.0 + + + PADL License + + The Parity Public License 6.0.0 @@ -2262,11 +2707,26 @@ PHP License v3.01 + + + Pixar License + + + + + pkgconf License + + Plexus Classworlds License + + + pnmstitch License + + PolyForm Noncommercial License 1.0.0 @@ -2282,6 +2742,11 @@ PostgreSQL License + + + Peer Production License + + Python Software Foundation License 2.0 @@ -2307,6 +2772,11 @@ Python License 2.0.1 + + + Python ldap License + + Qhull License @@ -2322,6 +2792,11 @@ Q Public License 1.0 - INRIA 2004 variant + + + radvd License + + Rdisc License @@ -2362,11 +2837,21 @@ Ruby License + + + Ruby pty extension license + + Sax Public Domain Notice + + + Sax Public Domain Notice 2.0 + + Saxpath License @@ -2392,6 +2877,11 @@ Sendmail License 8.23 + + + Sendmail Open Source License v1.1 + + SGI Free Software License B v1.0 @@ -2407,6 +2897,11 @@ SGI Free Software License B v2.0 + + + SGI OpenGL License + + SGP4 Permission Notice @@ -2437,11 +2932,21 @@ Sun Industry Standards Source License v1.2 + + + SL License + + Sleepycat License + + + SMAIL General Public License + + Standard ML of New Jersey License @@ -2462,6 +2967,16 @@ snprintf License + + + softSurfer License + + + + + Soundex License + + Spencer License 86 @@ -2482,6 +2997,11 @@ Sun Public License v1.0 + + + ssh-keyscan License + + SSH OpenSSH license @@ -2492,6 +3012,11 @@ SSH short notice + + + SSLeay License - standalone + + Server Side Public License, v 1 @@ -2507,6 +3032,16 @@ SugarCRM Public License v1.1.3 + + + Sun PPP License + + + + + Sun PPP License (2000) + + SunPro License @@ -2517,6 +3052,11 @@ Scheme Widget Library (SWL) Software License Agreement + + + swrule License + + Symlinks License @@ -2542,6 +3082,21 @@ TermReadKey License + + + Transitive Grace Period Public Licence 1.0 + + + + + ThirdEye License + + + + + threeparttable License + + TMate Open Source License @@ -2567,11 +3122,21 @@ THOR Public License 1.0 + + + TrustedQSL License + + Text-Tabs+Wrap License + + + TTYP0 License + + Technische Universitaet Berlin License 1.0 @@ -2582,6 +3147,11 @@ Technische Universitaet Berlin License 2.0 + + + Ubuntu Font Licence v1.0 + + UCAR License @@ -2592,6 +3162,21 @@ Upstream Compatibility License v1.0 + + + ulem License + + + + + Michigan/Merit Networks License + + + + + Unicode License v3 + + Unicode License Agreement - Data Files and Software (2015) @@ -2622,6 +3207,11 @@ Universal Permissive License v1.0 + + + Utah Raster Toolkit Run Length Encoded License + + Vim License @@ -2677,6 +3267,11 @@ Do What The F*ck You Want To Public License + + + WWL License + + wxWindows Library License @@ -2692,6 +3287,11 @@ X11 License Distribution Modification Variant + + + X11 swapped final paragraphs + + Xdebug License v 1.03 @@ -2717,6 +3317,11 @@ xinetd License + + + xkeyboard-config Zinoviev License + + xlock License @@ -2737,6 +3342,11 @@ XSkat License + + + xzoom License + + Yahoo! Public License v1.0 @@ -2752,6 +3362,11 @@ Zed License + + + Zeeff License + + Zend License v2.0 @@ -2803,6 +3418,11 @@ Asterisk exception + + + Asterisk linking protocols exception + + Autoconf exception 2.0 @@ -2818,11 +3438,21 @@ Autoconf generic exception + + + Autoconf generic exception for GPL-3.0 + + Autoconf macro exception + + + Bison exception 1.24 + + Bison exception 2.2 @@ -2833,6 +3463,11 @@ Bootloader Distribution Exception + + + CGAL Linking Exception + + Classpath exception 2.0 @@ -2858,6 +3493,11 @@ eCos exception 2.0 + + + Erlang/OTP Linking Exception + + Fawkes Runtime Exception @@ -2868,6 +3508,11 @@ FLTK exception + + + fmt exception + + Font exception 2.0 @@ -2883,21 +3528,46 @@ GCC Runtime Library exception 2.0 + + + GCC Runtime Library exception 2.0 - note variant + + GCC Runtime Library exception 3.1 + + + Gmsh exception + + GNAT exception + + + GNOME examples exception + + + + + GNU Compiler Exception + + GNU JavaMail exception + + + GPL-3.0 389 DS Base Exception + + GPL-3.0 Interface Exception @@ -2928,11 +3598,21 @@ GStreamer Exception (2008) + + + harbour exception + + i2p GPL+Java Exception + + + Independent Module Linking exception + + KiCad Libraries Exception @@ -2978,6 +3658,11 @@ Macros and Inline Functions Exception + + + mxml Exception + + Nokia Qt LGPL exception 1.1 @@ -3003,6 +3688,11 @@ OpenVPN OpenSSL Exception + + + PCRE2 exception + + PS/PDF font exception (2017-08-17) @@ -3028,6 +3718,21 @@ Qwt exception 1.0 + + + Romic Exception + + + + + RRDtool FLOSS exception 2.0 + + + + + SANE Exception + + Solderpad Hardware License v2.0 @@ -3038,6 +3743,11 @@ Solderpad Hardware License v2.1 + + + stunnel Exception + + SWI exception @@ -3048,11 +3758,21 @@ Swift Exception + + + Texinfo exception + + U-Boot exception 2.0 + + + Unmodified Binary Distribution exception + + Universal FOSS Exception, Version 1.0 diff --git a/src/test/java/org/cyclonedx/BomJsonGeneratorTest.java b/src/test/java/org/cyclonedx/BomJsonGeneratorTest.java index d17520a57c..2d98405770 100644 --- a/src/test/java/org/cyclonedx/BomJsonGeneratorTest.java +++ b/src/test/java/org/cyclonedx/BomJsonGeneratorTest.java @@ -19,29 +19,39 @@ package org.cyclonedx; import com.fasterxml.jackson.databind.JsonNode; + +import java.nio.charset.StandardCharsets; import org.apache.commons.io.IOUtils; -import org.cyclonedx.CycloneDxSchema.Version; +import org.cyclonedx.generators.BomGeneratorFactory; import org.cyclonedx.generators.json.BomJsonGenerator; -import org.cyclonedx.generators.json.BomJsonGenerator12; -import org.cyclonedx.generators.json.BomJsonGenerator13; -import org.cyclonedx.generators.json.BomJsonGenerator14; -import org.cyclonedx.generators.json.BomJsonGenerator15; +import org.cyclonedx.generators.xml.BomXmlGenerator; import org.cyclonedx.model.Bom; +import org.cyclonedx.model.Component; +import org.cyclonedx.model.Component.Type; +import org.cyclonedx.model.License; +import org.cyclonedx.model.LicenseChoice; +import org.cyclonedx.model.Metadata; +import org.cyclonedx.model.Service; +import org.cyclonedx.model.license.Expression; import org.cyclonedx.parsers.JsonParser; import org.cyclonedx.parsers.XmlParser; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.MethodSource; + import java.io.File; import java.io.FileWriter; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; import java.util.ArrayList; +import java.util.stream.Stream; +import java.util.Objects; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.*; public class BomJsonGeneratorTest { @@ -59,20 +69,29 @@ public void after() { tempFile.getParentFile().delete(); } + @Test + public void testGenerateBomPrior12() { + Throwable exception = assertThrowsExactly( + IllegalArgumentException.class, + () -> new BomJsonGenerator(new Bom(), Version.VERSION_11) + ); + + assertEquals("CycloneDX version 1.1 does not support the JSON format", exception.getMessage()); + } + @Test public void schema12GenerationTest() throws Exception { - Bom bom = createCommonBom("/bom-1.2.xml"); + Bom bom = createCommonXmlBom("/bom-1.2.xml"); BomJsonGenerator generator = BomGeneratorFactory.createJson(Version.VERSION_12, bom); - assertTrue(generator instanceof BomJsonGenerator12); - assertEquals(CycloneDxSchema.Version.VERSION_12, generator.getSchemaVersion()); + assertEquals(Version.VERSION_12, generator.getSchemaVersion()); File file = writeToFile(generator.toJsonString()); JsonParser parser = new JsonParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_12)); + assertTrue(parser.isValid(file, Version.VERSION_12)); } @Test public void schema12JsonObjectGenerationTest() throws Exception { - Bom bom = createCommonBom("/bom-1.2.xml"); + Bom bom = createCommonXmlBom("/bom-1.2.xml"); BomJsonGenerator generator = BomGeneratorFactory.createJson(Version.VERSION_12, bom); JsonNode obj = generator.toJsonNode(); assertNotNull(obj); @@ -86,16 +105,16 @@ public void schema12JsonObjectGenerationTest() throws Exception { @Test public void schema12MultipleDependenciesJsonTest() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.2.json")); + final byte[] bomBytes = IOUtils.toByteArray( + Objects.requireNonNull(this.getClass().getResourceAsStream("/bom-1.2.json"))); final JsonParser parser = new JsonParser(); final Bom bom = parser.parse(bomBytes); BomJsonGenerator generator = BomGeneratorFactory.createJson(Version.VERSION_12, bom); - assertTrue(generator instanceof BomJsonGenerator12); - assertEquals(CycloneDxSchema.Version.VERSION_12, generator.getSchemaVersion()); + assertEquals(Version.VERSION_12, generator.getSchemaVersion()); File file = writeToFile(generator.toJsonString()); JsonParser jsonParser = new JsonParser(); - assertTrue(jsonParser.isValid(file, CycloneDxSchema.Version.VERSION_12)); + assertTrue(jsonParser.isValid(file, Version.VERSION_12)); } @Test @@ -104,74 +123,71 @@ public void schema13EmptyComponentsJsonTest() throws Exception { bom.setComponents(new ArrayList<>()); bom.setDependencies(new ArrayList<>()); BomJsonGenerator generator = BomGeneratorFactory.createJson(Version.VERSION_13, bom); - assertTrue(generator instanceof BomJsonGenerator13); - assertEquals(CycloneDxSchema.Version.VERSION_13, generator.getSchemaVersion()); + assertEquals(Version.VERSION_13, generator.getSchemaVersion()); File file = writeToFile(generator.toJsonString()); JsonParser parser = new JsonParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_13)); + assertTrue(parser.isValid(file, Version.VERSION_13)); } @Test public void schema13MultipleDependenciesJsonTest() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.3.json")); + final byte[] bomBytes = IOUtils.toByteArray( + Objects.requireNonNull(this.getClass().getResourceAsStream("/bom-1.3.json"))); final JsonParser parser = new JsonParser(); final Bom bom = parser.parse(bomBytes); BomJsonGenerator generator = BomGeneratorFactory.createJson(Version.VERSION_13, bom); - assertTrue(generator instanceof BomJsonGenerator13); - assertEquals(CycloneDxSchema.Version.VERSION_13, generator.getSchemaVersion()); + assertEquals(Version.VERSION_13, generator.getSchemaVersion()); File file = writeToFile(generator.toJsonString()); JsonParser jsonParser = new JsonParser(); - assertTrue(jsonParser.isValid(file, CycloneDxSchema.Version.VERSION_13)); + assertTrue(jsonParser.isValid(file, Version.VERSION_13)); } - @Test - public void schema13JsonObjectGenerationTest() throws Exception { - Bom bom = createCommonBom("/bom-1.3.xml"); - BomJsonGenerator generator = BomGeneratorFactory.createJson(Version.VERSION_13, bom); - - assertTrue(generator instanceof BomJsonGenerator13); - assertEquals(CycloneDxSchema.Version.VERSION_13, generator.getSchemaVersion()); - - File file = writeToFile(generator.toJsonString()); - JsonParser parser = new JsonParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_13)); + static Stream testData() { + return Stream.of( + Arguments.of(Version.VERSION_16, "/1.6/valid-bom-1.6.xml"), + Arguments.of(Version.VERSION_15, "/bom-1.5.xml"), + Arguments.of(Version.VERSION_14, "/bom-1.4.xml"), + Arguments.of(Version.VERSION_13, "/bom-1.3.xml") + ); } - @Test - public void schema14JsonObjectGenerationTest() throws Exception { - Bom bom = createCommonBom("/bom-1.4.xml"); - BomJsonGenerator generator = BomGeneratorFactory.createJson(Version.VERSION_14, bom); + @ParameterizedTest + @MethodSource("testData") + public void testJsonGeneration(Version version, String bomXmlPath) + throws Exception + { + Bom bom = createCommonXmlBom(bomXmlPath); + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); - assertTrue(generator instanceof BomJsonGenerator14); - assertEquals(CycloneDxSchema.Version.VERSION_14, generator.getSchemaVersion()); + assertEquals(version, generator.getSchemaVersion()); File file = writeToFile(generator.toJsonString()); JsonParser parser = new JsonParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_14)); + assertTrue(parser.isValid(file, version)); } @Test public void schema14MultipleDependenciesJsonTest() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.4.json")); + final byte[] bomBytes = IOUtils.toByteArray( + Objects.requireNonNull(this.getClass().getResourceAsStream("/bom-1.4.json"))); final JsonParser parser = new JsonParser(); final Bom bom = parser.parse(bomBytes); BomJsonGenerator generator = BomGeneratorFactory.createJson(Version.VERSION_14, bom); - assertTrue(generator instanceof BomJsonGenerator14); - assertEquals(CycloneDxSchema.Version.VERSION_14, generator.getSchemaVersion()); + assertEquals(Version.VERSION_14, generator.getSchemaVersion()); File file = writeToFile(generator.toJsonString()); JsonParser jsonParser = new JsonParser(); - assertTrue(jsonParser.isValid(file, CycloneDxSchema.Version.VERSION_14)); + assertTrue(jsonParser.isValid(file, Version.VERSION_14)); } @Test public void schema14JBomLinkGenerationTest() throws Exception { - Bom bom = createCommonBom("/bom-1.4-bomlink.xml"); + Bom bom = createCommonXmlBom("/bom-1.4-bomlink.xml"); BomJsonGenerator generator = BomGeneratorFactory.createJson(Version.VERSION_14, bom); File file = writeToFile(generator.toJsonString()); JsonParser parser = new JsonParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_14)); + assertTrue(parser.isValid(file, Version.VERSION_14)); Bom bom2 = parser.parse(file); assertNotNull(bom2.getComponents().get(0).getExternalReferences()); assertEquals("bom", bom2.getComponents().get(0).getExternalReferences().get(0).getType().getTypeName()); @@ -179,15 +195,416 @@ public void schema14JBomLinkGenerationTest() throws Exception { } @Test - public void schema15JsonObjectGenerationTest() throws Exception { - Bom bom = createCommonBom("/bom-1.5.xml"); - BomJsonGenerator generator = BomGeneratorFactory.createJson(Version.VERSION_15, bom); - assertTrue(generator instanceof BomJsonGenerator15); - assertEquals(CycloneDxSchema.Version.VERSION_15, generator.getSchemaVersion()); + public void testIssue408Regression_1_5() throws Exception { + Version version = Version.VERSION_15; + Bom bom = createCommonJsonBom("/regression/issue408-1.5.json"); + assertLicenseInformation(bom, version); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue408Regression_16To15() throws Exception { + Version version = Version.VERSION_15; + Bom bom = createCommonJsonBom("/regression/issue408.json"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue408Regression_16To14() throws Exception { + Version version = Version.VERSION_14; + Bom bom = createCommonJsonBom("/regression/issue408.json"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue408Regression() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/regression/issue408.json"); + assertLicenseInformation(bom, version); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue408Regression_xmlToJson() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonXmlBom("/regression/issue408.xml"); + assertLicenseInformation(bom, version); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue439Regression_jsonEmptyLicense() throws Exception { + Version version = Version.VERSION_16; + Bom bom = new Bom(); + bom.addComponent(getComponentWithEmptyLicenseChoice()); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + String jsonString = generator.toJsonString(); + + assertFalse(jsonString.isEmpty()); + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(jsonString.getBytes(StandardCharsets.UTF_8))); + } + + private static Component getComponentWithEmptyLicenseChoice() { + Component component = new Component(); + component.setName("xalan"); + component.setType(Component.Type.LIBRARY); + component.setLicenses(new LicenseChoice()); + component.setPurl("pkg:maven/xalan/xalan@2.6.0?type=jar"); + return component; + } + + @Test + public void schema16_testEvidence() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonXmlBom("/1.6/valid-evidence-1.6.xml"); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); - File file = writeToFile(generator.toJsonString()); JsonParser parser = new JsonParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_15)); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testExpressions() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonXmlBom("/1.6/valid-license-expression-1.6.xml"); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testAttestations() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonXmlBom("/1.6/valid-attestation-1.6.xml"); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testAttestations_json() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/1.6/valid-attestation-1.6.json"); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testCompositions() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonXmlBom("/1.6/valid-compositions-1.6.xml"); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testVulnerabilities() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonXmlBom("/1.6/valid-vulnerability-1.6.xml"); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema15_testEvidence() throws Exception { + Version version = Version.VERSION_15; + Bom bom = createCommonXmlBom("/1.5/valid-evidence-1.5_2.xml"); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testFormulation() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonXmlBom("/1.6/valid-formulation-1.6.xml"); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testCrypto() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonXmlBom("/1.6/valid-cryptography-full-1.6.xml"); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testML() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonXmlBom("/1.6/valid-machine-learning-1.6.xml"); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + private void assertLicenseInformation(Bom bom, Version version) { + + //First Component + Component component = bom.getComponents().get(0); + assertNotNull(component); + assertNotNull(component.getLicenseChoice()); + assertNotNull(component.getLicenses()); + assertNotNull(component.getLicenses().getLicenses()); + assertFalse(component.getLicenses().getLicenses().isEmpty()); + assertNull(component.getLicenses().getExpression()); + + License license1 = component.getLicenses().getLicenses().get(0); + assertNotNull(license1); + assertNotNull(license1.getId()); + assertNull(license1.getName()); + if(version.getVersion() >= Version.VERSION_16.getVersion()) { + assertNotNull(license1.getAcknowledgement()); + } else { + assertNull(license1.getAcknowledgement()); + } + assertNotNull(license1.getBomRef()); + + License license2 = component.getLicenses().getLicenses().get(1); + assertNotNull(license2); + assertNotNull(license2.getName()); + assertNull(license2.getId()); + assertNull(license2.getAcknowledgement()); + assertNull(license2.getBomRef()); + + //Second Component + Component component2 = bom.getComponents().get(1); + assertNotNull(component2); + assertNotNull(component2.getLicenseChoice()); + assertNotNull(component2.getLicenses()); + assertNull(component2.getLicenses().getLicenses()); + assertNotNull(component2.getLicenses().getExpression()); + + Expression expression = component2.getLicenses().getExpression(); + assertNotNull(expression.getValue()); + if(version.getVersion() >= Version.VERSION_16.getVersion()) { + assertNotNull(expression.getAcknowledgement()); + } else { + assertNull(expression.getAcknowledgement()); + } + assertNotNull(expression.getBomRef()); + + //Third Component Evidence + Component component3 = bom.getComponents().get(2); + assertNotNull(component3); + LicenseChoice lcEvidence = component3.getEvidence().getLicenses(); + assertNotNull(lcEvidence); + assertNotNull(lcEvidence.getLicenses()); + assertFalse(lcEvidence.getLicenses().isEmpty()); + assertNull(lcEvidence.getExpression()); + + License license4 = lcEvidence.getLicenses().get(0); + assertNotNull(license4); + assertNotNull(license4.getId()); + assertNull(license4.getName()); + assertNull(license4.getAcknowledgement()); + assertNull(license4.getBomRef()); + assertNotNull(license4.getUrl()); + + License license5 = lcEvidence.getLicenses().get(1); + assertNotNull(license5); + assertNotNull(license5.getId()); + assertNull(license5.getName()); + assertNull(license5.getAcknowledgement()); + assertNull(license5.getBomRef()); + assertNotNull(license5.getUrl()); + + //Services + Service service = bom.getServices().get(0); + assertNotNull(service); + LicenseChoice lcService = service.getLicenses(); + assertNotNull(lcService); + assertNotNull(lcService.getLicenses()); + assertFalse(lcService.getLicenses().isEmpty()); + assertNull(lcService.getExpression()); + + License license6 = lcService.getLicenses().get(0); + assertNotNull(license6); + assertNull(license6.getId()); + assertNotNull(license6.getName()); + assertNull(license6.getAcknowledgement()); + assertNull(license6.getBomRef()); + assertNull(license6.getUrl()); + + License license7 = lcService.getLicenses().get(1); + assertNotNull(license7); + assertNull(license7.getId()); + assertNotNull(license7.getName()); + assertNull(license7.getAcknowledgement()); + assertNull(license7.getBomRef()); + assertNull(license7.getUrl()); + + + //Metadata + Metadata metadata = bom.getMetadata(); + assertNotNull(metadata); + assertNotNull(metadata.getLicenseChoice()); + assertNotNull(metadata.getLicenses()); + assertNotNull(metadata.getLicenses().getLicenses()); + assertFalse(metadata.getLicenses().getLicenses().isEmpty()); + assertNull(metadata.getLicenses().getExpression()); + + License license8 = metadata.getLicenses().getLicenses().get(0); + assertNotNull(license8); + assertNotNull(license8.getId()); + assertNull(license8.getName()); + assertNull(license8.getAcknowledgement()); + assertNull(license8.getBomRef()); + + License license9 = metadata.getLicenses().getLicenses().get(1); + assertNotNull(license9); + assertNotNull(license9.getName()); + assertNull(license9.getId()); + assertNull(license9.getAcknowledgement()); + assertNull(license9.getBomRef()); + } + + @Test + public void testIssue408Regression_externalReferenceBom() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/regression/issue408-external-reference.json"); + assertExternalReferenceInfo(bom); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue408Regression_xmlToJson_externalReferenceBom() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonXmlBom("/regression/issue408-external-reference.xml"); + assertExternalReferenceInfo(bom); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testServicesMetadata() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonXmlBom("/regression/valid-metadata-tool-no-services.xml"); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue562() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/regression/issue562.json"); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue571() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/regression/issue571.json"); + + Component component = new Component(); + component.setName("test"); + component.setVersion("v2"); + component.setType(Type.APPLICATION); + bom.getMetadata().getToolChoice().getComponents().add(component); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue492() throws Exception { + Version version = Version.VERSION_14; + Bom bom = createCommonJsonBom("/regression/issue492.json"); + + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + private void assertExternalReferenceInfo(Bom bom) { + assertEquals(3, bom.getExternalReferences().size()); + assertEquals(3, bom.getComponents().get(0).getExternalReferences().size()); } private File writeToFile(String jsonString) throws Exception { @@ -197,9 +614,17 @@ private File writeToFile(String jsonString) throws Exception { return tempFile; } - private Bom createCommonBom(String resource) throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream(resource)); + private Bom createCommonXmlBom(String resource) throws Exception { + final byte[] bomBytes = + IOUtils.toByteArray(Objects.requireNonNull(this.getClass().getResourceAsStream(resource))); XmlParser parser = new XmlParser(); return parser.parse(bomBytes); } + + private Bom createCommonJsonBom(String resource) throws Exception { + final byte[] bomBytes = + IOUtils.toByteArray(Objects.requireNonNull(this.getClass().getResourceAsStream(resource))); + JsonParser parser = new JsonParser(); + return parser.parse(bomBytes); + } } diff --git a/src/test/java/org/cyclonedx/BomParserFactoryTest.java b/src/test/java/org/cyclonedx/BomParserFactoryTest.java index 33602b878a..fcf763b075 100644 --- a/src/test/java/org/cyclonedx/BomParserFactoryTest.java +++ b/src/test/java/org/cyclonedx/BomParserFactoryTest.java @@ -19,27 +19,31 @@ package org.cyclonedx; import org.cyclonedx.exception.ParseException; +import org.cyclonedx.parsers.BomParserFactory; import org.cyclonedx.parsers.JsonParser; import org.cyclonedx.parsers.Parser; import org.cyclonedx.parsers.XmlParser; import org.junit.jupiter.api.Test; import java.io.File; +import java.util.Objects; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.junit.jupiter.api.Assertions.assertTrue; public class BomParserFactoryTest { @Test public void testXMLFactory() throws Exception { - Parser parser = BomParserFactory.createParser(new File(BomParserFactory.class.getResource("/bom-1.2.xml").getFile())); - assertTrue(parser instanceof XmlParser); + Parser parser = BomParserFactory.createParser( + new File(Objects.requireNonNull(BomParserFactory.class.getResource("/bom-1.2.xml")).getFile())); + assertInstanceOf(XmlParser.class, parser); } @Test public void testJSONFactory() throws Exception { - Parser parser = BomParserFactory.createParser(new File(BomParserFactory.class.getResource("/bom-1.2.json").getFile())); - assertTrue(parser instanceof JsonParser); + Parser parser = BomParserFactory.createParser(new File( + Objects.requireNonNull(BomParserFactory.class.getResource("/bom-1.2.json")).getFile())); + assertInstanceOf(JsonParser.class, parser); } @Test() diff --git a/src/test/java/org/cyclonedx/BomXmlGeneratorTest.java b/src/test/java/org/cyclonedx/BomXmlGeneratorTest.java index e5d0e7e62c..334818c50a 100644 --- a/src/test/java/org/cyclonedx/BomXmlGeneratorTest.java +++ b/src/test/java/org/cyclonedx/BomXmlGeneratorTest.java @@ -18,41 +18,46 @@ */ package org.cyclonedx; +import java.nio.charset.StandardCharsets; import org.apache.commons.io.IOUtils; -import org.cyclonedx.CycloneDxSchema.Version; +import org.cyclonedx.exception.ParseException; +import org.cyclonedx.generators.BomGeneratorFactory; +import org.cyclonedx.generators.json.BomJsonGenerator; import org.cyclonedx.generators.xml.*; +import org.cyclonedx.model.Attribute; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; +import org.cyclonedx.model.Component.Type; import org.cyclonedx.model.ExtensibleType; import org.cyclonedx.model.ExternalReference; import org.cyclonedx.model.License; import org.cyclonedx.model.LicenseChoice; import org.cyclonedx.model.Metadata; +import org.cyclonedx.model.OrganizationalContact; +import org.cyclonedx.model.Service; +import org.cyclonedx.model.license.Expression; import org.cyclonedx.model.metadata.ToolInformation; import org.cyclonedx.parsers.JsonParser; import org.cyclonedx.parsers.XmlParser; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.MethodSource; import org.w3c.dom.Document; import java.io.File; import java.io.FileWriter; import java.io.IOException; -import java.io.StringWriter; -import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; - -import javax.xml.XMLConstants; -import javax.xml.transform.OutputKeys; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; +import java.util.LinkedList; +import java.util.List; +import java.util.UUID; +import java.util.stream.Stream; +import java.util.Objects; import static org.junit.jupiter.api.Assertions.*; @@ -74,12 +79,11 @@ public void after() { @Test public void schema10GenerationTest() throws Exception { - BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_10, createCommonBom("/bom-1.0.xml")); + BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_10, createCommonBomXml("/bom-1.0.xml")); Document doc = generator.generate(); testDocument(doc); - assertTrue(generator instanceof BomXmlGenerator10); - assertEquals(CycloneDxSchema.Version.VERSION_10, generator.getSchemaVersion()); + assertEquals(Version.VERSION_10, generator.getSchemaVersion()); File file = writeToFile(generator.toXmlString()); XmlParser parser = new XmlParser(); assertTrue(parser.isValid(file, Version.VERSION_10)); @@ -87,148 +91,140 @@ public void schema10GenerationTest() throws Exception { @Test public void schema11WithDependencyGraphGenerationTest() throws Exception { - BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_11, createCommonBom("/bom-1.1-dependency-graph-1.0.xml")); + BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_11, createCommonBomXml("/bom-1.1-dependency-graph-1.0.xml")); Document doc = generator.generate(); testDocument(doc); - assertTrue(generator instanceof BomXmlGenerator11); - assertEquals(CycloneDxSchema.Version.VERSION_11, generator.getSchemaVersion()); + assertEquals(Version.VERSION_11, generator.getSchemaVersion()); File file = writeToFile(generator.toXmlString()); XmlParser parser = new XmlParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_11)); + assertTrue(parser.isValid(file, Version.VERSION_11)); } @Test public void schema11WithVulnerabilitiesGenerationTest() throws Exception { - BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_11, createCommonBom("/bom-1.1-vulnerability-1.0.xml")); + BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_11, createCommonBomXml("/bom-1.1-vulnerability-1.0.xml")); Document doc = generator.generate(); testDocument(doc); - assertTrue(generator instanceof BomXmlGenerator11); - assertEquals(CycloneDxSchema.Version.VERSION_11, generator.getSchemaVersion()); + assertEquals(Version.VERSION_11, generator.getSchemaVersion()); File file = writeToFile(generator.toXmlString()); XmlParser parser = new XmlParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_11)); + assertTrue(parser.isValid(file, Version.VERSION_11)); } @Test public void schema11GenerationTest() throws Exception { - BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_11, createCommonBom()); + BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_11, createCommonBomXml("/bom-1.1.xml")); Document doc = generator.generate(); testDocument(doc); - assertTrue(generator instanceof BomXmlGenerator11); - assertEquals(CycloneDxSchema.Version.VERSION_11, generator.getSchemaVersion()); + assertEquals(Version.VERSION_11, generator.getSchemaVersion()); File file = writeToFile(generator.toXmlString()); XmlParser parser = new XmlParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_11)); + assertTrue(parser.isValid(file, Version.VERSION_11)); } @Test public void schema12GenerationTestWith11Data() throws Exception { - BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_12, createCommonBom()); + BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_12, createCommonBomXml("/bom-1.2.xml")); Document doc = generator.generate(); testDocument(doc); - assertTrue(generator instanceof BomXmlGenerator12); - assertEquals(CycloneDxSchema.Version.VERSION_12, generator.getSchemaVersion()); + assertEquals(Version.VERSION_12, generator.getSchemaVersion()); File file = writeToFile(generator.toXmlString()); XmlParser parser = new XmlParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_12)); + assertTrue(parser.isValid(file, Version.VERSION_12)); } @Test public void schema12GenerationTest() throws Exception { - BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_12, createCommonBom("/bom-1.2.xml")); + BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_12, createCommonJsonBom("/bom-1.2.json")); Document doc = generator.generate(); testDocument(doc); - assertTrue(generator instanceof BomXmlGenerator12); - assertEquals(CycloneDxSchema.Version.VERSION_12, generator.getSchemaVersion()); + assertEquals(Version.VERSION_12, generator.getSchemaVersion()); File file = writeToFile(generator.toXmlString()); XmlParser parser = new XmlParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_12)); + assertTrue(parser.isValid(file, Version.VERSION_12)); } @Test public void schema12MultipleDependenciesXmlTest() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.2.json")); + final byte[] bomBytes = IOUtils.toByteArray( + Objects.requireNonNull(this.getClass().getResourceAsStream("/bom-1.2.json"))); final JsonParser parser = new JsonParser(); final Bom bom = parser.parse(bomBytes); BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_12, bom); - assertTrue(generator instanceof BomXmlGenerator12); - assertEquals(CycloneDxSchema.Version.VERSION_12, generator.getSchemaVersion()); + assertEquals(Version.VERSION_12, generator.getSchemaVersion()); File file = writeToFile(generator.toXmlString()); XmlParser xmlParser = new XmlParser(); - assertTrue(xmlParser.isValid(file, CycloneDxSchema.Version.VERSION_12)); + assertTrue(xmlParser.isValid(file, Version.VERSION_12)); } @Test public void schema12GenerationWithPedigreeDataTest() throws Exception { - BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_12, createCommonBom("/bom-1.2-pedigree.xml")); + BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_12, createCommonBomXml("/bom-1.2-pedigree.xml")); Document doc = generator.generate(); testDocument(doc); - assertTrue(generator instanceof BomXmlGenerator12); - assertEquals(CycloneDxSchema.Version.VERSION_12, generator.getSchemaVersion()); + assertEquals(Version.VERSION_12, generator.getSchemaVersion()); File file = writeToFile(generator.toXmlString()); XmlParser parser = new XmlParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_12)); + assertTrue(parser.isValid(file, Version.VERSION_12)); } - @Test - public void schema13GenerationTest() throws Exception { - BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_13, createCommonBom("/bom-1.3.xml")); - Document doc = generator.generate(); - testDocument(doc); + static Stream testData() { + return Stream.of( + Arguments.of(Version.VERSION_16, "/1.6/valid-bom-1.6.json"), + Arguments.of(Version.VERSION_15, "/bom-1.5.json"), + Arguments.of(Version.VERSION_14, "/bom-1.4.json"), + Arguments.of(Version.VERSION_13, "/bom-1.3.json") + ); + } - assertTrue(generator instanceof BomXmlGenerator13); - assertEquals(CycloneDxSchema.Version.VERSION_13, generator.getSchemaVersion()); - File file = writeToFile(generator.toXmlString()); - XmlParser parser = new XmlParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_13)); + @ParameterizedTest + @MethodSource("testData") + public void testXmlGeneration(Version version, String bomXmlPath) + throws Exception + { + Bom bom = createCommonJsonBom(bomXmlPath); + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + + assertEquals(version, generator.getSchemaVersion()); + + File file = writeToFile(generator.toJsonString()); + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(file, version)); } @Test public void schema13MultipleDependenciesXmlTest() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.3.json")); + final byte[] bomBytes = IOUtils.toByteArray( + Objects.requireNonNull(this.getClass().getResourceAsStream("/bom-1.3.json"))); final JsonParser parser = new JsonParser(); final Bom bom = parser.parse(bomBytes); BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_13, bom); - assertTrue(generator instanceof BomXmlGenerator13); - assertEquals(CycloneDxSchema.Version.VERSION_13, generator.getSchemaVersion()); + assertEquals(Version.VERSION_13, generator.getSchemaVersion()); File file = writeToFile(generator.toXmlString()); XmlParser xmlParser = new XmlParser(); - assertTrue(xmlParser.isValid(file, CycloneDxSchema.Version.VERSION_13)); - } - - @Test - public void schema14GenerationTest() throws Exception { - BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_14, createCommonBom("/bom-1.4.xml")); - Document doc = generator.generate(); - testDocument(doc); - - assertTrue(generator instanceof BomXmlGenerator14); - assertEquals(CycloneDxSchema.Version.VERSION_14, generator.getSchemaVersion()); - File file = writeToFile(generator.toXmlString()); - XmlParser parser = new XmlParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_14)); + assertTrue(xmlParser.isValid(file, Version.VERSION_13)); } @Test public void schema14MultipleDependenciesXmlTest() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.4.json")); + final byte[] bomBytes = IOUtils.toByteArray( + Objects.requireNonNull(this.getClass().getResourceAsStream("/bom-1.4.json"))); final JsonParser parser = new JsonParser(); final Bom bom = parser.parse(bomBytes); BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_14, bom); - assertTrue(generator instanceof BomXmlGenerator14); - assertEquals(CycloneDxSchema.Version.VERSION_14, generator.getSchemaVersion()); + assertEquals(Version.VERSION_14, generator.getSchemaVersion()); File file = writeToFile(generator.toXmlString()); XmlParser xmlParser = new XmlParser(); - assertTrue(xmlParser.isValid(file, CycloneDxSchema.Version.VERSION_14)); + assertTrue(xmlParser.isValid(file, Version.VERSION_14)); } @Test @@ -252,15 +248,14 @@ public void invalidUrlTest() throws Exception { Bom bom = new Bom(); bom.addComponent(c); - BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_11, bom); + BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_11, bom); Document doc = generator.generate(); testDocument(doc); - assertTrue(generator instanceof BomXmlGenerator11); - assertEquals(CycloneDxSchema.Version.VERSION_11, generator.getSchemaVersion()); + assertEquals(Version.VERSION_11, generator.getSchemaVersion()); File file = writeToFile(generator.toXmlString()); XmlParser parser = new XmlParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_11)); + assertTrue(parser.isValid(file, Version.VERSION_11)); } @Test @@ -289,15 +284,14 @@ public void extensionPointTest() throws Exception { t1.addExtensibleType(t2); bom.addExtensibleType(t1); - BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_11, bom); + BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_11, bom); Document doc = generator.generate(); testDocument(doc); - assertTrue(generator instanceof BomXmlGenerator11); - assertEquals(CycloneDxSchema.Version.VERSION_11, generator.getSchemaVersion()); + assertEquals(Version.VERSION_11, generator.getSchemaVersion()); File file = writeToFile(generator.toXmlString()); XmlParser parser = new XmlParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_11)); + assertTrue(parser.isValid(file, Version.VERSION_11)); } @Test @@ -306,20 +300,19 @@ public void schema13EmptyComponentsXmlTest() throws Exception { bom.setComponents(new ArrayList<>()); bom.setDependencies(new ArrayList<>()); BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_13, bom); - assertTrue(generator instanceof BomXmlGenerator13); - assertEquals(CycloneDxSchema.Version.VERSION_13, generator.getSchemaVersion()); + assertEquals(Version.VERSION_13, generator.getSchemaVersion()); File file = writeToFile(generator.toXmlString()); XmlParser parser = new XmlParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_13)); + assertTrue(parser.isValid(file, Version.VERSION_13)); } @Test public void schema14JBomLinkGenerationTest() throws Exception { - Bom bom = createCommonBom("/bom-1.4-bomlink.xml"); + Bom bom = createCommonJsonBom("/bom-1.4-bomlink.json"); BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_14, bom); File file = writeToFile(generator.toXmlString()); XmlParser parser = new XmlParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_14)); + assertTrue(parser.isValid(file, Version.VERSION_14)); Bom bom2 = parser.parse(file); assertNotNull(bom2.getComponents().get(0).getExternalReferences()); assertEquals("bom", bom2.getComponents().get(0).getExternalReferences().get(0).getType().getTypeName()); @@ -327,16 +320,475 @@ public void schema14JBomLinkGenerationTest() throws Exception { } @Test - public void schema15GenerationTest() throws Exception { - BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_15, createCommonBom("/bom-1.5.xml")); - Document doc = generator.generate(); - testDocument(doc); + public void testIssue408Regression_1_5() throws Exception { + Version version = Version.VERSION_15; + Bom bom = createCommonBomXml("/regression/issue408-1.5.xml"); + assertLicenseInformation(bom, version); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue408Regression_16To15() throws Exception { + Version version = Version.VERSION_15; + Bom bom = createCommonBomXml("/regression/issue408.xml"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue408Regression_16To14() throws Exception { + Version version = Version.VERSION_14; + Bom bom = createCommonBomXml("/regression/issue408.xml"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue408Regression() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonBomXml("/regression/issue408.xml"); + assertLicenseInformation(bom, version); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue408Regression_jsonToXml() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/regression/issue408.json"); + assertLicenseInformation(bom, version); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue439Regression_xmlEmptyLicense() throws Exception { + Version version = Version.VERSION_16; + Bom bom = new Bom(); + bom.addComponent(getComponentWithEmptyLicenseChoice()); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + String xmlString = generator.toXmlString(); + + assertFalse(xmlString.isEmpty()); + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(xmlString.getBytes(StandardCharsets.UTF_8))); + } + + private static Component getComponentWithEmptyLicenseChoice() { + Component component = new Component(); + component.setName("xalan"); + component.setType(Component.Type.LIBRARY); + component.setLicenses(new LicenseChoice()); + component.setPurl("pkg:maven/xalan/xalan@2.6.0?type=jar"); + return component; + } + + @Test + public void schema16_testEvidence() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/1.6/valid-evidence-1.6.json"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testExpressions() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/1.6/valid-license-expression-1.6.json"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testAttestations() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/1.6/valid-attestation-1.6.json"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testAttestations_xml() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonBomXml("/1.6/valid-attestation-1.6.xml"); + addSignature(bom); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + private void addSignature(Bom bom) { + List attributes = new ArrayList<>(); + attributes.add(new Attribute("xmlns", "http://www.w3.org/2000/09/xmldsig#")); + ExtensibleType signature = new ExtensibleType("ds", "Signature", attributes, ""); + bom.getDeclarations().getAffirmation().getSignatories().get(0).addExtensibleType(signature); + } + + @Test + public void schema16_testVulnerabilities() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/1.6/valid-vulnerability-1.6.json"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema15_testEvidence() throws Exception { + Version version = Version.VERSION_15; + Bom bom = createCommonJsonBom("/1.5/valid-evidence-1.5_2.json"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testFormulation() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/1.6/valid-formulation-1.6.json"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testCompositions() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/1.6/valid-compositions-1.6.json"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testCrypto() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/1.6/valid-cryptography-full-1.6.json"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void schema16_testML() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/1.6/valid-machine-learning-1.6.json"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + private void assertLicenseInformation(Bom bom, Version version) { + + //First Component + Component component = bom.getComponents().get(0); + assertNotNull(component); + assertNotNull(component.getLicenseChoice()); + assertNotNull(component.getLicenses()); + assertNotNull(component.getLicenses().getLicenses()); + assertFalse(component.getLicenses().getLicenses().isEmpty()); + assertNull(component.getLicenses().getExpression()); + + License license1 = component.getLicenses().getLicenses().get(0); + assertNotNull(license1); + assertNotNull(license1.getId()); + assertNull(license1.getName()); + + if(version.getVersion() >= Version.VERSION_16.getVersion()) { + assertNotNull(license1.getAcknowledgement()); + } else { + assertNull(license1.getAcknowledgement()); + } + assertNotNull(license1.getBomRef()); + + License license2 = component.getLicenses().getLicenses().get(1); + assertNotNull(license2); + assertNotNull(license2.getName()); + assertNull(license2.getId()); + assertNull(license2.getAcknowledgement()); + assertNull(license2.getBomRef()); + + //Second Component + Component component2 = bom.getComponents().get(1); + assertNotNull(component2); + assertNotNull(component2.getLicenseChoice()); + assertNotNull(component2.getLicenses()); + assertNull(component2.getLicenses().getLicenses()); + assertNotNull(component2.getLicenses().getExpression()); + + Expression expression = component2.getLicenses().getExpression(); + assertNotNull(expression.getValue()); + if(version.getVersion() >= Version.VERSION_16.getVersion()) { + assertNotNull(expression.getAcknowledgement()); + } else { + assertNull(expression.getAcknowledgement()); + } + assertNotNull(expression.getBomRef()); + + //Third Component Evidence + Component component3 = bom.getComponents().get(2); + assertNotNull(component3); + LicenseChoice lcEvidence = component3.getEvidence().getLicenses(); + assertNotNull(lcEvidence); + assertNotNull(lcEvidence.getLicenses()); + assertFalse(lcEvidence.getLicenses().isEmpty()); + assertNull(lcEvidence.getExpression()); + + License license4 = lcEvidence.getLicenses().get(0); + assertNotNull(license4); + assertNotNull(license4.getId()); + assertNull(license4.getName()); + assertNull(license4.getAcknowledgement()); + assertNull(license4.getBomRef()); + assertNotNull(license4.getUrl()); + + License license5 = lcEvidence.getLicenses().get(1); + assertNotNull(license5); + assertNotNull(license5.getId()); + assertNull(license5.getName()); + assertNull(license5.getAcknowledgement()); + assertNull(license5.getBomRef()); + assertNotNull(license5.getUrl()); + + //Services + Service service = bom.getServices().get(0); + assertNotNull(service); + LicenseChoice lcService = service.getLicenses(); + assertNotNull(lcService); + assertNotNull(lcService.getLicenses()); + assertFalse(lcService.getLicenses().isEmpty()); + assertNull(lcService.getExpression()); + + License license6 = lcService.getLicenses().get(0); + assertNotNull(license6); + assertNull(license6.getId()); + assertNotNull(license6.getName()); + assertNull(license6.getAcknowledgement()); + assertNull(license6.getBomRef()); + assertNull(license6.getUrl()); + + License license7 = lcService.getLicenses().get(1); + assertNotNull(license7); + assertNull(license7.getId()); + assertNotNull(license7.getName()); + assertNull(license7.getAcknowledgement()); + assertNull(license7.getBomRef()); + assertNull(license7.getUrl()); + + + //Metadata + Metadata metadata = bom.getMetadata(); + assertNotNull(metadata); + assertNotNull(metadata.getLicenseChoice()); + assertNotNull(metadata.getLicenses()); + assertNotNull(metadata.getLicenses().getLicenses()); + assertFalse(metadata.getLicenses().getLicenses().isEmpty()); + assertNull(metadata.getLicenses().getExpression()); + + License license8 = metadata.getLicenses().getLicenses().get(0); + assertNotNull(license8); + assertNotNull(license8.getId()); + assertNull(license8.getName()); + assertNull(license8.getAcknowledgement()); + assertNull(license8.getBomRef()); + + License license9 = metadata.getLicenses().getLicenses().get(1); + assertNotNull(license9); + assertNotNull(license9.getName()); + assertNull(license9.getId()); + assertNull(license9.getAcknowledgement()); + assertNull(license9.getBomRef()); + } + + @Test + public void testIssue408Regression_externalReferenceBom() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonBomXml("/regression/issue408-external-reference.xml"); + assertExternalReferenceInfo(bom); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testXxeProtection() { + assertThrows(ParseException.class, () -> { + createCommonBomXml("/security/xxe-protection.xml"); + }); + } + + @Test + public void testIssue408Regression_extensibleTypes() throws Exception { + Bom bom = new Bom(); + bom.setSerialNumber("urn:uuid:" + UUID.randomUUID()); + + Metadata meta = new Metadata(); + + // ToolInformation test + Component tool1 = new Component(); + tool1.setType(Component.Type.APPLICATION); + tool1.setName("TOOL 1"); + tool1.setVersion("v1"); + + Component tool2 = new Component(); + tool2.setType(Component.Type.APPLICATION); + tool2.setName("TOOL 2"); + tool2.setVersion("v2"); + + ToolInformation tools = new ToolInformation(); + List components = new LinkedList<>(); + components.add(tool1); + components.add(tool2); + tools.setComponents(components); + meta.setToolChoice(tools); + + // Author test + OrganizationalContact auth1 = new OrganizationalContact(); + auth1.setName("Author 1"); + meta.addAuthor(auth1); + + OrganizationalContact auth2 = new OrganizationalContact(); + auth2.setName("Author 2"); + meta.addAuthor(auth2); + + bom.setMetadata(meta); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_16, bom); + File loadedFile = writeToFile(generator.toXmlString()); - assertTrue(generator instanceof BomXmlGenerator15); - assertEquals(CycloneDxSchema.Version.VERSION_15, generator.getSchemaVersion()); - File file = writeToFile(generator.toXmlString()); XmlParser parser = new XmlParser(); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_15)); + assertTrue(parser.isValid(loadedFile, Version.VERSION_16)); + } + + @Test + public void testIssue562() throws Exception { + Version version = Version.VERSION_15; + Bom bom = createCommonBomXml("/regression/issue562.xml"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue571() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonBomXml("/regression/issue571.xml"); + + Component component = new Component(); + component.setName("test"); + component.setVersion("v2"); + component.setType(Type.APPLICATION); + bom.getMetadata().getToolChoice().getComponents().add(component); + + BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); + File loadedFile = writeToFile(generator.toJsonString()); + + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + @Test + public void testIssue492() throws Exception { + Version version = Version.VERSION_15; + Bom bom = createCommonBomXml("/regression/issue492.xml"); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + private void addExtensibleTypes(Bom bom) { + ExtensibleType t1 = new ExtensibleType("abc", "test", "test"); + ExtensibleType t2 = new ExtensibleType("abc", "test", "test1"); + + bom.getComponents().get(0).getLicenses().getLicenses().get(0).addExtensibleType(t1); + bom.getComponents().get(0).getLicenses().getLicenses().get(1).addExtensibleType(t2); + + ExtensibleType t3 = new ExtensibleType("abc", "info", "test"); + bom.getComponents().get(0).addExtensibleType(t3); + } + + @Test + public void testIssue408Regression_jsonToXml_externalReferenceBom() throws Exception { + Version version = Version.VERSION_16; + Bom bom = createCommonJsonBom("/regression/issue408-external-reference.json"); + assertExternalReferenceInfo(bom); + + BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); + File loadedFile = writeToFile(generator.toXmlString()); + + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(loadedFile, version)); + } + + private void assertExternalReferenceInfo(Bom bom) { + assertEquals(3, bom.getExternalReferences().size()); + assertEquals(3, bom.getComponents().get(0).getExternalReferences().size()); } private File writeToFile(String xmlString) throws Exception { @@ -346,39 +798,23 @@ private File writeToFile(String xmlString) throws Exception { return tempFile; } - private Bom createCommonBom() throws Exception { - return createCommonBom("/bom-1.1.xml"); + private Bom createCommonBomXml(String resource) throws Exception { + final byte[] bomBytes = IOUtils.toByteArray( + Objects.requireNonNull(this.getClass().getResourceAsStream(resource))); + XmlParser parser = new XmlParser(); + return parser.parse(bomBytes); } - private Bom createCommonBom(String resource) throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream(resource)); - XmlParser parser = new XmlParser(); + private Bom createCommonJsonBom(String resource) throws Exception { + final byte[] bomBytes = + IOUtils.toByteArray(Objects.requireNonNull(this.getClass().getResourceAsStream(resource))); + JsonParser parser = new JsonParser(); return parser.parse(bomBytes); } private void testDocument(Document doc) { assertNotNull(doc); - assertNotNull(documentToString(doc)); - } - - private String documentToString(Document doc) { - TransformerFactory tf = TransformerFactory.newInstance(); - Transformer transformer; - try { - tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - transformer = tf.newTransformer(); - - transformer.setOutputProperty(OutputKeys.ENCODING, StandardCharsets.UTF_8.name()); - transformer.setOutputProperty(OutputKeys.INDENT, "yes"); - transformer.setOutputProperty(OutputKeys.DOCTYPE_PUBLIC, "yes"); - transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); - - StringWriter sw = new StringWriter(); - transformer.transform(new DOMSource(doc), new StreamResult(sw)); - return sw.getBuffer().toString(); - } catch (TransformerException ex) { - return null; - } + assertNotNull(doc.toString()); } @Test @@ -399,7 +835,7 @@ public void toolInformationSerialization() throws Exception { bom.setMetadata(metadata); bom.addComponent(toolA); - final BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_15, bom); + final BomXmlGenerator generator = BomGeneratorFactory.createXml(Version.VERSION_15, bom); testDocument(generator.generate()); final Bom actual = new XmlParser().parse(writeToFile(generator.toXmlString())); diff --git a/src/test/java/org/cyclonedx/FormatTest.java b/src/test/java/org/cyclonedx/FormatTest.java new file mode 100644 index 0000000000..cd68331153 --- /dev/null +++ b/src/test/java/org/cyclonedx/FormatTest.java @@ -0,0 +1,47 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx; + +import org.junit.jupiter.api.Test; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; + +class FormatTest { + + @Test + void testFromExtension() { + for (Format format : Format.values()) { + String extension = format.getExtension(); + Format result = Format.fromExtension(extension); + assertEquals(format, result, () -> "Format should match for extension " + extension); + } + } + + @Test + void testFromExtensionInvalid() { + Format result = Format.fromExtension("invalid-extension"); + assertNull(result); + } + + @Test + void testFromExtensionNull() { + Format result = Format.fromExtension(null); + assertNull(result); + } +} diff --git a/src/test/java/org/cyclonedx/Issue214RegressionTest.java b/src/test/java/org/cyclonedx/Issue214RegressionTest.java index cc9ed36724..b63daeb1eb 100644 --- a/src/test/java/org/cyclonedx/Issue214RegressionTest.java +++ b/src/test/java/org/cyclonedx/Issue214RegressionTest.java @@ -4,29 +4,16 @@ import java.io.FileWriter; import java.io.IOException; import java.io.InputStream; -import java.io.StringWriter; import java.nio.charset.StandardCharsets; import java.util.Arrays; import java.util.regex.Pattern; -import javax.xml.XMLConstants; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.OutputKeys; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; +import java.util.stream.Stream; import org.apache.commons.io.IOUtils; -import org.cyclonedx.generators.json.AbstractBomJsonGenerator; +import org.cyclonedx.generators.BomGeneratorFactory; +import org.cyclonedx.exception.GeneratorException; import org.cyclonedx.generators.json.BomJsonGenerator; -import org.cyclonedx.generators.json.BomJsonGenerator13; -import org.cyclonedx.generators.json.BomJsonGenerator14; -import org.cyclonedx.generators.xml.AbstractBomXmlGenerator; import org.cyclonedx.generators.xml.BomXmlGenerator; -import org.cyclonedx.generators.xml.BomXmlGenerator13; -import org.cyclonedx.generators.xml.BomXmlGenerator14; -import org.cyclonedx.generators.xml.BomXmlGenerator15; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; import org.cyclonedx.model.ExternalReference; @@ -35,72 +22,50 @@ import org.cyclonedx.parsers.Parser; import org.cyclonedx.parsers.XmlParser; import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.api.Test; -import org.w3c.dom.Document; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.MethodSource; public class Issue214RegressionTest { - @Test - public void schema13JsonObjectGenerationTest() - throws IOException, ReflectiveOperationException - { - performJsonTest(CycloneDxSchema.Version.VERSION_13, BomJsonGenerator13.class); - } - - @Test - public void schema14JsonObjectGenerationTest() - throws IOException, ReflectiveOperationException - { - performJsonTest(CycloneDxSchema.Version.VERSION_14, BomJsonGenerator14.class); - } - - @Test - public void schema13XmlObjectGenerationTest() - throws ParserConfigurationException, IOException, ReflectiveOperationException - { - performXmlTest(CycloneDxSchema.Version.VERSION_13, BomXmlGenerator13.class); - } - - @Test - public void schema14XmlObjectGenerationTest() - throws ParserConfigurationException, IOException, ReflectiveOperationException - { - performXmlTest(CycloneDxSchema.Version.VERSION_14, BomXmlGenerator14.class); + static Stream testData() { + return Stream.of( + Arguments.of(Version.VERSION_16), + Arguments.of(Version.VERSION_15), + Arguments.of(Version.VERSION_14), + Arguments.of(Version.VERSION_13) + ); } - @Test - public void schema15XmlObjectGenerationTest() - throws ParserConfigurationException, IOException, ReflectiveOperationException - { - performXmlTest(CycloneDxSchema.Version.VERSION_15, BomXmlGenerator15.class); + @ParameterizedTest + @MethodSource("testData") + public void testObjectGeneration(Version version) throws IOException, ReflectiveOperationException, GeneratorException { + performJsonTest(version); + performXmlTest(version); } - private void performXmlTest(final CycloneDxSchema.Version pSpecVersion, - final Class pExpectedGeneratorClass) - throws ParserConfigurationException, IOException, ReflectiveOperationException + private void performXmlTest(final Version pSpecVersion) + throws GeneratorException, ReflectiveOperationException, IOException { final Bom inputBom = createIssue214Bom(); BomXmlGenerator generator = BomGeneratorFactory.createXml(pSpecVersion, inputBom); - Document doc = generator.generate(); - Assertions.assertTrue(pExpectedGeneratorClass.isAssignableFrom(generator.getClass())); + Assertions.assertTrue(BomXmlGenerator.class.isAssignableFrom(generator.getClass())); Assertions.assertEquals(pSpecVersion, generator.getSchemaVersion()); - final String actual = xmlDocumentToString(doc); + final String actual = generator.toXmlString(); final String expected = readFixture("/regression/issue214-expected-output.xml", pSpecVersion); Assertions.assertEquals(expected, actual); validate(actual, XmlParser.class, pSpecVersion); } - private void performJsonTest(final CycloneDxSchema.Version pSpecVersion, - final Class pExpectedGeneratorClass) - throws IOException, ReflectiveOperationException - { + private void performJsonTest(final Version pSpecVersion) + throws IOException, ReflectiveOperationException, GeneratorException { final Bom inputBom = createIssue214Bom(); BomJsonGenerator generator = BomGeneratorFactory.createJson(pSpecVersion, inputBom); - Assertions.assertTrue(pExpectedGeneratorClass.isAssignableFrom(generator.getClass())); + Assertions.assertTrue(BomJsonGenerator.class.isAssignableFrom(generator.getClass())); Assertions.assertEquals(pSpecVersion, generator.getSchemaVersion()); final String actual = generator.toJsonString().trim(); @@ -109,37 +74,13 @@ private void performJsonTest(final CycloneD validate(actual, JsonParser.class, pSpecVersion); } - private String xmlDocumentToString(final Document doc) - { - Assertions.assertNotNull(doc); - TransformerFactory tf = TransformerFactory.newInstance(); - Transformer transformer; - try { - tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - transformer = tf.newTransformer(); - - transformer.setOutputProperty(OutputKeys.ENCODING, StandardCharsets.UTF_8.name()); - transformer.setOutputProperty(OutputKeys.INDENT, "yes"); - transformer.setOutputProperty(OutputKeys.DOCTYPE_PUBLIC, "yes"); - transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); - - StringWriter sw = new StringWriter(); - transformer.transform(new DOMSource(doc), new StreamResult(sw)); - return sw.getBuffer().toString().trim(); - } - catch (TransformerException ex) { - Assertions.fail("Failed to serialize XML document", ex); - } - return null; - } - - private String readFixture(final String pPath, final CycloneDxSchema.Version pSpecVersion) + private String readFixture(final String pPath, final Version pSpecVersion) { try (InputStream is = getClass().getResourceAsStream(pPath)) { if (is != null) { String result = IOUtils.toString(is, StandardCharsets.UTF_8); result = result.replaceAll(Pattern.quote("${specVersion}"), pSpecVersion.getVersionString()); - return result.trim(); + return result; } else { Assertions.fail("failed to read expected data file: " + pPath); @@ -177,7 +118,7 @@ private Bom createIssue214Bom() } private

void validate(final String pDocument, final Class

pParserType, - final CycloneDxSchema.Version pSpecVersion) + final Version pSpecVersion) throws IOException, ReflectiveOperationException { File tempFile = null; diff --git a/src/test/java/org/cyclonedx/VersionTest.java b/src/test/java/org/cyclonedx/VersionTest.java new file mode 100644 index 0000000000..283bd38047 --- /dev/null +++ b/src/test/java/org/cyclonedx/VersionTest.java @@ -0,0 +1,50 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx; + +import org.junit.jupiter.api.Test; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; + +class VersionTest { + + /** + * Test the getVersionString method - this is to ensure the method is future-proof. + * If a new enum value is added this test will fail unless fromVersionString is updated. + */ + @Test + void testFromVersionString() { + for (Version version : Version.values()) { + String versionString = version.getVersionString(); + Version result = Version.fromVersionString(versionString); + assertEquals(version, result, () -> "Version should match for " + versionString); + } + } + + @Test + void testFromVersionStringInvalid() { + Version result = Version.fromVersionString("invalid-version"); + assertNull(result); + } + @Test + void testFromVersionStringNull() { + Version result = Version.fromVersionString(null); + assertNull(result); + } +} diff --git a/src/test/java/org/cyclonedx/parse/BaseParseTest.java b/src/test/java/org/cyclonedx/parse/BaseParseTest.java index 2f14afff76..216533b67c 100644 --- a/src/test/java/org/cyclonedx/parse/BaseParseTest.java +++ b/src/test/java/org/cyclonedx/parse/BaseParseTest.java @@ -18,9 +18,12 @@ */ package org.cyclonedx.parse; -import org.cyclonedx.BomGeneratorFactory; -import org.cyclonedx.BomParserFactory; +import org.cyclonedx.exception.GeneratorException; +import org.cyclonedx.Format; +import org.cyclonedx.generators.BomGeneratorFactory; +import org.cyclonedx.parsers.BomParserFactory; import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.Version; import org.cyclonedx.exception.ParseException; import org.cyclonedx.generators.json.BomJsonGenerator; import org.cyclonedx.generators.xml.BomXmlGenerator; @@ -35,12 +38,14 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; +import java.util.Objects; +import java.util.stream.Collectors; public abstract class BaseParseTest { List getAllResources() { final List files = new ArrayList<>(); - for (CycloneDxSchema.Version version: CycloneDxSchema.ALL_VERSIONS) { + for (Version version: CycloneDxSchema.ALL_VERSIONS) { files.addAll(getResources(version.getVersionString() + "/")); } return files; @@ -49,8 +54,8 @@ List getAllResources() { List getResources(final String resourceDirectory) { final ClassLoader loader = Thread.currentThread().getContextClassLoader(); final URL url = loader.getResource(resourceDirectory); - final String path = url.getPath(); - return Arrays.asList(new File(path).listFiles()); + final String path = Objects.requireNonNull(url).getPath(); + return Arrays.asList(Objects.requireNonNull(new File(path).listFiles())); } Bom parseBom(File file) throws ParseException { @@ -59,7 +64,11 @@ Bom parseBom(File file) throws ParseException { } void generateBomXml(final String testName, final Bom bom) throws ParserConfigurationException { - for (CycloneDxSchema.Version version : CycloneDxSchema.ALL_VERSIONS) { + List xmlVersions = Arrays.stream(Version.values()) + .filter(v -> v.getFormats().contains(Format.XML)) + .collect(Collectors.toList()); + + for (Version version : xmlVersions) { System.out.println("Generating CycloneDX " + version.getVersionString() + " XML for " + testName); BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); Document doc = generator.generate(); @@ -67,8 +76,12 @@ void generateBomXml(final String testName, final Bom bom) throws ParserConfigura } } - void generateBomJson(final String testName, final Bom bom) { - for (CycloneDxSchema.Version version : CycloneDxSchema.ALL_VERSIONS) { + void generateBomJson(final String testName, final Bom bom) throws GeneratorException { + List jsonVersions = Arrays.stream(Version.values()) + .filter(v -> v.getFormats().contains(Format.JSON)) + .collect(Collectors.toList()); + + for (Version version : jsonVersions) { System.out.println("Generating CycloneDX " + version.getVersionString() + " JSON for " + testName); BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); Assertions.assertNotNull(generator.toJsonString()); diff --git a/src/test/java/org/cyclonedx/parse/JsonParseTest.java b/src/test/java/org/cyclonedx/parse/JsonParseTest.java index abbcbf5ee7..1bc8dd0653 100644 --- a/src/test/java/org/cyclonedx/parse/JsonParseTest.java +++ b/src/test/java/org/cyclonedx/parse/JsonParseTest.java @@ -18,14 +18,18 @@ */ package org.cyclonedx.parse; +import org.cyclonedx.Version; +import org.cyclonedx.exception.ParseException; import org.cyclonedx.model.Bom; +import org.cyclonedx.parsers.JsonParser; import org.junit.jupiter.api.DynamicTest; +import org.junit.jupiter.api.Test; import org.junit.jupiter.api.TestFactory; import java.io.File; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; +import java.io.IOException; +import java.util.*; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.jupiter.api.Assertions.assertNotNull; public class JsonParseTest extends BaseParseTest { @@ -43,12 +47,23 @@ public Collection dynamicTestsWithCollection() { super.generateBomJson(file.getName(), bom); })); } - else if (file.getName().startsWith("invalid")) { + /*else if (file.getName().startsWith("invalid")) { - } + }*/ } } return dynamicTests; } + @Test + public void testValidateBomPrior12() throws IOException { + final JsonParser parser = new JsonParser(); + + final List exceptions = parser.validate("", Version.VERSION_11); + + assertThat(exceptions.stream().map(ParseException::getMessage)).containsExactly( + "CycloneDX version 1.1 does not support the JSON format", + "$: unknown found, object expected" + ); + } } diff --git a/src/test/java/org/cyclonedx/parse/XmlParseTest.java b/src/test/java/org/cyclonedx/parse/XmlParseTest.java index 475fb44d90..84de1896f6 100644 --- a/src/test/java/org/cyclonedx/parse/XmlParseTest.java +++ b/src/test/java/org/cyclonedx/parse/XmlParseTest.java @@ -43,9 +43,9 @@ public Collection dynamicTestsWithCollection() { super.generateBomXml(file.getName(), bom); })); } - else if (file.getName().startsWith("invalid")) { + /*else if (file.getName().startsWith("invalid")) { - } + }*/ } } return dynamicTests; diff --git a/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java b/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java index 295345fe07..6cae628db2 100644 --- a/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java @@ -20,11 +20,13 @@ import java.io.IOException; import java.io.InputStream; +import java.util.Arrays; import java.util.List; import java.util.Objects; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.io.IOUtils; -import org.cyclonedx.CycloneDxSchema.Version; +import org.cyclonedx.Version; import org.cyclonedx.exception.ParseException; import org.cyclonedx.model.Annotation; import org.cyclonedx.model.Annotator; @@ -51,6 +53,7 @@ import org.cyclonedx.model.Service; import org.cyclonedx.model.ServiceData; import org.cyclonedx.model.Tool; +import org.cyclonedx.model.component.Tags; import org.cyclonedx.model.component.evidence.Callstack; import org.cyclonedx.model.component.evidence.Frame; import org.cyclonedx.model.component.evidence.Identity; @@ -68,6 +71,7 @@ import org.cyclonedx.model.formulation.trigger.Trigger; import org.cyclonedx.model.formulation.workspace.Volume; import org.cyclonedx.model.formulation.workspace.Workspace; +import org.cyclonedx.model.license.Acknowledgement; import org.cyclonedx.model.vulnerability.Vulnerability; import org.cyclonedx.model.vulnerability.Vulnerability.Analysis.Justification; import org.cyclonedx.model.vulnerability.Vulnerability.Analysis.State; @@ -76,7 +80,7 @@ import org.cyclonedx.model.vulnerability.Vulnerability.Version.Status; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertIterableEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -95,23 +99,19 @@ void assertMetadata(Bom bom, Version version) { assertBomProperties(bom, version.getVersionString()); // Assertions for bom.metadata.tools - assertToolsMetadata(bom.getMetadata().getTools().get(0) - ); + assertToolsMetadata(bom.getMetadata().getTools().get(0)); // Assertions for bom.metadata.authors - assertAuthorMetadata(bom.getMetadata().getAuthors().get(0) - ); + assertAuthorMetadata(bom.getMetadata().getAuthors().get(0)); // Assertions for bom.metadata.component assertComponentMetadata(bom.getMetadata().getComponent()); // Assertions for bom.metadata.manufacture - assertManufacturerMetadata(bom.getMetadata().getManufacture() - ); + assertManufacturerMetadata(bom.getMetadata().getManufacture(), version, false); // Assertions for bom.metadata.supplier - assertSupplierMetadata(bom.getMetadata().getSupplier() - ); + assertSupplierMetadata(bom.getMetadata().getSupplier()); } void assertToolsMetadata(Tool tool) @@ -137,15 +137,26 @@ void assertComponentMetadata(Component component) { assertNotNull(component.getSwid()); assertEquals("Acme Application", component.getSwid().getName()); assertEquals("9.1.1", component.getSwid().getVersion()); - assertEquals(0, component.getSwid().getTagVersion()); - assertFalse(component.getSwid().isPatch()); + assertNull(component.getSwid().getTagVersion()); + assertNull(component.getSwid().isPatch()); } - void assertManufacturerMetadata( - OrganizationalEntity manufacturer) + void assertManufacturerMetadata(OrganizationalEntity manufacturer, Version version, boolean deprecated) { - assertEquals("Acme, Inc.", manufacturer.getName()); + if (version.getVersion() >= Version.VERSION_16.getVersion() && deprecated) { + assertEquals("Acme, Inc. // deprecated", manufacturer.getName()); + } else { + assertEquals("Acme, Inc.", manufacturer.getName()); + } + if(version.getVersion() >= Version.VERSION_14.getVersion()) { + assertEquals("manufacturer-1", manufacturer.getBomRef()); + assertEquals("contact-1", manufacturer.getContacts().get(0).getBomRef()); + } else { + assertNull(manufacturer.getBomRef()); + assertNull(manufacturer.getContacts().get(0).getBomRef()); + } assertEquals("https://example.com", manufacturer.getUrls().get(0)); + assertEquals("Acme Professional Services", manufacturer.getContacts().get(0).getName()); assertEquals("professional.services@example.com", manufacturer.getContacts().get(0).getEmail()); } @@ -323,7 +334,7 @@ private void assertInputData(InputType inputType) { assertNull(inputType.getData()); assertNull(inputType.getEnvironmentVars()); } - else if (inputType.getParameters() != null) { + else if (CollectionUtils.isNotEmpty(inputType.getParameters())) { assertNull(inputType.getResource()); assertNull(inputType.getData()); assertNull(inputType.getEnvironmentVars()); @@ -416,7 +427,7 @@ private void assertCommands(List commands) { } private void assertProperties(List properties) { - if (properties != null) { + if (CollectionUtils.isNotEmpty(properties)) { Property property = properties.get(0); assertNotNull(property.getName()); assertNotNull(property.getValue()); @@ -539,12 +550,33 @@ void assertVulnerabilities(final Bom bom, final Version version) { assertEquals("Acme, Inc.", vuln.getCredits().getOrganizations().get(0).getName()); assertEquals("https://example.com", vuln.getCredits().getOrganizations().get(0).getUrls().get(0)); - //Tools - assertEquals(1, vuln.getTools().size()); - assertEquals("Sonatype CLI", vuln.getTools().get(0).getName()); - assertEquals("Sonatype", vuln.getTools().get(0).getVendor()); - assertEquals("1.131", vuln.getTools().get(0).getVersion()); - assertEquals(1, vuln.getTools().get(0).getHashes().size()); + if (version == Version.VERSION_15) { + // ToolChoice + assertEquals(1, vuln.getToolChoice().getComponents().size(), 1); + assertEquals(Type.APPLICATION, vuln.getToolChoice().getComponents().get(0).getType()); + assertEquals("Sonatype", vuln.getToolChoice().getComponents().get(0).getGroup()); + assertEquals("Sonatype CLI", vuln.getToolChoice().getComponents().get(0).getName()); + assertEquals("1.131", vuln.getToolChoice().getComponents().get(0).getVersion()); + assertEquals("SHA-256", vuln.getToolChoice().getComponents().get(0).getHashes().get(0).getAlgorithm()); + assertEquals("2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d", + vuln.getToolChoice().getComponents().get(0).getHashes().get(0).getValue()); + + assertEquals(1, vuln.getToolChoice().getServices().size()); + assertEquals("Sonatype", vuln.getToolChoice().getServices().get(0).getProvider().getName()); + assertEquals("Sonatype CLI Scanner", vuln.getToolChoice().getServices().get(0).getName()); + assertEquals("https://www.sonatype.com/scanner", vuln.getToolChoice().getServices().get(0).getEndpoints().get(0)); + + assertNull(vuln.getTools()); + } else { + // Tools + assertEquals(1, vuln.getTools().size()); + assertEquals("Sonatype CLI", vuln.getTools().get(0).getName()); + assertEquals("Sonatype", vuln.getTools().get(0).getVendor()); + assertEquals("1.131", vuln.getTools().get(0).getVersion()); + assertEquals(1, vuln.getTools().get(0).getHashes().size()); + + assertNull(vuln.getToolChoice()); + } //Analysis assertEquals(State.NOT_AFFECTED, vuln.getAnalysis().getState()); @@ -574,7 +606,7 @@ void assertVulnerabilities(final Bom bom, final Version version) { assertEquals(Status.AFFECTED, vuln.getAffects().get(0).getVersions().get(1).getStatus()); } - void assertServices(final Bom bom) { + void assertServices(final Bom bom, final Version version) { //Services List services = bom.getServices(); assertEquals(1, services.size()); @@ -586,6 +618,13 @@ void assertServices(final Bom bom) { assertEquals(1, urls.size()); assertEquals("https://partner.org", urls.get(0)); + if (Version.VERSION_15.getVersion() <= version.getVersion()) { + assertEquals("value", s.getTrustZone()); + } + else { + assertNull(s.getTrustZone()); + } + List contacts = provider.getContacts(); assertEquals(1, contacts.size()); OrganizationalContact contact = contacts.get(0); @@ -615,6 +654,7 @@ void assertServices(final Bom bom) { assertEquals(ServiceData.Flow.BI_DIRECTIONAL, data.get(2).getFlow()); assertEquals("public", data.get(2).getClassification()); assertNotNull(s.getLicense()); + assertNotNull(s.getLicenses()); assertEquals(1, s.getLicense().getLicenses().size()); assertEquals("Partner license", s.getLicense().getLicenses().get(0).getName()); assertEquals(2, s.getExternalReferences().size()); @@ -663,23 +703,29 @@ private void assertEvidence(final Evidence evidence, final Version version) { assertEquals("http://www.apache.org/licenses/LICENSE-2.0", evidence.getLicenseChoice().getLicenses().get(0).getUrl()); - if(version== Version.VERSION_15) { + if (version.getVersion() >= Version.VERSION_15.getVersion()) { assertCallStack(evidence.getCallstack()); - assertOccurrences(evidence.getOccurrences()); - assertIdentity(evidence.getIdentity()); - } else { + assertOccurrences(evidence.getOccurrences(), version); + assertEquals(1, evidence.getIdentities().size()); + assertIdentifiers(evidence.getIdentities().get(0), version); + } + else { assertNull(evidence.getCallstack()); - assertNull(evidence.getIdentity()); + assertNull(evidence.getIdentities()); assertNull(evidence.getOccurrences()); } } - private void assertOccurrences(final List occurrences){ + private void assertOccurrences(final List occurrences, Version version){ assertEquals(occurrences.size(), 1); Occurrence occurrence = occurrences.get(0); assertNotNull(occurrence.getBomRef()); assertNotNull(occurrence.getLocation()); + + if (version.getVersion() >= Version.VERSION_16.getVersion()) { + assertNotNull(occurrence.getSymbol()); + } } private void assertCallStack(final Callstack callstack){ @@ -697,7 +743,7 @@ private void assertCallStack(final Callstack callstack){ assertNotNull(frame.getModule()); } - private void assertIdentity(final Identity identity){ + private void assertIdentifiers(final Identity identity, Version version){ assertNotNull(identity); assertNotNull(identity.getField()); @@ -706,6 +752,12 @@ private void assertIdentity(final Identity identity){ assertNotNull(identity.getTools()); assertNotNull(identity.getTools().get(0).getRef()); + + if(version == Version.VERSION_16) { + assertNotNull(identity.getConcludedValue()); + } else { + assertNull(identity.getConcludedValue()); + } } private void assertSecurityContact(ExternalReference externalReference) { @@ -796,20 +848,49 @@ void assertMetadata(final Metadata metadata, final Version version) { //License if (version.getVersion() > Version.VERSION_12.getVersion()) { assertNotNull(metadata.getLicenseChoice()); + assertNotNull(metadata.getLicenses()); } else { assertNull(metadata.getLicenseChoice()); + assertNull(metadata.getLicenses()); } //Tool - assertEquals(1, metadata.getTools().size()); - assertEquals("Awesome Vendor", metadata.getTools().get(0).getVendor()); - assertEquals("Awesome Tool", metadata.getTools().get(0).getName()); - assertEquals("9.1.2", metadata.getTools().get(0).getVersion()); - assertEquals(1, metadata.getTools().get(0).getHashes().size()); - assertEquals("SHA-1", metadata.getTools().get(0).getHashes().get(0).getAlgorithm()); - assertEquals("25ed8e31b995bb927966616df2a42b979a2717f0", - metadata.getTools().get(0).getHashes().get(0).getValue()); + if (version == Version.VERSION_15 ) { + assertNull(metadata.getTools()); + } + else { + assertEquals(1, metadata.getTools().size()); + assertEquals("Awesome Vendor", metadata.getTools().get(0).getVendor()); + assertEquals("Awesome Tool", metadata.getTools().get(0).getName()); + assertEquals("9.1.2", metadata.getTools().get(0).getVersion()); + assertEquals(1, metadata.getTools().get(0).getHashes().size()); + assertEquals("SHA-1", metadata.getTools().get(0).getHashes().get(0).getAlgorithm()); + assertEquals("25ed8e31b995bb927966616df2a42b979a2717f0", + metadata.getTools().get(0).getHashes().get(0).getValue()); + } + + // ToolChoice + if (version == Version.VERSION_15) { + assertEquals(1, metadata.getToolChoice().getComponents().size()); + assertEquals("Awesome Vendor", metadata.getToolChoice().getComponents().get(0).getGroup()); + assertEquals("Awesome Tool", metadata.getToolChoice().getComponents().get(0).getName()); + assertEquals("9.1.2", metadata.getToolChoice().getComponents().get(0).getVersion()); + assertEquals("SHA-1", metadata.getToolChoice().getComponents().get(0).getHashes().get(0).getAlgorithm()); + assertEquals("25ed8e31b995bb927966616df2a42b979a2717f0", + metadata.getToolChoice().getComponents().get(0).getHashes().get(0).getValue()); + + assertEquals(1, metadata.getToolChoice().getServices().size()); + assertEquals("Acme Org", metadata.getToolChoice().getServices().get(0).getProvider().getName()); + assertEquals("https://example.com", metadata.getToolChoice().getServices().get(0).getProvider().getUrls().get(0)); + assertEquals("com.example", metadata.getToolChoice().getServices().get(0).getGroup()); + assertEquals("Acme Signing Server", metadata.getToolChoice().getServices().get(0).getName()); + assertEquals("Signs artifacts", metadata.getToolChoice().getServices().get(0).getDescription()); + assertIterableEquals(Arrays.asList("https://example.com/sign", "https://example.com/verify", "https://example.com/tsa"), + metadata.getToolChoice().getServices().get(0).getEndpoints()); + } else { + assertNull(metadata.getToolChoice()); + } //Author assertEquals(1, metadata.getAuthors().size()); @@ -826,8 +907,8 @@ void assertMetadata(final Metadata metadata, final Version version) { assertEquals("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", component.getSwid().getTagId()); assertEquals("Acme Application", component.getSwid().getName()); assertEquals("9.1.1", component.getSwid().getVersion()); - assertEquals(0, component.getSwid().getTagVersion()); - assertFalse(component.getSwid().isPatch()); + assertNull(component.getSwid().getTagVersion()); + assertNull(component.getSwid().isPatch()); //Release Notes ReleaseNotes releaseNotes = metadata.getComponent().getReleaseNotes(); @@ -837,7 +918,7 @@ void assertMetadata(final Metadata metadata, final Version version) { assertNotNull(releaseNotes.getSocialImage()); assertNotNull(releaseNotes.getTimestamp()); assertEquals(1, releaseNotes.getAliases().size()); - assertEquals(1, releaseNotes.getTags().size()); + assertEquals(1, releaseNotes.getTags().getTags().size()); //Resolves assertEquals(1, releaseNotes.getResolves().size()); @@ -877,6 +958,7 @@ void assertMetadata_validTools(final Metadata metadata) { assertNull(metadata.getLifecycles()); assertNull(metadata.getLicenseChoice()); + assertNull(metadata.getLicenses()); assertNull(metadata.getAuthors()); assertNull(metadata.getComponent()); assertNull(metadata.getManufacture()); @@ -895,6 +977,44 @@ void assertCommonBomProperties(Bom bom, Version version) { assertEquals(1, bom.getVersion()); } + void assertTags(Bom bom) { + assertNotNull(bom.getComponents()); + Tags tags = bom.getComponents().get(0).getTags(); + assertNotNull(tags); + assertEquals(3, tags.getTags().size()); + assertTrue(tags.getTags().containsAll(Arrays.asList("json-parser", "javascript", "node.js"))); + + assertNotNull(bom.getServices()); + tags = bom.getServices().get(0).getTags(); + assertNotNull(tags); + assertEquals(4, tags.getTags().size()); + assertTrue(tags.getTags().containsAll(Arrays.asList("microservice", "golang", "aws", "us-east-1"))); + } + + void assertIdentifiers(Bom bom) { + assertNotNull(bom.getComponents()); + List omnis = bom.getComponents().get(0).getOmniborId(); + assertEquals(2, omnis.size()); + assertTrue(omnis.containsAll(Arrays.asList("gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64", + "gitoid:blob:sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"))); + + List swhid = bom.getComponents().get(0).getSwhid(); + assertEquals(2, swhid.size()); + assertTrue(swhid.containsAll(Arrays.asList("swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2", + "swh:1:dir:d198bc9d7a6bcf6db04f476d29314f157507d505"))); + } + + void assertAck(Bom bom) { + LicenseChoice lc = bom.getComponents().get(0).getLicenses(); + assertNotNull(lc.getLicenses()); + assertEquals(1, lc.getLicenses().size()); + + License license = lc.getLicenses().get(0); + assertEquals("Apache-2.0", license.getId()); + assertEquals("my-license", license.getBomRef()); + assertEquals(Acknowledgement.DECLARED, license.getAcknowledgement()); + } + Bom getXmlBom(String filename) throws ParseException, IOException { final byte[] bomBytes = getBomBytes(filename); final XmlParser parser = new XmlParser(); diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java index 8931166289..d0efdbbea1 100644 --- a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java @@ -18,17 +18,60 @@ */ package org.cyclonedx.parsers; -import org.cyclonedx.CycloneDxSchema; -import org.cyclonedx.CycloneDxSchema.Version; +import org.cyclonedx.Version; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; +import org.cyclonedx.model.Component.Type; import org.cyclonedx.model.Dependency; import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.model.License; +import org.cyclonedx.model.LicenseChoice; +import org.cyclonedx.model.OrganizationalEntity; +import org.cyclonedx.model.attestation.Assessor; +import org.cyclonedx.model.attestation.Attestation; +import org.cyclonedx.model.attestation.AttestationMap; +import org.cyclonedx.model.attestation.Claim; +import org.cyclonedx.model.attestation.Confidence; +import org.cyclonedx.model.attestation.Conformance; +import org.cyclonedx.model.attestation.Targets; +import org.cyclonedx.model.attestation.affirmation.Affirmation; +import org.cyclonedx.model.attestation.affirmation.Signatory; +import org.cyclonedx.model.attestation.evidence.Data; +import org.cyclonedx.model.attestation.evidence.Evidence; +import org.cyclonedx.model.component.ModelCard; +import org.cyclonedx.model.component.crypto.AlgorithmProperties; +import org.cyclonedx.model.component.crypto.CryptoProperties; +import org.cyclonedx.model.component.crypto.enums.AssetType; +import org.cyclonedx.model.component.crypto.enums.CertificationLevel; +import org.cyclonedx.model.component.crypto.enums.CryptoFunction; +import org.cyclonedx.model.component.crypto.enums.ExecutionEnvironment; +import org.cyclonedx.model.component.crypto.enums.ImplementationPlatform; +import org.cyclonedx.model.component.crypto.enums.Mode; +import org.cyclonedx.model.component.crypto.enums.Primitive; +import org.cyclonedx.model.component.data.Content; +import org.cyclonedx.model.component.evidence.Identity; +import org.cyclonedx.model.component.modelCard.Considerations; +import org.cyclonedx.model.component.modelCard.ModelParameters; +import org.cyclonedx.model.component.modelCard.consideration.EnvironmentalConsideration; +import org.cyclonedx.model.component.modelCard.consideration.consumption.Activity; +import org.cyclonedx.model.component.modelCard.consideration.consumption.EnergyConsumption; +import org.cyclonedx.model.component.modelCard.consideration.consumption.energy.EnergyProvider; +import org.cyclonedx.model.component.modelCard.consideration.consumption.energy.EnergySource; +import org.cyclonedx.model.component.modelCard.consideration.consumption.energy.Unit; +import org.cyclonedx.model.definition.Level; +import org.cyclonedx.model.definition.Requirement; +import org.cyclonedx.model.definition.Standard; +import org.cyclonedx.model.license.Acknowledgement; +import org.cyclonedx.model.license.Expression; import org.junit.jupiter.api.Test; import java.io.File; +import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import java.util.Objects; +import java.util.stream.Collectors; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; @@ -43,7 +86,7 @@ public void testValid12Bom() throws Exception { final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.2.json")).getFile()); final JsonParser parser = new JsonParser(); Bom bom = parser.parse(file); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_12)); + assertTrue(parser.isValid(file, Version.VERSION_12)); System.out.println(bom.getSerialNumber()); } @@ -65,9 +108,10 @@ public void testParsedObjects12Bom() throws Exception { assertEquals("org.glassfish.hk2", c3.getGroup()); assertEquals("osgi-resource-locator", c3.getName()); assertEquals("1.0.1", c3.getVersion()); - assertEquals("(CDDL-1.0 OR GPL-2.0-with-classpath-exception)", c3.getLicenseChoice().getExpression()); + assertEquals("(CDDL-1.0 OR GPL-2.0-with-classpath-exception)", + c3.getLicenseChoice().getExpression().getValue()); - assertServices(bom); + assertServices(bom, Version.VERSION_12); // Assertions for bom.dependencies assertEquals(2, bom.getDependencies().size()); @@ -86,7 +130,7 @@ public void testParsedObjects13Bom() throws Exception { assertMetadata(bom, Version.VERSION_13); - assertServices(bom); + assertServices(bom, Version.VERSION_13); final List components = bom.getComponents(); assertEquals(3, components.size()); @@ -117,7 +161,7 @@ public void testValidBomLink() throws Exception { new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.4-bomlink.json")).getFile()); final JsonParser parser = new JsonParser(); Bom bom = parser.parse(file); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_14)); + assertTrue(parser.isValid(file, Version.VERSION_14)); ExternalReference ref = bom.getComponents().get(0).getExternalReferences().get(0); assertEquals("bom", ref.getType().getTypeName()); assertEquals("urn:cdx:f08a6ccd-4dce-4759-bd84-c626675d60a7/1", ref.getUrl()); @@ -131,7 +175,7 @@ public void testParsedObjects14Bom() throws Exception { assertMetadata(bom.getMetadata(), Version.VERSION_14); assertComponent(bom, Version.VERSION_14); - assertServices(bom); + assertServices(bom, Version.VERSION_14); assertCompositions(bom, Version.VERSION_14); assertVulnerabilities(bom, Version.VERSION_14); @@ -159,12 +203,13 @@ public void testParsedObjects15Bom() throws Exception { assertMetadata(bom.getMetadata(), Version.VERSION_15); assertComponent(bom, Version.VERSION_15); - assertServices(bom); + assertServices(bom, Version.VERSION_15); assertCompositions(bom, Version.VERSION_15); assertVulnerabilities(bom, Version.VERSION_15); //Assert Metadata License Choice assertEquals(2, bom.getMetadata().getLicenseChoice().getLicenses().size()); + assertEquals(2, bom.getMetadata().getLicenses().getLicenses().size()); // Dependencies assertEquals(2, bom.getDependencies().size()); @@ -214,4 +259,346 @@ public void testIssue343Regression() throws Exception { final Bom bom = getJsonBom("regression/issue343-empty-hashes.json"); assertEquals(0, bom.getComponents().get(0).getHashes().size()); } + + @Test + public void testIssue507Regression() throws Exception { + final Bom bom = getJsonBom("regression/issue507.json"); + assertThat(bom.getComponents()).hasSize(1); + assertThat(bom.getComponents().get(0).getLicenses()).isNotNull(); + assertThat(bom.getComponents().get(0).getLicenses().getLicenses()).hasSize(1); + assertThat(bom.getComponents().get(0).getLicenses().getLicenses().get(0).getLicensing()).isNotNull(); + assertThat(bom.getComponents().get(0).getLicenses().getLicenses().get(0).getLicensing().getPurchaser()).isNotNull(); + assertThat(bom.getComponents().get(0).getLicenses().getLicenses().get(0).getLicensing().getPurchaser().getOrganization()).isNotNull(); + assertThat(bom.getComponents().get(0).getLicenses().getLicenses().get(0).getLicensing().getPurchaser().getOrganization().getContacts()).hasSize(1); + } + + @Test + public void schema16_license_id_acknowledgement() throws Exception { + final Bom bom = getJsonBom("1.6/valid-license-id-1.6.json"); + + assertNotNull(bom.getComponents()); + LicenseChoice lc = bom.getComponents().get(0).getLicenses(); + assertNotNull(lc.getLicenses()); + assertEquals(1, lc.getLicenses().size()); + + License license = lc.getLicenses().get(0); + assertEquals("Apache-2.0", license.getId()); + assertEquals("my-license", license.getBomRef()); + assertEquals(Acknowledgement.DECLARED, license.getAcknowledgement()); + } + + @Test + public void schema16_license_expression_acknowledgement() throws Exception { + final Bom bom = getJsonBom("1.6/valid-license-expression-1.6.json"); + + assertNotNull(bom.getComponents()); + LicenseChoice lc = bom.getComponents().get(0).getLicenses(); + assertNotNull(lc.getExpression()); + + Expression expression = lc.getExpression(); + assertEquals("EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", expression.getValue()); + assertEquals("my-license", expression.getBomRef()); + assertEquals(Acknowledgement.DECLARED, expression.getAcknowledgement()); + } + + @Test + public void schema16_ml_considerations() throws Exception { + final Bom bom = getJsonBom("1.6/valid-machine-learning-considerations-env-1.6.json"); + + assertNotNull(bom.getComponents()); + ModelCard mc = bom.getComponents().get(0).getModelCard(); + assertNotNull(mc); + + Considerations considerations = mc.getConsiderations(); + assertNotNull(considerations); + + EnvironmentalConsideration ec = considerations.getEnvironmentalConsiderations(); + assertNotNull(ec); + + assertEquals(1, ec.getEnergyConsumptions().size()); + + EnergyConsumption eec = ec.getEnergyConsumptions().get(0); + + assertEquals(Activity.TRAINING, eec.getActivity()); + assertEquals(Unit.KWH, eec.getActivityEnergyCost().getUnit()); + assertEquals(0.4, eec.getActivityEnergyCost().getValue()); + assertEquals(org.cyclonedx.model.component.modelCard.consideration.consumption.co2.Unit.TCO2EQ, + eec.getCo2CostEquivalent().getUnit()); + assertEquals(31.22, eec.getCo2CostEquivalent().getValue()); + assertEquals(org.cyclonedx.model.component.modelCard.consideration.consumption.co2.Unit.TCO2EQ, + eec.getCo2CostOffset().getUnit()); + assertEquals(31.22, eec.getCo2CostOffset().getValue()); + + assertNull(eec.getProperties()); + assertEquals(1, eec.getEnergyProviders().size()); + + EnergyProvider ep = eec.getEnergyProviders().get(0); + + assertEquals("Meta data-center, US-East", ep.getDescription()); + assertNull(ep.getExternalReferences()); + assertNull(ep.getBomRef()); + assertNotNull(ep.getOrganization()); + + assertEquals(EnergySource.NATURAL_GAS, ep.getEnergySource()); + + assertEquals(0.4, ep.getEnergyProvided().getValue()); + assertEquals(Unit.KWH, ep.getEnergyProvided().getUnit()); + + assertNull(ep.getOrganization().getAddress().getBomRef()); + assertEquals("United States", ep.getOrganization().getAddress().getCountry()); + assertEquals("Newark", ep.getOrganization().getAddress().getLocality()); + assertNull(ep.getOrganization().getAddress().getStreetAddress()); + assertNull(ep.getOrganization().getAddress().getPostalCode()); + assertNull(ep.getOrganization().getAddress().getPostOfficeBoxNumber()); + assertEquals("New Jersey", ep.getOrganization().getAddress().getRegion()); + assertNull(eec.getProperties()); + } + + @Test + public void schema16_ml() throws Exception { + final Bom bom = getJsonBom("1.6/valid-machine-learning-1.6.json"); + + assertNotNull(bom.getComponents()); + ModelCard mc = bom.getComponents().get(0).getModelCard(); + assertNotNull(mc); + + ModelParameters mp = mc.getModelParameters(); + assertNotNull(mp); + + Content content = mp.getDatasets().get(0).getComponentData().getContents(); + assertNotNull(content); + + assertEquals(2, content.getProperties().size()); + } + + @Test + public void schema16_component_identifiers() throws Exception { + final Bom bom = getJsonBom("1.6/valid-component-identifiers-1.6.json"); + + assertIdentifiers(bom); + } + + @Test + public void schema16_tags() throws Exception { + final Bom bom = getJsonBom("1.6/valid-tags-1.6.json"); + assertTags(bom); + } + + @Test + public void schema16_manufacture() throws Exception { + final Bom bom = getJsonBom("1.6/valid-metadata-manufacture-1.6.json"); + + assertNotNull(bom.getMetadata()); + OrganizationalEntity manufacture = bom.getMetadata().getManufacture(); + assertNotNull(manufacture); + assertManufacturerMetadata(manufacture, Version.VERSION_16, true); + } + + @Test + public void schema16_manufacturer() throws Exception { + final Bom bom = getJsonBom("1.6/valid-metadata-manufacturer-1.6.json"); + + assertNotNull(bom.getMetadata()); + OrganizationalEntity manufacturer = bom.getMetadata().getManufacturer(); + assertNotNull(manufacturer); + assertManufacturerMetadata(manufacturer, Version.VERSION_16, false); + } + + @Test + public void schema16_evidence() throws Exception { + final Bom bom = getJsonBom("1.6/valid-evidence-1.6.json"); + + List identities = bom.getComponents().get(1).getEvidence().getIdentities(); + assertEquals(3, identities.size()); + List list = identities.stream().map(Identity::getConcludedValue).collect(Collectors.toList()); + assertTrue(list.containsAll(Arrays.asList("com.example", "example-project", "1.0.0"))); + } + + @Test + public void schema16_attestation_standard() throws Exception { + final Bom bom = getXmlBom("1.6/valid-standard-1.6.xml"); + + assertNotNull(bom.getDefinitions()); + List standards = bom.getDefinitions().getStandards(); + assertEquals(1, standards.size()); + + Standard standard = standards.get(0); + assertEquals("standard-1", standard.getBomRef()); + assertEquals("Description here", standard.getDescription()); + assertEquals("Sample Standard", standard.getName()); + assertEquals("Acme Inc", standard.getOwner()); + assertEquals("1.0.0", standard.getVersion()); + + //Requirements + assertEquals(3, standard.getRequirements().size()); + Requirement requirement = standard.getRequirements().get(2); + assertEquals("requirement-1.1.1", requirement.getBomRef()); + assertEquals("Text of the requirement here", requirement.getText()); + assertEquals("v1.1.1", requirement.getIdentifier()); + assertEquals("requirement-1.1", requirement.getParent()); + assertEquals("Supplemental text here", requirement.getDescriptions().get(0)); + assertEquals(1, requirement.getOpenCre().size()); + assertNull(requirement.getExternalReferences()); + assertNull(requirement.getProperties()); + assertNull(requirement.getTitle()); + + //Levels + assertEquals(3, standard.getLevels().size()); + Level level = standard.getLevels().get(0); + assertEquals("Level 1", level.getIdentifier()); + assertEquals("Description here", level.getDescription()); + assertEquals("level-1", level.getBomRef()); + assertNull(level.getTitle()); + assertEquals(1, level.getRequirements().size()); + assertEquals("requirement-1.1.1", level.getRequirements().get(0)); + + assertNull(standard.getSignature()); + } + + @Test + public void schema16_attestation() throws Exception { + final Bom bom = getXmlBom("1.6/valid-attestation-1.6.xml"); + + assertNotNull(bom.getDeclarations()); + + //Assessors + List assessors = bom.getDeclarations().getAssessors(); + assertEquals(1, assessors.size()); + + Assessor assessor = assessors.get(0); + assertEquals(true, assessor.getThirdParty()); + assertEquals("Assessors Inc", assessor.getOrganization().getName()); + assertEquals("assessor-1", assessor.getBomRef()); + + //Attestations + List attestations = bom.getDeclarations().getAttestations(); + assertEquals(1, attestations.size()); + + Attestation attestation = attestations.get(0); + assertEquals("Attestation summary here", attestation.getSummary()); + assertEquals("assessor-1", attestation.getAssessor()); + assertEquals(1, attestation.getMap().size()); + + AttestationMap map = attestation.getMap().get(0); + assertEquals("requirement-1", map.getRequirement()); + assertEquals("claim-1", map.getClaims().get(0)); + assertEquals("counterClaim-1", map.getCounterClaims().get(0)); + + Conformance conformance = map.getConformance(); + assertEquals(0.8, conformance.getScore()); + assertEquals("Conformance rationale here", conformance.getRationale()); + assertEquals("mitigationStrategy-1", conformance.getMitigationStrategies().get(0)); + + Confidence confidence = map.getConfidence(); + assertEquals(1.0, confidence.getScore()); + assertEquals("Confidence rationale here", confidence.getRationale()); + + //Claims + List claims = bom.getDeclarations().getClaims(); + assertEquals(1, claims.size()); + + Claim claim = claims.get(0); + assertEquals("claim-1", claim.getBomRef()); + assertEquals("Confidence rationale here", confidence.getRationale()); + assertEquals("acme-inc", claim.getTarget()); + assertEquals("Predicate here", claim.getPredicate()); + assertEquals("Reasoning here", claim.getReasoning()); + assertEquals("evidence-1", claim.getEvidence().get(0)); + assertEquals("counterEvidence-1", claim.getCounterEvidence().get(0)); + assertEquals("mitigationStrategy-1", claim.getMitigationStrategies().get(0)); + + ExternalReference er = claim.getExternalReferences().get(0); + assertEquals("https://alm.example.com", er.getUrl()); + assertEquals(ExternalReference.Type.ISSUE_TRACKER, er.getType()); + + //Evidence + List evidences = bom.getDeclarations().getEvidence(); + assertEquals(3, evidences.size()); + + Evidence evidence = evidences.get(0); + assertEquals("evidence-1", evidence.getBomRef()); + assertEquals("internal.com.acme.someProperty", evidence.getPropertyName()); + assertEquals("Description here", evidence.getDescription()); + assertNotNull(evidence.getCreated()); + assertNotNull(evidence.getExpires()); + assertEquals("Mary", evidence.getAuthor().getName()); + assertEquals("Jane", evidence.getReviewer().getName()); + + Data data = evidence.getData().get(0); + assertEquals("Name of the data", data.getName()); + assertEquals("PII", data.getClassification()); + assertEquals("Describe sensitive data here", data.getSensitiveData().get(0)); + assertEquals("Evidence here", data.getContents().getAttachment().getText()); + + //Targets + Targets targets = bom.getDeclarations().getTargets(); + assertNotNull(targets); + assertEquals(1, targets.getOrganizations().size()); + + //Affirmation + Affirmation affirmation = bom.getDeclarations().getAffirmation(); + assertNotNull(affirmation); + + assertEquals("I certify, to the best of my knowledge, that all information is correct...", + affirmation.getStatement()); + assertEquals(2, affirmation.getSignatories().size()); + + Signatory s1 = affirmation.getSignatories().get(0); + assertEquals("Tom", s1.getName()); + assertEquals("CEO", s1.getRole()); + assertNull(s1.getSignature()); + assertNull(s1.getOrganization()); + assertNull(s1.getExternalReference()); + + Signatory s2 = affirmation.getSignatories().get(1); + assertEquals("Jerry", s2.getName()); + assertEquals("COO", s2.getRole()); + assertEquals("Acme Inc", s2.getOrganization().getName()); + assertEquals("https://example.com/coo-sig.png", s2.getExternalReference().getUrl()); + assertNull(s2.getSignature()); + } + + @Test + public void schema16_cbom() throws Exception { + final Bom bom = getXmlBom("1.6/valid-cryptography-implementation-1.6.xml"); + + assertEquals(3, bom.getComponents().size()); + assertEquals(2, bom.getDependencies().size()); + + Component component = bom.getComponents().get(0); + assertEquals("AES", component.getName()); + assertEquals("aes128gcm", component.getBomRef()); + assertEquals(Type.CRYPTOGRAPHIC_ASSET, component.getType()); + + CryptoProperties cp = component.getCryptoProperties(); + assertEquals(AssetType.ALGORITHM, cp.getAssetType()); + assertEquals("oid:2.16.840.1.101.3.4.1.6", cp.getOid()); + + AlgorithmProperties ap = cp.getAlgorithmProperties(); + assertEquals(Primitive.AE, ap.getPrimitive()); + assertEquals("128", ap.getParameterSetIdentifier()); + assertEquals(ExecutionEnvironment.SOFTWARE_PLAIN_RAM, ap.getExecutionEnvironment()); + assertEquals(ImplementationPlatform.X86_64, ap.getImplementationPlatform()); + assertEquals(CertificationLevel.NONE, ap.getCertificationLevel().get(0)); + assertEquals(Mode.GCM, ap.getMode()); + assertEquals(128, ap.getClassicalSecurityLevel()); + assertEquals(1, ap.getNistQuantumSecurityLevel()); + + assertTrue(new ArrayList<>(ap.getCryptoFunctions()) + .containsAll(Arrays.asList(CryptoFunction.KEYGEN, CryptoFunction.ENCRYPT, CryptoFunction.DECRYPT, + CryptoFunction.TAG))); + } + + @Test + public void testIssue562Regression() throws Exception { + final Bom bom = getJsonBom("regression/issue562.json"); + assertEquals(2, bom.getMetadata().getToolChoice().getComponents().size()); + assertEquals(2, bom.getMetadata().getAuthors().size()); + } + + @Test + public void testIssue492Regression() throws Exception { + final Bom bom = getJsonBom("regression/issue492.json"); + assertEquals(2, bom.getMetadata().getTools().size()); + } } diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java index a7568e86b9..c444fc5a54 100644 --- a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java @@ -18,17 +18,59 @@ */ package org.cyclonedx.parsers; -import org.cyclonedx.CycloneDxSchema; -import org.cyclonedx.CycloneDxSchema.Version; +import org.cyclonedx.Version; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; +import org.cyclonedx.model.Component.Type; import org.cyclonedx.model.Dependency; import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.model.License; +import org.cyclonedx.model.LicenseChoice; +import org.cyclonedx.model.OrganizationalEntity; import org.cyclonedx.model.Pedigree; +import org.cyclonedx.model.attestation.Assessor; +import org.cyclonedx.model.attestation.Attestation; +import org.cyclonedx.model.attestation.AttestationMap; +import org.cyclonedx.model.attestation.Claim; +import org.cyclonedx.model.attestation.Confidence; +import org.cyclonedx.model.attestation.Conformance; +import org.cyclonedx.model.attestation.Targets; +import org.cyclonedx.model.attestation.affirmation.Affirmation; +import org.cyclonedx.model.attestation.affirmation.Signatory; +import org.cyclonedx.model.attestation.evidence.Data; +import org.cyclonedx.model.attestation.evidence.Evidence; +import org.cyclonedx.model.component.ModelCard; +import org.cyclonedx.model.component.crypto.AlgorithmProperties; +import org.cyclonedx.model.component.crypto.CryptoProperties; +import org.cyclonedx.model.component.crypto.enums.AssetType; +import org.cyclonedx.model.component.crypto.enums.CertificationLevel; +import org.cyclonedx.model.component.crypto.enums.CryptoFunction; +import org.cyclonedx.model.component.crypto.enums.ExecutionEnvironment; +import org.cyclonedx.model.component.crypto.enums.ImplementationPlatform; +import org.cyclonedx.model.component.crypto.enums.Mode; +import org.cyclonedx.model.component.crypto.enums.Primitive; +import org.cyclonedx.model.component.data.Content; +import org.cyclonedx.model.component.evidence.Identity; +import org.cyclonedx.model.component.modelCard.Considerations; +import org.cyclonedx.model.component.modelCard.ModelParameters; +import org.cyclonedx.model.component.modelCard.consideration.EnvironmentalConsideration; +import org.cyclonedx.model.component.modelCard.consideration.consumption.Activity; +import org.cyclonedx.model.component.modelCard.consideration.consumption.EnergyConsumption; +import org.cyclonedx.model.component.modelCard.consideration.consumption.energy.EnergyProvider; +import org.cyclonedx.model.component.modelCard.consideration.consumption.energy.EnergySource; +import org.cyclonedx.model.component.modelCard.consideration.consumption.energy.Unit; +import org.cyclonedx.model.definition.Level; +import org.cyclonedx.model.definition.Requirement; +import org.cyclonedx.model.definition.Standard; +import org.cyclonedx.model.license.Acknowledgement; +import org.cyclonedx.model.license.Expression; import org.junit.jupiter.api.Test; import java.io.File; +import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import java.util.Objects; +import java.util.stream.Collectors; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; @@ -43,7 +85,7 @@ public class XmlParserTest public void testValid10Bom() throws Exception { final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.0.xml")).getFile()); final XmlParser parser = new XmlParser(); - final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_10); + final boolean valid = parser.isValid(file, Version.VERSION_10); assertTrue(valid); } @@ -51,7 +93,7 @@ public void testValid10Bom() throws Exception { public void testValid11Bom() throws Exception { final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.1.xml")).getFile()); final XmlParser parser = new XmlParser(); - final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_11); + final boolean valid = parser.isValid(file, Version.VERSION_11); assertTrue(valid); } @@ -60,7 +102,7 @@ public void testValid11BomWithDependencyGraph10() throws Exception { final File file = new File( Objects.requireNonNull(this.getClass().getResource("/bom-1.1-dependency-graph-1.0.xml")).getFile()); final XmlParser parser = new XmlParser(); - final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_11); + final boolean valid = parser.isValid(file, Version.VERSION_11); assertTrue(valid); } @@ -69,7 +111,7 @@ public void testValid11BomWithVulnerability10() throws Exception { final File file = new File( Objects.requireNonNull(this.getClass().getResource("/bom-1.1-vulnerability-1.0.xml")).getFile()); final XmlParser parser = new XmlParser(); - final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_11); + final boolean valid = parser.isValid(file, Version.VERSION_11); assertTrue(valid); } @@ -77,7 +119,7 @@ public void testValid11BomWithVulnerability10() throws Exception { public void testValid12Bom() throws Exception { final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.2.xml")).getFile()); final XmlParser parser = new XmlParser(); - final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_12); + final boolean valid = parser.isValid(file, Version.VERSION_12); assertTrue(valid); } @@ -86,7 +128,7 @@ public void testValidBomLink() throws Exception { final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.4-bomlink.xml")).getFile()); final XmlParser parser = new XmlParser(); Bom bom = parser.parse(file); - assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_14)); + assertTrue(parser.isValid(file, Version.VERSION_14)); ExternalReference ref = bom.getComponents().get(0).getExternalReferences().get(0); assertEquals("bom", ref.getType().getTypeName()); assertEquals("urn:cdx:f08a6ccd-4dce-4759-bd84-c626675d60a7/1", ref.getUrl()); @@ -96,7 +138,7 @@ public void testValidBomLink() throws Exception { public void testValid12BomWithPedigree() throws Exception { final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.2-pedigree.xml")).getFile()); final XmlParser parser = new XmlParser(); - final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_12); + final boolean valid = parser.isValid(file, Version.VERSION_12); assertTrue(valid); final Bom bom = parser.parse(file); @@ -113,7 +155,7 @@ private void testPedigree(final Pedigree pedigree) { public void testValid12BomWithPedigreeWithPatches() throws Exception { final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.2-pedigree-example.xml")).getFile()); final XmlParser parser = new XmlParser(); - final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_12); + final boolean valid = parser.isValid(file, Version.VERSION_12); assertTrue(valid); final Bom bom = parser.parse(file); @@ -125,6 +167,20 @@ private void testPedigreeFromExample(final Pedigree pedigree) { assertEquals(2, pedigree.getPatches().get(1).getResolves().size()); } + @Test + public void testValid12BomWithMetadataPedigree() throws Exception { + final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.2-metadata-pedigree.xml")).getFile()); + final XmlParser parser = new XmlParser(); + final boolean valid = parser.isValid(file, Version.VERSION_12); + assertTrue(valid); + + final Bom bom = parser.parse(file); + Pedigree pedigree = bom.getMetadata().getComponent().getPedigree(); + assertEquals(2, pedigree.getAncestors().getComponents().size()); + assertEquals(1, pedigree.getDescendants().getComponents().size()); + assertEquals(0, pedigree.getVariants().getComponents().size()); + } + @Test public void testParsedObjects10Bom() throws Exception { final Bom bom = getXmlBom("bom-1.0.xml"); @@ -146,6 +202,7 @@ public void testParsedObjects10Bom() throws Exception { assertEquals("An example application", c1.getDescription()); assertEquals("Copyright Example Inc. All rights reserved.", c1.getCopyright()); assertEquals("Apache-2.0", c1.getLicenseChoice().getLicenses().get(0).getId()); + assertEquals("Apache-2.0", c1.getLicenses().getLicenses().get(0).getId()); assertEquals(2, c1.getComponents().size()); } @@ -191,7 +248,7 @@ public void testParsedObjects11Bom() throws Exception { assertNotNull(c1.getPedigree().getCommits().get(0).getCommitter().getTimestamp()); assertEquals("Initial commit", c1.getPedigree().getCommits().get(0).getMessage()); assertEquals("Commentary here", c1.getPedigree().getNotes()); - assertEquals("EPL-2.0 OR GPL-2.0-with-classpath-exception", c2.getLicenseChoice().getExpression()); + assertEquals("EPL-2.0 OR GPL-2.0-with-classpath-exception", c2.getLicenseChoice().getExpression().getValue()); } @Test @@ -235,7 +292,7 @@ public void testParsedObjects12Bom() throws Exception { // Assertions for bom.components assertComponent(components.get(0), Component.Type.APPLICATION, "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"); - assertServices(bom); + assertServices(bom, Version.VERSION_12); // Assertions for bom.dependencies assertEquals(1, bom.getDependencies().size()); @@ -259,7 +316,7 @@ public void testParsedObjects13Bom() throws Exception { assertComponent(components.get(0), Component.Type.APPLICATION, "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"); - assertServices(bom); + assertServices(bom, Version.VERSION_13); // Assertions for bom.dependencies assertEquals(1, bom.getDependencies().size()); @@ -280,7 +337,7 @@ public void testParsedObjects14Bom() throws Exception { assertMetadata(bom.getMetadata(), Version.VERSION_14); assertComponent(bom, Version.VERSION_14); - assertServices(bom); + assertServices(bom, Version.VERSION_14); assertCompositions(bom, Version.VERSION_14); assertVulnerabilities(bom, Version.VERSION_14); @@ -307,7 +364,7 @@ public void testParsedObjects15Bom() throws Exception { assertMetadata(bom.getMetadata(), Version.VERSION_15); assertComponent(bom, Version.VERSION_15); - assertServices(bom); + assertServices(bom, Version.VERSION_15); assertCompositions(bom, Version.VERSION_15); assertVulnerabilities(bom, Version.VERSION_15); @@ -348,7 +405,7 @@ public void testIssue336Regression() throws Exception { assertEquals("foo", bom.getMetadata().getComponent().getProperties().get(0).getName()); assertEquals("bar", bom.getMetadata().getComponent().getProperties().get(0).getValue()); } - + @Test public void testIssue338RegressionWithSingleTool() throws Exception { final Bom bom = getXmlBom("regression/issue338-single-tool.xml"); @@ -367,4 +424,326 @@ public void testIssue343Regression() throws Exception { final Bom bom = getXmlBom("regression/issue343-empty-hashes.xml"); assertEquals(0, bom.getComponents().get(0).getHashes().size()); } + + @Test + public void schema16_license_id_acknowledgement() throws Exception { + final Bom bom = getXmlBom("1.6/valid-license-id-1.6.xml"); + + assertAck(bom); + } + + @Test + public void schema16_license_expression_acknowledgement() throws Exception { + final Bom bom = getXmlBom("1.6/valid-license-expression-1.6.xml"); + + assertNotNull(bom.getComponents()); + LicenseChoice lc = bom.getComponents().get(0).getLicenses(); + assertNotNull(lc.getExpression()); + + Expression expression = lc.getExpression(); + assertEquals("EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", expression.getValue()); + assertEquals("my-license", expression.getBomRef()); + assertEquals(Acknowledgement.DECLARED, expression.getAcknowledgement()); + } + + @Test + public void schema16_ml_considerations() throws Exception { + final Bom bom = getXmlBom("1.6/valid-machine-learning-considerations-env-1.6.xml"); + + assertNotNull(bom.getComponents()); + ModelCard mc = bom.getComponents().get(0).getModelCard(); + assertNotNull(mc); + + Considerations considerations = mc.getConsiderations(); + assertNotNull(considerations); + + EnvironmentalConsideration ec = considerations.getEnvironmentalConsiderations(); + assertNotNull(ec); + + assertEquals(1, ec.getEnergyConsumptions().size()); + + EnergyConsumption eec = ec.getEnergyConsumptions().get(0); + + assertEquals(Activity.TRAINING, eec.getActivity()); + assertEquals(Unit.KWH, eec.getActivityEnergyCost().getUnit()); + assertEquals(0.4, eec.getActivityEnergyCost().getValue()); + assertEquals(org.cyclonedx.model.component.modelCard.consideration.consumption.co2.Unit.TCO2EQ, + eec.getCo2CostEquivalent().getUnit()); + assertEquals(31.22, eec.getCo2CostEquivalent().getValue()); + assertEquals(org.cyclonedx.model.component.modelCard.consideration.consumption.co2.Unit.TCO2EQ, + eec.getCo2CostOffset().getUnit()); + assertEquals(31.22, eec.getCo2CostOffset().getValue()); + + assertNull(eec.getProperties()); + assertEquals(1, eec.getEnergyProviders().size()); + + EnergyProvider ep = eec.getEnergyProviders().get(0); + + assertEquals("Meta data-center, US-East", ep.getDescription()); + assertNull(ep.getExternalReferences()); + assertNull(ep.getBomRef()); + assertNotNull(ep.getOrganization()); + + assertEquals(EnergySource.NATURAL_GAS, ep.getEnergySource()); + + assertEquals(0.4, ep.getEnergyProvided().getValue()); + assertEquals(Unit.KWH, ep.getEnergyProvided().getUnit()); + + assertNull(ep.getOrganization().getAddress().getBomRef()); + assertEquals("United States", ep.getOrganization().getAddress().getCountry()); + assertEquals("Newark", ep.getOrganization().getAddress().getLocality()); + assertNull(ep.getOrganization().getAddress().getStreetAddress()); + assertNull(ep.getOrganization().getAddress().getPostalCode()); + assertNull(ep.getOrganization().getAddress().getPostOfficeBoxNumber()); + assertEquals("New Jersey", ep.getOrganization().getAddress().getRegion()); + assertNull(eec.getProperties()); + } + + @Test + public void schema16_ml_content() throws Exception { + final Bom bom = getXmlBom("1.6/valid-machine-learning-1.6.xml"); + + assertNotNull(bom.getComponents()); + ModelCard mc = bom.getComponents().get(0).getModelCard(); + assertNotNull(mc); + + ModelParameters mp = mc.getModelParameters(); + assertNotNull(mp); + + Content content = mp.getDatasets().get(0).getComponentData().getContents(); + assertNotNull(content); + + assertEquals(2, content.getProperties().size()); + } + + @Test + public void schema16_component_identifiers() throws Exception { + final Bom bom = getXmlBom("1.6/valid-component-identifiers-1.6.xml"); + + assertIdentifiers(bom); + } + + @Test + public void schema16_tags() throws Exception { + final Bom bom = getXmlBom("1.6/valid-tags-1.6.xml"); + assertTags(bom); + } + + @Test + public void schema16_manufacture() throws Exception { + final Bom bom = getXmlBom("1.6/valid-metadata-manufacture-1.6.xml"); + + assertNotNull(bom.getMetadata()); + OrganizationalEntity manufacture = bom.getMetadata().getManufacture(); + assertNotNull(manufacture); + assertManufacturerMetadata(manufacture, Version.VERSION_16, true); + } + + @Test + public void schema16_manufacturer() throws Exception { + final Bom bom = getXmlBom("1.6/valid-metadata-manufacturer-1.6.xml"); + + assertNotNull(bom.getMetadata()); + OrganizationalEntity manufacturer = bom.getMetadata().getManufacturer(); + assertNotNull(manufacturer); + assertManufacturerMetadata(manufacturer, Version.VERSION_16, false); + } + + @Test + public void schema16_evidence() throws Exception { + final Bom bom = getXmlBom("1.6/valid-evidence-1.6.xml"); + + List identities = bom.getComponents().get(1).getEvidence().getIdentities(); + assertEquals(3, identities.size()); + List list = identities.stream().map(Identity::getConcludedValue).collect(Collectors.toList()); + assertTrue(list.containsAll(Arrays.asList("com.example", "example-project", "1.0.0"))); + } + + @Test + public void schema16_attestation_standard() throws Exception { + final Bom bom = getXmlBom("1.6/valid-standard-1.6.xml"); + + assertNotNull(bom.getDefinitions()); + List standards = bom.getDefinitions().getStandards(); + assertEquals(1, standards.size()); + + Standard standard = standards.get(0); + assertEquals("standard-1", standard.getBomRef()); + assertEquals("Description here", standard.getDescription()); + assertEquals("Sample Standard", standard.getName()); + assertEquals("Acme Inc", standard.getOwner()); + assertEquals("1.0.0", standard.getVersion()); + + //Requirements + assertEquals(3, standard.getRequirements().size()); + Requirement requirement = standard.getRequirements().get(2); + assertEquals("requirement-1.1.1", requirement.getBomRef()); + assertEquals("Text of the requirement here", requirement.getText()); + assertEquals("v1.1.1", requirement.getIdentifier()); + assertEquals("requirement-1.1", requirement.getParent()); + assertEquals("Supplemental text here", requirement.getDescriptions().get(0)); + assertEquals(1, requirement.getOpenCre().size()); + assertNull(requirement.getExternalReferences()); + assertNull(requirement.getProperties()); + assertNull(requirement.getTitle()); + + //Levels + assertEquals(3, standard.getLevels().size()); + Level level = standard.getLevels().get(0); + assertEquals("Level 1", level.getIdentifier()); + assertEquals("Description here", level.getDescription()); + assertEquals("level-1", level.getBomRef()); + assertNull(level.getTitle()); + assertEquals(1, level.getRequirements().size()); + assertEquals("requirement-1.1.1", level.getRequirements().get(0)); + + assertNull(standard.getSignature()); + } + + @Test + public void schema16_attestation() throws Exception { + final Bom bom = getXmlBom("1.6/valid-attestation-1.6.xml"); + + assertNotNull(bom.getDeclarations()); + + //Assessors + List assessors = bom.getDeclarations().getAssessors(); + assertEquals(1, assessors.size()); + + Assessor assessor = assessors.get(0); + assertEquals(true, assessor.getThirdParty()); + assertEquals("Assessors Inc", assessor.getOrganization().getName()); + assertEquals("assessor-1", assessor.getBomRef()); + + //Attestations + List attestations = bom.getDeclarations().getAttestations(); + assertEquals(1, attestations.size()); + + Attestation attestation = attestations.get(0); + assertEquals("Attestation summary here", attestation.getSummary()); + assertEquals("assessor-1", attestation.getAssessor()); + assertEquals(1, attestation.getMap().size()); + + AttestationMap map = attestation.getMap().get(0); + assertEquals("requirement-1", map.getRequirement()); + assertEquals("claim-1", map.getClaims().get(0)); + assertEquals("counterClaim-1", map.getCounterClaims().get(0)); + + Conformance conformance = map.getConformance(); + assertEquals(0.8, conformance.getScore()); + assertEquals("Conformance rationale here", conformance.getRationale()); + assertEquals("mitigationStrategy-1", conformance.getMitigationStrategies().get(0)); + + Confidence confidence = map.getConfidence(); + assertEquals(1.0, confidence.getScore()); + assertEquals("Confidence rationale here", confidence.getRationale()); + + //Claims + List claims = bom.getDeclarations().getClaims(); + assertEquals(1, claims.size()); + + Claim claim = claims.get(0); + assertEquals("claim-1", claim.getBomRef()); + assertEquals("Confidence rationale here", confidence.getRationale()); + assertEquals("acme-inc", claim.getTarget()); + assertEquals("Predicate here", claim.getPredicate()); + assertEquals("Reasoning here", claim.getReasoning()); + assertEquals("evidence-1", claim.getEvidence().get(0)); + assertEquals("counterEvidence-1", claim.getCounterEvidence().get(0)); + assertEquals("mitigationStrategy-1", claim.getMitigationStrategies().get(0)); + + ExternalReference er = claim.getExternalReferences().get(0); + assertEquals("https://alm.example.com", er.getUrl()); + assertEquals(ExternalReference.Type.ISSUE_TRACKER, er.getType()); + + //Evidence + List evidences = bom.getDeclarations().getEvidence(); + assertEquals(3, evidences.size()); + + Evidence evidence = evidences.get(0); + assertEquals("evidence-1", evidence.getBomRef()); + assertEquals("internal.com.acme.someProperty", evidence.getPropertyName()); + assertEquals("Description here", evidence.getDescription()); + assertNotNull(evidence.getCreated()); + assertNotNull(evidence.getExpires()); + assertEquals("Mary", evidence.getAuthor().getName()); + assertEquals("Jane", evidence.getReviewer().getName()); + + Data data = evidence.getData().get(0); + assertEquals("Name of the data", data.getName()); + assertEquals("PII", data.getClassification()); + assertEquals("Describe sensitive data here", data.getSensitiveData().get(0)); + assertEquals("Evidence here", data.getContents().getAttachment().getText()); + + //Targets + Targets targets = bom.getDeclarations().getTargets(); + assertNotNull(targets); + assertEquals(1, targets.getOrganizations().size()); + + //Affirmation + Affirmation affirmation = bom.getDeclarations().getAffirmation(); + assertNotNull(affirmation); + + assertEquals("I certify, to the best of my knowledge, that all information is correct...", + affirmation.getStatement()); + assertEquals(2, affirmation.getSignatories().size()); + + Signatory s1 = affirmation.getSignatories().get(0); + assertEquals("Tom", s1.getName()); + assertEquals("CEO", s1.getRole()); + assertNull(s1.getSignature()); + assertNull(s1.getOrganization()); + assertNull(s1.getExternalReference()); + + Signatory s2 = affirmation.getSignatories().get(1); + assertEquals("Jerry", s2.getName()); + assertEquals("COO", s2.getRole()); + assertEquals("Acme Inc", s2.getOrganization().getName()); + assertEquals("https://example.com/coo-sig.png", s2.getExternalReference().getUrl()); + assertNull(s2.getSignature()); + } + + @Test + public void schema16_cbom() throws Exception { + final Bom bom = getXmlBom("1.6/valid-cryptography-implementation-1.6.xml"); + + assertEquals(3, bom.getComponents().size()); + assertEquals(2, bom.getDependencies().size()); + + Component component = bom.getComponents().get(0); + assertEquals("AES", component.getName()); + assertEquals("aes128gcm", component.getBomRef()); + assertEquals(Type.CRYPTOGRAPHIC_ASSET, component.getType()); + + CryptoProperties cp = component.getCryptoProperties(); + assertEquals(AssetType.ALGORITHM, cp.getAssetType()); + assertEquals("oid:2.16.840.1.101.3.4.1.6", cp.getOid()); + + AlgorithmProperties ap = cp.getAlgorithmProperties(); + assertEquals(Primitive.AE, ap.getPrimitive()); + assertEquals("128", ap.getParameterSetIdentifier()); + assertEquals(ExecutionEnvironment.SOFTWARE_PLAIN_RAM, ap.getExecutionEnvironment()); + assertEquals(ImplementationPlatform.X86_64, ap.getImplementationPlatform()); + assertEquals(CertificationLevel.NONE, ap.getCertificationLevel().get(0)); + assertEquals(Mode.GCM, ap.getMode()); + assertEquals(128, ap.getClassicalSecurityLevel()); + assertEquals(1, ap.getNistQuantumSecurityLevel()); + + assertTrue(new ArrayList<>(ap.getCryptoFunctions()) + .containsAll(Arrays.asList(CryptoFunction.KEYGEN, CryptoFunction.ENCRYPT, CryptoFunction.DECRYPT, + CryptoFunction.TAG))); + } + + @Test + public void testIssue562Regression() throws Exception { + final Bom bom = getXmlBom("regression/issue562.xml"); + assertEquals(2, bom.getMetadata().getToolChoice().getComponents().size()); + assertEquals(2, bom.getMetadata().getAuthors().size()); + } + + @Test + public void testIssue492Regression() throws Exception { + final Bom bom = getXmlBom("regression/issue492.xml"); + assertEquals(2, bom.getMetadata().getTools().size()); + } } diff --git a/src/test/java/org/cyclonedx/schema/BaseSchemaVerificationTest.java b/src/test/java/org/cyclonedx/schema/BaseSchemaVerificationTest.java index a44c41e7ce..3156b9bc12 100644 --- a/src/test/java/org/cyclonedx/schema/BaseSchemaVerificationTest.java +++ b/src/test/java/org/cyclonedx/schema/BaseSchemaVerificationTest.java @@ -20,7 +20,7 @@ import org.apache.commons.io.IOUtils; import org.cyclonedx.CycloneDxSchema; -import org.cyclonedx.CycloneDxSchema.Version; +import org.cyclonedx.Version; import java.io.InputStream; import java.nio.charset.StandardCharsets; diff --git a/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java b/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java index f3d1e7d1c9..0304af3ce4 100644 --- a/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java +++ b/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java @@ -18,7 +18,7 @@ */ package org.cyclonedx.schema; -import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.Version; import org.cyclonedx.parsers.JsonParser; import org.junit.jupiter.api.DynamicTest; import org.junit.jupiter.api.TestFactory; @@ -26,6 +26,7 @@ import java.util.ArrayList; import java.util.Collection; import java.util.List; +import java.util.Objects; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -38,18 +39,21 @@ public Collection dynamicTestsWithCollection() throws Exception { final List dynamicTests = new ArrayList<>(); for (final String file: files) { if (file.endsWith(".json")) { - final CycloneDxSchema.Version schemaVersion; + final Version schemaVersion; if (file.endsWith("-1.2.json")) { - schemaVersion = CycloneDxSchema.Version.VERSION_12; + schemaVersion = Version.VERSION_12; } else if (file.endsWith("-1.3.json")) { - schemaVersion = CycloneDxSchema.Version.VERSION_13; + schemaVersion = Version.VERSION_13; } else if (file.endsWith("-1.4.json")) { - schemaVersion = CycloneDxSchema.Version.VERSION_14; + schemaVersion = Version.VERSION_14; } else if (file.endsWith("-1.5.json")) { - schemaVersion = CycloneDxSchema.Version.VERSION_15; + schemaVersion = Version.VERSION_15; + } + else if (file.endsWith("-1.6.json")) { + schemaVersion = Version.VERSION_16; } else { schemaVersion = null; @@ -66,8 +70,8 @@ else if (file.endsWith("-1.5.json")) { return dynamicTests; } - private boolean isValidJson(CycloneDxSchema.Version version, String resource) throws Exception { - final File file = new File(this.getClass().getResource(resource).getFile()); + private boolean isValidJson(Version version, String resource) throws Exception { + final File file = new File(Objects.requireNonNull(this.getClass().getResource(resource)).getFile()); final JsonParser parser = new JsonParser(); return parser.isValid(file, version); diff --git a/src/test/java/org/cyclonedx/schema/XmlSchemaVerificationTest.java b/src/test/java/org/cyclonedx/schema/XmlSchemaVerificationTest.java index d4a0f2c64d..03ff737b13 100644 --- a/src/test/java/org/cyclonedx/schema/XmlSchemaVerificationTest.java +++ b/src/test/java/org/cyclonedx/schema/XmlSchemaVerificationTest.java @@ -18,7 +18,7 @@ */ package org.cyclonedx.schema; -import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.Version; import org.cyclonedx.parsers.XmlParser; import org.junit.jupiter.api.DynamicTest; import org.junit.jupiter.api.TestFactory; @@ -27,6 +27,7 @@ import java.util.ArrayList; import java.util.Collection; import java.util.List; +import java.util.Objects; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -39,24 +40,27 @@ public Collection dynamicTestsWithCollection() throws Exception { final List dynamicTests = new ArrayList<>(); for (final String file: files) { if (file.endsWith(".xml")) { - final CycloneDxSchema.Version schemaVersion; + final Version schemaVersion; if (file.endsWith("-1.0.xml")) { - schemaVersion = CycloneDxSchema.Version.VERSION_10; + schemaVersion = Version.VERSION_10; } else if (file.endsWith("-1.1.xml")) { - schemaVersion = CycloneDxSchema.Version.VERSION_11; + schemaVersion = Version.VERSION_11; } else if (file.endsWith("-1.2.xml")) { - schemaVersion = CycloneDxSchema.Version.VERSION_12; + schemaVersion = Version.VERSION_12; } else if (file.endsWith("-1.3.xml")) { - schemaVersion = CycloneDxSchema.Version.VERSION_13; + schemaVersion = Version.VERSION_13; } else if (file.endsWith("-1.4.xml")) { - schemaVersion = CycloneDxSchema.Version.VERSION_14; + schemaVersion = Version.VERSION_14; } else if (file.endsWith("-1.5.xml")) { - schemaVersion = CycloneDxSchema.Version.VERSION_15; + schemaVersion = Version.VERSION_15; + } + else if (file.endsWith("-1.6.xml")) { + schemaVersion = Version.VERSION_16; } else { schemaVersion = null; @@ -73,8 +77,8 @@ else if (file.endsWith("-1.5.xml")) { return dynamicTests; } - private boolean isValid(CycloneDxSchema.Version version, String resource) throws Exception { - final File file = new File(this.getClass().getResource(resource).getFile()); + private boolean isValid(Version version, String resource) throws Exception { + final File file = new File(Objects.requireNonNull(this.getClass().getResource(resource)).getFile()); final XmlParser parser = new XmlParser(); return parser.isValid(file, version); } diff --git a/src/test/java/org/cyclonedx/util/BomUtilsTest.java b/src/test/java/org/cyclonedx/util/BomUtilsTest.java index fab32991c3..f58d0093f3 100644 --- a/src/test/java/org/cyclonedx/util/BomUtilsTest.java +++ b/src/test/java/org/cyclonedx/util/BomUtilsTest.java @@ -18,16 +18,18 @@ */ package org.cyclonedx.util; -import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.io.FileUtils; -import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.Version; import org.cyclonedx.model.Hash; import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.condition.EnabledForJreRange; +import org.junit.jupiter.api.condition.JRE; + import java.io.File; import java.io.IOException; -import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.List; +import java.util.Objects; import static org.apache.commons.io.FileUtils.ONE_KB; import static org.assertj.core.api.Assertions.assertThat; @@ -43,40 +45,54 @@ public class BomUtilsTest { @Test - public void calculateHashesTest() throws Exception { - final File file = new File(this.getClass().getResource("/hashtest.txt").toURI()); + public void calculateHashes() throws Exception { + final File file = new File(Objects.requireNonNull(this.getClass().getResource("/hashtest.txt")).toURI()); - final List hashes = BomUtils.calculateHashes(file, CycloneDxSchema.Version.VERSION_12); + final List hashes = BomUtils.calculateHashes(file, Version.VERSION_12); assertThatHashIsComputed(hashes, MD5, "5dd39cab1c53c2c77cd352983f9641e1"); assertThatHashIsComputed(hashes, SHA1, "b56df8ed5365fca1419818aa384ba3b5e7756047"); assertThatHashIsComputed(hashes, SHA_256, "c87e2ca771bab6024c269b933389d2a92d4941c848c52f155b9b84e1f109fe35"); assertThatHashIsComputed(hashes, SHA_384, "1600a408df6f0775d5d3d2f13d8355a7a668ffc1be13810041e883f510b05dba0662a55c0b6b9a49c51293fa892d00d7"); assertThatHashIsComputed(hashes, SHA_512, "3de78a913cb8896f8f08ce3374b726b49ed00cc569621c5161c31eb80fca4d2f5e4443d42676dfc79743f345de7f0b95dbb2c97b2bc1a438a5a49c5f1b5298ac"); - if (supportsSha3Algorithms()) { - assertThatHashIsComputed(hashes, SHA3_256, "d79acc39c4f826d0a0abb614866b0347ab7a782473f666fa49582cec7acb57c6"); - assertThatHashIsComputed(hashes, SHA3_384, "c557b693f910c4cab2ca5ba55083bbe08a1362038c8217179955af7686ae79f3547e383d0d63cca5e85240aed7fe8c0b"); - assertThatHashIsComputed(hashes, SHA3_512, "6a2825f3e8889f60ba965894a15d09b7f3958e0bd896ad293d3a04cda2cfa1aa9764567da61a62b4af55191d1108d9ca8b9e926411c9adc2d7b0f35f6fb11633"); - } } @Test - public void calculateHashesForBigFileTest() throws Exception { + @EnabledForJreRange(min = JRE.JAVA_17) + public void calculateSha3HashesOnJava17AndHigher() throws Exception { + final File file = new File(Objects.requireNonNull(this.getClass().getResource("/hashtest.txt")).toURI()); + + final List hashes = BomUtils.calculateHashes(file, Version.VERSION_12); + + assertThatHashIsComputed(hashes, SHA3_256, "d79acc39c4f826d0a0abb614866b0347ab7a782473f666fa49582cec7acb57c6"); + assertThatHashIsComputed(hashes, SHA3_384, "c557b693f910c4cab2ca5ba55083bbe08a1362038c8217179955af7686ae79f3547e383d0d63cca5e85240aed7fe8c0b"); + assertThatHashIsComputed(hashes, SHA3_512, "6a2825f3e8889f60ba965894a15d09b7f3958e0bd896ad293d3a04cda2cfa1aa9764567da61a62b4af55191d1108d9ca8b9e926411c9adc2d7b0f35f6fb11633"); + } + + + @Test + public void calculateHashesForBigFile() throws Exception { final File file = generateBigFileWithReproductiveContent(); - final List hashes = BomUtils.calculateHashes(file, CycloneDxSchema.Version.VERSION_12); + final List hashes = BomUtils.calculateHashes(file, Version.VERSION_12); assertThatHashIsComputed(hashes, MD5, "10be767d4f5874017ca03f3a9fe6627b"); assertThatHashIsComputed(hashes, SHA1, "ae3c58e2a2d5e897b141c6552232976b99d91c9b"); assertThatHashIsComputed(hashes, SHA_256, "0d797f9a8794ff2a00be343e012403620750609067bbf5899c340959159b86b3"); assertThatHashIsComputed(hashes, SHA_384, "be5785a76b67105066f65fa9d2f85bd5f438149396eb039a4a89d1ae0822de34bd6502f242de992d29a253d3e5093001"); assertThatHashIsComputed(hashes, SHA_512, "fed86c6ab6b75f044dd0aa8bc60468d4070cf081e26040daf61fd0d4c1d74ff6cead44b32b258483041d11eac6b80edafa2d5a0d0d59d5d7e750f775feac01f2"); + } - if (supportsSha3Algorithms()) { - assertThatHashIsComputed(hashes, SHA3_256, "6afc5eea1405183f2a273deb87795bbdabfa9a23c07ec56b080b29f9a357931e"); - assertThatHashIsComputed(hashes, SHA3_384, "3bebb987e764240cca59e03f29d0c6f38221fa01295b84e0fe85e8057220f0ac173171c9a5ded67ef9b109cb63f12e51"); - assertThatHashIsComputed(hashes, SHA3_512, "eec26946678ae2d09db65ac618f4ddf150c517c06864296eeb5f9dc6138bf695341353527c058cf82eb6a8bacd8907ef1494c108c71f2f31f201ef521c6991ea"); - } + @Test + @EnabledForJreRange(min = JRE.JAVA_17) + public void calculateSha3HashesForBigFileOnJava17AndHigher() throws Exception { + final File file = generateBigFileWithReproductiveContent(); + + final List hashes = BomUtils.calculateHashes(file, Version.VERSION_12); + + assertThatHashIsComputed(hashes, SHA3_256, "6afc5eea1405183f2a273deb87795bbdabfa9a23c07ec56b080b29f9a357931e"); + assertThatHashIsComputed(hashes, SHA3_384, "3bebb987e764240cca59e03f29d0c6f38221fa01295b84e0fe85e8057220f0ac173171c9a5ded67ef9b109cb63f12e51"); + assertThatHashIsComputed(hashes, SHA3_512, "eec26946678ae2d09db65ac618f4ddf150c517c06864296eeb5f9dc6138bf695341353527c058cf82eb6a8bacd8907ef1494c108c71f2f31f201ef521c6991ea"); } private void assertThatHashIsComputed(final List hashes, final Hash.Algorithm algorithm, final String expectedHashValue) { @@ -101,18 +117,4 @@ private File generateBigFileWithReproductiveContent() throws IOException { } return file; } - - /** Need to run these tests with JDK17 (for eg.ie. not JDK8) in order to have SHA3 algorithms support */ - static boolean supportsSha3Algorithms() { - try { - DigestUtils.getSha3_256Digest().update(new byte []{1}); - return true; - } catch (IllegalArgumentException e) { - if (e.getCause() instanceof NoSuchAlgorithmException) { - return false; - } - throw e; - } - } - } diff --git a/src/test/java/org/cyclonedx/util/LicenseResolverTest.java b/src/test/java/org/cyclonedx/util/LicenseResolverTest.java index 85e25e3a9d..f0e8d5168b 100644 --- a/src/test/java/org/cyclonedx/util/LicenseResolverTest.java +++ b/src/test/java/org/cyclonedx/util/LicenseResolverTest.java @@ -31,7 +31,7 @@ public class LicenseResolverTest { public void parseLicenseByUrlTest() { LicenseChoice l1 = LicenseResolver.resolve("https://www.opensource.org/licenses/GPL-3.0"); LicenseChoice l2 = LicenseResolver.resolve("https://www.gnu.org/licenses/gpl-3.0-standalone.html"); - LicenseChoice l3 = LicenseResolver.resolve("https://www.opensource.org/licenses/MIT"); + LicenseChoice l3 = LicenseResolver.resolve("https://opensource.org/license/mit/"); LicenseChoice l4 = LicenseResolver.resolve("https://www.opensource.org/licenses/Apache-2.0"); LicenseChoice l5 = LicenseResolver.resolve("https://www.apache.org/licenses/LICENSE-2.0"); assertEquals("GPL-3.0-only", l1.getLicenses().get(0).getId()); @@ -48,7 +48,7 @@ public void resolveTestSingleLicense() { assertEquals("GPL-3.0-only", c1.getLicenses().get(0).getId()); assertEquals("https://www.gnu.org/licenses/gpl-3.0-standalone.html", c1.getLicenses().get(0).getUrl()); assertNotNull(c1.getLicenses().get(0).getAttachmentText().getText()); - assertEquals("plain/text", c1.getLicenses().get(0).getAttachmentText().getContentType()); + assertEquals("text/plain", c1.getLicenses().get(0).getAttachmentText().getContentType()); assertEquals("base64", c1.getLicenses().get(0).getAttachmentText().getEncoding()); LicenseResolver.LicenseTextSettings textSettings = new LicenseResolver.LicenseTextSettings( true, LicenseResolver.LicenseEncoding.NONE); @@ -57,7 +57,7 @@ public void resolveTestSingleLicense() { assertEquals("GPL-3.0-only", c2.getLicenses().get(0).getId()); assertEquals("https://www.gnu.org/licenses/gpl-3.0-standalone.html", c2.getLicenses().get(0).getUrl()); assertNotNull(c2.getLicenses().get(0).getAttachmentText().getText()); - assertEquals("plain/text", c2.getLicenses().get(0).getAttachmentText().getContentType()); + assertEquals("text/plain", c2.getLicenses().get(0).getAttachmentText().getContentType()); assertNull(c2.getLicenses().get(0).getAttachmentText().getEncoding()); textSettings = new LicenseResolver.LicenseTextSettings( true, LicenseResolver.LicenseEncoding.BASE64); @@ -66,7 +66,7 @@ public void resolveTestSingleLicense() { assertEquals("GPL-3.0-only", c3.getLicenses().get(0).getId()); assertEquals("https://www.gnu.org/licenses/gpl-3.0-standalone.html", c3.getLicenses().get(0).getUrl()); assertNotNull(c3.getLicenses().get(0).getAttachmentText().getText()); - assertEquals("plain/text", c3.getLicenses().get(0).getAttachmentText().getContentType()); + assertEquals("text/plain", c3.getLicenses().get(0).getAttachmentText().getContentType()); assertEquals("base64", c3.getLicenses().get(0).getAttachmentText().getEncoding()); } diff --git a/src/test/java/org/cyclonedx/util/ObjectLocatorTest.java b/src/test/java/org/cyclonedx/util/ObjectLocatorTest.java new file mode 100644 index 0000000000..2a58850f30 --- /dev/null +++ b/src/test/java/org/cyclonedx/util/ObjectLocatorTest.java @@ -0,0 +1,138 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util; + +import org.cyclonedx.model.Bom; +import org.cyclonedx.model.Component; +import org.cyclonedx.model.Service; +import org.cyclonedx.model.vulnerability.Vulnerability; +import org.cyclonedx.parsers.BomParserFactory; +import org.cyclonedx.parsers.Parser; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + +import static org.apache.commons.io.IOUtils.resourceToByteArray; +import static org.assertj.core.api.Assertions.assertThat; + +class ObjectLocatorTest { + + private Bom bom; + + @BeforeEach + void beforeEach() throws Exception { + final byte[] bomBytes = resourceToByteArray("/bom-object-locator.json"); + final Parser parser = BomParserFactory.createParser(bomBytes); + bom = parser.parse(bomBytes); + } + + @Test + void shouldLocateMetadataComponent() { + final ObjectLocator objectLocator = new ObjectLocator(bom, "0a7ac0b2-0f52-45c6-8f73-4dbcfb25286b").locate(); + assertThat(objectLocator.found()).isTrue(); + assertThat(objectLocator.isMetadataComponent()).isTrue(); + assertThat(objectLocator.isComponent()).isTrue(); + assertThat(objectLocator.isService()).isFalse(); + assertThat(objectLocator.isVulnerability()).isFalse(); + assertThat(objectLocator.getObject()).isInstanceOf(Component.class); + } + + @Test + void shouldLocateComponent() { + final ObjectLocator objectLocator = new ObjectLocator(bom, "ac9c4a17-2bc2-42ef-81af-01a8e363501f").locate(); + assertThat(objectLocator.found()).isTrue(); + assertThat(objectLocator.isMetadataComponent()).isFalse(); + assertThat(objectLocator.isComponent()).isTrue(); + assertThat(objectLocator.isService()).isFalse(); + assertThat(objectLocator.isVulnerability()).isFalse(); + assertThat(objectLocator.getObject()).isInstanceOf(Component.class); + } + + @Test // https://github.com/CycloneDX/cyclonedx-core-java/issues/455 + void shouldLocateComponentWhenMetadataComponentIsNull() { + bom.getMetadata().setComponent(null); + + final ObjectLocator objectLocator = new ObjectLocator(bom, "ac9c4a17-2bc2-42ef-81af-01a8e363501f").locate(); + assertThat(objectLocator.found()).isTrue(); + assertThat(objectLocator.isMetadataComponent()).isFalse(); + assertThat(objectLocator.isComponent()).isTrue(); + assertThat(objectLocator.isService()).isFalse(); + assertThat(objectLocator.isVulnerability()).isFalse(); + assertThat(objectLocator.getObject()).isInstanceOf(Component.class); + } + + @Test + void shouldLocateService() { + final ObjectLocator objectLocator = new ObjectLocator(bom, "b2a46a4b-8367-4bae-9820-95557cfe03a8").locate(); + assertThat(objectLocator.found()).isTrue(); + assertThat(objectLocator.isMetadataComponent()).isFalse(); + assertThat(objectLocator.isComponent()).isFalse(); + assertThat(objectLocator.isService()).isTrue(); + assertThat(objectLocator.isVulnerability()).isFalse(); + assertThat(objectLocator.getObject()).isInstanceOf(Service.class); + } + + @Test // https://github.com/CycloneDX/cyclonedx-core-java/issues/455 + void shouldLocateServiceWhenMetadataComponentIsNull() { + bom.getMetadata().setComponent(null); + + final ObjectLocator objectLocator = new ObjectLocator(bom, "b2a46a4b-8367-4bae-9820-95557cfe03a8").locate(); + assertThat(objectLocator.found()).isTrue(); + assertThat(objectLocator.isMetadataComponent()).isFalse(); + assertThat(objectLocator.isComponent()).isFalse(); + assertThat(objectLocator.isService()).isTrue(); + assertThat(objectLocator.isVulnerability()).isFalse(); + assertThat(objectLocator.getObject()).isInstanceOf(Service.class); + } + + @Test + void shouldLocateVulnerability() { + final ObjectLocator objectLocator = new ObjectLocator(bom, "6eee14da-8f42-4cc4-bb65-203235f02415").locate(); + assertThat(objectLocator.found()).isTrue(); + assertThat(objectLocator.isMetadataComponent()).isFalse(); + assertThat(objectLocator.isComponent()).isFalse(); + assertThat(objectLocator.isService()).isFalse(); + assertThat(objectLocator.isVulnerability()).isTrue(); + assertThat(objectLocator.getObject()).isInstanceOf(Vulnerability.class); + } + + @Test // https://github.com/CycloneDX/cyclonedx-core-java/issues/455 + void shouldLocateVulnerabilityWhenMetadataComponentIsNull() { + bom.getMetadata().setComponent(null); + + final ObjectLocator objectLocator = new ObjectLocator(bom, "6eee14da-8f42-4cc4-bb65-203235f02415").locate(); + assertThat(objectLocator.found()).isTrue(); + assertThat(objectLocator.isMetadataComponent()).isFalse(); + assertThat(objectLocator.isComponent()).isFalse(); + assertThat(objectLocator.isService()).isFalse(); + assertThat(objectLocator.isVulnerability()).isTrue(); + assertThat(objectLocator.getObject()).isInstanceOf(Vulnerability.class); + } + + @Test + void shouldNotFailWhenUnableToLocate() { + final ObjectLocator objectLocator = new ObjectLocator(bom, "doesNotExist").locate(); + assertThat(objectLocator.found()).isFalse(); + assertThat(objectLocator.isMetadataComponent()).isFalse(); + assertThat(objectLocator.isComponent()).isFalse(); + assertThat(objectLocator.isService()).isFalse(); + assertThat(objectLocator.isVulnerability()).isFalse(); + assertThat(objectLocator.getObject()).isNull(); + } + +} \ No newline at end of file diff --git a/src/test/java/org/cyclonedx/util/TimestampUtilsTest.java b/src/test/java/org/cyclonedx/util/TimestampUtilsTest.java new file mode 100644 index 0000000000..c973a27c3a --- /dev/null +++ b/src/test/java/org/cyclonedx/util/TimestampUtilsTest.java @@ -0,0 +1,52 @@ +package org.cyclonedx.util; + +import java.util.Date; + +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; + +public class TimestampUtilsTest +{ + @Test + public void testParseTimestampValid() { + String validTimestamp = "2023-10-01T12:34:56.789+00:00"; + Date date = TimestampUtils.parseTimestamp(validTimestamp); + assertNotNull(date); + } + + @Test + public void testParseTimestampWithZ() { + String validTimestampWithZ = "2021-01-01T00:00:00.000Z"; + Date date = TimestampUtils.parseTimestamp(validTimestampWithZ); + assertNotNull(date); + } + + @Test + public void testParseTimestampValidWithoutMilliseconds() { + String validTimestamp = "2023-10-01T12:34:56+00:00"; + Date date = TimestampUtils.parseTimestamp(validTimestamp); + assertNotNull(date); + } + + @Test + public void testParseTimestampInvalid() { + String invalidTimestamp = "invalid-timestamp"; + Date date = TimestampUtils.parseTimestamp(invalidTimestamp); + assertNull(date); + } + + @Test + public void testParseTimestampNull() { + Date date = TimestampUtils.parseTimestamp(null); + assertNull(date); + } + + @Test + public void testParseTimestampEmpty() { + String emptyTimestamp = ""; + Date date = TimestampUtils.parseTimestamp(emptyTimestamp); + assertNull(date); + } +} diff --git a/src/test/resources/1.5/valid-evidence-1.5_2.json b/src/test/resources/1.5/valid-evidence-1.5_2.json new file mode 100644 index 0000000000..2e645c9e41 --- /dev/null +++ b/src/test/resources/1.5/valid-evidence-1.5_2.json @@ -0,0 +1,131 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "group": "com.google.code.findbugs", + "name": "findbugs-project", + "version": "3.0.0", + "licenses": [ + { + "license": { + "id": "LGPL-3.0-or-later", + "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0", + "evidence": { + "identity": { + "field": "purl", + "confidence": 1, + "methods": [ + { + "technique": "filename", + "confidence": 0.1, + "value": "findbugs-project-3.0.0.jar" + }, + { + "technique": "ast-fingerprint", + "confidence": 0.9, + "value": "61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab" + }, + { + "technique": "hash-comparison", + "confidence": 0.7, + "value": "7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf" + } + ], + "tools": [ + "bom-ref-of-tool-that-performed-analysis" + ] + }, + "occurrences": [ + { + "bom-ref": "d6bf237e-4e11-4713-9f62-56d18d5e2079", + "location": "/path/to/component" + }, + { + "bom-ref": "b574d5d1-e3cf-4dcd-9ba5-f3507eb1b175", + "location": "/another/path/to/component" + } + ], + "callstack": { + "frames": [ + { + + "package": "com.apache.logging.log4j.core", + "module": "Logger.class", + "function": "logMessage", + "parameters": [ + "com.acme.HelloWorld", "Level.INFO", "null", "Hello World" + ], + "line": 150, + "column": 17, + "fullFilename": "/path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class" + }, + { + "module": "HelloWorld.class", + "function": "main", + "line": 20, + "column": 12, + "fullFilename": "/path/to/HelloWorld.class" + } + ] + }, + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + }, + { + "license": { + "id": "LGPL-2.1-only", + "url": "https://opensource.org/licenses/LGPL-2.1" + } + } + ], + "copyright": [ + { + "text": "Copyright 2012 Google Inc. All Rights Reserved." + }, + { + "text": "Copyright (C) 2004,2005 Dave Brosius " + }, + { + "text": "Copyright (C) 2005 William Pugh" + }, + { + "text": "Copyright (C) 2004,2005 University of Maryland" + } + ] + } + }, + { + "type": "application", + "group": "com.example", + "name": "example-project", + "version": "1.0.0", + "purl": "pkg:maven/com.example/example-project@1.0.0", + "evidence": { + "identity": + { + "field": "group", + "confidence": 0.1, + "methods": [ + { + "technique": "filename", + "confidence": 0.1, + "value": "example-project-1.0.0.jar" + } + ] + } + } + } + ] +} diff --git a/src/test/resources/1.5/valid-evidence-1.5_2.xml b/src/test/resources/1.5/valid-evidence-1.5_2.xml new file mode 100644 index 0000000000..27509c66e3 --- /dev/null +++ b/src/test/resources/1.5/valid-evidence-1.5_2.xml @@ -0,0 +1,111 @@ + + + + + com.google.code.findbugs + findbugs-project + 3.0.0 + + + LGPL-3.0-or-later + https://www.gnu.org/licenses/lgpl-3.0-standalone.html + + + pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0 + + + purl + 1 + + + filename + 0.1 + findbugs-project-3.0.0.jar + + + ast-fingerprint + 0.9 + 61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab + + + hash-comparison + 0.7 + 7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf + + + + + + + + + /path/to/component + + + /another/path/to/component + + + + + + com.apache.logging.log4j.core + Logger.class + logMessage + + com.acme.HelloWorld + Level.INFO + null + Hello World + + 150 + 17 + /path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class + + + HelloWorld.class + main + 20 + 12 + /path/to/HelloWorld.class + + + + + + Apache-2.0 + http://www.apache.org/licenses/LICENSE-2.0 + + + LGPL-2.1-only + https://opensource.org/licenses/LGPL-2.1 + + + + + ]]> + + + + + + + com.example + example-project + 1.0.0 + pkg:maven/com.example/example-project@1.0.0 + + + group + 0.1 + + + filename + 0.1 + example-project-1.0.0.jar + + + + + + + diff --git a/src/test/resources/1.5/valid-vulnerability-tool-1.5.json b/src/test/resources/1.5/valid-vulnerability-tool-1.5.json new file mode 100644 index 0000000000..df7bdc1982 --- /dev/null +++ b/src/test/resources/1.5/valid-vulnerability-tool-1.5.json @@ -0,0 +1,154 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "type": "library", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.4", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + } + ], + "vulnerabilities": [ + { + "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", + "source": { + "name": "Snyk", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + }, + "references": [ + { + "id": "CVE-2018-7489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ], + "ratings": [ + { + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + }, + "score": 9.8, + "severity": "critical", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "justification": "An optional reason for rating the vulnerability as it was" + } + ], + "cwes": [ + 184, + 502 + ], + "description": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", + "detail": "", + "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/1931" + } + ], + "created": "2021-01-01T00:00:00.000Z", + "published": "2021-01-01T00:00:00.000Z", + "updated": "2021-01-01T00:00:00.000Z", + "credits": { + "organizations": [ + { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ] + } + ], + "individuals": [ + { + "name": "Jane Doe", + "email": "jane.doe@example.com" + } + ] + }, + "tools": { + "components": [ + { + "type": "application", + "group": "Snyk", + "name": "Snyk CLI (Linux)", + "version": "1.729.0", + "hashes": [ + { + "alg": "SHA-256", + "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ], + "services": [ + { + "provider": { + "name": "Acme Inc" + }, + "name": "Acme BOM Analyzer", + "endpoints": [ + "https://example.com/analyze" + ] + } + ] + }, + "analysis": { + "state": "not_affected", + "justification": "code_not_reachable", + "response": ["will_not_fix", "update"], + "detail": "An optional explanation of why the application is not affected by the vulnerable component." + }, + "affects": [ + { + "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "versions": [ + { + "range": "vers:semver/<2.6.7.5", + "status": "affected" + }, + { + "range": "vers:semver/2.7.0|<2.8.11.1", + "status": "affected" + }, + { + "range": "vers:semver/2.9.0|<2.9.5", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "You" + }, + { + "name": "Foo", + "value": "Two" + }, + { + "name": "Bar", + "value": "Foo" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-vulnerability-tool-1.5.textproto b/src/test/resources/1.5/valid-vulnerability-tool-1.5.textproto new file mode 100644 index 0000000000..703925da23 --- /dev/null +++ b/src/test/resources/1.5/valid-vulnerability-tool-1.5.textproto @@ -0,0 +1,137 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + group: "com.fasterxml.jackson.core" + name: "jackson-databind" + version: "2.9.4" + purl: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" +} +vulnerabilities { + bom_ref: "6eee14da-8f42-4cc4-bb65-203235f02415" + id: "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + source: { + name: "Snyk" + url: "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + } + references: { + id: "CVE-2018-7489" + source: { + name: "NVD", + url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ratings: { + source: { + name: "NVD" + url: "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + } + score: 9.8 + severity: SEVERITY_CRITICAL + method: SCORE_METHOD_CVSSV3 + vector: "AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + justification: "An optional reason for rating the vulnerability as it was" + } + cwes: 184 + cwes: 502 + description: "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath." + detail: "" + recommendation: "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher." + advisories: { + title: "GitHub Commit" + url: "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + } + advisories: { + title: "GitHub Issue" + url: "https://github.com/FasterXML/jackson-databind/issues/1931" + } + created: { + seconds: 3173618478 + nanos: 3 + } + published: { + seconds: 3173618478 + nanos: 3 + } + updated: { + seconds: 3173618478 + nanos: 3 + } + credits: { + organizations: { + name: "Acme, Inc." + url: "https://example.com" + } + individuals: { + name: "Jane Doe" + email: "jane.doe@example.com" + } + } + tools: { + components: [ + { + type: CLASSIFICATION_APPLICATION, + group: "Snyk", + name: "Snyk CLI (Linux)", + version: "1.729.0", + hashes: [ + { + alg: HASH_ALG_SHA_256 + value: "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ] + services: [ + { + provider: { + name: "Acme Inc" + }, + name: "Acme BOM Analyzer", + endpoints: [ + "https://example.com/analyze" + ] + } + ] + } + analysis: { + state: IMPACT_ANALYSIS_STATE_NOT_AFFECTED + justification: IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_REACHABLE + response: VULNERABILITY_RESPONSE_WILL_NOT_FIX + response: VULNERABILITY_RESPONSE_UPDATE + detail: "An optional explanation of why the application is not affected by the vulnerable component." + } + affects: { + ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + versions: { + range: "vers:semver/<2.6.7.5" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + versions: { + range: "vers:semver/2.7.0|<2.8.11.1" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + versions: { + range: "vers:semver/2.9.0|<2.9.5" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + } + properties { + name: "Foo" + value: "Bar" + } + properties { + name: "Foo" + value: "You" + } + properties { + name: "Foo" + value: "Two" + } + properties { + name: "Bar" + value: "Foo" + } +} diff --git a/src/test/resources/1.5/valid-vulnerability-tool-1.5.xml b/src/test/resources/1.5/valid-vulnerability-tool-1.5.xml new file mode 100644 index 0000000000..a32d62d0c2 --- /dev/null +++ b/src/test/resources/1.5/valid-vulnerability-tool-1.5.xml @@ -0,0 +1,140 @@ + + + + + com.fasterxml.jackson.core + jackson-databind + 2.9.4 + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + + + SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + Snyk + https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + + + + NVD + https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0 + + 9.8 + critical + CVSSv3 + AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + An optional reason for rating the vulnerability as it was + + + + 184 + 502 + + FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. + + Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher. + + + GitHub Commit + https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2 + + + GitHub Issue + https://github.com/FasterXML/jackson-databind/issues/1931 + + + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + + + + Acme, Inc. + https://example.com + + + + + Jane Doe + jane.doe@example.com + + + + + + + Snyk + Snyk CLI (Linux) + 1.729.0 + + 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d + + + + + + + Acme Inf + + Acme BOM Analyzer + + https://example.com/analyze + + + + + + not_affected + code_not_reachable + + will_not_fix + update + + An optional explanation of why the application is not affected by the vulnerable component. + + + + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + vers:semver/<2.6.7.5 + affected + + + vers:semver/2.7.0|<2.8.11.1 + affected + + + vers:semver/2.9.0|<2.9.5 + affected + + + + + + Bar + You + Two + Foo + + + + diff --git a/src/test/resources/1.5/valid-vulnerability-tool-deprecated-1.5.json b/src/test/resources/1.5/valid-vulnerability-tool-deprecated-1.5.json new file mode 100644 index 0000000000..112a083990 --- /dev/null +++ b/src/test/resources/1.5/valid-vulnerability-tool-deprecated-1.5.json @@ -0,0 +1,140 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "type": "library", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.4", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + } + ], + "vulnerabilities": [ + { + "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", + "source": { + "name": "Snyk", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + }, + "references": [ + { + "id": "CVE-2018-7489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ], + "ratings": [ + { + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + }, + "score": 9.8, + "severity": "critical", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "justification": "An optional reason for rating the vulnerability as it was" + } + ], + "cwes": [ + 184, + 502 + ], + "description": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", + "detail": "", + "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/1931" + } + ], + "created": "2021-01-01T00:00:00.000Z", + "published": "2021-01-01T00:00:00.000Z", + "updated": "2021-01-01T00:00:00.000Z", + "credits": { + "organizations": [ + { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ] + } + ], + "individuals": [ + { + "name": "Jane Doe", + "email": "jane.doe@example.com" + } + ] + }, + "tools": [ + { + "vendor": "Snyk", + "name": "Snyk CLI (Linux)", + "version": "1.729.0", + "hashes": [ + { + "alg": "SHA-256", + "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ], + "analysis": { + "state": "not_affected", + "justification": "code_not_reachable", + "response": ["will_not_fix", "update"], + "detail": "An optional explanation of why the application is not affected by the vulnerable component." + }, + "affects": [ + { + "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "versions": [ + { + "range": "vers:semver/<2.6.7.5", + "status": "affected" + }, + { + "range": "vers:semver/2.7.0|<2.8.11.1", + "status": "affected" + }, + { + "range": "vers:semver/2.9.0|<2.9.5", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "You" + }, + { + "name": "Foo", + "value": "Two" + }, + { + "name": "Bar", + "value": "Foo" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-vulnerability-tool-deprecated-1.5.textproto b/src/test/resources/1.5/valid-vulnerability-tool-deprecated-1.5.textproto new file mode 100644 index 0000000000..4cecc1285c --- /dev/null +++ b/src/test/resources/1.5/valid-vulnerability-tool-deprecated-1.5.textproto @@ -0,0 +1,119 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + group: "com.fasterxml.jackson.core" + name: "jackson-databind" + version: "2.9.4" + purl: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" +} +vulnerabilities { + bom_ref: "6eee14da-8f42-4cc4-bb65-203235f02415" + id: "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + source: { + name: "Snyk" + url: "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + } + references: { + id: "CVE-2018-7489" + source: { + name: "NVD", + url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ratings: { + source: { + name: "NVD" + url: "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + } + score: 9.8 + severity: SEVERITY_CRITICAL + method: SCORE_METHOD_CVSSV3 + vector: "AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + justification: "An optional reason for rating the vulnerability as it was" + } + cwes: 184 + cwes: 502 + description: "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath." + detail: "" + recommendation: "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher." + advisories: { + title: "GitHub Commit" + url: "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + } + advisories: { + title: "GitHub Issue" + url: "https://github.com/FasterXML/jackson-databind/issues/1931" + } + created: { + seconds: 3173618478 + nanos: 3 + } + published: { + seconds: 3173618478 + nanos: 3 + } + updated: { + seconds: 3173618478 + nanos: 3 + } + credits: { + organizations: { + name: "Acme, Inc." + url: "https://example.com" + } + individuals: { + name: "Jane Doe" + email: "jane.doe@example.com" + } + } + tools: { + vendor: "Snyk" + name: "Snyk CLI (Linux)" + version: "1.729.0" + hashes: { + alg: HASH_ALG_SHA_256 + value: "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + } + analysis: { + state: IMPACT_ANALYSIS_STATE_NOT_AFFECTED + justification: IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_REACHABLE + response: VULNERABILITY_RESPONSE_WILL_NOT_FIX + response: VULNERABILITY_RESPONSE_UPDATE + detail: "An optional explanation of why the application is not affected by the vulnerable component." + } + affects: { + ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + versions: { + range: "vers:semver/<2.6.7.5" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + versions: { + range: "vers:semver/2.7.0|<2.8.11.1" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + versions: { + range: "vers:semver/2.9.0|<2.9.5" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + } + properties { + name: "Foo" + value: "Bar" + } + properties { + name: "Foo" + value: "You" + } + properties { + name: "Foo" + value: "Two" + } + properties { + name: "Bar" + value: "Foo" + } +} diff --git a/src/test/resources/1.5/valid-vulnerability-tool-deprecated-1.5.xml b/src/test/resources/1.5/valid-vulnerability-tool-deprecated-1.5.xml new file mode 100644 index 0000000000..3328900047 --- /dev/null +++ b/src/test/resources/1.5/valid-vulnerability-tool-deprecated-1.5.xml @@ -0,0 +1,127 @@ + + + + + com.fasterxml.jackson.core + jackson-databind + 2.9.4 + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + + + SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + Snyk + https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + + + + NVD + https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0 + + 9.8 + critical + CVSSv3 + AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + An optional reason for rating the vulnerability as it was + + + + 184 + 502 + + FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. + + Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher. + + + GitHub Commit + https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2 + + + GitHub Issue + https://github.com/FasterXML/jackson-databind/issues/1931 + + + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + + + + Acme, Inc. + https://example.com + + + + + Jane Doe + jane.doe@example.com + + + + + + Snyk + Snyk CLI (Linux) + 1.729.0 + + 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d + + + + + not_affected + code_not_reachable + + will_not_fix + update + + An optional explanation of why the application is not affected by the vulnerable component. + + + + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + vers:semver/<2.6.7.5 + affected + + + vers:semver/2.7.0|<2.8.11.1 + affected + + + vers:semver/2.9.0|<2.9.5 + affected + + + + + + Bar + You + Two + Foo + + + + diff --git a/src/test/resources/1.6/invalid-bomformat-1.6.json b/src/test/resources/1.6/invalid-bomformat-1.6.json new file mode 100644 index 0000000000..f4874069c9 --- /dev/null +++ b/src/test/resources/1.6/invalid-bomformat-1.6.json @@ -0,0 +1,9 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "AnotherFormat", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + ] +} diff --git a/src/test/resources/1.6/invalid-component-ref-1.6.json b/src/test/resources/1.6/invalid-component-ref-1.6.json new file mode 100644 index 0000000000..b4856c5d31 --- /dev/null +++ b/src/test/resources/1.6/invalid-component-ref-1.6.json @@ -0,0 +1,21 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "bom-ref": "123", + "name": "acme-library", + "version": "1.0.0" + }, + { + "type": "library", + "bom-ref": "", + "name": "acme-library", + "version": "1.0.0" + } + ] +} diff --git a/src/test/resources/1.6/invalid-component-ref-1.6.xml b/src/test/resources/1.6/invalid-component-ref-1.6.xml new file mode 100644 index 0000000000..770efd83ec --- /dev/null +++ b/src/test/resources/1.6/invalid-component-ref-1.6.xml @@ -0,0 +1,25 @@ + + + + + acme-library + 1.0.0 + + + + acme-library + 1.0.0 + + + acme-library2 + 1.0.0 + + + + acme-library + 1.0.0 + + + + + diff --git a/src/test/resources/1.6/invalid-component-swid-1.6.json b/src/test/resources/1.6/invalid-component-swid-1.6.json new file mode 100644 index 0000000000..7acf18d4d1 --- /dev/null +++ b/src/test/resources/1.6/invalid-component-swid-1.6.json @@ -0,0 +1,19 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "swid": { + "name": "Acme Application", + "version": "9.1.1" + } + } + ] +} diff --git a/src/test/resources/1.6/invalid-component-swid-1.6.xml b/src/test/resources/1.6/invalid-component-swid-1.6.xml new file mode 100644 index 0000000000..453d02b9f2 --- /dev/null +++ b/src/test/resources/1.6/invalid-component-swid-1.6.xml @@ -0,0 +1,11 @@ + + + + + Acme Super Heros + Acme Application + 9.1.1 + + + + diff --git a/src/test/resources/1.6/invalid-component-type-1.6.json b/src/test/resources/1.6/invalid-component-type-1.6.json new file mode 100644 index 0000000000..bc5dd16ac5 --- /dev/null +++ b/src/test/resources/1.6/invalid-component-type-1.6.json @@ -0,0 +1,14 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "foo", + "name": "acme-library", + "version": "1.0.0" + } + ] +} diff --git a/src/test/resources/1.6/invalid-component-type-1.6.xml b/src/test/resources/1.6/invalid-component-type-1.6.xml new file mode 100644 index 0000000000..cd9738c693 --- /dev/null +++ b/src/test/resources/1.6/invalid-component-type-1.6.xml @@ -0,0 +1,9 @@ + + + + + acme-library + 1.0.0 + + + diff --git a/src/test/resources/1.6/invalid-dependency-1.6.json b/src/test/resources/1.6/invalid-dependency-1.6.json new file mode 100644 index 0000000000..e46c5ca20e --- /dev/null +++ b/src/test/resources/1.6/invalid-dependency-1.6.json @@ -0,0 +1,44 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "library-a", + "type": "library", + "name": "library-a", + "version": "1.0.0" + }, + { + "bom-ref": "library-b", + "type": "library", + "name": "library-b", + "version": "1.0.0" + }, + { + "bom-ref": "library-c", + "type": "library", + "name": "library-c", + "version": "1.0.0" + } + ], + "dependencies": [ + { + "dependsOn": [] + }, + { + "ref": "", + "dependsOn": [ + "library-a" + ] + }, + { + "ref": "library-b", + "dependsOn": [ + "library-c" + ] + } + ] +} diff --git a/src/test/resources/1.6/invalid-dependency-1.6.xml b/src/test/resources/1.6/invalid-dependency-1.6.xml new file mode 100644 index 0000000000..ae2daa3dba --- /dev/null +++ b/src/test/resources/1.6/invalid-dependency-1.6.xml @@ -0,0 +1,31 @@ + + + + + acme-library-a + 1.0.0 + + + acme-library-b + 1.0.0 + + + acme-library-b + 1.0.0 + + + + + + + + + + + + + + + + + diff --git a/src/test/resources/1.6/invalid-empty-component-1.6.json b/src/test/resources/1.6/invalid-empty-component-1.6.json new file mode 100644 index 0000000000..ced677ee5a --- /dev/null +++ b/src/test/resources/1.6/invalid-empty-component-1.6.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library" + } + ] +} diff --git a/src/test/resources/1.6/invalid-empty-component-1.6.xml b/src/test/resources/1.6/invalid-empty-component-1.6.xml new file mode 100644 index 0000000000..71d9e7ec3d --- /dev/null +++ b/src/test/resources/1.6/invalid-empty-component-1.6.xml @@ -0,0 +1,7 @@ + + + + + + + diff --git a/src/test/resources/1.6/invalid-hash-alg-1.6.json b/src/test/resources/1.6/invalid-hash-alg-1.6.json new file mode 100644 index 0000000000..a841909f85 --- /dev/null +++ b/src/test/resources/1.6/invalid-hash-alg-1.6.json @@ -0,0 +1,33 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "scope": "required", + "hashes": [ + { + "alg": "FOO", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ] + } + ] +} diff --git a/src/test/resources/1.6/invalid-hash-alg-1.6.xml b/src/test/resources/1.6/invalid-hash-alg-1.6.xml new file mode 100644 index 0000000000..dd45222bc5 --- /dev/null +++ b/src/test/resources/1.6/invalid-hash-alg-1.6.xml @@ -0,0 +1,16 @@ + + + + + acme-library + 1.0.0 + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + diff --git a/src/test/resources/1.6/invalid-hash-md5-1.6.json b/src/test/resources/1.6/invalid-hash-md5-1.6.json new file mode 100644 index 0000000000..37140dfe2d --- /dev/null +++ b/src/test/resources/1.6/invalid-hash-md5-1.6.json @@ -0,0 +1,33 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "foo" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ] + } + ] +} diff --git a/src/test/resources/1.6/invalid-hash-md5-1.6.xml b/src/test/resources/1.6/invalid-hash-md5-1.6.xml new file mode 100644 index 0000000000..8bf8c5260d --- /dev/null +++ b/src/test/resources/1.6/invalid-hash-md5-1.6.xml @@ -0,0 +1,16 @@ + + + + + acme-library + 1.0.0 + required + + foo + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + diff --git a/src/test/resources/1.6/invalid-hash-sha1-1.6.json b/src/test/resources/1.6/invalid-hash-sha1-1.6.json new file mode 100644 index 0000000000..ba3ef962a1 --- /dev/null +++ b/src/test/resources/1.6/invalid-hash-sha1-1.6.json @@ -0,0 +1,33 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "foo" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ] + } + ] +} diff --git a/src/test/resources/1.6/invalid-hash-sha1-1.6.xml b/src/test/resources/1.6/invalid-hash-sha1-1.6.xml new file mode 100644 index 0000000000..74f9eb227b --- /dev/null +++ b/src/test/resources/1.6/invalid-hash-sha1-1.6.xml @@ -0,0 +1,16 @@ + + + + + acme-library + 1.0.0 + required + + 3942447fac867ae5cdb3229b658f4d48 + foo + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + diff --git a/src/test/resources/1.6/invalid-hash-sha256-1.6.json b/src/test/resources/1.6/invalid-hash-sha256-1.6.json new file mode 100644 index 0000000000..1944c51dfb --- /dev/null +++ b/src/test/resources/1.6/invalid-hash-sha256-1.6.json @@ -0,0 +1,33 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "foo" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ] + } + ] +} diff --git a/src/test/resources/1.6/invalid-hash-sha256-1.6.xml b/src/test/resources/1.6/invalid-hash-sha256-1.6.xml new file mode 100644 index 0000000000..bcc3b57bc9 --- /dev/null +++ b/src/test/resources/1.6/invalid-hash-sha256-1.6.xml @@ -0,0 +1,16 @@ + + + + + acme-library + 1.0.0 + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + foo + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + diff --git a/src/test/resources/1.6/invalid-hash-sha512-1.6.json b/src/test/resources/1.6/invalid-hash-sha512-1.6.json new file mode 100644 index 0000000000..3065415cc3 --- /dev/null +++ b/src/test/resources/1.6/invalid-hash-sha512-1.6.json @@ -0,0 +1,33 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "foo" + } + ] + } + ] +} diff --git a/src/test/resources/1.6/invalid-hash-sha512-1.6.xml b/src/test/resources/1.6/invalid-hash-sha512-1.6.xml new file mode 100644 index 0000000000..d28277ca0d --- /dev/null +++ b/src/test/resources/1.6/invalid-hash-sha512-1.6.xml @@ -0,0 +1,16 @@ + + + + + acme-library + 1.0.0 + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + foo + + + + diff --git a/src/test/resources/1.6/invalid-issue-type-1.6.json b/src/test/resources/1.6/invalid-issue-type-1.6.json new file mode 100644 index 0000000000..4e05dae08a --- /dev/null +++ b/src/test/resources/1.6/invalid-issue-type-1.6.json @@ -0,0 +1,49 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "group": "com.acme", + "name": "sample-library", + "version": "1.0.0", + "pedigree": { + "ancestors": [ + { + "type": "library", + "group": "org.example", + "name": "sample-library", + "version": "1.0.0" + } + ], + "patches": [ + { + "type": "unofficial", + "diff": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "blah" + }, + "url": "uri/to/changes.diff" + }, + "resolves": [ + { + "type": "foo", + "id": "JIRA-17240", + "description": "Great new feature that does something", + "source": { + "name": "Acme Org", + "url": "https://issues.acme.org/17240" + } + } + ] + } + ] + } + } + ] +} diff --git a/src/test/resources/1.6/invalid-issue-type-1.6.xml b/src/test/resources/1.6/invalid-issue-type-1.6.xml new file mode 100644 index 0000000000..8fbb2fb2c3 --- /dev/null +++ b/src/test/resources/1.6/invalid-issue-type-1.6.xml @@ -0,0 +1,37 @@ + + + + + com.acme + sample-library + 1.0.0 + + + + org.example + sample-library + 1.0.0 + + + + + + blah + uri/to/changes.diff + + + + JIRA-17240 + Great new feature that does something + + Acme Org + https://issues.acme.org/17240 + + + + + + + + + diff --git a/src/test/resources/1.6/invalid-license-choice-1.6.json b/src/test/resources/1.6/invalid-license-choice-1.6.json new file mode 100644 index 0000000000..8977bdad06 --- /dev/null +++ b/src/test/resources/1.6/invalid-license-choice-1.6.json @@ -0,0 +1,24 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "licenses": [ + { + "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", + "license": { + "name": "Apache License 2.0" + } + } + ] + } + ] +} diff --git a/src/test/resources/1.6/invalid-license-choice-1.6.xml b/src/test/resources/1.6/invalid-license-choice-1.6.xml new file mode 100644 index 0000000000..2c51eefcba --- /dev/null +++ b/src/test/resources/1.6/invalid-license-choice-1.6.xml @@ -0,0 +1,26 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.6/invalid-license-encoding-1.6.json b/src/test/resources/1.6/invalid-license-encoding-1.6.json new file mode 100644 index 0000000000..2c6c074f95 --- /dev/null +++ b/src/test/resources/1.6/invalid-license-encoding-1.6.json @@ -0,0 +1,29 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "text": { + "contentType": "text/plain", + "encoding": "base85", + "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" + }, + "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ] + } + ] +} diff --git a/src/test/resources/1.6/invalid-license-encoding-1.6.xml b/src/test/resources/1.6/invalid-license-encoding-1.6.xml new file mode 100644 index 0000000000..9619c6b01f --- /dev/null +++ b/src/test/resources/1.6/invalid-license-encoding-1.6.xml @@ -0,0 +1,27 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.6/invalid-license-id-1.6.json b/src/test/resources/1.6/invalid-license-id-1.6.json new file mode 100644 index 0000000000..c183abc6a3 --- /dev/null +++ b/src/test/resources/1.6/invalid-license-id-1.6.json @@ -0,0 +1,23 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "licenses": [ + { + "license": { + "id": "Apache-2" + } + } + ] + } + ] +} diff --git a/src/test/resources/1.6/invalid-license-id-1.6.xml b/src/test/resources/1.6/invalid-license-id-1.6.xml new file mode 100644 index 0000000000..0497e1188c --- /dev/null +++ b/src/test/resources/1.6/invalid-license-id-1.6.xml @@ -0,0 +1,27 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.6/invalid-license-id-count-1.6.xml b/src/test/resources/1.6/invalid-license-id-count-1.6.xml new file mode 100644 index 0000000000..3c21750a55 --- /dev/null +++ b/src/test/resources/1.6/invalid-license-id-count-1.6.xml @@ -0,0 +1,27 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + MIT + + MIT + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.json b/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.json new file mode 100644 index 0000000000..b70f8f6d9b --- /dev/null +++ b/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.json @@ -0,0 +1,20 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "license-with-no-id-nor-name", + "version": "23", + "description": "testcase for issue#288", + "licenses": [ + { + "license": {} + } + ] + } + ] +} diff --git a/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.textproto b/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.textproto new file mode 100644 index 0000000000..db656e6ebb --- /dev/null +++ b/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.textproto @@ -0,0 +1,15 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + name: "license-with-no-id-nor-name" + version: "23" + description: "testcase for issue#288" + licenses { + license {} + } +} \ No newline at end of file diff --git a/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.xml b/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.xml new file mode 100644 index 0000000000..34fff4ec10 --- /dev/null +++ b/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.xml @@ -0,0 +1,13 @@ + + + + + license-with-no-id-nor-name + 23 + testcase for issue#288 + + + + + + \ No newline at end of file diff --git a/src/test/resources/1.6/invalid-license-name-count-1.6.xml b/src/test/resources/1.6/invalid-license-name-count-1.6.xml new file mode 100644 index 0000000000..3e91550d70 --- /dev/null +++ b/src/test/resources/1.6/invalid-license-name-count-1.6.xml @@ -0,0 +1,27 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache License 2.0 + + Apache License 2.0 + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.6/invalid-metadata-license-1.6.json b/src/test/resources/1.6/invalid-metadata-license-1.6.json new file mode 100644 index 0000000000..9db03c9489 --- /dev/null +++ b/src/test/resources/1.6/invalid-metadata-license-1.6.json @@ -0,0 +1,17 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "licenses": [ + { + "license": { + "id": "Apache-2" + } + } + ] + }, + "components": [] +} diff --git a/src/test/resources/1.6/invalid-metadata-license-1.6.xml b/src/test/resources/1.6/invalid-metadata-license-1.6.xml new file mode 100644 index 0000000000..f0f716bb5e --- /dev/null +++ b/src/test/resources/1.6/invalid-metadata-license-1.6.xml @@ -0,0 +1,11 @@ + + + + + + Apache-2 + + + + + \ No newline at end of file diff --git a/src/test/resources/1.6/invalid-metadata-timestamp-1.6.json b/src/test/resources/1.6/invalid-metadata-timestamp-1.6.json new file mode 100644 index 0000000000..14bbdee56a --- /dev/null +++ b/src/test/resources/1.6/invalid-metadata-timestamp-1.6.json @@ -0,0 +1,11 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "timestamp": "2020-04-13" + }, + "components": [] +} diff --git a/src/test/resources/1.6/invalid-metadata-timestamp-1.6.xml b/src/test/resources/1.6/invalid-metadata-timestamp-1.6.xml new file mode 100644 index 0000000000..db47d8df1d --- /dev/null +++ b/src/test/resources/1.6/invalid-metadata-timestamp-1.6.xml @@ -0,0 +1,7 @@ + + + + 2020-04-07 + + + diff --git a/src/test/resources/1.6/invalid-missing-component-type-1.6.json b/src/test/resources/1.6/invalid-missing-component-type-1.6.json new file mode 100644 index 0000000000..ea53406f92 --- /dev/null +++ b/src/test/resources/1.6/invalid-missing-component-type-1.6.json @@ -0,0 +1,13 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "name": "acme-library", + "version": "1.0.0" + } + ] +} diff --git a/src/test/resources/1.6/invalid-missing-component-type-1.6.xml b/src/test/resources/1.6/invalid-missing-component-type-1.6.xml new file mode 100644 index 0000000000..d467421f32 --- /dev/null +++ b/src/test/resources/1.6/invalid-missing-component-type-1.6.xml @@ -0,0 +1,9 @@ + + + + + acme-library + 1.0.0 + + + diff --git a/src/test/resources/1.6/invalid-namespace-1.6.xml b/src/test/resources/1.6/invalid-namespace-1.6.xml new file mode 100644 index 0000000000..9e42be401b --- /dev/null +++ b/src/test/resources/1.6/invalid-namespace-1.6.xml @@ -0,0 +1,118 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + Apache Catalina + + + Apache-2.0 + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-07T22:01:45Z + John Doe + john.doe@example.com + + + 2018-11-07T22:01:45Z + Jane Doe + jane.doe@example.com + + Initial commit + + + Commentary here + + + + org.example + mylibrary + 1.0.0 + required + + 2342c2eaf1feb9a80195dbaddf2ebaa3 + 68b78babe00a053f9e35ec6a2d9080f5b90122b0 + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 + 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef + + + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + + Copyright Example Inc. All rights reserved. + cpe:/a:example:myapplication:1.0.0 + pkg:maven/com.example/myapplication@1.0.0?packaging=war + false + + + http://example.org/docs + All component versions are documented here + + + http://example.org/security + + + + + com.example + myframework + 1.0.0 + Example Inc, enterprise framework + required + + cfcb0b64aacd2f81c1cd546543de965a + 7fbeef2346c45d565c3341f037bce4e088af8a52 + 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 + 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 + + + + Some random license + + + pkg:maven/com.example/myframework@1.0.0?packaging=war + false + + + http://example.com/myframework + + + http://example.com/security + + + + + diff --git a/src/test/resources/1.6/invalid-patch-type-1.6.json b/src/test/resources/1.6/invalid-patch-type-1.6.json new file mode 100644 index 0000000000..51de20b1ec --- /dev/null +++ b/src/test/resources/1.6/invalid-patch-type-1.6.json @@ -0,0 +1,49 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "group": "com.acme", + "name": "sample-library", + "version": "1.0.0", + "pedigree": { + "ancestors": [ + { + "type": "library", + "group": "org.example", + "name": "sample-library", + "version": "1.0.0" + } + ], + "patches": [ + { + "type": "foo", + "diff": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "blah" + }, + "url": "uri/to/changes.diff" + }, + "resolves": [ + { + "type": "enhancement", + "id": "JIRA-17240", + "description": "Great new feature that does something", + "source": { + "name": "Acme Org", + "url": "https://issues.acme.org/17240" + } + } + ] + } + ] + } + } + ] +} diff --git a/src/test/resources/1.6/invalid-patch-type-1.6.xml b/src/test/resources/1.6/invalid-patch-type-1.6.xml new file mode 100644 index 0000000000..78cff1fdda --- /dev/null +++ b/src/test/resources/1.6/invalid-patch-type-1.6.xml @@ -0,0 +1,37 @@ + + + + + com.acme + sample-library + 1.0.0 + + + + org.example + sample-library + 1.0.0 + + + + + + blah + uri/to/changes.diff + + + + JIRA-17240 + Great new feature that does something + + Acme Org + https://issues.acme.org/17240 + + + + + + + + + diff --git a/src/test/resources/1.6/invalid-properties-1.6.json b/src/test/resources/1.6/invalid-properties-1.6.json new file mode 100644 index 0000000000..219544f300 --- /dev/null +++ b/src/test/resources/1.6/invalid-properties-1.6.json @@ -0,0 +1,69 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:bcb403ae-91fa-436e-bc93-84d1078cdeed", + "version": 1, + "metadata": { + "properties": [ + { + "value": "missing a name" + }, + { + "unexpected-property": "foo" + }, + {} + ] + }, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "properties": [ + { + "value": "missing a name" + }, + { + "unexpected-property": "foo" + }, + {} + ] + } + } + ], + "properties": [ + { + "value": "missing a name" + }, + { + "unexpected-property": "foo" + }, + {} + ] + } + ], + "services": [ + { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "group": "org.partner", + "name": "Stock ticker service", + "endpoints": [ + "https://partner.org/api/v1/stock" + ], + "properties": [ + { + "value": "missing a name" + }, + { + "unexpected-property": "foo" + }, + {} + ] + } + ] +} diff --git a/src/test/resources/1.6/invalid-properties-1.6.textproto b/src/test/resources/1.6/invalid-properties-1.6.textproto new file mode 100644 index 0000000000..a707e762f3 --- /dev/null +++ b/src/test/resources/1.6/invalid-properties-1.6.textproto @@ -0,0 +1,48 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:bcb403ae-91fa-436e-bc93-84d1078cdeed" +metadata { + properties { + value: "missing a name" + } + properties { + # no name and no value + } +} +components { + type: CLASSIFICATION_LIBRARY + name: "acme-library" + version: "1.0.0" + licenses { + license { + id: "Apache-2.0" + properties { + value: "missing a name" + } + properties { + # no name and no value + } + } + } + properties { + value: "missing a name" + } + properties { + # no name and no value + } +} +services { + bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + group: "org.partner" + name: "Stock ticker service" + endpoints: "https://partner.org/api/v1/stock" + properties { + value: "missing a name" + } + properties { + # no name and no value + } +} diff --git a/src/test/resources/1.6/invalid-properties-1.6.xml b/src/test/resources/1.6/invalid-properties-1.6.xml new file mode 100644 index 0000000000..9c54127f01 --- /dev/null +++ b/src/test/resources/1.6/invalid-properties-1.6.xml @@ -0,0 +1,41 @@ + + + + + missing a name + + + + + + acme-library + 1.0.0 + + + Apache-2.0 + + missing a name + + + + + + missing a name + + + + + + + org.partner + Stock ticker service + + https://partner.org/api/v1/stock + + + missing a name + + + + + diff --git a/src/test/resources/1.6/invalid-scope-1.6.json b/src/test/resources/1.6/invalid-scope-1.6.json new file mode 100644 index 0000000000..dcc78ab57c --- /dev/null +++ b/src/test/resources/1.6/invalid-scope-1.6.json @@ -0,0 +1,15 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "scope": "foo" + } + ] +} diff --git a/src/test/resources/1.6/invalid-scope-1.6.xml b/src/test/resources/1.6/invalid-scope-1.6.xml new file mode 100644 index 0000000000..d6e615aae4 --- /dev/null +++ b/src/test/resources/1.6/invalid-scope-1.6.xml @@ -0,0 +1,10 @@ + + + + + acme-library + 1.0.0 + foo + + + diff --git a/src/test/resources/1.6/invalid-serialnumber-1.6.json b/src/test/resources/1.6/invalid-serialnumber-1.6.json new file mode 100644 index 0000000000..9aea4ae490 --- /dev/null +++ b/src/test/resources/1.6/invalid-serialnumber-1.6.json @@ -0,0 +1,9 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", + "version": 1, + "components": [ + ] +} diff --git a/src/test/resources/1.6/invalid-serialnumber-1.6.xml b/src/test/resources/1.6/invalid-serialnumber-1.6.xml new file mode 100644 index 0000000000..10e8ae0fa4 --- /dev/null +++ b/src/test/resources/1.6/invalid-serialnumber-1.6.xml @@ -0,0 +1,118 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + Apache Catalina + + + Apache-2.0 + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-07T22:01:45Z + John Doe + john.doe@example.com + + + 2018-11-07T22:01:45Z + Jane Doe + jane.doe@example.com + + Initial commit + + + Commentary here + + + + org.example + mylibrary + 1.0.0 + required + + 2342c2eaf1feb9a80195dbaddf2ebaa3 + 68b78babe00a053f9e35ec6a2d9080f5b90122b0 + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 + 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef + + + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + + Copyright Example Inc. All rights reserved. + cpe:/a:example:myapplication:1.0.0 + pkg:maven/com.example/myapplication@1.0.0?packaging=war + false + + + http://example.org/docs + All component versions are documented here + + + http://example.org/security + + + + + com.example + myframework + 1.0.0 + Example Inc, enterprise framework + required + + cfcb0b64aacd2f81c1cd546543de965a + 7fbeef2346c45d565c3341f037bce4e088af8a52 + 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 + 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 + + + + Some random license + + + pkg:maven/com.example/myframework@1.0.0?packaging=war + false + + + http://example.com/myframework + + + http://example.com/security + + + + + diff --git a/src/test/resources/1.6/invalid-service-data-1.6.json b/src/test/resources/1.6/invalid-service-data-1.6.json new file mode 100644 index 0000000000..9fb86ef619 --- /dev/null +++ b/src/test/resources/1.6/invalid-service-data-1.6.json @@ -0,0 +1,21 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "services": [ + { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "name": "Stock ticker service", + "authenticated": true, + "x-trust-boundary": true, + "data": [ + { + "classification": "foo", + "flow": "bar" + } + ] + } + ] +} diff --git a/src/test/resources/1.6/invalid-service-data-1.6.xml b/src/test/resources/1.6/invalid-service-data-1.6.xml new file mode 100644 index 0000000000..0d1a2bf36f --- /dev/null +++ b/src/test/resources/1.6/invalid-service-data-1.6.xml @@ -0,0 +1,11 @@ + + + + + Stock ticker service + + bar + + + + diff --git a/src/test/resources/1.6/valid-annotation-1.6.json b/src/test/resources/1.6/valid-annotation-1.6.json new file mode 100644 index 0000000000..108d5ed8de --- /dev/null +++ b/src/test/resources/1.6/valid-annotation-1.6.json @@ -0,0 +1,110 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "component-a", + "type": "library", + "name": "Component A", + "version": "1.0.0" + } + ], + "annotations": [ + { + "bom-ref": "annotation-1", + "subjects": [ + "component-a" + ], + "annotator": { + "organization": { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "name": "Acme Professional Services", + "email": "professional.services@example.com" + } + ] + } + }, + "timestamp": "2022-01-01T00:00:00Z", + "text": "This is a sample annotation made by an organization" + }, + { + "bom-ref": "annotation-2", + "subjects": [ + "component-a" + ], + "annotator": { + "individual": { + "name": "Samantha Wright", + "email": "samantha.wright@example.com", + "phone": "800-555-1212" + } + }, + "timestamp": "2022-01-01T00:00:00Z", + "text": "This is a sample annotation made by a person" + }, + { + "bom-ref": "annotation-3", + "subjects": [ + "component-a" + ], + "annotator": { + "component": { + "type": "application", + "name": "Awesome Tool", + "version": "9.1.2" + } + }, + "timestamp": "2022-01-01T00:00:00Z", + "text": "This is a sample annotation made by a component" + }, + { + "bom-ref": "annotation-4", + "subjects": [ + "component-a" + ], + "annotator": { + "service": { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "provider": { + "name": "Partner Org", + "url": [ + "https://partner.org" + ], + "contact" : [ + { + "name": "Support", + "email": "support@partner.org", + "phone": "800-555-1212" + } + ] + }, + "group": "org.partner", + "name": "BOM Annotation Service", + "version": "2020-Q2", + "endpoints": [ + "https://partner.org/api/v1/inspect", + "https://partner.org/api/v1/annotate" + ], + "authenticated": true, + "x-trust-boundary": true, + "data": [ + { + "classification": "public", + "flow": "bi-directional" + } + ] + } + }, + "timestamp": "2022-01-01T00:00:00Z", + "text": "This is a sample annotation made by a service" + } + ] +} diff --git a/src/test/resources/1.6/valid-annotation-1.6.textproto b/src/test/resources/1.6/valid-annotation-1.6.textproto new file mode 100644 index 0000000000..8db9771802 --- /dev/null +++ b/src/test/resources/1.6/valid-annotation-1.6.textproto @@ -0,0 +1,97 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "component-a" + name: "Component A" + version: "1.0.0" +} +annotations { + bom_ref: "annotation-1" + subjects: "component-a" + annotator: { + organization: { + name: "Acme, Inc." + url: "https://example.com" + contact { + name: "Acme Professional Services" + email: "professional.services@example.com" + } + } + } + timestamp { + seconds: 1640995200 + nanos: 0 + } + text: "This is a sample annotation made by an organization" +} +annotations { + bom_ref: "annotation-2" + subjects: "component-a" + annotator: { + individual { + name: "Samantha Wright" + email: "samantha.wright@example.com" + phone: "800-555-1212" + } + } + timestamp { + seconds: 1640995200 + nanos: 0 + } + text: "This is a sample annotation made by a person" +} +annotations { + bom_ref: "annotation-3" + subjects: "component-a" + annotator: { + component { + type: CLASSIFICATION_APPLICATION + name: "Awesome Tool" + version: "9.1.2" + } + } + timestamp { + seconds: 1640995200 + nanos: 0 + } + text: "This is a sample annotation made by a component" +} +annotations { + bom_ref: "annotation-4" + subjects: "component-a" + annotator: { + service { + bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + provider { + name: "Partner Org" + url: "https://partner.org" + contact { + name: "Support" + email: "support@partner.org" + phone: "800-555-1212" + } + } + group: "org.partner" + name: "BOM Annotation Service" + version: "2020-Q2" + endpoints: "https://partner.org/api/v1/inspect" + endpoints: "https://partner.org/api/v1/annotate" + authenticated: true + x_trust_boundary: true + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "public" + } + } + } + timestamp { + seconds: 1640995200 + nanos: 0 + } + text: "This is a sample annotation made by a service" +} diff --git a/src/test/resources/1.6/valid-annotation-1.6.xml b/src/test/resources/1.6/valid-annotation-1.6.xml new file mode 100644 index 0000000000..c329a23c1d --- /dev/null +++ b/src/test/resources/1.6/valid-annotation-1.6.xml @@ -0,0 +1,87 @@ + + + + + Component A + 1.0.0 + + + + + + + + + + Acme, Inc. + https://example.com + + Acme Professional Services + professional.services@example.com + + + + 2022-01-01T00:00:00Z + This is a sample annotation made by an organization + + + + + + + + Samantha Wright + samantha.wright@example.com + 800-555-1212 + + + 2022-01-01T00:00:00Z + This is a sample annotation made by a person + + + + + + + + Awesome Tool + 9.1.2 + + + 2022-01-01T00:00:00Z + This is a sample annotation made by a component + + + + + + + + + Partner Org + https://partner.org + + Support + support@partner.org + 800-555-1212 + + + org.partner + BOM Annotation Service + 2020-Q2 + + https://partner.org/api/v1/inspect + https://partner.org/api/v1/annotate + + true + true + + public + + + + 2022-01-01T00:00:00Z + This is a sample annotation made by a service + + + diff --git a/src/test/resources/1.6/valid-assembly-1.6.json b/src/test/resources/1.6/valid-assembly-1.6.json new file mode 100644 index 0000000000..864e0e4faf --- /dev/null +++ b/src/test/resources/1.6/valid-assembly-1.6.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library-a", + "version": "1.0.0", + "components": [ + { + "type": "library", + "name": "acme-library-b", + "version": "2.0.0" + } + ] + } + ], + "services": [ + { + "name": "acme-service-a", + "services": [ + { + "name": "acme-service-b" + } + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-assembly-1.6.textproto b/src/test/resources/1.6/valid-assembly-1.6.textproto new file mode 100644 index 0000000000..ea47f51cf4 --- /dev/null +++ b/src/test/resources/1.6/valid-assembly-1.6.textproto @@ -0,0 +1,22 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + name: "acme-library-a" + version: "1.0.0" + components { + type: CLASSIFICATION_LIBRARY + name: "acme-library-b" + version: "2.0.0" + } +} +services { + name: "acme-service-a" + services { + name: "acme-service-b" + } +} diff --git a/src/test/resources/1.6/valid-assembly-1.6.xml b/src/test/resources/1.6/valid-assembly-1.6.xml new file mode 100644 index 0000000000..089ce08093 --- /dev/null +++ b/src/test/resources/1.6/valid-assembly-1.6.xml @@ -0,0 +1,25 @@ + + + + + acme-library-a + 1.0.0 + + + acme-library-b + 2.0.0 + + + + + + + acme-service-a + + + acme-service-b + + + + + diff --git a/src/test/resources/1.6/valid-attestation-1.6.json b/src/test/resources/1.6/valid-attestation-1.6.json new file mode 100644 index 0000000000..9caa455df1 --- /dev/null +++ b/src/test/resources/1.6/valid-attestation-1.6.json @@ -0,0 +1,210 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "declarations": { + "assessors": [ + { + "bom-ref": "assessor-1", + "thirdParty": true, + "organization": { + "name": "Assessors Inc" + } + } + ], + "attestations": [ + { + "summary": "Attestation summary here", + "assessor": "assessor-1", + "map": [ + { + "requirement": "requirement-1", + "claims": [ "claim-1" ], + "counterClaims": [ "counterClaim-1" ], + "conformance": { + "score": 0.8, + "rationale": "Conformance rationale here", + "mitigationStrategies": [ "mitigationStrategy-1" ] + }, + "confidence": { + "score": 1, + "rationale": "Confidence rationale here" + } + } + ], + "signature": { + "algorithm": "ES256", + "certificatePath": [ "MIIB...", "MIID..." ], + "value": "tqIT..." + } + } + ], + "claims": [ + { + "bom-ref": "claim-1", + "target": "acme-inc", + "predicate": "Predicate here", + "mitigationStrategies": [ "mitigationStrategy-1" ], + "reasoning": "Reasoning here", + "evidence": [ "evidence-1" ], + "counterEvidence": [ "counterEvidence-1" ], + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://alm.example.com" + } + ], + "signature": { + "algorithm": "ES256", + "certificatePath": [ "MIIB...", "MIID..." ], + "value": "tqIT..." + } + } + ], + "evidence": [ + { + "bom-ref": "evidence-1", + "propertyName": "internal.com.acme.someProperty", + "description": "Description here", + "data": [ + { + "name": "Name of the data", + "contents": { + "attachment": { + "content": "Evidence here", + "contentType": "text/plain" + } + }, + "classification": "PII", + "sensitiveData": [ "Describe sensitive data here" ] + } + ], + "created": "2023-04-25T00:00:00+00:00", + "expires": "2023-05-25T00:00:00+00:00", + "author": { + "name": "Mary" + }, + "reviewer": { + "name": "Jane" + }, + "signature": { + "algorithm": "ES256", + "certificatePath": [ "MIIB...", "MIID..." ], + "value": "tqIT..." + } + }, + { + "bom-ref": "counterEvidence-1", + "propertyName": "internal.com.acme.someProperty", + "description": "Description here", + "data": [ + { + "name": "Name of the data", + "contents": { + "attachment": { + "content": "Counter evidence here", + "contentType": "text/plain" + } + }, + "classification": "Public", + "sensitiveData": [ "Describe sensitive data here" ] + } + ], + "created": "2023-04-25T00:00:00+00:00", + "expires": "2023-05-25T00:00:00+00:00", + "author": { + "name": "Mary" + }, + "reviewer": { + "name": "Jane" + }, + "signature": { + "algorithm": "ES256", + "certificatePath": [ "MIIB...", "MIID..." ], + "value": "tqIT..." + } + }, + { + "bom-ref": "mitigationStrategy-1", + "propertyName": "internal.com.acme.someProperty", + "description": "Description here", + "data": [ + { + "name": "Name of the data", + "contents": { + "attachment": { + "content": "Mitigation strategy here", + "contentType": "text/plain" + } + }, + "classification": "Company Confidential", + "sensitiveData": [ "Describe sensitive data here" ] + } + ], + "created": "2023-04-25T00:00:00+00:00", + "expires": "2023-05-25T00:00:00+00:00", + "author": { + "name": "Mary" + }, + "reviewer": { + "name": "Jane" + }, + "signature": { + "algorithm": "ES256", + "certificatePath": [ "MIIB...", "MIID..." ], + "value": "tqIT..." + } + } + ], + "targets": { + "organizations": [ + { + "bom-ref": "acme-inc", + "name": "Acme Inc" + } + ] + }, + "affirmation": { + "statement": "I certify, to the best of my knowledge, that all information is correct...", + "signatories": [ + { + "name": "Tom", + "role": "CEO", + "signature": { + "algorithm": "ES256", + "certificatePath": [ "MIIB...", "MIID..." ], + "value": "tqIT..." + } + }, + { + "name": "Jerry", + "role": "COO", + "organization": { + "name": "Acme Inc" + }, + "externalReference": { + "type": "electronic-signature", + "url": "https://example.com/coo-sig.png" + } + } + ], + "signature": { + "algorithm": "ES256", + "certificatePath": [ "MIIB...", "MIID..." ], + "value": "tqIT..." + } + }, + "signature": { + "algorithm": "ES256", + "certificatePath": [ "MIIB...", "MIID..." ], + "value": "tqIT..." + } + }, + "signature": { + "algorithm": "ES256", + "certificatePath": [ "MIIB...", "MIID..." ], + "value": "tqIT..." + } +} diff --git a/src/test/resources/1.6/valid-attestation-1.6.textproto b/src/test/resources/1.6/valid-attestation-1.6.textproto new file mode 100644 index 0000000000..0909b277de --- /dev/null +++ b/src/test/resources/1.6/valid-attestation-1.6.textproto @@ -0,0 +1,182 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +declarations: { + assessors: [ + { + bom_ref: "assessor-1" + thirdParty: true + organization: { + name: "Assessors Inc" + } + } + ] + attestations: [ + { + summary: "Attestation summary here" + assessor: "assessor-1" + map: [ + { + requirement: "requirement-1" + claims: [ "claim-1" ] + counterClaims: [ "counterClaim-1" ] + conformance: { + score: 0.8, + rationale: "Conformance rationale here", + mitigationStrategies: [ "mitigationStrategy-1" ] + } + confidence: { + score: 1, + rationale: "Confidence rationale here" + } + } + ] + } + ], + claims: [ + { + bom_ref: "claim-1" + target: "acme-inc" + predicate: "Predicate here" + mitigationStrategies: [ "mitigationStrategy-1" ] + reasoning: "Reasoning here" + evidence: [ "evidence-1" ] + counterEvidence: [ "counterEvidence-1" ] + externalReferences: [ + { + type: EXTERNAL_REFERENCE_TYPE_ISSUE_TRACKER, + url: "https://alm.example.com" + } + ] + } + ] + evidence: [ + { + bom_ref: "evidence-1" + propertyName: "internal.com.acme.someProperty" + description: "Description here" + data: [ + { + name: "Name of the data" + contents: { + attachment: { + content_type: "text/plain" + value: "Evidence here" + } + } + classification: "PII", + sensitiveData: [ "Describe sensitive data here" ] + } + ] + created { + seconds: 1682380800 + nanos: 0 + } + expires { + seconds: 1684972800 + nanos: 0 + } + author: { + name: "Mary" + } + reviewer: { + name: "Jane" + } + }, + { + bom_ref: "counterEvidence-1" + propertyName: "internal.com.acme.someProperty" + description: "Description here" + data: [ + { + name: "Name of the data" + contents: { + attachment: { + content_type: "text/plain" + value: "Counter evidence here" + } + } + classification: "Public" + sensitiveData: [ "Describe sensitive data here" ] + } + ] + created { + seconds: 1682380800 + nanos: 0 + } + expires { + seconds: 1684972800 + nanos: 0 + } + author: { + name: "Mary" + } + reviewer: { + name: "Jane" + } + }, + { + bom_ref: "mitigationStrategy-1" + propertyName: "internal.com.acme.someProperty" + description: "Description here" + data: [ + { + name: "Name of the data" + contents: { + attachment: { + content_type: "text/plain" + value: "Mitigation strategy here" + } + } + classification: "Company Confidential" + sensitiveData: [ "Describe sensitive data here" ] + } + ] + created { + seconds: 1682380800 + nanos: 0 + } + expires { + seconds: 1684972800 + nanos: 0 + } + author: { + name: "Mary" + } + reviewer: { + name: "Jane" + } + } + ], + targets: { + organizations: [ + { + bom_ref: "acme-inc" + name: "Acme Inc" + } + ] + } + affirmation: { + statement: "I certify, to the best of my knowledge, that all information is correct..." + signatories: [ + { + name: "Tom" + role: "CEO" + }, + { + name: "Jerry" + role: "COO" + organization: { + name: "Acme Inc" + } + externalReference: { + type: EXTERNAL_REFERENCE_TYPE_ELECTRONIC_SIGNATURE + url: "https://example.com/coo-sig.png" + } + } + ] + } +} diff --git a/src/test/resources/1.6/valid-attestation-1.6.xml b/src/test/resources/1.6/valid-attestation-1.6.xml new file mode 100644 index 0000000000..4f34748a06 --- /dev/null +++ b/src/test/resources/1.6/valid-attestation-1.6.xml @@ -0,0 +1,165 @@ + + + + + + true + + Assessors Inc + + + + + +

Attestation summary here + assessor-1 + + requirement-1 + + claim-1 + + + counterClaim-1 + + + 0.8 + Conformance rationale here + + mitigationStrategy-1 + + + + 1 + Confidence rationale here + + + + + + + + + + acme-inc + Predicate here + + mitigationStrategy-1 + + Reasoning here + evidence-1 + counterEvidence-1 + + + https://alm.example.com + + + + + + + + + + internal.com.acme.someProperty + Description here + + Name of the data + + Evidence here + + PII + Describe sensitive data here + + 2023-04-25T00:00:00+00:00 + 2023-05-25T00:00:00+00:00 + + Mary + + + Jane + + + + + + + internal.com.acme.someProperty + Description here + + Name of the data + + Counter evidence here + + Public + Describe sensitive data here + + 2023-04-25T00:00:00+00:00 + 2023-05-25T00:00:00+00:00 + + Mary + + + Jane + + + + internal.com.acme.someProperty + Description here + + Name of the data + + Mitigation strategy here + + Company Confidential + Describe sensitive data here + + 2023-04-25T00:00:00+00:00 + 2023-05-25T00:00:00+00:00 + + Mary + + + Jane + + + + + + + Acme Inc + + + + + I certify, to the best of my knowledge, that all information is correct... + + + Tom + CEO + + + + + + Jerry + COO + + Acme Inc + + + https://example.com/coo-sig.png + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/test/resources/1.6/valid-bom-1.6.json b/src/test/resources/1.6/valid-bom-1.6.json new file mode 100644 index 0000000000..1f81a71cdf --- /dev/null +++ b/src/test/resources/1.6/valid-bom-1.6.json @@ -0,0 +1,319 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "timestamp": "2020-04-13T20:20:39+00:00", + "tools": { + "components": [ + { + "type": "application", + "group": "Awesome Vendor", + "name": "Awesome Tool", + "version": "9.1.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "25ed8e31b995bb927966616df2a42b979a2717f0" + }, + { + "alg": "SHA-256", + "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + ] + } + ], + "services": [ + { + "provider": { + "name": "Acme Org", + "url": [ + "https://example.com" + ] + }, + "group": "com.example", + "name": "Acme Signing Server", + "description": "Signs artifacts", + "endpoints": [ + "https://example.com/sign", + "https://example.com/verify", + "https://example.com/tsa" + ] + } + ] + }, + "authors": [ + { + "name": "Samantha Wright", + "email": "samantha.wright@example.com", + "phone": "800-555-1212" + } + ], + "component": { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "swid": { + "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", + "name": "Acme Application", + "version": "9.1.1", + "text": { + "contentType": "text/xml", + "encoding": "base64", + "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" + } + } + }, + "manufacturer": { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "name": "Acme Professional Services", + "email": "professional.services@example.com" + } + ] + }, + "supplier": { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "name": "Acme Distribution", + "email": "distribution@example.com" + } + ] + } + }, + "components": [ + { + "bom-ref": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", + "type": "application", + "author": "Joane Doe et al.", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "description": "Modified version of Apache Catalina", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" + }, + "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", + "pedigree": { + "ancestors": [ + { + "type": "application", + "author": "Apache Super Heros", + "publisher": "Apache", + "group": "org.apache.tomcat", + "name": "tomcat-catalina", + "version": "9.0.14", + "description": "Apache Catalina", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar" + } + ], + "commits": [ + { + "uid": "7638417db6d59f3c431d3e1f261cc637155684cd", + "url": "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd", + "author": { + "timestamp": "2018-11-13T20:20:39+00:00", + "name": "John Doe", + "email": "john.doe@example.com" + }, + "committer": { + "timestamp": "2018-11-07T22:01:45Z", + "name": "Jane Doe", + "email": "jane.doe@example.com" + }, + "message": "Initial commit" + } + ], + "notes": "Commentary here" + } + }, + { + "type": "library", + "bom-ref": "pkg:maven/com.example/myapplication@1.0.0?packaging=war", + "supplier": { + "name": "Example, Inc.", + "url": [ + "https://example.com", + "https://example.net" + ], + "contact": [ + { + "name": "Example Support AMER", + "email": "support@example.com", + "phone": "800-555-1212" + }, + { + "name": "Example Support APAC", + "email": "support@apac.example.com" + } + ] + }, + "manufacturer": { + "name": "Example-2, Inc.", + "url": [ + "https://example.org" + ], + "contact": [ + { + "email": "support@example.org" + } + ] + }, + "authors": [ + { + "name": "Anthony Edward Stark", + "phone": "555-212-970-4133", + "email": "ironman@example.org" + }, + { + "name": "Peter Benjamin Parker", + "email": "spiderman@example.org" + } + ], + "group": "org.example", + "name": "mylibrary", + "version": "1.0.0", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "2342c2eaf1feb9a80195dbaddf2ebaa3" + }, + { + "alg": "SHA-1", + "content": "68b78babe00a053f9e35ec6a2d9080f5b90122b0" + }, + { + "alg": "SHA-256", + "content": "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" + }, + { + "alg": "SHA-512", + "content": "387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef" + } + ], + "licenses": [ + { + "expression": "EPL-2.0 OR GPL-2.0-with-classpath-exception" + } + ], + "copyright": "Copyright Example Inc. All rights reserved.", + "cpe": "cpe:/a:example:myapplication:1.0.0", + "purl": "pkg:maven/com.example/myapplication@1.0.0?packaging=war", + "modified": false, + "externalReferences": [ + { + "url": "http://example.org/docs", + "type": "documentation", + "comment": "All component versions are documented here" + }, + { + "url": "http://example.org/security", + "type": "advisories" + } + ] + }, + { + "type": "framework", + "author": "Example Super Heros", + "group": "com.example", + "name": "myframework", + "version": "1.0.0", + "description": "Example Inc, enterprise framework", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "cfcb0b64aacd2f81c1cd546543de965a" + }, + { + "alg": "SHA-1", + "content": "7fbeef2346c45d565c3341f037bce4e088af8a52" + }, + { + "alg": "SHA-256", + "content": "0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1" + }, + { + "alg": "SHA-512", + "content": "854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79" + } + ], + "licenses": [ + { + "license": { + "name": "Some random license" + } + } + ], + "purl": "pkg:maven/com.example/myframework@1.0.0?packaging=war", + "modified": false, + "externalReferences": [ + { + "type": "website", + "url": "http://example.com/myframework" + }, + { + "type": "advisories", + "url": "http://example.com/security" + } + ] + } + ], + "dependencies": [ + { + "ref": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", + "dependsOn": [ + "pkg:maven/com.example/myapplication@1.0.0?packaging=war" + ] + } + ] +} \ No newline at end of file diff --git a/src/test/resources/1.6/valid-bom-1.6.textproto b/src/test/resources/1.6/valid-bom-1.6.textproto new file mode 100644 index 0000000000..7338519cb1 --- /dev/null +++ b/src/test/resources/1.6/valid-bom-1.6.textproto @@ -0,0 +1,260 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + timestamp { + seconds: 1586809239 + nanos: 0 + } + tools { + vendor: "Awesome Vendor" + name: "Awesome Tool" + version: "9.1.2" + hashes { + alg: HASH_ALG_SHA_1 + value: "25ed8e31b995bb927966616df2a42b979a2717f0" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + } + authors { + name: "Samantha Wright" + email: "samantha.wright@example.com" + phone: "800-555-1212" + } + component { + type: CLASSIFICATION_APPLICATION + author: "Acme Super Heros" + name: "Acme Application" + version: "9.1.1" + swid { + tag_id: "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1" + name: "Acme Application" + version: "9.1.1" + text { + content_type: "text/xml" + encoding: "base64" + value: "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" + } + } + } + supplier { + name: "Acme, Inc." + url: "https://example.com" + contact { + name: "Acme Distribution" + email: "distribution@example.com" + } + } + manufacturer { + name: "Acme, Inc." + url: "https://example.com" + contact { + name: "Acme Professional Services" + email: "professional.services@example.com" + } + } +} +components { + type: CLASSIFICATION_APPLICATION + bom_ref: "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" + author: "Joane Doe et al." + publisher: "Acme Inc" + group: "com.acme" + name: "tomcat-catalina" + version: "9.0.14" + description: "Modified version of Apache Catalina" + scope: SCOPE_REQUIRED + hashes { + alg: HASH_ALG_MD_5 + value: "3942447fac867ae5cdb3229b658f4d48" + } + hashes { + alg: HASH_ALG_SHA_1 + value: "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + } + hashes { + alg: HASH_ALG_SHA_512 + value: "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + licenses { + license { + id: "Apache-2.0" + text { + content_type: "text/plain" + encoding: "base64" + value: "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" + } + url: "https://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + purl: "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" + pedigree { + ancestors { + type: CLASSIFICATION_APPLICATION + author: "Apache Super Heros" + publisher: "Apache" + group: "org.apache.tomcat" + name: "tomcat-catalina" + version: "9.0.14" + description: "Apache Catalina" + licenses { + license { + id: "Apache-2.0" + } + } + purl: "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar" + } + commits { + uid: "7638417db6d59f3c431d3e1f261cc637155684cd" + url: "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd" + author { + timestamp { + seconds: 1542140439 + nanos: 0 + } + name: "John Doe" + email: "john.doe@example.com" + } + committer { + timestamp { + seconds: 1541628105 + nanos: 0 + } + name: "Jane Doe" + email: "jane.doe@example.com" + } + message: "Initial commit" + } + notes: "Commentary here" + } +} +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:maven/com.example/myapplication@1.0.0?packaging=war" + supplier { + name: "Example, Inc." + url: "https://example.com" + url: "https://example.net" + contact { + name: "Example Support AMER" + email: "support@example.com" + phone: "800-555-1212" + } + contact { + name: "Example Support APAC" + email: "support@apac.example.com" + } + } + group: "org.example" + name: "mylibrary" + version: "1.0.0" + scope: SCOPE_REQUIRED + hashes { + alg: HASH_ALG_MD_5 + value: "2342c2eaf1feb9a80195dbaddf2ebaa3" + } + hashes { + alg: HASH_ALG_SHA_1 + value: "68b78babe00a053f9e35ec6a2d9080f5b90122b0" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" + } + hashes { + alg: HASH_ALG_SHA_512 + value: "387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef" + } + licenses { + expression: "EPL-2.0 OR GPL-2.0-with-classpath-exception" + } + copyright: "Copyright Example Inc. All rights reserved." + cpe: "cpe:/a:example:myapplication:1.0.0" + purl: "pkg:maven/com.example/myapplication@1.0.0?packaging=war" + modified: false + external_references: [ + { + url: "http://example.org/docs" + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + comment: "All component versions are documented here" + }, + { + url: "http://example.org/security" + type: EXTERNAL_REFERENCE_TYPE_ADVISORIES + } + ] + manufacturer { + name: "Example-2, Inc." + url: "https://example.org" + contact { + email: "support@example.org" + } + } + authors { + name: "Anthony Edward Stark" + email: "ironman@example.org" + phone: "555-212-970-4133" + } + authors { + name: "Peter Benjamin Parker" + email: "spiderman@example.org" + } +} +components { + type: CLASSIFICATION_FRAMEWORK + author: "Example Super Heros" + group: "com.example" + name: "myframework" + version: "1.0.0" + description: "Example Inc, enterprise framework" + scope: SCOPE_REQUIRED + hashes { + alg: HASH_ALG_MD_5 + value: "cfcb0b64aacd2f81c1cd546543de965a" + } + hashes { + alg: HASH_ALG_SHA_1 + value: "7fbeef2346c45d565c3341f037bce4e088af8a52" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1" + } + hashes { + alg: HASH_ALG_SHA_512 + value: "854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79" + } + licenses { + license { + name: "Some random license" + } + } + purl: "pkg:maven/com.example/myframework@1.0.0?packaging=war" + modified: false + external_references: [ + { + url: "http://example.com/myframework" + type: EXTERNAL_REFERENCE_TYPE_WEBSITE + }, + { + url: "http://example.com/security" + type: EXTERNAL_REFERENCE_TYPE_ADVISORIES + } + ] +} +dependencies { + ref: "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" + dependencies { + ref: "pkg:maven/com.example/myapplication@1.0.0?packaging=war" + } +} diff --git a/src/test/resources/1.6/valid-bom-1.6.xml b/src/test/resources/1.6/valid-bom-1.6.xml new file mode 100644 index 0000000000..063fdf19b9 --- /dev/null +++ b/src/test/resources/1.6/valid-bom-1.6.xml @@ -0,0 +1,236 @@ + + + + 2020-04-13T20:20:39+00:00 + + + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df + + + + + + + Acme Org + https://example.com + + com.example + Acme Signing Server + Signs artifacts + + https://example.com/sign + https://example.com/verify + https://example.com/tsa + + + + + + + Samantha Wright + samantha.wright@example.com + 800-555-1212 + + + + Acme Super Heros + Acme Application + 9.1.1 + + PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== + + + + Acme, Inc. + https://example.com + + Acme Professional Services + professional.services@example.com + + + + Acme, Inc. + https://example.com + + Acme Distribution + distribution@example.com + + + + + + Joane Doe et al. + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + LGPL-3.0-or-later + https://www.gnu.org/licenses/lgpl-3.0-standalone.html + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache Super Heros + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + Apache Catalina + + + Apache-2.0 + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-13T20:20:39+00:00 + John Doe + john.doe@example.com + + + 2018-11-07T22:01:45Z + Jane Doe + jane.doe@example.com + + Initial commit + + + Commentary here + + + + + Example, Inc. + https://example.com + https://example.net + + Example Support AMER + support@example.com + 800-555-1212 + + + Example Support APAC + support@apac.example.com + + + + Example-2, Inc. + https://example.org + + support@example.org + + + + + Anthony Edward Stark + ironman@example.org + 555-212-970-4133 + + + Peter Benjamin Parker + spiderman@example.org + + + org.example + mylibrary + 1.0.0 + required + + 2342c2eaf1feb9a80195dbaddf2ebaa3 + 68b78babe00a053f9e35ec6a2d9080f5b90122b0 + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 + 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef + + + EPL-2.0 OR GPL-2.0-with-classpath-exception + + Copyright Example Inc. All rights reserved. + cpe:/a:example:myapplication:1.0.0 + pkg:maven/com.example/myapplication@1.0.0?packaging=war + false + + + http://example.org/docs + All component versions are documented here + + + http://example.org/security + + + + + Example Super Heros + com.example + example-project + 1.0.0 + pkg:maven/com.example/example-project@1.0.0 + + + group + 0.1 + com.example + + + filename + 0.1 + example-project-1.0.0.jar + + + + + name + 0.1 + example-project + + + filename + 0.1 + example-project-1.0.0.jar + + + + + version + 0.1 + 1.0.0 + + + filename + 0.1 + example-project-1.0.0.jar + + + + + + + + + + + + diff --git a/src/test/resources/1.6/valid-component-data-1.6.json b/src/test/resources/1.6/valid-component-data-1.6.json new file mode 100644 index 0000000000..f78163f951 --- /dev/null +++ b/src/test/resources/1.6/valid-component-data-1.6.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:1b1bff0e-fdb9-4088-8b9a-1a9f2d9006da", + "version": 1, + "components": [ + { + "type": "data", + "name": "my-configs", + "version": "1337", + "data": [ + { + "type": "configuration", + "name": "app.ini", + "contents": { + "url": "https://example.com/cfg/1337/app.ini" + } + }, + { + "type": "other", + "name": ".env", + "contents": { + "url": "https://example.com/cfg/1337/env" + } + } + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-component-data-1.6.textproto b/src/test/resources/1.6/valid-component-data-1.6.textproto new file mode 100644 index 0000000000..da50b7018d --- /dev/null +++ b/src/test/resources/1.6/valid-component-data-1.6.textproto @@ -0,0 +1,25 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:1b1bff0e-fdb9-4088-8b9a-1a9f2d9006da" +components { + type: CLASSIFICATION_DATA + name: "my-configs" + version: "1337" + data { + type: COMPONENT_DATA_TYPE_CONFIGURATION + name: "app.data" + contents { + url: "https://example.com/cfg/1337/app.ini" + } + } + data { + type: COMPONENT_DATA_TYPE_OTHER + name: ".env" + contents { + url: "https://example.com/cfg/1337/env" + } + } +} \ No newline at end of file diff --git a/src/test/resources/1.6/valid-component-data-1.6.xml b/src/test/resources/1.6/valid-component-data-1.6.xml new file mode 100644 index 0000000000..fe89d80380 --- /dev/null +++ b/src/test/resources/1.6/valid-component-data-1.6.xml @@ -0,0 +1,24 @@ + + + + + my-configs + 1337 + + configuration + app.ini + + https://example.com/cfg/1337/app.ini + + + + other + .env + + https://example.com/cfg/1337/env + + + + + diff --git a/src/test/resources/1.6/valid-component-hashes-1.6.json b/src/test/resources/1.6/valid-component-hashes-1.6.json new file mode 100644 index 0000000000..91d15f58a2 --- /dev/null +++ b/src/test/resources/1.6/valid-component-hashes-1.6.json @@ -0,0 +1,64 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-example", + "version": "1.0.0", + "hashes": [ + { + "alg": "MD5", + "content": "641b6e166f8b33c5e959e2adcc18b1c7" + }, + { + "alg": "SHA-1", + "content": "9188560f22e0b73070d2efce670c74af2bdf30af" + }, + { + "alg": "SHA-256", + "content": "d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964" + }, + { + "alg": "SHA-384", + "content": "d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad" + }, + { + "alg": "SHA-512", + "content": "74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6" + }, + { + "alg": "SHA3-256", + "content": "7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa" + }, + { + "alg": "SHA3-384", + "content": "a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5" + }, + { + "alg": "SHA3-512", + "content": "7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20" + }, + { + "alg": "BLAKE2b-256", + "content": "d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237" + }, + { + "alg": "BLAKE2b-384", + "content": "e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a" + }, + { + "alg": "BLAKE2b-512", + "content": "f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d" + }, + { + "alg": "BLAKE3", + "content": "26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf" + } + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-component-hashes-1.6.textproto b/src/test/resources/1.6/valid-component-hashes-1.6.textproto new file mode 100644 index 0000000000..2c74661d49 --- /dev/null +++ b/src/test/resources/1.6/valid-component-hashes-1.6.textproto @@ -0,0 +1,59 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + name: "acme-example" + version: "1.0.0" + hashes { + alg: HASH_ALG_MD_5 + value: "641b6e166f8b33c5e959e2adcc18b1c7" + } + hashes { + alg: HASH_ALG_SHA_1 + value: "9188560f22e0b73070d2efce670c74af2bdf30af" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964" + } + hashes { + alg: HASH_ALG_SHA_384 + value: "d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad" + } + hashes { + alg: HASH_ALG_SHA_512 + value: "74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6" + } + hashes { + alg: HASH_ALG_SHA_3_256 + value: "7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa" + } + hashes { + alg: HASH_ALG_SHA_3_384 + value: "a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5" + } + hashes { + alg: HASH_ALG_SHA_3_512 + value: "7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20" + } + hashes { + alg: HASH_ALG_BLAKE_2_B_256 + value: "d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237" + } + hashes { + alg: HASH_ALG_BLAKE_2_B_384 + value: "e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a" + } + hashes { + alg: HASH_ALG_BLAKE_2_B_512 + value: "f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d" + } + hashes { + alg: HASH_ALG_BLAKE_3 + value: "26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf" + } +} diff --git a/src/test/resources/1.6/valid-component-hashes-1.6.xml b/src/test/resources/1.6/valid-component-hashes-1.6.xml new file mode 100644 index 0000000000..4e5fcc6103 --- /dev/null +++ b/src/test/resources/1.6/valid-component-hashes-1.6.xml @@ -0,0 +1,23 @@ + + + + + acme-example + 1.0.0 + + 641b6e166f8b33c5e959e2adcc18b1c7 + 9188560f22e0b73070d2efce670c74af2bdf30af + d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964 + d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad + 74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6 + 7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa + a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5 + 7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20 + d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237 + e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a + f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d + 26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf + + + + diff --git a/src/test/resources/1.6/valid-component-identifiers-1.6.json b/src/test/resources/1.6/valid-component-identifiers-1.6.json new file mode 100644 index 0000000000..de0d2a094b --- /dev/null +++ b/src/test/resources/1.6/valid-component-identifiers-1.6.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "group": "com.example", + "name": "acme-library", + "version": "1.0.0", + "cpe": "cpe:2.3:a:example:acme-library:1.0.0:*:*:*:*:*:*:*", + "purl": "pkg:maven/com.example/acme-library@1.0.0", + "omniborId": [ + "gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64", + "gitoid:blob:sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08" + ], + "swhid": [ + "swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2", + "swh:1:dir:d198bc9d7a6bcf6db04f476d29314f157507d505" + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-component-identifiers-1.6.textproto b/src/test/resources/1.6/valid-component-identifiers-1.6.textproto new file mode 100644 index 0000000000..46d4fd9f0d --- /dev/null +++ b/src/test/resources/1.6/valid-component-identifiers-1.6.textproto @@ -0,0 +1,18 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + group: "com.example" + name: "acme-library" + version: "1.0.0" + cpe: "cpe:2.3:a:example:acme-library:1.0.0:*:*:*:*:*:*:*" + purl: "pkg:maven/com.example/acme-library@1.0.0" + omniborId: "gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64" + omniborId: "gitoid:blob:sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08" + swhid: "swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2" + swhid: "swh:1:dir:d198bc9d7a6bcf6db04f476d29314f157507d505" +} diff --git a/src/test/resources/1.6/valid-component-identifiers-1.6.xml b/src/test/resources/1.6/valid-component-identifiers-1.6.xml new file mode 100644 index 0000000000..bf74b7df52 --- /dev/null +++ b/src/test/resources/1.6/valid-component-identifiers-1.6.xml @@ -0,0 +1,16 @@ + + + + + com.example + acme-library + 1.0.0 + cpe:2.3:a:example:acme-library:1.0.0:*:*:*:*:*:*:* + pkg:maven/com.example/acme-library@1.0.0 + gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64 + gitoid:blob:sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 + swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2 + swh:1:dir:d198bc9d7a6bcf6db04f476d29314f157507d505 + + + diff --git a/src/test/resources/1.6/valid-component-ref-1.6.json b/src/test/resources/1.6/valid-component-ref-1.6.json new file mode 100644 index 0000000000..c31d31e5f7 --- /dev/null +++ b/src/test/resources/1.6/valid-component-ref-1.6.json @@ -0,0 +1,29 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "bom-ref": "123", + "name": "acme-library", + "version": "1.0.0", + "components" : [ + { + "type": "library", + "bom-ref": "456", + "name": "acme-library", + "version": "1.0.0" + } + ] + }, + { + "type": "library", + "bom-ref": "789", + "name": "acme-library", + "version": "1.0.0" + } + ] +} diff --git a/src/test/resources/1.6/valid-component-ref-1.6.textproto b/src/test/resources/1.6/valid-component-ref-1.6.textproto new file mode 100644 index 0000000000..82060a83de --- /dev/null +++ b/src/test/resources/1.6/valid-component-ref-1.6.textproto @@ -0,0 +1,24 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "123" + name: "acme-library" + version: "1.0.0" + components { + type: CLASSIFICATION_LIBRARY + bom_ref: "456" + name: "acme-library" + version: "1.0.0" + } +} +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "789" + name: "acme-library" + version: "1.0.0" +} diff --git a/src/test/resources/1.6/valid-component-ref-1.6.xml b/src/test/resources/1.6/valid-component-ref-1.6.xml new file mode 100644 index 0000000000..b65c42d17a --- /dev/null +++ b/src/test/resources/1.6/valid-component-ref-1.6.xml @@ -0,0 +1,19 @@ + + + + + acme-library + 1.0.0 + + + acme-library + 1.0.0 + + + + + acme-library + 1.0.0 + + + diff --git a/src/test/resources/1.6/valid-component-swid-1.6.json b/src/test/resources/1.6/valid-component-swid-1.6.json new file mode 100644 index 0000000000..bff17b97c2 --- /dev/null +++ b/src/test/resources/1.6/valid-component-swid-1.6.json @@ -0,0 +1,20 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "swid": { + "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", + "name": "Acme Application", + "version": "9.1.1" + } + } + ] +} diff --git a/src/test/resources/1.6/valid-component-swid-1.6.textproto b/src/test/resources/1.6/valid-component-swid-1.6.textproto new file mode 100644 index 0000000000..6538073395 --- /dev/null +++ b/src/test/resources/1.6/valid-component-swid-1.6.textproto @@ -0,0 +1,17 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_APPLICATION + author: "Acme Super Heros" + name: "Acme Application" + version: "9.1.1" + swid { + tag_id: "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1" + name: "Acme Application" + version: "9.1.1" + } +} diff --git a/src/test/resources/1.6/valid-component-swid-1.6.xml b/src/test/resources/1.6/valid-component-swid-1.6.xml new file mode 100644 index 0000000000..3d4a954df6 --- /dev/null +++ b/src/test/resources/1.6/valid-component-swid-1.6.xml @@ -0,0 +1,11 @@ + + + + + Acme Super Heros + Acme Application + 9.1.1 + + + + diff --git a/src/test/resources/1.6/valid-component-swid-full-1.6.json b/src/test/resources/1.6/valid-component-swid-full-1.6.json new file mode 100644 index 0000000000..e0e8311547 --- /dev/null +++ b/src/test/resources/1.6/valid-component-swid-full-1.6.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "swid": { + "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", + "name": "Acme Application", + "version": "9.1.1", + "text": { + "contentType": "text/xml", + "encoding": "base64", + "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" + } + } + } + ] +} diff --git a/src/test/resources/1.6/valid-component-swid-full-1.6.textproto b/src/test/resources/1.6/valid-component-swid-full-1.6.textproto new file mode 100644 index 0000000000..5d4e6a0ea5 --- /dev/null +++ b/src/test/resources/1.6/valid-component-swid-full-1.6.textproto @@ -0,0 +1,22 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_APPLICATION + author: "Acme Super Heros" + name: "Acme Application" + version: "9.1.1" + swid { + tag_id: "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1" + name: "Acme Application" + version: "9.1.1" + text { + content_type: "text/xml" + encoding: "base64" + value: "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" + } + } +} diff --git a/src/test/resources/1.6/valid-component-swid-full-1.6.xml b/src/test/resources/1.6/valid-component-swid-full-1.6.xml new file mode 100644 index 0000000000..f0f7d4070d --- /dev/null +++ b/src/test/resources/1.6/valid-component-swid-full-1.6.xml @@ -0,0 +1,13 @@ + + + + + Acme Super Heros + Acme Application + 9.1.1 + + PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== + + + + diff --git a/src/test/resources/1.6/valid-component-types-1.6.json b/src/test/resources/1.6/valid-component-types-1.6.json new file mode 100644 index 0000000000..8b1abd7eed --- /dev/null +++ b/src/test/resources/1.6/valid-component-types-1.6.json @@ -0,0 +1,54 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "name": "application-a", + "version": "1.0" + }, + { + "type": "library", + "name": "library-a", + "version": "1.0" + }, + { + "type": "framework", + "name": "framework-a", + "version": "1.0" + }, + { + "type": "container", + "name": "container-a", + "version": "1.0" + }, + { + "type": "operating-system", + "name": "operating-system-a", + "version": "1.0" + }, + { + "type": "firmware", + "name": "firmware-a", + "version": "1.0" + }, + { + "type": "device", + "name": "device-a", + "version": "1.0" + }, + { + "type": "file", + "name": "file-a", + "version": "1.0" + }, + { + "type": "data", + "name": "data-a", + "version": "1.0" + } + ] +} diff --git a/src/test/resources/1.6/valid-component-types-1.6.textproto b/src/test/resources/1.6/valid-component-types-1.6.textproto new file mode 100644 index 0000000000..6a5c4311ce --- /dev/null +++ b/src/test/resources/1.6/valid-component-types-1.6.textproto @@ -0,0 +1,51 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_APPLICATION + name: "application-a" + version: "1.0" +} +components { + type: CLASSIFICATION_LIBRARY + name: "library-a" + version: "1.0" +} +components { + type: CLASSIFICATION_FRAMEWORK + name: "framework-a" + version: "1.0" +} +components { + type: CLASSIFICATION_CONTAINER + name: "container-a" + version: "1.0" +} +components { + type: CLASSIFICATION_OPERATING_SYSTEM + name: "operating-system-a" + version: "1.0" +} +components { + type: CLASSIFICATION_FIRMWARE + name: "firmware-a" + version: "1.0" +} +components { + type: CLASSIFICATION_DEVICE + name: "device-a" + version: "1.0" +} +components { + type: CLASSIFICATION_FILE + name: "file-a" + version: "1.0" +} +components { + type: CLASSIFICATION_DATA + name: "data-a" + version: "1.0" +} \ No newline at end of file diff --git a/src/test/resources/1.6/valid-component-types-1.6.xml b/src/test/resources/1.6/valid-component-types-1.6.xml new file mode 100644 index 0000000000..d8c70784d1 --- /dev/null +++ b/src/test/resources/1.6/valid-component-types-1.6.xml @@ -0,0 +1,41 @@ + + + + + application-a + 1.0 + + + library-a + 1.0 + + + framework-a + 1.0 + + + container-a + 1.0 + + + operating-system-a + 1.0 + + + firmware-a + 1.0 + + + device-a + 1.0 + + + file-a + 1.0 + + + data-a + 1.0 + + + diff --git a/src/test/resources/1.6/valid-compositions-1.6.json b/src/test/resources/1.6/valid-compositions-1.6.json new file mode 100644 index 0000000000..8b8dcbf374 --- /dev/null +++ b/src/test/resources/1.6/valid-compositions-1.6.json @@ -0,0 +1,82 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "component": { + "bom-ref": "acme-application-1.0", + "type": "application", + "name": "Acme Application", + "version": "1.0" + } + }, + "components": [ + { + "bom-ref": "pkg:maven/partner/shaded-library@1.0", + "type": "library", + "name": "Partner Shaded Library", + "version": "1.0", + "purl": "pkg:maven/partner/shaded-library@1.0", + "components": [ + { + "bom-ref": "pkg:maven/ossproject/library@2.0", + "type": "library", + "name": "Some Opensource Library", + "version": "2.0", + "purl": "pkg:maven/ossproject/library@2.0" + } + ] + }, + { + "bom-ref": "pkg:maven/acme/library@3.0", + "type": "library", + "name": "Acme Library", + "version": "3.0", + "purl": "pkg:maven/acme/library@3.0" + } + ], + "dependencies": [ + { + "ref": "acme-application-1.0", + "dependsOn": [ + "pkg:maven/partner/shaded-library@1.0", + "pkg:maven/acme/library@3.0" + ] + } + ], + "vulnerabilities": [ + { + "bom-ref": "vulnerability-1", + "id": "ACME-12345", + "source": { + "name": "Acme Inc" + } + } + ], + "compositions": [ + { + "bom-ref": "composition-1", + "aggregate": "complete", + "assemblies": [ + "pkg:maven/partner/shaded-library@1.0" + ], + "dependencies": [ + "acme-application-1.0" + ] + }, + { + "aggregate": "unknown", + "assemblies": [ + "pkg:maven/acme/library@3.0" + ] + }, + { + "aggregate": "incomplete_first_party_only", + "vulnerabilities": [ + "vulnerability-1" + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-compositions-1.6.textproto b/src/test/resources/1.6/valid-compositions-1.6.textproto new file mode 100644 index 0000000000..1218f02621 --- /dev/null +++ b/src/test/resources/1.6/valid-compositions-1.6.textproto @@ -0,0 +1,65 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + component { + type: CLASSIFICATION_APPLICATION + bom_ref: "acme-application-1.0" + name: "Acme Application" + version: "1.0" + } +} +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:maven/partner/shaded-library@1.0" + name: "Partner Shaded Library" + version: "1.0" + purl: "pkg:maven/partner/shaded-library@1.0" + components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:maven/ossproject/library@2.0" + name: "Some Opensource Library" + version: "2.0" + purl: "pkg:maven/ossproject/library@2.0" + } +} +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:maven/acme/library@3.0" + name: "Acme Library" + version: "3.0" + purl: "pkg:maven/acme/library@3.0" +} +dependencies { + ref: "acme-application-1.0" + dependencies { + ref: "pkg:maven/partner/shaded-library@1.0" + } + dependencies { + ref: "pkg:maven/acme/library@3.0" + } +} +compositions { + bom_ref: "composition-1" + aggregate: AGGREGATE_COMPLETE + assemblies: "pkg:maven/partner/shaded-library@1.0" + dependencies: "acme-application-1.0" +} +compositions { + aggregate: AGGREGATE_UNKNOWN + assemblies: "pkg:maven/acme/library@3.0" +} +compositions { + aggregate: AGGREGATE_INCOMPLETE_FIRST_PARTY_ONLY, + vulnerabilities: "vulnerability-1" +} +vulnerabilities { + bom_ref: "vulnerability-1" + id: "ACME-12345" + source: { + name: "Acme Inc" + } +} diff --git a/src/test/resources/1.6/valid-compositions-1.6.xml b/src/test/resources/1.6/valid-compositions-1.6.xml new file mode 100644 index 0000000000..f99ed83030 --- /dev/null +++ b/src/test/resources/1.6/valid-compositions-1.6.xml @@ -0,0 +1,65 @@ + + + + + Acme Application + 1.0 + + + + + Partner Shaded Library + 1.0 + pkg:maven/partner/shaded-library@1.0 + + + Some Opensource Library + 2.0 + pkg:maven/ossproject/library@2.0 + + + + + Acme Library + 3.0 + pkg:maven/acme/library@3.0 + + + + + + + + + + + complete + + + + + + + + + unknown + + + + + + incomplete_first_party_only + + + + + + + + ACME-12345 + + Acme Inc + + + + diff --git a/src/test/resources/1.6/valid-cryptography-full-1.6.json b/src/test/resources/1.6/valid-cryptography-full-1.6.json new file mode 100644 index 0000000000..254d8433be --- /dev/null +++ b/src/test/resources/1.6/valid-cryptography-full-1.6.json @@ -0,0 +1,109 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "cryptographic-asset", + "bom-ref": "asset-1", + "name": "Name here", + "cryptoProperties": { + "assetType": "algorithm", + "algorithmProperties": { + "primitive": "ae", + "parameterSetIdentifier": "128", + "curve": "brainpoolP160r1", + "executionEnvironment": "software-plain-ram", + "implementationPlatform": "x86_64", + "certificationLevel": [ "fips140-1-l4" ], + "mode": "gcm", + "padding": "pkcs5", + "cryptoFunctions": ["keygen", "encrypt", "decrypt", "tag"], + "classicalSecurityLevel": 128, + "nistQuantumSecurityLevel": 1 + }, + "oid": "oid:1.2.3.4.5.6.7.8.9" + } + }, + { + "type": "cryptographic-asset", + "bom-ref": "asset-2", + "name": "Name here", + "cryptoProperties": { + "assetType": "certificate", + "certificateProperties": { + "subjectName": "Subject name here", + "issuerName": "Issuer name here", + "notValidBefore": "2022-01-01T00:00:00.000Z", + "notValidAfter": "2024-01-01T00:00:00.000Z", + "signatureAlgorithmRef": "bom-ref-to-algorithm", + "subjectPublicKeyRef": "bom-ref-to-public-key", + "certificateFormat": "X.509", + "certificateExtension": "crt" + }, + "oid": "oid:1.2.3.4.5.6.7.8.9" + } + }, + { + "type": "cryptographic-asset", + "bom-ref": "asset-3", + "name": "Name here", + "cryptoProperties": { + "assetType": "protocol", + "protocolProperties": { + "type": "tls", + "version": "1.3", + "cipherSuites": [ + { + "name": "TLS_DHE_RSA_WITH_AES_128_CCM", + "algorithms": [ + "bom-ref-to-algorithm" + ], + "identifiers": [ + "0xC0" + ] + } + ], + "ikev2TransformTypes" : { + "encr" : [ "bom-ref-to-encryption-algorithm", "bom-ref-to-encryption-algorithm1" ], + "prf" : [ "bom-ref-to-pseudorandom-function" ], + "integ" : [ "bom-ref-to-integrity-algorithm" ], + "ke" : [ "bom-ref-to-key-exchange-method" ], + "esn" : true, + "auth" : [ "bom-ref-to-authentication-method" ] + }, + "cryptoRefArray" : [ "test", "test1" ] + }, + "oid": "oid:1.2.3.4.5.6.7.8.9" + } + }, + { + "type": "cryptographic-asset", + "bom-ref": "asset-4", + "name": "Name here", + "cryptoProperties": { + "assetType": "related-crypto-material", + "relatedCryptoMaterialProperties": { + "type": "private-key", + "id": "12345", + "state": "active", + "algorithmRef": "bom-ref-to-algorithm", + "creationDate": "2024-01-01T00:00:00.000Z", + "activationDate": "2024-01-02T00:00:00.000Z", + "updateDate": "2024-01-03T00:00:00.000Z", + "expirationDate": "2024-01-04T00:00:00.000Z", + "value": "Value here", + "size": 1024, + "format": "PEM", + "securedBy": { + "mechanism": "HSM", + "algorithmRef": "bom-ref-to-algorithm" + } + }, + "oid": "oid:1.2.3.4.5.6.7.8.9" + } + } + ] +} diff --git a/src/test/resources/1.6/valid-cryptography-full-1.6.textproto b/src/test/resources/1.6/valid-cryptography-full-1.6.textproto new file mode 100644 index 0000000000..9af87b05b2 --- /dev/null +++ b/src/test/resources/1.6/valid-cryptography-full-1.6.textproto @@ -0,0 +1,122 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components: [ + { + type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET + bom_ref: "asset-1" + name: "Name here" + cryptoProperties: { + assetType: CRYPTO_ASSET_TYPE_ALGORITHM + algorithmProperties: { + primitive: CRYPTO_PRIMITIVE_AE + parameterSetIdentifier: "128" + curve: "brainpoolP160r1" + executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM + implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64 + certificationLevel: [ "fips140-1-l4" ] + mode: CRYPTO_ALGORITHM_MODE_GCM + padding: CRYPTO_ALGORITHM_PADDING_PKCS5 + cryptoFunctions: [ + CRYPTO_ALGORITHM_FUNCTION_KEYGEN, + CRYPTO_ALGORITHM_FUNCTION_ENCRYPT, + CRYPTO_ALGORITHM_FUNCTION_DECRYPT, + CRYPTO_ALGORITHM_FUNCTION_TAG + ] + classicalSecurityLevel: 128 + nistQuantumSecurityLevel: 1 + }, + oid: "oid:1.2.3.4.5.6.7.8.9" + } + }, + { + type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET + bom_ref: "asset-2" + name: "Name here" + cryptoProperties: { + assetType: CRYPTO_ASSET_TYPE_CERTIFICATE + certificateProperties: { + subjectName: "Subject name here" + issuerName: "Issuer name here" + notValidBefore { + seconds: 1640995200 + nanos: 0 + } + notValidAfter { + seconds: 1704067200 + nanos: 0 + } + signatureAlgorithmRef: "bom-ref-to-algorithm" + subjectPublicKeyRef: "bom-ref-to-public-key" + certificateFormat: "X.509" + certificateExtension: "crt" + } + oid: "oid:1.2.3.4.5.6.7.8.9" + } + }, + { + type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET + bom_ref: "asset-3" + name: "Name here" + cryptoProperties: { + assetType: CRYPTO_ASSET_TYPE_PROTOCOL + protocolProperties: { + type: CRYPTO_PROTOCOL_TYPE_TLS + version: "1.3" + cipherSuites: [ + { + name: "TLS_DHE_RSA_WITH_AES_128_CCM" + algorithms: [ + "bom-ref-to-algorithm" + ] + identifiers: [ + "0xC0" + ] + } + ] + } + oid: "oid:1.2.3.4.5.6.7.8.9" + } + }, + { + type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET + bom_ref: "asset-4" + name: "Name here" + cryptoProperties: { + assetType: CRYPTO_ASSET_TYPE_RELATED_CRYPTO_MATERIAL + relatedCryptoMaterialProperties: { + type: CRYPTO_RELATED_TYPE_PRIVATE_KEY + id: "12345" + state: CRYPTO_RELATED_STATE_ACTIVE + algorithmRef: "bom-ref-to-algorithm" + creationDate { + seconds: 1704067200 + nanos: 0 + } + activationDate { + seconds: 1704153600 + nanos: 0 + } + updateDate { + seconds: 1704240000 + nanos: 0 + } + expirationDate { + seconds: 1704326400 + nanos: 0 + } + value: "Value here" + size: 1024 + format: "PEM" + securedBy: { + mechanism: "HSM" + algorithmRef: "bom-ref-to-algorithm" + } + } + oid: "oid:1.2.3.4.5.6.7.8.9" + } + } +] diff --git a/src/test/resources/1.6/valid-cryptography-full-1.6.xml b/src/test/resources/1.6/valid-cryptography-full-1.6.xml new file mode 100644 index 0000000000..907ac04ba5 --- /dev/null +++ b/src/test/resources/1.6/valid-cryptography-full-1.6.xml @@ -0,0 +1,104 @@ + + + + + Name here + + algorithm + + ae + 128 + brainpoolP160r1 + software-plain-ram + x86_64 + fips140-1-l4 + gcm + pkcs5 + + keygen + encrypt + decrypt + tag + + 128 + 1 + + oid:1.2.3.4.5.6.7.8.9 + + + + Name here + + certificate + + Subject name here + Issuer name here + 2022-01-01T00:00:00.000Z + 2024-01-01T00:00:00.000Z + bom-ref-to-algorithm + bom-ref-to-public-key + X.509 + crt + + oid:1.2.3.4.5.6.7.8.9 + + + + Name here + + protocol + + tls + 1.3 + + + TLS_DHE_RSA_WITH_AES_128_CCM + + bom-ref-to-algorithm + + + 0xC0 + + + + + bom-ref-to-encryption-algorithm + bom-ref-to-encryption-algorithm1 + bom-ref-to-pseudorandom-function + bom-ref-to-integrity-algorithm + bom-ref-to-key-exchange-method + true + bom-ref-to-authentication-method + + test + test1 + + oid:1.2.3.4.5.6.7.8.9 + + + + Name here + + related-crypto-material + + private-key + 12345 + active + bom-ref-to-algorithm + 2024-01-01T00:00:00.000Z + 2024-01-02T00:00:00.000Z + 2024-01-03T00:00:00.000Z + 2024-01-04T00:00:00.000Z + Value here + 1024 + PEM + + HSM + bom-ref-to-algorithm + + + oid:1.2.3.4.5.6.7.8.9 + + + + diff --git a/src/test/resources/1.6/valid-cryptography-implementation-1.6.json b/src/test/resources/1.6/valid-cryptography-implementation-1.6.json new file mode 100644 index 0000000000..a143b9b33c --- /dev/null +++ b/src/test/resources/1.6/valid-cryptography-implementation-1.6.json @@ -0,0 +1,60 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "component": { + "type": "application", + "bom-ref": "acme-application", + "name": "Acme Application", + "version": "1.0" + } + }, + "components": [ + { + "type": "cryptographic-asset", + "bom-ref": "aes128gcm", + "name": "AES", + "cryptoProperties": { + "assetType": "algorithm", + "algorithmProperties": { + "primitive": "ae", + "parameterSetIdentifier": "128", + "executionEnvironment": "software-plain-ram", + "implementationPlatform": "x86_64", + "certificationLevel": [ "none" ], + "mode": "gcm", + "cryptoFunctions": ["keygen", "encrypt", "decrypt", "tag"], + "classicalSecurityLevel": 128, + "nistQuantumSecurityLevel": 1 + }, + "oid": "oid:2.16.840.1.101.3.4.1.6" + } + }, + { + "type": "library", + "bom-ref": "crypto-library", + "name": "Crypto library", + "version": "1.0.0" + }, + { + "type": "library", + "bom-ref": "some-library", + "name": "Some library", + "version": "1.0.0" + } + ], + "dependencies": [ + { + "ref": "acme-application", + "dependsOn": ["crypto-library"] + }, + { + "ref": "crypto-library", + "provides": ["aes128gcm"], + "dependsOn": ["some-library"] + } + ] +} diff --git a/src/test/resources/1.6/valid-cryptography-implementation-1.6.textproto b/src/test/resources/1.6/valid-cryptography-implementation-1.6.textproto new file mode 100644 index 0000000000..de14145f7e --- /dev/null +++ b/src/test/resources/1.6/valid-cryptography-implementation-1.6.textproto @@ -0,0 +1,71 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +# proto-file: schema/bom-1.6.proto +# proto-message: + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata: { + component: { + type: CLASSIFICATION_APPLICATION + bom_ref: "acme-application" + name: "Acme Application" + version: "1.0" + } +} +components: [ + { + type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET + bom_ref: "aes128gcm" + name: "AES" + cryptoProperties: { + assetType: CRYPTO_ASSET_TYPE_ALGORITHM + algorithmProperties: { + primitive: CRYPTO_PRIMITIVE_AE + parameterSetIdentifier: "128" + executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM + implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64 + certificationLevel: [ "none" ], + mode: CRYPTO_ALGORITHM_MODE_GCM + cryptoFunctions: [ + CRYPTO_ALGORITHM_FUNCTION_KEYGEN, + CRYPTO_ALGORITHM_FUNCTION_ENCRYPT, + CRYPTO_ALGORITHM_FUNCTION_DECRYPT, + CRYPTO_ALGORITHM_FUNCTION_TAG + ] + classicalSecurityLevel: 128 + nistQuantumSecurityLevel: 1 + }, + oid: "oid:2.16.840.1.101.3.4.1.6" + } + }, + { + type: CLASSIFICATION_LIBRARY + bom_ref: "crypto-library" + name: "Crypto library" + version: "1.0.0" + }, + { + type: CLASSIFICATION_LIBRARY + bom_ref: "some-library" + name: "Some library" + version: "1.0.0" + } +], +dependencies: [ + { + ref: "acme-application" + dependencies { + ref: "crypto-library" + } + }, + { + ref: "crypto-library" + provides: [ "aes128gcm" ] + dependencies { + ref: "some-library" + } + } +] diff --git a/src/test/resources/1.6/valid-cryptography-implementation-1.6.xml b/src/test/resources/1.6/valid-cryptography-implementation-1.6.xml new file mode 100644 index 0000000000..e86ae59405 --- /dev/null +++ b/src/test/resources/1.6/valid-cryptography-implementation-1.6.xml @@ -0,0 +1,51 @@ + + + + + Acme Application + 1.0 + + + + + AES + + algorithm + + ae + 128 + software-plain-ram + x86_64 + none + gcm + + keygen + encrypt + decrypt + tag + + 128 + 1 + + oid:2.16.840.1.101.3.4.1.6 + + + + Crypto library + 1.0.0 + + + Some library + 1.0.0 + + + + + + + + + + + + diff --git a/src/test/resources/1.6/valid-dependency-1.6.json b/src/test/resources/1.6/valid-dependency-1.6.json new file mode 100644 index 0000000000..1e87f38efb --- /dev/null +++ b/src/test/resources/1.6/valid-dependency-1.6.json @@ -0,0 +1,39 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "library-a", + "type": "library", + "name": "library-a", + "version": "1.0.0" + }, + { + "bom-ref": "library-b", + "type": "library", + "name": "library-b", + "version": "1.0.0" + }, + { + "bom-ref": "library-c", + "type": "library", + "name": "library-c", + "version": "1.0.0" + } + ], + "dependencies": [ + { + "ref": "library-a", + "dependsOn": [] + }, + { + "ref": "library-b", + "dependsOn": [ + "library-c" + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-dependency-1.6.textproto b/src/test/resources/1.6/valid-dependency-1.6.textproto new file mode 100644 index 0000000000..363dfba939 --- /dev/null +++ b/src/test/resources/1.6/valid-dependency-1.6.textproto @@ -0,0 +1,33 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "library-a" + name: "library-a" + version: "1.0.0" +} +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "library-b" + name: "library-b" + version: "1.0.0" +} +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "library-c" + name: "library-c" + version: "1.0.0" +} +dependencies { + ref: "library-a" +} +dependencies { + ref: "library-b" + dependencies { + ref: "library-c" + } +} diff --git a/src/test/resources/1.6/valid-dependency-1.6.xml b/src/test/resources/1.6/valid-dependency-1.6.xml new file mode 100644 index 0000000000..7fab834768 --- /dev/null +++ b/src/test/resources/1.6/valid-dependency-1.6.xml @@ -0,0 +1,23 @@ + + + + + library-a + 1.0.0 + + + library-b + 1.0.0 + + + library-c + 1.0.0 + + + + + + + + + diff --git a/src/test/resources/1.6/valid-empty-components-1.6.json b/src/test/resources/1.6/valid-empty-components-1.6.json new file mode 100644 index 0000000000..a634de3f66 --- /dev/null +++ b/src/test/resources/1.6/valid-empty-components-1.6.json @@ -0,0 +1,9 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + ] +} diff --git a/src/test/resources/1.6/valid-empty-components-1.6.textproto b/src/test/resources/1.6/valid-empty-components-1.6.textproto new file mode 100644 index 0000000000..b40b7c6d8b --- /dev/null +++ b/src/test/resources/1.6/valid-empty-components-1.6.textproto @@ -0,0 +1,6 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" diff --git a/src/test/resources/1.6/valid-empty-components-1.6.xml b/src/test/resources/1.6/valid-empty-components-1.6.xml new file mode 100644 index 0000000000..58f7c84931 --- /dev/null +++ b/src/test/resources/1.6/valid-empty-components-1.6.xml @@ -0,0 +1,5 @@ + + + + + diff --git a/src/test/resources/1.6/valid-evidence-1.6.json b/src/test/resources/1.6/valid-evidence-1.6.json new file mode 100644 index 0000000000..9881905b93 --- /dev/null +++ b/src/test/resources/1.6/valid-evidence-1.6.json @@ -0,0 +1,159 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "group": "com.google.code.findbugs", + "name": "findbugs-project", + "version": "3.0.0", + "licenses": [ + { + "license": { + "id": "LGPL-3.0-or-later", + "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0", + "evidence": { + "identity": { + "field": "purl", + "confidence": 1, + "methods": [ + { + "technique": "filename", + "confidence": 0.1, + "value": "findbugs-project-3.0.0.jar" + }, + { + "technique": "ast-fingerprint", + "confidence": 0.9, + "value": "61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab" + }, + { + "technique": "hash-comparison", + "confidence": 0.7, + "value": "7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf" + } + ], + "tools": [ + "bom-ref-of-tool-that-performed-analysis" + ] + }, + "occurrences": [ + { + "bom-ref": "d6bf237e-4e11-4713-9f62-56d18d5e2079", + "location": "/path/to/component", + "symbol": "test" + }, + { + "bom-ref": "b574d5d1-e3cf-4dcd-9ba5-f3507eb1b175", + "location": "/another/path/to/component" + } + ], + "callstack": { + "frames": [ + { + + "package": "com.apache.logging.log4j.core", + "module": "Logger.class", + "function": "logMessage", + "parameters": [ + "com.acme.HelloWorld", "Level.INFO", "null", "Hello World" + ], + "line": 150, + "column": 17, + "fullFilename": "/path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class" + }, + { + "module": "HelloWorld.class", + "function": "main", + "line": 20, + "column": 12, + "fullFilename": "/path/to/HelloWorld.class" + } + ] + }, + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + }, + { + "license": { + "id": "LGPL-2.1-only", + "url": "https://opensource.org/licenses/LGPL-2.1" + } + } + ], + "copyright": [ + { + "text": "Copyright 2012 Google Inc. All Rights Reserved." + }, + { + "text": "Copyright (C) 2004,2005 Dave Brosius " + }, + { + "text": "Copyright (C) 2005 William Pugh" + }, + { + "text": "Copyright (C) 2004,2005 University of Maryland" + } + ] + } + }, + { + "type": "application", + "group": "com.example", + "name": "example-project", + "version": "1.0.0", + "purl": "pkg:maven/com.example/example-project@1.0.0", + "evidence": { + "identity": [ + { + "field": "group", + "confidence": 0.1, + "concludedValue": "com.example", + "methods": [ + { + "technique": "filename", + "confidence": 0.1, + "value": "example-project-1.0.0.jar" + } + ] + }, + { + "field": "name", + "confidence": 0.1, + "concludedValue": "example-project", + "methods": [ + { + "technique": "filename", + "confidence": 0.1, + "value": "example-project-1.0.0.jar" + } + ] + }, + { + "field": "version", + "confidence": 0.1, + "concludedValue": "1.0.0", + "methods": [ + { + "technique": "filename", + "confidence": 0.1, + "value": "example-project-1.0.0.jar" + } + ] + } + ] + } + } + ] +} diff --git a/src/test/resources/1.6/valid-evidence-1.6.textproto b/src/test/resources/1.6/valid-evidence-1.6.textproto new file mode 100644 index 0000000000..e4819eb0f1 --- /dev/null +++ b/src/test/resources/1.6/valid-evidence-1.6.textproto @@ -0,0 +1,153 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +# proto-file: bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components [ + { + type: CLASSIFICATION_APPLICATION + group: "com.google.code.findbugs" + name: "findbugs-project" + version: "3.0.0" + licenses { + license { + id: "LGPL-3.0-or-later" + url: "https://www.gnu.org/licenses/lgpl-3.0-standalone.html" + } + } + purl: "pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0" + evidence { + identity: { + field: EVIDENCE_FIELD_PURL, + confidence: 1, + methods: [ + { + technique: EVIDENCE_TECHNIQUE_FILENAME, + confidence: 0.1, + value: "findbugs-project-3.0.0.jar" + }, + { + technique: EVIDENCE_TECHNIQUE_AST_FINGERPRINT + confidence: 0.9, + value: "61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab" + }, + { + technique: EVIDENCE_TECHNIQUE_HASH_COMPARISON + confidence: 0.7, + value: "7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf" + } + ], + tools: [ + "bom-ref-of-tool-that-performed-analysis" + ] + }, + occurrences: [ + { + bom_ref: "d6bf237e-4e11-4713-9f62-56d18d5e2079" + location: "/path/to/component" + }, + { + bom_ref: "b574d5d1-e3cf-4dcd-9ba5-f3507eb1b175" + location: "/another/path/to/component" + } + ], + callstack: { + frames: [ + { + package: "com.apache.logging.log4j.core" + module: "Logger.class" + function: "logMessage" + parameters: [ + "com.acme.HelloWorld", "Level.INFO", "null", "Hello World" + ], + line: 150 + column: 17 + fullFilename: "/path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class" + }, + { + module: "HelloWorld.class" + function: "main" + line: 20 + column: 12 + fullFilename: "/path/to/HelloWorld.class" + } + ] + }, + licenses { + license { + id: "Apache-2.0" + url: "http://www.apache.org/licenses/LICENSE-2.0" + } + } + licenses { + license { + id: "LGPL-2.1-only" + url: "https://opensource.org/licenses/LGPL-2.1" + } + } + copyright { + text: "Copyright 2012 Google Inc. All Rights Reserved." + } + copyright { + text: "Copyright (C) 2004,2005 Dave Brosius " + } + copyright { + text: "Copyright (C) 2005 William Pugh" + } + copyright { + text: "Copyright (C) 2004,2005 University of Maryland" + } + } + }, + { + type: CLASSIFICATION_APPLICATION + group: "com.example" + name: "example-project" + version: "1.0.0" + purl: "pkg:maven/com.example/example-project@1.0.0" + evidence: { + identity: [ + { + field: EVIDENCE_FIELD_GROUP + confidence: 0.1 + methods: [ + { + technique: EVIDENCE_TECHNIQUE_FILENAME + confidence: 0.1 + value: "example-project-1.0.0.jar" + } + ] + concludedValue: "com.example" + }, + { + field: EVIDENCE_FIELD_NAME + confidence: 0.1 + methods: [ + { + technique: EVIDENCE_TECHNIQUE_FILENAME + confidence: 0.1 + value: "example-project-1.0.0.jar" + } + ] + concludedValue: "example-project" + }, + { + field: EVIDENCE_FIELD_VERSION + confidence: 0.1 + methods: [ + { + technique: EVIDENCE_TECHNIQUE_FILENAME + confidence: 0.1 + value: "example-project-1.0.0.jar" + } + ] + concludedValue: "1.0.0" + } + ] + } + } +] diff --git a/src/test/resources/1.6/valid-evidence-1.6.xml b/src/test/resources/1.6/valid-evidence-1.6.xml new file mode 100644 index 0000000000..5d0cbf1341 --- /dev/null +++ b/src/test/resources/1.6/valid-evidence-1.6.xml @@ -0,0 +1,137 @@ + + + + + com.google.code.findbugs + findbugs-project + 3.0.0 + + + LGPL-3.0-or-later + https://www.gnu.org/licenses/lgpl-3.0-standalone.html + + + pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0 + + + purl + 1 + + + filename + 0.1 + findbugs-project-3.0.0.jar + + + ast-fingerprint + 0.9 + 61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab + + + hash-comparison + 0.7 + 7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf + + + + + + + + + /path/to/component + test + + + /another/path/to/component + + + + + + com.apache.logging.log4j.core + Logger.class + logMessage + + com.acme.HelloWorld + Level.INFO + null + Hello World + + 150 + 17 + /path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class + + + HelloWorld.class + main + 20 + 12 + /path/to/HelloWorld.class + + + + + + Apache-2.0 + http://www.apache.org/licenses/LICENSE-2.0 + + + LGPL-2.1-only + https://opensource.org/licenses/LGPL-2.1 + + + + + ]]> + + + + + + + com.example + example-project + 1.0.0 + pkg:maven/com.example/example-project@1.0.0 + + + group + 0.1 + com.example + + + filename + 0.1 + example-project-1.0.0.jar + + + + + name + 0.1 + example-project + + + filename + 0.1 + example-project-1.0.0.jar + + + + + version + 0.1 + 1.0.0 + + + filename + 0.1 + example-project-1.0.0.jar + + + + + + + diff --git a/src/test/resources/1.6/valid-external-elements-1.6.xml b/src/test/resources/1.6/valid-external-elements-1.6.xml new file mode 100644 index 0000000000..768137a748 --- /dev/null +++ b/src/test/resources/1.6/valid-external-elements-1.6.xml @@ -0,0 +1,158 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + Banana + + + Banana + + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + Apache Catalina + + + Apache-2.0 + + Banana + + + Banana + + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + Banana + + + Banana + + + + Banana + + + Banana + + + + + foo + 1.0 + + + Banana + + + Banana + + + + + bar + 1.0 + + + Banana + + + Banana + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-07T22:01:45Z + John Doe + john.doe@example.com + + Banana + + + Banana + + + + 2018-11-07T22:01:45Z + Jane Doe + jane.doe@example.com + + Banana + + + Banana + + + Initial commit + + Banana + + + Banana + + + + Banana + + + Banana + + + Commentary here + + Banana + + + Banana + + + + Banana + + + Banana + + + + Banana + + + Banana + + + + Banana + + + Banana + + diff --git a/src/test/resources/1.6/valid-external-reference-1.6.json b/src/test/resources/1.6/valid-external-reference-1.6.json new file mode 100644 index 0000000000..f5e2456129 --- /dev/null +++ b/src/test/resources/1.6/valid-external-reference-1.6.json @@ -0,0 +1,218 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "org.example", + "name": "mylibrary", + "version": "1.0.0", + "externalReferences": [ + { + "type": "advisories", + "url": "https://example.org/security/feed/csaf", + "comment": "Security advisories from the vendor" + }, + { + "type": "bom", + "url": "https://example.org/support/sbom/portal-server/1.0.0", + "comment": "An external SBOM that describes what this component includes", + "hashes": [ + { + "alg": "SHA-256", + "content": "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" + } + ] + }, + { + "type": "documentation", + "url": "https://example.org/support/documentation/portal-server/1.0.0", + "comment": "Vendor provided documentation for the product" + } + ] + }, + { + "type": "application", + "name": "dummy", + "description": "this component has all external reference types possible", + "externalReferences": [ + { + "type": "vcs", + "url": "http://example.com/extref/vcs" + }, + { + "type": "issue-tracker", + "url": "http://example.com/extref/issue-tracker" + }, + { + "type": "website", + "url": "http://example.com/extref/website" + }, + { + "type": "advisories", + "url": "http://example.com/extref/advisories" + }, + { + "type": "bom", + "url": "http://example.com/extref/bom" + }, + { + "type": "mailing-list", + "url": "http://example.com/extref/mailing-list" + }, + { + "type": "social", + "url": "http://example.com/extref/social" + }, + { + "type": "chat", + "url": "http://example.com/extref/chat" + }, + { + "type": "documentation", + "url": "http://example.com/extref/documentation" + }, + { + "type": "support", + "url": "http://example.com/extref/support" + }, + { + "type": "source-distribution", + "url": "http://example.com/extref/source-distribution" + }, + { + "type": "distribution", + "url": "http://example.com/extref/distribution" + }, + { + "type": "distribution-intake", + "url": "http://example.com/extref/distribution-intake" + }, + { + "type": "license", + "url": "http://example.com/extref/license" + }, + { + "type": "build-meta", + "url": "http://example.com/extref/build-meta" + }, + { + "type": "build-system", + "url": "http://example.com/extref/build-system" + }, + { + "type": "release-notes", + "url": "http://example.com/extref/release-notes" + }, + { + "type": "security-contact", + "url": "http://example.com/extref/security-contact" + }, + { + "type": "model-card", + "url": "http://example.com/extref/model-card" + }, + { + "type": "log", + "url": "http://example.com/extref/log" + }, + { + "type": "configuration", + "url": "http://example.com/extref/configuration" + }, + { + "type": "evidence", + "url": "http://example.com/extref/evidence" + }, + { + "type": "formulation", + "url": "http://example.com/extref/formulation" + }, + { + "type": "attestation", + "url": "http://example.com/extref/attestation" + }, + { + "type": "threat-model", + "url": "http://example.com/extref/threat-model" + }, + { + "type": "adversary-model", + "url": "http://example.com/extref/adversary-model" + }, + { + "type": "risk-assessment", + "url": "http://example.com/extref/risk-assessment" + }, + { + "type": "vulnerability-assertion", + "url": "http://example.com/extref/vulnerability-assertion" + }, + { + "type": "exploitability-statement", + "url": "http://example.com/extref/exploitability-statement" + }, + { + "type": "pentest-report", + "url": "http://example.com/extref/pentest-report" + }, + { + "type": "static-analysis-report", + "url": "http://example.com/extref/static-analysis-report" + }, + { + "type": "dynamic-analysis-report", + "url": "http://example.com/extref/dynamic-analysis-report" + }, + { + "type": "runtime-analysis-report", + "url": "http://example.com/extref/runtime-analysis-report" + }, + { + "type": "component-analysis-report", + "url": "http://example.com/extref/component-analysis-report" + }, + { + "type": "maturity-report", + "url": "http://example.com/extref/maturity-report" + }, + { + "type": "certification-report", + "url": "http://example.com/extref/certification-report" + }, + { + "type": "quality-metrics", + "url": "http://example.com/extref/quality-metrics" + }, + { + "type": "codified-infrastructure", + "url": "http://example.com/extref/codified-infrastructure" + }, + { + "type": "poam", + "url": "http://example.com/extref/poam" + }, + { + "type": "electronic-signature", + "url": "http://example.com/extref/electronic-signature" + }, + { + "type": "digital-signature", + "url": "http://example.com/extref/digital-signature" + }, + { + "type": "rfc-9116", + "url": "http://example.com/extref/rfc-9116" + }, + { + "type": "other", + "url": "http://example.com/extref/other" + } + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-external-reference-1.6.textproto b/src/test/resources/1.6/valid-external-reference-1.6.textproto new file mode 100644 index 0000000000..9a8c3df2d6 --- /dev/null +++ b/src/test/resources/1.6/valid-external-reference-1.6.textproto @@ -0,0 +1,209 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + publisher: "Acme Inc" + group: "org.example" + name: "mylibrary" + version: "1.0.0" + external_references { + type: EXTERNAL_REFERENCE_TYPE_ADVISORIES + url: "https://example.org/security/feed/csaf" + comment: "Security advisories from the vendor" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_BOM + url: "https://example.org/support/sbom/portal-server/1.0.0" + comment: "An external SBOM that describes what this component includes" + hashes { + alg: HASH_ALG_SHA_256 + value: "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" + } + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "https://example.org/support/documentation/portal-server/1.0.0" + comment: "Vendor provided documentation for the product" + } +} +components { + type: CLASSIFICATION_APPLICATION + name: "dummy" + description: "this component has all external reference types possible" + external_references { + type: EXTERNAL_REFERENCE_TYPE_VCS + url: "http://example.com/extref/vcs" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_ISSUE_TRACKER + url: "http://example.com/extref/issue-tracker" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_WEBSITE + url: "http://example.com/extref/website" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_ADVISORIES + url: "http://example.com/extref/advisories" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_BOM + url: "http://example.com/extref/bom" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_MAILING_LIST + url: "http://example.com/extref/mailing-list" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_SOCIAL + url: "http://example.com/extref/social" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_CHAT + url: "http://example.com/extref/chat" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "http://example.com/extref/documentation" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_SUPPORT + url: "http://example.com/extref/support" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_SOURCE_DISTRIBUTION + url: "http://example.com/extref/source-distribution" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DISTRIBUTION + url: "http://example.com/extref/distribution" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DISTRIBUTION_INTAKE + url: "http://example.com/extref/distribution-intake" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_LICENSE + url: "http://example.com/extref/license" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_BUILD_META + url: "http://example.com/extref/build-meta" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_BUILD_SYSTEM + url: "http://example.com/extref/build-system" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_RELEASE_NOTES + url: "http://example.com/extref/release-notes" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_SECURITY_CONTACT + url: "http://example.com/extref/security-contact" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_MODEL_CARD + url: "http://example.com/extref/model-card" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_LOG + url: "http://example.com/extref/log" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_CONFIGURATION + url: "http://example.com/extref/configuration" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_EVIDENCE + url: "http://example.com/extref/evidence" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_FORMULATION + url: "http://example.com/extref/formulation" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_ATTESTATION + url: "http://example.com/extref/attestation" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_THREAT_MODEL + url: "http://example.com/extref/threat-model" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_ADVERSARY_MODEL + url: "http://example.com/extref/adversary-model" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_RISK_ASSESSMENT + url: "http://example.com/extref/risk-assessment" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_VULNERABILITY_ASSERTION + url: "http://example.com/extref/vulnerability-assertion" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_EXPLOITABILITY_STATEMENT + url: "http://example.com/extref/exploitability-statement" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_PENTEST_REPORT + url: "http://example.com/extref/pentest-report" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_STATIC_ANALYSIS_REPORT + url: "http://example.com/extref/static-analysis-report" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DYNAMIC_ANALYSIS_REPORT + url: "http://example.com/extref/dynamic-analysis-report" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_RUNTIME_ANALYSIS_REPORT + url: "http://example.com/extref/runtime-analysis-report" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_COMPONENT_ANALYSIS_REPORT + url: "http://example.com/extref/component-analysis-report" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_MATURITY_REPORT + url: "http://example.com/extref/maturity-report" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_CERTIFICATION_REPORT + url: "http://example.com/extref/certification-report" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_QUALITY_METRICS + url: "http://example.com/extref/quality-metrics" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_CODIFIED_INFRASTRUCTURE + url: "http://example.com/extref/codified-infrastructure" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_POAM + url: "http://example.com/extref/poam" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_ELECTRONIC_SIGNATURE + url: "http://example.com/extref/electronic-signature" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DIGITAL_SIGNATURE + url: "http://example.com/extref/digital-signature" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_RFC_9116 + url: "http://example.com/extref/rfc-9116" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_OTHER + url: "http://example.com/extref/other" + } +} diff --git a/src/test/resources/1.6/valid-external-reference-1.6.xml b/src/test/resources/1.6/valid-external-reference-1.6.xml new file mode 100644 index 0000000000..95cffa0d2d --- /dev/null +++ b/src/test/resources/1.6/valid-external-reference-1.6.xml @@ -0,0 +1,77 @@ + + + + + Acme Inc + org.example + mylibrary + 1.0.0 + + + https://example.org/security/feed/csaf + Security advisories from the vendor + + + https://example.org/support/sbom/portal-server/1.0.0 + An external SBOM that describes what this component includes + + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 + + + + https://example.org/support/documentation/portal-server/1.0.0 + Vendor provided documentation for the product + + + + + dummy + this component has all external reference types possible + + http://example.com/extref/vcs + http://example.com/extref/issue-tracker + http://example.com/extref/website + http://example.com/extref/advisories + http://example.com/extref/bom + http://example.com/extref/mailing-list + http://example.com/extref/social + http://example.com/extref/chat + http://example.com/extref/documentation + http://example.com/extref/support + http://example.com/extref/source-distribution + http://example.com/extref/distribution + http://example.com/extref/distribution-intake + http://example.com/extref/license + http://example.com/extref/build-meta + http://example.com/extref/build-system + http://example.com/extref/release-notes + http://example.com/extref/security-contact + http://example.com/extref/model-card + http://example.com/extref/log + http://example.com/extref/configuration + http://example.com/extref/evidence + http://example.com/extref/formulation + http://example.com/extref/attestation + http://example.com/extref/threat-model + http://example.com/extref/adversary-model + http://example.com/extref/risk-assessment + http://example.com/extref/vulnerability-assertion + http://example.com/extref/exploitability-statement + http://example.com/extref/pentest-report + http://example.com/extref/static-analysis-report + http://example.com/extref/dynamic-analysis-report + http://example.com/extref/runtime-analysis-report + http://example.com/extref/component-analysis-report + http://example.com/extref/maturity-report + http://example.com/extref/certification-report + http://example.com/extref/quality-metrics + http://example.com/extref/codified-infrastructure + http://example.com/extref/poam + http://example.com/extref/electronic-signature + http://example.com/extref/digital-signature + http://example.com/extref/rfc-9116 + http://example.com/extref/other + + + + diff --git a/src/test/resources/1.6/valid-formulation-1.6.json b/src/test/resources/1.6/valid-formulation-1.6.json new file mode 100644 index 0000000000..0f8ee5a6f8 --- /dev/null +++ b/src/test/resources/1.6/valid-formulation-1.6.json @@ -0,0 +1,295 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "org.example", + "name": "mylibrary", + "version": "1.0.0" + } + ], + "formulation": [ + { + "bom-ref": "formula-1", + "components": [ + { + "bom-ref": "component-1", + "type": "platform", + "name": "Pipeline controller image", + "version": "v0.47.0" + } + ], + "workflows": [ + { + "bom-ref": "workflow-1", + "uid": "8edb2b08-e2c7-11ed-b5ea-0242ac120002", + "name": "My workflow", + "description": "Workflow description here", + "resourceReferences": [ + { + "ref": "component-a" + } + ], + "tasks": [ + { + "bom-ref": "task-1", + "uid": "task-uid-1", + "name": "fetch-repository", + "description": "Description here", + "resourceReferences": [ + { + "ref": "component-a" + } + ], + "taskTypes": [ "clone", "build" ], + "trigger": { + "bom-ref": "trigger-1", + "uid": "trigger-1", + "type": "api" + }, + "steps": [ + { + "name": "My step" + } + ], + "inputs": [ + { + "resource": { + "ref": "component-a" + } + } + ], + "outputs": [ + { + "resource": { + "ref": "component-b" + } + } + ], + "timeStart": "2023-01-01T00:00:00+00:00", + "timeEnd": "2023-01-01T00:00:00+00:00", + "workspaces": [ + { + "bom-ref": "workspace-1", + "uid": "workspace-uid-1", + "name": "workspace" + } + ], + "runtimeTopology": [ + { + "ref": "task-1", + "dependsOn": [ "task-2" ] + } + ] + } + ], + "taskDependencies": [ + { + "ref": "task-1", + "dependsOn": ["task-2"] + } + ], + "taskTypes": [ "clone", "build" ], + "trigger": { + "bom-ref": "trigger-2", + "uid": "trigger-uid-2", + "name": "My trigger", + "description": "Description here", + "resourceReferences": [ + { + "ref": "component-a" + } + ], + "type": "api", + "event": { + "uid": "event-1", + "description": "Description here", + "timeReceived": "2023-01-01T00:00:00+00:00", + "data": { + "contentType": "text/plain", + "content": "Foo/Bar" + }, + "source": { + "ref": "component-g" + }, + "target": { + "ref": "component-h" + }, + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + }, + "conditions": [ + { + "description": "Description here", + "expression": "1 == 1", + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ], + "timeActivated": "2023-01-01T00:00:00+00:00", + "inputs": [ + { + "resource": { + "ref": "component-10" + }, + "source": { + "ref": "component-11" + }, + "target": { + "ref": "component-12" + } + } + ], + "outputs": [ + { + "resource": { + "ref": "component-14" + }, + "type": "artifact", + "source": { + "ref": "component-15" + }, + "target": { + "ref": "component-16" + } + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + }, + "steps": [ + { + "name": "My step", + "description": "Description here", + "commands": [ + { + "executed": "ls -las", + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ], + "inputs": [ + { + "environmentVars": [ + { + "name": "Foo", + "value": "Bar" + } + ] + }, + { + "environmentVars": [ + "FooBar" + ] + }, + { + "environmentVars": [ + { + "name": "Foo", + "value": "Bar" + }, + "FooBar" + ] + } + ], + "outputs": [ + { + "environmentVars": [ + { + "name": "Foo", + "value": "Bar" + } + ] + }, + { + "environmentVars": [ + "FooBar" + ] + }, + { + "environmentVars": [ + { + "name": "Foo", + "value": "Bar" + }, + "FooBar" + ] + } + ], + "timeStart": "2023-01-01T00:00:00+00:00", + "timeEnd": "2023-01-01T00:00:10+00:00", + "workspaces": [ + { + "bom-ref": "workspace-2", + "uid": "workspace-2", + "name": "My workspace", + "aliases": [ "default-workspace" ], + "description": "Description here", + "resourceReferences": [ + { + "ref": "component-t" + } + ], + "accessMode": "read-write", + "mountPath": "/tmp/workspace", + "managedDataType": "ConfigMap", + "volumeRequest": "requestedVolumeClaim", + "volume": { + "uid": "volume-1", + "name": "My volume", + "mode": "filesystem", + "path": "/", + "sizeAllocated": "10GB", + "persistent": true, + "remote": false + } + } + ], + "runtimeTopology": [ + { + "ref": "component-s", + "dependsOn": [ + "component-r" + ] + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-formulation-1.6.textproto b/src/test/resources/1.6/valid-formulation-1.6.textproto new file mode 100644 index 0000000000..7d71e3419d --- /dev/null +++ b/src/test/resources/1.6/valid-formulation-1.6.textproto @@ -0,0 +1,338 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + publisher: "Acme Inc" + group: "org.example" + name: "mylibrary", + version: "1.0.0" +} +formulation: [ + { + bom_ref: "formula-1" + components: [ + { + bom_ref: "component-1" + type: CLASSIFICATION_PLATFORM + name: "Pipeline controller image" + version: "v0.47.0" + } + ] + workflows: [ + { + bom_ref: "workflow-1" + uid: "8edb2b08-e2c7-11ed-b5ea-0242ac120002" + name: "My workflow" + description: "Workflow description here" + resourceReferences: [ + { + ref: "component-a" + } + ] + tasks: [ + { + bom_ref: "task-1" + uid: "task-uid-1" + name: "fetch-repository" + description: "Description here" + resourceReferences: [ + { + ref: "component-a" + } + ] + taskTypes: [ + TASK_TYPE_CLONE, TASK_TYPE_BUILD + ] + trigger { + bom_ref: "trigger-1" + uid: "trigger-1" + type: TRIGGER_TYPE_API + } + steps: [ + { + name: "My step" + } + ] + inputs: [ + { + resource: { + ref: "component-a" + } + } + ] + outputs: [ + { + resource: { + ref: "component-b" + } + } + ] + timeStart { + seconds: 1672531200 + nanos: 0 + } + timeEnd { + seconds: 1672531200 + nanos: 0 + } + workspaces: [ + { + bom_ref: "workspace-1" + uid: "workspace-uid-1" + name: "workspace" + } + ] + runtimeTopology: [ + { + ref: "task-1" + dependencies: [ + { + ref: "task-2" + } + ] + } + ] + } + ] + taskDependencies: [ + { + ref: "task-1" + dependencies: [ + { + ref: "task-2" + } + ] + } + ] + taskTypes: [ TASK_TYPE_CLONE, TASK_TYPE_BUILD ] + trigger: { + bom_ref: "trigger-2" + uid: "trigger-uid-2" + name: "My trigger" + description: "Description here" + resourceReferences: [ + { + ref: "component-a" + } + ] + type: TRIGGER_TYPE_API + event: { + uid: "event-1" + description: "Description here" + timeReceived { + seconds: 1672531200 + nanos: 0 + } + data: { + content_type: "text/plain" + value: "Foo/Bar" + } + source: { + ref: "component-g" + } + target: { + ref: "component-h" + } + properties: [ + { + name: "Foo" + value: "Bar" + } + ] + } + conditions: [ + { + description: "Description here" + expression: "1 == 1" + properties: [ + { + name: "Foo" + value: "Bar" + } + ] + } + ] + timeActivated { + seconds: 1672531200 + nanos: 0 + } + inputs: [ + { + resource: { + ref: "component-10" + } + source: { + ref: "component-11" + } + target: { + ref: "component-12" + } + } + ] + outputs: [ + { + resource: { + ref: "component-14" + } + type: OUTPUT_TYPE_ARTIFACT + source: { + ref: "component-15" + } + target: { + ref: "component-16" + } + } + ] + properties: [ + { + name: "Foo" + value: "Bar" + } + ] + } + steps: [ + { + name: "My step" + description: "Description here" + commands: [ + { + executed: "ls -las" + properties: [ + { + name: "Foo" + value: "Bar" + } + ] + } + ] + properties: [ + { + name: "Foo" + value: "Bar" + } + ] + } + ] + inputs: [ + { + environmentVars: [ + { + property: { + name: "Foo" + value: "Bar" + } + } + ] + }, + { + environmentVars: [ + { + value: "FooBar" + } + ] + }, + { + environmentVars: [ + { + property: { + name: "Foo" + value: "Bar" + } + }, + { + value: "FooBar" + } + ] + } + ] + outputs: [ + { + environmentVars: [ + { + property: { + name: "Foo" + value: "Bar" + } + } + ] + }, + { + environmentVars: [ + { + value: "FooBar" + } + ] + }, + { + environmentVars: [ + { + property: { + name: "Foo" + value: "Bar" + } + }, + { + value: "FooBar" + } + ] + } + ] + timeStart { + seconds: 1672531200 + nanos: 0 + } + timeEnd { + seconds: 1672531210 + nanos: 0 + } + workspaces: [ + { + bom_ref: "workspace-2" + uid: "workspace-1" + name: "My workspace" + aliases: [ "default-workspace" ] + description: "Description here" + resourceReferences: [ + { + ref: "component-t" + } + ] + accessMode: ACCESS_MODE_READ_WRITE + mountPath: "/tmp/workspace" + managedDataType: "ConfigMap" + volumeRequest: "requestedVolumeClaim" + volume: { + uid: "volume-1" + name: "My volume" + mode: VOLUME_MODE_FILESYSTEM + path: "/" + sizeAllocated: "10GB" + persistent: true + remote: false + } + } + ] + runtimeTopology: [ + { + ref: "component-s" + dependencies: [ + { + ref: "component-r" + } + ] + } + ] + properties: [ + { + name: "Foo" + value: "Bar" + } + ] + } + ] + } +] diff --git a/src/test/resources/1.6/valid-formulation-1.6.xml b/src/test/resources/1.6/valid-formulation-1.6.xml new file mode 100644 index 0000000000..3844182535 --- /dev/null +++ b/src/test/resources/1.6/valid-formulation-1.6.xml @@ -0,0 +1,251 @@ + + + + + Acme Inc + org.example + mylibrary + 1.0.0 + + + + + + + Pipeline controller image + v0.47.0 + + + + + 8edb2b08-e2c7-11ed-b5ea-0242ac120002 + My workflow + Workflow description here + + + component-a + + + + + task-uid-1 + fetch-repository + Description here + + + component-a + + + + clone + build + + + trigger-1 + api + + + + My step + + + + + + component-a + + + + + + + component-b + + + + 2023-01-01T00:00:00+00:00 + 2023-01-01T00:00:00+00:00 + + + workspace-uid-1 + workspace + + + + + + + + + + + + + + + + clone + build + + + trigger-uid-2 + My trigger + Description here + + + component-a + + + api + + event-1 + Description here + 2023-01-01T00:00:00+00:00 + Foo/Bar + + component-g + + + component-h + + + Bar + + + + + Description here + 1 == 1 + + Bar + + + + 2023-01-01T00:00:00+00:00 + + + + component-10 + + + component-11 + + + component-12 + + + + + + + component-14 + + artifact + + component-15 + + + component-16 + + + + + Bar + + + + + My step + Description here + + + ls -las + + Bar + + + + + Bar + + + + + + + Bar + + + + + FooBar + + + + + Bar + FooBar + + + + + + + Bar + + + + + FooBar + + + + + Bar + FooBar + + + + 2023-01-01T00:00:00+00:00 + 2023-01-01T00:00:10+00:00 + + + workspace-1 + My workspace + + default-workspace + + Description here + + + component-t + + + read-write + /tmp/workspace + ConfigMap + requestedVolumeClaim + + volume-1 + My volume + filesystem + / + 10GB + true + false + + + + + + + + + + Bar + + + + + + diff --git a/src/test/resources/1.6/valid-license-expression-1.6.json b/src/test/resources/1.6/valid-license-expression-1.6.json new file mode 100644 index 0000000000..dd4f6b99a1 --- /dev/null +++ b/src/test/resources/1.6/valid-license-expression-1.6.json @@ -0,0 +1,44 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "description": "Modified version of Apache Catalina", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ], + "licenses": [ + { + "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", + "acknowledgement": "declared", + "bom-ref": "my-license" + } + ], + "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" + } + ] +} diff --git a/src/test/resources/1.6/valid-license-expression-1.6.textproto b/src/test/resources/1.6/valid-license-expression-1.6.textproto new file mode 100644 index 0000000000..6666405fa8 --- /dev/null +++ b/src/test/resources/1.6/valid-license-expression-1.6.textproto @@ -0,0 +1,37 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_APPLICATION + publisher: "Acme Inc" + group: "com.acme" + name: "tomcat-catalina" + version: "9.0.14" + description: "Modified version of Apache Catalina" + scope: SCOPE_REQUIRED + hashes { + alg: HASH_ALG_MD_5 + value: "3942447fac867ae5cdb3229b658f4d48" + } + hashes { + alg: HASH_ALG_SHA_1 + value: "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + } + hashes { + alg: HASH_ALG_SHA_512 + value: "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + licenses { + expression: "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" + acknowledgement: LICENSE_ACKNOWLEDGEMENT_ENUMERATION_DECLARED + bom_ref: "my-license" + } + purl: "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" +} diff --git a/src/test/resources/1.6/valid-license-expression-1.6.xml b/src/test/resources/1.6/valid-license-expression-1.6.xml new file mode 100644 index 0000000000..77035ad796 --- /dev/null +++ b/src/test/resources/1.6/valid-license-expression-1.6.xml @@ -0,0 +1,23 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.6/valid-license-id-1.6.json b/src/test/resources/1.6/valid-license-id-1.6.json new file mode 100644 index 0000000000..f66e2dfcfb --- /dev/null +++ b/src/test/resources/1.6/valid-license-id-1.6.json @@ -0,0 +1,46 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "description": "Modified version of Apache Catalina", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared", + "bom-ref": "my-license" + } + } + ], + "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" + } + ] +} diff --git a/src/test/resources/1.6/valid-license-id-1.6.textproto b/src/test/resources/1.6/valid-license-id-1.6.textproto new file mode 100644 index 0000000000..2b9009d7c3 --- /dev/null +++ b/src/test/resources/1.6/valid-license-id-1.6.textproto @@ -0,0 +1,39 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_APPLICATION + publisher: "Acme Inc" + group: "com.acme" + name: "tomcat-catalina" + version: "9.0.14" + description: "Modified version of Apache Catalina" + scope: SCOPE_REQUIRED + hashes { + alg: HASH_ALG_MD_5 + value: "3942447fac867ae5cdb3229b658f4d48" + } + hashes { + alg: HASH_ALG_SHA_1 + value: "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + } + hashes { + alg: HASH_ALG_SHA_512 + value: "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + licenses { + license { + id: "Apache-2.0" + acknowledgement: LICENSE_ACKNOWLEDGEMENT_ENUMERATION_DECLARED + bom_ref: "my-license" + } + } + purl: "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" +} diff --git a/src/test/resources/1.6/valid-license-id-1.6.xml b/src/test/resources/1.6/valid-license-id-1.6.xml new file mode 100644 index 0000000000..1ab6b94f75 --- /dev/null +++ b/src/test/resources/1.6/valid-license-id-1.6.xml @@ -0,0 +1,25 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.6/valid-license-licensing-1.6.json b/src/test/resources/1.6/valid-license-licensing-1.6.json new file mode 100644 index 0000000000..613e38a022 --- /dev/null +++ b/src/test/resources/1.6/valid-license-licensing-1.6.json @@ -0,0 +1,56 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "cryptographic-provider", + "version": "2.2.0", + "licenses": [ + { + "license": { + "bom-ref": "acme-license-1", + "name": "Acme Commercial License", + "licensing": { + "altIds": [ + "acme", "acme-license" + ], + "licensor": { + "organization": { + "name": "Acme Inc", + "contact": [ + { + "name": "Acme Licensing Fulfillment", + "email": "licensing@example.com" + } + ] + } + }, + "licensee": { + "organization": { + "name": "Example Co." + } + }, + "purchaser": { + "individual": { + "name": "Samantha Wright", + "email": "samantha.wright@gmail.com", + "phone": "800-555-1212" + } + }, + "purchaseOrder": "PO-12345", + "licenseTypes": ["appliance"], + "lastRenewal": "2022-04-13T20:20:39+00:00", + "expiration": "2023-04-13T20:20:39+00:00" + } + } + } + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-license-licensing-1.6.textproto b/src/test/resources/1.6/valid-license-licensing-1.6.textproto new file mode 100644 index 0000000000..f6079d4832 --- /dev/null +++ b/src/test/resources/1.6/valid-license-licensing-1.6.textproto @@ -0,0 +1,54 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + publisher: "Acme Inc" + group: "com.acme" + name: "cryptographic-provider" + version: "2.2.0" + licenses { + license { + bom_ref: "acme-license-1" + name: "Acme Commercial License" + licensing { + altIds: "acme" + altIds: "acme-license" + licensor { + organization { + name: "Acme Inc" + contact { + name: "Acme Licensing Fulfillment" + email: "licensing@example.com" + } + } + } + licensee { + organization { + name: "Example Co." + } + } + purchaser { + individual { + name: "Samantha Wright" + email: "samantha.wright@gmail.com" + phone: "800-555-1212" + } + } + purchaseOrder: "PO-12345" + licenseTypes: LICENSING_TYPE_APPLIANCE + lastRenewal { + seconds: 1649881239 + nanos: 3 + } + expiration { + seconds: 1681417239 + nanos: 3 + } + } + } + } +} diff --git a/src/test/resources/1.6/valid-license-licensing-1.6.xml b/src/test/resources/1.6/valid-license-licensing-1.6.xml new file mode 100644 index 0000000000..6f620e842d --- /dev/null +++ b/src/test/resources/1.6/valid-license-licensing-1.6.xml @@ -0,0 +1,49 @@ + + + + + Acme Inc + com.acme + cryptographic-provider + 2.2.0 + + + Acme Commercial License + + + acme + acme-license + + + + Acme Inc + + Acme Licensing Fulfillment + licensing@example.com + + + + + + Example Co. + + + + + Samantha Wright + samantha.wright@gmail.com + 800-555-1212 + + + PO-12345 + + appliance + + 2022-04-13T20:20:39+00:00 + 2023-04-13T20:20:39+00:00 + + + + + + diff --git a/src/test/resources/1.6/valid-license-name-1.6.json b/src/test/resources/1.6/valid-license-name-1.6.json new file mode 100644 index 0000000000..1afc8250bf --- /dev/null +++ b/src/test/resources/1.6/valid-license-name-1.6.json @@ -0,0 +1,45 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "description": "Modified version of Apache Catalina", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ], + "licenses": [ + { + "license": { + "name": "Apache License 2.0", + "bom-ref": "my-license" + } + } + ], + "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" + } + ] +} diff --git a/src/test/resources/1.6/valid-license-name-1.6.textproto b/src/test/resources/1.6/valid-license-name-1.6.textproto new file mode 100644 index 0000000000..a157dbd008 --- /dev/null +++ b/src/test/resources/1.6/valid-license-name-1.6.textproto @@ -0,0 +1,38 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_APPLICATION + publisher: "Acme Inc" + group: "com.acme" + name: "tomcat-catalina" + version: "9.0.14" + description: "Modified version of Apache Catalina" + scope: SCOPE_REQUIRED + hashes { + alg: HASH_ALG_MD_5 + value: "3942447fac867ae5cdb3229b658f4d48" + } + hashes { + alg: HASH_ALG_SHA_1 + value: "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + } + hashes { + alg: HASH_ALG_SHA_512 + value: "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + licenses { + license { + name: "Apache License 2.0" + bom_ref: "my-license" + } + } + purl: "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" +} diff --git a/src/test/resources/1.6/valid-license-name-1.6.xml b/src/test/resources/1.6/valid-license-name-1.6.xml new file mode 100644 index 0000000000..b6def92e81 --- /dev/null +++ b/src/test/resources/1.6/valid-license-name-1.6.xml @@ -0,0 +1,25 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache License 2.0 + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.6/valid-machine-learning-1.6.json b/src/test/resources/1.6/valid-machine-learning-1.6.json new file mode 100644 index 0000000000..2a621204ff --- /dev/null +++ b/src/test/resources/1.6/valid-machine-learning-1.6.json @@ -0,0 +1,104 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "component-a", + "type": "machine-learning-model", + "publisher": "Acme Inc", + "group": "CompVis", + "name": "stable-diffusion", + "version": "1.4", + "description": "Stable Diffusion is a latent text-to-image diffusion model capable of generating photo-realistic images given any text input. For more information about how Stable Diffusion functions, please have a look at \uD83E\uDD17's Stable Diffusion with \uD83E\uDDE8Diffusers blog.", + "modelCard": { + "modelParameters": { + "approach": { + "type": "supervised" + }, + "task": "task goes here", + "architectureFamily": "the architecture family goes here", + "modelArchitecture": "The architecture of the model.", + "datasets": [ + { + "type": "dataset", + "name": "Training Data", + "contents": { + "url": "https://example.com/path/to/dataset", + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "Two" + } + ] + }, + "classification": "public" + } + ], + "inputs": [ { "format": "string" } ], + "outputs": [ { "format": "byte[]" } ] + }, + "quantitativeAnalysis": { + "performanceMetrics": [ + { + "type": "The type of performance metric", + "value": "The value of the performance metric", + "slice": "The name of the slice this metric was computed on. By default, assume this metric is not sliced", + "confidenceInterval": { + "lowerBound": "The lower bound of the confidence interval", + "upperBound": "The upper bound of the confidence interval" + } + } + ], + "graphics": { + "description": "Performance images", + "collection": [ + { + "name": "FID vs CLIP Scores on 512x512 samples for different v1-versions", + "image": { + "contentType": "image/jpeg", + "encoding": "base64", + "content": "/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAMEBgUGBgYFBgYGBwkIBgcJBwYGCAsICQoKCgoKBggLDAsKDAkKCgr/2wBDAQICAgICAgUDAwUKBwYHCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgr/wAARCAH4AxgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPDv2yv+CkH7G3/AAT/ALrwpYftYfFe68N3PjiW8i8K2tl4S1XV5dQe1WJrgKmnWs7LsWeI/OFyG4ztbGN+y9/wVb/YY/bK+Jp+D/7PHxO8Qav4gXTZb82mpfDPxDpMfkRlA7efqFhBDkF1+XfuOeAcHHyZ/wAFx/ird/BH/gpn+wN8U7D4UeLfHE2j+KfHUieFPAmnRXerahu0qyj2W8U0sSOw37yGkX5UY5JGD9i/smftw69+1R4r1Twvq37DPx4+FKaZp4uk1T4teE7HT7S9JkCeTA9tfXDNKM7iCqjaCc9qANj4f/t7fsnfFH4O/Ef4/eBPit9u8JfCTWNa0v4hat/YV/F/ZV3pMIm1CPypIFln8qMht0KSK/RC54rwnSf+DiL/AII+6xY22sJ+1feWenXao1vq+r/DHxLY2LK33W+03GnJCFOR8xcDnrXyt+wD/wAodv8Ago7/ANlg+NH/AKaEr7a/4IwWNlqf/BIL9njTdSs4ri2uPg3osdxbzxh0lRrNAysp4YEEgg8EGgD6G+F3xW+GPxu8B6d8Ufg58QtF8VeG9Xh83S9e8P6lFeWl0mSCUliZlbBBBweCCDgit+vzQ/4Je+GNH/ZN/wCC1X7Xn7C/wZtE0z4YXGjeHfH2h+FLQbLPQNSvLeNb1LeMfLCkzyBtigKqQxKoAQV9Zf8ABUXVP2qfDP7A/wATPHX7FPjt/D/xL8MeHX1zw5crpFrf/avsbLcT2fkXUUiOZ4I5oVwAweRSGBFAHvtFfB37Zv8AwVc1Sw/4I0eH/wBt39lSaMeP/jNpOiaJ8JdOjiiuHj8TauywJbqkqtHLLav9pYo6sjNaFWDAkHgv2/v2yv2sP2eP2i/gZ+w744/4KA+GvgRo+v8Awqk1Txd+0j4s8Eafdp4j8RWskVvLptulysenWLuC10xdAoWRFUL8quAfpdRXhH7BugftAaX4C1PWPjJ+3l4f/aD0nVLmKbwl4x0Pwhp+lGKEKwlikOnSvb3PzbSsiBMcgg9a8O/4ORPj78R/2dv+CPvxT8U/CjXZ9J1nWxpvh5dXtpSj2Vvf30NvcuGHKloHljDAgqZAQcgUAdj8TP8Aguz/AMEnfhN451P4d+KP2w9KvNT0SYxayfC/h/VNbtrBwSGWe6061ngiKkEMGcbSCDgg16F4w/4KZ/sI+CP2Qbn9vbVP2ktEvPhFZywRXXjTQIbjVIIpZbiO2SIxWUcswk86WNGTZuQt84UAkdh+yh+y58G/2Mv2fvDP7N/wI8IWWj+HfDOlxWsEdpbrG11IqASXUxUZkmlYF3kbLMzEkmvhf/g5o+Fvw2+FP/BC3426b8MvAek+H7bVfEug6nqNro1hHbRXF5Lr2nebcMkYCmR9oLNjLHJOSSSAfpbXnfgb9q74BfEn9ofx1+yn4K8e/bfH3w1s9NuvGug/2XdR/wBnQ38PnWjefJEsM3mR/NiJ3K9GCnivRK/PD9hr/lYa/bm/7E/4b/8ApnoA7zUf+Dhr/gkNpGo6pp2o/tS6jENF1SfTtWvT8LfE5s7S5hkMcqPdDTfJXawILb9vfOOa+svhR8Wvhj8dvh1pHxd+DXjzSvE/hjXrQXOj67ol6lxbXcRJG5HQkHDAqR1VlKkAgivx4/4Iz/8ABVf9ib9kL9lL4q/BL44ah4u1TxRJ8dfGV0nhDw18Lta1l9ShmugqQpLb2j2jPJtZdjzLjPzbQc19af8ABuV+zf8AG39mz/gnjcaX8b/hlf8AgWXxb8Sdd8UeGfAWqxmO58N6PdyR/ZrKSI8wsPLeTyyAyiYbgrblAB9c/tH/ALT37Pv7IXwtu/jV+0z8XNF8F+F7KVYpdX1u7EaPK2dsMajLzSsFYiOMM5CnAODXi3wH/wCC0/8AwTL/AGlfilo3wU+Ef7TsNz4q8RSFNA0bWfCmr6RLqTBSxFub+0hWY4BPyE5A4ry//gtj+yx+1P8AFXxd+z5+1l+y78F9M+K118BPiFc+INa+Eep6vFZf8JDBNBGizQSTgxC5tzGWj3AkNJuUOV2NF8Dv+C437PPxa/aC8Ifsr/tmfsffFL4CfEXxDqiJ4Hs/jB4NWPTtT1HIVI7C/BKvMWbYrlIwWdUVizhSAffNFfBPxj/aW/bl/bK/4KM+Pv8Agn3+wx8bdF+D/hv4J+HtHvvir8T7vwhBr2qXGparC1xZabY2t0fsyJ9nVneaQOQykADbhus+N3x4/ac/4JOf8E8/i9+1B+2D+0XY/HS88G2iXfhK+XwTb+HZ5ZJ3htLazu0tHaJgbuaPM0aoQjn5MqMgH2VRX5gfGnX/APgul+yR+xhP/wAFI/Hn7aXg7xrqPhnQIfFXjz9n5/hXY2OkQ6ZtWW8s7TVInN6JreEuRLIzhzEflPAboP8Agob/AMFC/wBsC68d/sQyf8E7/GOlaZaftJ3F7Nc2PirRYLq0msrjSbS6tbi5+UzKtqty9yY7eWJpTF5ZfDZAB+j9Ffmz+3B+19+2B/wS4+GXgv4M/Ev9vbwb43+JPx1+IZ0vwp8Sfin4S0zwx4f8BaVBbI+oXk6WsiJcLFuQxJNJuZ51VncKEfz3SP8AgqB8Sf2Rf2j/AIQaXr//AAWa+C/7XHgz4o/EKw8F+KPDnhqz8PWGu+F7i/LJbarapo9w5ls0mCpMJlYqrqAxZwVAP1oor8uvjt+3V+0d8Sv+ClvxW/ZD13/gqT4N/ZE0f4frpEfgLStf8D6TeXvjuK7tBNJqC3WtMIGjWUtEsVv8/wApDYZCW/Qb9mDw98Z/C3wQ0XRPj/8AHPS/iV4njE73PjjRvDselQatA8zvbSi1ikkjjbyGiVtjFWZSwwGwADv6K+P/APgrB+2p8f8A9n2/+Dv7LH7H9tokXxZ+P/jl/D/hrXvEtqbix8PWNvEJtQ1N4Aw+0PDEyFIidpLEndt2N5R46+Of/BRr/gl7+058ENI/az/a4034+fCf43fEG18AX2qXnw5sPDuq+FtfvEY2EkP2AiO4tpXSQOsilkVCdxOMgH6L0V+b/jP49/8ABTb49/8ABZH4y/sE/s7ftMaN4B+H/hf4deHdc/4SPUPA9lq11oEk8f7yOyidU8+e5kbJe6klihjgk2xFnXHoH/BN/wDaX/bB0r9tn42/8E2/21fi3pfxK1r4b6RoviTwf8SrDwxBo1xq+lagjh4ru0tv3EcsMqqoaMAMCxPYUAfbGrarYaHpVzreqz+Va2du89zLtLbI0UsxwAScAHgDNfFuif8ABxP/AMEifE2lw654c/aO8S6hZXAJt7yx+Cvi+WKUAkEq66SQ3II4PUV9h/EDSb7X/Aet6FpkQe5vdIuYLdCwUM7xMqjJ4HJHNflZ+zFr/wDwWR/4Inf8E4vCmifF39jb4U/ED4ZfCbQLm48XW/gf4jXf/CUWenG4mu7q88ue0W0l8hJXYxxyMSsR+YDLAA/TL43ftJ/Ar9m34OXn7QXx5+Jum+FPBthFBJea/rLtFDEJnVIgQRu3O7ooXG4lgMZrhf2KP+Ckv7FP/BRSx8S6p+xp8bY/Glt4QvILXxDPDoOoWSW0syyNEAby3i80MI3O6PcvHJGRntvh34x+CP7Y/wAAPC/xX0bSNO8UeCvGuiafr+ixa1psc0csEqJcW7vDKGCyLlTgjKOvYivi7/gkVaWtj/wU4/4KA2VjbRwwxfFPwykUMSBVRRpEgAAHAA9KAPpf9rP/AIKZ/sLfsN+JdM8EftQftC6b4b1/WbL7ZpXhyDT7vUdSurfe6CZLSyhmnMZaORQ+zBMbAHINbX7JH7eP7In7dvhnUfFn7J/xz0nxhb6NdLb61a2yTW17psrZ2rc2lykdxb7trbfMjXdsbGdpx6Nc+FfAmneJrj4oXfhzSYNZGlLZ3XiKSziW5FjG7yrC9wRv8lXkkcIW2guzYBJNfnP/AME8b/Sf20v+C1/xq/4KWfs3aCLP4L6b8MIPhpF4rt4fKtviF4gg1CO4uNTgwMXEVtHF9lFxyGCx7GILAAH6XVy/xr+M3w1/Z1+EfiP47fGPxJ/Y/hXwlo8+qeIdV+xzXH2S0hQvJJ5UCPJJhQTtRWY9ga/P79pz/gqN+0d/wSK/aK8eeB/217bXvix4E+IdrNq/7M2uaF4bt4r2XV8pGfBl0tjAil/MkjaC5dGdoixZpX+SP0jX/wBmb/gor+0B/wAEa/ij8GP2qPiHp/in44fFfwPrHk6FBZ2OnaZ4ZlvoSLbRYZII08yO3DKjTzPLIz7z5jrtoA6H4df8F4/+CXXxY8U6F4N8AfHXxNf33iXULWy0Qf8ACnPFkUNzNcOqQ/vpNLWJEZnX947KgByWAya9y/at/bO/Zc/Yd+HcHxX/AGsfjRpHgjQLq/FlaX+rM5+03JjeQQxJGrPI+yN22qpOFJr4XH7av/BSv/gkF+zv8Pb/APb6/ZL+Gur/AAQ8I6TofhbxL44+Efji9vNT8MQKkFjDf3lpeWkQuEaTywywHgyDBJwG/RzXvB3w7+JVppuoeJ/Cmja/BaTrfaRNqFhFdLBIUIWeEurbG2OQHXBwx5waAOD/AGOv23P2YP2/fhG/x2/ZI+Jw8W+FI9Xn0t9VGjXtji7hVGkj8u8hikOBIh3bdp3cE4OOE/aY/wCCvH/BOf8AZA+J1z8Ffj5+0zYab4vsreOfUPDGk6HqOsX9nE8ayI88GnW87who3RwXC5Vw3Qg14N/wbfgL+yx8Z1UYA/ap8c4A/wCvmGvuDxTd/Bj4GaP4q+Oni1fDvhazFp/afjTxVcww2okitoAgnu58AuI4Y1QM5O1EVRwAKAMj9mb9q39nP9sn4XwfGf8AZf8AjBovjTw1PO0H9p6NcFvJnUAtDNGwEkEoDKTHIquAykjBBPoNfnJ/wQp8Nav8Vfjx+1N/wUh8GfD+68H/AAm+P3jrSrj4V6Dd2RtW1G1022nt7jXvIIHlLfyy+cCQGYhycjYx+zf21PjF8Rf2ev2RPiX8dPhF8Pz4q8UeEfBGpatoHh4RO4vrqC3eSOMpH87ruUEonzMAQvJFAHp1FfmT/wAE6fjP+1h+2Na+AvjD4L/4L9/Dfx3qGof2fq/jX4M6Z8KtBj+y2zGOW80xRHMmpWrpGZIlnl3HcocpjIr1X/gq3+0ZrvwF8b6FJrH/AAWT8C/sweHbvQw0Oj3vw+0/Xdd1i7E0okuI1vHfZbKnlJ8lu3zh8uMgUAfcNFfnp/wRN/4KheKv2yvip8Yv2W/HH7R3hX40N8MG0q/8L/GLwl4cbR4/EumX0cm5bmy+5Bc280Rjby8I4cYHylm8p/4J3/ET/gtr/wAFK/2U/E3xi0L/AIKDeH/hxN4e8eeIdG8Jzn4T6Vqdx4ka1u3Ef21nRIbW1T5LZRBCZj5csryMSqUAfrDRX5YfsiftE/8ABYr/AIKufsEWf7a/wl/af8JfAm6stKu7XRvCumfDq11tPFep6fuiurm8nvmY2NvNdRSwpDApeJULmWQkIHftP/8ABXr9pnX/APg3P8K/8FQ/gTeW/hX4ja2+hx3iafptvcwm5/ttNOv4oYryOZFjlaOYJuVmRZBhiy7qAP1Nrz/x3+1J8Cfhn8fPAX7MHjfx19i8c/E631SfwPof9mXUn9pR6dAs94fOjiaGHy4mVsSuhbOE3Hivg39s34nf8Fkv+CdXwCH/AAUh+KH7WfhH4g6D4au7C9+KXwDsPhtZ2FhY6bc3EUNxHpeqLI15JLbGYBZJ3ZZApkKjHlN0n7YniXR/Gf8AwXJ/4J9eMPD1z51hq3hH4l3ljNtx5kMugWzo2O2VYGgD9DqK/LX48/8ABUjxv8ff25fip+zH4B/4KmfB79kvwR8GdRt9Fu/EPjQaJeeIPF+stHvuhbW+sTpDBZ25/dGQI7M4ODhsR7P7H3/BW347eJPhf+1V8JZfiL4A/aK+IX7Ovg//AISLwL4++GBhbTfiDZ3Gnz3FskkFjLLHHdRTwGGeKBsEuFQbhuYA/TGivy//AOCdPxy/a3/bV0fwJ8Y/Bv8AwX5+G3izW9USw1fxj8EtO+FOgoLGFtkt3pYVZk1OBo0MkQnkydyBymOK/UCgD59/au/4KnfsG/sSeP7D4UftIfHhdI8Ualpn9o2vhzSfDWp6zf8A2PeUFw8Gm21xJFGWVlDuFBKnBODXvtjeW+o2UOoWjlop4lkiZkKkqwyDggEcHoea/H/4C/sxftveIP8Agvj+0To2gf8ABTLXtI1jRvAvhS91TxAnws8P3Emq6XO8ksOlGKWAx28cKjYJogJZM7nJYZr3Hwt8dv8Agon/AMFNv2tfjh4I/ZI/ay034C/Cr4FeNpPAya1afDyw8Rat4o8Q26A35kF+TFbW0LsiqqLvcMDuBJ2gH6KUV+ef7N3/AAUO/ay139m79r/4G/tE6lokXx1/ZY0fUkm8ZeG9LSKy1qCbSLm+0fVhaS+YkUrrAXeAhowVHGGKCf8A4JK6l/wVU/bC/Z++DH7bX7Sn7b+maToes6Db3mo/DLQvhlprf8JFaeS8a3d7qDAPBPcPi52WkcMcSlI9rfMSAfoLWX448Z+Gvhx4L1j4h+M9S+xaPoOl3Go6teeS8nkW0EbSyybIwzttRWO1QWOMAE8VyP7Wn7Q/hv8AZJ/Zh+IH7Tvi3Tpb3T/AXhC/1y4sIHCvd/ZoHkWBWIIVpGVUBPALAmvzm8Rr/wAFqfij/wAEvPFP7ffj79rzwdfL4x+EWoeJrj9nmL4ZWsGmWug3enSTfZINWWT7aL1bOTzFeQyJ5wEbIy5egD7v1z/gop+xx4b/AGZPCP7Y+tfGHyfhv47vNNtfCniP/hH9Rb7dNfyeVaL9nW3M8XmOcZkjUL1YqOa1P2t/25P2U/2FPB+m+Ov2qvjBZ+FLHWtRFhosbWNze3Wo3O3cYre1tIpZ5iBydiNtyM4yM/nHpP7S3xp/ZV/4NyP2UfiL8CPF0Wi6xfan4E0a6u5tItL0PZXd4Ip4vLuopEBZCRvCh16qynmtD/grN8B/2p/G/wDwXM/Y2svh/wDtz6v4STxcfiA/gFYPAGj3y+BpLLw1atePCLmJhqBvOQftW/yN2YdpoA+1viD/AMFa/wDgn18KfgL4O/aV+I3x+Oj+FPiDc3EHgtr3wpqy6lq8kEjRzLDpn2X7cdjL8xMAADIejoT7L8FfjN8O/wBob4V6L8afhNq9zf8AhzxDafatJvLzSbqwlli3Fctb3ccc0Ryp+WRFPfGCK/J39s39lr9uiX/gtb+yh4Guf+CoOvy+I9Q8A+LX8M+MX+FHh7zPD0ltpNrHfyR2v2fyJzfMrO/mqfJ37YtqgCvV/wBsv/go18Xvh9+1n4W/4Jg6H/wUZ+GPwX1Hwp8LLDXviz+0R8VbPSIbrV759sMVrpunXUsNkLmfa11KMNHGkoCKNm1wD9NKK/OP/gnX/wAFJvHepf8ABQK+/wCCeXxK/bw+GP7Tek638P5fFfgb4t/DwaZDdW01vcLFdaRqdvpcslssgRhNHIgTKKcglgE47/gm/wDFD/gsD/wUh0D4l+Lb39vXTPht4X8BfHHxD4b0O/sfhVpOqapr0NrdAiCXzUSC3tYYmjhUrE1xI5mZ5RtQUAfqbRX5KTf8FU/H37afxz+KH/CJ/wDBZX4Jfsj+A/h746vvCfhTRfEUHh7UPEXimSyISfVbmPWblBb2bykiFYkDMqsGYFdzdR8Kv+CuXx5+LP8AwSn/AGsPHdl8XfBWrfFv9nK01rTrL4ofDhbW+0PxCIrM3Gna1bRv50H7xd2+E+ZGHibgBtigH6h1z/jv4s/Cv4Wz6Ha/E34l+H/DkvibXIdF8Nx69rMFm2ralMGMNlbCV1M9w4VtsSbnbacA4NfmP42+J/8AwW80D/gmLpv/AAVVb9uHwhY6honwtsfG+o/BU/Cmxl03VNNSzjuZlu9RyLpbuW33Tv8AZxDEkjGKNFUCSsP/AILTXvxi/ay8NfsB/tF/CT9ovUvAekfEX45eBZ9B0KHwxp9//YurajaT3dtrIluIy00tvG5jFs/+jvncyE4oA/XSivNP2VvhP8ffg58OLjwr+0b+1ZqPxh16XV5bmDxTqfhDTdFkhtWjiVLQQadHHEyqySP5hG8+aQThVx4F+3h+1V8fP2PP2/P2a/EF948x8Cfiprt38PvGuiTaXa7NP8R3UZl0a+W5MXnqZZFkgZDKIgqbthY5oA+yK+W/2kv+C1X/AAS9/ZH+Mb/s+fH79rbR9G8axXsFpc+G7TR9Q1G5tpplR4kmWyt5fJLLIjDeVGHB71znx0/aq+PfjP8A4LCfCP8AYK/Z28ef2R4c8O+BtT8ffHiSHS7W5N1pzMLTS9OEk8Tm3eS63SP5ZSUxEEMAMnyb/g5b8A+BNB/4Jwap4w0PwVpNlq+rfFjwe2q6paabFHc3rLqluoMsqqGkIVVUbicBQOwoA/SCiqHijxV4Y8EeH7rxZ408R2GkaVYxebfanql4lvb26dNzySEKg5HJIFfLn/BRP9pjx94p/YH+KfxH/wCCZX7Tvha9+JXgDQV8RWv/AAjl1pmuCW3tXE9xaSwMJgPPtoriNCAr79u1gQaAPrKivhH9u3/gqZrmmf8ABIrwr+1x+xzexr8QvjrD4f0H4M2jQw3Lx+INZZESIpKrRvLbL9pYo6Mpe22spBIrk/8Agob/AMFFfi7+zh8bfg7/AME1tC/bT+G3wv8AGfiH4eDxF8TP2hPizHp0FtZWUB+yCSzspnt7Sa+vLuKdhEdscaI5WMjlAD9GqK/Mn9j3/gpf4+8Cf8FFfAX7DXjn/gpb8Kv2sPC/xf0LV5vDXjbwNHo1tq/hfVtNt/tT2moQaPM9ubae3EhikKo7SRsvIQ5pfsv/ABa/4K3/ALfP7Tv7Unwf8Eftv6Z8L/A/wl+OGpaF4a8UQ/DHS9Y1V4gAIdMijnRIFggRfMeaZZp5WuUUOoQkgH6h15/+1H+1H8Cf2LvgTrv7S/7S/jn/AIRrwT4a+y/23rf9mXV59m+0XUVrD+5tYpZn3TTxJ8qHG7JwoJH54fFv9t/9qDx5/wAFFPiX+xt42/4KveDf2UrL4cWmiW/g2DxB4A0e4vviH9psVmn1RZ9YYW4j8/fGsFr8wwVJBQlvTP8Agqx8dP20P2Fv+CEvj744W/7UGjeLfiv4ZGkPY/E3TfA1hDa38F14ksoEl/s6YXNqGNlceW3DqWzIm07doB+gdFfFX/BSH9r39qWw/aw+Dn/BNf8AYd8SaJ4V8efFi01TWvEXxG1/RV1KPwnoNggLzwWbsqXNzLJujQSEoCmGHz74+R8E/tE/t5/sHf8ABRT4U/sZftpftF6Z8bPAfx80/V4fBHj5vBFnoGq6FrenW4uJLO5hscQTW8sTKEcIr73A4CMWAP0Dor8y/hL8ZP8Agqz+2n/wUC/ar/Zg+FX7Y2lfDPwB8J/Gul22ieKG+HOm6xqlqLiwEi6daxTIkJj3LJNLPc+fJzEkYQFmHXfsc/t8/tq6b8Fv2uPhD8erHTPin8Yv2WLi+XRtV0DQ/wCz18bwvpUl/pnmWcBIhuJTGUdIePnVVBYFmAP0Gor8tf8AgnT8fv2vf24vDfgf4yeEP+C+3w11zxNrENlq3i34Gaf8J9CA0xW2S3Wk7POTU4mjXzIhcOSSyb9pHB/UqgAooooAKKKKACiiigAooooAKKKKAPjP9v39lH4+/Gz/AIKU/sZfH/4Y+Av7T8I/CfxJ4uuvH+rf2paw/wBlQ3umW8Fs3lSyrLPvkRlxCjlcZYKCDX2ZRRQB+b/7IH7BP7WPwu/4JsftrfAHx38KfsPi34t/Ej4nap8PdJ/t2wl/tW01bTlh0+TzY52ig82QFdszxsnVwg5qp+xB8Vv+Cx/7LH7Fnw1/ZOsf+CMNxda14F8E2Gg/8JHr3x/8N2+nTSwQrH9oZLWS4nCZG7YqliOMjqP0rooA+Qf+CYf/AAT++Mv7N3jv4r/tiftj/EHQ/E/xz+OesWl54xm8LRSrpGh2FnEYbHSrEzASPHFGdpkcAvtjBBMe9/r10SRSjqGVhggjIIpaKAPyK/Y8/wCCSP7avw3/AOCiPhb4NfFbwFaQfsm/s/8AxM8WfEL4LamuvWco1G81QQNp2nNaJM1xF/Z8s97MkjxIpcS8kMm77W/bq8b/ALYWm+K4PAvw4/4JkeF/2iPhnqehRPqltqHj/S9Nu7XUhNOHje01WM29xAYvIKuJFYM0gIIxXb+P/j1+0X/w0XrPwF+BHwL8Fa+nh/wVouv6nq/i74k3ejEnUbvVbeOCKG30e+3hP7KdmdnTPnKAvykl3/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5w/4I2/sH/HX9lz4w/Hv9oH4ifArwx8EvC3xc1rR7nwj8A/B/iCPUrPwybO2khuLt5LdEtUmumZXKW42KFAJIVAPpv9uv8AY9+HH7fX7JPjj9kT4rXM9to3jXSPsrX9qgaWxuY5EntrpFPDNFPFFKFPDbMHgmqf/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfNPwb+NH/Bcb9ln4caZ+z/8AFH/gnT4f+PN/4ZsY9O034reDPjPpmiQa5bxKEhnvbPU0We3uCiqZWjEqs5YquMZwf+Co/wCzH/wU0/b2/wCCKfxH+B3jb4N+Dbj4y+LfEWmXeieA/A/iWP7JYadBq9jOtu99qDQRy3CQwyvJJlUZsiMY2ivrT/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegDwW1/b8/4LEy3McVz/AMECNbijaQCSU/tLeE22KTy2A+TjritT9lP9lH4+/Db/AILKftW/tWeNfAX2LwD8SvDfgm18Fa9/alrJ/aM1hpvk3a+RHK00PlyfLmVEDdVLDmvZv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDxn/gh3+yj8ff2Pv2W/Gvw5/aL8Bf8I7rOr/GzxPr+n2f9qWt35unXdwj282+1lkRd6gnYxDr/Eor7Mrxn/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegCt+2T8Sf27/ha3hjxL+xj+zR4S+KtiJbtPGnhnW/G39g6iVIh+zSWNzLG9ucHz/MSUDP7vaw+avj39pL4Cf8FLP+CtXxa+DHgz4/8A7EOjfs/fDT4V/FnTPHuu69rXxM0/xBrerzWAkEdjYxaaGS3WTzWDySOP4WAzHsk+y/8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APm74x/s1/tzfsZ/8ABRrx9/wUD/YZ+B+jfGHw18bfD2j2PxU+GN14wt9B1S21PSoWtrLUrG6ux9meP7OzI8MjIxZiQTuyvW/HD4DftN/8FY/+Cefxd/Zf/bA/Z1sfgXeeMrRLTwlYr42t/EU8UkDw3dteXb2iLEoF3DHmKNnJRD8+WGPZP+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD4n+NWg/8F0f2uP2MLj/gm747/Yq8H+CtR8TeH4fCvjz9oCT4q2N/o82m7VivL200uJBema4hDgRSKgQyn5hwV9V/aD/YA+KOk/tO/sFQ/ADwRLqnw+/Z1m1fTvE2rT6pawvpmnDQIdPsnaOWRJJy7RBSIUcg8kAc19B/8Jx/wUL/AOjX/gz/AOH41b/5l6P+E4/4KF/9Gv8AwZ/8Pxq3/wAy9AHkP/BXH/gn58Qf2wrH4WfHP4EaP4O1n4i/BHxfLrfh/wAK/EK283RPEtlcQiG+0u5Ox/KMsaRmOUqwR4xkDdvThfgjoX7UXiz4s+FtO1//AIN8/hF8LNPg1y1l1/xxqvj7w3fnTrdJVaSaxg060aeacAZiL+SAwBbGK+mP+E4/4KF/9Gv/AAZ/8Pxq3/zL0f8ACcf8FC/+jX/gz/4fjVv/AJl6APBP2zNa/bM+IXjPxF8KPHf/AAQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV1//BFf9iz41/sFfsMad8B/jxrGmnWH8T6rrFr4c0PUZryw8L2d3cGWHSbaeYBpY4QSS2Mb5HwWADt6Z/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AHkv/BV/9iz4/ftBah8Hf2qP2QLjRJfix8APHL+IPDWg+JLs29j4hsbiIQ6hpjzhT9neaJUCSkFVKkHbu3r5R47+Bv8AwUZ/4Kh/tN/BDVv2sv2RtN+Afwn+CPxBtfH99pd58RrDxFqvinX7NWFhFD/Z4MdvbRO8hdpGDOrkBQcY+sf+E4/4KF/9Gv8AwZ/8Pxq3/wAy9H/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6APJfgB+y38dvBP/BZn9oL9q/xP4F+y+APHHw38KaX4X1/+07V/tt3ZpILmPyElM8ewsPmkRVbPyk0fBn9lv47eFP+C1fxo/a31/wL9n+Hviz4P+HNE8P+IP7TtX+1X9rM7Tw+QspnTaCDueNVPYmvWv8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APSfijqHxB0n4Z+ItV+Evh6w1fxXbaFdy+GdJ1S8Nva3uoLC5toJpQCYo3lCKzgHarE9q+Cf2mfin/AMFuP2w/gF4n/ZN8Kf8ABLbw78KLvx/oV14f1r4k+KvjnpWr6Zo9ldxNBczw21jH9qnk8p32ZjXaxUkNjbX1b/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AGT4J+F3xA/4J6f8E8vC/wAFv2YPg/efF/xB8MvBmlaLofhgeILTRZvEDw+TBNMbm7byLYlTLcEMcfKUXkrXw7+wcP8AgsH+zz+2x8dfjr44/wCCOOpJov7QHj/RNTuZF+PPhdj4Xtre3NrK7hJ2a7wrmXCKjELtAJINffH/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AfJX/BcXwD/wAFSP2kvF/hH9lf9mP9lnXvFfwB1SwjvvjNqvg34j6LoeseIB50ynw/HJqF1E9tbskcTzTIj+alx5YICSK/u/7AfxK/aZtG039njxj/AMEmb/8AZ8+HfhjwwYvDt+PiX4e1a0iaJ4kisUttNneVSyNI/msNuY23Hc4z33/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6P+E4/4KF/9Gv/AAZ/8Pxq3/zL0AfHPxR/4JRfGP8A4K1fGz4mfGv/AIKU6NrHw/0PRbK58M/s0+CtK8SW8934WXdHKfFk0ljPJCb+aaOIpF5hEccZjcNhGr3b9nL4g/8ABVrwX+wXqOm/Gv8AZn0TxR8efAeox6RpwufG1laaX8RrKG6iT+1ormFpWsJJrQyuUuIkYTpkxqr7V9Q/4Tj/AIKF/wDRr/wZ/wDD8at/8y9H/Ccf8FC/+jX/AIM/+H41b/5l6APjP9tXwR/wV0/4K0/BWb9hXxl+wVo/7PPgLxfqNiPiN8QvEfxY0zxDdLptvdxXLwadaacCWmdoUAebYuMqQu7ev2p+0x4/+P37N/wS0ib9kT9kG7+Mmr2d7a6Yng+18c6foL21gsEgN0brUCI3CGOJPLHzt5u4cK1V/wDhOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA+JP+CLHh7/gqj+yHNrXwA+P3/BLG/0Pwz4++Mmv+LtV+IA+M3h26j0C31FhKsTWVtPJNclGjVCUwTvztABqn/wVh+EX/BUH9rj9tbS/hXqf/BPzW/iV+yd4Kaz1I+GfC/xV8P6MfiJqwihnX+0/tt3HMljbTM8YtfLAleDzCzB49n3P/wAJx/wUL/6Nf+DP/h+NW/8AmXo/4Tj/AIKF/wDRr/wZ/wDD8at/8y9AFP8AYw+NX7UHxRtNW8P/ALQP/BPbUfgPp+g2lnD4ahu/HuiazFqKESK8USaXK4tlhWOIYcKCJQF+6cekfG/WPi94f+E2va38A/Bmk+IvGNrYNL4f0LXNUaytL+4BBEMk6qxhDDI37SAcEgiuD/4Tj/goX/0a/wDBn/w/Grf/ADL0f8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXoA/Pz9qn9i79tn/AIKL+P8AwHLF/wAEhvA37N/jLQfiJpXiHVf2hB8TNF1DVLCC1nEs0dp/ZUS3V3JKMhRceXHkDcFJDp6x8e/2av22v2dP+CtXij/gof8AAb9jPQv2g9B8ffDrS/D0OnzeN9P0TWPBVxZsd5t31EeU1tPkO4jYOXJJA2DzPqv/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5f/AOCbn7Ln/BQfwr/wVI/aC/bU/bV+GehaDYfFLwX4ch8PReG/EUF/aacbUOn9mBtyzyyQRCPzZ3hijkleQx5TBr0b/gh/+y38dv2QP2IpvhB+0V4F/wCEd8RN8SPE2qLp39p2t3m0u9Slmt5PMtZZI/njZW27ty5wwB4r1r/hOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA8Z/4Iifso/H39kL/glV4V/Zt/aJ8Bf8I9410288SPe6L/alrd+Wt1q99cQHzraWSI7opo24c43YbBBA+DP2u/2VPjz+yl/waUeFf2Vv2gfDLeEfHeh+KNKttWsF1C2vTYSXHjJp4XEtrLJFJ+7mif5JDjOCQQQP1Z/4Tj/goX/0a/8ABn/w/Grf/MvXn/7TXwU/aV/bG+E1x8Df2jv2Jfgz4j8LXeoWd9caX/w0X4gs989rOlxA/mWvhuOQbZY0bAbBxgggkUAfOf7Z3wz/AOCyX/BRb4A/8O3vid+yV4S+HuheJruwsvij8fLH4lWd/YXum21xFNcS6XpaxreRy3JhBWOdFWMOYyxz5q+x/tE/sbfF/Wf+Cpv7G/xv+FHw88/4bfBvwx430zxVq39q2yf2St5o8Fpp6eTJKs0+94ymYkfbjL7RzXtP/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfG3xN/YB/aB/ZI/bW+K/7RnwK/4J9fDf9pzwB8a9ag8Qan4X8Q6rpemeIPCmtCIR3T29xqkTW9zaTkCTZvR1c4AAXMnuv7MNn+1x4d+GHxK+Iejf8EtPhN8FfFi6Vbr8P/CGm+MbGefX7hBM0iald6daJDbR7vJEewzYLSM3QA+qf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB+fH7YX7GP7cH/BSXX/CWmL/AMEgPAv7O3jnTPHel65fftFn4naLqGpaRHa3KzTfYzpcS3l1JIAQon8tM4LBTh0/W2vGf+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDyX4Afst/HbwT/wAFmf2gv2r/ABP4F+y+APHHw38KaX4X1/8AtO1f7bd2aSC5j8hJTPHsLD5pEVWz8pNeV+FvgV/wUT/4Jk/tafHDxt+yT+yZpvx7+FXx18bSeOY9GtPiJYeHdW8L+IbhAL8SnUAIrm2mdUZWjbegUDaSDu+rv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD5Z/Zu/4J4/tY6F+zf+1/8c/2iNL0ST46ftT6PqTy+DfDeqJLZaLBDpFzY6PpIu5fLSWVFnKPOSsZLDnClz9Kf8Evfgz8Sv2df+CdfwV+BPxj8N/2P4q8JfDfStL8Q6V9shuPsl3DbokkfmwO8cmGBG5GZT2JrS/4Tj/goX/0a/8ABn/w/Grf/MvR/wAJx/wUL/6Nf+DP/h+NW/8AmXoA6P8Aa1/Z48Oftb/swfED9mHxZqUllp/j3whf6HcX8MYd7T7TA8azqpIDNGzK4BOCVANfn3pXhD/gubbf8E8NR/4Jg3n7Fvg9dW0z4bXHgey+PUPxTsX0zUdLjsmtI7iDTCq3YvZLYLEqzeVEJmEryIuVH3D/AMJx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB8RfFT/gnX+2P4k/4IW/s6fscaL8HvO+JHgTxJ4KuvFfhz/hINOX7DDYXolu2+0NcCCXy0GcRyMW6KGPFfQn7Zf7Lnx2+K//AAVi/Yv/AGl/AHgb7f4J+E3/AAsX/hYGt/2naxf2V/amhQWtj+5klWafzZkZP3KSbMZfauDXrP8AwnH/AAUL/wCjX/gz/wCH41b/AOZej/hOP+Chf/Rr/wAGf/D8at/8y9AHkv7TP7Lfx2+IP/BYf9mP9qfwh4F+1+A/h54P8aWPjDXf7TtY/wCz57+zijtE8h5RNLvdWGY0cLjLFRzXnP7dH/BP742+G/2+h/wUg/Zs/ZX+Hnx4i8ReBYPC3xF+EXj27tLK4lNtN5lrqmmXl5FJBHOqHyZI5dqsijBJbKfUH/Ccf8FC/wDo1/4M/wDh+NW/+Zej/hOP+Chf/Rr/AMGf/D8at/8AMvQB5T+wtoHx11P403Pij4k/8Eg/hr+zvoNn4fnWz1yw8VaNqevXl88sIWFV0q3EcNv5Xnl2M7MWEYC4yaj/AOCLn7Lfx2/ZM/Z6+Ifgb9oHwL/YGqa78ePFniLSrX+07W78/Tb27WS2n3W0sirvUE7GIdf4lBr1r/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD4b8N/sBftIf8ABPj4wfErRPhV/wAEvPhj+1F8MvH/AI+1Dxd4Y1C91zRdJ8ReFpb5lkn0y4OrRGO6tUkBMLxybwrNuBJ2r618R/2dv2nPjr/wSp/aF+Elv/wT7+H/AMHfHXj7wlqul+EPh34G8SadcPfh7ERwG9vI4bW1WdpnlUDcURNuZOTX0V/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AeY/F79mX43+KP8Agh5rP7H2heCfP+It1+zGfCdv4d/tK2XdrH9gi0+zfaGkEA/f/J5hk8vvu28147+1P+wb+134o/4JvfsdaR8I/hlp2sfFD9mnxR8PfFmsfD7UfEdvZjVpNH0z7NeabHe5e3SXe5CyljHiNiC2Vz9Yf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQBufsr/Fj4+fGP4cXHir9o39lPUfg9r0WrS20PhbU/F2m61JNbLHGy3QuNOkeIKzPIgQkOPKJIAZc+df8Fav2NtU/bv8A2APiF+z94O/d+LptMXVvAF2s6wvba/YyLdWLJKxAh3TRLE0mRtSV+2a6n/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD5+/4Ix/sr/tf+B9W+Mf7bP/BRfwBZ+HPjb8Z/FVmuo6LZ6raX0el6HplnHbWFuktrLLENxM8jBG5zGWAYEDzP/gvD4O/4KcfthfDvV/2N/wBmT/gmje+KvDFr4q8Pa3pvxPHxc8P2MV/9klgu5oRYXc0c8REgeDcxwSm8AqRX2b/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AZv7PXir41ftjfB7xP4T/b//AOCd9n8NrK6uhYt4H8V+LtH8W2mvWRRXaSUWgeEJv+XypASSucYxXZfBT9jz9kj9muTVJv2c/wBlr4c+AH1yGOHWn8FeCLDSjqEabtiTm1hTzVXe+A2QN7Y6muf/AOE4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD88v2GP8Agkr+2z8Lv+CgnhL4TfG3wLaw/ss/s3+NvGHi/wCA+pjX7Oc6pcatJCbCzltUmaeM2PnXkqyyRoPMDYyGXP0J/wAFK/8Agn58X/Gv7YfgH/go9+zb8DPAPxa8ReFfBl14O8Z/CX4jSwQW/iHRJLk3UL2V1cRSw2t7BcPIwaVdrJIRuXBD/RP/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AeJfsd6F+0Hr3x80jW/G3/AARP+GHwC0HTba5lu/GB8YaDqWsiZoWSOOzi0m2IQMzEPI8y/u2YBcnFaf8AwSy/Zb+O37OPxY/ar8TfGfwL/Y1j8Sf2kNX8U+Cp/wC07W4/tHSZoLdIrnEErmHcyMPLlCSDHKjIr1r/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegDwT9szWv2zPiF4z8RfCjx3/wQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV83/EL/gkT+3D4b/4Nt/iL/wTw0Dw7pviX4neKPE9vrHhrwFofiWMWGgWb+JbDUP7JtrzUJIkaO3ghmkLOyguzqpclS/6F/8ACcf8FC/+jX/gz/4fjVv/AJl66T9l/wCMvif48fCT/hPPGngew8OavbeKPEGhanpGl64+pW0U+laze6W7xXMlvbNKkjWZkG6GMgSbSDjJAPmz/gpB+yF+1LfftYfBv/gpT+w94a0XxV48+E9pqmi+Ivhzr+tLpkfizQb9AHggvHVktrmKTdIhkAQl8sfk2Scj4J/Z2/by/bx/4KKfCn9s39tH9nPTfgl4E+Aen6vN4J8At43s9f1bXtb1GBbeS8uZrHMENvFEqlEDs+9AeQ7Bf0DooA+P/wDgnn+y38dvgZ+27+198X/in4F/svw78UfiRo+qeBdR/tO1n/tO0g03yZZPLhleSHbJ8u2VUY9QCOa5z9mf9m39sX9n39rf9uX9ojQPg/plxN8StY0DUvg9HrXiK3jtPEM1lozwOkzQPJLZp5+2MtLGpwdyqwGa+46KAPyP/bZ/Y0/bo/4KYroXhX/hz14E/Z98fweMdM1af9pBvihouoajoK210k8stk2mwre3UjqhVVmEaZYE4IDr+uFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRX5wf8Fev2Rv2N/ht8MdZ8TfCH4TXMv7U3xb8RSwfBbXND1y7Pid/EssomF1b3LTGS0sLQHz5wClrFBGUKgMikA/R+ivib/gpD+zT+z5P4NtvjT8aP8AgmL4i/aU8ey+GPsF5f8AgyK1+0ae1vDkSRm4vYZbQPI7lXsYpZwQTsJC59R/4JLatrOt/wDBNb4L6l4i+O8XxMv38CWi3vjaKWd/7RlUFWDNcok7PEQYWaZElLQsZFV9wAB0Xgf/AJSF/FD/ALIz4D/9O3i+vZq+ePgF8TvDfxR/b9+L+oeGtN8Q20enfCvwPY3C+IvCOo6O7ypqvi4lokv4IWni+YYmjDRMchXJU4+h6ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAor5w/bY/bY8Vfs2eKtJ8D+B/Cmn3l7eaeL66utVWRoliMjxqiLG6HdmNiSTgDHBzx6/8A/itH8b/AIQ6J8UY9JaxOq27tLaM27y5EkeJwD3XchIPoRXzeB4tyLMeIMRktCo3iKCvNcrS6XtLZtc0b22ut9bfRY3hXO8vyHD5zXppYeu7QfMm+trx3V+WVu9ntpfsKKKK+kPnQooooAKKKKACiiigAooooAK8Z/YP/wCSIa5/2Wb4j/8Aqa63Xs1eM/sH/wDJENc/7LN8R/8A1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr4lm/wCCbn7cWjfto+Pf20vBX7fXgGfXfFYOneHF8a/AO41abwloCuXi0eylj8QW0aRZw8siwo9xKN8mcKq/bVFAHz98WvgN/wAFBvFniSa8+E3/AAUD8PeEtIvdMt4LrTrr4KQalPZ3Kwqk1xZTtqEYi8yQNKEuI7kIW25ZQBXc/sh/sv8AgD9jD9m/wp+zJ8ML/UrzR/Cti8MV/rFwJbu9mlmkuLi5mZVVTJLPLLK21VUFyAAABXpFFAHjPgf/AJSF/FD/ALIz4D/9O3i+vZq8Z8D/APKQv4of9kZ8B/8Ap28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFc58Vvi38N/gd4FvfiX8WPF1roeh6eoN1f3ZOAScKqqoLOxPAVQWPYGrhTnVmoQTbeiS1bfkiKlSnSg5zaSWrb0SXds6OiuJ+BH7RvwT/aa8IP47+BnxAtfEGmRXBgnmgikikhkAztkilVJIzggjcoyORkV21OrSq0Kjp1YuMlumrNeqYqNajiKSqUpKUXqmmmn6NaBRRRWZofP37XHw+8G/FD48fCHwH4v0GK8t9SvtWN2hZkeSCG2SUpvQhgu7BwDXu2haFo3hjRrbw94e0yGzsbOFYrW1t4wqRIBgKAK8j+I3/Ez/AG3PhxY9f7L8M6xeY9PMVYc/pXs9fI8PYbDPO81xigueVZQ5rLmahRpaXte3NJu199dz6vP8TiFk2WYRzfJGi58t3ZOdarra9r8qSvbbTYKKKK+uPlAooooAKKKKACiiigAooooAK8Z/YP8A+SIa5/2Wb4j/APqa63Xs1eM/sH/8kQ1z/ss3xH/9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP8A8pC/ih/2RnwH/wCnbxfXs1eM+B/+UhfxQ/7Iz4D/APTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK+cf+Cp/j74+fDf9ky+8R/s+S39vqA1WCPWtR0tT9psdOKSmSaNl+ZCJBCpccqrscjGR5j/AMEVP2gvjb8avAHjXQ/i/wCO7vxBFoF/Zf2Re6tfG4vR56zGVJHcmRkHlxlS2eWcA4GB49TOaNPOYZc4S5pR5lL7Ozdu/Tfo9DwKvEGHo8QwymVOXPOPMpacuzdu70Tu1onZH25RRRXsHvhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8m/8Fq/h1ofjv8AYN1zWda16WxfwtrFjq1gsabhdXBc2iwMPRhdN06MFPQGvrKvl/8A4KR/8V/rvwV/Zph+f/hN/irZ3OqQdfN0zTlNzdLj8YzntivZ4flOnnVCpF25JczflFSlL8E18zxOI4wqZHXpSV+ePKl5ycYx/wDJmn8il/wSo/YF8WfsP/DvxBd/EPxXa3+v+MJbOa9stOLm3sY4Fl8tAzqrNITO+87QOFAzjJ+raKK48wx+JzTGTxWId5y30t5Ky8krHbluXYXKsDDCYdWhBWV3d922+7bbCiiiuI7jxc/8TT/goEB1TS/hTn6SSah/8TXtFeMfDz/iZ/tu/EW+6/2X4X0izz6eYGmx+lez18xwt79HF1f58TXf3TjD/wBsPpeJ/drYSl/LhqC++Mp/+3hRRRX0580FFFFABRRRQAUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzv4x/4Kt/sC/D74iah8MvGnx5Om3mka+dE1jV7rwrqq6Lp2oiXyTa3GrfZfsFvIJDsKyTrhuDzX0RXxV/wU68e3/wC1pa61/wAEhP2bLK11Txj8QtCWP4p6/JAJbD4d+GLlsTX112a/uE8xLO1yHdz57FI49zAHrvx3/wCCmH7Fn7Nfj7Ufhn8X/ivfWWr6JaRXWvx6Z4M1jU4NHgkj8xJb24srSaGyQoQ+6d0G05zjmvaPCfizwv488Lab448EeIrLV9G1iwivdJ1XTbpZ7e8tpUDxzRSISro6MGVgSCCCK+dP21v2nZP2b/BWgfsifs0+EofGnxq8faQ+mfDvwdeSeZFBbxxLBLrerPg+Tp1su1pZGGZmCwxhnf5fSP2IP2Y9O/Yv/ZD+HP7Kml+JZtZj8B+ErPSH1adNrXksUYEkoXJ2KzliqZO1SFycZoAzPA//ACkL+KH/AGRnwH/6dvF9ezV88fALUvivqf7fvxfk+LPgvw9olzH8K/A6aZF4d8Tz6olxZjVfF2yaV5rK0MMpO4GJVkVQARI2SB9D0AFFFeR/teftrfBH9ifwbY+MPjFdahK2q3LQaVpOjWyTXd4yAGQoruiBUDLuZmAG5RySBW+Gw2IxleNGhFynLZLdmGJxWHwVCVevNRhHVt6JHrlFcD+zV+0r8K/2sfhXa/F/4QapPPpk87288F5CI7izuEALwSoCQrgMp4JBDKQSCDXfVNajVw9WVKrFxlF2ae6fYqhXo4mjGrSkpRkrprVNPqgooorI1CiiigAooooAKKKKACiiigAooooAKKKKACiiigAr5i/bB8L+IP2cPinp37fnws0ma5i0+BNN+K2iWi86noxIAuwvea3ODn+4oyQqNn6dqK/sLHVbGfS9Ts4ri2uYWiuLeZAySowIZWB4IIJBB6g1yY3CrF0ORO0lrF/yyWz/AEa6ptdThzDBLHYZwT5ZJqUZdYyWqf6NdYuSe5V8K+KfD/jfwzp/jHwnq0N/pmqWcd1p97btlJoZFDI4PoQQav18sfs5399+xf8AtB3H7Fvi68lPgrxTJPqvwg1O5clYCW33OkMx/iRmLpnkhuSTIqj6npYHFPFUbzVpxdpLtJb/ACe8X1TXmTluNeNw95rlqRfLOP8ALJb/ACekovrFp9wooorsPQCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvl/Uv+Lrf8FaNNs/9ZYfCj4VzXW7r5Op6nP5W32zajOfavqCvl/8A4J8f8XE+LXx+/aTl+dfEnxNbQ9NnPPm2Okwi3hdf9lt7fitevln7rDYrEdocq9aklH/0lSPGzT99isLh/wCapzP0pxcv/SnA+oKKKK8g9kKKKy/G/im18DeC9X8a3trJPDo+l3F9NDD9+RYo2kKr7kLgVnVq06FKVWo7Rim2+ySbb+STfyNKVKpXqxpwV5SaSXdtpJfNtL5nln7Pf/Ex/aR+NPiHr5ms6VZhv+uFmVx/49Xs9fFv7CP7V2oeLP2gPEHgzWPCsMY8eavdarFcW8jFrSVIWfymzwyeXGQDgHd7Hj7Sr4jw5znLs84ceIwk+Ze1rc2jVpSqzqde8Zwfz7po+08Qcnx+S8Qqhi48r9lR5dU7qNKEOn96El8uzQUUUV92fDhRRRQAUUUUAFFFFABRRRQAV4z+wf8A8kQ1z/ss3xH/APU11uvZq8Z/YP8A+SIa5/2Wb4j/APqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzFq3/AAR5/YM1X4keLfi3b+C/H2k6/wCO9fm1vxbd+Gfjn4v0mPUr+U5ed4bLVYogcYUBUCqoCqAoAH07RQB83fEX/gkt+w58Uvi/d/H3xR4L8bQeMb/QrLRr/wAQaB8Z/FWkz3NjaRiO3hk+w6nCHChcksCWcs7FnZmPuPws+GXhT4N/D/S/hj4HOqHSdHgMNkda8QXmq3W0sW/eXd7LLcTHLH5pJGOMDOAAOgooA8Z8D/8AKQv4of8AZGfAf/p28X17NXjPgf8A5SF/FD/sjPgP/wBO3i+vZqACvn3/AIKB/wDBPzwb+3t4N0TRtZ8a3PhzWPDlzNJo+sQWQukRJhGJo3hLpvDeVGQQ6kFB2JB+gqK6sHjMTl+JjiMPLlnHZ/h102OXG4LC5jhZYbEx5oS3X49Ndz45/wCCVOkaV+zC3jT9gjxrYix8aeHNdm1xbsuRF4k064EccWoQBidoVY4o3QE7CFyS28D7Gr5//bs/Z68aeOdJ0b9or9n9Fg+Kfw1ma/8ADbKP+Qta4/0jTJcY3pKm4KD0Y4BUOxr0L9mb9obwV+1F8GdI+MXgdmjhv4il/p8zfvtOvE4mtZRwQ6NkdBuBVhwwr0s2bzGP9px1c3aov5alt/8ADNK8ezUo9EeXlCWWy/suWigr03/NTvt/ig3yy7pxl1Z31FFFeGe8FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB5j+1t+znYftL/AAiuPB9vqJ0zxBp1wmp+ENejJWTTNTh+aGZWHIGflbHO1iRyARn/ALGn7Rl9+0B8M5rXxzpw0zx14TvW0fx3ojAK1tfx5UyKv/POUAupHH3lBO0mvXq+X/2uPDuufswfF+w/b5+GmlTT6fHDHpfxc0WzTJv9KJCx36qOs1udvPUoACVUOT5ONTwVdY2Hw7VF3j0l6wvr3g2uiPDzFPL8Ssxgvdso1V3h0n60769XByX2UfUFFUvDfiLQ/F/h+x8V+GNUhvtN1K0jurC8t33RzwyKGR1PcFSD+NXa9VNSV1se3GSkk07phRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBynx1+I1v8H/AIK+LfircsoXw54bvdRAbozQwO6r7ksoAHcmvNf+CaPw5uPhj+w58PNH1BW+26lov9s30kn33lvpGuyX77gJlXn+7iue/wCCr2sahcfsqJ8INCuTFqfxL8Y6P4U09k+9uuLpXcAd8xwup9mr6N0XSNP8P6PaaDpNuIbWxto7e2iXokaKFVfwAAr15fuMiiutWo38qcVFf+TTf3HjQ/f5/J9KVNL51JOT/wDJYL7yzRRRXkHshXP/ABX8V2fgb4Y+IfGN/HG8WmaLc3LRSqCsmyJiEIPXcQBjvmugrxn9ua9ub74PWXwx02Zku/G/ifT9EhKfeVZJg7t9NsZBPo1eNxFjp5ZkOJxUNZRhLlXeTXLBfOc4I9jh/AwzLPMNhp6RlOPM+0U+ab+UIyZV/Yl/Z0+H/wAMfhR4f8fxeFIU8Uazokc+o6nIztIVm/ehAGJWPCsikIFzt5ya9wqKys7bTrOHT7KERwwRLHDGvRVUYAH0AqWryLJ8HkOU0cDhoKMYRSdkleSSUpO27k0229XfVkZ3m+LzzNauNxM3KU5N6tuybbjFX2UU0kloraIKKKK9Y8oKKKKACiiigAooooAKKKKACvGf2D/+SIa5/wBlm+I//qa63Xs1eM/sH/8AJENc/wCyzfEf/wBTXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/ykL+KH/ZGfAf8A6dvF9ezV4z4H/wCUhfxQ/wCyM+A//Tt4vr2agAooooAK+Q/ipFL/AME8v2oD+0RpEbRfCL4o6nFa/Ea0jH7rw/rLnbDqwA+5FKTtlPqSTkmNR9eVi/EX4e+EPix4E1b4bePtGi1DRtbsZLTUbOUcSRuMHB6qw6hhypAIwQK9DLsZHCVmqq5qc1yzXePdf3ov3ovo12bPOzLBSxlFOk+WrB80Jdpdn/dkrxkuqfdI2IZoriJZ4JVdHUMjo2QwPIII6inV8t/sSfELxf8AAr4h6l/wTy+Oesy3eqeGrQ3nw08Q3ZwfEHh/JCJnoZ7cAoyj+FDgERlj9SVnjsHLA4h02+aLs4yW0ovVSXqt10aaeqNMvxscfhlUS5ZK6lF7xktJRfo9n1TTWjCiiiuM7QooooAKKKKACiiigAooooAKKKKACiiigAooooAKg1TS9N1zTLnRdYsYrq0vIHguraeMMk0bqVZGU8EEEgg9QanopNJqzE0mrM+Wf2ZdU1L9jv49XX7D3ja/lfwnrpn1b4O6tdyE/udxe40lnPV4mJZM8lSSfvoo+pq8s/a9/Zyg/aS+E0nh3SdT/svxRo10mq+C9fjO2TTtTh+aJww5CsRtbrw2cZUVB+xz+0bP+0R8LWuPFmmf2V408N3j6R450Jxtey1GL5XIXtHJjep5HJXJKmvJwbeBxH1KXwu7pvy6w9YX07wa/lPDwDeW4r+z5/A7ypP+79qn6wvePem1/IetUUUV657oUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5Gf8ABWn4aftXfFX/AIKLr4Q+Glnr3iOS30HTtT8H6b4e8yVtGtztikmfy+LY/a45GMrFQA8eW+7j9UfhDp3jnSPhP4X0n4n6kl54ltfDtlD4ivI2BWe+WBFnkBGMhpA5z718/fsHf8Xh+P3xx/a3uP3ltrHi9fC3heU8r/Z2loI2kjP9yWRtx/2kNfUdfU8RZlOrh8PlrhFewjFNpauTinJP0ur95Xb1PkuGssp0sRiczjOT+sSk0m7pRUmotebs7do2S0Ciiivlj60K8V+Jv/Fd/tmfD/wOp32/hXRL7xFfRjoWkxbQE+6uCR9a9qrxX9n3/it/2ifiv8VW+eC11S28N6a/ZBaR5nUH3kZTXy/Ev+01cDgP+ftaLf8Agop1pfK8aa+Z9Nw5/s9LG47/AJ9UZJf46zVGPztKo/ke1UUUV9QfMhRRRQAUUUUAFFFFABRRRQAUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFYnxMl+I0Hw38QT/B+z0e48Wpod23ha38RTSx6fLqIhf7Mt08IMiwGXYHKAsELFQTgUAbdFfA2rf8Edfjx+1JcP4i/4KH/8FS/jB4k1KdRLJ4I+D+rr4P8AC9grZIiW2hWSe6CEMqzzS+YwBLDOQILf/gh9f/s6qvi39h//AIKkftA/C3WIpo0tbTxT4vj8UeHZ5XcIi3GmX6BZizMqLiRW+bA5IoA/QCvk79pr9vn9rL9lrRfGfxu8df8ABPiSf4Q+A7m5m1zxTZ/FGzbW5dJgciXVbfSRbmN4RGGm8uS7jm2D/Vhvlr3n9nCL9oq3+C+i2v7WF14SuPH8AuItfu/AyXCaXdbbiVYJ4Uuf3kZktxC7xksEkd1VmVQx/O/9uf8A4KRfsZ/tkftO+I/+CdnxZ/bA8DfDT4NfD7WUtvjhe+JPFUGnal431CCUMfDVlHI6yR2KOgF7dYBlwbeI4MklAH01+2x/wUT+M/7KWt+CfEvgr9jg+Nvhj4r1zw1pl58SZPiHaabHZTazqUdjEsViYZrm4aMTQynKxIVkAD5DY+rq/On/AILuftn/ALIPw6/Zz+H3ws8R/H/wjpWsaj8TPh74p0fRZdTjSSfQYPElnK9/Eg62yRW8zbxwFib0r7u+DPxq+E37RPwz0v4y/Az4g6X4q8K60kraTr+i3QmtbsRyvC5Rxw22SN0PupHagDgfA/8AykL+KH/ZGfAf/p28X17NXzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPoegAooooAKKKKAPEv24f2Z9b+PPgGw8YfCrUV0r4leBb3+1/AOtAhStyuC9rITwYZ1UIwPy52kggEHc/ZD/AGmNE/an+Ddr4/t9ObS9bs5307xb4emBE2kapD8s9u6nkAH5lzyVZc4OQPUa+Sf2mNJ1T9hz9oWP9ufwHp80ngbxRJBpvxp0WzjLCEFtlvrSIOrxs22THJDdMyMw9vBNZlhvqM/jV3Sfm9ZU/SW8e01b7Z4WOTyzFf2hD+HKyqryWkanrDaXeDv9g+tqKr6Rq2l6/pVrruiahDd2V7bpPZ3dvIHjmidQyOrDhlIIII6g1YrxWmnZnuJpq6CiiikMKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvlz9q3QtY/ZR+NVl+3l8PNNmm0S5SHSvjBo1nGWNzYFgsOpKg6ywHAJ6lMD5RvNfUdVta0bSfEej3fh/XtOhvLG+tnt7y0uIw0c0TqVdGB4KlSQR6GuTG4X63Q5U7STvF9pLZ+nRrqm0cGY4L69h+WL5ZxalCX8sls/TpJdYtoboWuaP4n0Sz8SeHtShvLDULWO5sru3cNHPE6hkdSOoKkEH3q3Xy5+yzrOrfskfG+8/YS8fajNL4e1BZtV+DusXkhYzWe4vPpbOessBJZR1K5PAKLX1HSwWK+t0OaStJO0l2kt16dU+qaYZdjfr2H5pLlnFuM4/yyW69OsX1i0+4UUUV2HeFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFeZftmfGhf2ev2WvHPxejuRFdaToE39mOT/wAvsuIbYf8Af6SOvTa+XP8AgoH/AMXd+L3wT/ZCtv3kPinxt/b/AImhXkHStLTz3jk9FkcgA/3o8V6OUUKeIzGnGp8CfNL/AAwTlL71G3zPMzjEVMNltSVP42uWP+KbUI/c5X+R6b+w98F2/Z9/ZN8C/Cu5tjFe2OgxTasjDkXs+Z7gH1xLK457AV6tRRXJia9TFYidafxSbb9W2/1OzDYenhMNChT+GCUV6JJfoFFFFYm5neLvEdl4P8Kan4t1I4t9L0+a7n5x8kaF2/RTXm37EPhy90T9nLRdX1cZ1DxDJPrV/JjHmPcytIrfjH5dcF/wU2+LvjP4e/CnT/BvhizC2nit7i11XUDHnyokVD5I7AyBm567UbHqOv8A2Cfih4o+Kn7O+n6j4q0mO2k0m5bS7SWGHYlzBDHGEkC9BjcUOOMxnp0r87XEOXYzxOWVe97Shh5Ne6+XmqShKWvlTUUns22k7pn6A8gx+D8Nnmnu+zr14p+8ublhGcY6edRybW6STas0e0UUUV+iH5+FFFFABRRRQAUUUUAFFFfCX7d//BWv4hfsv/tIzfBH4efDLRr+00OK1fXbrWjN5l0ZoY59luY3URgRyKN7B/mz8uBz5+ZZng8pw6rYl2i2lom9X5I8vN85y/I8KsRjJNRbUdE27vyXo36H3bRWH8MvHNl8T/ht4e+JWmWU1tbeIdDtNTt7a4x5kSTwpKqNj+IBwD7ityu6EozgpR2eq9Hr+p6UJxqQU4u6aTXo0mvwaCvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11uqKPZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACmyyxQRNPPIqIilnd2wFA6knsKdWD8VPhn4F+NPww8SfBz4oaEuqeGfFug3mjeItMeeSIXdjdQPBcQl42V0Dxu67lZWGcgg4NAHyR/wUO0b48/s/8Axi0r/gp3+x/rs/i698L+GYtB+Lnwah1JGTxh4WguLi6WawQnCarZvdXUsXeZJHizyEk8y+A/jv4k/wDBbX9oDwn+1Hq+p6x4B/Za+G3iqz1r4XeFbqf7Fq3xN8QWU6y2+r30YbdFpttcRq0Fuf8AXSRiR8gBV+Rvij4F/wCDSPwT491T4cfC/wDYa8a/F3UNDu2tdZn+EFt4q1qztZlPzJ9qW/SGXH96J3Xnr1r2H/gm78Af+DYX49ftMaBp/wCzF+zXe+CvjR4N1S28R+HfCXj688SaVq8NxZyrcxXMMF5dmG6MbxeYY1MmFjYumwE0Afr1RRRQAUUUUAeM+B/+UhfxQ/7Iz4D/APTt4vr2avGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABVLxJ4c0Lxh4evvCfijSYL/TdTtJLXULK5TdHPDIpV0YHqCpIP1q7RTTcWmt0JpSTTV0z5O/ZK8R69+x78cLn/gn58UdVnuNAvUm1P4K6/fSEm6sMlptKdz1mtySVHUpn7oMa19Y15L+2X+zHbftP/CQ6Do+rf2P4t0K8TVvA3iSI7ZdL1OE7onDAZCMRtcc8HOMquK37FH7Tlz+0j8MJ4/GukjR/HnhO9bR/H/h5wFey1CPKs6rn/VS7S6EZH3lBOwmvaxyWY4b6/Be+rKqv7z2n6T69pp/zI8PASeW4n+zpv3Hd0n/AHVvT9YX93vTa/kZ7HRRRXiHuhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeUfth/s5N+0Z8Kv7N8N6n/ZXjDw/eJq3gjXkO17DUofmjO7sj42N1GCGwSop37H37Ry/tH/ChdZ17TP7K8WaFdvpPjbQJBtk0/UoflkXaeQjEb168HbklTXqtfLf7UOkap+yH8dLT9ujwJYTSeGtWEGk/GLSLSMtvtdwS31VUHWSEkK3cqQONztXkYxPA4j67H4dFUX93pP1hfXvBv8AlPCzBPLcUsxh8DtGqv7v2anrC/vd6bf8qPqSiq+kavpev6Ta67omoQ3dle26T2l1byBo5onUMrqw4KkEEEdQasV6yaauj3E01dBRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8ufAH/i+P/BRv4tfHGX97pnw70ez8B+HpTypuCftV+R2DpLhCeu1se1fQXxb+Iuj/CD4W+I/ip4gI+xeHNEutRuVLY3rDE0m0e524HqSK8e/4Jh/DrWPA37H+geJfFoLeIPHVzc+LfEE7LgzXF/IZlcjqD5Pkg57ivYwf+z5ZiMR1lamv+3ven/5LFL/ALePFxv+05rhsP0jzVZf9u+7D/yeTf8A26fQVFFFeOe0FFFFAHh/7R2m6d8Tf2gvhf8ABrVtPgvdOW6vdd1qzuYhJE8cEJSEOjAhlZ2dSCMc17RpWk6VoWnQ6PoemW9naW6BLe1tIVjjiUdFVVACj2FeO/Df/iuP20vH3jJvng8KeH7Dw/Zydi0pNzMB7qw2n617VXynDVOnicTjsyaXNVrTinZX5KPLSir2vbmjUdr2u726n1HEdSph8PgsuTfLTowk1d256vNVbte1+WVNXte2l+gUUUV9WfLhRRRQAUUUUAFFFFABXx5qnwC+D37X/wDwUk8eX/xT8C2utaR8NfCOjaYlvI8kccuozs92sknlsvnFIy0ZR9y4IBXgY+wmZUUu7AADJJPAFfNv/BNBW8Y/D/x1+0RcAs3xI+JWq6pYzEcmwjl+z26e4Xy5APrXkZlTp4rFYfDTScXJzaaurQjp/wCTSX3HhZtRpY3GYXCVIqUXKU5Jq6tTjpdP+/OP3H0hbW1vZ28dnZ26RRRIEiijQKqKBgKAOAAOMU+iivXPd2CvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACvPP2uvhx44+MX7KHxP+EXwx1gad4l8VfDzWtH8Pag0xjFrfXNhNDBLuHK7ZHRs9sZr0OoNU1TTND0y41rWtRgs7Ozgee7u7qZY4oIkUszuzEBVABJJOAASaAPzA/YO/wCC3P8AwTC/Yr/Zf8D/ALGv7ULap+zp4/8Ah34Xs9G8T/DzxZ4C1GDZewRLHcXUU1tbyQ3Ec8qvMJt++XzN7AliaqfGj9uH9mj/AILE/ta/s8eAv+Ccfh3WvH2pfCv41aX4w8Y/GSDwjeafpfhbRLNZGvdPN7dxRPJJeqyQi3QFJPvEnyxj9BfE3xp/Y48aW8dr4x+LPwz1aKJt0Uep69p86ofUB3IFeVftUf8ABRz4JfsrWvwj8N/CFvB/jCT4jfG3w18PxpGg+K7aI6TBqtw0LX6xwLJ5ghIB8vCBiwG9aAPqGiiigAooooA8Z8D/APKQv4of9kZ8B/8Ap28X17NXjPgf/lIX8UP+yM+A/wD07eL69moAKKKKACiiigAooooAK+VP2yfB3ib9l/4uWf8AwUP+DujTXUFnbx6f8YfD1kvOraMCAL5V7z23B3d0UZKqr5+q6ivbKz1Kzm07UbSOe3uImjngmQMkiMMMrKeCCCQQeua7cBjHgsRztc0WmpR6Si91+qfSSTWxw5hgljsPyJ8sk1KMusZLZ/o11i2nuUfBvjHwz8QvCem+OvBesw6jpOr2Ud3p19btlJ4ZFDKw+oPQ8joa06+RvgJe3v7A37SZ/Y+8VXcn/Cs/Ht3Pf/CDU7mQlNMvGbfcaK7HoCzb4snksBlmkO365qswwawdZcj5qclzQl3i+/mneMl0kn0aJy3GvG0H7RctSD5Zx7SXbvFq0ovrFrqnYooorgPQCiiigAooooAKKKKACiiigAorxn9vHwl8WfGn7P11ovwgju5rz7fE+p2dgx866swrh40A5Y7zGSo5IUjnofM/+CY9/wCNfCv/AAlfwh+JE2oadeWi2l7pfh3WIJIZ4Yn8wSyokgBCEmLOOAef4ufisXxhPB8aUMhqYWfJVjdVtoc1pNQWlm/da+JS5rWi1dn2WE4ShjODq2eQxUOelKzo7z5bxTm9bpe8n8Lja95J2R9ZUUUV9qfGhRRRQAVU8QaBovirQr3wx4j0yG90/UbWS2vrO4TdHPC6lXRgeoKkgj3q3RSaUlZiaUk09mfL37Juv61+yv8AGW+/YK+I+pzT6TJHLqvwg1q8fJvNNLFpdOZj1ltzkgdSmThV2A/UNeR/tk/s5XX7Qvwwj/4Q3UhpfjfwveLq/gXXEIV7PUIvmVC3/POTARgcjlWIO0Crf7Iv7Rtr+0p8JIfFGoaadL8S6VcvpfjLQZAVk03U4TtmjKnkKT8y5/hYA8g48rBN4Ku8FP4d6b/u9Y+sL6d4Nfys8TL28uxLy6fw2cqT7x6w9ad9O8HF/ZZ6jRRRXrHuBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfMf8AwVI1O/8AFfwl8Kfsu+Hrp49R+LnjrT9BkMJw8Ngsqz3c/wDuqsaBvZzX0rpemWGi6Zb6NpVqkFraQJDbQRjCxxqoVVHsAAK+VNE8U+GP2mv+CqCXfh3xHYarofwU8BSiGSyu0mRda1GTy5dpUkHbbrsbHKum04PFfWVezmUZYbB4fCtWai5y9aj0+6EY/eeJlco4rG4nFp3TkqcX/dpqz++cpfcFFFFeMe2FNmmit4XuJ5AiIpZ3Y4CgckmnV57+1f41Pw//AGcvGHiWOXZKNFktrZweRLPiBCPcNID+FcWZY2nluXVsZU+GnCU36Ri5fpb5nZl2CqZjmFHCU/iqTjBespKP63+RzP7DkMus/DDWfivdxsJvG/i/UdXBcfMIjMYo1+gEZx9a9orl/gn4LHw6+EPhrwOYtkmmaJbQTjGMyiMeYfxfcfxrqK4eGsFUy7h/C4er8ahFy/xyXPP/AMnnI7uI8bTzDPsTiKfwOcuX/BH3If8AkkIhRRRXtnihRRRQAUUUUAFFFFAHmP7aPxK/4VD+yj4/+IEdx5U9n4YuY7KTONtzMvkQn/v7IlWf2Rvhr/wqD9mLwJ8OZLfyp9N8MWi3qYxi5eMST/8AkV3NeY/8FI/+K30H4a/s5w/P/wALB+Jum2upQf3tOtmNxctjvt2RHFfSdeXS/fZvVn0hGMfnJub/AAUTxqH7/Pa0+lOEIL1k3Ul+Cggooor1D2Qrxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK4D9q74Nf8NF/st/Er9nz7QsX/Cd+ANZ8O+azFQn22xmttxI6Y83Oa7+sP4m+G/E/jL4b+IfCHgnx5c+Fda1XQ7uz0jxPZ2cVxNpF1LC6RXiRTAxyvE7LIEcFWKAMCCaAPz7/AGJP+Dc//gnj4f8A2Svh94e/bC/YR8DXnxO07wzb2njW/stVvJ47y+iXy3uA6TKrGQKJDhQNzkYFWfj/AP8ABvR+x7oXjf4K/FT9gv8AZr8D+BPFHw/+PvhXxZ4j1ebUb5Hn0HT7z7ReW0OTMHmfbEUVgoJXl177+r/tO/8ABdH9kqQ+Gfiz+wD4P/aS0i3Oy1+IPwf8axeH76eIcK93pGoByJ2xlhbyGJSeOOKZpn7cP/Bbf9o6QeGPgL/wSW0T4RpMdr+O/jt8S4Z7Wz9T/Zmmp9qmbHIwyrnAJAyaAPvuvhv/AIKN65+3T+xv8CPiX+3Pof8AwUFtvsvhCSXVPDPwr1H4aaWui6jAbhVtdGlnCtqEt1PuS3WeK4jzLIpEQHy19Wfs3+BPjF8Nfgvovg74/wDxr/4WJ4xtxcSa74vGgw6Yl7LLcSzBY7WElIYokkWBFyzbIVLMzFmPxD8ZtM/b2+Lv7fV38UP2g/8Agmn4+8c/C34Va7v+BvhTwt498IJpl/fx7l/4SjUUvtYgllusE/ZYHiVbVWL4MzFlAPQdZ+Kv7Zf7Z/7X3xC/Z9+AX7Q0/wADtG+EHgzw7Prc9r4Q07Wb/VfEWsWst6ttP9vjkjSztrdIA6RLHLI87YlQKK9i/wCCbX7UPi79sT9jLwh8c/iPodjpvim4fUdI8W2Wmbvs0eraZqFzpt40IYlliee0kkRSSQjqCSRk+QeIvBf7ZX7Ln7ZHxH/as+AX7I1z8T9F+OXhDw9JrXhi38baVpWoeF/EWl20tqone7mWGa0lt5IFeSB5ZEe2bbHIrAn17/gmz+y94v8A2O/2MfCHwM+I+t2Oo+KYH1HV/Ft7pm77M+ranqFzqV4sJYBmiSe7kjRiASiKSATgAF7wP/ykL+KH/ZGfAf8A6dvF9ezV88fAL4R/Cj4Qft+/F/TfhN8MfD3he21T4V+B9Q1O38O6LBZJeXkmq+Lg9xKsKKJJWCqDI2WIUZPAr6HoAKKKKACiiigAooooAKKKKAPN/wBq39m7wt+1T8GNR+FfiK5eyumZbvQNagyJtK1GLJguoyCCCrcHBBKsy5Gc1yP7DH7SPin4u+E9V+EnxttksPil8O7tdK8baecD7SQP3OoRdN0U6AOCABuzgBSufdq+Yv25vhb41+GXi7Sf2/P2f9Ha58VeCbUweMtDt/l/4STw8TunhYDrLEAZEPJG3oxRFr2cvnDGUXl9V2u702/sz7N9Iz0T6KXLLueJmVOeCrrMaKvZWqJfah3S6yp6yXVx5o9j6dornvhP8UvBPxs+G+jfFf4dawl9ouu2KXVjcL12nqjD+F1YFWU8qykHkV0NeROE6U3Cas07NPdNbo9inUhVgpwd01dNbNPVMKKKKksKKKKACiiigAooooAK8r/aV+D/AIi8Uw6f8XPhO62/jrwkxn0iToNQg582yl/vI4Jxnox6jcTXqlFefmmW4bN8DPC172lazWkoyTvGcX0lGSUovo11TafflmY4nKcbDE0bXV7p6xlFq0oyXWMotxkuz6NJrkvgl8YPDvxv+H9p450BGgdyYdR0+b/W2N0nEkDjggqfUDIIPeutrwX4t6ZqP7MHxQk/aR8H2MsvhXXJUh+IukWyE+SxOE1KNR/EpOHA65J6sWX3PS9U07W9Mt9Z0i9iubS7gWa2uIXDJLGwBVlI6gggg152RZlia/tMBjrLE0bKVtFOL+CrFfyzS1X2KinB7Rv6Gd5dhqHJjsFd4atdxvq4SXx0pP8Amg3o/twcJreVp6KKK+hPACiiigAr5Z/aU03UP2Nvj9bftt+DLGVvB/iJoNK+MOlWsZIRCwS21dUHV42YI+OSDgDLsw+pqo+JvDWg+M/Dl/4R8U6VDfabqdpJa39ncLuSeGRSrow9CCRXHjsK8VRtF2nF3i+0lt8ns11i2uxwZjgnjcPaD5akXzQl/LJbP0esZLrFtdixpupafrGnW+r6TexXNrdQpNbXMEgZJY2AZXVhwQQQQR1BqavmD9kPxLr37M/xa1D9gT4n6rNcWltBJqfwl1u7bJ1HSCSXsmY9Zrc5GOpQEgBVXP0/TwWKWLoczVpLSS/lkt1+qfVNPqPLsasdhudrlmm4yj/LJbr9U+sXF9QooorrO4KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK5X466LN4k+CHjLw7beKv7Ckv/AArqNtHrmSP7OZ7aRRcZXkeXnfxz8tdVXzz/AMFQfiBrXhP9krVPAvg98+IfiLqVp4P8PwhsGWe/k8t145/1Am6d8V25bQnicwpUoOzco69tU2/RJNvyWpw5nXp4XLq1WaulGWnfRpJebbSVtbvTU+Kf+CLP7D/7ROm/Gnw/+15rkA0XwSdJvGs3e/RpNcWWOW3VPKRi6IsmJcyhcmJCoOQR+rlYXwv+H+i/Cj4baB8MPDibbDw9o1tp1p8uCY4YljBPuQuT7k1u13cQ51Wz3MpYmaSS92Nlb3U3a/d66/5Hn8OZHR4fyuOFpttv3pNu/vNK9uyutPvd2wooorxD3grxX9sT/iqrz4d/BuP5v+Em8cW0l7F132VqDNMMf98H8K9qrxW//wCK6/bvsLbG+18C+B5bjd/zzvLyTy8e2YRn8K+X4u/fZXDBLfEVaVL/ALdlNSn/AOU6cr+T8z6bhT9zmc8Y/wDmHp1an/byg4w/8nqRt6eR7VRRRX1B8yFFFFABRRRQAUUUUAFFFVNf13R/C2hXvibxDqMVnp+nWkl1fXc7YSCGNS7ux7AKCT7Ck2krsTaim3sj538Xf8XR/wCConhPQB+8s/hh8OL3WHbqsd9qEotQh/2vJAcewr6Tr4f/AOCff7XHwV+Nn7afxf1i21q5TXPG17aDwpFeWxRbnS9Pt2jAQ5+WQrmVkIBwM8kMB9wV4+SV6OLoVMRTkpc9Sb08mopf+AxT9GeBw7icPjsNWxVKal7SrN6O+zUYr/wGKfpJBRRRXsn0AV4z+wf/AMkQ1z/ss3xH/wDU11uvZq8Z/YP/AOSIa5/2Wb4j/wDqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFfA37cvhn4jftw/wDBTnw1/wAE2dT/AGjPG3w3+GWl/A+X4ieJovhzrZ0vVPFl2+rnTYrF7xQXjtYFTzZET75nQN/CyfPn7Mnxy+LvhH/glD/wTm+KGjfGLxOniDxB8evD3h/XIR4guT/wkem6jc6nbXkF5HvxdokWJx5gbyzbBhgigD9fKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9ezV4z4H/5SF/FD/sjPgP/ANO3i+vZqACiiigAooooAKKKKACiiigApGVWUqwBBGCD3paKAPkLwgx/4J0ftTj4Z3beR8GPi7q7S+F5mOIfC/iF+Xss9I4LjGUHADAAABZGP17XFftDfAfwL+0t8H9a+DPxEtC+n6xbFFnjA820nX5oriMno6OAw7HGDkEg+V/sJfHjx1qg1v8AZM/aIux/ws34bFLe9unJxr+lnAttTiJ5cMpUOeSGILYL7R7mJ/4VMH9bX8Wmkqn96O0anrtGfnyye7Z4OF/4Scb9Tf8ACqNun/dlq5U/TeVPy5or4Uj6Jooorwz3gooooAKKKKACiiigAooooAh1LTrDWNPn0nVbOK4tbqForm3mQMkqMCGVgeCCCQRXhXwq1G//AGWvinH+zt4rvJJPB/iCeSb4earcOT9mkJy+myMe4JyhPXIHJbC+91ynxq+EXhv43fD+88B+I90Xm4lsb6IfvbK5XmOeM9Qyn3GQSOhNfPZ7lmJxHs8dgbLE0buF9FOL+OlJ/wAs0tHryTUJraV/fyTMsPQ58FjbvDVrKVtXCS+CrFfzQb1X24OcHvG3V0V5T+zV8XvEniIaj8Gvi3th8c+EyItS7LqVtwIr6P8AvK4I3Y6MRkDcAPVq9HK8zw2b4GGKoXSd009JRknaUJLpKMk4yXddU035+Z5biMpxssNWtdWaa1jKLV4yi+sZRacX2fRppFFFFegcAUUUUAeP/tnfs56l8fPhtb6l4A1EaZ498IXo1jwJrSkK0F9Hg+SzH/llKFCMD8v3WIO3B0/2S/2i9N/aY+EFt42bTjpuu2M76d4s0KQFZNL1OH5ZoWU8gZ+Zc87WGecgem18r/tDWV5+xX+0PB+2V4VtJP8AhBvFssGl/F3TbZCVtXLbLbV1Ud1ZgkmByG6FpCR5GLX1DEfXI/A7KovLaM/+3b2l/cf908LHp5Zi/wC0I/A7Rqry2jU9YXtLvB3+wfVFFRWV7Z6lZQ6jp13HPb3ESyQTwuGSRGGVZSOCCCCCOualr19z3U01dBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXy38Yv+L7f8FMfhv8ACWM+dpHwq8NXfjHW0HKNf3BFtZRt6On+uX2Y19RsyqpZmAAGSSelfLv/AATdB+LGu/Fn9su7HmD4jeOpbXw9Oed+i6aDa2rA9skSggcZQda9jK/3FDEYv+WPLH/FU938I87PFzX/AGjEYfBr7c+aX+Gn734y5EfUdFFFeOe0FFFFABXiv7KP/FXePvip8YnG4ax4yOmWch/jtrCMRIw9juP5V1P7TXx60f8AZ0+Fdz4+1OykuZ5ZxZ6Xax8ebdOjsgYn7qgIzE88L0JNecf8E1/if4X8Y/Ar/hB9Ktp4tT8OXLHWGnO7z3uZZZVmDd84ZcHkbO/Br4XM84yytx3gMplVXtYQq1eXq5OChBbWvyurNK+ybPt8tynMqPBGOzSNJ+znKlS5uiipuc3ve3MqUHpu0j6Iooor7o+ICiiigAooooAKKKKACvLv22fGnhvwB+yP8RvEfi2FZbE+Eb20e3Zyone4iNvHFkcjfJKi5HPzV6jXzR+3b/xd74r/AAh/ZFtv3kHiXxX/AG94oiHI/srTV85o5PRZZCFB/vR15+aVZUsBU5fikuVesvdX/pV/RM8vOq8qGWVeTWUlyR85T9xfjK78kzgP+Cd//BK7Sf2dvE/h/wDaR8d+O7nUvEZ0FJrTRF04W8ek3FzbbJld/MYzsqyPGDhByTgnGPtaiiqy7LcJleGVDDxtHd+b0u362/yKynKcDkuDWGwkOWO73u3ZXbv1dv0WgUUUV3HpBXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfDP7dXwS+E37b37f8A4b/Zcj13x78Lvit4E+EsvjrwL8dPh74iSyvra2uNSOnXWk+UyMLqAlIpJUf5QJYwCvmMWqf8E+/+CD/ww/Yq8VeCfGnxI/ah+IXxfuPhbZXNr8KdE8W3EUGi+ERcBhNcWljECv2lld1852YgNwAVVgn/AAVr/wCCfvhf44/FTwp+2n8Q/wDgqd4l/Zw074daL/Z2k6ppmpWGmW9pcTSzNPN9uuHjdTcI0MTwb/LkW1iyrEVxH7En7Pmq/Gr4o6N47+Bv/ByJ40+NOn+ENdsdS8ReENI1fRL6K9tYrhHe1u1tyZYoZgpiLYBIc4OaAP0pooooAKKKKAPGfA//ACkL+KH/AGRnwH/6dvF9ezV4z4H/AOUhfxQ/7Iz4D/8ATt4vr2agAooooAKKKKACiiigAooooAKKKKACvnX9u74E+Or46J+1x+ztZ5+Jnw23z2tpGDjxBpRybnTJQvL7lLNGOSGLBcM4YfRVFdWCxdTA4mNaGtt09mno4vyaun9+6RyY7B0sfhpUZ6X1TW8WtYyXnF2a+7Zs4v8AZ7+O3gX9pT4QaL8Zvh3eGTTtYtQ5hkI820mHyy28gHR0cFT24yMggntK+QfFIP8AwTn/AGqD8QrUGD4L/F7WFj8RxLxB4X8RPwl5jpHb3GMOeApBJICIp+vgQwDKcg9CK6MxwlOhONWhrSqK8X1XeL/vQej7q0tpHPlmMq4iEqVfStTdppbPtJf3ZrVdnzR3iFFFFeaemFFFFABRRRQAUUUUAFFFFAHk/wC0t8JPE2tnTvjX8IVWLxx4TzJYLj5dUteTLYyY+8GGdvoxOCN24dd8GPi54a+Nvw/svHvhksiTgx3llKf3tncLxJBIOzKfzBBHBFdVXgfxRsL79lb4qyftBeF7OR/BniO4SH4g6XboSLOYnampRqPc4kA65zyWyvx+ZRlw5mEs2pr/AGepb6xFfZeijiEv7qtGtbeHLU3pu/1uXNcQ4COV1H+/p39hJ/aWrlQb/vO8qN9p80Nqit75RUOn6hY6rYQappl3HcW1zEstvPC4ZJEYZVlI4IIIINTV9fGSkk07pnybTi2mrNBRRRTEFZ3i7wn4d8d+F9Q8F+LtJhv9L1WzktdQsp1yk0LqVZT9QT71o0UpRUotNXTFKMZxcZK6Z8x/sdeLPEX7O/xO1H9gL4r6tNc/2VbtqHws1u7bnVdEJJ+zFu81vypUfwqcAKgJ+nK8b/bS/Z11n44/D6z8TfDS+GnfELwVe/2v4F1YEApdJgtbOTwYplUIwPy52k5CkHc/ZT/aJ0X9pv4PWXxCtLE6fqsEr2PibRJQRLpepRYWe3dTyMN8y55KspODkDysDJ4Os8DN6JXpvvHrH1ht5xcX0Z4mXSlgMQ8uqPRK9JvrDrG/endLu4OL6M9Iooor1j3AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPFf+Ch/wAYLz4J/seeNfFGiO/9r3+m/wBj6FHD/rXvbxhbRlB3ZfMMgH/TM12P7M3wfs/gD+z94P8Ag3aIgPh7QLe1uXj6SXAQGeT/AIFKXb/gVeK/tcf8Xu/bY+CP7MEP72w0O8n+IHiqHqFiswYrHcO6tcM6kHjkda+o69jFf7NlNCh1m3Ufp8EPwUn8zxcJ/tOcV6/Smo0l6/HP8XBfIKKKK8c9oKKKKAPCv25NMsviPpXgv4ALAr3vi/xZDiQKDJa2tupe5nTIOGVGx9Gau4+AX7OPw2/Zw8PXPh/4ewXbm+mEt9fahMsk9wVBChiqquFBOAFA5PcmuP8AA/8Axdb9svxP44b95pvgDR4tC0w/wm9n/e3Lr/tKP3R9iK9tr4nI8twGZ55is/qUoupzulSm1qqdJezk0/79T2mu9opJpaP7PO8xx2W5Lhsip1ZKnyKrVino6lV+0imv7kPZ6bXk203qiiiivtj4wKKKKACiiigAooooAK+aP2bv+L2/tx/Fv9oaX97pvhFIPAXhmXqA0JE9/jtkTlcEdmr2X9ob4sWPwL+Bvir4u35TGgaJPdQxydJZwpEMf/A5Ci/8CrjP2APhNffB/wDZO8J6Jr4dta1WzbWtflmH7yS8vGNw+/1ZQ6xn/rnXl4n/AGjMqNHpC9R/L3Yfi5P5Hi4z/as3w+H6QTqy9V7kP/JpSl/26ey0UUV6h7QUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5qf8FB/D37J3xH/AOC1/wAJvh5/wUpm0Gb4VRfBC9vvhVo/j+5SPw5qPjP+1xHeJMsxEE9wtj9l2RTZU+YcAsUB5f8AbR+GP/BOT4L/ALdX7Kus/wDBO3w98OPDPx21D436XY6jo3wfjs7WW+8GSRT/ANtvqNrYYjNutsCwllXduQBCQr4+sv2nbr9lf9sD9rG1/wCCX37Rv7L2j/EGzPwwf4hahqHiGKKS30mL+0P7Ot1hBXzVuJX+0YkjZCqROMndg8UP2e/+Cdn/AARn8W/DjxF+zr+xB4f0KX4tfE7Tfh9deKtIYvf6XLqIl+zM01yZJmt3nhjjaNJFG6SNiG28AH2tX59f8FtP2UvgJqeq/B39rrUvAz3HxC079ob4a6Rp+uz6vdutrZnxLbbkitjL9njZhI4aRYw7A4LEAY/QWvlX/go3+wp+1L+25feGNF+F/wC2P4a+HnhTw14h0LxJHoupfCRtcup9b0vUTewXBuhqtqFgYpbo0HlE/u3PmfPhQDxr/gpRP+zLd/8ABSX4e6B/wU71vSLT9nqf4QanJ4Si8c6gbbwvceNF1GLzheszLA1yun7TbLcHHM5j/eV0P/BAX45p8Xf2fPi74L8MaxrWoeBvhv8AtCeIvDXwqu9fe4e4HhcR2l7p0W+5/fPGkV7tiMhLCDyR2AHuPjz4Fft7+J/hr4W8O+Hv23fBOneI7C2uY/GOs3nwOF5Za1I8qtBNb2baqrWTxINozNOrE7ivAA6z9kT9lnwt+yN8KJvh7ovinU/Eeraxr994h8ZeLtbEYvfEGtXsplu76ZYlWNCzYVY0UJHHHHGowgoA4n4BfE7w38Uf2/fi/qHhrTfENtHp3wr8D2NwviLwjqOju8qar4uJaJL+CFp4vmGJow0THIVyVOPoevGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBzvxb+FXgn43/DbWfhP8RtIW+0XXbF7W+t24O08h1P8LqwDKw5VlBHSvBv2Gfip42+HHivVv2Bv2gtXa48WeB7VZvCOuXHH/CS+HidsFwpP3pYgBHIMkjaOWKu1fTdeEftz/s3+Kvi14W0n4wfBC4Sw+KXw6u21TwXf4x9rwP32ny8jdFOgK4JA3YyQpbPr5bXpVISwWIdoTd039ieyl6P4Z/3WnvE8fM6FalUjj8Or1IKzivtw3cf8S+KH95NbSPd6K85/ZU/aQ8K/tUfBfTfit4bt3s7iQta67o0+RNpWoRYE9rICAQVbkZAJVlbAzXo1ebXoVcNWlSqq0otprs1/X69T0sPXo4qhGtSd4ySafdP+vzW6CiiisjYKKKKACiiigAooooAKr6tpOm69pdzoms2MV1Z3kDw3VtOgZJY2BDKwPUEEirFFTKMZxcZK6ejXdMcZShJSi7Napng3wf1bUv2Zfien7NPjO+ll8MazJJP8OdYuXJ2c5fTZGP8AEpOUz1BA/iVR7zXI/G/4PeH/AI4fD+68E65I9vKWE+l6lDxLYXacxzoRggg9cEZBIzzXNfs1fGHxB4uttQ+FPxVjW28deE3FvrUPQX0X/LO9i6bkkGCcdCegDKK+SyuUuHcwjlFV/uJ3eHk+ltZUG+8FeVK796neGrpa/WZnGPEGAlm1Jfv4WWIiut9I10u03aNW3w1LS0VTT1Oiiivrz5IKKKKACvlb4721z+xD+0fF+1v4dt3X4e+ObiDTPixYwISmn3RbZbauFHTltkhHXcThmkBH1TWX418GeGfiJ4R1LwJ4z0iK/wBK1eyktNQs5h8ssTqVYe3B4I5BwRyK4sdhXiqK5HacXzRfaS/R6qS6pvsjz8ywUsZQXs3y1IPmhLtJd/7rV4yXWLfVI0bW6tr22jvLO4SaGZA8UsThldSMhgRwQRzmn18zfsZeMvE3wI+Iep/sB/F7V5bm68P2xvvhrrd0cHWdBJO2LPQzW+ChUfwqcDbHk/TNXgsUsXQU7Wa0kusZLdfJ7Pqmn1Ly/Gxx+GVS3LJNqUesZLSUX6PZ9U01owooorqO0KKKKACiiigAooooAKKKKACiiigAooooAKKK8B/4KUfteap+xf8Asz3HxL8N6Et/rOq6pHo2ieaxEVtczQzSCeTHJVFhc7RjLbRkAk104PCV8fi4Yairzm0l6v8Ap/ccuNxlDL8HUxNd2hBNv0X9JfM5n9iX/i9P7Unxx/axuP3tm3iGPwV4UlPRbLTlH2h4z3SWdlfPqpr6kr4f/wCCFP7Qtj8Tv2atS+DCeEvsF34AvUNzqCSFl1IX0tzMJWLc+aGSQNyRjZjHQfcFenxJRq4bOatCatycsUv7sYpRfzXvesmeVwxWpYrJKWIg7+05pt/3pSk5L5P3fSKCiiivDPfCsb4ieNNN+HPgPWPHmrkfZ9I02a7kUnG/YhYKPckAD3IrZrxT9sqebxla+EP2d9OlYTeOvEkUeoKjYYabbET3LDHphPrzXjcQ5jUyvJa2IpK9RK0F3qTahTXznOPyTPXyDL6eZ5xRw9V2pt3m+0Ipzm/lCMvm0a/7GngvUvCnwI07WfEIJ1jxRcS6/rEjDBee6bzAT6ER+WCPUGvVKbBBDawJbW8SpHGgWNEGAqgYAA7CnV05Tl1PKcro4Km7qnGMb92lq35yk5SfnJmGa5hUzXM62MmrOpJyt2TeiXlGKjFeUUFFFFegeeFFFFABRRRQAUUUUAfNH/BQZj8VfEvws/Y/syZF8feMkvfEUK850bTgLm4VvTcwj2k8EoRzX0sqqqhVUAAYAA6V+XvwT/4KSz/F3/gpzovxD8QfDkf2ZrUCeDPDdqJW8/TIbi7UpcsD8rSM7fvMAYRiATt+b9Q6+fyPHYXNKuIxNGV/eUfSMV7v33lI+X4czLBZzXxeMoS5vfUNmrRhH3d/5m5y+avqFFFFfQH1AUUUUAFeM/sH/wDJENc/7LN8R/8A1Ndbr2avGf2D/wDkiGuf9lm+I/8A6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFeW/tyfE7xJ8Ev2KfjB8Z/BkjprHhH4W+INa0po1ywubXTbieIgdzvjWgDwT9vv8AZe/bY8PftVeE/wDgo3/wTph8J69470TwTP4L8b/DjxxfPaWfinQHu/tkK290vFtdwXJkdWfCsJSCcApJ574c+Cv/AAVb/wCCif7Q/wAL/F37f3wI8DfA74U/CLxva+NbbwVoHjJNf1nxNr9mr/YGluYAIYbSGRzKV+8zKAQ2Q8eX+2V+1/8AHL9j/wD4N4PCXxe+H3xZ1XxF8WfGfw88KaP4c8XajeG4vb/W9aS2827SR8kyKk1zNF12mOMdFrzm7/4J+ePf+CNHxT/Zv/aF+FH7aPxa8bar49+MmgfD7416J458WvqGl+JV1oSQPfxwOoMUsFyFkjJZ2CdXOH3gH600UUUAFFFFAHjPgf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB8i/Hazu/2A/2lh+134XtZB8MPiBeQ2Hxc023QlNKvmbZb60qjoCzbJcDksT8zSLt+trO8tNRtItQ0+6jngnjWSCeFwySIwyGUjgggggjrVDxr4M8MfETwjqXgPxro0Oo6RrFlJaajY3C5SaGRSrKfwPUcjqOa+Z/2MvGfif9mT4s3v8AwTu+MmszXUen2z6h8IPEN43Or6ICSbNm6Ge2wRtH8CnACopb3J/8KuB5/wDl9RWvedNaJ+cqeifeFn9lngw/4SMf7P8A5c1np2hUerj5RqatdFO6+2j6rooorwz3gooooAKKKKACiiigAooooAK8k/aV+FHie9udP+PPwdhC+NvCiloYAPl1ey6y2UgH3sjJT0YkDBII9borzs1yzD5vgZYatdXs1JaShJO8ZxfSUZJNP1TunJP0MrzLEZTjY4mlZ2unF6xlFq0oSXWMo3TXo1ZpNcx8H/iv4X+NXw/sfiB4UmPkXabZ7aQ/vLWdeJIZB2ZTx7jBHBBrp68C+Itnd/smfFeT45eHraRvAnim7SLx1p0CEjTbpjtTUUUdFJOJAOpPcldvvNneWmoWkV/YXMc0E8ayQzROGWRGGQwI4IIIINcGRZniMUqmDxtliaNlNLRST+CrBfyVEr215JqcHrFX7s7y3D4ZwxmCu8NWu4X1cWvipSf89Nu19OaDhNaSdpKKKK+gPBCiiigDxb9tf9nnxB8ZfAth46+FF0th8RvAl5/a/gjUhgFplAMlm5PWKdV2FScZ25+UEHpf2W/2hvD/AO038HdP+Jmj2rWV7ua01/R5ciXS9Riws9s4PIKtyMgEqynAzivRK+VPjRDN+wx+0vH+1FosTR/DX4h3kOn/ABQtIl/d6VqLHbb6uFH3VYnZKfViTuZ1x5GK/wCE/E/XF8ErKp5dIz/7d2l/daf2Twsb/wAJeM+vx/hytGqu3SNT/t2/LP8AuNN/AfVdFNhmhuYUuLeVZI5FDI6NkMDyCCOop1eue6FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfG/iLwh4f/wCCmP7WGq+H/F1i2pfBf4QyTadLbLcSRw+IfEkkZSYh42ViltG2AVIIcgglZDXpn7fnx98X/DP4faZ8Hfgq3m/Ev4m350PwbAjYa13AfaL9sfdSCNt27naxUkEBq9C/Zq+AfhD9mT4J6D8FvBa77bR7QLcXjriS9uWO6a4f/aeQs3sCAOAK9zCSlleCeMTtVqXjT7pbTmuz+xF93JrY8HGRjm2OWCavSp2lU7Se8Kb7r7c12UE9yT4Efs5fBP8AZl8IP4E+Bnw/tfD+mS3BnnhglklkmkIxukllZ5JDgADcxwOBgV21FFePVq1a9R1KsnKT3bd2/Vs9qjRo4ekqdKKjFaJJJJeiWgUUUVmaBXiXw9/4ur+2J4t+IL/vNN8C6XF4d0puqm7kPm3Tj0Zf9WfYivUfiX440/4a/D7WvH+qYMGkabNdMhON5RSVQe7HCj3NcV+xz4I1Dwb8BdKvdfy2r+IpJNc1mVhhpLi6bzMsPUIY1PutfLZt/wAKHEGCwC+GnzYif/bnuUk/WpOUv+4fkfT5X/sGQ4zHP4qlqEP+3/fqtelOEY/9v+Z6jRRRX1J8wFFFFABRRRQAUUUUAFcl8ePirpnwP+DHif4uavtMPh/RZ7xY3OBNIqHy4vq77UHuwrra+aP+Cgzv8V/EPww/Y5sXLj4geLkvPEkSnP8AxJdPxc3Ct/d3MI9pPBKEc1xZjiJ4bBTnD4to/wCKT5Y/i19zPOzbFTweX1KlP47Wj/ik1GP/AJNJP0TKP7AH7Cvwh+HPw48IfHzxt8PYLr4mappp1TU9cvJpWeGW7Zptqwl/KidEkWMsqBuDzya+paRESNBHGgVVGFUDAA9KWqwWCw+Aw0aNGKSVr2Vruyu33b3bLy7LsLleEjh6EUkkr2SV3ZJyfdvdt66hRRRXWdwUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFUvEvhvQfGXhzUPCHirSYL/S9VspbPUrG5TdHc28qFJI3B6qysQR3Bq7RQB+eHwo/4N5Phj4A+LfgHUvGv7aXxf8AHPwo+E3iaPxB8L/gn4r1lLjSNEvoSxtdz433EVuWIiQgFV+Usys6v9UftS/sc6X+1T8UPg5418WfEG+sdG+EfxAHjFPDVtZo0es6nDbSw2Tyyk7o1gaaWQBQdzEZxtBrw39qH/g4M/4Jm/sr/GDUvgBrnxP13xj4y0SZote0L4c+FbnWH0yRTh45pYlEIdTlXQOXRgVYKeK9I/YQ/wCCtH7CX/BR641TQf2X/jGL3xFoUXm634P1zTJ9N1ayj3BTI1vcKpkjDMqtJGXRWZVZgSBQB9I0UV4X8d/+ClX7E37M/wAc/Dv7Nfxp+NqaT438VXum2mi6FB4f1G9aSW/ufstmJZLW3kjt1lmyivMyLkckDmgD3SivLf2k/wBtH9mv9kh9Ds/jv8Q5NO1DxNLPH4d0LSdBvtX1PUzCoaZoLHT4J7mVI1ZS7rGVTeu4jcM7v7P/AO0Z8E/2pvhvB8W/gD8QrPxJoE91Nam8tUkje3uYXKTW88MqrLbzIww0UqK6nqozQBx3gf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV41+2x+zHd/tHfDK3uvAuqjR/H/hG9GsfD/xAhCtZ6hHgiNm/wCeUu0I4OR91iG2AV7LRW+FxNbB4iNak7Si7/8AAa6pq6a6ptHPisLRxuGlQqq8ZKz/AEafRp2ae6aTPJv2Nf2nLT9qD4Rr4j1XSTo/ivRLt9J8ceHJQVl0vVIflljKnkIxG5DzwcE7lYD1mvk79rHw7rn7HPxzt/8AgoD8MNKnn8O6gsOmfGvQLGMsbixyFh1ZEHWaAkBj1KY+6DI1fUnhzxFoXi7w/Y+KvDGqwX+m6laR3Vhe20gaOeGRQyOpHUFSCD7125lhqK5cVh1+6qXsv5ZL4oP0vePeDT6M4csxVaTlhMS71adrv+eL+Ga9bWkuk1JbNF2iiivLPWCiiigAooooAKKKKACiiigCrrei6T4k0e68P69p8V3ZXtu8F3bTLlJY2BDKR6EGvEvgtrerfs4fEpf2XvHeoSzaDqJef4b61dNnfFnL6fIx/wCWkefl9QQOMote71xvx1+DeifHDwDP4Q1O4e0u45FudG1WHiXT7xOY5kI5GDwQCMgkZHUfO57luKqunmGAS+s0b8qvZVIPWdKT7TteLfwVFGW3Pf6DJMxw1JTwGOf+zVrcz3dOa0hViu8b2kl8dNyjvy27KivMP2a/jJrnjrTr/wCHHxOt0svHPhSQWviC06C5X/lneR9N0cgwcjgE9ACufT69PLMywubYGGKw7fLLo1ZxadpRkukoyTjJPZrtZvzcyy7E5VjZ4Wuvej1WqkmrxlF9Yyi1KLW6fqkUUUV3nCFZHj3wL4W+JvgvVPh7430iO/0nWbKS01C0lHEkbjB56gjqCOQQCORWvRUyjGcXGSumTOEakHGSuno13T3Pmn9izx14q+DfjbVf2CPjLq0lzqvhS2+1+ANbuuDrnh8kiLB7ywY8tlHZcDIjLH6WrxL9tr9n3xN8VvB2m/E/4OzLZ/En4f3Z1XwZfAYM7AfvrF+m6OdBsKkgbtuTtLZ639mP9oLwx+018HdM+KnhyFrWWcNb6xpUp/e6bfR/LPbSA4IKt0yASpVsDdXl4GUsJVeBqPZXg31h29YbPvHlfc8bLZzwNd5dVd+VXpt/ah/LfrKnpF9XHkl3PQKKKK9Y9sKKKKACiiigAooooAKKKKACqmv69o3hbQr3xN4i1KGy0/TrSS5vry4fbHBDGpZ3YnooUEk+gq3Xyp+29r2s/tMfF3w//wAE7vh1qc0Nvq8aa18WdUtHIbT9CjcFbXcPuy3LhVA6hdpIKua7cvwf13EqDfLFXcpfyxWsn92iXVtLqcOY436jhXUiuabajGP80npFffq30ipPoH7EWg6z+0z8XvEH/BRD4iabNDbatHJonwl0u7TDafoUbkNd7T92W5cM2eoXcASjivquqmgaDo3hXQrLwx4c0yGy0/TrSO1sbO3TbHBDGoVEUdgFAAHoKt0ZhjPruJc0uWKtGMf5YrSK+7VvrJt9Qy7BfUcKqcnzTbcpS/mk9ZP79EukVFdAoooriO4KKKKAPE/2xZZPHD+DP2c7F2L+NvEcZ1RUPI021xPcHjp0THrg17VFFHBEsMMaoiKFRVGAAOgFeKfDP/i6n7XvjP4lSfvNO8FWEXhnR26qblj5t2w9GVv3ZPowr22vluHf9uxmNzR7VKns4f8AXuhemreUqntZeejPp+IP9iwmDyxb04e0n/18rWm7+cafso+WoUUUV9SfMBRRRQAUUUUAFFFFABXzP+z/AP8AF9P28vij8fJT52k+A7SHwJ4ZkPK+eh8/UGHYMspVMjkq+K9l/aJ+Len/AAH+Bnir4v6iUK6Bos91BHIeJZwuIY/+BylE/wCBVxv7Afwk1D4O/sp+FtG8Qh21zV7Ztb8QzTD95Je3jGd9/qyh1jP/AFzry8T/ALRmNGh0heo/l7sP/JnJ/I8XGf7Vm1DD9IXqy+XuU1/4E5S/7dPZaKKK9Q9oKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK8r/bo+K+v/Af9iT4x/HHwpceVqngz4V+Idd02UDOy4tNNuLiNvwaMGvVK4P9qX4ffC/4tfsx/Eb4VfG/xX/YPgvxN4D1fSfF+uf2jFZ/2dpdzZSw3Vz58wMcHlwvI/mSAom3cwIBoA8i/wCCQH7Lfwr/AGU/+CePwr8KfDjwxa2t9rngjS9c8XawsI+1a3q93ax3F1d3Mv35naWV9pcsVQKgO1QK8s/4Kx/DLwV8L/2mP2Vf25/BGg2umfEGx/aK8PeBtT16zhWOfVNA13ztPubK4ZQDOitJFJHv3eWVfbjeTXzRpX/BO/8A4I0aFpdtomif8HE3xZs7Kzt0gs7O1/bK0aOKCJFCpGiKgCqqgAADAAAFdH8I/wDgnb/wR5vPjv8ADnxFYf8ABcL4g/EnXfDPxD0XXfCPg7xL+1No+tW2o6zaXsU1lF9j8stOzTKqBI8SNvKqQWoA/WCvj3/gtP8A8kB+FP8A2dF8NP8A1JbOvsKvBf2sf+CZ37HX7b/i3TfG37S3gfxLrd7pFvaxadHpvxN8QaRawm2uJLiCYW2nX8EBnSWRnWcoZRhBvwiBQDwv9tS2+LnjL/grV8J/Cn7HPiPQPDPxZ0T4K+IdS13xJ49sZNQ0OXwtPqVhC1mLCF4p7i7N7FBIskVzbiKON95lEioN/wD4IvSX+leEPjx4B+IKxXHxK0T9ojXD8V9c025V9L1nW7i0sbgXVggjQ21v9kktI/sz7pInicPJKxMj+qeM/wDgmR+xZ8QvAfg74f8AjD4YatexeAI7mPwfrrePdbTXtMjuGLTomsJeDUGSQn5la4ZSFUEYRQPQ/wBnr9mz4G/sp/DpPhR+z78ObLw1oQvZr2a1tXkkkuruZt0tzcTSs8txO5A3Syu7tgZY4FAHmHwC1L4r6n+378X5Piz4L8PaJcx/CvwOmmReHfE8+qJcWY1XxdsmleaytDDKTuBiVZFUAESNkgfQ9eM+B/8AlIX8UP8AsjPgP/07eL69moAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigCtrGj6V4h0i60DXdOhvLG+tnt7y0uYw8c8TqVdGU8MpUkEHqDXyn+zHrGq/sQftBSfsKePtQmk8E+JHn1P4K63eSFhGm7fcaM7nq8bNujzyQ3XLoo+ta8t/a/8A2ZtG/an+Dlz4Ek1JtL12xuE1Lwh4hhJWbSNUh+aC4Rl5Az8rY5KscYOCPUy3E0Yc2GxD/dVLJv8AlkvhmvOLeq6xcl2PKzPC1p8uKwy/fU7tLbmi/ig/KSWj6TUX3PUqK8T/AGH/ANpnWfj58Pr7wr8UdNXSviT4Gvf7H8f6IwCmO7TIW6QDgwzqpdSPlzuAJCgn2yuPFYWtg8RKjVXvR+59mn1TVmn1TTOzCYqjjcNGvSfuyXzXRpro00010aaCiiiuc6QooooAKKKKACiiigAooooA8h/aU+F3ilNRsP2hvg3bD/hMvC8Z8yzXga1p+cy2bgfeOMlO4PTkqR3fwm+KPhb4y+ArD4heELkvaX0WWif/AFlvKOHicdmVsg/mMgg10deA+Oba4/ZF+LUnxe0WB/8AhX3i69RPGVjEpK6RfOdqX6KOiOTh8dz3JQD4/ME+GsxlmcP92qte3XSEtIxrpdto1v7vLV3hNn12Aa4jy+OWz/3mkn7B/wA8dXKg/PeVH+9zU9pxR79RTLa5t7y3ju7SdJYpUDxSxsGV1IyCCOCCO9Pr69NNXR8k007MKKKKYgr5U+K0cn7CX7TqftEaWjRfC/4mX8Vl8RbZB+60XVmOINUwOFSQkrKeBkljuZkA+q6xfiN8PvCXxX8Cat8N/HekpfaRrVi9rf2z/wASMMZB/hYHDKw5VgCORXFjsLLE0k6btUi+aL7Nd/KSvGS7PukedmWCnjKCdJ8tWD5oPtJdH/dkrxkuqfdI2Y5I5Y1licMrAFWU5BB7ilr5s/Ym+IXi34XeK9X/AGEPjXqr3HiDwZbC48Gazc8HXvD5O2CQeskPEbgdAAOdjNX0nV4PFRxlBVErPZp7xktGn6P71ZrRmmAxsMfhlVSs9VKL3jJaSi/NP71ZrRoKKKK6jtCiiigAooooAKKKKAOF/aU+PnhD9mT4Ka98afGrbrXR7Qtb2aNiS9uWO2G3T/aeQqvsCSeAa89/YD+Afi/4a/D/AFT4yfGpPN+JfxOvxrnjKZ0w1puH+j2C5+6kEZ27f4WZgCQFrhdS/wCM8f23U0Nf9J+FnwJ1MS33eDXPFePlj9HS0UnPo+QQVkFfW1e1if8AhOwCwq/iVLSn5R3hD/2+S7uCex4WF/4U8weLf8OleNPzltOf4ezi+ym1uFFFFeKe6FFFFABWB8U/Hdh8MPhxrfxB1LaYtI0yW52MceY6qdifVm2qPc1v18Z/8FRfjv4r0bU9P+A2jGGLTL7TYdS1Z9oZ7gidxHCc/dUNCHP97I7DB+T444lo8JcMYjMZ35kuWFlf95O6h8k9X5R8z6rgvhyrxVxJQy+FuVvmnd29yNnP5taLzfke/fsfeA7/AMCfATRzru5tW1zfrOsyuMO9xdHzTu/2gpRT/u16dXDfs1fETxB8V/gX4c+IHinR0sb/AFGyZri3jjKIdkjxh1U9FdVDgejiu5r0uHIYOnw/hI4Rt0vZQ5W1ZtOKd2nqm7uTv1k/V+bxDPF1M+xcsUkqntJ8yTuk1Jqya0aVklbol6Iooor2jxwooooAKKKKACiiigD5n/b5J+L3j74VfsdWhMkPjLxWNW8UxLyP7H04CeVH9BI+0KT/ABR4r6YAAGAMAdAK+Z/2bP8Ai+X7b3xY/aMm/faX4RWHwF4WlPK7oCJr9h2z55UBh1ViK+mK8vLf3062Kf25WX+GF4r73zs8XKf9oqV8a/8Al5K0f8FO8F98ueXzCiiivUPaCiiigAooooAK8Z/YP/5Ihrn/AGWb4j/+prrdezV4z+wf/wAkQ1z/ALLN8R//AFNdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK83/bJ8cfDT4ZfshfFX4k/GfwKPFHg7w98N9c1PxZ4ZMMcg1fTINPnlurPZIQj+bCjx7WIU78HjNekV5F/wUD+Ffjn46/sF/G74I/DDSF1DxL4y+EXiXQ/D1g9zHCLm+u9LubeCIySMqRhpJEXc7BRnJIAJoA+Wfif+xr/AMEMfgv+xzpn7bnxJ/4Js/Da08J6lp3h+6+zWnw8sp7uH+17mztbVCgABIlvYQ5DYADEZxz7x4I/4JFf8Ev/AIa+NNI+I3w//YJ+Feja9oGqW+paJq+neDrWK4sbuCRZYZ4nVMo6SKrKw5BUGvz3/aM0X/gv9+0L/wAE/NP/AGCrz/gkD4a0u00+w8LWw8SxfHvRZZHGi3+n3it5BkUDzTYBCN/yiUn5tuD9UfCL9sf/AILpeKPix4X8NfF3/gjb4X8L+E9R8RWVr4n8TW/x90q8k0jTpJ0S5u1t0+adooi8gjX5nKbRyaAPuuiiigAooooA8Z8D/wDKQv4of9kZ8B/+nbxfXs1eM+B/+UhfxQ/7Iz4D/wDTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD5a/bZ8AeLvgJ8RtO/wCCh3wO0WW71Dw7aCy+J3h60GDr/h/ILyY6Ge3ADqx/hQZO2Pafoz4efEDwj8VfA2lfEjwFrMWoaNrdjHd6deQniSJxkZHVSOhU8ggg4INa80MNxC9vcRLJHIpV0dchgeCCD1FfIvwmmm/4J6ftPj9m/WpWj+EfxP1KW7+Gt5I37rQNYc7ptJJP3Y5Sd0Q9SANzGRh7lP8A4VcD7J/xqS93vOmtXHzlDWUe8OaP2UeDU/4SMf7VfwazXN2hUeil5RnpGXafLL7TPryiiivDPeCiiigAooooAKKKKACiiigAqn4g8P6N4r0O78NeItOivLC/t3gu7WZcrLGwwyn8DVyipnCFSDhNXTVmnqmno011TTsyoTnTmpwdmndNaNNapp90zwr4G+INZ/Z9+Ig/ZW+IWoyz6Xcq8/w41u5b/j4tgctYu3TzYs/L6r6AoK91rivj18F9J+OHgOTwzc3bWOpWsq3eg6vDkS6feJzHKpHOM8EDqCehwRkfs2/GfV/iLo994H+Itoth438LTC08S6fwBIcfJdR+scg+YEcAnjgqT8llM55Bj1k1d3pSu8PJ9lrKg2/tU1rTu7ypaaypO/1WaQhnuBeb0VarGyxEV3eirJL7NR6VLaRq66RqK3plFFFfXnyYUUUUAeG/tu/ALxZ8R/DGlfGT4KsLb4l/Du6bU/Cdwo/4/VA/f6fJ03RzICu0kfNgZAZs9v8As1/H3wn+0v8AB7Sfiz4TVoReRmPUdOlP73T7xPlmtpBwQyNnqBlSrYwwru6+A/2qf2mNJ/4Jjfti6hrfgDw//bmkfEvQ11nxN4L+2G0S0vxM8S38MvluoMuyXem35mUkkfJjw8wr0snr/XZu1OVoz9dozS6v7MratWf2T5vNMTQyDEf2jUdqM2o1PJ7Qml1enJJLVx5Xryn35RXG/s/fG7wn+0d8HNC+NXgiK4j03XbVpIobpQJIXSR4pY2xwSskbrkcHbkcGuyr2aVSnWpxqQd4tJp909UfQUa1LEUY1abvGSTTXVNXT+4KKKKs0CiiigArwv8Ab1/aG8T/AAZ+F9l4D+EUX2r4kfEPUBoPgSyQ/MlxJgSXjddscCNvLEFQxTdwSa9t1XVNN0PS7nW9Zv4rWzs7d57u6nkCRwxIpZnZjwFABJJ6AV8sfsa6VqX7WPx313/goT43sJU0ZUm0D4OaddIVNtpUbss+obT92S4fcAeGC715Uqa9bK6NKLljK6vTpWdn9qb+CHo2ry/uxfc8jNa9WShgqDtUq3V19mC+Ofqk+WP9+S7M9s/Za/Z68MfsufA7Q/g54Zl+0HT4DJqmpOP3moXsh3T3Lk8ku5JGScKFXOFFehUUV51etVxNaVWo7yk22+7Z6VChSw1CNGkrRikkuyWiCiiisjUKKKKAML4mfEPw58KPAeqfEPxZc+XY6XatNLgjdIeixrnqzMQoHqwry39n34EWXjDQ7/4yftB+CtM1bxL4zukv5LLV7CO4TS7UDFtbIsqnYVQgngHJAPK5qp4p/wCMpP2ho/AEP73wP8OrtLnxAw5j1PV+fKtfRki5LD1ypHKmveq+Nw9KlxNm8sVWipYbDuUKaaTjOp8NWpZppqGtKndNX9rJdGfX16tXhvKY4WlJxxNdRnUabUoU/ip07pppz0qzs07eyi+qGwww20KW9vCsccahY40UBVUDAAA6CnUUV9kkkrI+Qbbd2FFFFABRRRQAUUUUAFfPP/BTf9pj4lfsq/syv8QPhRaw/wBsX+uW+lxX88AlXT1kjlc3GxgVYgxBAGBXMgJBxg/Q1fLHxSsbL9s39tfT/gfeWcWofD/4QRx6x4yt5oxJb6lrcyEWlm6nKuscZZ2ByDmRGHSvLzipWWCdKjLlqVPdi1um+vpFJtvt52PFz6rXWXSoYeTjVqtQg1upPd+kYqUm+iWmrRw//BDj4u+LfHfwQ8U+BNf8Polr4d1xZ7XXFRg2oS3hmlmWRjw8iFFJbrtlQEcAn7frL8H+CPBfw80OPwx4A8IaXoemxMzRado+nx20CEnJIjjUKCT14rUrTKsHVy/LqeGqT53FWvt1f5ba69zXJMBWyvKqWEq1OeUFbmta+r/K9tde+oUUUV6B6oUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRXy1+3D+3z8e/2PPip4I0jTf2LH8T/D3xV428N+GdQ+I8/xEtLBbC81fUksVWKwEM1xcNEZEkbcIkYNgSZBIAPqWivJf2hviF+2l4O8QWFn+zF+y94F8eaZNZl9SvvFfxbuPDsttPvIEaRRaPfCVduDvLocnG3jJ5n/AIJpftoeNf2+f2aD+0X4v+Clh4IguvFWraXodtpXi5tattVs7G5a0/tCG4eztG8qWaKcIDECURXz8+1QDa8D/wDKQv4of9kZ8B/+nbxfXqviG+vbZbSx02RY5r67ECTMm4RgI8jNjudqHHuRXlXgf/lIX8UP+yM+A/8A07eL69S8Qf8AIW0P/sKv/wCklxQAg8P6vjnxzqmfaG0/+MUv/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqVz3xa+Kfgf4G/C7xF8Z/ibqs1h4c8KaLc6tr1/b6fPdvbWdvE0s0oht0eWTaisxVEZsA4BoAu/8I/q3/Q86r/35tP8A4xR/wj+rf9Dzqv8A35tP/jFcve/tO/AbTv2aH/bEvPiRZp8NU8Gf8JYfFYilMJ0c2v2oXQQJ5hBhwwQJvOQoXccV8of8FLP26/8AgoD8HP2Xrv8Abg/YE8H/AAa1j4S6X8LIfGV3rnxRGuRarfCQPKsFtpsKQMgNubd83EsTBpGVkBTBAPtf/hH9W/6HnVf+/Np/8Yo/4R/Vv+h51X/vzaf/ABisr4G+N9W+JvwT8HfEjXre3hvvEPhbT9SvYrRGWJJZ7aOV1QMzEKGcgAknGMk9ap/tE6n+0DpHwb1m/wD2WfCvhfWvHqrAvh/TvGmqT2elyM08aytcTQRySKqQmVwEUlmRV43ZAB0P/CP6t/0POq/9+bT/AOMUh0DWQMx+ONSLDoJILUr+IEIP6ivlH/glh+2X+2H+0n8R/j58FP20dA+Gln4m+Dfjqy0GOb4X22oJY3Cz2K3TEvfSvJKRvChtkWcH5K+w6AKPhzUbnVNJS5vFUTJLLDNsGFLxyNGxA7AlSfxq9WX4P/5BM3/YVvv/AErlrUoAKKKKACuA/ab/AGePBf7UfwZ1b4PeNg0Ud9GJNO1KFf32nXicw3UR4IdG54I3KWU8Ma7+itaNarh60atN2lFpp9mjKvQpYmjKlVV4yTTT6pngH7Cn7Q/jPx9o2s/s9/H7bbfFP4bTrp/ieNj/AMhW3x/o+pxZxvSZNpJH8RyQodRXv9fnh/wXP0P4pfDW98C/tM/Aka3oOpQWt/o3ijxf4ZvZrW4itnMD2sEskLAiMt9oIJ4BwM8rWn/wTz/4KWzeDvgro/g79vfWfE+ialfXjnwp428U6FcJZavYFU8vdeFSHlVxMDI+FKBCXJzX1WL4eq4/LY5tgkmpvWnH4oyV+blV9Y3XMklzRjLZpJnyOE4jpZfmksnxzadNaVZaRlF25eZtaSs+Vyb5ZSjum2j78oqh4a8U+GfGmiQeJfB3iKx1bTbpN9rqGm3aTwTL6q6Eqw+hq/XyLjKLs1Zn2UZRkk07phRRRSGFFFFABRRRQAUUUUAFePftJfDTxVpmsWP7SXwas9/izw1CVv8ATo+Brmm5zLauB95gMsh5ORgAnbj2GivNzfK6GcYGWHqNxejjJfFCcXeM4vpKL1XRq8XeMmn6OVZnXynGxxFNKS1Uov4ZwkrShJdYyWj6p2krOKa5/wCFvxL8LfF/wJp/xC8HXnm2OoQ7lVsb4XHDxOOzq2QR7cZGDXQV4B4shl/Y++Lb/EnTImX4ceMr9U8T2sYymiai5wt6oH3YpDgPjof+ALXvsM0NxClxbyrJG6hkdGyGB5BBHUVxZFmlfGQnhcYlHE0Wo1Etnf4akP7lRLmW/LLng9Ya9md5ZQwk4YnCNyw1a7pt7q3xU5f36bdn/MuWa0lo6iiivfPCCvEf2tP+Cf8A8Af2yr/S9b+KUer2Wp6REYLfVNBvI4Z5ICxbyH8yORWQMWYfLkFmwRk59uorDE4XDYyi6VeClF9Hsc2MwWEzDDuhiYKcHumrrTY+Urj9lT42fsVSnxl+wvqs+u+GEAfXPhH4j1FnjucAb5rC4fJgnbGSp+ViT97Cx16/+zh+1p8KP2mNMuYvCV1c6Z4g0tvL8QeENbh+z6lpcoOGWWFuSoPG9cr2JByo9Orx39o/9jPwF8eNTtviLoGsXng34g6UM6J478Pny7uEgYEcwBAuYuxR/wCEkAqCc+f9Tr5f72C1h1pt6f8Abjfwv+6/cf8Ad3PK+oYnK/ey7WHWk3Zf9w278j/uu8H/AHHqexUV8z+A/wBsf4g/A7xZZ/BT9vjQ7XQb+6l8jQPiTpykaFrpHTzHwBaTkclWwvU/INufpaKWKeJZoZFdHUMjqchgehB7iu3C4yhi4vk0a3i9JRfZrp5PVPdNo9HBZhhsfFum2pR0lFq0ovtKL1Xk9U902h1FFeJfte/tdL8BINM+GXww8N/8JZ8UvFxMHg3whbtksxyDd3JBHlW0eCzMSN21gCAHdPSwuFr4yuqNJXk/kkurb2SS1beiRpi8XQwVB1qztFfNtvRJJatt6JLVv8PFv2x/2pvh3+1b8TNB/wCCc/wM+LFp9p8Va89p8R9ZtZSi2OnW6+bPZQysAs0820x4jLgbWRvvHH2N4U8LeH/A/hjTvBnhPSorHS9JsorPTrKBcJBBGgREUegUAfhX5vfsrf8ABDj4yfCb9pHwp8Xfib8XvDs+j+GtUtNYMOjPcNeXF5CySiEiSJUWPzVwX3kso+6pbj9Ma9/iJZVhoUMJl1b2lOKbk7bzb1b0V9Eklb3Vpd3bPnuGnm+JnXxmZ0PZVJNRir7QS0S1dlzNtu/vN3srJBRRRXzB9UFFFFABXmv7T3xd1f4aeCYNB8Cwi58X+KboaZ4WsxjPnvw059EiU7iTwDtB4NeiajqNhpGnz6tql3Hb21rC01xPK21I41BLMxPQAAkn2rxH9njTr/46fEvUf2sfFVpIlgVk0z4e2NwuDBYqxWS72no8zZ56hdw5BWvmuIcZiZKnleDly18Rdcy3p01b2lX1SfLDvUnH+Vn0eQYTDxdTM8ZHmo0LPle1So7+zp+ja5p9qcJfzI9F+BXwi0n4I/DSw8B6bMbiaIGbU79877y7fmWZieSS3TOSFCjtXX0UV7mDweGy/CU8Nh48sIJRil0SVl/wXu223q2eJjMXiMfip4nES5pzblJvq27v/htkkktEgooorpOcKKKKACiiigAooooA89/am+POk/s1/ArX/i3qMIuLiwtfL0iw5Jvb6Q7LeAAcndIVzjkKGPasH9iD4C6t8BvgZa2njeZrnxh4lu5de8bX8uDJPqdyd8isR12DbHxwShI+9Xn3jD/jLr9uzT/h7H+/8DfBBo9W17vFfeI5VP2WA9m8hMucdG3qw5FfUNeThv8AbMfPEP4YXhD1+3L77QXlGR4mE/4UMzni38FO9OHm/wDl5L70oJ9oy7hRRRXrHthRRRQAUUUUAFFFFABXjP7B/wDyRDXP+yzfEf8A9TXW69mrxn9g/wD5Ihrn/ZZviP8A+prrdAHs1FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfnp/wAF7v2xf2Wvg/4O+FvwZ+KHx58NaF4ri+OXw98VyaBqWpLHdLolv4khafUCh58hBbXBZ+g8l/Sv0LooA+P/APgox+25oF//AME0dQ+Jn7GvxD0zxPrfxkntvAnwd1jRLwSQ32s6vcnTopoZF4JgzcXBPQC0b0r6I/Zo+Angv9lr9nrwT+zh8O4NmieB/C9lounEoFaVLeFY/NfHV3Kl2PUsxJ613FFAHzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPc/EH/IW0P8A7Cr/APpJcV5b4H/5SF/FD/sjPgP/ANO3i+vUvEH/ACFtD/7Cr/8ApJcUAcN+0b+zP/w0V/Y3/GQPxO8C/wBj/aP+Sc+K/wCy/t3m+V/x8fu383Z5XydNvmSdd3HmP/Ds/wD6yBftN/8Ah1v/ALmr6bor0aGbZjhqSp0qlorpywf5wb/E83EZPluKrOrVp3k93zTXlsqkV+CPmT/h2f8A9ZAv2m//AA63/wBzUf8ADs//AKyBftN/+HW/+5q+m6K2/t3Nv+fv/ktP/wCVGH+r+T/8+v8Ayap/8tPmT/h2f/1kC/ab/wDDrf8A3NXT/Bz9hv8A4U98SNO+I3/DYPx08U/2d53/ABIfGXxB+3abdeZC8X76DyV37d+9eRh0Vu2K90oqKmdZnVpuE6l01Z+7DZ+lNP7mvU0p5HlVGopwp2ad171TdetRr70/QKra1o2k+I9Hu/D2vadDeWN/bSW97aXEYaOeJ1KujKeCpUkEdwas0V5Z6p+GGn634s1b4aaZ/wAGwt/qd9Jr1l+0g/h7Up3kb7RJ8I7cr4jS8aX+F3tmis1GcEDZk5wfvr/gvL8TPg78P/8Agk/8cPhZrPxB8NaJq2pfCq+i8P8Ahy61a3trm6QKEVbe3Zg0gGNoCKemO1fVEfwD+BUPxhk/aHi+C3hJfiBLpn9my+OV8OWo1h7Pj/Rje+X55i4H7vft4HHFYXxu/Yy/Y+/aZ1qz8SftIfso/DX4g6jp1qbbT7/xv4F0/Vp7WAsXMUb3ULsibiW2qQMknFAGF+w58Zvg/wCPf2TfBE/gT4q+G9bTQPAGjJrraPrlvdf2cwsI8rP5bt5R+R+Gwflb0Ndt4W/aF+A/jf4P2/7QnhL4zeF9Q8B3Vu1xb+MrbXYG0uSJZDE0gud/lbRIpTO7G4EdaofBn9k79lj9nHStW0L9nn9mn4f+A7HXtn9u2fgzwbY6XFqOxWVPPS2iQTbVdwN4OA7AdTVqL9mn9nKD4KH9mqH4AeCU+HJtTbHwAvhWzGieSZTKYvsPl+RsMhLldmNx3YzzQB8J/wDBJv8AaH+AFz/wUL/bUs7f45eDpJvFXxs0c+GIk8TWhbWB/Y8CZtQJM3Hz/L+73fNx1r9Iq8T8E/8ABNT/AIJzfDXxdpvxA+HP7AXwT0DXtGvI7vSNb0T4VaRaXdjcIdyTQzRW6vE6kAhlIIIyDXtlAGX4P/5BM3/YVvv/AErlrUrL8H/8gmb/ALCt9/6Vy1qUAFFFFABRRRQAVR8R+GfDfjHRbjw34u8P2WqaddJsurDUbRJ4Zl9GRwVYexFXqKabi7p2YnGMlZq6PmXxN/wTM8C+FdbuPHX7H3xW8SfBvX5n8yWPw3cm40i6ft5+nzExuOmFUqo/u1R/4aJ/b2/ZoP2f9pj9nSD4keHYPv8Ajb4TZe7RB/HPpsuHLY5YxlUXHevqiivWWcVqq5cZBVl/e+NelRWl9/MvI8eWS0KTc8FN0X/d+B+tN3h9yg/M8t+Af7aP7M/7S6fZ/hJ8VtPvNSUH7RoN4xtdRgZfvBraYLJ8pyCwBXI6mvUq8o+Pn7Ef7Mf7Sj/2j8UPhbZSawhDW/iPTM2epQuv3WFzCVdtp5AcsvtXlv8Awof/AIKC/szfvv2ePj/a/FTw5B93wd8VDt1FEH8MOpR4Lv0A83ai46Gn9VyvF/7vV9nL+Wpt8qkVb/wKMfUn63m2D/3mj7SP81Lf505O/wD4BKXofVNFfNHhP/gpr8M9E16DwF+1l8OfEfwa8RzNsjj8XWpfTLl+/kahGPKkQf32CLx1r6M0LX9C8UaRBr/hnWrTUbC6jD2t7YXKzQzKf4ldCVYe4NceLy/GYJr20Gk9nvF+kleL+TO7CZjgsen7Com1utpL1i7SXzXzLdFFFcZ2hRRRQAUUUUAUfE3hrQvGXh698K+JtNjvNP1C2aC7tpRlZEYYI9vqOQeRXjXwG8S658CvH5/ZR+JOpST2pief4d63cn/j+shybNm/56xDgDuo6AbM+51w/wAf/gtp/wAbvAraGt82n6xYTreeHdZiyJLC9TlJARztJ4YdwfUAj5zPcuxUpwzLAL/aaKdleyq03rOlJ/3rc1Nv4Kii9pTPockzDDRhPLsc/wDZ61rvd05rSNWK8r8s0vjpuS3jA7iivNv2b/jTqHxP0C88L+O7Ead408MTiy8UaYcDEo+7cIO8UgG4EcdQMjBPpNerluY4XNsDDF4d3hJddGmtHGS3UotOMovVSTXr5eY5ficrxs8LiFaUX01TT1UovZxkmpRa0aafoUUUV3HEFFFFAGP488AeCfih4UvPA3xD8L2Ws6Rfx7LvT7+ASRyDscHoQeQwwQQCCCM180y/Dj9pH9gKRtV+BcepfEv4SxMXuvAV3OZdY8PxdS2nytzcRL/zxbngAclpK+rq8b/a7/a40v8AZv0bTvCvhLw7J4p+IviuU2vgnwVZHM19OePOlx/q7dOrucDAIBHJXF5RLNcTGNC6q/ZkrJpbu99HBbyUvdtd6bnjZvh8EqX1upN05wWk4/Er7Rt9tN2XI07t6Weq4j4kf8FN/hDc/DPSLn9mc/8ACd+PvF87WPhPwRbgpdR3YHztexkhraKLO52bAYD5W25deo/ZB/ZFu/gtPqfxm+M/iNfFfxZ8XASeKvFEi5W3U4K2NoCB5VtHhQAAN+0EgAIq+S+C/wDgmd8V9AsG/aHtf2gbnSvj7qN9Nqmq69aQqdHkeYKW01rYLhrYbQu/G4nL7ThVHpnwU/bZuJPG8P7P37Wfg5fh98RG+WyWaXOleIBnAlsbgnadxx+6Y7gSFBZgQN55xLLaby6pZOTs60b8lXXSKbScF/cl8cveUpLlivHwVfEyxtOtnMeSWnsv+fabVrvV8tZ9pO0U+WnJvmb+gaKKKR9iFFFFABRRXKfGz4s6H8E/htqXxC1xfNFpHts7NT893ctxFCvfLNjpnAyegrnxeLw+Aws8TiJKMIJyk3skldv+t9EtWjowmFxGOxUMPQi5Tm1GKW7bdkv6829Ezzn9pHVtT+M3j7TP2SvB17JFFfRrqHjy/t2wbPTFYEQZHR5mwMehGQVY17TpGkaZoGk22haLZR21nZW6QWtvEuFijRQqqB2AAArzj9l34T654C8JXfjT4hsJvGXi+6/tLxLcMOY3Yfu7YeiRKdoHQEtjjFen14PD2ExFR1M1xkXGtiLWi96dJX9nT8nZ89TvUm19hHuZ/isPTVPK8JJSo0L3ktqlV29pU81dclP/AKdwT+2wooor6Y+bCiiigAooooAKKKKACvOP2sfj5Yfs1fAfXfipLbi5v7eAW2g6ftLNe6hKdlvCFHLZcgkDnarHtXo9fL2u5/a7/bxtfDC/v/AvwLZL7Uu8V/4mlU+TH6N9mQFuOVkDKRhq8/Ma9SlQUKX8Sb5Y+Te8vSKvJ+iXU8vNsTVoYZU6D/e1HyQ8m95ekI3k/RLqej/sU/AO/wD2fPgRY6B4ruDdeKtbuJda8aag7BnutUuTvmLMPvbfljB7iPPc161RRXVh6FPC0I0ae0VZf13erfm2dmFw1LB4aFCkvdikl8u/m9W31bbCiiitjoCiiigAooooAKKKKACvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9epeIP+Qtof/YVf/0kuK8t8D/8pC/ih/2RnwH/AOnbxfXqXiD/AJC2h/8AYVf/ANJLigDUorjPi7+0J8IPgP8A2f8A8LW8Xf2V/avm/YP+JfcT+b5Wzf8A6mN9uPMTrjOeM4NcX/w8I/ZB/wCiu/8AlA1D/wCR68LGcUcM5diZYfF42lTqRteMqkIyV1dXTaaunf0PbwfDPEeYYeOIwuDq1KctpRpylF2dnZpNOzVvU9norxj/AIeEfsg/9Fd/8oGof/I9H/Dwj9kH/orv/lA1D/5Hrl/124N/6GVD/wAG0/8A5I6v9TeL/wDoX1//AAVP/wCRPZ6K8Y/4eEfsg/8ARXf/ACgah/8AI9bXw9/bG/Zw+KvjCz8BeAviN9v1a/8AM+yWn9kXkW/ZG0jfNJCqjCIx5I6Y64Fa0OL+E8TWjRo4+jKcmkkqsG23okkndtvRIyrcJ8U4ajKrVwNaMIptt05pJLVttqySW7PTaKK5X46Xvxd034LeLdS+ANlo9z45tvDl7N4PtfEEEktjcaksDtbRXCxSxOYmlCK211IDEg8V9EfPnVUV8Oal/wAFgrRf+CI8H/BUTR/CtjN4svvBsUFj4QMMpifxlJcDTf7M8oOJmjXU8oUDCTykJyD8w8w/4Lm/sJ/Db46f8EwfHH7XX7XXhL+0vjF4J+BKqBoXiXVLXQtN1WJGmmmttPF20L4nmlCvP5z7FjBY7QaAP0yorz39kj/k1L4Y/wDZPdF/9IYaT9p39l/4V/te/DA/Bv40jW5fDc+ow3Wo6fofiO70tr9YskW801pJHK0LE5aMOA20A8cUAeh0V+Vmrfs1fAL9jj/gtL8AfgX/AMEr9CvPCmr3Wm6xqf7R3hDw5rV3NoqeF/soWzudTglleOK6a5YCBgBIzMpbKlCf1ToAy/B//IJm/wCwrff+lctalZfg/wD5BM3/AGFb7/0rlrUoAKKKKACiiigAooooAKKKKACiiigDN8WeDvCPj3QZ/C3jnwvp2s6ZdLtudO1WyS4glHoySAqfxFfOmu/8E0fD3gLV5/Gf7Fvxp8TfB/WJpDLLp+lXBvtEupPWawuCUPoNpCqOi19O0V24XMcbgk1Rm0nut4v1i7xfzXzOHF5bgcc060E5LaSupL0kmpL5O3kfK/8Aw1B+2/8As1/6L+1d+zMPGmgwcP48+EZa5ZUH8c+nSkSrxy7qQg5wDXr3wF/a/wD2bv2mLTzfg18WdL1W6VS0+kPIYL6DHXfbShZVAORu27eOCa9KryD49fsJfsv/ALRl5/b/AI++Glvba+jB7fxVoMhsNThkH3XE8OGcjsJN4HpXZ9ZyrGfx6TpS/mp6x+dOT/8ASJL0OP6rm+C/3eqqsf5amkvlUiv/AEuD9T1+ivlb/hT/APwUW/Zj/e/BD40af8ZPDUH3fC3xIYW2sJGP4IdRTCyuePmmwo7LWt4J/wCCm/wdg8Qw/D39prwf4g+DniiU7VsfHNmY7G4bu0F8o8mSMf322A9qmWTYipFzwklWj/c+JesHaa+SkvMcc7w1OShjIujJ/wA/wv0qK8H83F+R9J0VX0rVtK13TYdZ0PU7e8s7mMSW91aTLJHKh6MrKSGB9RVivJaadmewmmroKKKKQzxv9pD4c+KfDmv2f7TnwcsTJ4l8PQGPWdLj4GuaZ1kgYDrIoG5DyeMYJCgej/DT4jeFviz4H074geDb8XGn6lAJIicbo26NG47OrAqR6g1u18C/tEfG74ofsk/tJ+JfCfwSvX0bQ7+7ttTl0q4s45ra5mkhRpXiDoTGjMWUhCOUIyMAD834nzrC+HmIeb1FJ4XESUakIq7jVa92rFaL31Hlqq6u1CavLmUv0PhrJ8Vx9h1lVNpYmhFypzk7KVJP3qUnq/dcuam7OycoO0bNffVFeG6H+2s/9i2d54z/AGbfibp801rHJPNB4UaW13FQTscPkrnplQcYyKtD9vj9nS0OPEmq65ox7jVPDV2mPrtjavfhxtwnKClLGQhez9/mp766+0pw79/meHPgzimMnGOElO2nucs9u3JOf5fI9oory7Sv21P2WdYx9k+NOkpnp9q8yD/0ai4rnP2iv29fg98HPhwfEHw/1mx8c+I9QmFn4c8NeHdQjuJLq7fhPNaMnyIR1aR8ADgZJAPrYDOskzStGlhcXSnKTsrVaf61F9/RHk4/J85yyjKrisLVhGKu70qn6QfyXVmp+1z+1toX7NHh6w0bQ9Bl8T+PfE8xs/BHgqwObjUrk8b2xzHAhOXkPAHA5rE/ZE/ZJ134aazqP7Q/7Q+vQ+J/i74qiH9t6wBmDSLc8rp1kD/q4U4BIwXIyeMVR/Y1/ZmvfDmv3/7TX7QHjDT/ABb8W/E8AGo6haTrLa6DanldOsQCQkag4Zhy5zyRkt9E19VXxeGwuHeFwU1JS+Oovt/3Yv8A59p/ObV37vLE+Vw+DxOLxKxeOg48v8Om/sf3pLrUa+UE+Ve9zSCuR+NfwJ+FP7Q/gif4ffF3wfbavp0vzReaNsttJjAlhkHzROP7ykdwcgkHrqK8WpTp1qbhUScXunqmerVpUq9J06sVKL0aaumvNM+UF8T/ALS//BPpha/EB9W+KnwegOIfEcUfm6/4Zh7C6Qf8fcCj/loOVAJO0BUP0j8Nfif8P/jF4OtPiB8MfFtlrWj3ybre+sZdyk91YdUcdCjAMp4IBrdZVZSrAEEYIPevm74lfsYeMPhh4yu/jv8AsJ+JLXwl4iuX83XPBV4p/sHxFjkh4lwLaU84kTAyf4NzPXl+yxeW60b1KX8t7zj/AIW/iX92Tuvsyex4vscdlGtC9Wj/ACN3nBf3G376X8knzL7MnpE+kqK8W/Z1/bR8IfGPX5vhL8QvDl34E+JOnLjVPBOvMFlfAyZbWThbqIgEhl5wM424Y+016GHxNDF0vaUpXX5Pqmt011TSaPVwmMw2Oo+1oS5l+KfVNOzTXVNJrsFeC6Vj9qb9opvET/vvAvw0vTFpw6xaprYHzS+jJAMAH+9ggkMRXRftUfEvxHoujad8HfhjNnxj43nax0tkPNjb4/f3jY5UImcHrk5GdpFdt8KPhp4c+D/w90v4c+FYdtpplsIxIRhppDy8rf7TMSx9z6V8xjv+F/Oll61oYdxnW7SqfFSpeajpVqLypRe7R9pgf+EHJnj3pXrqUKXeNP4atXyctaVN+dWS2TOiooor64+UCiiigAooooAKKKKACiiqmv67o/hbQr3xN4h1GKz0/TrSS6vrudsJBDGpd3Y9gFBJ9hSbSV2JtRTb2R59+158foP2bPgNrPxJgt/tWrFFsfDWnBdzXupTnZbxKo5b5juIHO1GxVb9jH4A3H7OnwG0zwfr9z9q8SajLJq3jDUXfc93qlyd87s38W04jDd1jB6mvmnwB+1h8Hf+Cg37f3hHw/puq3Nt4V8Aaddar4b0vVrfy313W1OBOEBYbIYQZYwxDgox2gFgPuuvGwFejmmLnjKclKELwhb5Ocvm7RX91dmfPZXicPnOOqY+lJSpwvThbXs6kvm7RX92Lez1KKKK9o+iCiiigAooooAKKKKACiiigArxn9g//kiGuf8AZZviP/6mut17NXjP7B//ACRDXP8Ass3xH/8AU11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiivkL/got+1J+3h+yl8RPh74y+FGh/CO4+FXiD4leEfCevf8JDFqlx4hkl1bV47KdrdIZIbaFY45VZHdpSWzmPAGQD69or5U/b8/4KB6l+zl8UvCv7N/wy8YfDTwz4n8Q+Hr7xLr3jj4waybPw74T0K1nt7Y3VwFlha5mnurqGCGBZogSJGaRQgDexfsm+NfiX8Rfgrp/jX4ofE/4beNLrUJpZdO8U/CZZl0XUbPOI5YhNcXJDZDBts0i5HDdQADC8D/APKQv4of9kZ8B/8Ap28X16l4g/5C2h/9hV//AEkuK8t8D/8AKQv4of8AZGfAf/p28X16l4g/5C2h/wDYVf8A9JLigDUooooAKKKKACiiigAooooA/KrR/wDglj+2Ha/8FN4vhLc+ArQfsgab8fJ/jrYat/blp5jeIpNOXZpAsxL56QR6o0l0B5Xkle4bFe+/8FsrL9t74yfsr+N/2PP2Tf2FdT+JcPxI8B3enXPjC1+IWiaTBolzIxRY5LfULiKSf5QH3J8vzYzkV9sUUAfOP/BPr4g/td6j+zzH4I/aP/Ye1P4V6v4I8M6bpmh2upePtH1ceInhtDG7o2nzSLbAPEgxKQf3oIztNc78f/jp/wAFVLv/AIJuJ8SfgB+w7pth+0drkX2U/Di98eaXd23hlnmlQ3jXkk0Vre+XCscqxhwC8qg5COD9YUUAfnb/AMEuPCH7WP7Jj2vw78Vf8Eo/iJb614815L/4wfHfxj8XfCeoahrF++fM1C7jtb+Sdoo8sIrWEMIkO1QWLs36JUUUAZfg/wD5BM3/AGFb7/0rlrUrL8H/APIJm/7Ct9/6Vy1qUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABWT428BeB/iV4em8JfEPwfpmu6XcDE+n6vYx3EL+5SQEZ9+1a1FVGUoSUouzXVaEyhGcXGSun0eq+5ny/qv8AwTZh+GOpTeK/2H/jz4l+E+oSSGWTQopjqWg3L9T5llcEhSem4NhQflWq/wDw1t+2N+zd/on7YX7LsniDRYOJPiB8JC17AEH/AC0nsZMTQgDlnyF67VNfVFFess4qVly42CrLu9J/KcbS/wDAudHjvJadB82BqSovtHWHzpyvH/wHkZ578Cv2rv2d/wBpbTP7R+CfxZ0nXHWPfPYRT+XeQD1kt5AssY7ZZQD2Jr0KvGfjr+wH+y7+0Bqf/CVeKPh8ukeJUk8238XeFZzp2pwy9pPOhx5jDt5gcD0rzz/hXH/BST9mEeb8LPifpXxw8MQfd8PeOWGn67HGP4Ir9f3c7erzevC0/qeW4v8A3WtyS/lqWX3VF7r/AO3lD1F9dzTB6Yqjzx/npXf30376/wC3XP0PqmsnxB4B8C+LNQtdW8U+C9J1O6sW3WVzqGmxTSW5znKM6koc88YrwjwB/wAFNfgXfeI4vh1+0BomufCHxY/H9j/ECxNrBMehaG8/1MkeSMOxTd2FfRFhf2OqWUWpaZexXNvPGHguIJA6SKRkMrDgg+orzMfldailTxlHR6rmSlF21TTtKLtumm7b6M9PL81oYhupg62q0fK3GSvo01eMo32aaV9tSWggMNrDIPUGivK/2r/2rfBf7K/geDV9U0+41vxJrVx9i8H+ENMG691q9bAWKNQCQgLLvfBCgjgsyqxh8PWxdaNGlG8paJf106tvRK7bSQ8TiaGEoSrVpcsY6t/1u3skrttpJNsxP2yPjj8Ff2d/B1tceIPhpp/ivxZ4huPsXg3wbb6bFNea1eNgKiqVYrGCyl5MEKCAMsyqeN/ZY/4J/wCk6PpGp/E39qnQ9I1zxr4slFzf6LZW6xaT4fjP3bO0gjwgKjAaXlmI+8eWfa/ZN/ZS8aaR4yuv2sf2r9Qt9b+LGv2+yOKM7rPwrZHO3T7MZIUgEh5ASWJYAnLvJ9D1WZ5dkCoPCLD0qrfxzlTpyu19mDlBtQT3as5vXSNk88sx+fSrrGTr1aSX8Omqk48qf2pqM0nNraLuoLTWTk15DqP7Bv7KGov5zfCWG3kByslnqd3CVPsElA/Sqv8Awwx8KrP/AJFnxv450TH3f7K8Wzpt+m/dXtFFfIy4M4SlLmWBpJ94wUH98HB/ifXR4w4qjHl+u1Wu0puS+6amvwPF/wDhkzxlpn/IsftcfEuHH3RqerR3gH/faDNH/Cj/ANrHSjnQv2y3nQdINV8EWkmfq4bdXtFFL/U/I4/wlUh/gr14/wDuaRX+tudS/iunP/HQoS/9xI8X/wCEb/b10n/kH/Er4davjp/auj3Vvu+vknij/hKv28dJ/wCQh8Kvh/q+Ov8AZWuXFvn6ecOK9ooo/wBWHD+DjsTH/uNzL7p05fmH+sin/FwWGl/3C5X98KkfyPlD9orwb8Tv2h9Ah0z4w/sN3yahpzeZonirwt46tBqOlzA5ElvIF3rggHacqSASMgEcL4b/AG6f2rv2SvB97o37WvwP8S67pFpH5WgeP5NN8klzhYotR2bkBJIHmq25sDh2JYfdNUfEnhrw/wCMdAvPCvivRrbUdN1C3aC9sbyESRTRsMFWU8EVyS4ZzalVnXoZlU53Fr3oUXd2aXM4whez2bi2vNaHiZhLKsXWjicNgqdCunFuUJVXGaTXu1KcptTi1pdShON/cmtj5K/YE+PR/aL/AGhPFPj/AMcadDca9c+HYm0i8smJtLKxjkVHgiUliu55EfO45w3TJz9h18m6j+xv8SP2NfFd78Y/2BrO2vdNu0U+JPhZrdyWjvo1yc2V1IS8EvJIRmKknuAqV7D+zf8Atb/Cr9paxurPw1NdaT4l0k+X4h8G67D9n1LS5QcMJIm5ZQeN65HIBwcqM+C8Fjcgy7+zszq8+Ic6k+dq3tOeXNfm2lJL4tpaJcvKla8/4twnEGdpvDfVZckIRp83NTfJGz9jJ293qoO043fMpNuT9Rooor7Y4gooooAKKKKACiivOf2jf2o/hV+zH4Zh1nx9qM1xqWoSeToPhvS4vP1DVpyQFighHLZJALHCgkAnJAOVatSw9J1KslGK3b/r+uiZjiMRQwtGVWtJRit29v67LVt6JN6HbeK/FnhjwJ4cvPF/jPX7TS9L0+AzXuoX86xRQoOrMzHA/wAivlnXfHHxq/4KPx3ngb4Mi98E/Be6WS01zxxe2m3UPFEByksFhDIP3cDDKtKw5Bx2aM6XhT9mj4w/te+I7P4uftywrp3h61nFz4Y+DllcFrW2/uTak4x9pmx/yz+6OQQAzR19QWdnaadaRafp9rHBBBGscEEKBUjRRgKoHAAAAAHSvMcMTmq99OnRfTac159YRfb4mt3FOx4zhi86X7xOlh39nadRf3usIP8Al+OS+JwTsfJX7H//AAST+H37KHxx/wCF3H4p3/iO5sI508PWc2mLbCyEqNEzSMsjee/lOyghUHzE7emPrmiiuzA5fg8to+yw0OWN27a7v1ud+W5Xl+UYf2GDpqEbt2V9311bf/A0Ciiiuw9AKKKKACiiigAooooAKKKKACvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvgz/gt18XNXj8O/Dj4L+Df2dfjF4z1XTPi74G8a3954B+Ems65YQaXYa/HPdBrqyt5IluEitpH+zlvMKtGduJFz950UAfnL+034Q0Hxd+3t8Cv+CtWufshfEfxv4CtvhprfhPVPDsnwtvZ/EPhS/a8E1lqcuhyxfbSrL9thJSFnjE0b42uGHr//AASJ+Enjn4feFPjL8QtW+DuqfDfwl8SfjZqfif4dfD7W7BbO70nSpbSzgaWW0B/0Frm5gubn7MQCgmBYBnYD67ooA+ePgF8MfDfwu/b9+L+n+GtS8Q3Meo/CvwPfXDeIvF2o6w6Svqvi4FYnv55mgi+UYhjKxKclUBY59z8Qf8hbQ/8AsKv/AOklxXlvgf8A5SF/FD/sjPgP/wBO3i+vUvEH/IW0P/sKv/6SXFAGpRXnH7QX/DXf/Eo/4ZW/4Vv/AMvH9vf8LB+3/wDTPyPs/wBj/wC22/f/ALGO9eb/APG3b/q3D/yv1w1sd7Go4eyqSt1jC6+T5l+R5uIzL6vWdP2FWVusYXT9Hzr8tz6Por5w/wCNu3/VuH/lfo/427f9W4f+V+sv7T/6cVf/AAD/AO3MP7Y/6hq3/gv/AO6H0fRXzh/xt2/6tw/8r9dJ8I/+HjH/AAsLT/8AhfH/AApT/hFP3v8Aav8AwiP9r/2j/qn8ryvtH7v/AFvl7t38G7HOKqGY881H2NRX6uFkvV870NKea+0qKH1esru13Tsl5t87su7sz2uiiuV+Onwc8FftD/Bbxb8BviPYfadA8Z+HL3RdYhAGWtrmB4ZNuejBXJB7EA9q9E9U6qvlz/goH/wVe+En/BOqacfEr9nP41+M7aw8MjX9Z1b4bfD1tR07SrDzZYjJdX0ssNtAwMLko8gbaVOPmXPwXN+1h8ZvEv8AwRW03/gl/L4iZPj9f/Fb/hmLUZVyXiWGbyp9UK53tb/2EokM2cFpN249/sf/AIK8/DDwd8Ev+CFfxk+DXw70sWWgeE/gjLo+iWa/8sbS2tkhiT3wiKKAPrf4deN9J+Jvw+0L4kaDb3ENj4h0a11Kyiu0VZUiniWVFcKzAMFcAgEjOcE9axP2gvjTbfs+fCjUvitdfDPxn4xXT5IEXw78P/Dsmq6tdtLMkSiG2QgsAXDMxIVEVnYhVJqj+yR/yal8Mf8Asnui/wDpDDXoLBipCtg44OOlAHyv8Jf+CtXwh8cfHTwz+zr8Yv2c/jN8F/E3jh5ovAyfF3wTHYWniCeKMySW1tdWtzcw+eIxu8qR0Y5AALMAfqmvyx/ac+GH7VH7PH7df7LPxh/4KVftQ2Hxu8B3XxitfC/w+07wf4Og8J/8I/4x1K2njsdRurQPdPqUIEcicXUXkMwfZICyn9TqAMvwf/yCZv8AsK33/pXLWpWX4P8A+QTN/wBhW+/9K5a1KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDE+IHw1+HvxX8OS+EPib4I0rX9Lm/1lhq9hHcRE/3grggMOzDkdjXzvff8E4tV+EN7L4k/YV/aH8R/DGdpDK3ha7lOq6BcMTkg2twSYi3ILqzFQflUV9R0V3YXMsbg4uNKfuveLtKL9YyvF/cn5nBi8swOOkp1Ye8tpK8ZL0lFqS9LteR+f37Wf8AwUw/bp/Yk8L2HhT41/s6+CZfEerSyDQ/F+maxNPpGoRw7PO/0TKTxuPMj4aRAd+QMDFdN/wSjktv2um8Qft9fGmaTWfH7a9caFpyzW+yx8PWkcUUgh0+Ms2wMtxhpCd5ywzku0n1L8d/2cvgn+014QTwJ8c/h/a+INMiuBPBDPLJFJDIBjdHLEySRnBIO1hkcHIrT+FPwk+G/wADvAtl8NPhP4RtdD0PT1ItbC0BwCTlmZmJZ2J5LMSx7k17dbOsreSOjh8P7PETdpSjonG92ldtpPS8VZabtPlPCo5Hmqz1V8Rifa4aCvCEtZKdrJu0Um462k7vXZNcx0dFFFfLH1gUUUUAFFFFABRRRQAUUUUAFeQftIfsbfD74/X9r490rVLzwj4+0kZ0Lx34ebyr22YDhJcEC4i7GN+xYAruOfX6KxxGHoYqk6dWN0/6uuqa6NNNdGc+KwmGxtF0q8VKL/Po09010aaa6M+ZfA/7YXxH+Animz+DH7fWi2ujXN1KIPD/AMTtNQjRNbPYTHAFnORyVbCdThF27vpiGaG5hS4t5lkjkUNHIjAqykZBBHUVl+OPAng34l+FbzwR8QPDNlrGkahF5d5p9/AJI5F9wehB5BHIIBBBFfNE/wAL/wBo/wDYGnfWf2fI9R+JHwpRi958O725MmraDHnLNp0rZM8Y/wCeDZPGBks0g87nxeW/xL1KX8284/4kvjX95LmXVS3PJ9pjso0q3rUf5t6kF/eS+OK/miudfajLc+raK4f4C/tF/CL9pXwaPGvwl8VR38KMI7+ykHl3VhL3inhPzRuMHrwcZUkc13FenSq0q9NVKck4vZrVM9mjXo4mkqtKSlF6pp3T+YUVT8Q+ItA8I6Hd+J/FOtWunadYwNNe317OsUMEajJd3YgKB6mvl3U/jD8dv2+NRn8G/sv3194J+FyTNBrXxSuLdo73WFB2vDpcbYKKeQZzgjnG0rtfnxeNp4VqFnKcvhit3/kl1k7Jeb0fJjsxo4Jxgk51JfDCPxPz7KK6ylaK7t2T6747/tmapb+OJf2dP2TvCkXjj4kMNt6BIf7L8OLnBmv5l4BU/wDLIHcSMHBKq2j+zl+xnpfwv8TTfG34y+K5fHnxQ1KP/iYeLNTjGyyUg/6PYxfdt4gCVG0BiCfug7B3XwI/Z8+FH7N3gaLwB8JfDEen2gPmXdwx33F9NjmaeU/NI59TwOgAAAHa1hRwVSrVVfGNSktYxXww9P5pf33/ANuqK35sPl1atWWJx7UprWMV8EPS/wAUu85K/wDKorcooor0z2QooooAKKKKACiiigAooooAKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPGfA/wDykL+KH/ZGfAf/AKdvF9epeIP+Qtof/YVf/wBJLivLfA//ACkL+KH/AGRnwH/6dvF9eoeKWNrJpurOjGGy1DzLgqpJVGhlj3YHYGQE+gyaANaisoeOfBJGf+Ew0sfW/jH/ALNS/wDCc+Cf+hw0r/wYR/8AxVAGpRWX/wAJz4J/6HDSv/BhH/8AFUf8Jz4J/wChw0r/AMGEf/xVAGpRWX/wnPgn/ocNK/8ABhH/APFUf8Jz4J/6HDSv/BhH/wDFUAalFZf/AAnPgn/ocNK/8GEf/wAVR/wnPgn/AKHDSv8AwYR//FUAfOVn/wAEjv2VrH/gpRN/wVJhv/FJ8fS2bougtqcH9hRXj2Cae+pJbeR5gu2tEEJk83aQSduTmrf/AAUD/wCCZ3hv/golo7+D/iF+1v8AGrwR4YvNBk0nXPCPw48TWFnpuswu5ZmuormxuDI+DtyGUbQBjvX0F/wnPgn/AKHDSv8AwYR//FUf8Jz4J/6HDSv/AAYR/wDxVAHj37H/AOwyv7IPw61n4Y237Wvxk+Imn6nY29np0nxL8S2d7NoUEMLxLHYtbWduIQVYZ3B+Y0xjBzVX/gn54f8A+GPfD37H7/tT/G4p4ZuVuLD4lx/EN4vFssyzSyh59QjiUTD980ZRoyjRqqspxXtf/Cc+Cf8AocNK/wDBhH/8VR/wnPgn/ocNK/8ABhH/APFUAfMfwq/4JC/Bfwf8cvDX7RPxs/aI+M3xt8S+CJnuPA7fGHxvHqFn4funXYbq2tLW3toBPt4EsiO4wrAhlVh9YVl/8Jz4J/6HDSv/AAYR/wDxVIfHXgsD5fFumueyx3qMx+gByfwoAXwf/wAgmb/sK33/AKVy1qVmeEIpo9DEk8LRme6uLhUdcMFkneRcg9DhhxWnQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeD/Hr9iex8XeMj8ef2d/F8nw8+JkKk/27p0Q+yauOvk39vjbOjYAL4LDgnftArzTX/wDgq1a/s3xv8O/20Pgn4g0Tx1ZqhMHheGG6sdVgbcFvbaSWZNsTMjAqSSp4ySGC/YdfMn7eH/BNDwd+234m0bx2/wARrrwxrelWIsJbtNNF5Fc2gkeRYzGZI9rK8khDBv4yCDxjwMzweOw9KVfKtKresdOWV93Z2Sku6av1voz5fOcBmeEozxOSWVZvWDtySvvLldkpre6cebXmvoznPhN8NPHP/BSCz0r9oP8AaT1qC3+Gks5ufCHwu0S/LwXPlyMon1KZcec4ZSPKGApGCF+dW+t9M0zTdF06DR9H0+C0tLWFYra1tohHHDGowqKqgBVAAAA4ArlP2fvgl4T/AGcvg5oXwV8ES3Emm6FatHFNdMDJM7yPLLI2OAWkkdsDgbsDgV2Vd+XYN4agpVNaskueV7tu2qv2TvZKyS2XV+nlOAeDwynW1rTSdSTd25W1V/5U7qKSUUtl1ZRRRXoHqhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV4z+wf/yRDXP+yzfEf/1Ndbr2avGf2D/+SIa5/wBlm+I//qa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeM+B/+UhfxQ/7Iz4D/wDTt4vr2avMfib+yD8Fviz8SJfi54km8a6f4guNDtNIu77wj8UfEGgC5s7aa6mt45YtMvreOUxyXt0Vd1LDzmGcYAx/+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9cjrP7AWjSfHjw3qOj/Ev4wp4Hi8I63H4isz+0d4y3y6q91pR06QZ1XfhYE1QHawXMi7gx2FQD6Uorxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLej/hg/4I/wDQ8fGb/wASO8a//LegD2aivGf+GD/gj/0PHxm/8SO8a/8Ay3o/4YP+CP8A0PHxm/8AEjvGv/y3oA9morxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLeuR+Cf7AWjWHg29g+MvxL+MN3q7eLvEElnLD+0d4ywulPrF4+lx/u9VUZTT2tEORuyp3FmyxAPpSivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9morxn/hg/wCCP/Q8fGb/AMSO8a//AC3o/wCGD/gj/wBDx8Zv/EjvGv8A8t6APZqK8Z/4YP8Agj/0PHxm/wDEjvGv/wAt6P8Ahg/4I/8AQ8fGb/xI7xr/APLegD2aivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9mor5r+JH7AWjXXjL4fz/AA7+Jfxhg0i28XTSePIpP2jvGWbnSjo+pJHGu7VScjUH05/kKtiM87dyt13/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV4z/wwf8ABH/oePjN/wCJHeNf/lvR/wAMH/BH/oePjN/4kd41/wDlvQB7NRXjP/DB/wAEf+h4+M3/AIkd41/+W9H/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV81/Df9gLRrXxl8QJ/iJ8S/jDPpFz4uhk8BxR/tHeMs22lDR9NSSNtuqg5OoJqL/OWbEg527VXrv+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//Lej/hg/4I/9Dx8Zv/EjvGv/AMt6APZqK8Z/4YP+CP8A0PHxm/8AEjvGv/y3o/4YP+CP/Q8fGb/xI7xr/wDLegD2aivGf+GD/gj/ANDx8Zv/ABI7xr/8t6P+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//LeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9H/DB/wAEf+h4+M3/AIkd41/+W9AHs1FeM/8ADB/wR/6Hj4zf+JHeNf8A5b0f8MH/AAR/6Hj4zf8AiR3jX/5b0AezUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9cjo37AWjR/HjxJqOsfEv4wv4Hl8I6JH4dsx+0d4y3xaql1qp1GQ41XfhoH0sDcxXMbbQp3lgD6Uorxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t6P+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLej/hg/wCCP/Q8fGb/AMSO8a//AC3oA9morxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t65H9n/APYC0bTfgP4J0747/Ev4w3vji38I6bH4zvIP2jvGWyfVVtYxdyL5eqqmGnEhG1VXB4AGBQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezV4z+wf/AMkQ1z/ss3xH/wDU11uj/hg/4I/9Dx8Zv/EjvGv/AMt6774N/BvwB8A/AEHwy+GVhf2+k29/fXoGqa5ealcy3N5eTXt1NLdXsss8zyXFxNIWkdjl8DAAAAOoooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvy0i/Zk+Gv7cXwj/bD/bB+OAvbj4m+D/ih440D4XeM49VnhvPAVr4cjNvpx0xkcCzPn27XchQDzmnbzN6nFfqXXxx8YP+CWfxM8U638V/CfwO/bNv/h98Mvjrqk2o/FHwVB4Kgv71rq6to7XUpdK1F50OnG8hiUSb4bnbIzyR+WzcAHu37D/xb8T/AB//AGLPhB8d/GqqNZ8bfC7w/r2rhIwgF1eadBcS4UcKN8jcdq+I/wDgoF+x9+yp8EPHfw4+HX7Dfw2k0j9qfxv8SNL1fwt4p0bWLubWLTS7fU4Z9a1TVrmSV5JNLFp9pgeKctHI9xHFGhbAX7msPgr458G+Ovh5bfCT4sxeGvhn4J8L3ej6l8NYfDUFwmr/ALq3i0+Rb52860FokMgEaAiXzvnI2DPzF8FP+Can7fHwM+Onj39oLRP+Chfw71zxN8RddF1r2v8Air9nm5u9STTo2/0bSIJ08RRpBaQISscccSruZpGDOxNAHV/8FNf2cf2YfE1lF8c/il/wTG8Q/tGeJV0ptLtbXwxHZS3emW8QlmRlF5fW/kZeVwJLVZLjcw+U7Vx8tfDnUdd+Of7E37Bn7HXxA+PF5448L/Fzxtqdv8SNattUvlfVtO0fTdX1EeHrma4WK5dI57W3spxKsckn2F1dRudT92/Hr4Lftz+M/Htzrf7Pf7ceheBfD13YRwtoOtfCCHXJrOZQQ09tc/brbazZB2zRzqCOBg4rz64/4JO+BPDn7I/w5/Z1+D/xn8QeH/FPwn8ZN4x8FfE2+tIL++XxBNPdzXt1dwERx3MN0b+9Sa3BjUpPtUoUQgA5r9jLwJ4W/ZD/AOCn/wAW/wBiX4G6Z/ZHwx1H4ReGfH+ieELWVzYeHNSn1DVNNvI7OIki3juFs7eZolwgdWZQNzZ+168I/ZK/Y38VfAz4leO/2iPjn8bv+FjfE74iJp1prXiO38Npo9jZaZYJKLPT7KyE05giVri4lYtNI8kkzMzcKB7vQAUUUUAfMH/BZn4r/EP4Nf8ABNj4keLPhT4ru9B16/8A7H8P2eu6fJsuNNXVtYsdLluonHMckcV5I6uOVZQwIIzXkUv7NPwY/wCCcn/BSX9mjwp+x94R/wCEP0L4u2vivwx8RNCsb2Z7fXPsOjNqlnqVykjsJL2KW0kQ3R/eut26uzAgV9e/tT/s3/Dz9r39njxd+zT8VRdroXjDR5LG8uNPm8u5tWJDxXMLkELNFKscqMQQHjUkEcV5F8Ef2D/jRpv7Q/hj9pX9sH9rgfFjXPh94bvtH+HlvY+BIdAttN+2iJLzULlI7mc3d9LFBHF5gMUSI0gSFTISAD2X9oD9nP4O/tSeAR8Lfjr4UfXfDrX8V3caQdRuLeG6ePOxJhBIhmiycmJyY2wNykDFfH//AATO8DfDKz/bk+N+rfsM6AdC/Zr07w9pnhxbDS7iQaBqvja2ubr+0rvR4ixSOKG3a2tZ5IAscs8ZxvMTNXrX7SX7Gf7Yn7QX7Ivjb9m2D/goPNoeu+L/ABffXEXjm1+HMKS6d4anuWdNBSG1vLdjsgK2xvRKkzoGb5WbK7H7Iv7L37Uv7OXgYfCLxV+0X8OLvwdpPhb+yfBeh/D34KSeHToUqhVimDT6xfJOqKG/dtGNzHcznkMAfGXxw+Bn7Pn7Lv7ePwI8K/s3fsX+Iv2fXi+NOn2Wp/Hmd0j0jxlZvBKG0AyWd1czXcmoOyQodTS3AdCVcybFe/8AtjfsJ+JtE/bY+Pn7bnxd/wCCVHw1/aM8C61pfh650t/EHimzj1zTbTTNJ8u++w2VxZTJO7tkiN57cuYABu3LX0dqv/BPr9qD44eL/A7/ALaP7dNn468I+AfGen+K9N8LeFfhXB4efVdUsJRNYyahc/bbozRxTBZTFBHbq7Iu75RtO9+0d+yj+3b8bdV8WeFPBn/BRKx8H/D/AMWwtayaLa/CC2uda0qzkgWKeGz1Nr1I0Zv3jLLLayvGZOD8q4APY/2cfij8L/jf+z94I+MXwSwPB/ifwpp+p+F0FuIfLsJrdJIEMY/1ZWNlUp/CQR2rtK5T4FfBjwH+zl8FfCfwB+F2nyWvhvwV4cs9E0O3ml8yRLW2hWGPe/8AG+1AWY8sST3rq6ACiiigD4d/aQ+FXgH9tb/grnpv7Jv7Svh2PxR8NPAv7PS+M7TwRqUjHTdR1vUNbnsBd3MAIW5a3t7FliEgZY2u3YAMQa6j/gj9qut6P8PfjP8As73Gv6hqOhfBv9oXxD4N8Ey6pfSXU9voiQWV/a2hmlLSSrbjUGtkLsWEcCLn5a7n9p39i/x/8Tvjv4a/aw/Zq/aAi+GnxL8P+Grzw1d6rqPhJdd03WdEuJo7g2l1Zm4tmLRXESywyxzIyM0gYOrlap/C39hn4jfAD9lq++DXwF/amv8ARfH/AIh8ct4t8ZfFfVfCVnqNxrWpXWpR3eps1i5WCJbiFXtIwp/0eIxldzRgkA47/gpZ+zf/AMEyfDvgfxV+2J+2/wDBuDxLqA06HTdMknvbu41Ke7K+TZ2GiwrL+4vppCFj+yqkjSNuZsKWHLeD/i3+19+zB/wTP+Bf7OHxA8R/2l+1D8RvD9p4Y0OTXLgXkmnXxgMt1ql+5P79NMs8yzuSRNNEke4tcKT0v7U3/BO39qn47ftt+H/2vvA37Z3hHS7DwVo/2bwD4D8bfBybX7Lw/fyLtudViaLWbISXki5jWWSNjFGSqEZZm9T8b/sLfBz9qD4beFfD3/BQz4Z/Dv4z+I/DK3Ri1u/8Ara2aSTuu97aznuLprbckcCsPOfcYg2RkKAD8+P2edf1X/gnZ/wSX/b8u/2f/FOoy6v8OfjJ4yh8Pa/qF6bm/N3/AGPpES6lLI2TJP5rm4ZjwXycY4r2Dxp+yT8Hv+CZPx9/ZN+IP7LWm3Glan44+JS/D34oXMepTyv44tb3QdRujf6kXdvtV1Fd2EVwtw2XBd13bGK16f8Asz/8ER/2Nv2dfAfx5+Gtp8PfDk+k/HXV9Xiv10TwzHpk2k+Hb61hhXQ4pEkctFC0csqSDYA82RGpXJ1fgr/wTj+MWh/Fr4a/ED9qb9sy6+KemfBa0uU+GGif8IPBpDxXcto1iNR1OdLiX+0btLR5YkdEt0BmeTyy5BAB9ZUUUUAFeX/tu/FvxN8Af2L/AIvfHfwWqtrPgr4X6/r2kq8YcG5s9OnuIsqeGG+NeD1r1Csvxt4M8M/EbwZq/wAPfGukx3+ja9pdxp2rWE2dlzbTxtFLG2OcMjMp+tAH5jv+zL8Nv2IPg/8AseftifBH7bb/ABP8YfFDwNoPxR8aSarPNeePLbxGgt9S/tNnci8/fXC3cZcHyWgXy9ijFfpT8XPhR4I+Ofw31b4S/EmwurvQdcthb6pa2ep3FnJNFuDFPOt3SVA23B2sCQSOhNfLfwg/4JY/EvwrrXwo8IfG/wDbNv8A4gfDD4FapDqPwv8ABM/gqCxvRc2ttJa6bJquopO/9omzhlby9kNtukVJJPMZefXfiZ8CP2s/GXhH4x+HPCP7bDeH7nx0kEXww1GP4f2sr/DyMWkUM+zbNG2pPJKs06yTMhiaUKMqgyAfMH7O3wW+Bfw4/wCCutv4H/4JueBYfCngb4feANVsP2jV8MzSR6Be6zcvaPo+nmLcYpNWgC3U8sqjzI4p1SR8yBK8f/bt8ZXv7Z/x6+B/7YsfiGRfhn4H/a/8FeEfg/ZR3W2HW511jZrHiJ1BxJE00AsrRjkCK3uJl+W6Uj67/wCCfX7Cn7Uv7Dvh3w/8I739qP4ca/8AD3R4bhr/AEXRPgpd6VqurXsqsz31xqU2vXZkuJJ286WR4XaUkjK5BHG/tHf8G/X/AATb+NMPhH/hAP2XPhn4Hn0D4i6T4i1240/4fW0za9p9rOZLnSZdrx7YrlTsdzvAHJjfpQByv/BRX9gT4l/Hb/goFpf7UQ/4J+/DH9oXwbpfwSXw7H4a+InjC30zyNT/ALWluzNaiayuleQQkIN4iQ+cf3owa+nP+CdHxi+BPxy/Y58HeNf2cPhY3gTwtbw3Wkw+BJLCK1fw5d2V1LaXenNFESiGG4hlT5flYAMOGFUfjN+zx+2bf65bWP7Jn7aHhv4Y+ELbw/baZa+FdR+DkGt/2eYQyia0n+3W3lnYY1EcqTRr5QwuCQer/Y0/ZS8EfsVfs7aH+zz4E17VNYg0uW7u9R17XJVe91fULy6lu7y9nZFVd8txPK+AAFDBRwooA9RooooAK+Mf+Cj+gad+0B+2t+zF+xD8SxNefDbxxN4w8R+OPDguXit/EB0WwtPsdjdbCDNbefqHntASUkNqm4MBivs6vEv2xf2P9S/aT1LwH8T/AIZ/FubwB8Sfhfr0+qeB/GC6KmpwQi5tntbyzurN5Ixc2s8D4dFkicNHG6yKU5APHv8AgnD4f039n79tj9pz9iL4ZLNZ/DbwRJ4P8SeB/DZuXlt/D51qxu/tlja7yTDbedp/nrApCRtdPtCg4r079uT9mT/gn54+8OXf7SX7fPgfw/qvh/wJ4eme4vvGV7M+maZahjI832Uv5JmJwFk8szE7UQ5IBzvg5+wz8VfhB8O/jB4isv2qZbv44/GNmudW+L7eCrcQaVdw2Is9N+y6Q8rxfZbNFVkt5ZZDIzSmSRvMOOS/bf8A+Cdf7TP7X3ij4TavaftneHbHSPhqsWoap4R8W/CRtY0rxP4giUCLVrqC31WyB8pgZIrZi8SSHfhiq7QD598P/sfftR/tRf8ABBnxh+zvo/gfUZp/G/js6r8JfBHxK1p0vNM8FjxTa3+nadqE9x5joU06EnY5kdI2SIgsuwd7+yF4y+Cn7HHxY+JvwJg/4Jg+BP2fPijb/Ce58b6enw91G21PSvGGjWUjRNsvIbS0l8yC5ljV4JYUYC4V1LKc19NH4S/tx33wDuPBuqftmeFbb4inWlubLx1onwfEOnpZqUP2SXS7jU7gybsOGlW5jbDjbtK5blv2ff2EfiD4X/aO1f8Aa7/a1/aNi+Knjy98Et4P0ZdO8Fx6Doui6LJcpc3EEFl9ouXeSeaOJpJpZ3JWJEUKowQD4XsPgd4R+Av/AAS2+Av/AAVw8KXd7N8fdV1z4feLPG3xCbUpm1DxYviPVtPg1LSrxt+JrQw6pJGlvjZCIIzGEKZr9eq+KPh9/wAEivGHhXTfAfwD8V/tg3+v/AL4X+MbXxD4J+F03g2GK/DWVwbnTbC+1b7QxvLK0m8tkiFvG7CCJZJHCnP2vQAUUUUAFflpF+zJ8Nf24vhH+2H+2D8cBe3HxN8H/FDxxoHwu8Zx6rPDeeArXw5GbfTjpjI4FmfPt2u5CgHnNO3mb1OK/Uuvjj4wf8Es/iZ4p1v4r+E/gd+2bf8Aw++GXx11SbUfij4Kg8FQX9611dW0drqUulai86HTjeQxKJN8NztkZ5I/LZuAD3b9h/4t+J/j/wDsWfCD47+NVUaz42+F3h/XtXCRhALq806C4lwo4Ub5G47V8R/8FAv2Pv2VPgh47+HHw6/Yb+G0mkftT+N/iRper+FvFOjaxdzaxaaXb6nDPrWqatcySvJJpYtPtMDxTlo5HuI4o0LYC/c1h8FfHPg3x18PLb4SfFmLw18M/BPhe70fUvhrD4aguE1f91bxafIt87edaC0SGQCNARL53zkbBn5i+Cn/AATU/b4+Bnx08e/tBaJ/wUL+HeueJviLroute1/xV+zzc3epJp0bf6NpEE6eIo0gtIEJWOOOJV3M0jBnYmgDlP8Agoh+wB8TPjX/AMFDov2qZf8Agnf8Mf2h/B1j8DrTw3B4d+IXjG20yS21OPV727kktFnsrpHk8mWNB5nkofNx5owaofHr4T+FP+Cov/BMn4AXn7Ev7Knhq98G+HfixpOq6j8HPG1zDo1haWOjvf2d/o1yFhnSMJcI1sQkUoP3grLX1V+0H8Ev27PHXjq61f8AZ1/br0L4f+H7zTY7dtE1f4PQa7PZzDcHuba5N9b7XYFTtmjnQFfu4JFYHgf9hf4pfs0/sn+CP2Zv2I/2oj4MuPCd9c3WqeI/GfguHxI3iOW6luLm7ku4hPasskt3cPcFoZY9p+UDbxQByP8AwS38RfAvwT4v+J/7JvhP9gzw3+zt4/8ABdzpmp+MvB3hG4tbrTNWtb6KUWWp2t5bwwfao2FvNG2+GOSNoirKMivsGvAv2Qf2KvEf7P8A8S/H37RXxs+O1z8Svif8SV0628Q+Jf8AhH4tIsbTT9PSVbOwsbGOSX7PChuJ3YtLK8jyFmY4GPfaACiiigD5g/4LM/Ff4h/Br/gmx8SPFnwp8V3eg69f/wBj+H7PXdPk2XGmrq2sWOly3UTjmOSOK8kdXHKsoYEEZryKX9mn4Mf8E5P+Ckv7NHhT9j7wj/wh+hfF218V+GPiJoVjezPb659h0ZtUs9SuUkdhJexS2kiG6P711u3V2YECvr39qf8AZv8Ah5+17+zx4u/Zp+Kou10Lxho8ljeXGnzeXc2rEh4rmFyCFmilWOVGIIDxqSCOK8i+CP7B/wAaNN/aH8MftK/tg/tcD4sa58PvDd9o/wAPLex8CQ6Bbab9tESXmoXKR3M5u76WKCOLzAYokRpAkKmQkAHsv7QH7Ofwd/ak8Aj4W/HXwo+u+HWv4ru40g6jcW8N08ediTCCRDNFk5MTkxtgblIGK+I/2Gk+HPwn/ac/aP8Ai7+wf4RbTP2cPB3gK306HRtLuJBoOt+ONPe9l1G40eIkxxxR2/2a0nkhCxyzxnG8xM1e7ftJfsZ/tiftBfsi+Nv2bYP+Cg82h674v8X31xF45tfhzCkuneGp7lnTQUhtby3Y7ICtsb0SpM6Bm+Vmyu9+xp+y/wDtFfs4+Frf4R/E/wCNfwx8Q/D3SPDiaT4b8HeBvgvN4bTT1Uqo3SS6xfLLH5YdTH5almfcXPIYA/N79hP4j+Frb4JfBf8A4KZ/tqf8E7v+EgPjrxZpE2tftLa14/W58R6drOoagtvb3Y0wR/6HoqXkkVrDFDc8W4jZrbDEH6M8Ffsk/B7/AIKcftB/tY+PP2ptNuNV1HwP8ST8PfhhcS6lPE/ge1s9B066+36aUdfst1Ld38tw1wuHJjRd2xQtdj4T/wCCO3jLQ/BfhX9lbXf2yr/VP2c/BPjG017w/wDCt/BMEepPFZ341Cx0q61n7QxuLGC5SJggtkmZIURpiBmuy+NX/BOX4x638W/iV8Q/2WP2zLn4V6b8aLO2j+J+i/8ACDw6u8t1DaCx/tHTJnuIf7Ou3tEiid3S4QmGOTyw4JIB1f8AwSY+O3j79pr/AIJp/BH46fFPUJLzxJ4h+HenTa5fzD5726SMRSXLf7UrIZDjjLnHFfQ1cr8Dfgz4B/Z0+DHhT4B/CzS2svDfgzw9Z6Lodq8m90tbaFYo97fxuVQFmPLMSTya6qgAooooA+A4/wBmr4Mf8FG/+Ck/7S3hP9sHwh/wmGg/CKz8KeGPh5oN/ezJb6J9v0ddUvNStkjdRHeyS3UcYuh+9RbRFRlANeuf8EZvit8Q/jJ/wTa+HPir4q+LLvX9d09tZ8P3mu6hJvuNSXSdZvtLiupXPMkkkVnG7OeWZixyTUvxv/YQ+NGpftD+Jv2lv2Pf2tx8J9e+IHhux0b4h2994Eh1+21L7EJUs9Qt0kuYDa30UU8kQkJlidBGHhYxgnqPhh+xxrv7OHwT+D37PH7LHxvu/CPhX4aapbt4kg1HQLfVbnxhpqw3H2i1mmlKm1mnuplunuYhu3oyhQrnAB8w/wDBX/8AZP8A2H/h58HfFvxM0P4O3WoftI/FK8m074L6romt3Z8UT+LZkP2OTTpzNvs7e2cJcTeWY7eKCFy4wcNzv/BRvxt8efG37WH7NX/BPDxh8Ipvi2mufDXVvEfjjwhD4qOg6N4r1myS0gRtUu1jZl02EteXBhWKUSzPaq0LAceveJ/+Cb/7a0n7cfi39t/wT+3j4EOq6xYrpPg3T/G3wIuNYbwbow5awsZItftUXzXAeabylkmYKGO1VUemftK/sR/EL44eIvhd8evAn7Qlt4L+M/wus7u1sPHEHg1b3TNTgvreKLUbW50uS5VmtpnhilRFuRJC0a7ZW+bcAfKWvfBrQv2wf+CWX7Qn/BPP9lT9jbRPhH8RfDvjax0jxd8JG8QxSaRb3zT6XqAube7VFjazuLARyqywxkkODCG+96d/wTzj+BP7OX7XGufspah/wTG8B/s6fEjX/A58RaVf/DrU7XU9L8VaNbXccEyreRWdpIs0E08Ja3lhHyyh1Zhk16X8KP2C/jR8FPhd8QL/AMBftfyf8Ln+J/jODxL4x+K2p+A7a4triaGK3torOPSvOVYrNLS2jt0jE5lUFn84seLv7PX7DXxQ8J/tO3P7ZP7V37TSfE7x9B4Ok8LeGF0fwZH4f0fQNLmuY7m5EFoLm6keeaWGEvPJOx2xKihVyKAPpCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDzP9sX9rT4O/sMfs0+Lf2qvjzq81p4Y8Iab9pvRaxh57qRnWOG2hUkBpZZXjiQEgbnG4qMkfLnw9+Mv/BwB+0L4Ls/jf4C+An7NXwu0PW7Vb3QvAHxP1PX9Q19LZxujF7cWPlwWsrIVJQRSNHnDqGBUc1/wdBaBrd5/wAExIvHEGk3F/oPgv4reGNf8aWdvEZDLpEN55c25B95Q8sTHsAuTwM1+gnhPxX4a8eeFtN8b+DNdtdU0fWLCG+0rUrGYSQ3dtKgkjljYcMjIysCOCCKAPiD9tv/AIKRftsfsif8E5/Df7TPjz9m7wl4P+J938T9L8LeIPCOrapLrWmJb3Govatd209tJbs6ywqk8W45TzArqxU1931+dn/BzPdWt3/wTp0Q2tzHJ5fxz8IJJ5bhtrDUBlTjoR6V+idAHyr+xZ+3H8Wf2jf2+P2q/wBlnxv4e8O2vh/4Ga94ZsvCV5pVpOl5dx6jp81zObt5JnSRleNQnlpEApOQx5Hy3+wx+3d/wXy/b2/ZBg/bN+DHhb9lC40661DVYLHwVqWi+I7LUb02N1LbtEtz/aEsEckhiOxmGzLDcVGSO/8A+CVv/KYz/gol/wBjh4C/9Mt1Xy3/AMEH/AP/AAWC+IP/AASt0Twv+yT8e/gT4F8B6j4h8SQadrmv+DNW1HxPprtqlys0yFbtbN2Ehdow0WANobJyaAP0y/4Jf/t8eGv+Clf7GXhf9q/QfBVx4ZudVkurHXvDV1cec+l6jazNBPCJNq+Ym5d6NtUlHXKq2VHG/wDBRr9v74xfs5fF34Q/scfsk/CXQfF3xk+ON/qkfhRfGOqy2eiaPZabbC5vL69eFWlkVYz8sUeGfa+DlVR+/wD+Cbv7B/w+/wCCbX7IHhf9kv4d+Jb3XYdC+0XGqeIdSiEc+q39xM01xcsgJEYZ3IVMttRUUsxBY8//AMFE/wDgmL8I/wDgohZeD/EOv/Ejxl8PvH3w41G4vvh78Svh9q/2PVdEmnVFmRWIIeKQRx70OCQgAZctkAzfgHq3/BZ/RfjT4e0j9q7wr+zjr3gDUWuE8Qa18MbrW7DU9HZbaV4XW31BpY7lGmWKI7ZFYCQttwpr3f4x/tB/AT9nbQYfFX7QPxv8IeBdLuJTFBqXjHxLa6ZbyOBkqslzIiscHoDmvze1j4q/8FTP+CRf7X/wH+Fv7SH7aen/ALR3wf8Ajj8RbbwNBJr3g630nxF4ev7oqsE6y2zN9pjVmDO8jP8AKrDbGWVq2f2SPgr8H/22P+C0n7X3jr9sjwHo3jjX/hFqHhvw18NPDHjCwjvrTw5olxYPcG5trWcMivcyDzDNtLAlgpAcggH6LfDL4ufCj41+E4/Hvwa+J3h7xboUsjRxa14Y1qC/tHdQCyiaB2QkZGRnjIrl/A37ZX7IHxP+Is3wg+Gn7Vnw28ReLbdnW48L6F450+71GIpneGtopmlXbg5yvGDmvi3/AILzeDPCH7EP/BGX4wWX7HngLRvhfYeLvEWkxeL7rwNo8WnRww399Y2F9dmO3VVDy2yR27sBllbnnmuR/wCC0v8AwT4/YK/Zf/4I3+Ivid+z38IPCXw/8QfB/TNI1j4XfEHwvp9vaataajDeWyW8i30SiWd7gsFdmZvMaQOcuFYAH6ReMvjb8GPhz4r0nwJ8Qvi74Y0HXNetL260LRtZ1+2tbvUYLOLzruWCGV1eZIIj5krICI1+ZiBzWb4E/af/AGafij8PdV+Lfwy/aH8DeIvCmhXUttrnifQvFtneafp08SJJLFPcxStHC6JJGzK7AqsikgBhn81/+CgHwj8Pftq/8FOv+Cb/AIP/AGmvCkd7ZeI/BXjPWPGPhy4jKwXk8WiafetaTx9HhNxGqyQsCroGRgQxFVP+C13w2/4RX9rP9kb9ib4AfsZeD/E/w68b+K/E/iXxF8HbTV7XwlovjTWNM061NnFe3CW7xMIU/e+VJG4n8qOIjhSoB+mPwY/al/Zk/aQN8P2eP2jPAnj3+zCBqX/CF+L7LVPshJwBL9mlfy8kH72Old3X5P2/7IH7evib9uj4CftJfCT/AIJDfDL9m9/AnjFLfx74m8B/F7TLoa14VuU8m9sLiytNPtBcBVKyxli5Ro8KoJBH6wUAfNPgz9sz4kfGj/gpd41/Y++Duj6CfA/wh8D2lz8T/Et/aTTXZ8Ral+807TbQpMkaLHapJPOzLIxLxxgRnLHE/wCCSn7ePxZ/bS+G/wARPB/7Tnhjw7oPxc+D/wAUNV8HeP8AR/C1tPBYs0Eha1vLeO4mmkWGaE8M0jbmikZcKQB5X/wQfaXU/H37bfiPxPk+JJv21/F9pemT/WCwt4rNbFOeTGqNIEPp0rnPjH4h0H/gmj/wXq0r48eJdVh0T4XftZ/DmfSvF2oXD+Xa2XivQIfOtrqZhwvmWP7lRjLPJI2Tg0Ae6eNv28Pi/rP/AAV/8H/8E5fgX4c8N3nhzSPhpe+M/jZr2p2dxNd6bDI4g0y0tHjnjjhneYo7iVJd0MoKhdpJzfh78VP+Cq/7Qn7Jfgb4m/s+fGD9kPVvF95qesR+Mda0r+2dd8LXMEV48VoumzWd6r+aiIVuPMdwJQyqF2kV5v8A8EAfDGvfHHwz8ZP+CsfxH0qaDXv2mfiPcah4djvE/fWXhPTWex0m2OeQQqTZIwHURNjoav8A/BsH/wAoYvhr/wBjB4q/9SLUaAPPPgj+2h/wXn+OP7bHxv8A2ItE1b9kWy1r4GweHJdb1m68F+KDa6iNYsDewiALqhceWg2tvA56ZFfoj8Aofj/b/CPR4f2pNS8HXfjxUm/4SC48AWV3b6Q7edJ5X2eO7kkmUeT5Qbe7ZcORgEAfEP8AwT5/5WAf+ChH/YP+Fn/qNtXvVh+1h+31c/tHt8K73/glN4itvAY8WyaavxSb4u+HGtzpi3DRpqv2AXH2vY0QE3kbPNAbaV3AigDL/Zb/AG4/iz8bv+CoP7Uv7FHivw94dt/CvwQtfBcnhTUNPtJ01C7Or6Sby5+1u8zRyBZBiPy448Lw28819U1+eH/BPn/lYB/4KEf9g/4Wf+o21fQn/BWj9qDVf2Pv+CdvxT+N3hR5T4lh8NtpXg2K25ml1vUHWxsBGo5dhc3ET4HOEbpjIAPOP2e/26f22f2s/wBlz4xftE/s1fBTwL4muNP+L2peG/gTpV/qU+mW2u6JYX0NjPql7dvJIGzIt9IqxJHlbdUwWbNVP+CT/wC3R+3B+0z+0F+0V+zX+3T4L+F+j+JPgnrXh+yg/wCFXR6gbWX+0bS4umEkt7M7TFFSFdyxxDdv4YbTX0B+wL+zBpf7F37Fnwx/ZZ0tIs+CfBtlp+oTQ/duL4Rh7ucf9dLhppPq9fKf/BLH/lL5/wAFDf8AsdvAv/pknoA+2P2g/j18Lf2Xfgl4n/aF+NfiaPSPC3hDSJdR1m/k5KxIOEReryOxVEQcu7qoyWAr48/4I7f8FLv2wf27Pj3+0H8Jv2tvgb4Y+H8nwxk8K3nhjw/pEF0NRtbHXLO8v4YNSkmnkSS6jt0tFfy44QshmBXoF8+/4Kt/HH4ia7/wUI+G/wAGPi9+xP8AH/x38AfhzY2/jbUl+E3wmvvEFt4v8UiVhp9ndvEFiFpZBTctEXYyTGIOhVQa80/4JLft36b44/4La/tevH+yb8dtK/4WzrXgRIBrnwvubY+E/sWhXaE67ub/AIlYn6wGTPmryKAPu34V/tmfEJf+CkfxE/YA+O2iaHZyJ4QsvG3wf1nR7aaE6zoLv9lvYLkSyyKby2vFwTHtDwyo3lptJb6Tr8+v+CgrzaT/AMF3P2BdQ8J5GqalY/Eyy11Yv+W2mJolvKolx0RZcsueC9foLQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAGf4t8JeFvH3hbUvA3jjw7ZaxousWMtlq2lalarPb3ltKhSSGWNwVdGVipUgggkGvjDSP+CE/wAFfh5aTeEv2df23f2oPhR4Kkmd4Ph38P8A4xyQaPZB2LOlstzBPPbKSScRTL14Ir7fooA+TvjP/wAEa/2S/i/+wnpv/BPaz17x34U8FaV4li8QW+reHvE/m60+pLdyXj3Ml5qEd0XkkuJZJHYrnLfLtAAHN+GP+CM+ueGfEuneJH/4K/8A7aupDT76G5Onap8YbGW2uvLcN5UyDTAXjbG1lBGVJGRX2rRQB4z8AP2HPhN+zl+0r8Z/2pvBHiHxFdeIPjnqWkXvi2z1W7geztJNOtZLaAWiRwo8askjF/MeUlgMFRwT9gf9hz4Tf8E6v2atL/ZZ+CfiHxFqnh/SdSv722vPFN3BPeNJd3UlzIGeCGFCoeRguEBCgZJPJ9mooAK8H/bF/wCCfPwx/bK8Q+GvHmufF74oeAPFXhGC6t9B8WfCrx5caJfQwXLRNNC+wNFOjGCP5ZI2HBx1OfeKKAPkf4Jf8Ebf2ffhl+0DoP7Ufxd+Ofxi+N3jfwisv/CF6t8afHf9rR+HXkG2SWztoYYII5CP4zGxBAYEMoYbv7Vn/BKf4A/tQ/G20/ae0b4lfEn4T/E+30kaVdfEL4O+Lv7G1HUtPB3La3YaKWC6jU4x5kTMNqjdhVA+m6KAPCvhj/wT4+DXg79mjxb+yr8VPGnjr4veHPHlzczeL7z4v+LJdav9RE8EMDR+cQnkxqkEflpCsYjYF02sS1eI+F/+CBf7Kthd+F9C+Jv7Qfx2+JPgHwVqMF74U+EXxF+Jbah4Y0+S3/49l+yiBJJ44RgRxzyyIFG0gqSp+46KAPH/AIs/sU/Cv4x/tdfCT9tDxPr/AIgg8U/Bmz1628L2FhdQLp90mr2qWtybpHhaRyqIDH5ckeGyW3jipf2yP2Iv2e/27fhna/DH9oDw3eTx6VqsWq+G9d0TU5bDVdB1GLPlXtldwkSW8y5PIOCDhgw4r1uigD5U+CP/AASl8PfCP4p6D8VfF/7d37TPxLl8NXf2rRtD+I/xbe70yOYIyLJLbW0Futyyhjjz/M555NfVdFFAHyZ8F/2WvjH+zL/wVQ+KHxc+Hng4ah8Ifj54ZsdZ8UXkOoW8Z8NeLtNUW2TbySLLJDfWrhi8SyFZrc7wisGPX/8ABSr/AIJpfs8f8FUf2fbf9nT9o6/8Rafplj4gt9a03V/Cd5Bb6hZXcSSRho5J4JkCtHNKjAoch+MEAj6EooA5j4J/CDwN+z78HfCvwK+GWmGz8O+DvD1nouiWzEFo7W2hWGMMQBubagJbAyST3rhv2Ef2KfhX/wAE9f2ZND/ZS+C+v+INT8O6Beahc2d74ouoJr13vL2a8lDvBDDGQJJ3C4QYUKDk5J9gooA8Z+Dv7Dnwm+CP7YHxj/bX8KeIfEVx4q+N8OgR+K9P1C7gfT7QaRZGztvsiJCskZaM5k8ySTLcrsHFezUUUAfFfxq/4Ik/DX4rftb/ABC/bO8D/tz/ALSHwr8VfE9dKXxbafCnx7Y6VY3I06xisrYbG0+WQ7Y4y3zyN88shG0NtHPan/wRa8anx98NIdZ/4KAfGP4neCPDPxV0rxx4r0X43eLI9anluNIgvDp1vYGC1gWGN7q6WW4Em8SC1gwAU5+9aKAON/aB+EE/x8+D2ufCK2+LXjLwK+tQRxL4s+H2rpYaxp22VJN9tO8cqxsdmwko2Udh3yPjP4S/8G/Xw8+Cvxf1j45eBv8Agpr+13D4h8T6tY6h4xun+KOnD/hI5LQbYFvimlq1wgjzHgtnYzAEZr7+ooAK8b+Bn7EPwo/Z/wD2pfjR+1x4N8QeIbnxJ8dLjQpvFtlqd3A9jaNpNnJaWws0SFJIw0cjGTzJJcsAV2Dg+yUUAfJnw/8A2WfjH8S/+CtPjD9uf46+Dho/hjwB4Cg8DfBGxl1C3uH1Bblxd6rrbJDI5ty7lLSNJNshjidmRMrn6zoooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/9k=" + } + } + ] + } + }, + "considerations": { + "users": [ + "Who are the intended users of the model?" + ], + "useCases": [ + "Who are the intended users of the model?" + ], + "technicalLimitations": [ + "What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?" + ], + "performanceTradeoffs": [ + "What are the known tradeoffs in accuracy/performance of the model?" + ], + "ethicalConsiderations": [ + { + "name": "The name of the risk", + "mitigationStrategy": "Strategy used to address this risk" + } + ], + "fairnessAssessments": [ + { + "groupAtRisk": "The groups or individuals at risk of being systematically disadvantaged by the model", + "benefits": "Expected benefits to the identified groups", + "harms": "Expected harms to the identified groups", + "mitigationStrategy": "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented." + } + ] + } + } + } + ] +} diff --git a/src/test/resources/1.6/valid-machine-learning-1.6.textproto b/src/test/resources/1.6/valid-machine-learning-1.6.textproto new file mode 100644 index 0000000000..54452d656d --- /dev/null +++ b/src/test/resources/1.6/valid-machine-learning-1.6.textproto @@ -0,0 +1,81 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_MACHINE_LEARNING_MODEL + bom_ref: "component-a" + publisher: "Acme Inc" + group: "CompVis" + name: "stable-diffusion" + version: "1.4" + description: "Stable Diffusion is a latent text-to-image diffusion model capable of generating photo-realistic images given any text input. For more information about how Stable Diffusion functions, please have a look at \uD83E\uDD17's Stable Diffusion with \uD83E\uDDE8Diffusers blog." + modelCard: { + modelParameters: { + approach: { + type: MODEL_PARAMETER_APPROACH_TYPE_SUPERVISED + } + task: "task goes here" + architectureFamily: "the architecture family goes here" + modelArchitecture: "The architecture of the model." + datasets: { + dataset: { + type: COMPONENT_DATA_TYPE_DATASET + name: "Training Data" + contents: { + url: "https://example.com/path/to/dataset" + } + classification: "public" + } + } + inputs: { + format: "string" + } + outputs: { + format: "byte[]" + } + } + quantitativeAnalysis: { + performanceMetrics: { + type: "The type of performance metric" + value: "The value of the performance metric" + slice: "The name of the slice this metric was computed on. By default, assume this metric is not sliced" + confidenceInterval: { + lowerBound: "The lower bound of the confidence interval" + upperBound: "The upper bound of the confidence interval" + } + } + graphics: { + description: "Performance images" + graphic: [ + { + name: "FID vs CLIP Scores on 512x512 samples for different v1-versions" + image: { + content_type: "image/jpeg" + encoding: "base64" + value: "/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAMEBgUGBgYFBgYGBwkIBgcJBwYGCAsICQoKCgoKBggLDAsKDAkKCgr/2wBDAQICAgICAgUDAwUKBwYHCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgr/wAARCAH4AxgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPDv2yv+CkH7G3/AAT/ALrwpYftYfFe68N3PjiW8i8K2tl4S1XV5dQe1WJrgKmnWs7LsWeI/OFyG4ztbGN+y9/wVb/YY/bK+Jp+D/7PHxO8Qav4gXTZb82mpfDPxDpMfkRlA7efqFhBDkF1+XfuOeAcHHyZ/wAFx/ird/BH/gpn+wN8U7D4UeLfHE2j+KfHUieFPAmnRXerahu0qyj2W8U0sSOw37yGkX5UY5JGD9i/smftw69+1R4r1Twvq37DPx4+FKaZp4uk1T4teE7HT7S9JkCeTA9tfXDNKM7iCqjaCc9qANj4f/t7fsnfFH4O/Ef4/eBPit9u8JfCTWNa0v4hat/YV/F/ZV3pMIm1CPypIFln8qMht0KSK/RC54rwnSf+DiL/AII+6xY22sJ+1feWenXao1vq+r/DHxLY2LK33W+03GnJCFOR8xcDnrXyt+wD/wAodv8Ago7/ANlg+NH/AKaEr7a/4IwWNlqf/BIL9njTdSs4ri2uPg3osdxbzxh0lRrNAysp4YEEgg8EGgD6G+F3xW+GPxu8B6d8Ufg58QtF8VeG9Xh83S9e8P6lFeWl0mSCUliZlbBBBweCCDgit+vzQ/4Je+GNH/ZN/wCC1X7Xn7C/wZtE0z4YXGjeHfH2h+FLQbLPQNSvLeNb1LeMfLCkzyBtigKqQxKoAQV9Zf8ABUXVP2qfDP7A/wATPHX7FPjt/D/xL8MeHX1zw5crpFrf/avsbLcT2fkXUUiOZ4I5oVwAweRSGBFAHvtFfB37Zv8AwVc1Sw/4I0eH/wBt39lSaMeP/jNpOiaJ8JdOjiiuHj8TauywJbqkqtHLLav9pYo6sjNaFWDAkHgv2/v2yv2sP2eP2i/gZ+w744/4KA+GvgRo+v8Awqk1Txd+0j4s8Eafdp4j8RWskVvLptulysenWLuC10xdAoWRFUL8quAfpdRXhH7BugftAaX4C1PWPjJ+3l4f/aD0nVLmKbwl4x0Pwhp+lGKEKwlikOnSvb3PzbSsiBMcgg9a8O/4ORPj78R/2dv+CPvxT8U/CjXZ9J1nWxpvh5dXtpSj2Vvf30NvcuGHKloHljDAgqZAQcgUAdj8TP8Aguz/AMEnfhN451P4d+KP2w9KvNT0SYxayfC/h/VNbtrBwSGWe6061ngiKkEMGcbSCDgg16F4w/4KZ/sI+CP2Qbn9vbVP2ktEvPhFZywRXXjTQIbjVIIpZbiO2SIxWUcswk86WNGTZuQt84UAkdh+yh+y58G/2Mv2fvDP7N/wI8IWWj+HfDOlxWsEdpbrG11IqASXUxUZkmlYF3kbLMzEkmvhf/g5o+Fvw2+FP/BC3426b8MvAek+H7bVfEug6nqNro1hHbRXF5Lr2nebcMkYCmR9oLNjLHJOSSSAfpbXnfgb9q74BfEn9ofx1+yn4K8e/bfH3w1s9NuvGug/2XdR/wBnQ38PnWjefJEsM3mR/NiJ3K9GCnivRK/PD9hr/lYa/bm/7E/4b/8ApnoA7zUf+Dhr/gkNpGo6pp2o/tS6jENF1SfTtWvT8LfE5s7S5hkMcqPdDTfJXawILb9vfOOa+svhR8Wvhj8dvh1pHxd+DXjzSvE/hjXrQXOj67ol6lxbXcRJG5HQkHDAqR1VlKkAgivx4/4Iz/8ABVf9ib9kL9lL4q/BL44ah4u1TxRJ8dfGV0nhDw18Lta1l9ShmugqQpLb2j2jPJtZdjzLjPzbQc19af8ABuV+zf8AG39mz/gnjcaX8b/hlf8AgWXxb8Sdd8UeGfAWqxmO58N6PdyR/ZrKSI8wsPLeTyyAyiYbgrblAB9c/tH/ALT37Pv7IXwtu/jV+0z8XNF8F+F7KVYpdX1u7EaPK2dsMajLzSsFYiOMM5CnAODXi3wH/wCC0/8AwTL/AGlfilo3wU+Ef7TsNz4q8RSFNA0bWfCmr6RLqTBSxFub+0hWY4BPyE5A4ry//gtj+yx+1P8AFXxd+z5+1l+y78F9M+K118BPiFc+INa+Eep6vFZf8JDBNBGizQSTgxC5tzGWj3AkNJuUOV2NF8Dv+C437PPxa/aC8Ifsr/tmfsffFL4CfEXxDqiJ4Hs/jB4NWPTtT1HIVI7C/BKvMWbYrlIwWdUVizhSAffNFfBPxj/aW/bl/bK/4KM+Pv8Agn3+wx8bdF+D/hv4J+HtHvvir8T7vwhBr2qXGparC1xZabY2t0fsyJ9nVneaQOQykADbhus+N3x4/ac/4JOf8E8/i9+1B+2D+0XY/HS88G2iXfhK+XwTb+HZ5ZJ3htLazu0tHaJgbuaPM0aoQjn5MqMgH2VRX5gfGnX/APgul+yR+xhP/wAFI/Hn7aXg7xrqPhnQIfFXjz9n5/hXY2OkQ6ZtWW8s7TVInN6JreEuRLIzhzEflPAboP8Agob/AMFC/wBsC68d/sQyf8E7/GOlaZaftJ3F7Nc2PirRYLq0msrjSbS6tbi5+UzKtqty9yY7eWJpTF5ZfDZAB+j9Ffmz+3B+19+2B/wS4+GXgv4M/Ev9vbwb43+JPx1+IZ0vwp8Sfin4S0zwx4f8BaVBbI+oXk6WsiJcLFuQxJNJuZ51VncKEfz3SP8AgqB8Sf2Rf2j/AIQaXr//AAWa+C/7XHgz4o/EKw8F+KPDnhqz8PWGu+F7i/LJbarapo9w5ls0mCpMJlYqrqAxZwVAP1oor8uvjt+3V+0d8Sv+ClvxW/ZD13/gqT4N/ZE0f4frpEfgLStf8D6TeXvjuK7tBNJqC3WtMIGjWUtEsVv8/wApDYZCW/Qb9mDw98Z/C3wQ0XRPj/8AHPS/iV4njE73PjjRvDselQatA8zvbSi1ikkjjbyGiVtjFWZSwwGwADv6K+P/APgrB+2p8f8A9n2/+Dv7LH7H9tokXxZ+P/jl/D/hrXvEtqbix8PWNvEJtQ1N4Aw+0PDEyFIidpLEndt2N5R46+Of/BRr/gl7+058ENI/az/a4034+fCf43fEG18AX2qXnw5sPDuq+FtfvEY2EkP2AiO4tpXSQOsilkVCdxOMgH6L0V+b/jP49/8ABTb49/8ABZH4y/sE/s7ftMaN4B+H/hf4deHdc/4SPUPA9lq11oEk8f7yOyidU8+e5kbJe6klihjgk2xFnXHoH/BN/wDaX/bB0r9tn42/8E2/21fi3pfxK1r4b6RoviTwf8SrDwxBo1xq+lagjh4ru0tv3EcsMqqoaMAMCxPYUAfbGrarYaHpVzreqz+Va2du89zLtLbI0UsxwAScAHgDNfFuif8ABxP/AMEifE2lw654c/aO8S6hZXAJt7yx+Cvi+WKUAkEq66SQ3II4PUV9h/EDSb7X/Aet6FpkQe5vdIuYLdCwUM7xMqjJ4HJHNflZ+zFr/wDwWR/4Inf8E4vCmifF39jb4U/ED4ZfCbQLm48XW/gf4jXf/CUWenG4mu7q88ue0W0l8hJXYxxyMSsR+YDLAA/TL43ftJ/Ar9m34OXn7QXx5+Jum+FPBthFBJea/rLtFDEJnVIgQRu3O7ooXG4lgMZrhf2KP+Ckv7FP/BRSx8S6p+xp8bY/Glt4QvILXxDPDoOoWSW0syyNEAby3i80MI3O6PcvHJGRntvh34x+CP7Y/wAAPC/xX0bSNO8UeCvGuiafr+ixa1psc0csEqJcW7vDKGCyLlTgjKOvYivi7/gkVaWtj/wU4/4KA2VjbRwwxfFPwykUMSBVRRpEgAAHAA9KAPpf9rP/AIKZ/sLfsN+JdM8EftQftC6b4b1/WbL7ZpXhyDT7vUdSurfe6CZLSyhmnMZaORQ+zBMbAHINbX7JH7eP7In7dvhnUfFn7J/xz0nxhb6NdLb61a2yTW17psrZ2rc2lykdxb7trbfMjXdsbGdpx6Nc+FfAmneJrj4oXfhzSYNZGlLZ3XiKSziW5FjG7yrC9wRv8lXkkcIW2guzYBJNfnP/AME8b/Sf20v+C1/xq/4KWfs3aCLP4L6b8MIPhpF4rt4fKtviF4gg1CO4uNTgwMXEVtHF9lFxyGCx7GILAAH6XVy/xr+M3w1/Z1+EfiP47fGPxJ/Y/hXwlo8+qeIdV+xzXH2S0hQvJJ5UCPJJhQTtRWY9ga/P79pz/gqN+0d/wSK/aK8eeB/217bXvix4E+IdrNq/7M2uaF4bt4r2XV8pGfBl0tjAil/MkjaC5dGdoixZpX+SP0jX/wBmb/gor+0B/wAEa/ij8GP2qPiHp/in44fFfwPrHk6FBZ2OnaZ4ZlvoSLbRYZII08yO3DKjTzPLIz7z5jrtoA6H4df8F4/+CXXxY8U6F4N8AfHXxNf33iXULWy0Qf8ACnPFkUNzNcOqQ/vpNLWJEZnX947KgByWAya9y/at/bO/Zc/Yd+HcHxX/AGsfjRpHgjQLq/FlaX+rM5+03JjeQQxJGrPI+yN22qpOFJr4XH7av/BSv/gkF+zv8Pb/APb6/ZL+Gur/AAQ8I6TofhbxL44+Efji9vNT8MQKkFjDf3lpeWkQuEaTywywHgyDBJwG/RzXvB3w7+JVppuoeJ/Cmja/BaTrfaRNqFhFdLBIUIWeEurbG2OQHXBwx5waAOD/AGOv23P2YP2/fhG/x2/ZI+Jw8W+FI9Xn0t9VGjXtji7hVGkj8u8hikOBIh3bdp3cE4OOE/aY/wCCvH/BOf8AZA+J1z8Ffj5+0zYab4vsreOfUPDGk6HqOsX9nE8ayI88GnW87who3RwXC5Vw3Qg14N/wbfgL+yx8Z1UYA/ap8c4A/wCvmGvuDxTd/Bj4GaP4q+Oni1fDvhazFp/afjTxVcww2okitoAgnu58AuI4Y1QM5O1EVRwAKAMj9mb9q39nP9sn4XwfGf8AZf8AjBovjTw1PO0H9p6NcFvJnUAtDNGwEkEoDKTHIquAykjBBPoNfnJ/wQp8Nav8Vfjx+1N/wUh8GfD+68H/AAm+P3jrSrj4V6Dd2RtW1G1022nt7jXvIIHlLfyy+cCQGYhycjYx+zf21PjF8Rf2ev2RPiX8dPhF8Pz4q8UeEfBGpatoHh4RO4vrqC3eSOMpH87ruUEonzMAQvJFAHp1FfmT/wAE6fjP+1h+2Na+AvjD4L/4L9/Dfx3qGof2fq/jX4M6Z8KtBj+y2zGOW80xRHMmpWrpGZIlnl3HcocpjIr1X/gq3+0ZrvwF8b6FJrH/AAWT8C/sweHbvQw0Oj3vw+0/Xdd1i7E0okuI1vHfZbKnlJ8lu3zh8uMgUAfcNFfnp/wRN/4KheKv2yvip8Yv2W/HH7R3hX40N8MG0q/8L/GLwl4cbR4/EumX0cm5bmy+5Bc280Rjby8I4cYHylm8p/4J3/ET/gtr/wAFK/2U/E3xi0L/AIKDeH/hxN4e8eeIdG8Jzn4T6Vqdx4ka1u3Ef21nRIbW1T5LZRBCZj5csryMSqUAfrDRX5YfsiftE/8ABYr/AIKufsEWf7a/wl/af8JfAm6stKu7XRvCumfDq11tPFep6fuiurm8nvmY2NvNdRSwpDApeJULmWQkIHftP/8ABXr9pnX/APg3P8K/8FQ/gTeW/hX4ja2+hx3iafptvcwm5/ttNOv4oYryOZFjlaOYJuVmRZBhiy7qAP1Nrz/x3+1J8Cfhn8fPAX7MHjfx19i8c/E631SfwPof9mXUn9pR6dAs94fOjiaGHy4mVsSuhbOE3Hivg39s34nf8Fkv+CdXwCH/AAUh+KH7WfhH4g6D4au7C9+KXwDsPhtZ2FhY6bc3EUNxHpeqLI15JLbGYBZJ3ZZApkKjHlN0n7YniXR/Gf8AwXJ/4J9eMPD1z51hq3hH4l3ljNtx5kMugWzo2O2VYGgD9DqK/LX48/8ABUjxv8ff25fip+zH4B/4KmfB79kvwR8GdRt9Fu/EPjQaJeeIPF+stHvuhbW+sTpDBZ25/dGQI7M4ODhsR7P7H3/BW347eJPhf+1V8JZfiL4A/aK+IX7Ovg//AISLwL4++GBhbTfiDZ3Gnz3FskkFjLLHHdRTwGGeKBsEuFQbhuYA/TGivy//AOCdPxy/a3/bV0fwJ8Y/Bv8AwX5+G3izW9USw1fxj8EtO+FOgoLGFtkt3pYVZk1OBo0MkQnkydyBymOK/UCgD59/au/4KnfsG/sSeP7D4UftIfHhdI8Ualpn9o2vhzSfDWp6zf8A2PeUFw8Gm21xJFGWVlDuFBKnBODXvtjeW+o2UOoWjlop4lkiZkKkqwyDggEcHoea/H/4C/sxftveIP8Agvj+0To2gf8ABTLXtI1jRvAvhS91TxAnws8P3Emq6XO8ksOlGKWAx28cKjYJogJZM7nJYZr3Hwt8dv8Agon/AMFNv2tfjh4I/ZI/ay034C/Cr4FeNpPAya1afDyw8Rat4o8Q26A35kF+TFbW0LsiqqLvcMDuBJ2gH6KUV+ef7N3/AAUO/ay139m79r/4G/tE6lokXx1/ZY0fUkm8ZeG9LSKy1qCbSLm+0fVhaS+YkUrrAXeAhowVHGGKCf8A4JK6l/wVU/bC/Z++DH7bX7Sn7b+maToes6Db3mo/DLQvhlprf8JFaeS8a3d7qDAPBPcPi52WkcMcSlI9rfMSAfoLWX448Z+Gvhx4L1j4h+M9S+xaPoOl3Go6teeS8nkW0EbSyybIwzttRWO1QWOMAE8VyP7Wn7Q/hv8AZJ/Zh+IH7Tvi3Tpb3T/AXhC/1y4sIHCvd/ZoHkWBWIIVpGVUBPALAmvzm8Rr/wAFqfij/wAEvPFP7ffj79rzwdfL4x+EWoeJrj9nmL4ZWsGmWug3enSTfZINWWT7aL1bOTzFeQyJ5wEbIy5egD7v1z/gop+xx4b/AGZPCP7Y+tfGHyfhv47vNNtfCniP/hH9Rb7dNfyeVaL9nW3M8XmOcZkjUL1YqOa1P2t/25P2U/2FPB+m+Ov2qvjBZ+FLHWtRFhosbWNze3Wo3O3cYre1tIpZ5iBydiNtyM4yM/nHpP7S3xp/ZV/4NyP2UfiL8CPF0Wi6xfan4E0a6u5tItL0PZXd4Ip4vLuopEBZCRvCh16qynmtD/grN8B/2p/G/wDwXM/Y2svh/wDtz6v4STxcfiA/gFYPAGj3y+BpLLw1atePCLmJhqBvOQftW/yN2YdpoA+1viD/AMFa/wDgn18KfgL4O/aV+I3x+Oj+FPiDc3EHgtr3wpqy6lq8kEjRzLDpn2X7cdjL8xMAADIejoT7L8FfjN8O/wBob4V6L8afhNq9zf8AhzxDafatJvLzSbqwlli3Fctb3ccc0Ryp+WRFPfGCK/J39s39lr9uiX/gtb+yh4Guf+CoOvy+I9Q8A+LX8M+MX+FHh7zPD0ltpNrHfyR2v2fyJzfMrO/mqfJ37YtqgCvV/wBsv/go18Xvh9+1n4W/4Jg6H/wUZ+GPwX1Hwp8LLDXviz+0R8VbPSIbrV759sMVrpunXUsNkLmfa11KMNHGkoCKNm1wD9NKK/OP/gnX/wAFJvHepf8ABQK+/wCCeXxK/bw+GP7Tek638P5fFfgb4t/DwaZDdW01vcLFdaRqdvpcslssgRhNHIgTKKcglgE47/gm/wDFD/gsD/wUh0D4l+Lb39vXTPht4X8BfHHxD4b0O/sfhVpOqapr0NrdAiCXzUSC3tYYmjhUrE1xI5mZ5RtQUAfqbRX5KTf8FU/H37afxz+KH/CJ/wDBZX4Jfsj+A/h746vvCfhTRfEUHh7UPEXimSyISfVbmPWblBb2bykiFYkDMqsGYFdzdR8Kv+CuXx5+LP8AwSn/AGsPHdl8XfBWrfFv9nK01rTrL4ofDhbW+0PxCIrM3Gna1bRv50H7xd2+E+ZGHibgBtigH6h1z/jv4s/Cv4Wz6Ha/E34l+H/DkvibXIdF8Nx69rMFm2ralMGMNlbCV1M9w4VtsSbnbacA4NfmP42+J/8AwW80D/gmLpv/AAVVb9uHwhY6honwtsfG+o/BU/Cmxl03VNNSzjuZlu9RyLpbuW33Tv8AZxDEkjGKNFUCSsP/AILTXvxi/ay8NfsB/tF/CT9ovUvAekfEX45eBZ9B0KHwxp9//YurajaT3dtrIluIy00tvG5jFs/+jvncyE4oA/XSivNP2VvhP8ffg58OLjwr+0b+1ZqPxh16XV5bmDxTqfhDTdFkhtWjiVLQQadHHEyqySP5hG8+aQThVx4F+3h+1V8fP2PP2/P2a/EF948x8Cfiprt38PvGuiTaXa7NP8R3UZl0a+W5MXnqZZFkgZDKIgqbthY5oA+yK+W/2kv+C1X/AAS9/ZH+Mb/s+fH79rbR9G8axXsFpc+G7TR9Q1G5tpplR4kmWyt5fJLLIjDeVGHB71znx0/aq+PfjP8A4LCfCP8AYK/Z28ef2R4c8O+BtT8ffHiSHS7W5N1pzMLTS9OEk8Tm3eS63SP5ZSUxEEMAMnyb/g5b8A+BNB/4Jwap4w0PwVpNlq+rfFjwe2q6paabFHc3rLqluoMsqqGkIVVUbicBQOwoA/SCiqHijxV4Y8EeH7rxZ408R2GkaVYxebfanql4lvb26dNzySEKg5HJIFfLn/BRP9pjx94p/YH+KfxH/wCCZX7Tvha9+JXgDQV8RWv/AAjl1pmuCW3tXE9xaSwMJgPPtoriNCAr79u1gQaAPrKivhH9u3/gqZrmmf8ABIrwr+1x+xzexr8QvjrD4f0H4M2jQw3Lx+INZZESIpKrRvLbL9pYo6Mpe22spBIrk/8Agob/AMFFfi7+zh8bfg7/AME1tC/bT+G3wv8AGfiH4eDxF8TP2hPizHp0FtZWUB+yCSzspnt7Sa+vLuKdhEdscaI5WMjlAD9GqK/Mn9j3/gpf4+8Cf8FFfAX7DXjn/gpb8Kv2sPC/xf0LV5vDXjbwNHo1tq/hfVtNt/tT2moQaPM9ubae3EhikKo7SRsvIQ5pfsv/ABa/4K3/ALfP7Tv7Unwf8Eftv6Z8L/A/wl+OGpaF4a8UQ/DHS9Y1V4gAIdMijnRIFggRfMeaZZp5WuUUOoQkgH6h15/+1H+1H8Cf2LvgTrv7S/7S/jn/AIRrwT4a+y/23rf9mXV59m+0XUVrD+5tYpZn3TTxJ8qHG7JwoJH54fFv9t/9qDx5/wAFFPiX+xt42/4KveDf2UrL4cWmiW/g2DxB4A0e4vviH9psVmn1RZ9YYW4j8/fGsFr8wwVJBQlvTP8Agqx8dP20P2Fv+CEvj744W/7UGjeLfiv4ZGkPY/E3TfA1hDa38F14ksoEl/s6YXNqGNlceW3DqWzIm07doB+gdFfFX/BSH9r39qWw/aw+Dn/BNf8AYd8SaJ4V8efFi01TWvEXxG1/RV1KPwnoNggLzwWbsqXNzLJujQSEoCmGHz74+R8E/tE/t5/sHf8ABRT4U/sZftpftF6Z8bPAfx80/V4fBHj5vBFnoGq6FrenW4uJLO5hscQTW8sTKEcIr73A4CMWAP0Dor8y/hL8ZP8Agqz+2n/wUC/ar/Zg+FX7Y2lfDPwB8J/Gul22ieKG+HOm6xqlqLiwEi6daxTIkJj3LJNLPc+fJzEkYQFmHXfsc/t8/tq6b8Fv2uPhD8erHTPin8Yv2WLi+XRtV0DQ/wCz18bwvpUl/pnmWcBIhuJTGUdIePnVVBYFmAP0Gor8tf8AgnT8fv2vf24vDfgf4yeEP+C+3w11zxNrENlq3i34Gaf8J9CA0xW2S3Wk7POTU4mjXzIhcOSSyb9pHB/UqgAooooAKKKKACiiigAooooAKKKKAPjP9v39lH4+/Gz/AIKU/sZfH/4Y+Av7T8I/CfxJ4uuvH+rf2paw/wBlQ3umW8Fs3lSyrLPvkRlxCjlcZYKCDX2ZRRQB+b/7IH7BP7WPwu/4JsftrfAHx38KfsPi34t/Ej4nap8PdJ/t2wl/tW01bTlh0+TzY52ig82QFdszxsnVwg5qp+xB8Vv+Cx/7LH7Fnw1/ZOsf+CMNxda14F8E2Gg/8JHr3x/8N2+nTSwQrH9oZLWS4nCZG7YqliOMjqP0rooA+Qf+CYf/AAT++Mv7N3jv4r/tiftj/EHQ/E/xz+OesWl54xm8LRSrpGh2FnEYbHSrEzASPHFGdpkcAvtjBBMe9/r10SRSjqGVhggjIIpaKAPyK/Y8/wCCSP7avw3/AOCiPhb4NfFbwFaQfsm/s/8AxM8WfEL4LamuvWco1G81QQNp2nNaJM1xF/Z8s97MkjxIpcS8kMm77W/bq8b/ALYWm+K4PAvw4/4JkeF/2iPhnqehRPqltqHj/S9Nu7XUhNOHje01WM29xAYvIKuJFYM0gIIxXb+P/j1+0X/w0XrPwF+BHwL8Fa+nh/wVouv6nq/i74k3ejEnUbvVbeOCKG30e+3hP7KdmdnTPnKAvykl3/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5w/4I2/sH/HX9lz4w/Hv9oH4ifArwx8EvC3xc1rR7nwj8A/B/iCPUrPwybO2khuLt5LdEtUmumZXKW42KFAJIVAPpv9uv8AY9+HH7fX7JPjj9kT4rXM9to3jXSPsrX9qgaWxuY5EntrpFPDNFPFFKFPDbMHgmqf/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfNPwb+NH/Bcb9ln4caZ+z/8AFH/gnT4f+PN/4ZsY9O034reDPjPpmiQa5bxKEhnvbPU0We3uCiqZWjEqs5YquMZwf+Co/wCzH/wU0/b2/wCCKfxH+B3jb4N+Dbj4y+LfEWmXeieA/A/iWP7JYadBq9jOtu99qDQRy3CQwyvJJlUZsiMY2ivrT/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegDwW1/b8/4LEy3McVz/AMECNbijaQCSU/tLeE22KTy2A+TjritT9lP9lH4+/Db/AILKftW/tWeNfAX2LwD8SvDfgm18Fa9/alrJ/aM1hpvk3a+RHK00PlyfLmVEDdVLDmvZv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDxn/gh3+yj8ff2Pv2W/Gvw5/aL8Bf8I7rOr/GzxPr+n2f9qWt35unXdwj282+1lkRd6gnYxDr/Eor7Mrxn/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegCt+2T8Sf27/ha3hjxL+xj+zR4S+KtiJbtPGnhnW/G39g6iVIh+zSWNzLG9ucHz/MSUDP7vaw+avj39pL4Cf8FLP+CtXxa+DHgz4/8A7EOjfs/fDT4V/FnTPHuu69rXxM0/xBrerzWAkEdjYxaaGS3WTzWDySOP4WAzHsk+y/8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APm74x/s1/tzfsZ/8ABRrx9/wUD/YZ+B+jfGHw18bfD2j2PxU+GN14wt9B1S21PSoWtrLUrG6ux9meP7OzI8MjIxZiQTuyvW/HD4DftN/8FY/+Cefxd/Zf/bA/Z1sfgXeeMrRLTwlYr42t/EU8UkDw3dteXb2iLEoF3DHmKNnJRD8+WGPZP+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD4n+NWg/8F0f2uP2MLj/gm747/Yq8H+CtR8TeH4fCvjz9oCT4q2N/o82m7VivL200uJBema4hDgRSKgQyn5hwV9V/aD/YA+KOk/tO/sFQ/ADwRLqnw+/Z1m1fTvE2rT6pawvpmnDQIdPsnaOWRJJy7RBSIUcg8kAc19B/8Jx/wUL/AOjX/gz/AOH41b/5l6P+E4/4KF/9Gv8AwZ/8Pxq3/wAy9AHkP/BXH/gn58Qf2wrH4WfHP4EaP4O1n4i/BHxfLrfh/wAK/EK283RPEtlcQiG+0u5Ox/KMsaRmOUqwR4xkDdvThfgjoX7UXiz4s+FtO1//AIN8/hF8LNPg1y1l1/xxqvj7w3fnTrdJVaSaxg060aeacAZiL+SAwBbGK+mP+E4/4KF/9Gv/AAZ/8Pxq3/zL0f8ACcf8FC/+jX/gz/4fjVv/AJl6APBP2zNa/bM+IXjPxF8KPHf/AAQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV1//BFf9iz41/sFfsMad8B/jxrGmnWH8T6rrFr4c0PUZryw8L2d3cGWHSbaeYBpY4QSS2Mb5HwWADt6Z/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AHkv/BV/9iz4/ftBah8Hf2qP2QLjRJfix8APHL+IPDWg+JLs29j4hsbiIQ6hpjzhT9neaJUCSkFVKkHbu3r5R47+Bv8AwUZ/4Kh/tN/BDVv2sv2RtN+Afwn+CPxBtfH99pd58RrDxFqvinX7NWFhFD/Z4MdvbRO8hdpGDOrkBQcY+sf+E4/4KF/9Gv8AwZ/8Pxq3/wAy9H/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6APJfgB+y38dvBP/BZn9oL9q/xP4F+y+APHHw38KaX4X1/+07V/tt3ZpILmPyElM8ewsPmkRVbPyk0fBn9lv47eFP+C1fxo/a31/wL9n+Hviz4P+HNE8P+IP7TtX+1X9rM7Tw+QspnTaCDueNVPYmvWv8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APSfijqHxB0n4Z+ItV+Evh6w1fxXbaFdy+GdJ1S8Nva3uoLC5toJpQCYo3lCKzgHarE9q+Cf2mfin/AMFuP2w/gF4n/ZN8Kf8ABLbw78KLvx/oV14f1r4k+KvjnpWr6Zo9ldxNBczw21jH9qnk8p32ZjXaxUkNjbX1b/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AGT4J+F3xA/4J6f8E8vC/wAFv2YPg/efF/xB8MvBmlaLofhgeILTRZvEDw+TBNMbm7byLYlTLcEMcfKUXkrXw7+wcP8AgsH+zz+2x8dfjr44/wCCOOpJov7QHj/RNTuZF+PPhdj4Xtre3NrK7hJ2a7wrmXCKjELtAJINffH/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AfJX/BcXwD/wAFSP2kvF/hH9lf9mP9lnXvFfwB1SwjvvjNqvg34j6LoeseIB50ynw/HJqF1E9tbskcTzTIj+alx5YICSK/u/7AfxK/aZtG039njxj/AMEmb/8AZ8+HfhjwwYvDt+PiX4e1a0iaJ4kisUttNneVSyNI/msNuY23Hc4z33/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6P+E4/4KF/9Gv/AAZ/8Pxq3/zL0AfHPxR/4JRfGP8A4K1fGz4mfGv/AIKU6NrHw/0PRbK58M/s0+CtK8SW8934WXdHKfFk0ljPJCb+aaOIpF5hEccZjcNhGr3b9nL4g/8ABVrwX+wXqOm/Gv8AZn0TxR8efAeox6RpwufG1laaX8RrKG6iT+1ormFpWsJJrQyuUuIkYTpkxqr7V9Q/4Tj/AIKF/wDRr/wZ/wDD8at/8y9H/Ccf8FC/+jX/AIM/+H41b/5l6APjP9tXwR/wV0/4K0/BWb9hXxl+wVo/7PPgLxfqNiPiN8QvEfxY0zxDdLptvdxXLwadaacCWmdoUAebYuMqQu7ev2p+0x4/+P37N/wS0ib9kT9kG7+Mmr2d7a6Yng+18c6foL21gsEgN0brUCI3CGOJPLHzt5u4cK1V/wDhOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA+JP+CLHh7/gqj+yHNrXwA+P3/BLG/0Pwz4++Mmv+LtV+IA+M3h26j0C31FhKsTWVtPJNclGjVCUwTvztABqn/wVh+EX/BUH9rj9tbS/hXqf/BPzW/iV+yd4Kaz1I+GfC/xV8P6MfiJqwihnX+0/tt3HMljbTM8YtfLAleDzCzB49n3P/wAJx/wUL/6Nf+DP/h+NW/8AmXo/4Tj/AIKF/wDRr/wZ/wDD8at/8y9AFP8AYw+NX7UHxRtNW8P/ALQP/BPbUfgPp+g2lnD4ahu/HuiazFqKESK8USaXK4tlhWOIYcKCJQF+6cekfG/WPi94f+E2va38A/Bmk+IvGNrYNL4f0LXNUaytL+4BBEMk6qxhDDI37SAcEgiuD/4Tj/goX/0a/wDBn/w/Grf/ADL0f8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXoA/Pz9qn9i79tn/AIKL+P8AwHLF/wAEhvA37N/jLQfiJpXiHVf2hB8TNF1DVLCC1nEs0dp/ZUS3V3JKMhRceXHkDcFJDp6x8e/2av22v2dP+CtXij/gof8AAb9jPQv2g9B8ffDrS/D0OnzeN9P0TWPBVxZsd5t31EeU1tPkO4jYOXJJA2DzPqv/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5f/AOCbn7Ln/BQfwr/wVI/aC/bU/bV+GehaDYfFLwX4ch8PReG/EUF/aacbUOn9mBtyzyyQRCPzZ3hijkleQx5TBr0b/gh/+y38dv2QP2IpvhB+0V4F/wCEd8RN8SPE2qLp39p2t3m0u9Slmt5PMtZZI/njZW27ty5wwB4r1r/hOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA8Z/4Iifso/H39kL/glV4V/Zt/aJ8Bf8I9410288SPe6L/alrd+Wt1q99cQHzraWSI7opo24c43YbBBA+DP2u/2VPjz+yl/waUeFf2Vv2gfDLeEfHeh+KNKttWsF1C2vTYSXHjJp4XEtrLJFJ+7mif5JDjOCQQQP1Z/4Tj/goX/0a/8ABn/w/Grf/MvXn/7TXwU/aV/bG+E1x8Df2jv2Jfgz4j8LXeoWd9caX/w0X4gs989rOlxA/mWvhuOQbZY0bAbBxgggkUAfOf7Z3wz/AOCyX/BRb4A/8O3vid+yV4S+HuheJruwsvij8fLH4lWd/YXum21xFNcS6XpaxreRy3JhBWOdFWMOYyxz5q+x/tE/sbfF/Wf+Cpv7G/xv+FHw88/4bfBvwx430zxVq39q2yf2St5o8Fpp6eTJKs0+94ymYkfbjL7RzXtP/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfG3xN/YB/aB/ZI/bW+K/7RnwK/4J9fDf9pzwB8a9ag8Qan4X8Q6rpemeIPCmtCIR3T29xqkTW9zaTkCTZvR1c4AAXMnuv7MNn+1x4d+GHxK+Iejf8EtPhN8FfFi6Vbr8P/CGm+MbGefX7hBM0iald6daJDbR7vJEewzYLSM3QA+qf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB+fH7YX7GP7cH/BSXX/CWmL/AMEgPAv7O3jnTPHel65fftFn4naLqGpaRHa3KzTfYzpcS3l1JIAQon8tM4LBTh0/W2vGf+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDyX4Afst/HbwT/wAFmf2gv2r/ABP4F+y+APHHw38KaX4X1/8AtO1f7bd2aSC5j8hJTPHsLD5pEVWz8pNeV+FvgV/wUT/4Jk/tafHDxt+yT+yZpvx7+FXx18bSeOY9GtPiJYeHdW8L+IbhAL8SnUAIrm2mdUZWjbegUDaSDu+rv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD5Z/Zu/4J4/tY6F+zf+1/8c/2iNL0ST46ftT6PqTy+DfDeqJLZaLBDpFzY6PpIu5fLSWVFnKPOSsZLDnClz9Kf8Evfgz8Sv2df+CdfwV+BPxj8N/2P4q8JfDfStL8Q6V9shuPsl3DbokkfmwO8cmGBG5GZT2JrS/4Tj/goX/0a/8ABn/w/Grf/MvR/wAJx/wUL/6Nf+DP/h+NW/8AmXoA6P8Aa1/Z48Oftb/swfED9mHxZqUllp/j3whf6HcX8MYd7T7TA8azqpIDNGzK4BOCVANfn3pXhD/gubbf8E8NR/4Jg3n7Fvg9dW0z4bXHgey+PUPxTsX0zUdLjsmtI7iDTCq3YvZLYLEqzeVEJmEryIuVH3D/AMJx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB8RfFT/gnX+2P4k/4IW/s6fscaL8HvO+JHgTxJ4KuvFfhz/hINOX7DDYXolu2+0NcCCXy0GcRyMW6KGPFfQn7Zf7Lnx2+K//AAVi/Yv/AGl/AHgb7f4J+E3/AAsX/hYGt/2naxf2V/amhQWtj+5klWafzZkZP3KSbMZfauDXrP8AwnH/AAUL/wCjX/gz/wCH41b/AOZej/hOP+Chf/Rr/wAGf/D8at/8y9AHkv7TP7Lfx2+IP/BYf9mP9qfwh4F+1+A/h54P8aWPjDXf7TtY/wCz57+zijtE8h5RNLvdWGY0cLjLFRzXnP7dH/BP742+G/2+h/wUg/Zs/ZX+Hnx4i8ReBYPC3xF+EXj27tLK4lNtN5lrqmmXl5FJBHOqHyZI5dqsijBJbKfUH/Ccf8FC/wDo1/4M/wDh+NW/+Zej/hOP+Chf/Rr/AMGf/D8at/8AMvQB5T+wtoHx11P403Pij4k/8Eg/hr+zvoNn4fnWz1yw8VaNqevXl88sIWFV0q3EcNv5Xnl2M7MWEYC4yaj/AOCLn7Lfx2/ZM/Z6+Ifgb9oHwL/YGqa78ePFniLSrX+07W78/Tb27WS2n3W0sirvUE7GIdf4lBr1r/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD4b8N/sBftIf8ABPj4wfErRPhV/wAEvPhj+1F8MvH/AI+1Dxd4Y1C91zRdJ8ReFpb5lkn0y4OrRGO6tUkBMLxybwrNuBJ2r618R/2dv2nPjr/wSp/aF+Elv/wT7+H/AMHfHXj7wlqul+EPh34G8SadcPfh7ERwG9vI4bW1WdpnlUDcURNuZOTX0V/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AeY/F79mX43+KP8Agh5rP7H2heCfP+It1+zGfCdv4d/tK2XdrH9gi0+zfaGkEA/f/J5hk8vvu28147+1P+wb+134o/4JvfsdaR8I/hlp2sfFD9mnxR8PfFmsfD7UfEdvZjVpNH0z7NeabHe5e3SXe5CyljHiNiC2Vz9Yf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQBufsr/Fj4+fGP4cXHir9o39lPUfg9r0WrS20PhbU/F2m61JNbLHGy3QuNOkeIKzPIgQkOPKJIAZc+df8Fav2NtU/bv8A2APiF+z94O/d+LptMXVvAF2s6wvba/YyLdWLJKxAh3TRLE0mRtSV+2a6n/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD5+/4Ix/sr/tf+B9W+Mf7bP/BRfwBZ+HPjb8Z/FVmuo6LZ6raX0el6HplnHbWFuktrLLENxM8jBG5zGWAYEDzP/gvD4O/4KcfthfDvV/2N/wBmT/gmje+KvDFr4q8Pa3pvxPHxc8P2MV/9klgu5oRYXc0c8REgeDcxwSm8AqRX2b/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AZv7PXir41ftjfB7xP4T/b//AOCd9n8NrK6uhYt4H8V+LtH8W2mvWRRXaSUWgeEJv+XypASSucYxXZfBT9jz9kj9muTVJv2c/wBlr4c+AH1yGOHWn8FeCLDSjqEabtiTm1hTzVXe+A2QN7Y6muf/AOE4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD88v2GP8Agkr+2z8Lv+CgnhL4TfG3wLaw/ss/s3+NvGHi/wCA+pjX7Oc6pcatJCbCzltUmaeM2PnXkqyyRoPMDYyGXP0J/wAFK/8Agn58X/Gv7YfgH/go9+zb8DPAPxa8ReFfBl14O8Z/CX4jSwQW/iHRJLk3UL2V1cRSw2t7BcPIwaVdrJIRuXBD/RP/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AeJfsd6F+0Hr3x80jW/G3/AARP+GHwC0HTba5lu/GB8YaDqWsiZoWSOOzi0m2IQMzEPI8y/u2YBcnFaf8AwSy/Zb+O37OPxY/ar8TfGfwL/Y1j8Sf2kNX8U+Cp/wC07W4/tHSZoLdIrnEErmHcyMPLlCSDHKjIr1r/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegDwT9szWv2zPiF4z8RfCjx3/wQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV83/EL/gkT+3D4b/4Nt/iL/wTw0Dw7pviX4neKPE9vrHhrwFofiWMWGgWb+JbDUP7JtrzUJIkaO3ghmkLOyguzqpclS/6F/8ACcf8FC/+jX/gz/4fjVv/AJl66T9l/wCMvif48fCT/hPPGngew8OavbeKPEGhanpGl64+pW0U+laze6W7xXMlvbNKkjWZkG6GMgSbSDjJAPmz/gpB+yF+1LfftYfBv/gpT+w94a0XxV48+E9pqmi+Ivhzr+tLpkfizQb9AHggvHVktrmKTdIhkAQl8sfk2Scj4J/Z2/by/bx/4KKfCn9s39tH9nPTfgl4E+Aen6vN4J8At43s9f1bXtb1GBbeS8uZrHMENvFEqlEDs+9AeQ7Bf0DooA+P/wDgnn+y38dvgZ+27+198X/in4F/svw78UfiRo+qeBdR/tO1n/tO0g03yZZPLhleSHbJ8u2VUY9QCOa5z9mf9m39sX9n39rf9uX9ojQPg/plxN8StY0DUvg9HrXiK3jtPEM1lozwOkzQPJLZp5+2MtLGpwdyqwGa+46KAPyP/bZ/Y0/bo/4KYroXhX/hz14E/Z98fweMdM1af9pBvihouoajoK210k8stk2mwre3UjqhVVmEaZYE4IDr+uFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRX5wf8Fev2Rv2N/ht8MdZ8TfCH4TXMv7U3xb8RSwfBbXND1y7Pid/EssomF1b3LTGS0sLQHz5wClrFBGUKgMikA/R+ivib/gpD+zT+z5P4NtvjT8aP8AgmL4i/aU8ey+GPsF5f8AgyK1+0ae1vDkSRm4vYZbQPI7lXsYpZwQTsJC59R/4JLatrOt/wDBNb4L6l4i+O8XxMv38CWi3vjaKWd/7RlUFWDNcok7PEQYWaZElLQsZFV9wAB0Xgf/AJSF/FD/ALIz4D/9O3i+vZq+ePgF8TvDfxR/b9+L+oeGtN8Q20enfCvwPY3C+IvCOo6O7ypqvi4lokv4IWni+YYmjDRMchXJU4+h6ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAor5w/bY/bY8Vfs2eKtJ8D+B/Cmn3l7eaeL66utVWRoliMjxqiLG6HdmNiSTgDHBzx6/8A/itH8b/AIQ6J8UY9JaxOq27tLaM27y5EkeJwD3XchIPoRXzeB4tyLMeIMRktCo3iKCvNcrS6XtLZtc0b22ut9bfRY3hXO8vyHD5zXppYeu7QfMm+trx3V+WVu9ntpfsKKKK+kPnQooooAKKKKACiiigAooooAK8Z/YP/wCSIa5/2Wb4j/8Aqa63Xs1eM/sH/wDJENc/7LN8R/8A1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr4lm/wCCbn7cWjfto+Pf20vBX7fXgGfXfFYOneHF8a/AO41abwloCuXi0eylj8QW0aRZw8siwo9xKN8mcKq/bVFAHz98WvgN/wAFBvFniSa8+E3/AAUD8PeEtIvdMt4LrTrr4KQalPZ3Kwqk1xZTtqEYi8yQNKEuI7kIW25ZQBXc/sh/sv8AgD9jD9m/wp+zJ8ML/UrzR/Cti8MV/rFwJbu9mlmkuLi5mZVVTJLPLLK21VUFyAAABXpFFAHjPgf/AJSF/FD/ALIz4D/9O3i+vZq8Z8D/APKQv4of9kZ8B/8Ap28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFc58Vvi38N/gd4FvfiX8WPF1roeh6eoN1f3ZOAScKqqoLOxPAVQWPYGrhTnVmoQTbeiS1bfkiKlSnSg5zaSWrb0SXds6OiuJ+BH7RvwT/aa8IP47+BnxAtfEGmRXBgnmgikikhkAztkilVJIzggjcoyORkV21OrSq0Kjp1YuMlumrNeqYqNajiKSqUpKUXqmmmn6NaBRRRWZofP37XHw+8G/FD48fCHwH4v0GK8t9SvtWN2hZkeSCG2SUpvQhgu7BwDXu2haFo3hjRrbw94e0yGzsbOFYrW1t4wqRIBgKAK8j+I3/Ez/AG3PhxY9f7L8M6xeY9PMVYc/pXs9fI8PYbDPO81xigueVZQ5rLmahRpaXte3NJu199dz6vP8TiFk2WYRzfJGi58t3ZOdarra9r8qSvbbTYKKKK+uPlAooooAKKKKACiiigAooooAK8Z/YP8A+SIa5/2Wb4j/APqa63Xs1eM/sH/8kQ1z/ss3xH/9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP8A8pC/ih/2RnwH/wCnbxfXs1eM+B/+UhfxQ/7Iz4D/APTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK+cf+Cp/j74+fDf9ky+8R/s+S39vqA1WCPWtR0tT9psdOKSmSaNl+ZCJBCpccqrscjGR5j/AMEVP2gvjb8avAHjXQ/i/wCO7vxBFoF/Zf2Re6tfG4vR56zGVJHcmRkHlxlS2eWcA4GB49TOaNPOYZc4S5pR5lL7Ozdu/Tfo9DwKvEGHo8QwymVOXPOPMpacuzdu70Tu1onZH25RRRXsHvhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8m/8Fq/h1ofjv8AYN1zWda16WxfwtrFjq1gsabhdXBc2iwMPRhdN06MFPQGvrKvl/8A4KR/8V/rvwV/Zph+f/hN/irZ3OqQdfN0zTlNzdLj8YzntivZ4flOnnVCpF25JczflFSlL8E18zxOI4wqZHXpSV+ePKl5ycYx/wDJmn8il/wSo/YF8WfsP/DvxBd/EPxXa3+v+MJbOa9stOLm3sY4Fl8tAzqrNITO+87QOFAzjJ+raKK48wx+JzTGTxWId5y30t5Ky8krHbluXYXKsDDCYdWhBWV3d922+7bbCiiiuI7jxc/8TT/goEB1TS/hTn6SSah/8TXtFeMfDz/iZ/tu/EW+6/2X4X0izz6eYGmx+lez18xwt79HF1f58TXf3TjD/wBsPpeJ/drYSl/LhqC++Mp/+3hRRRX0580FFFFABRRRQAUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzv4x/4Kt/sC/D74iah8MvGnx5Om3mka+dE1jV7rwrqq6Lp2oiXyTa3GrfZfsFvIJDsKyTrhuDzX0RXxV/wU68e3/wC1pa61/wAEhP2bLK11Txj8QtCWP4p6/JAJbD4d+GLlsTX112a/uE8xLO1yHdz57FI49zAHrvx3/wCCmH7Fn7Nfj7Ufhn8X/ivfWWr6JaRXWvx6Z4M1jU4NHgkj8xJb24srSaGyQoQ+6d0G05zjmvaPCfizwv488Lab448EeIrLV9G1iwivdJ1XTbpZ7e8tpUDxzRSISro6MGVgSCCCK+dP21v2nZP2b/BWgfsifs0+EofGnxq8faQ+mfDvwdeSeZFBbxxLBLrerPg+Tp1su1pZGGZmCwxhnf5fSP2IP2Y9O/Yv/ZD+HP7Kml+JZtZj8B+ErPSH1adNrXksUYEkoXJ2KzliqZO1SFycZoAzPA//ACkL+KH/AGRnwH/6dvF9ezV88fALUvivqf7fvxfk+LPgvw9olzH8K/A6aZF4d8Tz6olxZjVfF2yaV5rK0MMpO4GJVkVQARI2SB9D0AFFFeR/teftrfBH9ifwbY+MPjFdahK2q3LQaVpOjWyTXd4yAGQoruiBUDLuZmAG5RySBW+Gw2IxleNGhFynLZLdmGJxWHwVCVevNRhHVt6JHrlFcD+zV+0r8K/2sfhXa/F/4QapPPpk87288F5CI7izuEALwSoCQrgMp4JBDKQSCDXfVNajVw9WVKrFxlF2ae6fYqhXo4mjGrSkpRkrprVNPqgooorI1CiiigAooooAKKKKACiiigAooooAKKKKACiiigAr5i/bB8L+IP2cPinp37fnws0ma5i0+BNN+K2iWi86noxIAuwvea3ODn+4oyQqNn6dqK/sLHVbGfS9Ts4ri2uYWiuLeZAySowIZWB4IIJBB6g1yY3CrF0ORO0lrF/yyWz/AEa6ptdThzDBLHYZwT5ZJqUZdYyWqf6NdYuSe5V8K+KfD/jfwzp/jHwnq0N/pmqWcd1p97btlJoZFDI4PoQQav18sfs5399+xf8AtB3H7Fvi68lPgrxTJPqvwg1O5clYCW33OkMx/iRmLpnkhuSTIqj6npYHFPFUbzVpxdpLtJb/ACe8X1TXmTluNeNw95rlqRfLOP8ALJb/ACekovrFp9wooorsPQCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvl/Uv+Lrf8FaNNs/9ZYfCj4VzXW7r5Op6nP5W32zajOfavqCvl/8A4J8f8XE+LXx+/aTl+dfEnxNbQ9NnPPm2Okwi3hdf9lt7fitevln7rDYrEdocq9aklH/0lSPGzT99isLh/wCapzP0pxcv/SnA+oKKKK8g9kKKKy/G/im18DeC9X8a3trJPDo+l3F9NDD9+RYo2kKr7kLgVnVq06FKVWo7Rim2+ySbb+STfyNKVKpXqxpwV5SaSXdtpJfNtL5nln7Pf/Ex/aR+NPiHr5ms6VZhv+uFmVx/49Xs9fFv7CP7V2oeLP2gPEHgzWPCsMY8eavdarFcW8jFrSVIWfymzwyeXGQDgHd7Hj7Sr4jw5znLs84ceIwk+Ze1rc2jVpSqzqde8Zwfz7po+08Qcnx+S8Qqhi48r9lR5dU7qNKEOn96El8uzQUUUV92fDhRRRQAUUUUAFFFFABRRRQAV4z+wf8A8kQ1z/ss3xH/APU11uvZq8Z/YP8A+SIa5/2Wb4j/APqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzFq3/AAR5/YM1X4keLfi3b+C/H2k6/wCO9fm1vxbd+Gfjn4v0mPUr+U5ed4bLVYogcYUBUCqoCqAoAH07RQB83fEX/gkt+w58Uvi/d/H3xR4L8bQeMb/QrLRr/wAQaB8Z/FWkz3NjaRiO3hk+w6nCHChcksCWcs7FnZmPuPws+GXhT4N/D/S/hj4HOqHSdHgMNkda8QXmq3W0sW/eXd7LLcTHLH5pJGOMDOAAOgooA8Z8D/8AKQv4of8AZGfAf/p28X17NXjPgf8A5SF/FD/sjPgP/wBO3i+vZqACvn3/AIKB/wDBPzwb+3t4N0TRtZ8a3PhzWPDlzNJo+sQWQukRJhGJo3hLpvDeVGQQ6kFB2JB+gqK6sHjMTl+JjiMPLlnHZ/h102OXG4LC5jhZYbEx5oS3X49Ndz45/wCCVOkaV+zC3jT9gjxrYix8aeHNdm1xbsuRF4k064EccWoQBidoVY4o3QE7CFyS28D7Gr5//bs/Z68aeOdJ0b9or9n9Fg+Kfw1ma/8ADbKP+Qta4/0jTJcY3pKm4KD0Y4BUOxr0L9mb9obwV+1F8GdI+MXgdmjhv4il/p8zfvtOvE4mtZRwQ6NkdBuBVhwwr0s2bzGP9px1c3aov5alt/8ADNK8ezUo9EeXlCWWy/suWigr03/NTvt/ig3yy7pxl1Z31FFFeGe8FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB5j+1t+znYftL/AAiuPB9vqJ0zxBp1wmp+ENejJWTTNTh+aGZWHIGflbHO1iRyARn/ALGn7Rl9+0B8M5rXxzpw0zx14TvW0fx3ojAK1tfx5UyKv/POUAupHH3lBO0mvXq+X/2uPDuufswfF+w/b5+GmlTT6fHDHpfxc0WzTJv9KJCx36qOs1udvPUoACVUOT5ONTwVdY2Hw7VF3j0l6wvr3g2uiPDzFPL8Ssxgvdso1V3h0n60769XByX2UfUFFUvDfiLQ/F/h+x8V+GNUhvtN1K0jurC8t33RzwyKGR1PcFSD+NXa9VNSV1se3GSkk07phRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBynx1+I1v8H/AIK+LfircsoXw54bvdRAbozQwO6r7ksoAHcmvNf+CaPw5uPhj+w58PNH1BW+26lov9s30kn33lvpGuyX77gJlXn+7iue/wCCr2sahcfsqJ8INCuTFqfxL8Y6P4U09k+9uuLpXcAd8xwup9mr6N0XSNP8P6PaaDpNuIbWxto7e2iXokaKFVfwAAr15fuMiiutWo38qcVFf+TTf3HjQ/f5/J9KVNL51JOT/wDJYL7yzRRRXkHshXP/ABX8V2fgb4Y+IfGN/HG8WmaLc3LRSqCsmyJiEIPXcQBjvmugrxn9ua9ub74PWXwx02Zku/G/ifT9EhKfeVZJg7t9NsZBPo1eNxFjp5ZkOJxUNZRhLlXeTXLBfOc4I9jh/AwzLPMNhp6RlOPM+0U+ab+UIyZV/Yl/Z0+H/wAMfhR4f8fxeFIU8Uazokc+o6nIztIVm/ehAGJWPCsikIFzt5ya9wqKys7bTrOHT7KERwwRLHDGvRVUYAH0AqWryLJ8HkOU0cDhoKMYRSdkleSSUpO27k0229XfVkZ3m+LzzNauNxM3KU5N6tuybbjFX2UU0kloraIKKKK9Y8oKKKKACiiigAooooAKKKKACvGf2D/+SIa5/wBlm+I//qa63Xs1eM/sH/8AJENc/wCyzfEf/wBTXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/ykL+KH/ZGfAf8A6dvF9ezV4z4H/wCUhfxQ/wCyM+A//Tt4vr2agAooooAK+Q/ipFL/AME8v2oD+0RpEbRfCL4o6nFa/Ea0jH7rw/rLnbDqwA+5FKTtlPqSTkmNR9eVi/EX4e+EPix4E1b4bePtGi1DRtbsZLTUbOUcSRuMHB6qw6hhypAIwQK9DLsZHCVmqq5qc1yzXePdf3ov3ovo12bPOzLBSxlFOk+WrB80Jdpdn/dkrxkuqfdI2IZoriJZ4JVdHUMjo2QwPIII6inV8t/sSfELxf8AAr4h6l/wTy+Oesy3eqeGrQ3nw08Q3ZwfEHh/JCJnoZ7cAoyj+FDgERlj9SVnjsHLA4h02+aLs4yW0ovVSXqt10aaeqNMvxscfhlUS5ZK6lF7xktJRfo9n1TTWjCiiiuM7QooooAKKKKACiiigAooooAKKKKACiiigAooooAKg1TS9N1zTLnRdYsYrq0vIHguraeMMk0bqVZGU8EEEgg9QanopNJqzE0mrM+Wf2ZdU1L9jv49XX7D3ja/lfwnrpn1b4O6tdyE/udxe40lnPV4mJZM8lSSfvoo+pq8s/a9/Zyg/aS+E0nh3SdT/svxRo10mq+C9fjO2TTtTh+aJww5CsRtbrw2cZUVB+xz+0bP+0R8LWuPFmmf2V408N3j6R450Jxtey1GL5XIXtHJjep5HJXJKmvJwbeBxH1KXwu7pvy6w9YX07wa/lPDwDeW4r+z5/A7ypP+79qn6wvePem1/IetUUUV657oUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5Gf8ABWn4aftXfFX/AIKLr4Q+Glnr3iOS30HTtT8H6b4e8yVtGtztikmfy+LY/a45GMrFQA8eW+7j9UfhDp3jnSPhP4X0n4n6kl54ltfDtlD4ivI2BWe+WBFnkBGMhpA5z718/fsHf8Xh+P3xx/a3uP3ltrHi9fC3heU8r/Z2loI2kjP9yWRtx/2kNfUdfU8RZlOrh8PlrhFewjFNpauTinJP0ur95Xb1PkuGssp0sRiczjOT+sSk0m7pRUmotebs7do2S0Ciiivlj60K8V+Jv/Fd/tmfD/wOp32/hXRL7xFfRjoWkxbQE+6uCR9a9qrxX9n3/it/2ifiv8VW+eC11S28N6a/ZBaR5nUH3kZTXy/Ev+01cDgP+ftaLf8Agop1pfK8aa+Z9Nw5/s9LG47/AJ9UZJf46zVGPztKo/ke1UUUV9QfMhRRRQAUUUUAFFFFABRRRQAUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFYnxMl+I0Hw38QT/B+z0e48Wpod23ha38RTSx6fLqIhf7Mt08IMiwGXYHKAsELFQTgUAbdFfA2rf8Edfjx+1JcP4i/4KH/8FS/jB4k1KdRLJ4I+D+rr4P8AC9grZIiW2hWSe6CEMqzzS+YwBLDOQILf/gh9f/s6qvi39h//AIKkftA/C3WIpo0tbTxT4vj8UeHZ5XcIi3GmX6BZizMqLiRW+bA5IoA/QCvk79pr9vn9rL9lrRfGfxu8df8ABPiSf4Q+A7m5m1zxTZ/FGzbW5dJgciXVbfSRbmN4RGGm8uS7jm2D/Vhvlr3n9nCL9oq3+C+i2v7WF14SuPH8AuItfu/AyXCaXdbbiVYJ4Uuf3kZktxC7xksEkd1VmVQx/O/9uf8A4KRfsZ/tkftO+I/+CdnxZ/bA8DfDT4NfD7WUtvjhe+JPFUGnal431CCUMfDVlHI6yR2KOgF7dYBlwbeI4MklAH01+2x/wUT+M/7KWt+CfEvgr9jg+Nvhj4r1zw1pl58SZPiHaabHZTazqUdjEsViYZrm4aMTQynKxIVkAD5DY+rq/On/AILuftn/ALIPw6/Zz+H3ws8R/H/wjpWsaj8TPh74p0fRZdTjSSfQYPElnK9/Eg62yRW8zbxwFib0r7u+DPxq+E37RPwz0v4y/Az4g6X4q8K60kraTr+i3QmtbsRyvC5Rxw22SN0PupHagDgfA/8AykL+KH/ZGfAf/p28X17NXzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPoegAooooAKKKKAPEv24f2Z9b+PPgGw8YfCrUV0r4leBb3+1/AOtAhStyuC9rITwYZ1UIwPy52kggEHc/ZD/AGmNE/an+Ddr4/t9ObS9bs5307xb4emBE2kapD8s9u6nkAH5lzyVZc4OQPUa+Sf2mNJ1T9hz9oWP9ufwHp80ngbxRJBpvxp0WzjLCEFtlvrSIOrxs22THJDdMyMw9vBNZlhvqM/jV3Sfm9ZU/SW8e01b7Z4WOTyzFf2hD+HKyqryWkanrDaXeDv9g+tqKr6Rq2l6/pVrruiahDd2V7bpPZ3dvIHjmidQyOrDhlIIII6g1YrxWmnZnuJpq6CiiikMKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvlz9q3QtY/ZR+NVl+3l8PNNmm0S5SHSvjBo1nGWNzYFgsOpKg6ywHAJ6lMD5RvNfUdVta0bSfEej3fh/XtOhvLG+tnt7y0uIw0c0TqVdGB4KlSQR6GuTG4X63Q5U7STvF9pLZ+nRrqm0cGY4L69h+WL5ZxalCX8sls/TpJdYtoboWuaP4n0Sz8SeHtShvLDULWO5sru3cNHPE6hkdSOoKkEH3q3Xy5+yzrOrfskfG+8/YS8fajNL4e1BZtV+DusXkhYzWe4vPpbOessBJZR1K5PAKLX1HSwWK+t0OaStJO0l2kt16dU+qaYZdjfr2H5pLlnFuM4/yyW69OsX1i0+4UUUV2HeFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFeZftmfGhf2ev2WvHPxejuRFdaToE39mOT/wAvsuIbYf8Af6SOvTa+XP8AgoH/AMXd+L3wT/ZCtv3kPinxt/b/AImhXkHStLTz3jk9FkcgA/3o8V6OUUKeIzGnGp8CfNL/AAwTlL71G3zPMzjEVMNltSVP42uWP+KbUI/c5X+R6b+w98F2/Z9/ZN8C/Cu5tjFe2OgxTasjDkXs+Z7gH1xLK457AV6tRRXJia9TFYidafxSbb9W2/1OzDYenhMNChT+GCUV6JJfoFFFFYm5neLvEdl4P8Kan4t1I4t9L0+a7n5x8kaF2/RTXm37EPhy90T9nLRdX1cZ1DxDJPrV/JjHmPcytIrfjH5dcF/wU2+LvjP4e/CnT/BvhizC2nit7i11XUDHnyokVD5I7AyBm567UbHqOv8A2Cfih4o+Kn7O+n6j4q0mO2k0m5bS7SWGHYlzBDHGEkC9BjcUOOMxnp0r87XEOXYzxOWVe97Shh5Ne6+XmqShKWvlTUUns22k7pn6A8gx+D8Nnmnu+zr14p+8ublhGcY6edRybW6STas0e0UUUV+iH5+FFFFABRRRQAUUUUAFFFfCX7d//BWv4hfsv/tIzfBH4efDLRr+00OK1fXbrWjN5l0ZoY59luY3URgRyKN7B/mz8uBz5+ZZng8pw6rYl2i2lom9X5I8vN85y/I8KsRjJNRbUdE27vyXo36H3bRWH8MvHNl8T/ht4e+JWmWU1tbeIdDtNTt7a4x5kSTwpKqNj+IBwD7ityu6EozgpR2eq9Hr+p6UJxqQU4u6aTXo0mvwaCvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11uqKPZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACmyyxQRNPPIqIilnd2wFA6knsKdWD8VPhn4F+NPww8SfBz4oaEuqeGfFug3mjeItMeeSIXdjdQPBcQl42V0Dxu67lZWGcgg4NAHyR/wUO0b48/s/8Axi0r/gp3+x/rs/i698L+GYtB+Lnwah1JGTxh4WguLi6WawQnCarZvdXUsXeZJHizyEk8y+A/jv4k/wDBbX9oDwn+1Hq+p6x4B/Za+G3iqz1r4XeFbqf7Fq3xN8QWU6y2+r30YbdFpttcRq0Fuf8AXSRiR8gBV+Rvij4F/wCDSPwT491T4cfC/wDYa8a/F3UNDu2tdZn+EFt4q1qztZlPzJ9qW/SGXH96J3Xnr1r2H/gm78Af+DYX49ftMaBp/wCzF+zXe+CvjR4N1S28R+HfCXj688SaVq8NxZyrcxXMMF5dmG6MbxeYY1MmFjYumwE0Afr1RRRQAUUUUAeM+B/+UhfxQ/7Iz4D/APTt4vr2avGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABVLxJ4c0Lxh4evvCfijSYL/TdTtJLXULK5TdHPDIpV0YHqCpIP1q7RTTcWmt0JpSTTV0z5O/ZK8R69+x78cLn/gn58UdVnuNAvUm1P4K6/fSEm6sMlptKdz1mtySVHUpn7oMa19Y15L+2X+zHbftP/CQ6Do+rf2P4t0K8TVvA3iSI7ZdL1OE7onDAZCMRtcc8HOMquK37FH7Tlz+0j8MJ4/GukjR/HnhO9bR/H/h5wFey1CPKs6rn/VS7S6EZH3lBOwmvaxyWY4b6/Be+rKqv7z2n6T69pp/zI8PASeW4n+zpv3Hd0n/AHVvT9YX93vTa/kZ7HRRRXiHuhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeUfth/s5N+0Z8Kv7N8N6n/ZXjDw/eJq3gjXkO17DUofmjO7sj42N1GCGwSop37H37Ry/tH/ChdZ17TP7K8WaFdvpPjbQJBtk0/UoflkXaeQjEb168HbklTXqtfLf7UOkap+yH8dLT9ujwJYTSeGtWEGk/GLSLSMtvtdwS31VUHWSEkK3cqQONztXkYxPA4j67H4dFUX93pP1hfXvBv8AlPCzBPLcUsxh8DtGqv7v2anrC/vd6bf8qPqSiq+kavpev6Ta67omoQ3dle26T2l1byBo5onUMrqw4KkEEEdQasV6yaauj3E01dBRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8ufAH/i+P/BRv4tfHGX97pnw70ez8B+HpTypuCftV+R2DpLhCeu1se1fQXxb+Iuj/CD4W+I/ip4gI+xeHNEutRuVLY3rDE0m0e524HqSK8e/4Jh/DrWPA37H+geJfFoLeIPHVzc+LfEE7LgzXF/IZlcjqD5Pkg57ivYwf+z5ZiMR1lamv+3ven/5LFL/ALePFxv+05rhsP0jzVZf9u+7D/yeTf8A26fQVFFFeOe0FFFFAHh/7R2m6d8Tf2gvhf8ABrVtPgvdOW6vdd1qzuYhJE8cEJSEOjAhlZ2dSCMc17RpWk6VoWnQ6PoemW9naW6BLe1tIVjjiUdFVVACj2FeO/Df/iuP20vH3jJvng8KeH7Dw/Zydi0pNzMB7qw2n617VXynDVOnicTjsyaXNVrTinZX5KPLSir2vbmjUdr2u726n1HEdSph8PgsuTfLTowk1d256vNVbte1+WVNXte2l+gUUUV9WfLhRRRQAUUUUAFFFFABXx5qnwC+D37X/wDwUk8eX/xT8C2utaR8NfCOjaYlvI8kccuozs92sknlsvnFIy0ZR9y4IBXgY+wmZUUu7AADJJPAFfNv/BNBW8Y/D/x1+0RcAs3xI+JWq6pYzEcmwjl+z26e4Xy5APrXkZlTp4rFYfDTScXJzaaurQjp/wCTSX3HhZtRpY3GYXCVIqUXKU5Jq6tTjpdP+/OP3H0hbW1vZ28dnZ26RRRIEiijQKqKBgKAOAAOMU+iivXPd2CvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACvPP2uvhx44+MX7KHxP+EXwx1gad4l8VfDzWtH8Pag0xjFrfXNhNDBLuHK7ZHRs9sZr0OoNU1TTND0y41rWtRgs7Ozgee7u7qZY4oIkUszuzEBVABJJOAASaAPzA/YO/wCC3P8AwTC/Yr/Zf8D/ALGv7ULap+zp4/8Ah34Xs9G8T/DzxZ4C1GDZewRLHcXUU1tbyQ3Ec8qvMJt++XzN7AliaqfGj9uH9mj/AILE/ta/s8eAv+Ccfh3WvH2pfCv41aX4w8Y/GSDwjeafpfhbRLNZGvdPN7dxRPJJeqyQi3QFJPvEnyxj9BfE3xp/Y48aW8dr4x+LPwz1aKJt0Uep69p86ofUB3IFeVftUf8ABRz4JfsrWvwj8N/CFvB/jCT4jfG3w18PxpGg+K7aI6TBqtw0LX6xwLJ5ghIB8vCBiwG9aAPqGiiigAooooA8Z8D/APKQv4of9kZ8B/8Ap28X17NXjPgf/lIX8UP+yM+A/wD07eL69moAKKKKACiiigAooooAK+VP2yfB3ib9l/4uWf8AwUP+DujTXUFnbx6f8YfD1kvOraMCAL5V7z23B3d0UZKqr5+q6ivbKz1Kzm07UbSOe3uImjngmQMkiMMMrKeCCCQQeua7cBjHgsRztc0WmpR6Si91+qfSSTWxw5hgljsPyJ8sk1KMusZLZ/o11i2nuUfBvjHwz8QvCem+OvBesw6jpOr2Ud3p19btlJ4ZFDKw+oPQ8joa06+RvgJe3v7A37SZ/Y+8VXcn/Cs/Ht3Pf/CDU7mQlNMvGbfcaK7HoCzb4snksBlmkO365qswwawdZcj5qclzQl3i+/mneMl0kn0aJy3GvG0H7RctSD5Zx7SXbvFq0ovrFrqnYooorgPQCiiigAooooAKKKKACiiigAorxn9vHwl8WfGn7P11ovwgju5rz7fE+p2dgx866swrh40A5Y7zGSo5IUjnofM/+CY9/wCNfCv/AAlfwh+JE2oadeWi2l7pfh3WIJIZ4Yn8wSyokgBCEmLOOAef4ufisXxhPB8aUMhqYWfJVjdVtoc1pNQWlm/da+JS5rWi1dn2WE4ShjODq2eQxUOelKzo7z5bxTm9bpe8n8Lja95J2R9ZUUUV9qfGhRRRQAVU8QaBovirQr3wx4j0yG90/UbWS2vrO4TdHPC6lXRgeoKkgj3q3RSaUlZiaUk09mfL37Juv61+yv8AGW+/YK+I+pzT6TJHLqvwg1q8fJvNNLFpdOZj1ltzkgdSmThV2A/UNeR/tk/s5XX7Qvwwj/4Q3UhpfjfwveLq/gXXEIV7PUIvmVC3/POTARgcjlWIO0Crf7Iv7Rtr+0p8JIfFGoaadL8S6VcvpfjLQZAVk03U4TtmjKnkKT8y5/hYA8g48rBN4Ku8FP4d6b/u9Y+sL6d4Nfys8TL28uxLy6fw2cqT7x6w9ad9O8HF/ZZ6jRRRXrHuBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfMf8AwVI1O/8AFfwl8Kfsu+Hrp49R+LnjrT9BkMJw8Ngsqz3c/wDuqsaBvZzX0rpemWGi6Zb6NpVqkFraQJDbQRjCxxqoVVHsAAK+VNE8U+GP2mv+CqCXfh3xHYarofwU8BSiGSyu0mRda1GTy5dpUkHbbrsbHKum04PFfWVezmUZYbB4fCtWai5y9aj0+6EY/eeJlco4rG4nFp3TkqcX/dpqz++cpfcFFFFeMe2FNmmit4XuJ5AiIpZ3Y4CgckmnV57+1f41Pw//AGcvGHiWOXZKNFktrZweRLPiBCPcNID+FcWZY2nluXVsZU+GnCU36Ri5fpb5nZl2CqZjmFHCU/iqTjBespKP63+RzP7DkMus/DDWfivdxsJvG/i/UdXBcfMIjMYo1+gEZx9a9orl/gn4LHw6+EPhrwOYtkmmaJbQTjGMyiMeYfxfcfxrqK4eGsFUy7h/C4er8ahFy/xyXPP/AMnnI7uI8bTzDPsTiKfwOcuX/BH3If8AkkIhRRRXtnihRRRQAUUUUAFFFFAHmP7aPxK/4VD+yj4/+IEdx5U9n4YuY7KTONtzMvkQn/v7IlWf2Rvhr/wqD9mLwJ8OZLfyp9N8MWi3qYxi5eMST/8AkV3NeY/8FI/+K30H4a/s5w/P/wALB+Jum2upQf3tOtmNxctjvt2RHFfSdeXS/fZvVn0hGMfnJub/AAUTxqH7/Pa0+lOEIL1k3Ul+Cggooor1D2Qrxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK4D9q74Nf8NF/st/Er9nz7QsX/Cd+ANZ8O+azFQn22xmttxI6Y83Oa7+sP4m+G/E/jL4b+IfCHgnx5c+Fda1XQ7uz0jxPZ2cVxNpF1LC6RXiRTAxyvE7LIEcFWKAMCCaAPz7/AGJP+Dc//gnj4f8A2Svh94e/bC/YR8DXnxO07wzb2njW/stVvJ47y+iXy3uA6TKrGQKJDhQNzkYFWfj/AP8ABvR+x7oXjf4K/FT9gv8AZr8D+BPFHw/+PvhXxZ4j1ebUb5Hn0HT7z7ReW0OTMHmfbEUVgoJXl177+r/tO/8ABdH9kqQ+Gfiz+wD4P/aS0i3Oy1+IPwf8axeH76eIcK93pGoByJ2xlhbyGJSeOOKZpn7cP/Bbf9o6QeGPgL/wSW0T4RpMdr+O/jt8S4Z7Wz9T/Zmmp9qmbHIwyrnAJAyaAPvuvhv/AIKN65+3T+xv8CPiX+3Pof8AwUFtvsvhCSXVPDPwr1H4aaWui6jAbhVtdGlnCtqEt1PuS3WeK4jzLIpEQHy19Wfs3+BPjF8Nfgvovg74/wDxr/4WJ4xtxcSa74vGgw6Yl7LLcSzBY7WElIYokkWBFyzbIVLMzFmPxD8ZtM/b2+Lv7fV38UP2g/8Agmn4+8c/C34Va7v+BvhTwt498IJpl/fx7l/4SjUUvtYgllusE/ZYHiVbVWL4MzFlAPQdZ+Kv7Zf7Z/7X3xC/Z9+AX7Q0/wADtG+EHgzw7Prc9r4Q07Wb/VfEWsWst6ttP9vjkjSztrdIA6RLHLI87YlQKK9i/wCCbX7UPi79sT9jLwh8c/iPodjpvim4fUdI8W2Wmbvs0eraZqFzpt40IYlliee0kkRSSQjqCSRk+QeIvBf7ZX7Ln7ZHxH/as+AX7I1z8T9F+OXhDw9JrXhi38baVpWoeF/EWl20tqone7mWGa0lt5IFeSB5ZEe2bbHIrAn17/gmz+y94v8A2O/2MfCHwM+I+t2Oo+KYH1HV/Ft7pm77M+ranqFzqV4sJYBmiSe7kjRiASiKSATgAF7wP/ykL+KH/ZGfAf8A6dvF9ezV88fAL4R/Cj4Qft+/F/TfhN8MfD3he21T4V+B9Q1O38O6LBZJeXkmq+Lg9xKsKKJJWCqDI2WIUZPAr6HoAKKKKACiiigAooooAKKKKAPN/wBq39m7wt+1T8GNR+FfiK5eyumZbvQNagyJtK1GLJguoyCCCrcHBBKsy5Gc1yP7DH7SPin4u+E9V+EnxttksPil8O7tdK8baecD7SQP3OoRdN0U6AOCABuzgBSufdq+Yv25vhb41+GXi7Sf2/P2f9Ha58VeCbUweMtDt/l/4STw8TunhYDrLEAZEPJG3oxRFr2cvnDGUXl9V2u702/sz7N9Iz0T6KXLLueJmVOeCrrMaKvZWqJfah3S6yp6yXVx5o9j6dornvhP8UvBPxs+G+jfFf4dawl9ouu2KXVjcL12nqjD+F1YFWU8qykHkV0NeROE6U3Cas07NPdNbo9inUhVgpwd01dNbNPVMKKKKksKKKKACiiigAooooAK8r/aV+D/AIi8Uw6f8XPhO62/jrwkxn0iToNQg582yl/vI4Jxnox6jcTXqlFefmmW4bN8DPC172lazWkoyTvGcX0lGSUovo11TafflmY4nKcbDE0bXV7p6xlFq0oyXWMotxkuz6NJrkvgl8YPDvxv+H9p450BGgdyYdR0+b/W2N0nEkDjggqfUDIIPeutrwX4t6ZqP7MHxQk/aR8H2MsvhXXJUh+IukWyE+SxOE1KNR/EpOHA65J6sWX3PS9U07W9Mt9Z0i9iubS7gWa2uIXDJLGwBVlI6gggg152RZlia/tMBjrLE0bKVtFOL+CrFfyzS1X2KinB7Rv6Gd5dhqHJjsFd4atdxvq4SXx0pP8Amg3o/twcJreVp6KKK+hPACiiigAr5Z/aU03UP2Nvj9bftt+DLGVvB/iJoNK+MOlWsZIRCwS21dUHV42YI+OSDgDLsw+pqo+JvDWg+M/Dl/4R8U6VDfabqdpJa39ncLuSeGRSrow9CCRXHjsK8VRtF2nF3i+0lt8ns11i2uxwZjgnjcPaD5akXzQl/LJbP0esZLrFtdixpupafrGnW+r6TexXNrdQpNbXMEgZJY2AZXVhwQQQQR1BqavmD9kPxLr37M/xa1D9gT4n6rNcWltBJqfwl1u7bJ1HSCSXsmY9Zrc5GOpQEgBVXP0/TwWKWLoczVpLSS/lkt1+qfVNPqPLsasdhudrlmm4yj/LJbr9U+sXF9QooorrO4KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK5X466LN4k+CHjLw7beKv7Ckv/AArqNtHrmSP7OZ7aRRcZXkeXnfxz8tdVXzz/AMFQfiBrXhP9krVPAvg98+IfiLqVp4P8PwhsGWe/k8t145/1Am6d8V25bQnicwpUoOzco69tU2/RJNvyWpw5nXp4XLq1WaulGWnfRpJebbSVtbvTU+Kf+CLP7D/7ROm/Gnw/+15rkA0XwSdJvGs3e/RpNcWWOW3VPKRi6IsmJcyhcmJCoOQR+rlYXwv+H+i/Cj4baB8MPDibbDw9o1tp1p8uCY4YljBPuQuT7k1u13cQ51Wz3MpYmaSS92Nlb3U3a/d66/5Hn8OZHR4fyuOFpttv3pNu/vNK9uyutPvd2wooorxD3grxX9sT/iqrz4d/BuP5v+Em8cW0l7F132VqDNMMf98H8K9qrxW//wCK6/bvsLbG+18C+B5bjd/zzvLyTy8e2YRn8K+X4u/fZXDBLfEVaVL/ALdlNSn/AOU6cr+T8z6bhT9zmc8Y/wDmHp1an/byg4w/8nqRt6eR7VRRRX1B8yFFFFABRRRQAUUUUAFFFVNf13R/C2hXvibxDqMVnp+nWkl1fXc7YSCGNS7ux7AKCT7Ck2krsTaim3sj538Xf8XR/wCConhPQB+8s/hh8OL3WHbqsd9qEotQh/2vJAcewr6Tr4f/AOCff7XHwV+Nn7afxf1i21q5TXPG17aDwpFeWxRbnS9Pt2jAQ5+WQrmVkIBwM8kMB9wV4+SV6OLoVMRTkpc9Sb08mopf+AxT9GeBw7icPjsNWxVKal7SrN6O+zUYr/wGKfpJBRRRXsn0AV4z+wf/AMkQ1z/ss3xH/wDU11uvZq8Z/YP/AOSIa5/2Wb4j/wDqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFfA37cvhn4jftw/wDBTnw1/wAE2dT/AGjPG3w3+GWl/A+X4ieJovhzrZ0vVPFl2+rnTYrF7xQXjtYFTzZET75nQN/CyfPn7Mnxy+LvhH/glD/wTm+KGjfGLxOniDxB8evD3h/XIR4guT/wkem6jc6nbXkF5HvxdokWJx5gbyzbBhgigD9fKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9ezV4z4H/5SF/FD/sjPgP/ANO3i+vZqACiiigAooooAKKKKACiiigApGVWUqwBBGCD3paKAPkLwgx/4J0ftTj4Z3beR8GPi7q7S+F5mOIfC/iF+Xss9I4LjGUHADAAABZGP17XFftDfAfwL+0t8H9a+DPxEtC+n6xbFFnjA820nX5oriMno6OAw7HGDkEg+V/sJfHjx1qg1v8AZM/aIux/ws34bFLe9unJxr+lnAttTiJ5cMpUOeSGILYL7R7mJ/4VMH9bX8Wmkqn96O0anrtGfnyye7Z4OF/4Scb9Tf8ACqNun/dlq5U/TeVPy5or4Uj6Jooorwz3gooooAKKKKACiiigAooooAh1LTrDWNPn0nVbOK4tbqForm3mQMkqMCGVgeCCCQRXhXwq1G//AGWvinH+zt4rvJJPB/iCeSb4earcOT9mkJy+myMe4JyhPXIHJbC+91ynxq+EXhv43fD+88B+I90Xm4lsb6IfvbK5XmOeM9Qyn3GQSOhNfPZ7lmJxHs8dgbLE0buF9FOL+OlJ/wAs0tHryTUJraV/fyTMsPQ58FjbvDVrKVtXCS+CrFfzQb1X24OcHvG3V0V5T+zV8XvEniIaj8Gvi3th8c+EyItS7LqVtwIr6P8AvK4I3Y6MRkDcAPVq9HK8zw2b4GGKoXSd009JRknaUJLpKMk4yXddU035+Z5biMpxssNWtdWaa1jKLV4yi+sZRacX2fRppFFFFegcAUUUUAeP/tnfs56l8fPhtb6l4A1EaZ498IXo1jwJrSkK0F9Hg+SzH/llKFCMD8v3WIO3B0/2S/2i9N/aY+EFt42bTjpuu2M76d4s0KQFZNL1OH5ZoWU8gZ+Zc87WGecgem18r/tDWV5+xX+0PB+2V4VtJP8AhBvFssGl/F3TbZCVtXLbLbV1Ud1ZgkmByG6FpCR5GLX1DEfXI/A7KovLaM/+3b2l/cf908LHp5Zi/wC0I/A7Rqry2jU9YXtLvB3+wfVFFRWV7Z6lZQ6jp13HPb3ESyQTwuGSRGGVZSOCCCCCOualr19z3U01dBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXy38Yv+L7f8FMfhv8ACWM+dpHwq8NXfjHW0HKNf3BFtZRt6On+uX2Y19RsyqpZmAAGSSelfLv/AATdB+LGu/Fn9su7HmD4jeOpbXw9Oed+i6aDa2rA9skSggcZQda9jK/3FDEYv+WPLH/FU938I87PFzX/AGjEYfBr7c+aX+Gn734y5EfUdFFFeOe0FFFFABXiv7KP/FXePvip8YnG4ax4yOmWch/jtrCMRIw9juP5V1P7TXx60f8AZ0+Fdz4+1OykuZ5ZxZ6Xax8ebdOjsgYn7qgIzE88L0JNecf8E1/if4X8Y/Ar/hB9Ktp4tT8OXLHWGnO7z3uZZZVmDd84ZcHkbO/Br4XM84yytx3gMplVXtYQq1eXq5OChBbWvyurNK+ybPt8tynMqPBGOzSNJ+znKlS5uiipuc3ve3MqUHpu0j6Iooor7o+ICiiigAooooAKKKKACvLv22fGnhvwB+yP8RvEfi2FZbE+Eb20e3Zyone4iNvHFkcjfJKi5HPzV6jXzR+3b/xd74r/AAh/ZFtv3kHiXxX/AG94oiHI/srTV85o5PRZZCFB/vR15+aVZUsBU5fikuVesvdX/pV/RM8vOq8qGWVeTWUlyR85T9xfjK78kzgP+Cd//BK7Sf2dvE/h/wDaR8d+O7nUvEZ0FJrTRF04W8ek3FzbbJld/MYzsqyPGDhByTgnGPtaiiqy7LcJleGVDDxtHd+b0u362/yKynKcDkuDWGwkOWO73u3ZXbv1dv0WgUUUV3HpBXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfDP7dXwS+E37b37f8A4b/Zcj13x78Lvit4E+EsvjrwL8dPh74iSyvra2uNSOnXWk+UyMLqAlIpJUf5QJYwCvmMWqf8E+/+CD/ww/Yq8VeCfGnxI/ah+IXxfuPhbZXNr8KdE8W3EUGi+ERcBhNcWljECv2lld1852YgNwAVVgn/AAVr/wCCfvhf44/FTwp+2n8Q/wDgqd4l/Zw074daL/Z2k6ppmpWGmW9pcTSzNPN9uuHjdTcI0MTwb/LkW1iyrEVxH7En7Pmq/Gr4o6N47+Bv/ByJ40+NOn+ENdsdS8ReENI1fRL6K9tYrhHe1u1tyZYoZgpiLYBIc4OaAP0pooooAKKKKAPGfA//ACkL+KH/AGRnwH/6dvF9ezV4z4H/AOUhfxQ/7Iz4D/8ATt4vr2agAooooAKKKKACiiigAooooAKKKKACvnX9u74E+Or46J+1x+ztZ5+Jnw23z2tpGDjxBpRybnTJQvL7lLNGOSGLBcM4YfRVFdWCxdTA4mNaGtt09mno4vyaun9+6RyY7B0sfhpUZ6X1TW8WtYyXnF2a+7Zs4v8AZ7+O3gX9pT4QaL8Zvh3eGTTtYtQ5hkI820mHyy28gHR0cFT24yMggntK+QfFIP8AwTn/AGqD8QrUGD4L/F7WFj8RxLxB4X8RPwl5jpHb3GMOeApBJICIp+vgQwDKcg9CK6MxwlOhONWhrSqK8X1XeL/vQej7q0tpHPlmMq4iEqVfStTdppbPtJf3ZrVdnzR3iFFFFeaemFFFFABRRRQAUUUUAFFFFAHk/wC0t8JPE2tnTvjX8IVWLxx4TzJYLj5dUteTLYyY+8GGdvoxOCN24dd8GPi54a+Nvw/svHvhksiTgx3llKf3tncLxJBIOzKfzBBHBFdVXgfxRsL79lb4qyftBeF7OR/BniO4SH4g6XboSLOYnampRqPc4kA65zyWyvx+ZRlw5mEs2pr/AGepb6xFfZeijiEv7qtGtbeHLU3pu/1uXNcQ4COV1H+/p39hJ/aWrlQb/vO8qN9p80Nqit75RUOn6hY6rYQappl3HcW1zEstvPC4ZJEYZVlI4IIIINTV9fGSkk07pnybTi2mrNBRRRTEFZ3i7wn4d8d+F9Q8F+LtJhv9L1WzktdQsp1yk0LqVZT9QT71o0UpRUotNXTFKMZxcZK6Z8x/sdeLPEX7O/xO1H9gL4r6tNc/2VbtqHws1u7bnVdEJJ+zFu81vypUfwqcAKgJ+nK8b/bS/Z11n44/D6z8TfDS+GnfELwVe/2v4F1YEApdJgtbOTwYplUIwPy52k5CkHc/ZT/aJ0X9pv4PWXxCtLE6fqsEr2PibRJQRLpepRYWe3dTyMN8y55KspODkDysDJ4Os8DN6JXpvvHrH1ht5xcX0Z4mXSlgMQ8uqPRK9JvrDrG/endLu4OL6M9Iooor1j3AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPFf+Ch/wAYLz4J/seeNfFGiO/9r3+m/wBj6FHD/rXvbxhbRlB3ZfMMgH/TM12P7M3wfs/gD+z94P8Ag3aIgPh7QLe1uXj6SXAQGeT/AIFKXb/gVeK/tcf8Xu/bY+CP7MEP72w0O8n+IHiqHqFiswYrHcO6tcM6kHjkda+o69jFf7NlNCh1m3Ufp8EPwUn8zxcJ/tOcV6/Smo0l6/HP8XBfIKKKK8c9oKKKKAPCv25NMsviPpXgv4ALAr3vi/xZDiQKDJa2tupe5nTIOGVGx9Gau4+AX7OPw2/Zw8PXPh/4ewXbm+mEt9fahMsk9wVBChiqquFBOAFA5PcmuP8AA/8Axdb9svxP44b95pvgDR4tC0w/wm9n/e3Lr/tKP3R9iK9tr4nI8twGZ55is/qUoupzulSm1qqdJezk0/79T2mu9opJpaP7PO8xx2W5Lhsip1ZKnyKrVino6lV+0imv7kPZ6bXk203qiiiivtj4wKKKKACiiigAooooAK+aP2bv+L2/tx/Fv9oaX97pvhFIPAXhmXqA0JE9/jtkTlcEdmr2X9ob4sWPwL+Bvir4u35TGgaJPdQxydJZwpEMf/A5Ci/8CrjP2APhNffB/wDZO8J6Jr4dta1WzbWtflmH7yS8vGNw+/1ZQ6xn/rnXl4n/AGjMqNHpC9R/L3Yfi5P5Hi4z/as3w+H6QTqy9V7kP/JpSl/26ey0UUV6h7QUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5qf8FB/D37J3xH/AOC1/wAJvh5/wUpm0Gb4VRfBC9vvhVo/j+5SPw5qPjP+1xHeJMsxEE9wtj9l2RTZU+YcAsUB5f8AbR+GP/BOT4L/ALdX7Kus/wDBO3w98OPDPx21D436XY6jo3wfjs7WW+8GSRT/ANtvqNrYYjNutsCwllXduQBCQr4+sv2nbr9lf9sD9rG1/wCCX37Rv7L2j/EGzPwwf4hahqHiGKKS30mL+0P7Ot1hBXzVuJX+0YkjZCqROMndg8UP2e/+Cdn/AARn8W/DjxF+zr+xB4f0KX4tfE7Tfh9deKtIYvf6XLqIl+zM01yZJmt3nhjjaNJFG6SNiG28AH2tX59f8FtP2UvgJqeq/B39rrUvAz3HxC079ob4a6Rp+uz6vdutrZnxLbbkitjL9njZhI4aRYw7A4LEAY/QWvlX/go3+wp+1L+25feGNF+F/wC2P4a+HnhTw14h0LxJHoupfCRtcup9b0vUTewXBuhqtqFgYpbo0HlE/u3PmfPhQDxr/gpRP+zLd/8ABSX4e6B/wU71vSLT9nqf4QanJ4Si8c6gbbwvceNF1GLzheszLA1yun7TbLcHHM5j/eV0P/BAX45p8Xf2fPi74L8MaxrWoeBvhv8AtCeIvDXwqu9fe4e4HhcR2l7p0W+5/fPGkV7tiMhLCDyR2AHuPjz4Fft7+J/hr4W8O+Hv23fBOneI7C2uY/GOs3nwOF5Za1I8qtBNb2baqrWTxINozNOrE7ivAA6z9kT9lnwt+yN8KJvh7ovinU/Eeraxr994h8ZeLtbEYvfEGtXsplu76ZYlWNCzYVY0UJHHHHGowgoA4n4BfE7w38Uf2/fi/qHhrTfENtHp3wr8D2NwviLwjqOju8qar4uJaJL+CFp4vmGJow0THIVyVOPoevGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBzvxb+FXgn43/DbWfhP8RtIW+0XXbF7W+t24O08h1P8LqwDKw5VlBHSvBv2Gfip42+HHivVv2Bv2gtXa48WeB7VZvCOuXHH/CS+HidsFwpP3pYgBHIMkjaOWKu1fTdeEftz/s3+Kvi14W0n4wfBC4Sw+KXw6u21TwXf4x9rwP32ny8jdFOgK4JA3YyQpbPr5bXpVISwWIdoTd039ieyl6P4Z/3WnvE8fM6FalUjj8Or1IKzivtw3cf8S+KH95NbSPd6K85/ZU/aQ8K/tUfBfTfit4bt3s7iQta67o0+RNpWoRYE9rICAQVbkZAJVlbAzXo1ebXoVcNWlSqq0otprs1/X69T0sPXo4qhGtSd4ySafdP+vzW6CiiisjYKKKKACiiigAooooAKr6tpOm69pdzoms2MV1Z3kDw3VtOgZJY2BDKwPUEEirFFTKMZxcZK6ejXdMcZShJSi7Napng3wf1bUv2Zfien7NPjO+ll8MazJJP8OdYuXJ2c5fTZGP8AEpOUz1BA/iVR7zXI/G/4PeH/AI4fD+68E65I9vKWE+l6lDxLYXacxzoRggg9cEZBIzzXNfs1fGHxB4uttQ+FPxVjW28deE3FvrUPQX0X/LO9i6bkkGCcdCegDKK+SyuUuHcwjlFV/uJ3eHk+ltZUG+8FeVK796neGrpa/WZnGPEGAlm1Jfv4WWIiut9I10u03aNW3w1LS0VTT1Oiiivrz5IKKKKACvlb4721z+xD+0fF+1v4dt3X4e+ObiDTPixYwISmn3RbZbauFHTltkhHXcThmkBH1TWX418GeGfiJ4R1LwJ4z0iK/wBK1eyktNQs5h8ssTqVYe3B4I5BwRyK4sdhXiqK5HacXzRfaS/R6qS6pvsjz8ywUsZQXs3y1IPmhLtJd/7rV4yXWLfVI0bW6tr22jvLO4SaGZA8UsThldSMhgRwQRzmn18zfsZeMvE3wI+Iep/sB/F7V5bm68P2xvvhrrd0cHWdBJO2LPQzW+ChUfwqcDbHk/TNXgsUsXQU7Wa0kusZLdfJ7Pqmn1Ly/Gxx+GVS3LJNqUesZLSUX6PZ9U01owooorqO0KKKKACiiigAooooAKKKKACiiigAooooAKKK8B/4KUfteap+xf8Asz3HxL8N6Et/rOq6pHo2ieaxEVtczQzSCeTHJVFhc7RjLbRkAk104PCV8fi4Yairzm0l6v8Ap/ccuNxlDL8HUxNd2hBNv0X9JfM5n9iX/i9P7Unxx/axuP3tm3iGPwV4UlPRbLTlH2h4z3SWdlfPqpr6kr4f/wCCFP7Qtj8Tv2atS+DCeEvsF34AvUNzqCSFl1IX0tzMJWLc+aGSQNyRjZjHQfcFenxJRq4bOatCatycsUv7sYpRfzXvesmeVwxWpYrJKWIg7+05pt/3pSk5L5P3fSKCiiivDPfCsb4ieNNN+HPgPWPHmrkfZ9I02a7kUnG/YhYKPckAD3IrZrxT9sqebxla+EP2d9OlYTeOvEkUeoKjYYabbET3LDHphPrzXjcQ5jUyvJa2IpK9RK0F3qTahTXznOPyTPXyDL6eZ5xRw9V2pt3m+0Ipzm/lCMvm0a/7GngvUvCnwI07WfEIJ1jxRcS6/rEjDBee6bzAT6ER+WCPUGvVKbBBDawJbW8SpHGgWNEGAqgYAA7CnV05Tl1PKcro4Km7qnGMb92lq35yk5SfnJmGa5hUzXM62MmrOpJyt2TeiXlGKjFeUUFFFFegeeFFFFABRRRQAUUUUAfNH/BQZj8VfEvws/Y/syZF8feMkvfEUK850bTgLm4VvTcwj2k8EoRzX0sqqqhVUAAYAA6V+XvwT/4KSz/F3/gpzovxD8QfDkf2ZrUCeDPDdqJW8/TIbi7UpcsD8rSM7fvMAYRiATt+b9Q6+fyPHYXNKuIxNGV/eUfSMV7v33lI+X4czLBZzXxeMoS5vfUNmrRhH3d/5m5y+avqFFFFfQH1AUUUUAFeM/sH/wDJENc/7LN8R/8A1Ndbr2avGf2D/wDkiGuf9lm+I/8A6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFeW/tyfE7xJ8Ev2KfjB8Z/BkjprHhH4W+INa0po1ywubXTbieIgdzvjWgDwT9vv8AZe/bY8PftVeE/wDgo3/wTph8J69470TwTP4L8b/DjxxfPaWfinQHu/tkK290vFtdwXJkdWfCsJSCcApJ574c+Cv/AAVb/wCCif7Q/wAL/F37f3wI8DfA74U/CLxva+NbbwVoHjJNf1nxNr9mr/YGluYAIYbSGRzKV+8zKAQ2Q8eX+2V+1/8AHL9j/wD4N4PCXxe+H3xZ1XxF8WfGfw88KaP4c8XajeG4vb/W9aS2827SR8kyKk1zNF12mOMdFrzm7/4J+ePf+CNHxT/Zv/aF+FH7aPxa8bar49+MmgfD7416J458WvqGl+JV1oSQPfxwOoMUsFyFkjJZ2CdXOH3gH600UUUAFFFFAHjPgf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB8i/Hazu/2A/2lh+134XtZB8MPiBeQ2Hxc023QlNKvmbZb60qjoCzbJcDksT8zSLt+trO8tNRtItQ0+6jngnjWSCeFwySIwyGUjgggggjrVDxr4M8MfETwjqXgPxro0Oo6RrFlJaajY3C5SaGRSrKfwPUcjqOa+Z/2MvGfif9mT4s3v8AwTu+MmszXUen2z6h8IPEN43Or6ICSbNm6Ge2wRtH8CnACopb3J/8KuB5/wDl9RWvedNaJ+cqeifeFn9lngw/4SMf7P8A5c1np2hUerj5RqatdFO6+2j6rooorwz3gooooAKKKKACiiigAooooAK8k/aV+FHie9udP+PPwdhC+NvCiloYAPl1ey6y2UgH3sjJT0YkDBII9borzs1yzD5vgZYatdXs1JaShJO8ZxfSUZJNP1TunJP0MrzLEZTjY4mlZ2unF6xlFq0oSXWMo3TXo1ZpNcx8H/iv4X+NXw/sfiB4UmPkXabZ7aQ/vLWdeJIZB2ZTx7jBHBBrp68C+Itnd/smfFeT45eHraRvAnim7SLx1p0CEjTbpjtTUUUdFJOJAOpPcldvvNneWmoWkV/YXMc0E8ayQzROGWRGGQwI4IIIINcGRZniMUqmDxtliaNlNLRST+CrBfyVEr215JqcHrFX7s7y3D4ZwxmCu8NWu4X1cWvipSf89Nu19OaDhNaSdpKKKK+gPBCiiigDxb9tf9nnxB8ZfAth46+FF0th8RvAl5/a/gjUhgFplAMlm5PWKdV2FScZ25+UEHpf2W/2hvD/AO038HdP+Jmj2rWV7ua01/R5ciXS9Riws9s4PIKtyMgEqynAzivRK+VPjRDN+wx+0vH+1FosTR/DX4h3kOn/ABQtIl/d6VqLHbb6uFH3VYnZKfViTuZ1x5GK/wCE/E/XF8ErKp5dIz/7d2l/daf2Twsb/wAJeM+vx/hytGqu3SNT/t2/LP8AuNN/AfVdFNhmhuYUuLeVZI5FDI6NkMDyCCOop1eue6FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfG/iLwh4f/wCCmP7WGq+H/F1i2pfBf4QyTadLbLcSRw+IfEkkZSYh42ViltG2AVIIcgglZDXpn7fnx98X/DP4faZ8Hfgq3m/Ev4m350PwbAjYa13AfaL9sfdSCNt27naxUkEBq9C/Zq+AfhD9mT4J6D8FvBa77bR7QLcXjriS9uWO6a4f/aeQs3sCAOAK9zCSlleCeMTtVqXjT7pbTmuz+xF93JrY8HGRjm2OWCavSp2lU7Se8Kb7r7c12UE9yT4Efs5fBP8AZl8IP4E+Bnw/tfD+mS3BnnhglklkmkIxukllZ5JDgADcxwOBgV21FFePVq1a9R1KsnKT3bd2/Vs9qjRo4ekqdKKjFaJJJJeiWgUUUVmaBXiXw9/4ur+2J4t+IL/vNN8C6XF4d0puqm7kPm3Tj0Zf9WfYivUfiX440/4a/D7WvH+qYMGkabNdMhON5RSVQe7HCj3NcV+xz4I1Dwb8BdKvdfy2r+IpJNc1mVhhpLi6bzMsPUIY1PutfLZt/wAKHEGCwC+GnzYif/bnuUk/WpOUv+4fkfT5X/sGQ4zHP4qlqEP+3/fqtelOEY/9v+Z6jRRRX1J8wFFFFABRRRQAUUUUAFcl8ePirpnwP+DHif4uavtMPh/RZ7xY3OBNIqHy4vq77UHuwrra+aP+Cgzv8V/EPww/Y5sXLj4geLkvPEkSnP8AxJdPxc3Ct/d3MI9pPBKEc1xZjiJ4bBTnD4to/wCKT5Y/i19zPOzbFTweX1KlP47Wj/ik1GP/AJNJP0TKP7AH7Cvwh+HPw48IfHzxt8PYLr4mappp1TU9cvJpWeGW7Zptqwl/KidEkWMsqBuDzya+paRESNBHGgVVGFUDAA9KWqwWCw+Aw0aNGKSVr2Vruyu33b3bLy7LsLleEjh6EUkkr2SV3ZJyfdvdt66hRRRXWdwUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFUvEvhvQfGXhzUPCHirSYL/S9VspbPUrG5TdHc28qFJI3B6qysQR3Bq7RQB+eHwo/4N5Phj4A+LfgHUvGv7aXxf8AHPwo+E3iaPxB8L/gn4r1lLjSNEvoSxtdz433EVuWIiQgFV+Usys6v9UftS/sc6X+1T8UPg5418WfEG+sdG+EfxAHjFPDVtZo0es6nDbSw2Tyyk7o1gaaWQBQdzEZxtBrw39qH/g4M/4Jm/sr/GDUvgBrnxP13xj4y0SZote0L4c+FbnWH0yRTh45pYlEIdTlXQOXRgVYKeK9I/YQ/wCCtH7CX/BR641TQf2X/jGL3xFoUXm634P1zTJ9N1ayj3BTI1vcKpkjDMqtJGXRWZVZgSBQB9I0UV4X8d/+ClX7E37M/wAc/Dv7Nfxp+NqaT438VXum2mi6FB4f1G9aSW/ufstmJZLW3kjt1lmyivMyLkckDmgD3SivLf2k/wBtH9mv9kh9Ds/jv8Q5NO1DxNLPH4d0LSdBvtX1PUzCoaZoLHT4J7mVI1ZS7rGVTeu4jcM7v7P/AO0Z8E/2pvhvB8W/gD8QrPxJoE91Nam8tUkje3uYXKTW88MqrLbzIww0UqK6nqozQBx3gf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV41+2x+zHd/tHfDK3uvAuqjR/H/hG9GsfD/xAhCtZ6hHgiNm/wCeUu0I4OR91iG2AV7LRW+FxNbB4iNak7Si7/8AAa6pq6a6ptHPisLRxuGlQqq8ZKz/AEafRp2ae6aTPJv2Nf2nLT9qD4Rr4j1XSTo/ivRLt9J8ceHJQVl0vVIflljKnkIxG5DzwcE7lYD1mvk79rHw7rn7HPxzt/8AgoD8MNKnn8O6gsOmfGvQLGMsbixyFh1ZEHWaAkBj1KY+6DI1fUnhzxFoXi7w/Y+KvDGqwX+m6laR3Vhe20gaOeGRQyOpHUFSCD7125lhqK5cVh1+6qXsv5ZL4oP0vePeDT6M4csxVaTlhMS71adrv+eL+Ga9bWkuk1JbNF2iiivLPWCiiigAooooAKKKKACiiigCrrei6T4k0e68P69p8V3ZXtu8F3bTLlJY2BDKR6EGvEvgtrerfs4fEpf2XvHeoSzaDqJef4b61dNnfFnL6fIx/wCWkefl9QQOMote71xvx1+DeifHDwDP4Q1O4e0u45FudG1WHiXT7xOY5kI5GDwQCMgkZHUfO57luKqunmGAS+s0b8qvZVIPWdKT7TteLfwVFGW3Pf6DJMxw1JTwGOf+zVrcz3dOa0hViu8b2kl8dNyjvy27KivMP2a/jJrnjrTr/wCHHxOt0svHPhSQWviC06C5X/lneR9N0cgwcjgE9ACufT69PLMywubYGGKw7fLLo1ZxadpRkukoyTjJPZrtZvzcyy7E5VjZ4Wuvej1WqkmrxlF9Yyi1KLW6fqkUUUV3nCFZHj3wL4W+JvgvVPh7430iO/0nWbKS01C0lHEkbjB56gjqCOQQCORWvRUyjGcXGSumTOEakHGSuno13T3Pmn9izx14q+DfjbVf2CPjLq0lzqvhS2+1+ANbuuDrnh8kiLB7ywY8tlHZcDIjLH6WrxL9tr9n3xN8VvB2m/E/4OzLZ/En4f3Z1XwZfAYM7AfvrF+m6OdBsKkgbtuTtLZ639mP9oLwx+018HdM+KnhyFrWWcNb6xpUp/e6bfR/LPbSA4IKt0yASpVsDdXl4GUsJVeBqPZXg31h29YbPvHlfc8bLZzwNd5dVd+VXpt/ah/LfrKnpF9XHkl3PQKKKK9Y9sKKKKACiiigAooooAKKKKACqmv69o3hbQr3xN4i1KGy0/TrSS5vry4fbHBDGpZ3YnooUEk+gq3Xyp+29r2s/tMfF3w//wAE7vh1qc0Nvq8aa18WdUtHIbT9CjcFbXcPuy3LhVA6hdpIKua7cvwf13EqDfLFXcpfyxWsn92iXVtLqcOY436jhXUiuabajGP80npFffq30ipPoH7EWg6z+0z8XvEH/BRD4iabNDbatHJonwl0u7TDafoUbkNd7T92W5cM2eoXcASjivquqmgaDo3hXQrLwx4c0yGy0/TrSO1sbO3TbHBDGoVEUdgFAAHoKt0ZhjPruJc0uWKtGMf5YrSK+7VvrJt9Qy7BfUcKqcnzTbcpS/mk9ZP79EukVFdAoooriO4KKKKAPE/2xZZPHD+DP2c7F2L+NvEcZ1RUPI021xPcHjp0THrg17VFFHBEsMMaoiKFRVGAAOgFeKfDP/i6n7XvjP4lSfvNO8FWEXhnR26qblj5t2w9GVv3ZPowr22vluHf9uxmNzR7VKns4f8AXuhemreUqntZeejPp+IP9iwmDyxb04e0n/18rWm7+cafso+WoUUUV9SfMBRRRQAUUUUAFFFFABXzP+z/AP8AF9P28vij8fJT52k+A7SHwJ4ZkPK+eh8/UGHYMspVMjkq+K9l/aJ+Len/AAH+Bnir4v6iUK6Bos91BHIeJZwuIY/+BylE/wCBVxv7Afwk1D4O/sp+FtG8Qh21zV7Ztb8QzTD95Je3jGd9/qyh1jP/AFzry8T/ALRmNGh0heo/l7sP/JnJ/I8XGf7Vm1DD9IXqy+XuU1/4E5S/7dPZaKKK9Q9oKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK8r/bo+K+v/Af9iT4x/HHwpceVqngz4V+Idd02UDOy4tNNuLiNvwaMGvVK4P9qX4ffC/4tfsx/Eb4VfG/xX/YPgvxN4D1fSfF+uf2jFZ/2dpdzZSw3Vz58wMcHlwvI/mSAom3cwIBoA8i/wCCQH7Lfwr/AGU/+CePwr8KfDjwxa2t9rngjS9c8XawsI+1a3q93ax3F1d3Mv35naWV9pcsVQKgO1QK8s/4Kx/DLwV8L/2mP2Vf25/BGg2umfEGx/aK8PeBtT16zhWOfVNA13ztPubK4ZQDOitJFJHv3eWVfbjeTXzRpX/BO/8A4I0aFpdtomif8HE3xZs7Kzt0gs7O1/bK0aOKCJFCpGiKgCqqgAADAAAFdH8I/wDgnb/wR5vPjv8ADnxFYf8ABcL4g/EnXfDPxD0XXfCPg7xL+1No+tW2o6zaXsU1lF9j8stOzTKqBI8SNvKqQWoA/WCvj3/gtP8A8kB+FP8A2dF8NP8A1JbOvsKvBf2sf+CZ37HX7b/i3TfG37S3gfxLrd7pFvaxadHpvxN8QaRawm2uJLiCYW2nX8EBnSWRnWcoZRhBvwiBQDwv9tS2+LnjL/grV8J/Cn7HPiPQPDPxZ0T4K+IdS13xJ49sZNQ0OXwtPqVhC1mLCF4p7i7N7FBIskVzbiKON95lEioN/wD4IvSX+leEPjx4B+IKxXHxK0T9ojXD8V9c025V9L1nW7i0sbgXVggjQ21v9kktI/sz7pInicPJKxMj+qeM/wDgmR+xZ8QvAfg74f8AjD4YatexeAI7mPwfrrePdbTXtMjuGLTomsJeDUGSQn5la4ZSFUEYRQPQ/wBnr9mz4G/sp/DpPhR+z78ObLw1oQvZr2a1tXkkkuruZt0tzcTSs8txO5A3Syu7tgZY4FAHmHwC1L4r6n+378X5Piz4L8PaJcx/CvwOmmReHfE8+qJcWY1XxdsmleaytDDKTuBiVZFUAESNkgfQ9eM+B/8AlIX8UP8AsjPgP/07eL69moAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigCtrGj6V4h0i60DXdOhvLG+tnt7y0uYw8c8TqVdGU8MpUkEHqDXyn+zHrGq/sQftBSfsKePtQmk8E+JHn1P4K63eSFhGm7fcaM7nq8bNujzyQ3XLoo+ta8t/a/8A2ZtG/an+Dlz4Ek1JtL12xuE1Lwh4hhJWbSNUh+aC4Rl5Az8rY5KscYOCPUy3E0Yc2GxD/dVLJv8AlkvhmvOLeq6xcl2PKzPC1p8uKwy/fU7tLbmi/ig/KSWj6TUX3PUqK8T/AGH/ANpnWfj58Pr7wr8UdNXSviT4Gvf7H8f6IwCmO7TIW6QDgwzqpdSPlzuAJCgn2yuPFYWtg8RKjVXvR+59mn1TVmn1TTOzCYqjjcNGvSfuyXzXRpro00010aaCiiiuc6QooooAKKKKACiiigAooooA8h/aU+F3ilNRsP2hvg3bD/hMvC8Z8yzXga1p+cy2bgfeOMlO4PTkqR3fwm+KPhb4y+ArD4heELkvaX0WWif/AFlvKOHicdmVsg/mMgg10deA+Oba4/ZF+LUnxe0WB/8AhX3i69RPGVjEpK6RfOdqX6KOiOTh8dz3JQD4/ME+GsxlmcP92qte3XSEtIxrpdto1v7vLV3hNn12Aa4jy+OWz/3mkn7B/wA8dXKg/PeVH+9zU9pxR79RTLa5t7y3ju7SdJYpUDxSxsGV1IyCCOCCO9Pr69NNXR8k007MKKKKYgr5U+K0cn7CX7TqftEaWjRfC/4mX8Vl8RbZB+60XVmOINUwOFSQkrKeBkljuZkA+q6xfiN8PvCXxX8Cat8N/HekpfaRrVi9rf2z/wASMMZB/hYHDKw5VgCORXFjsLLE0k6btUi+aL7Nd/KSvGS7PukedmWCnjKCdJ8tWD5oPtJdH/dkrxkuqfdI2Y5I5Y1licMrAFWU5BB7ilr5s/Ym+IXi34XeK9X/AGEPjXqr3HiDwZbC48Gazc8HXvD5O2CQeskPEbgdAAOdjNX0nV4PFRxlBVErPZp7xktGn6P71ZrRmmAxsMfhlVSs9VKL3jJaSi/NP71ZrRoKKKK6jtCiiigAooooAKKKKAOF/aU+PnhD9mT4Ka98afGrbrXR7Qtb2aNiS9uWO2G3T/aeQqvsCSeAa89/YD+Afi/4a/D/AFT4yfGpPN+JfxOvxrnjKZ0w1puH+j2C5+6kEZ27f4WZgCQFrhdS/wCM8f23U0Nf9J+FnwJ1MS33eDXPFePlj9HS0UnPo+QQVkFfW1e1if8AhOwCwq/iVLSn5R3hD/2+S7uCex4WF/4U8weLf8OleNPzltOf4ezi+ym1uFFFFeKe6FFFFABWB8U/Hdh8MPhxrfxB1LaYtI0yW52MceY6qdifVm2qPc1v18Z/8FRfjv4r0bU9P+A2jGGLTL7TYdS1Z9oZ7gidxHCc/dUNCHP97I7DB+T444lo8JcMYjMZ35kuWFlf95O6h8k9X5R8z6rgvhyrxVxJQy+FuVvmnd29yNnP5taLzfke/fsfeA7/AMCfATRzru5tW1zfrOsyuMO9xdHzTu/2gpRT/u16dXDfs1fETxB8V/gX4c+IHinR0sb/AFGyZri3jjKIdkjxh1U9FdVDgejiu5r0uHIYOnw/hI4Rt0vZQ5W1ZtOKd2nqm7uTv1k/V+bxDPF1M+xcsUkqntJ8yTuk1Jqya0aVklbol6Iooor2jxwooooAKKKKACiiigD5n/b5J+L3j74VfsdWhMkPjLxWNW8UxLyP7H04CeVH9BI+0KT/ABR4r6YAAGAMAdAK+Z/2bP8Ai+X7b3xY/aMm/faX4RWHwF4WlPK7oCJr9h2z55UBh1ViK+mK8vLf3062Kf25WX+GF4r73zs8XKf9oqV8a/8Al5K0f8FO8F98ueXzCiiivUPaCiiigAooooAK8Z/YP/5Ihrn/AGWb4j/+prrdezV4z+wf/wAkQ1z/ALLN8R//AFNdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK83/bJ8cfDT4ZfshfFX4k/GfwKPFHg7w98N9c1PxZ4ZMMcg1fTINPnlurPZIQj+bCjx7WIU78HjNekV5F/wUD+Ffjn46/sF/G74I/DDSF1DxL4y+EXiXQ/D1g9zHCLm+u9LubeCIySMqRhpJEXc7BRnJIAJoA+Wfif+xr/AMEMfgv+xzpn7bnxJ/4Js/Da08J6lp3h+6+zWnw8sp7uH+17mztbVCgABIlvYQ5DYADEZxz7x4I/4JFf8Ev/AIa+NNI+I3w//YJ+Feja9oGqW+paJq+neDrWK4sbuCRZYZ4nVMo6SKrKw5BUGvz3/aM0X/gv9+0L/wAE/NP/AGCrz/gkD4a0u00+w8LWw8SxfHvRZZHGi3+n3it5BkUDzTYBCN/yiUn5tuD9UfCL9sf/AILpeKPix4X8NfF3/gjb4X8L+E9R8RWVr4n8TW/x90q8k0jTpJ0S5u1t0+adooi8gjX5nKbRyaAPuuiiigAooooA8Z8D/wDKQv4of9kZ8B/+nbxfXs1eM+B/+UhfxQ/7Iz4D/wDTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD5a/bZ8AeLvgJ8RtO/wCCh3wO0WW71Dw7aCy+J3h60GDr/h/ILyY6Ge3ADqx/hQZO2Pafoz4efEDwj8VfA2lfEjwFrMWoaNrdjHd6deQniSJxkZHVSOhU8ggg4INa80MNxC9vcRLJHIpV0dchgeCCD1FfIvwmmm/4J6ftPj9m/WpWj+EfxP1KW7+Gt5I37rQNYc7ptJJP3Y5Sd0Q9SANzGRh7lP8A4VcD7J/xqS93vOmtXHzlDWUe8OaP2UeDU/4SMf7VfwazXN2hUeil5RnpGXafLL7TPryiiivDPeCiiigAooooAKKKKACiiigAqn4g8P6N4r0O78NeItOivLC/t3gu7WZcrLGwwyn8DVyipnCFSDhNXTVmnqmno011TTsyoTnTmpwdmndNaNNapp90zwr4G+INZ/Z9+Ig/ZW+IWoyz6Xcq8/w41u5b/j4tgctYu3TzYs/L6r6AoK91rivj18F9J+OHgOTwzc3bWOpWsq3eg6vDkS6feJzHKpHOM8EDqCehwRkfs2/GfV/iLo994H+Itoth438LTC08S6fwBIcfJdR+scg+YEcAnjgqT8llM55Bj1k1d3pSu8PJ9lrKg2/tU1rTu7ypaaypO/1WaQhnuBeb0VarGyxEV3eirJL7NR6VLaRq66RqK3plFFFfXnyYUUUUAeG/tu/ALxZ8R/DGlfGT4KsLb4l/Du6bU/Cdwo/4/VA/f6fJ03RzICu0kfNgZAZs9v8As1/H3wn+0v8AB7Sfiz4TVoReRmPUdOlP73T7xPlmtpBwQyNnqBlSrYwwru6+A/2qf2mNJ/4Jjfti6hrfgDw//bmkfEvQ11nxN4L+2G0S0vxM8S38MvluoMuyXem35mUkkfJjw8wr0snr/XZu1OVoz9dozS6v7MratWf2T5vNMTQyDEf2jUdqM2o1PJ7Qml1enJJLVx5Xryn35RXG/s/fG7wn+0d8HNC+NXgiK4j03XbVpIobpQJIXSR4pY2xwSskbrkcHbkcGuyr2aVSnWpxqQd4tJp909UfQUa1LEUY1abvGSTTXVNXT+4KKKKs0CiiigArwv8Ab1/aG8T/AAZ+F9l4D+EUX2r4kfEPUBoPgSyQ/MlxJgSXjddscCNvLEFQxTdwSa9t1XVNN0PS7nW9Zv4rWzs7d57u6nkCRwxIpZnZjwFABJJ6AV8sfsa6VqX7WPx313/goT43sJU0ZUm0D4OaddIVNtpUbss+obT92S4fcAeGC715Uqa9bK6NKLljK6vTpWdn9qb+CHo2ry/uxfc8jNa9WShgqDtUq3V19mC+Ofqk+WP9+S7M9s/Za/Z68MfsufA7Q/g54Zl+0HT4DJqmpOP3moXsh3T3Lk8ku5JGScKFXOFFehUUV51etVxNaVWo7yk22+7Z6VChSw1CNGkrRikkuyWiCiiisjUKKKKAML4mfEPw58KPAeqfEPxZc+XY6XatNLgjdIeixrnqzMQoHqwry39n34EWXjDQ7/4yftB+CtM1bxL4zukv5LLV7CO4TS7UDFtbIsqnYVQgngHJAPK5qp4p/wCMpP2ho/AEP73wP8OrtLnxAw5j1PV+fKtfRki5LD1ypHKmveq+Nw9KlxNm8sVWipYbDuUKaaTjOp8NWpZppqGtKndNX9rJdGfX16tXhvKY4WlJxxNdRnUabUoU/ip07pppz0qzs07eyi+qGwww20KW9vCsccahY40UBVUDAAA6CnUUV9kkkrI+Qbbd2FFFFABRRRQAUUUUAFfPP/BTf9pj4lfsq/syv8QPhRaw/wBsX+uW+lxX88AlXT1kjlc3GxgVYgxBAGBXMgJBxg/Q1fLHxSsbL9s39tfT/gfeWcWofD/4QRx6x4yt5oxJb6lrcyEWlm6nKuscZZ2ByDmRGHSvLzipWWCdKjLlqVPdi1um+vpFJtvt52PFz6rXWXSoYeTjVqtQg1upPd+kYqUm+iWmrRw//BDj4u+LfHfwQ8U+BNf8Polr4d1xZ7XXFRg2oS3hmlmWRjw8iFFJbrtlQEcAn7frL8H+CPBfw80OPwx4A8IaXoemxMzRado+nx20CEnJIjjUKCT14rUrTKsHVy/LqeGqT53FWvt1f5ba69zXJMBWyvKqWEq1OeUFbmta+r/K9tde+oUUUV6B6oUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRXy1+3D+3z8e/2PPip4I0jTf2LH8T/D3xV428N+GdQ+I8/xEtLBbC81fUksVWKwEM1xcNEZEkbcIkYNgSZBIAPqWivJf2hviF+2l4O8QWFn+zF+y94F8eaZNZl9SvvFfxbuPDsttPvIEaRRaPfCVduDvLocnG3jJ5n/AIJpftoeNf2+f2aD+0X4v+Clh4IguvFWraXodtpXi5tattVs7G5a0/tCG4eztG8qWaKcIDECURXz8+1QDa8D/wDKQv4of9kZ8B/+nbxfXqviG+vbZbSx02RY5r67ECTMm4RgI8jNjudqHHuRXlXgf/lIX8UP+yM+A/8A07eL69S8Qf8AIW0P/sKv/wCklxQAg8P6vjnxzqmfaG0/+MUv/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqVz3xa+Kfgf4G/C7xF8Z/ibqs1h4c8KaLc6tr1/b6fPdvbWdvE0s0oht0eWTaisxVEZsA4BoAu/8I/q3/Q86r/35tP8A4xR/wj+rf9Dzqv8A35tP/jFcve/tO/AbTv2aH/bEvPiRZp8NU8Gf8JYfFYilMJ0c2v2oXQQJ5hBhwwQJvOQoXccV8of8FLP26/8AgoD8HP2Xrv8Abg/YE8H/AAa1j4S6X8LIfGV3rnxRGuRarfCQPKsFtpsKQMgNubd83EsTBpGVkBTBAPtf/hH9W/6HnVf+/Np/8Yo/4R/Vv+h51X/vzaf/ABisr4G+N9W+JvwT8HfEjXre3hvvEPhbT9SvYrRGWJJZ7aOV1QMzEKGcgAknGMk9ap/tE6n+0DpHwb1m/wD2WfCvhfWvHqrAvh/TvGmqT2elyM08aytcTQRySKqQmVwEUlmRV43ZAB0P/CP6t/0POq/9+bT/AOMUh0DWQMx+ONSLDoJILUr+IEIP6ivlH/glh+2X+2H+0n8R/j58FP20dA+Gln4m+Dfjqy0GOb4X22oJY3Cz2K3TEvfSvJKRvChtkWcH5K+w6AKPhzUbnVNJS5vFUTJLLDNsGFLxyNGxA7AlSfxq9WX4P/5BM3/YVvv/AErlrUoAKKKKACuA/ab/AGePBf7UfwZ1b4PeNg0Ud9GJNO1KFf32nXicw3UR4IdG54I3KWU8Ma7+itaNarh60atN2lFpp9mjKvQpYmjKlVV4yTTT6pngH7Cn7Q/jPx9o2s/s9/H7bbfFP4bTrp/ieNj/AMhW3x/o+pxZxvSZNpJH8RyQodRXv9fnh/wXP0P4pfDW98C/tM/Aka3oOpQWt/o3ijxf4ZvZrW4itnMD2sEskLAiMt9oIJ4BwM8rWn/wTz/4KWzeDvgro/g79vfWfE+ialfXjnwp428U6FcJZavYFU8vdeFSHlVxMDI+FKBCXJzX1WL4eq4/LY5tgkmpvWnH4oyV+blV9Y3XMklzRjLZpJnyOE4jpZfmksnxzadNaVZaRlF25eZtaSs+Vyb5ZSjum2j78oqh4a8U+GfGmiQeJfB3iKx1bTbpN9rqGm3aTwTL6q6Eqw+hq/XyLjKLs1Zn2UZRkk07phRRRSGFFFFABRRRQAUUUUAFePftJfDTxVpmsWP7SXwas9/izw1CVv8ATo+Brmm5zLauB95gMsh5ORgAnbj2GivNzfK6GcYGWHqNxejjJfFCcXeM4vpKL1XRq8XeMmn6OVZnXynGxxFNKS1Uov4ZwkrShJdYyWj6p2krOKa5/wCFvxL8LfF/wJp/xC8HXnm2OoQ7lVsb4XHDxOOzq2QR7cZGDXQV4B4shl/Y++Lb/EnTImX4ceMr9U8T2sYymiai5wt6oH3YpDgPjof+ALXvsM0NxClxbyrJG6hkdGyGB5BBHUVxZFmlfGQnhcYlHE0Wo1Etnf4akP7lRLmW/LLng9Ya9md5ZQwk4YnCNyw1a7pt7q3xU5f36bdn/MuWa0lo6iiivfPCCvEf2tP+Cf8A8Af2yr/S9b+KUer2Wp6REYLfVNBvI4Z5ICxbyH8yORWQMWYfLkFmwRk59uorDE4XDYyi6VeClF9Hsc2MwWEzDDuhiYKcHumrrTY+Urj9lT42fsVSnxl+wvqs+u+GEAfXPhH4j1FnjucAb5rC4fJgnbGSp+ViT97Cx16/+zh+1p8KP2mNMuYvCV1c6Z4g0tvL8QeENbh+z6lpcoOGWWFuSoPG9cr2JByo9Orx39o/9jPwF8eNTtviLoGsXng34g6UM6J478Pny7uEgYEcwBAuYuxR/wCEkAqCc+f9Tr5f72C1h1pt6f8Abjfwv+6/cf8Ad3PK+oYnK/ey7WHWk3Zf9w278j/uu8H/AHHqexUV8z+A/wBsf4g/A7xZZ/BT9vjQ7XQb+6l8jQPiTpykaFrpHTzHwBaTkclWwvU/INufpaKWKeJZoZFdHUMjqchgehB7iu3C4yhi4vk0a3i9JRfZrp5PVPdNo9HBZhhsfFum2pR0lFq0ovtKL1Xk9U902h1FFeJfte/tdL8BINM+GXww8N/8JZ8UvFxMHg3whbtksxyDd3JBHlW0eCzMSN21gCAHdPSwuFr4yuqNJXk/kkurb2SS1beiRpi8XQwVB1qztFfNtvRJJatt6JLVv8PFv2x/2pvh3+1b8TNB/wCCc/wM+LFp9p8Va89p8R9ZtZSi2OnW6+bPZQysAs0820x4jLgbWRvvHH2N4U8LeH/A/hjTvBnhPSorHS9JsorPTrKBcJBBGgREUegUAfhX5vfsrf8ABDj4yfCb9pHwp8Xfib8XvDs+j+GtUtNYMOjPcNeXF5CySiEiSJUWPzVwX3kso+6pbj9Ma9/iJZVhoUMJl1b2lOKbk7bzb1b0V9Eklb3Vpd3bPnuGnm+JnXxmZ0PZVJNRir7QS0S1dlzNtu/vN3srJBRRRXzB9UFFFFABXmv7T3xd1f4aeCYNB8Cwi58X+KboaZ4WsxjPnvw059EiU7iTwDtB4NeiajqNhpGnz6tql3Hb21rC01xPK21I41BLMxPQAAkn2rxH9njTr/46fEvUf2sfFVpIlgVk0z4e2NwuDBYqxWS72no8zZ56hdw5BWvmuIcZiZKnleDly18Rdcy3p01b2lX1SfLDvUnH+Vn0eQYTDxdTM8ZHmo0LPle1So7+zp+ja5p9qcJfzI9F+BXwi0n4I/DSw8B6bMbiaIGbU79877y7fmWZieSS3TOSFCjtXX0UV7mDweGy/CU8Nh48sIJRil0SVl/wXu223q2eJjMXiMfip4nES5pzblJvq27v/htkkktEgooorpOcKKKKACiiigAooooA89/am+POk/s1/ArX/i3qMIuLiwtfL0iw5Jvb6Q7LeAAcndIVzjkKGPasH9iD4C6t8BvgZa2njeZrnxh4lu5de8bX8uDJPqdyd8isR12DbHxwShI+9Xn3jD/jLr9uzT/h7H+/8DfBBo9W17vFfeI5VP2WA9m8hMucdG3qw5FfUNeThv8AbMfPEP4YXhD1+3L77QXlGR4mE/4UMzni38FO9OHm/wDl5L70oJ9oy7hRRRXrHthRRRQAUUUUAFFFFABXjP7B/wDyRDXP+yzfEf8A9TXW69mrxn9g/wD5Ihrn/ZZviP8A+prrdAHs1FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfnp/wAF7v2xf2Wvg/4O+FvwZ+KHx58NaF4ri+OXw98VyaBqWpLHdLolv4khafUCh58hBbXBZ+g8l/Sv0LooA+P/APgox+25oF//AME0dQ+Jn7GvxD0zxPrfxkntvAnwd1jRLwSQ32s6vcnTopoZF4JgzcXBPQC0b0r6I/Zo+Angv9lr9nrwT+zh8O4NmieB/C9lounEoFaVLeFY/NfHV3Kl2PUsxJ613FFAHzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPc/EH/IW0P8A7Cr/APpJcV5b4H/5SF/FD/sjPgP/ANO3i+vUvEH/ACFtD/7Cr/8ApJcUAcN+0b+zP/w0V/Y3/GQPxO8C/wBj/aP+Sc+K/wCy/t3m+V/x8fu383Z5XydNvmSdd3HmP/Ds/wD6yBftN/8Ah1v/ALmr6bor0aGbZjhqSp0qlorpywf5wb/E83EZPluKrOrVp3k93zTXlsqkV+CPmT/h2f8A9ZAv2m//AA63/wBzUf8ADs//AKyBftN/+HW/+5q+m6K2/t3Nv+fv/ktP/wCVGH+r+T/8+v8Ayap/8tPmT/h2f/1kC/ab/wDDrf8A3NXT/Bz9hv8A4U98SNO+I3/DYPx08U/2d53/ABIfGXxB+3abdeZC8X76DyV37d+9eRh0Vu2K90oqKmdZnVpuE6l01Z+7DZ+lNP7mvU0p5HlVGopwp2ad171TdetRr70/QKra1o2k+I9Hu/D2vadDeWN/bSW97aXEYaOeJ1KujKeCpUkEdwas0V5Z6p+GGn634s1b4aaZ/wAGwt/qd9Jr1l+0g/h7Up3kb7RJ8I7cr4jS8aX+F3tmis1GcEDZk5wfvr/gvL8TPg78P/8Agk/8cPhZrPxB8NaJq2pfCq+i8P8Ahy61a3trm6QKEVbe3Zg0gGNoCKemO1fVEfwD+BUPxhk/aHi+C3hJfiBLpn9my+OV8OWo1h7Pj/Rje+X55i4H7vft4HHFYXxu/Yy/Y+/aZ1qz8SftIfso/DX4g6jp1qbbT7/xv4F0/Vp7WAsXMUb3ULsibiW2qQMknFAGF+w58Zvg/wCPf2TfBE/gT4q+G9bTQPAGjJrraPrlvdf2cwsI8rP5bt5R+R+Gwflb0Ndt4W/aF+A/jf4P2/7QnhL4zeF9Q8B3Vu1xb+MrbXYG0uSJZDE0gud/lbRIpTO7G4EdaofBn9k79lj9nHStW0L9nn9mn4f+A7HXtn9u2fgzwbY6XFqOxWVPPS2iQTbVdwN4OA7AdTVqL9mn9nKD4KH9mqH4AeCU+HJtTbHwAvhWzGieSZTKYvsPl+RsMhLldmNx3YzzQB8J/wDBJv8AaH+AFz/wUL/bUs7f45eDpJvFXxs0c+GIk8TWhbWB/Y8CZtQJM3Hz/L+73fNx1r9Iq8T8E/8ABNT/AIJzfDXxdpvxA+HP7AXwT0DXtGvI7vSNb0T4VaRaXdjcIdyTQzRW6vE6kAhlIIIyDXtlAGX4P/5BM3/YVvv/AErlrUrL8H/8gmb/ALCt9/6Vy1qUAFFFFABRRRQAVR8R+GfDfjHRbjw34u8P2WqaddJsurDUbRJ4Zl9GRwVYexFXqKabi7p2YnGMlZq6PmXxN/wTM8C+FdbuPHX7H3xW8SfBvX5n8yWPw3cm40i6ft5+nzExuOmFUqo/u1R/4aJ/b2/ZoP2f9pj9nSD4keHYPv8Ajb4TZe7RB/HPpsuHLY5YxlUXHevqiivWWcVqq5cZBVl/e+NelRWl9/MvI8eWS0KTc8FN0X/d+B+tN3h9yg/M8t+Af7aP7M/7S6fZ/hJ8VtPvNSUH7RoN4xtdRgZfvBraYLJ8pyCwBXI6mvUq8o+Pn7Ef7Mf7Sj/2j8UPhbZSawhDW/iPTM2epQuv3WFzCVdtp5AcsvtXlv8Awof/AIKC/szfvv2ePj/a/FTw5B93wd8VDt1FEH8MOpR4Lv0A83ai46Gn9VyvF/7vV9nL+Wpt8qkVb/wKMfUn63m2D/3mj7SP81Lf505O/wD4BKXofVNFfNHhP/gpr8M9E16DwF+1l8OfEfwa8RzNsjj8XWpfTLl+/kahGPKkQf32CLx1r6M0LX9C8UaRBr/hnWrTUbC6jD2t7YXKzQzKf4ldCVYe4NceLy/GYJr20Gk9nvF+kleL+TO7CZjgsen7Com1utpL1i7SXzXzLdFFFcZ2hRRRQAUUUUAUfE3hrQvGXh698K+JtNjvNP1C2aC7tpRlZEYYI9vqOQeRXjXwG8S658CvH5/ZR+JOpST2pief4d63cn/j+shybNm/56xDgDuo6AbM+51w/wAf/gtp/wAbvAraGt82n6xYTreeHdZiyJLC9TlJARztJ4YdwfUAj5zPcuxUpwzLAL/aaKdleyq03rOlJ/3rc1Nv4Kii9pTPockzDDRhPLsc/wDZ61rvd05rSNWK8r8s0vjpuS3jA7iivNv2b/jTqHxP0C88L+O7Ead408MTiy8UaYcDEo+7cIO8UgG4EcdQMjBPpNerluY4XNsDDF4d3hJddGmtHGS3UotOMovVSTXr5eY5ficrxs8LiFaUX01TT1UovZxkmpRa0aafoUUUV3HEFFFFAGP488AeCfih4UvPA3xD8L2Ws6Rfx7LvT7+ASRyDscHoQeQwwQQCCCM180y/Dj9pH9gKRtV+BcepfEv4SxMXuvAV3OZdY8PxdS2nytzcRL/zxbngAclpK+rq8b/a7/a40v8AZv0bTvCvhLw7J4p+IviuU2vgnwVZHM19OePOlx/q7dOrucDAIBHJXF5RLNcTGNC6q/ZkrJpbu99HBbyUvdtd6bnjZvh8EqX1upN05wWk4/Er7Rt9tN2XI07t6Weq4j4kf8FN/hDc/DPSLn9mc/8ACd+PvF87WPhPwRbgpdR3YHztexkhraKLO52bAYD5W25deo/ZB/ZFu/gtPqfxm+M/iNfFfxZ8XASeKvFEi5W3U4K2NoCB5VtHhQAAN+0EgAIq+S+C/wDgmd8V9AsG/aHtf2gbnSvj7qN9Nqmq69aQqdHkeYKW01rYLhrYbQu/G4nL7ThVHpnwU/bZuJPG8P7P37Wfg5fh98RG+WyWaXOleIBnAlsbgnadxx+6Y7gSFBZgQN55xLLaby6pZOTs60b8lXXSKbScF/cl8cveUpLlivHwVfEyxtOtnMeSWnsv+fabVrvV8tZ9pO0U+WnJvmb+gaKKKR9iFFFFABRRXKfGz4s6H8E/htqXxC1xfNFpHts7NT893ctxFCvfLNjpnAyegrnxeLw+Aws8TiJKMIJyk3skldv+t9EtWjowmFxGOxUMPQi5Tm1GKW7bdkv6829Ezzn9pHVtT+M3j7TP2SvB17JFFfRrqHjy/t2wbPTFYEQZHR5mwMehGQVY17TpGkaZoGk22haLZR21nZW6QWtvEuFijRQqqB2AAArzj9l34T654C8JXfjT4hsJvGXi+6/tLxLcMOY3Yfu7YeiRKdoHQEtjjFen14PD2ExFR1M1xkXGtiLWi96dJX9nT8nZ89TvUm19hHuZ/isPTVPK8JJSo0L3ktqlV29pU81dclP/AKdwT+2wooor6Y+bCiiigAooooAKKKKACvOP2sfj5Yfs1fAfXfipLbi5v7eAW2g6ftLNe6hKdlvCFHLZcgkDnarHtXo9fL2u5/a7/bxtfDC/v/AvwLZL7Uu8V/4mlU+TH6N9mQFuOVkDKRhq8/Ma9SlQUKX8Sb5Y+Te8vSKvJ+iXU8vNsTVoYZU6D/e1HyQ8m95ekI3k/RLqej/sU/AO/wD2fPgRY6B4ruDdeKtbuJda8aag7BnutUuTvmLMPvbfljB7iPPc161RRXVh6FPC0I0ae0VZf13erfm2dmFw1LB4aFCkvdikl8u/m9W31bbCiiitjoCiiigAooooAKKKKACvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9epeIP+Qtof/YVf/0kuK8t8D/8pC/ih/2RnwH/AOnbxfXqXiD/AJC2h/8AYVf/ANJLigDUorjPi7+0J8IPgP8A2f8A8LW8Xf2V/avm/YP+JfcT+b5Wzf8A6mN9uPMTrjOeM4NcX/w8I/ZB/wCiu/8AlA1D/wCR68LGcUcM5diZYfF42lTqRteMqkIyV1dXTaaunf0PbwfDPEeYYeOIwuDq1KctpRpylF2dnZpNOzVvU9norxj/AIeEfsg/9Fd/8oGof/I9H/Dwj9kH/orv/lA1D/5Hrl/124N/6GVD/wAG0/8A5I6v9TeL/wDoX1//AAVP/wCRPZ6K8Y/4eEfsg/8ARXf/ACgah/8AI9bXw9/bG/Zw+KvjCz8BeAviN9v1a/8AM+yWn9kXkW/ZG0jfNJCqjCIx5I6Y64Fa0OL+E8TWjRo4+jKcmkkqsG23okkndtvRIyrcJ8U4ajKrVwNaMIptt05pJLVttqySW7PTaKK5X46Xvxd034LeLdS+ANlo9z45tvDl7N4PtfEEEktjcaksDtbRXCxSxOYmlCK211IDEg8V9EfPnVUV8Oal/wAFgrRf+CI8H/BUTR/CtjN4svvBsUFj4QMMpifxlJcDTf7M8oOJmjXU8oUDCTykJyD8w8w/4Lm/sJ/Db46f8EwfHH7XX7XXhL+0vjF4J+BKqBoXiXVLXQtN1WJGmmmttPF20L4nmlCvP5z7FjBY7QaAP0yorz39kj/k1L4Y/wDZPdF/9IYaT9p39l/4V/te/DA/Bv40jW5fDc+ow3Wo6fofiO70tr9YskW801pJHK0LE5aMOA20A8cUAeh0V+Vmrfs1fAL9jj/gtL8AfgX/AMEr9CvPCmr3Wm6xqf7R3hDw5rV3NoqeF/soWzudTglleOK6a5YCBgBIzMpbKlCf1ToAy/B//IJm/wCwrff+lctalZfg/wD5BM3/AGFb7/0rlrUoAKKKKACiiigAooooAKKKKACiiigDN8WeDvCPj3QZ/C3jnwvp2s6ZdLtudO1WyS4glHoySAqfxFfOmu/8E0fD3gLV5/Gf7Fvxp8TfB/WJpDLLp+lXBvtEupPWawuCUPoNpCqOi19O0V24XMcbgk1Rm0nut4v1i7xfzXzOHF5bgcc060E5LaSupL0kmpL5O3kfK/8Aw1B+2/8As1/6L+1d+zMPGmgwcP48+EZa5ZUH8c+nSkSrxy7qQg5wDXr3wF/a/wD2bv2mLTzfg18WdL1W6VS0+kPIYL6DHXfbShZVAORu27eOCa9KryD49fsJfsv/ALRl5/b/AI++Glvba+jB7fxVoMhsNThkH3XE8OGcjsJN4HpXZ9ZyrGfx6TpS/mp6x+dOT/8ASJL0OP6rm+C/3eqqsf5amkvlUiv/AEuD9T1+ivlb/hT/APwUW/Zj/e/BD40af8ZPDUH3fC3xIYW2sJGP4IdRTCyuePmmwo7LWt4J/wCCm/wdg8Qw/D39prwf4g+DniiU7VsfHNmY7G4bu0F8o8mSMf322A9qmWTYipFzwklWj/c+JesHaa+SkvMcc7w1OShjIujJ/wA/wv0qK8H83F+R9J0VX0rVtK13TYdZ0PU7e8s7mMSW91aTLJHKh6MrKSGB9RVivJaadmewmmroKKKKQzxv9pD4c+KfDmv2f7TnwcsTJ4l8PQGPWdLj4GuaZ1kgYDrIoG5DyeMYJCgej/DT4jeFviz4H074geDb8XGn6lAJIicbo26NG47OrAqR6g1u18C/tEfG74ofsk/tJ+JfCfwSvX0bQ7+7ttTl0q4s45ra5mkhRpXiDoTGjMWUhCOUIyMAD834nzrC+HmIeb1FJ4XESUakIq7jVa92rFaL31Hlqq6u1CavLmUv0PhrJ8Vx9h1lVNpYmhFypzk7KVJP3qUnq/dcuam7OycoO0bNffVFeG6H+2s/9i2d54z/AGbfibp801rHJPNB4UaW13FQTscPkrnplQcYyKtD9vj9nS0OPEmq65ox7jVPDV2mPrtjavfhxtwnKClLGQhez9/mp766+0pw79/meHPgzimMnGOElO2nucs9u3JOf5fI9oory7Sv21P2WdYx9k+NOkpnp9q8yD/0ai4rnP2iv29fg98HPhwfEHw/1mx8c+I9QmFn4c8NeHdQjuJLq7fhPNaMnyIR1aR8ADgZJAPrYDOskzStGlhcXSnKTsrVaf61F9/RHk4/J85yyjKrisLVhGKu70qn6QfyXVmp+1z+1toX7NHh6w0bQ9Bl8T+PfE8xs/BHgqwObjUrk8b2xzHAhOXkPAHA5rE/ZE/ZJ134aazqP7Q/7Q+vQ+J/i74qiH9t6wBmDSLc8rp1kD/q4U4BIwXIyeMVR/Y1/ZmvfDmv3/7TX7QHjDT/ABb8W/E8AGo6haTrLa6DanldOsQCQkag4Zhy5zyRkt9E19VXxeGwuHeFwU1JS+Oovt/3Yv8A59p/ObV37vLE+Vw+DxOLxKxeOg48v8Om/sf3pLrUa+UE+Ve9zSCuR+NfwJ+FP7Q/gif4ffF3wfbavp0vzReaNsttJjAlhkHzROP7ykdwcgkHrqK8WpTp1qbhUScXunqmerVpUq9J06sVKL0aaumvNM+UF8T/ALS//BPpha/EB9W+KnwegOIfEcUfm6/4Zh7C6Qf8fcCj/loOVAJO0BUP0j8Nfif8P/jF4OtPiB8MfFtlrWj3ybre+sZdyk91YdUcdCjAMp4IBrdZVZSrAEEYIPevm74lfsYeMPhh4yu/jv8AsJ+JLXwl4iuX83XPBV4p/sHxFjkh4lwLaU84kTAyf4NzPXl+yxeW60b1KX8t7zj/AIW/iX92Tuvsyex4vscdlGtC9Wj/ACN3nBf3G376X8knzL7MnpE+kqK8W/Z1/bR8IfGPX5vhL8QvDl34E+JOnLjVPBOvMFlfAyZbWThbqIgEhl5wM424Y+016GHxNDF0vaUpXX5Pqmt011TSaPVwmMw2Oo+1oS5l+KfVNOzTXVNJrsFeC6Vj9qb9opvET/vvAvw0vTFpw6xaprYHzS+jJAMAH+9ggkMRXRftUfEvxHoujad8HfhjNnxj43nax0tkPNjb4/f3jY5UImcHrk5GdpFdt8KPhp4c+D/w90v4c+FYdtpplsIxIRhppDy8rf7TMSx9z6V8xjv+F/Oll61oYdxnW7SqfFSpeajpVqLypRe7R9pgf+EHJnj3pXrqUKXeNP4atXyctaVN+dWS2TOiooor64+UCiiigAooooAKKKKACiiqmv67o/hbQr3xN4h1GKz0/TrSS6vrudsJBDGpd3Y9gFBJ9hSbSV2JtRTb2R59+158foP2bPgNrPxJgt/tWrFFsfDWnBdzXupTnZbxKo5b5juIHO1GxVb9jH4A3H7OnwG0zwfr9z9q8SajLJq3jDUXfc93qlyd87s38W04jDd1jB6mvmnwB+1h8Hf+Cg37f3hHw/puq3Nt4V8Aaddar4b0vVrfy313W1OBOEBYbIYQZYwxDgox2gFgPuuvGwFejmmLnjKclKELwhb5Ocvm7RX91dmfPZXicPnOOqY+lJSpwvThbXs6kvm7RX92Lez1KKKK9o+iCiiigAooooAKKKKACiiigArxn9g//kiGuf8AZZviP/6mut17NXjP7B//ACRDXP8Ass3xH/8AU11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiivkL/got+1J+3h+yl8RPh74y+FGh/CO4+FXiD4leEfCevf8JDFqlx4hkl1bV47KdrdIZIbaFY45VZHdpSWzmPAGQD69or5U/b8/4KB6l+zl8UvCv7N/wy8YfDTwz4n8Q+Hr7xLr3jj4waybPw74T0K1nt7Y3VwFlha5mnurqGCGBZogSJGaRQgDexfsm+NfiX8Rfgrp/jX4ofE/4beNLrUJpZdO8U/CZZl0XUbPOI5YhNcXJDZDBts0i5HDdQADC8D/APKQv4of9kZ8B/8Ap28X16l4g/5C2h/9hV//AEkuK8t8D/8AKQv4of8AZGfAf/p28X16l4g/5C2h/wDYVf8A9JLigDUooooAKKKKACiiigAooooA/KrR/wDglj+2Ha/8FN4vhLc+ArQfsgab8fJ/jrYat/blp5jeIpNOXZpAsxL56QR6o0l0B5Xkle4bFe+/8FsrL9t74yfsr+N/2PP2Tf2FdT+JcPxI8B3enXPjC1+IWiaTBolzIxRY5LfULiKSf5QH3J8vzYzkV9sUUAfOP/BPr4g/td6j+zzH4I/aP/Ye1P4V6v4I8M6bpmh2upePtH1ceInhtDG7o2nzSLbAPEgxKQf3oIztNc78f/jp/wAFVLv/AIJuJ8SfgB+w7pth+0drkX2U/Di98eaXd23hlnmlQ3jXkk0Vre+XCscqxhwC8qg5COD9YUUAfnb/AMEuPCH7WP7Jj2vw78Vf8Eo/iJb614815L/4wfHfxj8XfCeoahrF++fM1C7jtb+Sdoo8sIrWEMIkO1QWLs36JUUUAZfg/wD5BM3/AGFb7/0rlrUrL8H/APIJm/7Ct9/6Vy1qUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABWT428BeB/iV4em8JfEPwfpmu6XcDE+n6vYx3EL+5SQEZ9+1a1FVGUoSUouzXVaEyhGcXGSun0eq+5ny/qv8AwTZh+GOpTeK/2H/jz4l+E+oSSGWTQopjqWg3L9T5llcEhSem4NhQflWq/wDw1t+2N+zd/on7YX7LsniDRYOJPiB8JC17AEH/AC0nsZMTQgDlnyF67VNfVFFess4qVly42CrLu9J/KcbS/wDAudHjvJadB82BqSovtHWHzpyvH/wHkZ578Cv2rv2d/wBpbTP7R+CfxZ0nXHWPfPYRT+XeQD1kt5AssY7ZZQD2Jr0KvGfjr+wH+y7+0Bqf/CVeKPh8ukeJUk8238XeFZzp2pwy9pPOhx5jDt5gcD0rzz/hXH/BST9mEeb8LPifpXxw8MQfd8PeOWGn67HGP4Ir9f3c7erzevC0/qeW4v8A3WtyS/lqWX3VF7r/AO3lD1F9dzTB6Yqjzx/npXf30376/wC3XP0PqmsnxB4B8C+LNQtdW8U+C9J1O6sW3WVzqGmxTSW5znKM6koc88YrwjwB/wAFNfgXfeI4vh1+0BomufCHxY/H9j/ECxNrBMehaG8/1MkeSMOxTd2FfRFhf2OqWUWpaZexXNvPGHguIJA6SKRkMrDgg+orzMfldailTxlHR6rmSlF21TTtKLtumm7b6M9PL81oYhupg62q0fK3GSvo01eMo32aaV9tSWggMNrDIPUGivK/2r/2rfBf7K/geDV9U0+41vxJrVx9i8H+ENMG691q9bAWKNQCQgLLvfBCgjgsyqxh8PWxdaNGlG8paJf106tvRK7bSQ8TiaGEoSrVpcsY6t/1u3skrttpJNsxP2yPjj8Ff2d/B1tceIPhpp/ivxZ4huPsXg3wbb6bFNea1eNgKiqVYrGCyl5MEKCAMsyqeN/ZY/4J/wCk6PpGp/E39qnQ9I1zxr4slFzf6LZW6xaT4fjP3bO0gjwgKjAaXlmI+8eWfa/ZN/ZS8aaR4yuv2sf2r9Qt9b+LGv2+yOKM7rPwrZHO3T7MZIUgEh5ASWJYAnLvJ9D1WZ5dkCoPCLD0qrfxzlTpyu19mDlBtQT3as5vXSNk88sx+fSrrGTr1aSX8Omqk48qf2pqM0nNraLuoLTWTk15DqP7Bv7KGov5zfCWG3kByslnqd3CVPsElA/Sqv8Awwx8KrP/AJFnxv450TH3f7K8Wzpt+m/dXtFFfIy4M4SlLmWBpJ94wUH98HB/ifXR4w4qjHl+u1Wu0puS+6amvwPF/wDhkzxlpn/IsftcfEuHH3RqerR3gH/faDNH/Cj/ANrHSjnQv2y3nQdINV8EWkmfq4bdXtFFL/U/I4/wlUh/gr14/wDuaRX+tudS/iunP/HQoS/9xI8X/wCEb/b10n/kH/Er4davjp/auj3Vvu+vknij/hKv28dJ/wCQh8Kvh/q+Ov8AZWuXFvn6ecOK9ooo/wBWHD+DjsTH/uNzL7p05fmH+sin/FwWGl/3C5X98KkfyPlD9orwb8Tv2h9Ah0z4w/sN3yahpzeZonirwt46tBqOlzA5ElvIF3rggHacqSASMgEcL4b/AG6f2rv2SvB97o37WvwP8S67pFpH5WgeP5NN8klzhYotR2bkBJIHmq25sDh2JYfdNUfEnhrw/wCMdAvPCvivRrbUdN1C3aC9sbyESRTRsMFWU8EVyS4ZzalVnXoZlU53Fr3oUXd2aXM4whez2bi2vNaHiZhLKsXWjicNgqdCunFuUJVXGaTXu1KcptTi1pdShON/cmtj5K/YE+PR/aL/AGhPFPj/AMcadDca9c+HYm0i8smJtLKxjkVHgiUliu55EfO45w3TJz9h18m6j+xv8SP2NfFd78Y/2BrO2vdNu0U+JPhZrdyWjvo1yc2V1IS8EvJIRmKknuAqV7D+zf8Atb/Cr9paxurPw1NdaT4l0k+X4h8G67D9n1LS5QcMJIm5ZQeN65HIBwcqM+C8Fjcgy7+zszq8+Ic6k+dq3tOeXNfm2lJL4tpaJcvKla8/4twnEGdpvDfVZckIRp83NTfJGz9jJ293qoO043fMpNuT9Rooor7Y4gooooAKKKKACiivOf2jf2o/hV+zH4Zh1nx9qM1xqWoSeToPhvS4vP1DVpyQFighHLZJALHCgkAnJAOVatSw9J1KslGK3b/r+uiZjiMRQwtGVWtJRit29v67LVt6JN6HbeK/FnhjwJ4cvPF/jPX7TS9L0+AzXuoX86xRQoOrMzHA/wAivlnXfHHxq/4KPx3ngb4Mi98E/Be6WS01zxxe2m3UPFEByksFhDIP3cDDKtKw5Bx2aM6XhT9mj4w/te+I7P4uftywrp3h61nFz4Y+DllcFrW2/uTak4x9pmx/yz+6OQQAzR19QWdnaadaRafp9rHBBBGscEEKBUjRRgKoHAAAAAHSvMcMTmq99OnRfTac159YRfb4mt3FOx4zhi86X7xOlh39nadRf3usIP8Al+OS+JwTsfJX7H//AAST+H37KHxx/wCF3H4p3/iO5sI508PWc2mLbCyEqNEzSMsjee/lOyghUHzE7emPrmiiuzA5fg8to+yw0OWN27a7v1ud+W5Xl+UYf2GDpqEbt2V9311bf/A0Ciiiuw9AKKKKACiiigAooooAKKKKACvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvgz/gt18XNXj8O/Dj4L+Df2dfjF4z1XTPi74G8a3954B+Ems65YQaXYa/HPdBrqyt5IluEitpH+zlvMKtGduJFz950UAfnL+034Q0Hxd+3t8Cv+CtWufshfEfxv4CtvhprfhPVPDsnwtvZ/EPhS/a8E1lqcuhyxfbSrL9thJSFnjE0b42uGHr//AASJ+Enjn4feFPjL8QtW+DuqfDfwl8SfjZqfif4dfD7W7BbO70nSpbSzgaWW0B/0Frm5gubn7MQCgmBYBnYD67ooA+ePgF8MfDfwu/b9+L+n+GtS8Q3Meo/CvwPfXDeIvF2o6w6Svqvi4FYnv55mgi+UYhjKxKclUBY59z8Qf8hbQ/8AsKv/AOklxXlvgf8A5SF/FD/sjPgP/wBO3i+vUvEH/IW0P/sKv/6SXFAGpRXnH7QX/DXf/Eo/4ZW/4Vv/AMvH9vf8LB+3/wDTPyPs/wBj/wC22/f/ALGO9eb/APG3b/q3D/yv1w1sd7Go4eyqSt1jC6+T5l+R5uIzL6vWdP2FWVusYXT9Hzr8tz6Por5w/wCNu3/VuH/lfo/427f9W4f+V+sv7T/6cVf/AAD/AO3MP7Y/6hq3/gv/AO6H0fRXzh/xt2/6tw/8r9dJ8I/+HjH/AAsLT/8AhfH/AApT/hFP3v8Aav8AwiP9r/2j/qn8ryvtH7v/AFvl7t38G7HOKqGY881H2NRX6uFkvV870NKea+0qKH1esru13Tsl5t87su7sz2uiiuV+Onwc8FftD/Bbxb8BviPYfadA8Z+HL3RdYhAGWtrmB4ZNuejBXJB7EA9q9E9U6qvlz/goH/wVe+En/BOqacfEr9nP41+M7aw8MjX9Z1b4bfD1tR07SrDzZYjJdX0ssNtAwMLko8gbaVOPmXPwXN+1h8ZvEv8AwRW03/gl/L4iZPj9f/Fb/hmLUZVyXiWGbyp9UK53tb/2EokM2cFpN249/sf/AIK8/DDwd8Ev+CFfxk+DXw70sWWgeE/gjLo+iWa/8sbS2tkhiT3wiKKAPrf4deN9J+Jvw+0L4kaDb3ENj4h0a11Kyiu0VZUiniWVFcKzAMFcAgEjOcE9axP2gvjTbfs+fCjUvitdfDPxn4xXT5IEXw78P/Dsmq6tdtLMkSiG2QgsAXDMxIVEVnYhVJqj+yR/yal8Mf8Asnui/wDpDDXoLBipCtg44OOlAHyv8Jf+CtXwh8cfHTwz+zr8Yv2c/jN8F/E3jh5ovAyfF3wTHYWniCeKMySW1tdWtzcw+eIxu8qR0Y5AALMAfqmvyx/ac+GH7VH7PH7df7LPxh/4KVftQ2Hxu8B3XxitfC/w+07wf4Og8J/8I/4x1K2njsdRurQPdPqUIEcicXUXkMwfZICyn9TqAMvwf/yCZv8AsK33/pXLWpWX4P8A+QTN/wBhW+/9K5a1KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDE+IHw1+HvxX8OS+EPib4I0rX9Lm/1lhq9hHcRE/3grggMOzDkdjXzvff8E4tV+EN7L4k/YV/aH8R/DGdpDK3ha7lOq6BcMTkg2twSYi3ILqzFQflUV9R0V3YXMsbg4uNKfuveLtKL9YyvF/cn5nBi8swOOkp1Ye8tpK8ZL0lFqS9LteR+f37Wf8AwUw/bp/Yk8L2HhT41/s6+CZfEerSyDQ/F+maxNPpGoRw7PO/0TKTxuPMj4aRAd+QMDFdN/wSjktv2um8Qft9fGmaTWfH7a9caFpyzW+yx8PWkcUUgh0+Ms2wMtxhpCd5ywzku0n1L8d/2cvgn+014QTwJ8c/h/a+INMiuBPBDPLJFJDIBjdHLEySRnBIO1hkcHIrT+FPwk+G/wADvAtl8NPhP4RtdD0PT1ItbC0BwCTlmZmJZ2J5LMSx7k17dbOsreSOjh8P7PETdpSjonG92ldtpPS8VZabtPlPCo5Hmqz1V8Rifa4aCvCEtZKdrJu0Um462k7vXZNcx0dFFFfLH1gUUUUAFFFFABRRRQAUUUUAFeQftIfsbfD74/X9r490rVLzwj4+0kZ0Lx34ebyr22YDhJcEC4i7GN+xYAruOfX6KxxGHoYqk6dWN0/6uuqa6NNNdGc+KwmGxtF0q8VKL/Po09010aaa6M+ZfA/7YXxH+Animz+DH7fWi2ujXN1KIPD/AMTtNQjRNbPYTHAFnORyVbCdThF27vpiGaG5hS4t5lkjkUNHIjAqykZBBHUVl+OPAng34l+FbzwR8QPDNlrGkahF5d5p9/AJI5F9wehB5BHIIBBBFfNE/wAL/wBo/wDYGnfWf2fI9R+JHwpRi958O725MmraDHnLNp0rZM8Y/wCeDZPGBks0g87nxeW/xL1KX8284/4kvjX95LmXVS3PJ9pjso0q3rUf5t6kF/eS+OK/miudfajLc+raK4f4C/tF/CL9pXwaPGvwl8VR38KMI7+ykHl3VhL3inhPzRuMHrwcZUkc13FenSq0q9NVKck4vZrVM9mjXo4mkqtKSlF6pp3T+YUVT8Q+ItA8I6Hd+J/FOtWunadYwNNe317OsUMEajJd3YgKB6mvl3U/jD8dv2+NRn8G/sv3194J+FyTNBrXxSuLdo73WFB2vDpcbYKKeQZzgjnG0rtfnxeNp4VqFnKcvhit3/kl1k7Jeb0fJjsxo4Jxgk51JfDCPxPz7KK6ylaK7t2T6747/tmapb+OJf2dP2TvCkXjj4kMNt6BIf7L8OLnBmv5l4BU/wDLIHcSMHBKq2j+zl+xnpfwv8TTfG34y+K5fHnxQ1KP/iYeLNTjGyyUg/6PYxfdt4gCVG0BiCfug7B3XwI/Z8+FH7N3gaLwB8JfDEen2gPmXdwx33F9NjmaeU/NI59TwOgAAAHa1hRwVSrVVfGNSktYxXww9P5pf33/ANuqK35sPl1atWWJx7UprWMV8EPS/wAUu85K/wDKorcooor0z2QooooAKKKKACiiigAooooAKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPGfA/wDykL+KH/ZGfAf/AKdvF9epeIP+Qtof/YVf/wBJLivLfA//ACkL+KH/AGRnwH/6dvF9eoeKWNrJpurOjGGy1DzLgqpJVGhlj3YHYGQE+gyaANaisoeOfBJGf+Ew0sfW/jH/ALNS/wDCc+Cf+hw0r/wYR/8AxVAGpRWX/wAJz4J/6HDSv/BhH/8AFUf8Jz4J/wChw0r/AMGEf/xVAGpRWX/wnPgn/ocNK/8ABhH/APFUf8Jz4J/6HDSv/BhH/wDFUAalFZf/AAnPgn/ocNK/8GEf/wAVR/wnPgn/AKHDSv8AwYR//FUAfOVn/wAEjv2VrH/gpRN/wVJhv/FJ8fS2bougtqcH9hRXj2Cae+pJbeR5gu2tEEJk83aQSduTmrf/AAUD/wCCZ3hv/golo7+D/iF+1v8AGrwR4YvNBk0nXPCPw48TWFnpuswu5ZmuormxuDI+DtyGUbQBjvX0F/wnPgn/AKHDSv8AwYR//FUf8Jz4J/6HDSv/AAYR/wDxVAHj37H/AOwyv7IPw61n4Y237Wvxk+Imn6nY29np0nxL8S2d7NoUEMLxLHYtbWduIQVYZ3B+Y0xjBzVX/gn54f8A+GPfD37H7/tT/G4p4ZuVuLD4lx/EN4vFssyzSyh59QjiUTD980ZRoyjRqqspxXtf/Cc+Cf8AocNK/wDBhH/8VR/wnPgn/ocNK/8ABhH/APFUAfMfwq/4JC/Bfwf8cvDX7RPxs/aI+M3xt8S+CJnuPA7fGHxvHqFn4funXYbq2tLW3toBPt4EsiO4wrAhlVh9YVl/8Jz4J/6HDSv/AAYR/wDxVIfHXgsD5fFumueyx3qMx+gByfwoAXwf/wAgmb/sK33/AKVy1qVmeEIpo9DEk8LRme6uLhUdcMFkneRcg9DhhxWnQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeD/Hr9iex8XeMj8ef2d/F8nw8+JkKk/27p0Q+yauOvk39vjbOjYAL4LDgnftArzTX/wDgq1a/s3xv8O/20Pgn4g0Tx1ZqhMHheGG6sdVgbcFvbaSWZNsTMjAqSSp4ySGC/YdfMn7eH/BNDwd+234m0bx2/wARrrwxrelWIsJbtNNF5Fc2gkeRYzGZI9rK8khDBv4yCDxjwMzweOw9KVfKtKresdOWV93Z2Sku6av1voz5fOcBmeEozxOSWVZvWDtySvvLldkpre6cebXmvoznPhN8NPHP/BSCz0r9oP8AaT1qC3+Gks5ufCHwu0S/LwXPlyMon1KZcec4ZSPKGApGCF+dW+t9M0zTdF06DR9H0+C0tLWFYra1tohHHDGowqKqgBVAAAA4ArlP2fvgl4T/AGcvg5oXwV8ES3Emm6FatHFNdMDJM7yPLLI2OAWkkdsDgbsDgV2Vd+XYN4agpVNaskueV7tu2qv2TvZKyS2XV+nlOAeDwynW1rTSdSTd25W1V/5U7qKSUUtl1ZRRRXoHqhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV4z+wf/yRDXP+yzfEf/1Ndbr2avGf2D/+SIa5/wBlm+I//qa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeM+B/+UhfxQ/7Iz4D/wDTt4vr2avMfib+yD8Fviz8SJfi54km8a6f4guNDtNIu77wj8UfEGgC5s7aa6mt45YtMvreOUxyXt0Vd1LDzmGcYAx/+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9cjrP7AWjSfHjw3qOj/Ev4wp4Hi8I63H4isz+0d4y3y6q91pR06QZ1XfhYE1QHawXMi7gx2FQD6Uorxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLej/hg/4I/wDQ8fGb/wASO8a//LegD2aivGf+GD/gj/0PHxm/8SO8a/8Ay3o/4YP+CP8A0PHxm/8AEjvGv/y3oA9morxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLeuR+Cf7AWjWHg29g+MvxL+MN3q7eLvEElnLD+0d4ywulPrF4+lx/u9VUZTT2tEORuyp3FmyxAPpSivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9morxn/hg/wCCP/Q8fGb/AMSO8a//AC3o/wCGD/gj/wBDx8Zv/EjvGv8A8t6APZqK8Z/4YP8Agj/0PHxm/wDEjvGv/wAt6P8Ahg/4I/8AQ8fGb/xI7xr/APLegD2aivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9mor5r+JH7AWjXXjL4fz/AA7+Jfxhg0i28XTSePIpP2jvGWbnSjo+pJHGu7VScjUH05/kKtiM87dyt13/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV4z/wwf8ABH/oePjN/wCJHeNf/lvR/wAMH/BH/oePjN/4kd41/wDlvQB7NRXjP/DB/wAEf+h4+M3/AIkd41/+W9H/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV81/Df9gLRrXxl8QJ/iJ8S/jDPpFz4uhk8BxR/tHeMs22lDR9NSSNtuqg5OoJqL/OWbEg527VXrv+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//Lej/hg/4I/9Dx8Zv/EjvGv/AMt6APZqK8Z/4YP+CP8A0PHxm/8AEjvGv/y3o/4YP+CP/Q8fGb/xI7xr/wDLegD2aivGf+GD/gj/ANDx8Zv/ABI7xr/8t6P+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//LeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9H/DB/wAEf+h4+M3/AIkd41/+W9AHs1FeM/8ADB/wR/6Hj4zf+JHeNf8A5b0f8MH/AAR/6Hj4zf8AiR3jX/5b0AezUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9cjo37AWjR/HjxJqOsfEv4wv4Hl8I6JH4dsx+0d4y3xaql1qp1GQ41XfhoH0sDcxXMbbQp3lgD6Uorxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t6P+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLej/hg/wCCP/Q8fGb/AMSO8a//AC3oA9morxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t65H9n/APYC0bTfgP4J0747/Ev4w3vji38I6bH4zvIP2jvGWyfVVtYxdyL5eqqmGnEhG1VXB4AGBQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezV4z+wf/AMkQ1z/ss3xH/wDU11uj/hg/4I/9Dx8Zv/EjvGv/AMt6774N/BvwB8A/AEHwy+GVhf2+k29/fXoGqa5ealcy3N5eTXt1NLdXsss8zyXFxNIWkdjl8DAAAAOoooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvy0i/Zk+Gv7cXwj/bD/bB+OAvbj4m+D/ih440D4XeM49VnhvPAVr4cjNvpx0xkcCzPn27XchQDzmnbzN6nFfqXXxx8YP+CWfxM8U638V/CfwO/bNv/h98Mvjrqk2o/FHwVB4Kgv71rq6to7XUpdK1F50OnG8hiUSb4bnbIzyR+WzcAHu37D/xb8T/AB//AGLPhB8d/GqqNZ8bfC7w/r2rhIwgF1eadBcS4UcKN8jcdq+I/wDgoF+x9+yp8EPHfw4+HX7Dfw2k0j9qfxv8SNL1fwt4p0bWLubWLTS7fU4Z9a1TVrmSV5JNLFp9pgeKctHI9xHFGhbAX7msPgr458G+Ovh5bfCT4sxeGvhn4J8L3ej6l8NYfDUFwmr/ALq3i0+Rb52860FokMgEaAiXzvnI2DPzF8FP+Can7fHwM+Onj39oLRP+Chfw71zxN8RddF1r2v8Air9nm5u9STTo2/0bSIJ08RRpBaQISscccSruZpGDOxNAHV/8FNf2cf2YfE1lF8c/il/wTG8Q/tGeJV0ptLtbXwxHZS3emW8QlmRlF5fW/kZeVwJLVZLjcw+U7Vx8tfDnUdd+Of7E37Bn7HXxA+PF5448L/Fzxtqdv8SNattUvlfVtO0fTdX1EeHrma4WK5dI57W3spxKsckn2F1dRudT92/Hr4Lftz+M/Htzrf7Pf7ceheBfD13YRwtoOtfCCHXJrOZQQ09tc/brbazZB2zRzqCOBg4rz64/4JO+BPDn7I/w5/Z1+D/xn8QeH/FPwn8ZN4x8FfE2+tIL++XxBNPdzXt1dwERx3MN0b+9Sa3BjUpPtUoUQgA5r9jLwJ4W/ZD/AOCn/wAW/wBiX4G6Z/ZHwx1H4ReGfH+ieELWVzYeHNSn1DVNNvI7OIki3juFs7eZolwgdWZQNzZ+168I/ZK/Y38VfAz4leO/2iPjn8bv+FjfE74iJp1prXiO38Npo9jZaZYJKLPT7KyE05giVri4lYtNI8kkzMzcKB7vQAUUUUAfMH/BZn4r/EP4Nf8ABNj4keLPhT4ru9B16/8A7H8P2eu6fJsuNNXVtYsdLluonHMckcV5I6uOVZQwIIzXkUv7NPwY/wCCcn/BSX9mjwp+x94R/wCEP0L4u2vivwx8RNCsb2Z7fXPsOjNqlnqVykjsJL2KW0kQ3R/eut26uzAgV9e/tT/s3/Dz9r39njxd+zT8VRdroXjDR5LG8uNPm8u5tWJDxXMLkELNFKscqMQQHjUkEcV5F8Ef2D/jRpv7Q/hj9pX9sH9rgfFjXPh94bvtH+HlvY+BIdAttN+2iJLzULlI7mc3d9LFBHF5gMUSI0gSFTISAD2X9oD9nP4O/tSeAR8Lfjr4UfXfDrX8V3caQdRuLeG6ePOxJhBIhmiycmJyY2wNykDFfH//AATO8DfDKz/bk+N+rfsM6AdC/Zr07w9pnhxbDS7iQaBqvja2ubr+0rvR4ixSOKG3a2tZ5IAscs8ZxvMTNXrX7SX7Gf7Yn7QX7Ivjb9m2D/goPNoeu+L/ABffXEXjm1+HMKS6d4anuWdNBSG1vLdjsgK2xvRKkzoGb5WbK7H7Iv7L37Uv7OXgYfCLxV+0X8OLvwdpPhb+yfBeh/D34KSeHToUqhVimDT6xfJOqKG/dtGNzHcznkMAfGXxw+Bn7Pn7Lv7ePwI8K/s3fsX+Iv2fXi+NOn2Wp/Hmd0j0jxlZvBKG0AyWd1czXcmoOyQodTS3AdCVcybFe/8AtjfsJ+JtE/bY+Pn7bnxd/wCCVHw1/aM8C61pfh650t/EHimzj1zTbTTNJ8u++w2VxZTJO7tkiN57cuYABu3LX0dqv/BPr9qD44eL/A7/ALaP7dNn468I+AfGen+K9N8LeFfhXB4efVdUsJRNYyahc/bbozRxTBZTFBHbq7Iu75RtO9+0d+yj+3b8bdV8WeFPBn/BRKx8H/D/AMWwtayaLa/CC2uda0qzkgWKeGz1Nr1I0Zv3jLLLayvGZOD8q4APY/2cfij8L/jf+z94I+MXwSwPB/ifwpp+p+F0FuIfLsJrdJIEMY/1ZWNlUp/CQR2rtK5T4FfBjwH+zl8FfCfwB+F2nyWvhvwV4cs9E0O3ml8yRLW2hWGPe/8AG+1AWY8sST3rq6ACiiigD4d/aQ+FXgH9tb/grnpv7Jv7Svh2PxR8NPAv7PS+M7TwRqUjHTdR1vUNbnsBd3MAIW5a3t7FliEgZY2u3YAMQa6j/gj9qut6P8PfjP8As73Gv6hqOhfBv9oXxD4N8Ey6pfSXU9voiQWV/a2hmlLSSrbjUGtkLsWEcCLn5a7n9p39i/x/8Tvjv4a/aw/Zq/aAi+GnxL8P+Grzw1d6rqPhJdd03WdEuJo7g2l1Zm4tmLRXESywyxzIyM0gYOrlap/C39hn4jfAD9lq++DXwF/amv8ARfH/AIh8ct4t8ZfFfVfCVnqNxrWpXWpR3eps1i5WCJbiFXtIwp/0eIxldzRgkA47/gpZ+zf/AMEyfDvgfxV+2J+2/wDBuDxLqA06HTdMknvbu41Ke7K+TZ2GiwrL+4vppCFj+yqkjSNuZsKWHLeD/i3+19+zB/wTP+Bf7OHxA8R/2l+1D8RvD9p4Y0OTXLgXkmnXxgMt1ql+5P79NMs8yzuSRNNEke4tcKT0v7U3/BO39qn47ftt+H/2vvA37Z3hHS7DwVo/2bwD4D8bfBybX7Lw/fyLtudViaLWbISXki5jWWSNjFGSqEZZm9T8b/sLfBz9qD4beFfD3/BQz4Z/Dv4z+I/DK3Ri1u/8Ara2aSTuu97aznuLprbckcCsPOfcYg2RkKAD8+P2edf1X/gnZ/wSX/b8u/2f/FOoy6v8OfjJ4yh8Pa/qF6bm/N3/AGPpES6lLI2TJP5rm4ZjwXycY4r2Dxp+yT8Hv+CZPx9/ZN+IP7LWm3Glan44+JS/D34oXMepTyv44tb3QdRujf6kXdvtV1Fd2EVwtw2XBd13bGK16f8Asz/8ER/2Nv2dfAfx5+Gtp8PfDk+k/HXV9Xiv10TwzHpk2k+Hb61hhXQ4pEkctFC0csqSDYA82RGpXJ1fgr/wTj+MWh/Fr4a/ED9qb9sy6+KemfBa0uU+GGif8IPBpDxXcto1iNR1OdLiX+0btLR5YkdEt0BmeTyy5BAB9ZUUUUAFeX/tu/FvxN8Af2L/AIvfHfwWqtrPgr4X6/r2kq8YcG5s9OnuIsqeGG+NeD1r1Csvxt4M8M/EbwZq/wAPfGukx3+ja9pdxp2rWE2dlzbTxtFLG2OcMjMp+tAH5jv+zL8Nv2IPg/8AseftifBH7bb/ABP8YfFDwNoPxR8aSarPNeePLbxGgt9S/tNnci8/fXC3cZcHyWgXy9ijFfpT8XPhR4I+Ofw31b4S/EmwurvQdcthb6pa2ep3FnJNFuDFPOt3SVA23B2sCQSOhNfLfwg/4JY/EvwrrXwo8IfG/wDbNv8A4gfDD4FapDqPwv8ABM/gqCxvRc2ttJa6bJquopO/9omzhlby9kNtukVJJPMZefXfiZ8CP2s/GXhH4x+HPCP7bDeH7nx0kEXww1GP4f2sr/DyMWkUM+zbNG2pPJKs06yTMhiaUKMqgyAfMH7O3wW+Bfw4/wCCutv4H/4JueBYfCngb4feANVsP2jV8MzSR6Be6zcvaPo+nmLcYpNWgC3U8sqjzI4p1SR8yBK8f/bt8ZXv7Z/x6+B/7YsfiGRfhn4H/a/8FeEfg/ZR3W2HW511jZrHiJ1BxJE00AsrRjkCK3uJl+W6Uj67/wCCfX7Cn7Uv7Dvh3w/8I739qP4ca/8AD3R4bhr/AEXRPgpd6VqurXsqsz31xqU2vXZkuJJ286WR4XaUkjK5BHG/tHf8G/X/AATb+NMPhH/hAP2XPhn4Hn0D4i6T4i1240/4fW0za9p9rOZLnSZdrx7YrlTsdzvAHJjfpQByv/BRX9gT4l/Hb/goFpf7UQ/4J+/DH9oXwbpfwSXw7H4a+InjC30zyNT/ALWluzNaiayuleQQkIN4iQ+cf3owa+nP+CdHxi+BPxy/Y58HeNf2cPhY3gTwtbw3Wkw+BJLCK1fw5d2V1LaXenNFESiGG4hlT5flYAMOGFUfjN+zx+2bf65bWP7Jn7aHhv4Y+ELbw/baZa+FdR+DkGt/2eYQyia0n+3W3lnYY1EcqTRr5QwuCQer/Y0/ZS8EfsVfs7aH+zz4E17VNYg0uW7u9R17XJVe91fULy6lu7y9nZFVd8txPK+AAFDBRwooA9RooooAK+Mf+Cj+gad+0B+2t+zF+xD8SxNefDbxxN4w8R+OPDguXit/EB0WwtPsdjdbCDNbefqHntASUkNqm4MBivs6vEv2xf2P9S/aT1LwH8T/AIZ/FubwB8Sfhfr0+qeB/GC6KmpwQi5tntbyzurN5Ixc2s8D4dFkicNHG6yKU5APHv8AgnD4f039n79tj9pz9iL4ZLNZ/DbwRJ4P8SeB/DZuXlt/D51qxu/tlja7yTDbedp/nrApCRtdPtCg4r079uT9mT/gn54+8OXf7SX7fPgfw/qvh/wJ4eme4vvGV7M+maZahjI832Uv5JmJwFk8szE7UQ5IBzvg5+wz8VfhB8O/jB4isv2qZbv44/GNmudW+L7eCrcQaVdw2Is9N+y6Q8rxfZbNFVkt5ZZDIzSmSRvMOOS/bf8A+Cdf7TP7X3ij4TavaftneHbHSPhqsWoap4R8W/CRtY0rxP4giUCLVrqC31WyB8pgZIrZi8SSHfhiq7QD598P/sfftR/tRf8ABBnxh+zvo/gfUZp/G/js6r8JfBHxK1p0vNM8FjxTa3+nadqE9x5joU06EnY5kdI2SIgsuwd7+yF4y+Cn7HHxY+JvwJg/4Jg+BP2fPijb/Ce58b6enw91G21PSvGGjWUjRNsvIbS0l8yC5ljV4JYUYC4V1LKc19NH4S/tx33wDuPBuqftmeFbb4inWlubLx1onwfEOnpZqUP2SXS7jU7gybsOGlW5jbDjbtK5blv2ff2EfiD4X/aO1f8Aa7/a1/aNi+Knjy98Et4P0ZdO8Fx6Doui6LJcpc3EEFl9ouXeSeaOJpJpZ3JWJEUKowQD4XsPgd4R+Av/AAS2+Av/AAVw8KXd7N8fdV1z4feLPG3xCbUpm1DxYviPVtPg1LSrxt+JrQw6pJGlvjZCIIzGEKZr9eq+KPh9/wAEivGHhXTfAfwD8V/tg3+v/AL4X+MbXxD4J+F03g2GK/DWVwbnTbC+1b7QxvLK0m8tkiFvG7CCJZJHCnP2vQAUUUUAFflpF+zJ8Nf24vhH+2H+2D8cBe3HxN8H/FDxxoHwu8Zx6rPDeeArXw5GbfTjpjI4FmfPt2u5CgHnNO3mb1OK/Uuvjj4wf8Es/iZ4p1v4r+E/gd+2bf8Aw++GXx11SbUfij4Kg8FQX9611dW0drqUulai86HTjeQxKJN8NztkZ5I/LZuAD3b9h/4t+J/j/wDsWfCD47+NVUaz42+F3h/XtXCRhALq806C4lwo4Ub5G47V8R/8FAv2Pv2VPgh47+HHw6/Yb+G0mkftT+N/iRper+FvFOjaxdzaxaaXb6nDPrWqatcySvJJpYtPtMDxTlo5HuI4o0LYC/c1h8FfHPg3x18PLb4SfFmLw18M/BPhe70fUvhrD4aguE1f91bxafIt87edaC0SGQCNARL53zkbBn5i+Cn/AATU/b4+Bnx08e/tBaJ/wUL+HeueJviLroute1/xV+zzc3epJp0bf6NpEE6eIo0gtIEJWOOOJV3M0jBnYmgDlP8Agoh+wB8TPjX/AMFDov2qZf8Agnf8Mf2h/B1j8DrTw3B4d+IXjG20yS21OPV727kktFnsrpHk8mWNB5nkofNx5owaofHr4T+FP+Cov/BMn4AXn7Ev7Knhq98G+HfixpOq6j8HPG1zDo1haWOjvf2d/o1yFhnSMJcI1sQkUoP3grLX1V+0H8Ev27PHXjq61f8AZ1/br0L4f+H7zTY7dtE1f4PQa7PZzDcHuba5N9b7XYFTtmjnQFfu4JFYHgf9hf4pfs0/sn+CP2Zv2I/2oj4MuPCd9c3WqeI/GfguHxI3iOW6luLm7ku4hPasskt3cPcFoZY9p+UDbxQByP8AwS38RfAvwT4v+J/7JvhP9gzw3+zt4/8ABdzpmp+MvB3hG4tbrTNWtb6KUWWp2t5bwwfao2FvNG2+GOSNoirKMivsGvAv2Qf2KvEf7P8A8S/H37RXxs+O1z8Svif8SV0628Q+Jf8AhH4tIsbTT9PSVbOwsbGOSX7PChuJ3YtLK8jyFmY4GPfaACiiigD5g/4LM/Ff4h/Br/gmx8SPFnwp8V3eg69f/wBj+H7PXdPk2XGmrq2sWOly3UTjmOSOK8kdXHKsoYEEZryKX9mn4Mf8E5P+Ckv7NHhT9j7wj/wh+hfF218V+GPiJoVjezPb659h0ZtUs9SuUkdhJexS2kiG6P711u3V2YECvr39qf8AZv8Ah5+17+zx4u/Zp+Kou10Lxho8ljeXGnzeXc2rEh4rmFyCFmilWOVGIIDxqSCOK8i+CP7B/wAaNN/aH8MftK/tg/tcD4sa58PvDd9o/wAPLex8CQ6Bbab9tESXmoXKR3M5u76WKCOLzAYokRpAkKmQkAHsv7QH7Ofwd/ak8Aj4W/HXwo+u+HWv4ru40g6jcW8N08ediTCCRDNFk5MTkxtgblIGK+I/2Gk+HPwn/ac/aP8Ai7+wf4RbTP2cPB3gK306HRtLuJBoOt+ONPe9l1G40eIkxxxR2/2a0nkhCxyzxnG8xM1e7ftJfsZ/tiftBfsi+Nv2bYP+Cg82h674v8X31xF45tfhzCkuneGp7lnTQUhtby3Y7ICtsb0SpM6Bm+Vmyu9+xp+y/wDtFfs4+Frf4R/E/wCNfwx8Q/D3SPDiaT4b8HeBvgvN4bTT1Uqo3SS6xfLLH5YdTH5almfcXPIYA/N79hP4j+Frb4JfBf8A4KZ/tqf8E7v+EgPjrxZpE2tftLa14/W58R6drOoagtvb3Y0wR/6HoqXkkVrDFDc8W4jZrbDEH6M8Ffsk/B7/AIKcftB/tY+PP2ptNuNV1HwP8ST8PfhhcS6lPE/ge1s9B066+36aUdfst1Ld38tw1wuHJjRd2xQtdj4T/wCCO3jLQ/BfhX9lbXf2yr/VP2c/BPjG017w/wDCt/BMEepPFZ341Cx0q61n7QxuLGC5SJggtkmZIURpiBmuy+NX/BOX4x638W/iV8Q/2WP2zLn4V6b8aLO2j+J+i/8ACDw6u8t1DaCx/tHTJnuIf7Ou3tEiid3S4QmGOTyw4JIB1f8AwSY+O3j79pr/AIJp/BH46fFPUJLzxJ4h+HenTa5fzD5726SMRSXLf7UrIZDjjLnHFfQ1cr8Dfgz4B/Z0+DHhT4B/CzS2svDfgzw9Z6Lodq8m90tbaFYo97fxuVQFmPLMSTya6qgAooooA+A4/wBmr4Mf8FG/+Ck/7S3hP9sHwh/wmGg/CKz8KeGPh5oN/ezJb6J9v0ddUvNStkjdRHeyS3UcYuh+9RbRFRlANeuf8EZvit8Q/jJ/wTa+HPir4q+LLvX9d09tZ8P3mu6hJvuNSXSdZvtLiupXPMkkkVnG7OeWZixyTUvxv/YQ+NGpftD+Jv2lv2Pf2tx8J9e+IHhux0b4h2994Eh1+21L7EJUs9Qt0kuYDa30UU8kQkJlidBGHhYxgnqPhh+xxrv7OHwT+D37PH7LHxvu/CPhX4aapbt4kg1HQLfVbnxhpqw3H2i1mmlKm1mnuplunuYhu3oyhQrnAB8w/wDBX/8AZP8A2H/h58HfFvxM0P4O3WoftI/FK8m074L6romt3Z8UT+LZkP2OTTpzNvs7e2cJcTeWY7eKCFy4wcNzv/BRvxt8efG37WH7NX/BPDxh8Ipvi2mufDXVvEfjjwhD4qOg6N4r1myS0gRtUu1jZl02EteXBhWKUSzPaq0LAceveJ/+Cb/7a0n7cfi39t/wT+3j4EOq6xYrpPg3T/G3wIuNYbwbow5awsZItftUXzXAeabylkmYKGO1VUemftK/sR/EL44eIvhd8evAn7Qlt4L+M/wus7u1sPHEHg1b3TNTgvreKLUbW50uS5VmtpnhilRFuRJC0a7ZW+bcAfKWvfBrQv2wf+CWX7Qn/BPP9lT9jbRPhH8RfDvjax0jxd8JG8QxSaRb3zT6XqAube7VFjazuLARyqywxkkODCG+96d/wTzj+BP7OX7XGufspah/wTG8B/s6fEjX/A58RaVf/DrU7XU9L8VaNbXccEyreRWdpIs0E08Ja3lhHyyh1Zhk16X8KP2C/jR8FPhd8QL/AMBftfyf8Ln+J/jODxL4x+K2p+A7a4triaGK3torOPSvOVYrNLS2jt0jE5lUFn84seLv7PX7DXxQ8J/tO3P7ZP7V37TSfE7x9B4Ok8LeGF0fwZH4f0fQNLmuY7m5EFoLm6keeaWGEvPJOx2xKihVyKAPpCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDzP9sX9rT4O/sMfs0+Lf2qvjzq81p4Y8Iab9pvRaxh57qRnWOG2hUkBpZZXjiQEgbnG4qMkfLnw9+Mv/BwB+0L4Ls/jf4C+An7NXwu0PW7Vb3QvAHxP1PX9Q19LZxujF7cWPlwWsrIVJQRSNHnDqGBUc1/wdBaBrd5/wAExIvHEGk3F/oPgv4reGNf8aWdvEZDLpEN55c25B95Q8sTHsAuTwM1+gnhPxX4a8eeFtN8b+DNdtdU0fWLCG+0rUrGYSQ3dtKgkjljYcMjIysCOCCKAPiD9tv/AIKRftsfsif8E5/Df7TPjz9m7wl4P+J938T9L8LeIPCOrapLrWmJb3Govatd209tJbs6ywqk8W45TzArqxU1931+dn/BzPdWt3/wTp0Q2tzHJ5fxz8IJJ5bhtrDUBlTjoR6V+idAHyr+xZ+3H8Wf2jf2+P2q/wBlnxv4e8O2vh/4Ga94ZsvCV5pVpOl5dx6jp81zObt5JnSRleNQnlpEApOQx5Hy3+wx+3d/wXy/b2/ZBg/bN+DHhb9lC40661DVYLHwVqWi+I7LUb02N1LbtEtz/aEsEckhiOxmGzLDcVGSO/8A+CVv/KYz/gol/wBjh4C/9Mt1Xy3/AMEH/AP/AAWC+IP/AASt0Twv+yT8e/gT4F8B6j4h8SQadrmv+DNW1HxPprtqlys0yFbtbN2Ehdow0WANobJyaAP0y/4Jf/t8eGv+Clf7GXhf9q/QfBVx4ZudVkurHXvDV1cec+l6jazNBPCJNq+Ym5d6NtUlHXKq2VHG/wDBRr9v74xfs5fF34Q/scfsk/CXQfF3xk+ON/qkfhRfGOqy2eiaPZabbC5vL69eFWlkVYz8sUeGfa+DlVR+/wD+Cbv7B/w+/wCCbX7IHhf9kv4d+Jb3XYdC+0XGqeIdSiEc+q39xM01xcsgJEYZ3IVMttRUUsxBY8//AMFE/wDgmL8I/wDgohZeD/EOv/Ejxl8PvH3w41G4vvh78Svh9q/2PVdEmnVFmRWIIeKQRx70OCQgAZctkAzfgHq3/BZ/RfjT4e0j9q7wr+zjr3gDUWuE8Qa18MbrW7DU9HZbaV4XW31BpY7lGmWKI7ZFYCQttwpr3f4x/tB/AT9nbQYfFX7QPxv8IeBdLuJTFBqXjHxLa6ZbyOBkqslzIiscHoDmvze1j4q/8FTP+CRf7X/wH+Fv7SH7aen/ALR3wf8Ajj8RbbwNBJr3g630nxF4ev7oqsE6y2zN9pjVmDO8jP8AKrDbGWVq2f2SPgr8H/22P+C0n7X3jr9sjwHo3jjX/hFqHhvw18NPDHjCwjvrTw5olxYPcG5trWcMivcyDzDNtLAlgpAcggH6LfDL4ufCj41+E4/Hvwa+J3h7xboUsjRxa14Y1qC/tHdQCyiaB2QkZGRnjIrl/A37ZX7IHxP+Is3wg+Gn7Vnw28ReLbdnW48L6F450+71GIpneGtopmlXbg5yvGDmvi3/AILzeDPCH7EP/BGX4wWX7HngLRvhfYeLvEWkxeL7rwNo8WnRww399Y2F9dmO3VVDy2yR27sBllbnnmuR/wCC0v8AwT4/YK/Zf/4I3+Ivid+z38IPCXw/8QfB/TNI1j4XfEHwvp9vaataajDeWyW8i30SiWd7gsFdmZvMaQOcuFYAH6ReMvjb8GPhz4r0nwJ8Qvi74Y0HXNetL260LRtZ1+2tbvUYLOLzruWCGV1eZIIj5krICI1+ZiBzWb4E/af/AGafij8PdV+Lfwy/aH8DeIvCmhXUttrnifQvFtneafp08SJJLFPcxStHC6JJGzK7AqsikgBhn81/+CgHwj8Pftq/8FOv+Cb/AIP/AGmvCkd7ZeI/BXjPWPGPhy4jKwXk8WiafetaTx9HhNxGqyQsCroGRgQxFVP+C13w2/4RX9rP9kb9ib4AfsZeD/E/w68b+K/E/iXxF8HbTV7XwlovjTWNM061NnFe3CW7xMIU/e+VJG4n8qOIjhSoB+mPwY/al/Zk/aQN8P2eP2jPAnj3+zCBqX/CF+L7LVPshJwBL9mlfy8kH72Old3X5P2/7IH7evib9uj4CftJfCT/AIJDfDL9m9/AnjFLfx74m8B/F7TLoa14VuU8m9sLiytNPtBcBVKyxli5Ro8KoJBH6wUAfNPgz9sz4kfGj/gpd41/Y++Duj6CfA/wh8D2lz8T/Et/aTTXZ8Ral+807TbQpMkaLHapJPOzLIxLxxgRnLHE/wCCSn7ePxZ/bS+G/wARPB/7Tnhjw7oPxc+D/wAUNV8HeP8AR/C1tPBYs0Eha1vLeO4mmkWGaE8M0jbmikZcKQB5X/wQfaXU/H37bfiPxPk+JJv21/F9pemT/WCwt4rNbFOeTGqNIEPp0rnPjH4h0H/gmj/wXq0r48eJdVh0T4XftZ/DmfSvF2oXD+Xa2XivQIfOtrqZhwvmWP7lRjLPJI2Tg0Ae6eNv28Pi/rP/AAV/8H/8E5fgX4c8N3nhzSPhpe+M/jZr2p2dxNd6bDI4g0y0tHjnjjhneYo7iVJd0MoKhdpJzfh78VP+Cq/7Qn7Jfgb4m/s+fGD9kPVvF95qesR+Mda0r+2dd8LXMEV48VoumzWd6r+aiIVuPMdwJQyqF2kV5v8A8EAfDGvfHHwz8ZP+CsfxH0qaDXv2mfiPcah4djvE/fWXhPTWex0m2OeQQqTZIwHURNjoav8A/BsH/wAoYvhr/wBjB4q/9SLUaAPPPgj+2h/wXn+OP7bHxv8A2ItE1b9kWy1r4GweHJdb1m68F+KDa6iNYsDewiALqhceWg2tvA56ZFfoj8Aofj/b/CPR4f2pNS8HXfjxUm/4SC48AWV3b6Q7edJ5X2eO7kkmUeT5Qbe7ZcORgEAfEP8AwT5/5WAf+ChH/YP+Fn/qNtXvVh+1h+31c/tHt8K73/glN4itvAY8WyaavxSb4u+HGtzpi3DRpqv2AXH2vY0QE3kbPNAbaV3AigDL/Zb/AG4/iz8bv+CoP7Uv7FHivw94dt/CvwQtfBcnhTUNPtJ01C7Or6Sby5+1u8zRyBZBiPy448Lw28819U1+eH/BPn/lYB/4KEf9g/4Wf+o21fQn/BWj9qDVf2Pv+CdvxT+N3hR5T4lh8NtpXg2K25ml1vUHWxsBGo5dhc3ET4HOEbpjIAPOP2e/26f22f2s/wBlz4xftE/s1fBTwL4muNP+L2peG/gTpV/qU+mW2u6JYX0NjPql7dvJIGzIt9IqxJHlbdUwWbNVP+CT/wC3R+3B+0z+0F+0V+zX+3T4L+F+j+JPgnrXh+yg/wCFXR6gbWX+0bS4umEkt7M7TFFSFdyxxDdv4YbTX0B+wL+zBpf7F37Fnwx/ZZ0tIs+CfBtlp+oTQ/duL4Rh7ucf9dLhppPq9fKf/BLH/lL5/wAFDf8AsdvAv/pknoA+2P2g/j18Lf2Xfgl4n/aF+NfiaPSPC3hDSJdR1m/k5KxIOEReryOxVEQcu7qoyWAr48/4I7f8FLv2wf27Pj3+0H8Jv2tvgb4Y+H8nwxk8K3nhjw/pEF0NRtbHXLO8v4YNSkmnkSS6jt0tFfy44QshmBXoF8+/4Kt/HH4ia7/wUI+G/wAGPi9+xP8AH/x38AfhzY2/jbUl+E3wmvvEFt4v8UiVhp9ndvEFiFpZBTctEXYyTGIOhVQa80/4JLft36b44/4La/tevH+yb8dtK/4WzrXgRIBrnwvubY+E/sWhXaE67ub/AIlYn6wGTPmryKAPu34V/tmfEJf+CkfxE/YA+O2iaHZyJ4QsvG3wf1nR7aaE6zoLv9lvYLkSyyKby2vFwTHtDwyo3lptJb6Tr8+v+CgrzaT/AMF3P2BdQ8J5GqalY/Eyy11Yv+W2mJolvKolx0RZcsueC9foLQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAGf4t8JeFvH3hbUvA3jjw7ZaxousWMtlq2lalarPb3ltKhSSGWNwVdGVipUgggkGvjDSP+CE/wAFfh5aTeEv2df23f2oPhR4Kkmd4Ph38P8A4xyQaPZB2LOlstzBPPbKSScRTL14Ir7fooA+TvjP/wAEa/2S/i/+wnpv/BPaz17x34U8FaV4li8QW+reHvE/m60+pLdyXj3Ml5qEd0XkkuJZJHYrnLfLtAAHN+GP+CM+ueGfEuneJH/4K/8A7aupDT76G5Onap8YbGW2uvLcN5UyDTAXjbG1lBGVJGRX2rRQB4z8AP2HPhN+zl+0r8Z/2pvBHiHxFdeIPjnqWkXvi2z1W7geztJNOtZLaAWiRwo8askjF/MeUlgMFRwT9gf9hz4Tf8E6v2atL/ZZ+CfiHxFqnh/SdSv722vPFN3BPeNJd3UlzIGeCGFCoeRguEBCgZJPJ9mooAK8H/bF/wCCfPwx/bK8Q+GvHmufF74oeAPFXhGC6t9B8WfCrx5caJfQwXLRNNC+wNFOjGCP5ZI2HBx1OfeKKAPkf4Jf8Ebf2ffhl+0DoP7Ufxd+Ofxi+N3jfwisv/CF6t8afHf9rR+HXkG2SWztoYYII5CP4zGxBAYEMoYbv7Vn/BKf4A/tQ/G20/ae0b4lfEn4T/E+30kaVdfEL4O+Lv7G1HUtPB3La3YaKWC6jU4x5kTMNqjdhVA+m6KAPCvhj/wT4+DXg79mjxb+yr8VPGnjr4veHPHlzczeL7z4v+LJdav9RE8EMDR+cQnkxqkEflpCsYjYF02sS1eI+F/+CBf7Kthd+F9C+Jv7Qfx2+JPgHwVqMF74U+EXxF+Jbah4Y0+S3/49l+yiBJJ44RgRxzyyIFG0gqSp+46KAPH/AIs/sU/Cv4x/tdfCT9tDxPr/AIgg8U/Bmz1628L2FhdQLp90mr2qWtybpHhaRyqIDH5ckeGyW3jipf2yP2Iv2e/27fhna/DH9oDw3eTx6VqsWq+G9d0TU5bDVdB1GLPlXtldwkSW8y5PIOCDhgw4r1uigD5U+CP/AASl8PfCP4p6D8VfF/7d37TPxLl8NXf2rRtD+I/xbe70yOYIyLJLbW0Futyyhjjz/M555NfVdFFAHyZ8F/2WvjH+zL/wVQ+KHxc+Hng4ah8Ifj54ZsdZ8UXkOoW8Z8NeLtNUW2TbySLLJDfWrhi8SyFZrc7wisGPX/8ABSr/AIJpfs8f8FUf2fbf9nT9o6/8Rafplj4gt9a03V/Cd5Bb6hZXcSSRho5J4JkCtHNKjAoch+MEAj6EooA5j4J/CDwN+z78HfCvwK+GWmGz8O+DvD1nouiWzEFo7W2hWGMMQBubagJbAyST3rhv2Ef2KfhX/wAE9f2ZND/ZS+C+v+INT8O6Beahc2d74ouoJr13vL2a8lDvBDDGQJJ3C4QYUKDk5J9gooA8Z+Dv7Dnwm+CP7YHxj/bX8KeIfEVx4q+N8OgR+K9P1C7gfT7QaRZGztvsiJCskZaM5k8ySTLcrsHFezUUUAfFfxq/4Ik/DX4rftb/ABC/bO8D/tz/ALSHwr8VfE9dKXxbafCnx7Y6VY3I06xisrYbG0+WQ7Y4y3zyN88shG0NtHPan/wRa8anx98NIdZ/4KAfGP4neCPDPxV0rxx4r0X43eLI9anluNIgvDp1vYGC1gWGN7q6WW4Em8SC1gwAU5+9aKAON/aB+EE/x8+D2ufCK2+LXjLwK+tQRxL4s+H2rpYaxp22VJN9tO8cqxsdmwko2Udh3yPjP4S/8G/Xw8+Cvxf1j45eBv8Agpr+13D4h8T6tY6h4xun+KOnD/hI5LQbYFvimlq1wgjzHgtnYzAEZr7+ooAK8b+Bn7EPwo/Z/wD2pfjR+1x4N8QeIbnxJ8dLjQpvFtlqd3A9jaNpNnJaWws0SFJIw0cjGTzJJcsAV2Dg+yUUAfJnw/8A2WfjH8S/+CtPjD9uf46+Dho/hjwB4Cg8DfBGxl1C3uH1Bblxd6rrbJDI5ty7lLSNJNshjidmRMrn6zoooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/9k=" + } + } + ] + } + } + considerations: { + users: "Who are the intended users of the model?" + useCases: "Who are the intended users of the model?" + technicalLimitations: "What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?" + performanceTradeoffs: "What are the known tradeoffs in accuracy/performance of the model?" + ethicalConsiderations: { + name: "The name of the risk" + mitigationStrategy: "Strategy used to address this risk" + } + fairnessAssessments: { + groupAtRisk: "The groups or individuals at risk of being systematically disadvantaged by the model" + benefits: "Expected benefits to the identified groups" + harms: "Expected harms to the identified groups" + mitigationStrategy: "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented." + } + } + } +} diff --git a/src/test/resources/1.6/valid-machine-learning-1.6.xml b/src/test/resources/1.6/valid-machine-learning-1.6.xml new file mode 100644 index 0000000000..d0346f2105 --- /dev/null +++ b/src/test/resources/1.6/valid-machine-learning-1.6.xml @@ -0,0 +1,96 @@ + + + + + Acme Inc + CompVis + stable-diffusion + 1.4 + Stable Diffusion is a latent text-to-image diffusion model capable of generating photo-realistic images given any text input. For more information about how Stable Diffusion functions, please have a look at 🤗's Stable Diffusion with 🧨Diffusers blog. + + + + supervised + + task goes here + the architecture family goes here + The architecture of the model. + + + dataset + Training Data + + https://example.com/path/to/dataset + + bar + bar2 + + + public + + + + + string + + + + + byte[] + + + + + + + The type of performance metric + The value of the performance metric + The name of the slice this metric was computed on. By default, assume this metric is not sliced + + The lower bound of the confidence interval + The upper bound of the confidence interval + + + + + Performance images + + + FID vs CLIP Scores on 512x512 samples for different v1-versions + /9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAMEBgUGBgYFBgYGBwkIBgcJBwYGCAsICQoKCgoKBggLDAsKDAkKCgr/2wBDAQICAgICAgUDAwUKBwYHCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgr/wAARCAH4AxgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPDv2yv+CkH7G3/AAT/ALrwpYftYfFe68N3PjiW8i8K2tl4S1XV5dQe1WJrgKmnWs7LsWeI/OFyG4ztbGN+y9/wVb/YY/bK+Jp+D/7PHxO8Qav4gXTZb82mpfDPxDpMfkRlA7efqFhBDkF1+XfuOeAcHHyZ/wAFx/ird/BH/gpn+wN8U7D4UeLfHE2j+KfHUieFPAmnRXerahu0qyj2W8U0sSOw37yGkX5UY5JGD9i/smftw69+1R4r1Twvq37DPx4+FKaZp4uk1T4teE7HT7S9JkCeTA9tfXDNKM7iCqjaCc9qANj4f/t7fsnfFH4O/Ef4/eBPit9u8JfCTWNa0v4hat/YV/F/ZV3pMIm1CPypIFln8qMht0KSK/RC54rwnSf+DiL/AII+6xY22sJ+1feWenXao1vq+r/DHxLY2LK33W+03GnJCFOR8xcDnrXyt+wD/wAodv8Ago7/ANlg+NH/AKaEr7a/4IwWNlqf/BIL9njTdSs4ri2uPg3osdxbzxh0lRrNAysp4YEEgg8EGgD6G+F3xW+GPxu8B6d8Ufg58QtF8VeG9Xh83S9e8P6lFeWl0mSCUliZlbBBBweCCDgit+vzQ/4Je+GNH/ZN/wCC1X7Xn7C/wZtE0z4YXGjeHfH2h+FLQbLPQNSvLeNb1LeMfLCkzyBtigKqQxKoAQV9Zf8ABUXVP2qfDP7A/wATPHX7FPjt/D/xL8MeHX1zw5crpFrf/avsbLcT2fkXUUiOZ4I5oVwAweRSGBFAHvtFfB37Zv8AwVc1Sw/4I0eH/wBt39lSaMeP/jNpOiaJ8JdOjiiuHj8TauywJbqkqtHLLav9pYo6sjNaFWDAkHgv2/v2yv2sP2eP2i/gZ+w744/4KA+GvgRo+v8Awqk1Txd+0j4s8Eafdp4j8RWskVvLptulysenWLuC10xdAoWRFUL8quAfpdRXhH7BugftAaX4C1PWPjJ+3l4f/aD0nVLmKbwl4x0Pwhp+lGKEKwlikOnSvb3PzbSsiBMcgg9a8O/4ORPj78R/2dv+CPvxT8U/CjXZ9J1nWxpvh5dXtpSj2Vvf30NvcuGHKloHljDAgqZAQcgUAdj8TP8Aguz/AMEnfhN451P4d+KP2w9KvNT0SYxayfC/h/VNbtrBwSGWe6061ngiKkEMGcbSCDgg16F4w/4KZ/sI+CP2Qbn9vbVP2ktEvPhFZywRXXjTQIbjVIIpZbiO2SIxWUcswk86WNGTZuQt84UAkdh+yh+y58G/2Mv2fvDP7N/wI8IWWj+HfDOlxWsEdpbrG11IqASXUxUZkmlYF3kbLMzEkmvhf/g5o+Fvw2+FP/BC3426b8MvAek+H7bVfEug6nqNro1hHbRXF5Lr2nebcMkYCmR9oLNjLHJOSSSAfpbXnfgb9q74BfEn9ofx1+yn4K8e/bfH3w1s9NuvGug/2XdR/wBnQ38PnWjefJEsM3mR/NiJ3K9GCnivRK/PD9hr/lYa/bm/7E/4b/8ApnoA7zUf+Dhr/gkNpGo6pp2o/tS6jENF1SfTtWvT8LfE5s7S5hkMcqPdDTfJXawILb9vfOOa+svhR8Wvhj8dvh1pHxd+DXjzSvE/hjXrQXOj67ol6lxbXcRJG5HQkHDAqR1VlKkAgivx4/4Iz/8ABVf9ib9kL9lL4q/BL44ah4u1TxRJ8dfGV0nhDw18Lta1l9ShmugqQpLb2j2jPJtZdjzLjPzbQc19af8ABuV+zf8AG39mz/gnjcaX8b/hlf8AgWXxb8Sdd8UeGfAWqxmO58N6PdyR/ZrKSI8wsPLeTyyAyiYbgrblAB9c/tH/ALT37Pv7IXwtu/jV+0z8XNF8F+F7KVYpdX1u7EaPK2dsMajLzSsFYiOMM5CnAODXi3wH/wCC0/8AwTL/AGlfilo3wU+Ef7TsNz4q8RSFNA0bWfCmr6RLqTBSxFub+0hWY4BPyE5A4ry//gtj+yx+1P8AFXxd+z5+1l+y78F9M+K118BPiFc+INa+Eep6vFZf8JDBNBGizQSTgxC5tzGWj3AkNJuUOV2NF8Dv+C437PPxa/aC8Ifsr/tmfsffFL4CfEXxDqiJ4Hs/jB4NWPTtT1HIVI7C/BKvMWbYrlIwWdUVizhSAffNFfBPxj/aW/bl/bK/4KM+Pv8Agn3+wx8bdF+D/hv4J+HtHvvir8T7vwhBr2qXGparC1xZabY2t0fsyJ9nVneaQOQykADbhus+N3x4/ac/4JOf8E8/i9+1B+2D+0XY/HS88G2iXfhK+XwTb+HZ5ZJ3htLazu0tHaJgbuaPM0aoQjn5MqMgH2VRX5gfGnX/APgul+yR+xhP/wAFI/Hn7aXg7xrqPhnQIfFXjz9n5/hXY2OkQ6ZtWW8s7TVInN6JreEuRLIzhzEflPAboP8Agob/AMFC/wBsC68d/sQyf8E7/GOlaZaftJ3F7Nc2PirRYLq0msrjSbS6tbi5+UzKtqty9yY7eWJpTF5ZfDZAB+j9Ffmz+3B+19+2B/wS4+GXgv4M/Ev9vbwb43+JPx1+IZ0vwp8Sfin4S0zwx4f8BaVBbI+oXk6WsiJcLFuQxJNJuZ51VncKEfz3SP8AgqB8Sf2Rf2j/AIQaXr//AAWa+C/7XHgz4o/EKw8F+KPDnhqz8PWGu+F7i/LJbarapo9w5ls0mCpMJlYqrqAxZwVAP1oor8uvjt+3V+0d8Sv+ClvxW/ZD13/gqT4N/ZE0f4frpEfgLStf8D6TeXvjuK7tBNJqC3WtMIGjWUtEsVv8/wApDYZCW/Qb9mDw98Z/C3wQ0XRPj/8AHPS/iV4njE73PjjRvDselQatA8zvbSi1ikkjjbyGiVtjFWZSwwGwADv6K+P/APgrB+2p8f8A9n2/+Dv7LH7H9tokXxZ+P/jl/D/hrXvEtqbix8PWNvEJtQ1N4Aw+0PDEyFIidpLEndt2N5R46+Of/BRr/gl7+058ENI/az/a4034+fCf43fEG18AX2qXnw5sPDuq+FtfvEY2EkP2AiO4tpXSQOsilkVCdxOMgH6L0V+b/jP49/8ABTb49/8ABZH4y/sE/s7ftMaN4B+H/hf4deHdc/4SPUPA9lq11oEk8f7yOyidU8+e5kbJe6klihjgk2xFnXHoH/BN/wDaX/bB0r9tn42/8E2/21fi3pfxK1r4b6RoviTwf8SrDwxBo1xq+lagjh4ru0tv3EcsMqqoaMAMCxPYUAfbGrarYaHpVzreqz+Va2du89zLtLbI0UsxwAScAHgDNfFuif8ABxP/AMEifE2lw654c/aO8S6hZXAJt7yx+Cvi+WKUAkEq66SQ3II4PUV9h/EDSb7X/Aet6FpkQe5vdIuYLdCwUM7xMqjJ4HJHNflZ+zFr/wDwWR/4Inf8E4vCmifF39jb4U/ED4ZfCbQLm48XW/gf4jXf/CUWenG4mu7q88ue0W0l8hJXYxxyMSsR+YDLAA/TL43ftJ/Ar9m34OXn7QXx5+Jum+FPBthFBJea/rLtFDEJnVIgQRu3O7ooXG4lgMZrhf2KP+Ckv7FP/BRSx8S6p+xp8bY/Glt4QvILXxDPDoOoWSW0syyNEAby3i80MI3O6PcvHJGRntvh34x+CP7Y/wAAPC/xX0bSNO8UeCvGuiafr+ixa1psc0csEqJcW7vDKGCyLlTgjKOvYivi7/gkVaWtj/wU4/4KA2VjbRwwxfFPwykUMSBVRRpEgAAHAA9KAPpf9rP/AIKZ/sLfsN+JdM8EftQftC6b4b1/WbL7ZpXhyDT7vUdSurfe6CZLSyhmnMZaORQ+zBMbAHINbX7JH7eP7In7dvhnUfFn7J/xz0nxhb6NdLb61a2yTW17psrZ2rc2lykdxb7trbfMjXdsbGdpx6Nc+FfAmneJrj4oXfhzSYNZGlLZ3XiKSziW5FjG7yrC9wRv8lXkkcIW2guzYBJNfnP/AME8b/Sf20v+C1/xq/4KWfs3aCLP4L6b8MIPhpF4rt4fKtviF4gg1CO4uNTgwMXEVtHF9lFxyGCx7GILAAH6XVy/xr+M3w1/Z1+EfiP47fGPxJ/Y/hXwlo8+qeIdV+xzXH2S0hQvJJ5UCPJJhQTtRWY9ga/P79pz/gqN+0d/wSK/aK8eeB/217bXvix4E+IdrNq/7M2uaF4bt4r2XV8pGfBl0tjAil/MkjaC5dGdoixZpX+SP0jX/wBmb/gor+0B/wAEa/ij8GP2qPiHp/in44fFfwPrHk6FBZ2OnaZ4ZlvoSLbRYZII08yO3DKjTzPLIz7z5jrtoA6H4df8F4/+CXXxY8U6F4N8AfHXxNf33iXULWy0Qf8ACnPFkUNzNcOqQ/vpNLWJEZnX947KgByWAya9y/at/bO/Zc/Yd+HcHxX/AGsfjRpHgjQLq/FlaX+rM5+03JjeQQxJGrPI+yN22qpOFJr4XH7av/BSv/gkF+zv8Pb/APb6/ZL+Gur/AAQ8I6TofhbxL44+Efji9vNT8MQKkFjDf3lpeWkQuEaTywywHgyDBJwG/RzXvB3w7+JVppuoeJ/Cmja/BaTrfaRNqFhFdLBIUIWeEurbG2OQHXBwx5waAOD/AGOv23P2YP2/fhG/x2/ZI+Jw8W+FI9Xn0t9VGjXtji7hVGkj8u8hikOBIh3bdp3cE4OOE/aY/wCCvH/BOf8AZA+J1z8Ffj5+0zYab4vsreOfUPDGk6HqOsX9nE8ayI88GnW87who3RwXC5Vw3Qg14N/wbfgL+yx8Z1UYA/ap8c4A/wCvmGvuDxTd/Bj4GaP4q+Oni1fDvhazFp/afjTxVcww2okitoAgnu58AuI4Y1QM5O1EVRwAKAMj9mb9q39nP9sn4XwfGf8AZf8AjBovjTw1PO0H9p6NcFvJnUAtDNGwEkEoDKTHIquAykjBBPoNfnJ/wQp8Nav8Vfjx+1N/wUh8GfD+68H/AAm+P3jrSrj4V6Dd2RtW1G1022nt7jXvIIHlLfyy+cCQGYhycjYx+zf21PjF8Rf2ev2RPiX8dPhF8Pz4q8UeEfBGpatoHh4RO4vrqC3eSOMpH87ruUEonzMAQvJFAHp1FfmT/wAE6fjP+1h+2Na+AvjD4L/4L9/Dfx3qGof2fq/jX4M6Z8KtBj+y2zGOW80xRHMmpWrpGZIlnl3HcocpjIr1X/gq3+0ZrvwF8b6FJrH/AAWT8C/sweHbvQw0Oj3vw+0/Xdd1i7E0okuI1vHfZbKnlJ8lu3zh8uMgUAfcNFfnp/wRN/4KheKv2yvip8Yv2W/HH7R3hX40N8MG0q/8L/GLwl4cbR4/EumX0cm5bmy+5Bc280Rjby8I4cYHylm8p/4J3/ET/gtr/wAFK/2U/E3xi0L/AIKDeH/hxN4e8eeIdG8Jzn4T6Vqdx4ka1u3Ef21nRIbW1T5LZRBCZj5csryMSqUAfrDRX5YfsiftE/8ABYr/AIKufsEWf7a/wl/af8JfAm6stKu7XRvCumfDq11tPFep6fuiurm8nvmY2NvNdRSwpDApeJULmWQkIHftP/8ABXr9pnX/APg3P8K/8FQ/gTeW/hX4ja2+hx3iafptvcwm5/ttNOv4oYryOZFjlaOYJuVmRZBhiy7qAP1Nrz/x3+1J8Cfhn8fPAX7MHjfx19i8c/E631SfwPof9mXUn9pR6dAs94fOjiaGHy4mVsSuhbOE3Hivg39s34nf8Fkv+CdXwCH/AAUh+KH7WfhH4g6D4au7C9+KXwDsPhtZ2FhY6bc3EUNxHpeqLI15JLbGYBZJ3ZZApkKjHlN0n7YniXR/Gf8AwXJ/4J9eMPD1z51hq3hH4l3ljNtx5kMugWzo2O2VYGgD9DqK/LX48/8ABUjxv8ff25fip+zH4B/4KmfB79kvwR8GdRt9Fu/EPjQaJeeIPF+stHvuhbW+sTpDBZ25/dGQI7M4ODhsR7P7H3/BW347eJPhf+1V8JZfiL4A/aK+IX7Ovg//AISLwL4++GBhbTfiDZ3Gnz3FskkFjLLHHdRTwGGeKBsEuFQbhuYA/TGivy//AOCdPxy/a3/bV0fwJ8Y/Bv8AwX5+G3izW9USw1fxj8EtO+FOgoLGFtkt3pYVZk1OBo0MkQnkydyBymOK/UCgD59/au/4KnfsG/sSeP7D4UftIfHhdI8Ualpn9o2vhzSfDWp6zf8A2PeUFw8Gm21xJFGWVlDuFBKnBODXvtjeW+o2UOoWjlop4lkiZkKkqwyDggEcHoea/H/4C/sxftveIP8Agvj+0To2gf8ABTLXtI1jRvAvhS91TxAnws8P3Emq6XO8ksOlGKWAx28cKjYJogJZM7nJYZr3Hwt8dv8Agon/AMFNv2tfjh4I/ZI/ay034C/Cr4FeNpPAya1afDyw8Rat4o8Q26A35kF+TFbW0LsiqqLvcMDuBJ2gH6KUV+ef7N3/AAUO/ay139m79r/4G/tE6lokXx1/ZY0fUkm8ZeG9LSKy1qCbSLm+0fVhaS+YkUrrAXeAhowVHGGKCf8A4JK6l/wVU/bC/Z++DH7bX7Sn7b+maToes6Db3mo/DLQvhlprf8JFaeS8a3d7qDAPBPcPi52WkcMcSlI9rfMSAfoLWX448Z+Gvhx4L1j4h+M9S+xaPoOl3Go6teeS8nkW0EbSyybIwzttRWO1QWOMAE8VyP7Wn7Q/hv8AZJ/Zh+IH7Tvi3Tpb3T/AXhC/1y4sIHCvd/ZoHkWBWIIVpGVUBPALAmvzm8Rr/wAFqfij/wAEvPFP7ffj79rzwdfL4x+EWoeJrj9nmL4ZWsGmWug3enSTfZINWWT7aL1bOTzFeQyJ5wEbIy5egD7v1z/gop+xx4b/AGZPCP7Y+tfGHyfhv47vNNtfCniP/hH9Rb7dNfyeVaL9nW3M8XmOcZkjUL1YqOa1P2t/25P2U/2FPB+m+Ov2qvjBZ+FLHWtRFhosbWNze3Wo3O3cYre1tIpZ5iBydiNtyM4yM/nHpP7S3xp/ZV/4NyP2UfiL8CPF0Wi6xfan4E0a6u5tItL0PZXd4Ip4vLuopEBZCRvCh16qynmtD/grN8B/2p/G/wDwXM/Y2svh/wDtz6v4STxcfiA/gFYPAGj3y+BpLLw1atePCLmJhqBvOQftW/yN2YdpoA+1viD/AMFa/wDgn18KfgL4O/aV+I3x+Oj+FPiDc3EHgtr3wpqy6lq8kEjRzLDpn2X7cdjL8xMAADIejoT7L8FfjN8O/wBob4V6L8afhNq9zf8AhzxDafatJvLzSbqwlli3Fctb3ccc0Ryp+WRFPfGCK/J39s39lr9uiX/gtb+yh4Guf+CoOvy+I9Q8A+LX8M+MX+FHh7zPD0ltpNrHfyR2v2fyJzfMrO/mqfJ37YtqgCvV/wBsv/go18Xvh9+1n4W/4Jg6H/wUZ+GPwX1Hwp8LLDXviz+0R8VbPSIbrV759sMVrpunXUsNkLmfa11KMNHGkoCKNm1wD9NKK/OP/gnX/wAFJvHepf8ABQK+/wCCeXxK/bw+GP7Tek638P5fFfgb4t/DwaZDdW01vcLFdaRqdvpcslssgRhNHIgTKKcglgE47/gm/wDFD/gsD/wUh0D4l+Lb39vXTPht4X8BfHHxD4b0O/sfhVpOqapr0NrdAiCXzUSC3tYYmjhUrE1xI5mZ5RtQUAfqbRX5KTf8FU/H37afxz+KH/CJ/wDBZX4Jfsj+A/h746vvCfhTRfEUHh7UPEXimSyISfVbmPWblBb2bykiFYkDMqsGYFdzdR8Kv+CuXx5+LP8AwSn/AGsPHdl8XfBWrfFv9nK01rTrL4ofDhbW+0PxCIrM3Gna1bRv50H7xd2+E+ZGHibgBtigH6h1z/jv4s/Cv4Wz6Ha/E34l+H/DkvibXIdF8Nx69rMFm2ralMGMNlbCV1M9w4VtsSbnbacA4NfmP42+J/8AwW80D/gmLpv/AAVVb9uHwhY6honwtsfG+o/BU/Cmxl03VNNSzjuZlu9RyLpbuW33Tv8AZxDEkjGKNFUCSsP/AILTXvxi/ay8NfsB/tF/CT9ovUvAekfEX45eBZ9B0KHwxp9//YurajaT3dtrIluIy00tvG5jFs/+jvncyE4oA/XSivNP2VvhP8ffg58OLjwr+0b+1ZqPxh16XV5bmDxTqfhDTdFkhtWjiVLQQadHHEyqySP5hG8+aQThVx4F+3h+1V8fP2PP2/P2a/EF948x8Cfiprt38PvGuiTaXa7NP8R3UZl0a+W5MXnqZZFkgZDKIgqbthY5oA+yK+W/2kv+C1X/AAS9/ZH+Mb/s+fH79rbR9G8axXsFpc+G7TR9Q1G5tpplR4kmWyt5fJLLIjDeVGHB71znx0/aq+PfjP8A4LCfCP8AYK/Z28ef2R4c8O+BtT8ffHiSHS7W5N1pzMLTS9OEk8Tm3eS63SP5ZSUxEEMAMnyb/g5b8A+BNB/4Jwap4w0PwVpNlq+rfFjwe2q6paabFHc3rLqluoMsqqGkIVVUbicBQOwoA/SCiqHijxV4Y8EeH7rxZ408R2GkaVYxebfanql4lvb26dNzySEKg5HJIFfLn/BRP9pjx94p/YH+KfxH/wCCZX7Tvha9+JXgDQV8RWv/AAjl1pmuCW3tXE9xaSwMJgPPtoriNCAr79u1gQaAPrKivhH9u3/gqZrmmf8ABIrwr+1x+xzexr8QvjrD4f0H4M2jQw3Lx+INZZESIpKrRvLbL9pYo6Mpe22spBIrk/8Agob/AMFFfi7+zh8bfg7/AME1tC/bT+G3wv8AGfiH4eDxF8TP2hPizHp0FtZWUB+yCSzspnt7Sa+vLuKdhEdscaI5WMjlAD9GqK/Mn9j3/gpf4+8Cf8FFfAX7DXjn/gpb8Kv2sPC/xf0LV5vDXjbwNHo1tq/hfVtNt/tT2moQaPM9ubae3EhikKo7SRsvIQ5pfsv/ABa/4K3/ALfP7Tv7Unwf8Eftv6Z8L/A/wl+OGpaF4a8UQ/DHS9Y1V4gAIdMijnRIFggRfMeaZZp5WuUUOoQkgH6h15/+1H+1H8Cf2LvgTrv7S/7S/jn/AIRrwT4a+y/23rf9mXV59m+0XUVrD+5tYpZn3TTxJ8qHG7JwoJH54fFv9t/9qDx5/wAFFPiX+xt42/4KveDf2UrL4cWmiW/g2DxB4A0e4vviH9psVmn1RZ9YYW4j8/fGsFr8wwVJBQlvTP8Agqx8dP20P2Fv+CEvj744W/7UGjeLfiv4ZGkPY/E3TfA1hDa38F14ksoEl/s6YXNqGNlceW3DqWzIm07doB+gdFfFX/BSH9r39qWw/aw+Dn/BNf8AYd8SaJ4V8efFi01TWvEXxG1/RV1KPwnoNggLzwWbsqXNzLJujQSEoCmGHz74+R8E/tE/t5/sHf8ABRT4U/sZftpftF6Z8bPAfx80/V4fBHj5vBFnoGq6FrenW4uJLO5hscQTW8sTKEcIr73A4CMWAP0Dor8y/hL8ZP8Agqz+2n/wUC/ar/Zg+FX7Y2lfDPwB8J/Gul22ieKG+HOm6xqlqLiwEi6daxTIkJj3LJNLPc+fJzEkYQFmHXfsc/t8/tq6b8Fv2uPhD8erHTPin8Yv2WLi+XRtV0DQ/wCz18bwvpUl/pnmWcBIhuJTGUdIePnVVBYFmAP0Gor8tf8AgnT8fv2vf24vDfgf4yeEP+C+3w11zxNrENlq3i34Gaf8J9CA0xW2S3Wk7POTU4mjXzIhcOSSyb9pHB/UqgAooooAKKKKACiiigAooooAKKKKAPjP9v39lH4+/Gz/AIKU/sZfH/4Y+Av7T8I/CfxJ4uuvH+rf2paw/wBlQ3umW8Fs3lSyrLPvkRlxCjlcZYKCDX2ZRRQB+b/7IH7BP7WPwu/4JsftrfAHx38KfsPi34t/Ej4nap8PdJ/t2wl/tW01bTlh0+TzY52ig82QFdszxsnVwg5qp+xB8Vv+Cx/7LH7Fnw1/ZOsf+CMNxda14F8E2Gg/8JHr3x/8N2+nTSwQrH9oZLWS4nCZG7YqliOMjqP0rooA+Qf+CYf/AAT++Mv7N3jv4r/tiftj/EHQ/E/xz+OesWl54xm8LRSrpGh2FnEYbHSrEzASPHFGdpkcAvtjBBMe9/r10SRSjqGVhggjIIpaKAPyK/Y8/wCCSP7avw3/AOCiPhb4NfFbwFaQfsm/s/8AxM8WfEL4LamuvWco1G81QQNp2nNaJM1xF/Z8s97MkjxIpcS8kMm77W/bq8b/ALYWm+K4PAvw4/4JkeF/2iPhnqehRPqltqHj/S9Nu7XUhNOHje01WM29xAYvIKuJFYM0gIIxXb+P/j1+0X/w0XrPwF+BHwL8Fa+nh/wVouv6nq/i74k3ejEnUbvVbeOCKG30e+3hP7KdmdnTPnKAvykl3/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5w/4I2/sH/HX9lz4w/Hv9oH4ifArwx8EvC3xc1rR7nwj8A/B/iCPUrPwybO2khuLt5LdEtUmumZXKW42KFAJIVAPpv9uv8AY9+HH7fX7JPjj9kT4rXM9to3jXSPsrX9qgaWxuY5EntrpFPDNFPFFKFPDbMHgmqf/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfNPwb+NH/Bcb9ln4caZ+z/8AFH/gnT4f+PN/4ZsY9O034reDPjPpmiQa5bxKEhnvbPU0We3uCiqZWjEqs5YquMZwf+Co/wCzH/wU0/b2/wCCKfxH+B3jb4N+Dbj4y+LfEWmXeieA/A/iWP7JYadBq9jOtu99qDQRy3CQwyvJJlUZsiMY2ivrT/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegDwW1/b8/4LEy3McVz/AMECNbijaQCSU/tLeE22KTy2A+TjritT9lP9lH4+/Db/AILKftW/tWeNfAX2LwD8SvDfgm18Fa9/alrJ/aM1hpvk3a+RHK00PlyfLmVEDdVLDmvZv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDxn/gh3+yj8ff2Pv2W/Gvw5/aL8Bf8I7rOr/GzxPr+n2f9qWt35unXdwj282+1lkRd6gnYxDr/Eor7Mrxn/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegCt+2T8Sf27/ha3hjxL+xj+zR4S+KtiJbtPGnhnW/G39g6iVIh+zSWNzLG9ucHz/MSUDP7vaw+avj39pL4Cf8FLP+CtXxa+DHgz4/8A7EOjfs/fDT4V/FnTPHuu69rXxM0/xBrerzWAkEdjYxaaGS3WTzWDySOP4WAzHsk+y/8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APm74x/s1/tzfsZ/8ABRrx9/wUD/YZ+B+jfGHw18bfD2j2PxU+GN14wt9B1S21PSoWtrLUrG6ux9meP7OzI8MjIxZiQTuyvW/HD4DftN/8FY/+Cefxd/Zf/bA/Z1sfgXeeMrRLTwlYr42t/EU8UkDw3dteXb2iLEoF3DHmKNnJRD8+WGPZP+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD4n+NWg/8F0f2uP2MLj/gm747/Yq8H+CtR8TeH4fCvjz9oCT4q2N/o82m7VivL200uJBema4hDgRSKgQyn5hwV9V/aD/YA+KOk/tO/sFQ/ADwRLqnw+/Z1m1fTvE2rT6pawvpmnDQIdPsnaOWRJJy7RBSIUcg8kAc19B/8Jx/wUL/AOjX/gz/AOH41b/5l6P+E4/4KF/9Gv8AwZ/8Pxq3/wAy9AHkP/BXH/gn58Qf2wrH4WfHP4EaP4O1n4i/BHxfLrfh/wAK/EK283RPEtlcQiG+0u5Ox/KMsaRmOUqwR4xkDdvThfgjoX7UXiz4s+FtO1//AIN8/hF8LNPg1y1l1/xxqvj7w3fnTrdJVaSaxg060aeacAZiL+SAwBbGK+mP+E4/4KF/9Gv/AAZ/8Pxq3/zL0f8ACcf8FC/+jX/gz/4fjVv/AJl6APBP2zNa/bM+IXjPxF8KPHf/AAQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV1//BFf9iz41/sFfsMad8B/jxrGmnWH8T6rrFr4c0PUZryw8L2d3cGWHSbaeYBpY4QSS2Mb5HwWADt6Z/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AHkv/BV/9iz4/ftBah8Hf2qP2QLjRJfix8APHL+IPDWg+JLs29j4hsbiIQ6hpjzhT9neaJUCSkFVKkHbu3r5R47+Bv8AwUZ/4Kh/tN/BDVv2sv2RtN+Afwn+CPxBtfH99pd58RrDxFqvinX7NWFhFD/Z4MdvbRO8hdpGDOrkBQcY+sf+E4/4KF/9Gv8AwZ/8Pxq3/wAy9H/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6APJfgB+y38dvBP/BZn9oL9q/xP4F+y+APHHw38KaX4X1/+07V/tt3ZpILmPyElM8ewsPmkRVbPyk0fBn9lv47eFP+C1fxo/a31/wL9n+Hviz4P+HNE8P+IP7TtX+1X9rM7Tw+QspnTaCDueNVPYmvWv8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APSfijqHxB0n4Z+ItV+Evh6w1fxXbaFdy+GdJ1S8Nva3uoLC5toJpQCYo3lCKzgHarE9q+Cf2mfin/AMFuP2w/gF4n/ZN8Kf8ABLbw78KLvx/oV14f1r4k+KvjnpWr6Zo9ldxNBczw21jH9qnk8p32ZjXaxUkNjbX1b/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AGT4J+F3xA/4J6f8E8vC/wAFv2YPg/efF/xB8MvBmlaLofhgeILTRZvEDw+TBNMbm7byLYlTLcEMcfKUXkrXw7+wcP8AgsH+zz+2x8dfjr44/wCCOOpJov7QHj/RNTuZF+PPhdj4Xtre3NrK7hJ2a7wrmXCKjELtAJINffH/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AfJX/BcXwD/wAFSP2kvF/hH9lf9mP9lnXvFfwB1SwjvvjNqvg34j6LoeseIB50ynw/HJqF1E9tbskcTzTIj+alx5YICSK/u/7AfxK/aZtG039njxj/AMEmb/8AZ8+HfhjwwYvDt+PiX4e1a0iaJ4kisUttNneVSyNI/msNuY23Hc4z33/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6P+E4/4KF/9Gv/AAZ/8Pxq3/zL0AfHPxR/4JRfGP8A4K1fGz4mfGv/AIKU6NrHw/0PRbK58M/s0+CtK8SW8934WXdHKfFk0ljPJCb+aaOIpF5hEccZjcNhGr3b9nL4g/8ABVrwX+wXqOm/Gv8AZn0TxR8efAeox6RpwufG1laaX8RrKG6iT+1ormFpWsJJrQyuUuIkYTpkxqr7V9Q/4Tj/AIKF/wDRr/wZ/wDD8at/8y9H/Ccf8FC/+jX/AIM/+H41b/5l6APjP9tXwR/wV0/4K0/BWb9hXxl+wVo/7PPgLxfqNiPiN8QvEfxY0zxDdLptvdxXLwadaacCWmdoUAebYuMqQu7ev2p+0x4/+P37N/wS0ib9kT9kG7+Mmr2d7a6Yng+18c6foL21gsEgN0brUCI3CGOJPLHzt5u4cK1V/wDhOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA+JP+CLHh7/gqj+yHNrXwA+P3/BLG/0Pwz4++Mmv+LtV+IA+M3h26j0C31FhKsTWVtPJNclGjVCUwTvztABqn/wVh+EX/BUH9rj9tbS/hXqf/BPzW/iV+yd4Kaz1I+GfC/xV8P6MfiJqwihnX+0/tt3HMljbTM8YtfLAleDzCzB49n3P/wAJx/wUL/6Nf+DP/h+NW/8AmXo/4Tj/AIKF/wDRr/wZ/wDD8at/8y9AFP8AYw+NX7UHxRtNW8P/ALQP/BPbUfgPp+g2lnD4ahu/HuiazFqKESK8USaXK4tlhWOIYcKCJQF+6cekfG/WPi94f+E2va38A/Bmk+IvGNrYNL4f0LXNUaytL+4BBEMk6qxhDDI37SAcEgiuD/4Tj/goX/0a/wDBn/w/Grf/ADL0f8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXoA/Pz9qn9i79tn/AIKL+P8AwHLF/wAEhvA37N/jLQfiJpXiHVf2hB8TNF1DVLCC1nEs0dp/ZUS3V3JKMhRceXHkDcFJDp6x8e/2av22v2dP+CtXij/gof8AAb9jPQv2g9B8ffDrS/D0OnzeN9P0TWPBVxZsd5t31EeU1tPkO4jYOXJJA2DzPqv/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5f/AOCbn7Ln/BQfwr/wVI/aC/bU/bV+GehaDYfFLwX4ch8PReG/EUF/aacbUOn9mBtyzyyQRCPzZ3hijkleQx5TBr0b/gh/+y38dv2QP2IpvhB+0V4F/wCEd8RN8SPE2qLp39p2t3m0u9Slmt5PMtZZI/njZW27ty5wwB4r1r/hOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA8Z/4Iifso/H39kL/glV4V/Zt/aJ8Bf8I9410288SPe6L/alrd+Wt1q99cQHzraWSI7opo24c43YbBBA+DP2u/2VPjz+yl/waUeFf2Vv2gfDLeEfHeh+KNKttWsF1C2vTYSXHjJp4XEtrLJFJ+7mif5JDjOCQQQP1Z/4Tj/goX/0a/8ABn/w/Grf/MvXn/7TXwU/aV/bG+E1x8Df2jv2Jfgz4j8LXeoWd9caX/w0X4gs989rOlxA/mWvhuOQbZY0bAbBxgggkUAfOf7Z3wz/AOCyX/BRb4A/8O3vid+yV4S+HuheJruwsvij8fLH4lWd/YXum21xFNcS6XpaxreRy3JhBWOdFWMOYyxz5q+x/tE/sbfF/Wf+Cpv7G/xv+FHw88/4bfBvwx430zxVq39q2yf2St5o8Fpp6eTJKs0+94ymYkfbjL7RzXtP/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfG3xN/YB/aB/ZI/bW+K/7RnwK/4J9fDf9pzwB8a9ag8Qan4X8Q6rpemeIPCmtCIR3T29xqkTW9zaTkCTZvR1c4AAXMnuv7MNn+1x4d+GHxK+Iejf8EtPhN8FfFi6Vbr8P/CGm+MbGefX7hBM0iald6daJDbR7vJEewzYLSM3QA+qf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB+fH7YX7GP7cH/BSXX/CWmL/AMEgPAv7O3jnTPHel65fftFn4naLqGpaRHa3KzTfYzpcS3l1JIAQon8tM4LBTh0/W2vGf+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDyX4Afst/HbwT/wAFmf2gv2r/ABP4F+y+APHHw38KaX4X1/8AtO1f7bd2aSC5j8hJTPHsLD5pEVWz8pNeV+FvgV/wUT/4Jk/tafHDxt+yT+yZpvx7+FXx18bSeOY9GtPiJYeHdW8L+IbhAL8SnUAIrm2mdUZWjbegUDaSDu+rv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD5Z/Zu/4J4/tY6F+zf+1/8c/2iNL0ST46ftT6PqTy+DfDeqJLZaLBDpFzY6PpIu5fLSWVFnKPOSsZLDnClz9Kf8Evfgz8Sv2df+CdfwV+BPxj8N/2P4q8JfDfStL8Q6V9shuPsl3DbokkfmwO8cmGBG5GZT2JrS/4Tj/goX/0a/8ABn/w/Grf/MvR/wAJx/wUL/6Nf+DP/h+NW/8AmXoA6P8Aa1/Z48Oftb/swfED9mHxZqUllp/j3whf6HcX8MYd7T7TA8azqpIDNGzK4BOCVANfn3pXhD/gubbf8E8NR/4Jg3n7Fvg9dW0z4bXHgey+PUPxTsX0zUdLjsmtI7iDTCq3YvZLYLEqzeVEJmEryIuVH3D/AMJx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB8RfFT/gnX+2P4k/4IW/s6fscaL8HvO+JHgTxJ4KuvFfhz/hINOX7DDYXolu2+0NcCCXy0GcRyMW6KGPFfQn7Zf7Lnx2+K//AAVi/Yv/AGl/AHgb7f4J+E3/AAsX/hYGt/2naxf2V/amhQWtj+5klWafzZkZP3KSbMZfauDXrP8AwnH/AAUL/wCjX/gz/wCH41b/AOZej/hOP+Chf/Rr/wAGf/D8at/8y9AHkv7TP7Lfx2+IP/BYf9mP9qfwh4F+1+A/h54P8aWPjDXf7TtY/wCz57+zijtE8h5RNLvdWGY0cLjLFRzXnP7dH/BP742+G/2+h/wUg/Zs/ZX+Hnx4i8ReBYPC3xF+EXj27tLK4lNtN5lrqmmXl5FJBHOqHyZI5dqsijBJbKfUH/Ccf8FC/wDo1/4M/wDh+NW/+Zej/hOP+Chf/Rr/AMGf/D8at/8AMvQB5T+wtoHx11P403Pij4k/8Eg/hr+zvoNn4fnWz1yw8VaNqevXl88sIWFV0q3EcNv5Xnl2M7MWEYC4yaj/AOCLn7Lfx2/ZM/Z6+Ifgb9oHwL/YGqa78ePFniLSrX+07W78/Tb27WS2n3W0sirvUE7GIdf4lBr1r/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD4b8N/sBftIf8ABPj4wfErRPhV/wAEvPhj+1F8MvH/AI+1Dxd4Y1C91zRdJ8ReFpb5lkn0y4OrRGO6tUkBMLxybwrNuBJ2r618R/2dv2nPjr/wSp/aF+Elv/wT7+H/AMHfHXj7wlqul+EPh34G8SadcPfh7ERwG9vI4bW1WdpnlUDcURNuZOTX0V/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AeY/F79mX43+KP8Agh5rP7H2heCfP+It1+zGfCdv4d/tK2XdrH9gi0+zfaGkEA/f/J5hk8vvu28147+1P+wb+134o/4JvfsdaR8I/hlp2sfFD9mnxR8PfFmsfD7UfEdvZjVpNH0z7NeabHe5e3SXe5CyljHiNiC2Vz9Yf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQBufsr/Fj4+fGP4cXHir9o39lPUfg9r0WrS20PhbU/F2m61JNbLHGy3QuNOkeIKzPIgQkOPKJIAZc+df8Fav2NtU/bv8A2APiF+z94O/d+LptMXVvAF2s6wvba/YyLdWLJKxAh3TRLE0mRtSV+2a6n/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD5+/4Ix/sr/tf+B9W+Mf7bP/BRfwBZ+HPjb8Z/FVmuo6LZ6raX0el6HplnHbWFuktrLLENxM8jBG5zGWAYEDzP/gvD4O/4KcfthfDvV/2N/wBmT/gmje+KvDFr4q8Pa3pvxPHxc8P2MV/9klgu5oRYXc0c8REgeDcxwSm8AqRX2b/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AZv7PXir41ftjfB7xP4T/b//AOCd9n8NrK6uhYt4H8V+LtH8W2mvWRRXaSUWgeEJv+XypASSucYxXZfBT9jz9kj9muTVJv2c/wBlr4c+AH1yGOHWn8FeCLDSjqEabtiTm1hTzVXe+A2QN7Y6muf/AOE4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD88v2GP8Agkr+2z8Lv+CgnhL4TfG3wLaw/ss/s3+NvGHi/wCA+pjX7Oc6pcatJCbCzltUmaeM2PnXkqyyRoPMDYyGXP0J/wAFK/8Agn58X/Gv7YfgH/go9+zb8DPAPxa8ReFfBl14O8Z/CX4jSwQW/iHRJLk3UL2V1cRSw2t7BcPIwaVdrJIRuXBD/RP/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AeJfsd6F+0Hr3x80jW/G3/AARP+GHwC0HTba5lu/GB8YaDqWsiZoWSOOzi0m2IQMzEPI8y/u2YBcnFaf8AwSy/Zb+O37OPxY/ar8TfGfwL/Y1j8Sf2kNX8U+Cp/wC07W4/tHSZoLdIrnEErmHcyMPLlCSDHKjIr1r/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegDwT9szWv2zPiF4z8RfCjx3/wQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV83/EL/gkT+3D4b/4Nt/iL/wTw0Dw7pviX4neKPE9vrHhrwFofiWMWGgWb+JbDUP7JtrzUJIkaO3ghmkLOyguzqpclS/6F/8ACcf8FC/+jX/gz/4fjVv/AJl66T9l/wCMvif48fCT/hPPGngew8OavbeKPEGhanpGl64+pW0U+laze6W7xXMlvbNKkjWZkG6GMgSbSDjJAPmz/gpB+yF+1LfftYfBv/gpT+w94a0XxV48+E9pqmi+Ivhzr+tLpkfizQb9AHggvHVktrmKTdIhkAQl8sfk2Scj4J/Z2/by/bx/4KKfCn9s39tH9nPTfgl4E+Aen6vN4J8At43s9f1bXtb1GBbeS8uZrHMENvFEqlEDs+9AeQ7Bf0DooA+P/wDgnn+y38dvgZ+27+198X/in4F/svw78UfiRo+qeBdR/tO1n/tO0g03yZZPLhleSHbJ8u2VUY9QCOa5z9mf9m39sX9n39rf9uX9ojQPg/plxN8StY0DUvg9HrXiK3jtPEM1lozwOkzQPJLZp5+2MtLGpwdyqwGa+46KAPyP/bZ/Y0/bo/4KYroXhX/hz14E/Z98fweMdM1af9pBvihouoajoK210k8stk2mwre3UjqhVVmEaZYE4IDr+uFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRX5wf8Fev2Rv2N/ht8MdZ8TfCH4TXMv7U3xb8RSwfBbXND1y7Pid/EssomF1b3LTGS0sLQHz5wClrFBGUKgMikA/R+ivib/gpD+zT+z5P4NtvjT8aP8AgmL4i/aU8ey+GPsF5f8AgyK1+0ae1vDkSRm4vYZbQPI7lXsYpZwQTsJC59R/4JLatrOt/wDBNb4L6l4i+O8XxMv38CWi3vjaKWd/7RlUFWDNcok7PEQYWaZElLQsZFV9wAB0Xgf/AJSF/FD/ALIz4D/9O3i+vZq+ePgF8TvDfxR/b9+L+oeGtN8Q20enfCvwPY3C+IvCOo6O7ypqvi4lokv4IWni+YYmjDRMchXJU4+h6ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAor5w/bY/bY8Vfs2eKtJ8D+B/Cmn3l7eaeL66utVWRoliMjxqiLG6HdmNiSTgDHBzx6/8A/itH8b/AIQ6J8UY9JaxOq27tLaM27y5EkeJwD3XchIPoRXzeB4tyLMeIMRktCo3iKCvNcrS6XtLZtc0b22ut9bfRY3hXO8vyHD5zXppYeu7QfMm+trx3V+WVu9ntpfsKKKK+kPnQooooAKKKKACiiigAooooAK8Z/YP/wCSIa5/2Wb4j/8Aqa63Xs1eM/sH/wDJENc/7LN8R/8A1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr4lm/wCCbn7cWjfto+Pf20vBX7fXgGfXfFYOneHF8a/AO41abwloCuXi0eylj8QW0aRZw8siwo9xKN8mcKq/bVFAHz98WvgN/wAFBvFniSa8+E3/AAUD8PeEtIvdMt4LrTrr4KQalPZ3Kwqk1xZTtqEYi8yQNKEuI7kIW25ZQBXc/sh/sv8AgD9jD9m/wp+zJ8ML/UrzR/Cti8MV/rFwJbu9mlmkuLi5mZVVTJLPLLK21VUFyAAABXpFFAHjPgf/AJSF/FD/ALIz4D/9O3i+vZq8Z8D/APKQv4of9kZ8B/8Ap28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFc58Vvi38N/gd4FvfiX8WPF1roeh6eoN1f3ZOAScKqqoLOxPAVQWPYGrhTnVmoQTbeiS1bfkiKlSnSg5zaSWrb0SXds6OiuJ+BH7RvwT/aa8IP47+BnxAtfEGmRXBgnmgikikhkAztkilVJIzggjcoyORkV21OrSq0Kjp1YuMlumrNeqYqNajiKSqUpKUXqmmmn6NaBRRRWZofP37XHw+8G/FD48fCHwH4v0GK8t9SvtWN2hZkeSCG2SUpvQhgu7BwDXu2haFo3hjRrbw94e0yGzsbOFYrW1t4wqRIBgKAK8j+I3/Ez/AG3PhxY9f7L8M6xeY9PMVYc/pXs9fI8PYbDPO81xigueVZQ5rLmahRpaXte3NJu199dz6vP8TiFk2WYRzfJGi58t3ZOdarra9r8qSvbbTYKKKK+uPlAooooAKKKKACiiigAooooAK8Z/YP8A+SIa5/2Wb4j/APqa63Xs1eM/sH/8kQ1z/ss3xH/9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP8A8pC/ih/2RnwH/wCnbxfXs1eM+B/+UhfxQ/7Iz4D/APTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK+cf+Cp/j74+fDf9ky+8R/s+S39vqA1WCPWtR0tT9psdOKSmSaNl+ZCJBCpccqrscjGR5j/AMEVP2gvjb8avAHjXQ/i/wCO7vxBFoF/Zf2Re6tfG4vR56zGVJHcmRkHlxlS2eWcA4GB49TOaNPOYZc4S5pR5lL7Ozdu/Tfo9DwKvEGHo8QwymVOXPOPMpacuzdu70Tu1onZH25RRRXsHvhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8m/8Fq/h1ofjv8AYN1zWda16WxfwtrFjq1gsabhdXBc2iwMPRhdN06MFPQGvrKvl/8A4KR/8V/rvwV/Zph+f/hN/irZ3OqQdfN0zTlNzdLj8YzntivZ4flOnnVCpF25JczflFSlL8E18zxOI4wqZHXpSV+ePKl5ycYx/wDJmn8il/wSo/YF8WfsP/DvxBd/EPxXa3+v+MJbOa9stOLm3sY4Fl8tAzqrNITO+87QOFAzjJ+raKK48wx+JzTGTxWId5y30t5Ky8krHbluXYXKsDDCYdWhBWV3d922+7bbCiiiuI7jxc/8TT/goEB1TS/hTn6SSah/8TXtFeMfDz/iZ/tu/EW+6/2X4X0izz6eYGmx+lez18xwt79HF1f58TXf3TjD/wBsPpeJ/drYSl/LhqC++Mp/+3hRRRX0580FFFFABRRRQAUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzv4x/4Kt/sC/D74iah8MvGnx5Om3mka+dE1jV7rwrqq6Lp2oiXyTa3GrfZfsFvIJDsKyTrhuDzX0RXxV/wU68e3/wC1pa61/wAEhP2bLK11Txj8QtCWP4p6/JAJbD4d+GLlsTX112a/uE8xLO1yHdz57FI49zAHrvx3/wCCmH7Fn7Nfj7Ufhn8X/ivfWWr6JaRXWvx6Z4M1jU4NHgkj8xJb24srSaGyQoQ+6d0G05zjmvaPCfizwv488Lab448EeIrLV9G1iwivdJ1XTbpZ7e8tpUDxzRSISro6MGVgSCCCK+dP21v2nZP2b/BWgfsifs0+EofGnxq8faQ+mfDvwdeSeZFBbxxLBLrerPg+Tp1su1pZGGZmCwxhnf5fSP2IP2Y9O/Yv/ZD+HP7Kml+JZtZj8B+ErPSH1adNrXksUYEkoXJ2KzliqZO1SFycZoAzPA//ACkL+KH/AGRnwH/6dvF9ezV88fALUvivqf7fvxfk+LPgvw9olzH8K/A6aZF4d8Tz6olxZjVfF2yaV5rK0MMpO4GJVkVQARI2SB9D0AFFFeR/teftrfBH9ifwbY+MPjFdahK2q3LQaVpOjWyTXd4yAGQoruiBUDLuZmAG5RySBW+Gw2IxleNGhFynLZLdmGJxWHwVCVevNRhHVt6JHrlFcD+zV+0r8K/2sfhXa/F/4QapPPpk87288F5CI7izuEALwSoCQrgMp4JBDKQSCDXfVNajVw9WVKrFxlF2ae6fYqhXo4mjGrSkpRkrprVNPqgooorI1CiiigAooooAKKKKACiiigAooooAKKKKACiiigAr5i/bB8L+IP2cPinp37fnws0ma5i0+BNN+K2iWi86noxIAuwvea3ODn+4oyQqNn6dqK/sLHVbGfS9Ts4ri2uYWiuLeZAySowIZWB4IIJBB6g1yY3CrF0ORO0lrF/yyWz/AEa6ptdThzDBLHYZwT5ZJqUZdYyWqf6NdYuSe5V8K+KfD/jfwzp/jHwnq0N/pmqWcd1p97btlJoZFDI4PoQQav18sfs5399+xf8AtB3H7Fvi68lPgrxTJPqvwg1O5clYCW33OkMx/iRmLpnkhuSTIqj6npYHFPFUbzVpxdpLtJb/ACe8X1TXmTluNeNw95rlqRfLOP8ALJb/ACekovrFp9wooorsPQCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvl/Uv+Lrf8FaNNs/9ZYfCj4VzXW7r5Op6nP5W32zajOfavqCvl/8A4J8f8XE+LXx+/aTl+dfEnxNbQ9NnPPm2Okwi3hdf9lt7fitevln7rDYrEdocq9aklH/0lSPGzT99isLh/wCapzP0pxcv/SnA+oKKKK8g9kKKKy/G/im18DeC9X8a3trJPDo+l3F9NDD9+RYo2kKr7kLgVnVq06FKVWo7Rim2+ySbb+STfyNKVKpXqxpwV5SaSXdtpJfNtL5nln7Pf/Ex/aR+NPiHr5ms6VZhv+uFmVx/49Xs9fFv7CP7V2oeLP2gPEHgzWPCsMY8eavdarFcW8jFrSVIWfymzwyeXGQDgHd7Hj7Sr4jw5znLs84ceIwk+Ze1rc2jVpSqzqde8Zwfz7po+08Qcnx+S8Qqhi48r9lR5dU7qNKEOn96El8uzQUUUV92fDhRRRQAUUUUAFFFFABRRRQAV4z+wf8A8kQ1z/ss3xH/APU11uvZq8Z/YP8A+SIa5/2Wb4j/APqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzFq3/AAR5/YM1X4keLfi3b+C/H2k6/wCO9fm1vxbd+Gfjn4v0mPUr+U5ed4bLVYogcYUBUCqoCqAoAH07RQB83fEX/gkt+w58Uvi/d/H3xR4L8bQeMb/QrLRr/wAQaB8Z/FWkz3NjaRiO3hk+w6nCHChcksCWcs7FnZmPuPws+GXhT4N/D/S/hj4HOqHSdHgMNkda8QXmq3W0sW/eXd7LLcTHLH5pJGOMDOAAOgooA8Z8D/8AKQv4of8AZGfAf/p28X17NXjPgf8A5SF/FD/sjPgP/wBO3i+vZqACvn3/AIKB/wDBPzwb+3t4N0TRtZ8a3PhzWPDlzNJo+sQWQukRJhGJo3hLpvDeVGQQ6kFB2JB+gqK6sHjMTl+JjiMPLlnHZ/h102OXG4LC5jhZYbEx5oS3X49Ndz45/wCCVOkaV+zC3jT9gjxrYix8aeHNdm1xbsuRF4k064EccWoQBidoVY4o3QE7CFyS28D7Gr5//bs/Z68aeOdJ0b9or9n9Fg+Kfw1ma/8ADbKP+Qta4/0jTJcY3pKm4KD0Y4BUOxr0L9mb9obwV+1F8GdI+MXgdmjhv4il/p8zfvtOvE4mtZRwQ6NkdBuBVhwwr0s2bzGP9px1c3aov5alt/8ADNK8ezUo9EeXlCWWy/suWigr03/NTvt/ig3yy7pxl1Z31FFFeGe8FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB5j+1t+znYftL/AAiuPB9vqJ0zxBp1wmp+ENejJWTTNTh+aGZWHIGflbHO1iRyARn/ALGn7Rl9+0B8M5rXxzpw0zx14TvW0fx3ojAK1tfx5UyKv/POUAupHH3lBO0mvXq+X/2uPDuufswfF+w/b5+GmlTT6fHDHpfxc0WzTJv9KJCx36qOs1udvPUoACVUOT5ONTwVdY2Hw7VF3j0l6wvr3g2uiPDzFPL8Ssxgvdso1V3h0n60769XByX2UfUFFUvDfiLQ/F/h+x8V+GNUhvtN1K0jurC8t33RzwyKGR1PcFSD+NXa9VNSV1se3GSkk07phRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBynx1+I1v8H/AIK+LfircsoXw54bvdRAbozQwO6r7ksoAHcmvNf+CaPw5uPhj+w58PNH1BW+26lov9s30kn33lvpGuyX77gJlXn+7iue/wCCr2sahcfsqJ8INCuTFqfxL8Y6P4U09k+9uuLpXcAd8xwup9mr6N0XSNP8P6PaaDpNuIbWxto7e2iXokaKFVfwAAr15fuMiiutWo38qcVFf+TTf3HjQ/f5/J9KVNL51JOT/wDJYL7yzRRRXkHshXP/ABX8V2fgb4Y+IfGN/HG8WmaLc3LRSqCsmyJiEIPXcQBjvmugrxn9ua9ub74PWXwx02Zku/G/ifT9EhKfeVZJg7t9NsZBPo1eNxFjp5ZkOJxUNZRhLlXeTXLBfOc4I9jh/AwzLPMNhp6RlOPM+0U+ab+UIyZV/Yl/Z0+H/wAMfhR4f8fxeFIU8Uazokc+o6nIztIVm/ehAGJWPCsikIFzt5ya9wqKys7bTrOHT7KERwwRLHDGvRVUYAH0AqWryLJ8HkOU0cDhoKMYRSdkleSSUpO27k0229XfVkZ3m+LzzNauNxM3KU5N6tuybbjFX2UU0kloraIKKKK9Y8oKKKKACiiigAooooAKKKKACvGf2D/+SIa5/wBlm+I//qa63Xs1eM/sH/8AJENc/wCyzfEf/wBTXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/ykL+KH/ZGfAf8A6dvF9ezV4z4H/wCUhfxQ/wCyM+A//Tt4vr2agAooooAK+Q/ipFL/AME8v2oD+0RpEbRfCL4o6nFa/Ea0jH7rw/rLnbDqwA+5FKTtlPqSTkmNR9eVi/EX4e+EPix4E1b4bePtGi1DRtbsZLTUbOUcSRuMHB6qw6hhypAIwQK9DLsZHCVmqq5qc1yzXePdf3ov3ovo12bPOzLBSxlFOk+WrB80Jdpdn/dkrxkuqfdI2IZoriJZ4JVdHUMjo2QwPIII6inV8t/sSfELxf8AAr4h6l/wTy+Oesy3eqeGrQ3nw08Q3ZwfEHh/JCJnoZ7cAoyj+FDgERlj9SVnjsHLA4h02+aLs4yW0ovVSXqt10aaeqNMvxscfhlUS5ZK6lF7xktJRfo9n1TTWjCiiiuM7QooooAKKKKACiiigAooooAKKKKACiiigAooooAKg1TS9N1zTLnRdYsYrq0vIHguraeMMk0bqVZGU8EEEgg9QanopNJqzE0mrM+Wf2ZdU1L9jv49XX7D3ja/lfwnrpn1b4O6tdyE/udxe40lnPV4mJZM8lSSfvoo+pq8s/a9/Zyg/aS+E0nh3SdT/svxRo10mq+C9fjO2TTtTh+aJww5CsRtbrw2cZUVB+xz+0bP+0R8LWuPFmmf2V408N3j6R450Jxtey1GL5XIXtHJjep5HJXJKmvJwbeBxH1KXwu7pvy6w9YX07wa/lPDwDeW4r+z5/A7ypP+79qn6wvePem1/IetUUUV657oUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5Gf8ABWn4aftXfFX/AIKLr4Q+Glnr3iOS30HTtT8H6b4e8yVtGtztikmfy+LY/a45GMrFQA8eW+7j9UfhDp3jnSPhP4X0n4n6kl54ltfDtlD4ivI2BWe+WBFnkBGMhpA5z718/fsHf8Xh+P3xx/a3uP3ltrHi9fC3heU8r/Z2loI2kjP9yWRtx/2kNfUdfU8RZlOrh8PlrhFewjFNpauTinJP0ur95Xb1PkuGssp0sRiczjOT+sSk0m7pRUmotebs7do2S0Ciiivlj60K8V+Jv/Fd/tmfD/wOp32/hXRL7xFfRjoWkxbQE+6uCR9a9qrxX9n3/it/2ifiv8VW+eC11S28N6a/ZBaR5nUH3kZTXy/Ev+01cDgP+ftaLf8Agop1pfK8aa+Z9Nw5/s9LG47/AJ9UZJf46zVGPztKo/ke1UUUV9QfMhRRRQAUUUUAFFFFABRRRQAUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFYnxMl+I0Hw38QT/B+z0e48Wpod23ha38RTSx6fLqIhf7Mt08IMiwGXYHKAsELFQTgUAbdFfA2rf8Edfjx+1JcP4i/4KH/8FS/jB4k1KdRLJ4I+D+rr4P8AC9grZIiW2hWSe6CEMqzzS+YwBLDOQILf/gh9f/s6qvi39h//AIKkftA/C3WIpo0tbTxT4vj8UeHZ5XcIi3GmX6BZizMqLiRW+bA5IoA/QCvk79pr9vn9rL9lrRfGfxu8df8ABPiSf4Q+A7m5m1zxTZ/FGzbW5dJgciXVbfSRbmN4RGGm8uS7jm2D/Vhvlr3n9nCL9oq3+C+i2v7WF14SuPH8AuItfu/AyXCaXdbbiVYJ4Uuf3kZktxC7xksEkd1VmVQx/O/9uf8A4KRfsZ/tkftO+I/+CdnxZ/bA8DfDT4NfD7WUtvjhe+JPFUGnal431CCUMfDVlHI6yR2KOgF7dYBlwbeI4MklAH01+2x/wUT+M/7KWt+CfEvgr9jg+Nvhj4r1zw1pl58SZPiHaabHZTazqUdjEsViYZrm4aMTQynKxIVkAD5DY+rq/On/AILuftn/ALIPw6/Zz+H3ws8R/H/wjpWsaj8TPh74p0fRZdTjSSfQYPElnK9/Eg62yRW8zbxwFib0r7u+DPxq+E37RPwz0v4y/Az4g6X4q8K60kraTr+i3QmtbsRyvC5Rxw22SN0PupHagDgfA/8AykL+KH/ZGfAf/p28X17NXzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPoegAooooAKKKKAPEv24f2Z9b+PPgGw8YfCrUV0r4leBb3+1/AOtAhStyuC9rITwYZ1UIwPy52kggEHc/ZD/AGmNE/an+Ddr4/t9ObS9bs5307xb4emBE2kapD8s9u6nkAH5lzyVZc4OQPUa+Sf2mNJ1T9hz9oWP9ufwHp80ngbxRJBpvxp0WzjLCEFtlvrSIOrxs22THJDdMyMw9vBNZlhvqM/jV3Sfm9ZU/SW8e01b7Z4WOTyzFf2hD+HKyqryWkanrDaXeDv9g+tqKr6Rq2l6/pVrruiahDd2V7bpPZ3dvIHjmidQyOrDhlIIII6g1YrxWmnZnuJpq6CiiikMKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvlz9q3QtY/ZR+NVl+3l8PNNmm0S5SHSvjBo1nGWNzYFgsOpKg6ywHAJ6lMD5RvNfUdVta0bSfEej3fh/XtOhvLG+tnt7y0uIw0c0TqVdGB4KlSQR6GuTG4X63Q5U7STvF9pLZ+nRrqm0cGY4L69h+WL5ZxalCX8sls/TpJdYtoboWuaP4n0Sz8SeHtShvLDULWO5sru3cNHPE6hkdSOoKkEH3q3Xy5+yzrOrfskfG+8/YS8fajNL4e1BZtV+DusXkhYzWe4vPpbOessBJZR1K5PAKLX1HSwWK+t0OaStJO0l2kt16dU+qaYZdjfr2H5pLlnFuM4/yyW69OsX1i0+4UUUV2HeFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFeZftmfGhf2ev2WvHPxejuRFdaToE39mOT/wAvsuIbYf8Af6SOvTa+XP8AgoH/AMXd+L3wT/ZCtv3kPinxt/b/AImhXkHStLTz3jk9FkcgA/3o8V6OUUKeIzGnGp8CfNL/AAwTlL71G3zPMzjEVMNltSVP42uWP+KbUI/c5X+R6b+w98F2/Z9/ZN8C/Cu5tjFe2OgxTasjDkXs+Z7gH1xLK457AV6tRRXJia9TFYidafxSbb9W2/1OzDYenhMNChT+GCUV6JJfoFFFFYm5neLvEdl4P8Kan4t1I4t9L0+a7n5x8kaF2/RTXm37EPhy90T9nLRdX1cZ1DxDJPrV/JjHmPcytIrfjH5dcF/wU2+LvjP4e/CnT/BvhizC2nit7i11XUDHnyokVD5I7AyBm567UbHqOv8A2Cfih4o+Kn7O+n6j4q0mO2k0m5bS7SWGHYlzBDHGEkC9BjcUOOMxnp0r87XEOXYzxOWVe97Shh5Ne6+XmqShKWvlTUUns22k7pn6A8gx+D8Nnmnu+zr14p+8ublhGcY6edRybW6STas0e0UUUV+iH5+FFFFABRRRQAUUUUAFFFfCX7d//BWv4hfsv/tIzfBH4efDLRr+00OK1fXbrWjN5l0ZoY59luY3URgRyKN7B/mz8uBz5+ZZng8pw6rYl2i2lom9X5I8vN85y/I8KsRjJNRbUdE27vyXo36H3bRWH8MvHNl8T/ht4e+JWmWU1tbeIdDtNTt7a4x5kSTwpKqNj+IBwD7ityu6EozgpR2eq9Hr+p6UJxqQU4u6aTXo0mvwaCvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11uqKPZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACmyyxQRNPPIqIilnd2wFA6knsKdWD8VPhn4F+NPww8SfBz4oaEuqeGfFug3mjeItMeeSIXdjdQPBcQl42V0Dxu67lZWGcgg4NAHyR/wUO0b48/s/8Axi0r/gp3+x/rs/i698L+GYtB+Lnwah1JGTxh4WguLi6WawQnCarZvdXUsXeZJHizyEk8y+A/jv4k/wDBbX9oDwn+1Hq+p6x4B/Za+G3iqz1r4XeFbqf7Fq3xN8QWU6y2+r30YbdFpttcRq0Fuf8AXSRiR8gBV+Rvij4F/wCDSPwT491T4cfC/wDYa8a/F3UNDu2tdZn+EFt4q1qztZlPzJ9qW/SGXH96J3Xnr1r2H/gm78Af+DYX49ftMaBp/wCzF+zXe+CvjR4N1S28R+HfCXj688SaVq8NxZyrcxXMMF5dmG6MbxeYY1MmFjYumwE0Afr1RRRQAUUUUAeM+B/+UhfxQ/7Iz4D/APTt4vr2avGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABVLxJ4c0Lxh4evvCfijSYL/TdTtJLXULK5TdHPDIpV0YHqCpIP1q7RTTcWmt0JpSTTV0z5O/ZK8R69+x78cLn/gn58UdVnuNAvUm1P4K6/fSEm6sMlptKdz1mtySVHUpn7oMa19Y15L+2X+zHbftP/CQ6Do+rf2P4t0K8TVvA3iSI7ZdL1OE7onDAZCMRtcc8HOMquK37FH7Tlz+0j8MJ4/GukjR/HnhO9bR/H/h5wFey1CPKs6rn/VS7S6EZH3lBOwmvaxyWY4b6/Be+rKqv7z2n6T69pp/zI8PASeW4n+zpv3Hd0n/AHVvT9YX93vTa/kZ7HRRRXiHuhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeUfth/s5N+0Z8Kv7N8N6n/ZXjDw/eJq3gjXkO17DUofmjO7sj42N1GCGwSop37H37Ry/tH/ChdZ17TP7K8WaFdvpPjbQJBtk0/UoflkXaeQjEb168HbklTXqtfLf7UOkap+yH8dLT9ujwJYTSeGtWEGk/GLSLSMtvtdwS31VUHWSEkK3cqQONztXkYxPA4j67H4dFUX93pP1hfXvBv8AlPCzBPLcUsxh8DtGqv7v2anrC/vd6bf8qPqSiq+kavpev6Ta67omoQ3dle26T2l1byBo5onUMrqw4KkEEEdQasV6yaauj3E01dBRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8ufAH/i+P/BRv4tfHGX97pnw70ez8B+HpTypuCftV+R2DpLhCeu1se1fQXxb+Iuj/CD4W+I/ip4gI+xeHNEutRuVLY3rDE0m0e524HqSK8e/4Jh/DrWPA37H+geJfFoLeIPHVzc+LfEE7LgzXF/IZlcjqD5Pkg57ivYwf+z5ZiMR1lamv+3ven/5LFL/ALePFxv+05rhsP0jzVZf9u+7D/yeTf8A26fQVFFFeOe0FFFFAHh/7R2m6d8Tf2gvhf8ABrVtPgvdOW6vdd1qzuYhJE8cEJSEOjAhlZ2dSCMc17RpWk6VoWnQ6PoemW9naW6BLe1tIVjjiUdFVVACj2FeO/Df/iuP20vH3jJvng8KeH7Dw/Zydi0pNzMB7qw2n617VXynDVOnicTjsyaXNVrTinZX5KPLSir2vbmjUdr2u726n1HEdSph8PgsuTfLTowk1d256vNVbte1+WVNXte2l+gUUUV9WfLhRRRQAUUUUAFFFFABXx5qnwC+D37X/wDwUk8eX/xT8C2utaR8NfCOjaYlvI8kccuozs92sknlsvnFIy0ZR9y4IBXgY+wmZUUu7AADJJPAFfNv/BNBW8Y/D/x1+0RcAs3xI+JWq6pYzEcmwjl+z26e4Xy5APrXkZlTp4rFYfDTScXJzaaurQjp/wCTSX3HhZtRpY3GYXCVIqUXKU5Jq6tTjpdP+/OP3H0hbW1vZ28dnZ26RRRIEiijQKqKBgKAOAAOMU+iivXPd2CvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACvPP2uvhx44+MX7KHxP+EXwx1gad4l8VfDzWtH8Pag0xjFrfXNhNDBLuHK7ZHRs9sZr0OoNU1TTND0y41rWtRgs7Ozgee7u7qZY4oIkUszuzEBVABJJOAASaAPzA/YO/wCC3P8AwTC/Yr/Zf8D/ALGv7ULap+zp4/8Ah34Xs9G8T/DzxZ4C1GDZewRLHcXUU1tbyQ3Ec8qvMJt++XzN7AliaqfGj9uH9mj/AILE/ta/s8eAv+Ccfh3WvH2pfCv41aX4w8Y/GSDwjeafpfhbRLNZGvdPN7dxRPJJeqyQi3QFJPvEnyxj9BfE3xp/Y48aW8dr4x+LPwz1aKJt0Uep69p86ofUB3IFeVftUf8ABRz4JfsrWvwj8N/CFvB/jCT4jfG3w18PxpGg+K7aI6TBqtw0LX6xwLJ5ghIB8vCBiwG9aAPqGiiigAooooA8Z8D/APKQv4of9kZ8B/8Ap28X17NXjPgf/lIX8UP+yM+A/wD07eL69moAKKKKACiiigAooooAK+VP2yfB3ib9l/4uWf8AwUP+DujTXUFnbx6f8YfD1kvOraMCAL5V7z23B3d0UZKqr5+q6ivbKz1Kzm07UbSOe3uImjngmQMkiMMMrKeCCCQQeua7cBjHgsRztc0WmpR6Si91+qfSSTWxw5hgljsPyJ8sk1KMusZLZ/o11i2nuUfBvjHwz8QvCem+OvBesw6jpOr2Ud3p19btlJ4ZFDKw+oPQ8joa06+RvgJe3v7A37SZ/Y+8VXcn/Cs/Ht3Pf/CDU7mQlNMvGbfcaK7HoCzb4snksBlmkO365qswwawdZcj5qclzQl3i+/mneMl0kn0aJy3GvG0H7RctSD5Zx7SXbvFq0ovrFrqnYooorgPQCiiigAooooAKKKKACiiigAorxn9vHwl8WfGn7P11ovwgju5rz7fE+p2dgx866swrh40A5Y7zGSo5IUjnofM/+CY9/wCNfCv/AAlfwh+JE2oadeWi2l7pfh3WIJIZ4Yn8wSyokgBCEmLOOAef4ufisXxhPB8aUMhqYWfJVjdVtoc1pNQWlm/da+JS5rWi1dn2WE4ShjODq2eQxUOelKzo7z5bxTm9bpe8n8Lja95J2R9ZUUUV9qfGhRRRQAVU8QaBovirQr3wx4j0yG90/UbWS2vrO4TdHPC6lXRgeoKkgj3q3RSaUlZiaUk09mfL37Juv61+yv8AGW+/YK+I+pzT6TJHLqvwg1q8fJvNNLFpdOZj1ltzkgdSmThV2A/UNeR/tk/s5XX7Qvwwj/4Q3UhpfjfwveLq/gXXEIV7PUIvmVC3/POTARgcjlWIO0Crf7Iv7Rtr+0p8JIfFGoaadL8S6VcvpfjLQZAVk03U4TtmjKnkKT8y5/hYA8g48rBN4Ku8FP4d6b/u9Y+sL6d4Nfys8TL28uxLy6fw2cqT7x6w9ad9O8HF/ZZ6jRRRXrHuBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfMf8AwVI1O/8AFfwl8Kfsu+Hrp49R+LnjrT9BkMJw8Ngsqz3c/wDuqsaBvZzX0rpemWGi6Zb6NpVqkFraQJDbQRjCxxqoVVHsAAK+VNE8U+GP2mv+CqCXfh3xHYarofwU8BSiGSyu0mRda1GTy5dpUkHbbrsbHKum04PFfWVezmUZYbB4fCtWai5y9aj0+6EY/eeJlco4rG4nFp3TkqcX/dpqz++cpfcFFFFeMe2FNmmit4XuJ5AiIpZ3Y4CgckmnV57+1f41Pw//AGcvGHiWOXZKNFktrZweRLPiBCPcNID+FcWZY2nluXVsZU+GnCU36Ri5fpb5nZl2CqZjmFHCU/iqTjBespKP63+RzP7DkMus/DDWfivdxsJvG/i/UdXBcfMIjMYo1+gEZx9a9orl/gn4LHw6+EPhrwOYtkmmaJbQTjGMyiMeYfxfcfxrqK4eGsFUy7h/C4er8ahFy/xyXPP/AMnnI7uI8bTzDPsTiKfwOcuX/BH3If8AkkIhRRRXtnihRRRQAUUUUAFFFFAHmP7aPxK/4VD+yj4/+IEdx5U9n4YuY7KTONtzMvkQn/v7IlWf2Rvhr/wqD9mLwJ8OZLfyp9N8MWi3qYxi5eMST/8AkV3NeY/8FI/+K30H4a/s5w/P/wALB+Jum2upQf3tOtmNxctjvt2RHFfSdeXS/fZvVn0hGMfnJub/AAUTxqH7/Pa0+lOEIL1k3Ul+Cggooor1D2Qrxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK4D9q74Nf8NF/st/Er9nz7QsX/Cd+ANZ8O+azFQn22xmttxI6Y83Oa7+sP4m+G/E/jL4b+IfCHgnx5c+Fda1XQ7uz0jxPZ2cVxNpF1LC6RXiRTAxyvE7LIEcFWKAMCCaAPz7/AGJP+Dc//gnj4f8A2Svh94e/bC/YR8DXnxO07wzb2njW/stVvJ47y+iXy3uA6TKrGQKJDhQNzkYFWfj/AP8ABvR+x7oXjf4K/FT9gv8AZr8D+BPFHw/+PvhXxZ4j1ebUb5Hn0HT7z7ReW0OTMHmfbEUVgoJXl177+r/tO/8ABdH9kqQ+Gfiz+wD4P/aS0i3Oy1+IPwf8axeH76eIcK93pGoByJ2xlhbyGJSeOOKZpn7cP/Bbf9o6QeGPgL/wSW0T4RpMdr+O/jt8S4Z7Wz9T/Zmmp9qmbHIwyrnAJAyaAPvuvhv/AIKN65+3T+xv8CPiX+3Pof8AwUFtvsvhCSXVPDPwr1H4aaWui6jAbhVtdGlnCtqEt1PuS3WeK4jzLIpEQHy19Wfs3+BPjF8Nfgvovg74/wDxr/4WJ4xtxcSa74vGgw6Yl7LLcSzBY7WElIYokkWBFyzbIVLMzFmPxD8ZtM/b2+Lv7fV38UP2g/8Agmn4+8c/C34Va7v+BvhTwt498IJpl/fx7l/4SjUUvtYgllusE/ZYHiVbVWL4MzFlAPQdZ+Kv7Zf7Z/7X3xC/Z9+AX7Q0/wADtG+EHgzw7Prc9r4Q07Wb/VfEWsWst6ttP9vjkjSztrdIA6RLHLI87YlQKK9i/wCCbX7UPi79sT9jLwh8c/iPodjpvim4fUdI8W2Wmbvs0eraZqFzpt40IYlliee0kkRSSQjqCSRk+QeIvBf7ZX7Ln7ZHxH/as+AX7I1z8T9F+OXhDw9JrXhi38baVpWoeF/EWl20tqone7mWGa0lt5IFeSB5ZEe2bbHIrAn17/gmz+y94v8A2O/2MfCHwM+I+t2Oo+KYH1HV/Ft7pm77M+ranqFzqV4sJYBmiSe7kjRiASiKSATgAF7wP/ykL+KH/ZGfAf8A6dvF9ezV88fAL4R/Cj4Qft+/F/TfhN8MfD3he21T4V+B9Q1O38O6LBZJeXkmq+Lg9xKsKKJJWCqDI2WIUZPAr6HoAKKKKACiiigAooooAKKKKAPN/wBq39m7wt+1T8GNR+FfiK5eyumZbvQNagyJtK1GLJguoyCCCrcHBBKsy5Gc1yP7DH7SPin4u+E9V+EnxttksPil8O7tdK8baecD7SQP3OoRdN0U6AOCABuzgBSufdq+Yv25vhb41+GXi7Sf2/P2f9Ha58VeCbUweMtDt/l/4STw8TunhYDrLEAZEPJG3oxRFr2cvnDGUXl9V2u702/sz7N9Iz0T6KXLLueJmVOeCrrMaKvZWqJfah3S6yp6yXVx5o9j6dornvhP8UvBPxs+G+jfFf4dawl9ouu2KXVjcL12nqjD+F1YFWU8qykHkV0NeROE6U3Cas07NPdNbo9inUhVgpwd01dNbNPVMKKKKksKKKKACiiigAooooAK8r/aV+D/AIi8Uw6f8XPhO62/jrwkxn0iToNQg582yl/vI4Jxnox6jcTXqlFefmmW4bN8DPC172lazWkoyTvGcX0lGSUovo11TafflmY4nKcbDE0bXV7p6xlFq0oyXWMotxkuz6NJrkvgl8YPDvxv+H9p450BGgdyYdR0+b/W2N0nEkDjggqfUDIIPeutrwX4t6ZqP7MHxQk/aR8H2MsvhXXJUh+IukWyE+SxOE1KNR/EpOHA65J6sWX3PS9U07W9Mt9Z0i9iubS7gWa2uIXDJLGwBVlI6gggg152RZlia/tMBjrLE0bKVtFOL+CrFfyzS1X2KinB7Rv6Gd5dhqHJjsFd4atdxvq4SXx0pP8Amg3o/twcJreVp6KKK+hPACiiigAr5Z/aU03UP2Nvj9bftt+DLGVvB/iJoNK+MOlWsZIRCwS21dUHV42YI+OSDgDLsw+pqo+JvDWg+M/Dl/4R8U6VDfabqdpJa39ncLuSeGRSrow9CCRXHjsK8VRtF2nF3i+0lt8ns11i2uxwZjgnjcPaD5akXzQl/LJbP0esZLrFtdixpupafrGnW+r6TexXNrdQpNbXMEgZJY2AZXVhwQQQQR1BqavmD9kPxLr37M/xa1D9gT4n6rNcWltBJqfwl1u7bJ1HSCSXsmY9Zrc5GOpQEgBVXP0/TwWKWLoczVpLSS/lkt1+qfVNPqPLsasdhudrlmm4yj/LJbr9U+sXF9QooorrO4KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK5X466LN4k+CHjLw7beKv7Ckv/AArqNtHrmSP7OZ7aRRcZXkeXnfxz8tdVXzz/AMFQfiBrXhP9krVPAvg98+IfiLqVp4P8PwhsGWe/k8t145/1Am6d8V25bQnicwpUoOzco69tU2/RJNvyWpw5nXp4XLq1WaulGWnfRpJebbSVtbvTU+Kf+CLP7D/7ROm/Gnw/+15rkA0XwSdJvGs3e/RpNcWWOW3VPKRi6IsmJcyhcmJCoOQR+rlYXwv+H+i/Cj4baB8MPDibbDw9o1tp1p8uCY4YljBPuQuT7k1u13cQ51Wz3MpYmaSS92Nlb3U3a/d66/5Hn8OZHR4fyuOFpttv3pNu/vNK9uyutPvd2wooorxD3grxX9sT/iqrz4d/BuP5v+Em8cW0l7F132VqDNMMf98H8K9qrxW//wCK6/bvsLbG+18C+B5bjd/zzvLyTy8e2YRn8K+X4u/fZXDBLfEVaVL/ALdlNSn/AOU6cr+T8z6bhT9zmc8Y/wDmHp1an/byg4w/8nqRt6eR7VRRRX1B8yFFFFABRRRQAUUUUAFFFVNf13R/C2hXvibxDqMVnp+nWkl1fXc7YSCGNS7ux7AKCT7Ck2krsTaim3sj538Xf8XR/wCConhPQB+8s/hh8OL3WHbqsd9qEotQh/2vJAcewr6Tr4f/AOCff7XHwV+Nn7afxf1i21q5TXPG17aDwpFeWxRbnS9Pt2jAQ5+WQrmVkIBwM8kMB9wV4+SV6OLoVMRTkpc9Sb08mopf+AxT9GeBw7icPjsNWxVKal7SrN6O+zUYr/wGKfpJBRRRXsn0AV4z+wf/AMkQ1z/ss3xH/wDU11uvZq8Z/YP/AOSIa5/2Wb4j/wDqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFfA37cvhn4jftw/wDBTnw1/wAE2dT/AGjPG3w3+GWl/A+X4ieJovhzrZ0vVPFl2+rnTYrF7xQXjtYFTzZET75nQN/CyfPn7Mnxy+LvhH/glD/wTm+KGjfGLxOniDxB8evD3h/XIR4guT/wkem6jc6nbXkF5HvxdokWJx5gbyzbBhgigD9fKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9ezV4z4H/5SF/FD/sjPgP/ANO3i+vZqACiiigAooooAKKKKACiiigApGVWUqwBBGCD3paKAPkLwgx/4J0ftTj4Z3beR8GPi7q7S+F5mOIfC/iF+Xss9I4LjGUHADAAABZGP17XFftDfAfwL+0t8H9a+DPxEtC+n6xbFFnjA820nX5oriMno6OAw7HGDkEg+V/sJfHjx1qg1v8AZM/aIux/ws34bFLe9unJxr+lnAttTiJ5cMpUOeSGILYL7R7mJ/4VMH9bX8Wmkqn96O0anrtGfnyye7Z4OF/4Scb9Tf8ACqNun/dlq5U/TeVPy5or4Uj6Jooorwz3gooooAKKKKACiiigAooooAh1LTrDWNPn0nVbOK4tbqForm3mQMkqMCGVgeCCCQRXhXwq1G//AGWvinH+zt4rvJJPB/iCeSb4earcOT9mkJy+myMe4JyhPXIHJbC+91ynxq+EXhv43fD+88B+I90Xm4lsb6IfvbK5XmOeM9Qyn3GQSOhNfPZ7lmJxHs8dgbLE0buF9FOL+OlJ/wAs0tHryTUJraV/fyTMsPQ58FjbvDVrKVtXCS+CrFfzQb1X24OcHvG3V0V5T+zV8XvEniIaj8Gvi3th8c+EyItS7LqVtwIr6P8AvK4I3Y6MRkDcAPVq9HK8zw2b4GGKoXSd009JRknaUJLpKMk4yXddU035+Z5biMpxssNWtdWaa1jKLV4yi+sZRacX2fRppFFFFegcAUUUUAeP/tnfs56l8fPhtb6l4A1EaZ498IXo1jwJrSkK0F9Hg+SzH/llKFCMD8v3WIO3B0/2S/2i9N/aY+EFt42bTjpuu2M76d4s0KQFZNL1OH5ZoWU8gZ+Zc87WGecgem18r/tDWV5+xX+0PB+2V4VtJP8AhBvFssGl/F3TbZCVtXLbLbV1Ud1ZgkmByG6FpCR5GLX1DEfXI/A7KovLaM/+3b2l/cf908LHp5Zi/wC0I/A7Rqry2jU9YXtLvB3+wfVFFRWV7Z6lZQ6jp13HPb3ESyQTwuGSRGGVZSOCCCCCOualr19z3U01dBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXy38Yv+L7f8FMfhv8ACWM+dpHwq8NXfjHW0HKNf3BFtZRt6On+uX2Y19RsyqpZmAAGSSelfLv/AATdB+LGu/Fn9su7HmD4jeOpbXw9Oed+i6aDa2rA9skSggcZQda9jK/3FDEYv+WPLH/FU938I87PFzX/AGjEYfBr7c+aX+Gn734y5EfUdFFFeOe0FFFFABXiv7KP/FXePvip8YnG4ax4yOmWch/jtrCMRIw9juP5V1P7TXx60f8AZ0+Fdz4+1OykuZ5ZxZ6Xax8ebdOjsgYn7qgIzE88L0JNecf8E1/if4X8Y/Ar/hB9Ktp4tT8OXLHWGnO7z3uZZZVmDd84ZcHkbO/Br4XM84yytx3gMplVXtYQq1eXq5OChBbWvyurNK+ybPt8tynMqPBGOzSNJ+znKlS5uiipuc3ve3MqUHpu0j6Iooor7o+ICiiigAooooAKKKKACvLv22fGnhvwB+yP8RvEfi2FZbE+Eb20e3Zyone4iNvHFkcjfJKi5HPzV6jXzR+3b/xd74r/AAh/ZFtv3kHiXxX/AG94oiHI/srTV85o5PRZZCFB/vR15+aVZUsBU5fikuVesvdX/pV/RM8vOq8qGWVeTWUlyR85T9xfjK78kzgP+Cd//BK7Sf2dvE/h/wDaR8d+O7nUvEZ0FJrTRF04W8ek3FzbbJld/MYzsqyPGDhByTgnGPtaiiqy7LcJleGVDDxtHd+b0u362/yKynKcDkuDWGwkOWO73u3ZXbv1dv0WgUUUV3HpBXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfDP7dXwS+E37b37f8A4b/Zcj13x78Lvit4E+EsvjrwL8dPh74iSyvra2uNSOnXWk+UyMLqAlIpJUf5QJYwCvmMWqf8E+/+CD/ww/Yq8VeCfGnxI/ah+IXxfuPhbZXNr8KdE8W3EUGi+ERcBhNcWljECv2lld1852YgNwAVVgn/AAVr/wCCfvhf44/FTwp+2n8Q/wDgqd4l/Zw074daL/Z2k6ppmpWGmW9pcTSzNPN9uuHjdTcI0MTwb/LkW1iyrEVxH7En7Pmq/Gr4o6N47+Bv/ByJ40+NOn+ENdsdS8ReENI1fRL6K9tYrhHe1u1tyZYoZgpiLYBIc4OaAP0pooooAKKKKAPGfA//ACkL+KH/AGRnwH/6dvF9ezV4z4H/AOUhfxQ/7Iz4D/8ATt4vr2agAooooAKKKKACiiigAooooAKKKKACvnX9u74E+Or46J+1x+ztZ5+Jnw23z2tpGDjxBpRybnTJQvL7lLNGOSGLBcM4YfRVFdWCxdTA4mNaGtt09mno4vyaun9+6RyY7B0sfhpUZ6X1TW8WtYyXnF2a+7Zs4v8AZ7+O3gX9pT4QaL8Zvh3eGTTtYtQ5hkI820mHyy28gHR0cFT24yMggntK+QfFIP8AwTn/AGqD8QrUGD4L/F7WFj8RxLxB4X8RPwl5jpHb3GMOeApBJICIp+vgQwDKcg9CK6MxwlOhONWhrSqK8X1XeL/vQej7q0tpHPlmMq4iEqVfStTdppbPtJf3ZrVdnzR3iFFFFeaemFFFFABRRRQAUUUUAFFFFAHk/wC0t8JPE2tnTvjX8IVWLxx4TzJYLj5dUteTLYyY+8GGdvoxOCN24dd8GPi54a+Nvw/svHvhksiTgx3llKf3tncLxJBIOzKfzBBHBFdVXgfxRsL79lb4qyftBeF7OR/BniO4SH4g6XboSLOYnampRqPc4kA65zyWyvx+ZRlw5mEs2pr/AGepb6xFfZeijiEv7qtGtbeHLU3pu/1uXNcQ4COV1H+/p39hJ/aWrlQb/vO8qN9p80Nqit75RUOn6hY6rYQappl3HcW1zEstvPC4ZJEYZVlI4IIIINTV9fGSkk07pnybTi2mrNBRRRTEFZ3i7wn4d8d+F9Q8F+LtJhv9L1WzktdQsp1yk0LqVZT9QT71o0UpRUotNXTFKMZxcZK6Z8x/sdeLPEX7O/xO1H9gL4r6tNc/2VbtqHws1u7bnVdEJJ+zFu81vypUfwqcAKgJ+nK8b/bS/Z11n44/D6z8TfDS+GnfELwVe/2v4F1YEApdJgtbOTwYplUIwPy52k5CkHc/ZT/aJ0X9pv4PWXxCtLE6fqsEr2PibRJQRLpepRYWe3dTyMN8y55KspODkDysDJ4Os8DN6JXpvvHrH1ht5xcX0Z4mXSlgMQ8uqPRK9JvrDrG/endLu4OL6M9Iooor1j3AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPFf+Ch/wAYLz4J/seeNfFGiO/9r3+m/wBj6FHD/rXvbxhbRlB3ZfMMgH/TM12P7M3wfs/gD+z94P8Ag3aIgPh7QLe1uXj6SXAQGeT/AIFKXb/gVeK/tcf8Xu/bY+CP7MEP72w0O8n+IHiqHqFiswYrHcO6tcM6kHjkda+o69jFf7NlNCh1m3Ufp8EPwUn8zxcJ/tOcV6/Smo0l6/HP8XBfIKKKK8c9oKKKKAPCv25NMsviPpXgv4ALAr3vi/xZDiQKDJa2tupe5nTIOGVGx9Gau4+AX7OPw2/Zw8PXPh/4ewXbm+mEt9fahMsk9wVBChiqquFBOAFA5PcmuP8AA/8Axdb9svxP44b95pvgDR4tC0w/wm9n/e3Lr/tKP3R9iK9tr4nI8twGZ55is/qUoupzulSm1qqdJezk0/79T2mu9opJpaP7PO8xx2W5Lhsip1ZKnyKrVino6lV+0imv7kPZ6bXk203qiiiivtj4wKKKKACiiigAooooAK+aP2bv+L2/tx/Fv9oaX97pvhFIPAXhmXqA0JE9/jtkTlcEdmr2X9ob4sWPwL+Bvir4u35TGgaJPdQxydJZwpEMf/A5Ci/8CrjP2APhNffB/wDZO8J6Jr4dta1WzbWtflmH7yS8vGNw+/1ZQ6xn/rnXl4n/AGjMqNHpC9R/L3Yfi5P5Hi4z/as3w+H6QTqy9V7kP/JpSl/26ey0UUV6h7QUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5qf8FB/D37J3xH/AOC1/wAJvh5/wUpm0Gb4VRfBC9vvhVo/j+5SPw5qPjP+1xHeJMsxEE9wtj9l2RTZU+YcAsUB5f8AbR+GP/BOT4L/ALdX7Kus/wDBO3w98OPDPx21D436XY6jo3wfjs7WW+8GSRT/ANtvqNrYYjNutsCwllXduQBCQr4+sv2nbr9lf9sD9rG1/wCCX37Rv7L2j/EGzPwwf4hahqHiGKKS30mL+0P7Ot1hBXzVuJX+0YkjZCqROMndg8UP2e/+Cdn/AARn8W/DjxF+zr+xB4f0KX4tfE7Tfh9deKtIYvf6XLqIl+zM01yZJmt3nhjjaNJFG6SNiG28AH2tX59f8FtP2UvgJqeq/B39rrUvAz3HxC079ob4a6Rp+uz6vdutrZnxLbbkitjL9njZhI4aRYw7A4LEAY/QWvlX/go3+wp+1L+25feGNF+F/wC2P4a+HnhTw14h0LxJHoupfCRtcup9b0vUTewXBuhqtqFgYpbo0HlE/u3PmfPhQDxr/gpRP+zLd/8ABSX4e6B/wU71vSLT9nqf4QanJ4Si8c6gbbwvceNF1GLzheszLA1yun7TbLcHHM5j/eV0P/BAX45p8Xf2fPi74L8MaxrWoeBvhv8AtCeIvDXwqu9fe4e4HhcR2l7p0W+5/fPGkV7tiMhLCDyR2AHuPjz4Fft7+J/hr4W8O+Hv23fBOneI7C2uY/GOs3nwOF5Za1I8qtBNb2baqrWTxINozNOrE7ivAA6z9kT9lnwt+yN8KJvh7ovinU/Eeraxr994h8ZeLtbEYvfEGtXsplu76ZYlWNCzYVY0UJHHHHGowgoA4n4BfE7w38Uf2/fi/qHhrTfENtHp3wr8D2NwviLwjqOju8qar4uJaJL+CFp4vmGJow0THIVyVOPoevGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBzvxb+FXgn43/DbWfhP8RtIW+0XXbF7W+t24O08h1P8LqwDKw5VlBHSvBv2Gfip42+HHivVv2Bv2gtXa48WeB7VZvCOuXHH/CS+HidsFwpP3pYgBHIMkjaOWKu1fTdeEftz/s3+Kvi14W0n4wfBC4Sw+KXw6u21TwXf4x9rwP32ny8jdFOgK4JA3YyQpbPr5bXpVISwWIdoTd039ieyl6P4Z/3WnvE8fM6FalUjj8Or1IKzivtw3cf8S+KH95NbSPd6K85/ZU/aQ8K/tUfBfTfit4bt3s7iQta67o0+RNpWoRYE9rICAQVbkZAJVlbAzXo1ebXoVcNWlSqq0otprs1/X69T0sPXo4qhGtSd4ySafdP+vzW6CiiisjYKKKKACiiigAooooAKr6tpOm69pdzoms2MV1Z3kDw3VtOgZJY2BDKwPUEEirFFTKMZxcZK6ejXdMcZShJSi7Napng3wf1bUv2Zfien7NPjO+ll8MazJJP8OdYuXJ2c5fTZGP8AEpOUz1BA/iVR7zXI/G/4PeH/AI4fD+68E65I9vKWE+l6lDxLYXacxzoRggg9cEZBIzzXNfs1fGHxB4uttQ+FPxVjW28deE3FvrUPQX0X/LO9i6bkkGCcdCegDKK+SyuUuHcwjlFV/uJ3eHk+ltZUG+8FeVK796neGrpa/WZnGPEGAlm1Jfv4WWIiut9I10u03aNW3w1LS0VTT1Oiiivrz5IKKKKACvlb4721z+xD+0fF+1v4dt3X4e+ObiDTPixYwISmn3RbZbauFHTltkhHXcThmkBH1TWX418GeGfiJ4R1LwJ4z0iK/wBK1eyktNQs5h8ssTqVYe3B4I5BwRyK4sdhXiqK5HacXzRfaS/R6qS6pvsjz8ywUsZQXs3y1IPmhLtJd/7rV4yXWLfVI0bW6tr22jvLO4SaGZA8UsThldSMhgRwQRzmn18zfsZeMvE3wI+Iep/sB/F7V5bm68P2xvvhrrd0cHWdBJO2LPQzW+ChUfwqcDbHk/TNXgsUsXQU7Wa0kusZLdfJ7Pqmn1Ly/Gxx+GVS3LJNqUesZLSUX6PZ9U01owooorqO0KKKKACiiigAooooAKKKKACiiigAooooAKKK8B/4KUfteap+xf8Asz3HxL8N6Et/rOq6pHo2ieaxEVtczQzSCeTHJVFhc7RjLbRkAk104PCV8fi4Yairzm0l6v8Ap/ccuNxlDL8HUxNd2hBNv0X9JfM5n9iX/i9P7Unxx/axuP3tm3iGPwV4UlPRbLTlH2h4z3SWdlfPqpr6kr4f/wCCFP7Qtj8Tv2atS+DCeEvsF34AvUNzqCSFl1IX0tzMJWLc+aGSQNyRjZjHQfcFenxJRq4bOatCatycsUv7sYpRfzXvesmeVwxWpYrJKWIg7+05pt/3pSk5L5P3fSKCiiivDPfCsb4ieNNN+HPgPWPHmrkfZ9I02a7kUnG/YhYKPckAD3IrZrxT9sqebxla+EP2d9OlYTeOvEkUeoKjYYabbET3LDHphPrzXjcQ5jUyvJa2IpK9RK0F3qTahTXznOPyTPXyDL6eZ5xRw9V2pt3m+0Ipzm/lCMvm0a/7GngvUvCnwI07WfEIJ1jxRcS6/rEjDBee6bzAT6ER+WCPUGvVKbBBDawJbW8SpHGgWNEGAqgYAA7CnV05Tl1PKcro4Km7qnGMb92lq35yk5SfnJmGa5hUzXM62MmrOpJyt2TeiXlGKjFeUUFFFFegeeFFFFABRRRQAUUUUAfNH/BQZj8VfEvws/Y/syZF8feMkvfEUK850bTgLm4VvTcwj2k8EoRzX0sqqqhVUAAYAA6V+XvwT/4KSz/F3/gpzovxD8QfDkf2ZrUCeDPDdqJW8/TIbi7UpcsD8rSM7fvMAYRiATt+b9Q6+fyPHYXNKuIxNGV/eUfSMV7v33lI+X4czLBZzXxeMoS5vfUNmrRhH3d/5m5y+avqFFFFfQH1AUUUUAFeM/sH/wDJENc/7LN8R/8A1Ndbr2avGf2D/wDkiGuf9lm+I/8A6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFeW/tyfE7xJ8Ev2KfjB8Z/BkjprHhH4W+INa0po1ywubXTbieIgdzvjWgDwT9vv8AZe/bY8PftVeE/wDgo3/wTph8J69470TwTP4L8b/DjxxfPaWfinQHu/tkK290vFtdwXJkdWfCsJSCcApJ574c+Cv/AAVb/wCCif7Q/wAL/F37f3wI8DfA74U/CLxva+NbbwVoHjJNf1nxNr9mr/YGluYAIYbSGRzKV+8zKAQ2Q8eX+2V+1/8AHL9j/wD4N4PCXxe+H3xZ1XxF8WfGfw88KaP4c8XajeG4vb/W9aS2827SR8kyKk1zNF12mOMdFrzm7/4J+ePf+CNHxT/Zv/aF+FH7aPxa8bar49+MmgfD7416J458WvqGl+JV1oSQPfxwOoMUsFyFkjJZ2CdXOH3gH600UUUAFFFFAHjPgf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB8i/Hazu/2A/2lh+134XtZB8MPiBeQ2Hxc023QlNKvmbZb60qjoCzbJcDksT8zSLt+trO8tNRtItQ0+6jngnjWSCeFwySIwyGUjgggggjrVDxr4M8MfETwjqXgPxro0Oo6RrFlJaajY3C5SaGRSrKfwPUcjqOa+Z/2MvGfif9mT4s3v8AwTu+MmszXUen2z6h8IPEN43Or6ICSbNm6Ge2wRtH8CnACopb3J/8KuB5/wDl9RWvedNaJ+cqeifeFn9lngw/4SMf7P8A5c1np2hUerj5RqatdFO6+2j6rooorwz3gooooAKKKKACiiigAooooAK8k/aV+FHie9udP+PPwdhC+NvCiloYAPl1ey6y2UgH3sjJT0YkDBII9borzs1yzD5vgZYatdXs1JaShJO8ZxfSUZJNP1TunJP0MrzLEZTjY4mlZ2unF6xlFq0oSXWMo3TXo1ZpNcx8H/iv4X+NXw/sfiB4UmPkXabZ7aQ/vLWdeJIZB2ZTx7jBHBBrp68C+Itnd/smfFeT45eHraRvAnim7SLx1p0CEjTbpjtTUUUdFJOJAOpPcldvvNneWmoWkV/YXMc0E8ayQzROGWRGGQwI4IIIINcGRZniMUqmDxtliaNlNLRST+CrBfyVEr215JqcHrFX7s7y3D4ZwxmCu8NWu4X1cWvipSf89Nu19OaDhNaSdpKKKK+gPBCiiigDxb9tf9nnxB8ZfAth46+FF0th8RvAl5/a/gjUhgFplAMlm5PWKdV2FScZ25+UEHpf2W/2hvD/AO038HdP+Jmj2rWV7ua01/R5ciXS9Riws9s4PIKtyMgEqynAzivRK+VPjRDN+wx+0vH+1FosTR/DX4h3kOn/ABQtIl/d6VqLHbb6uFH3VYnZKfViTuZ1x5GK/wCE/E/XF8ErKp5dIz/7d2l/daf2Twsb/wAJeM+vx/hytGqu3SNT/t2/LP8AuNN/AfVdFNhmhuYUuLeVZI5FDI6NkMDyCCOop1eue6FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfG/iLwh4f/wCCmP7WGq+H/F1i2pfBf4QyTadLbLcSRw+IfEkkZSYh42ViltG2AVIIcgglZDXpn7fnx98X/DP4faZ8Hfgq3m/Ev4m350PwbAjYa13AfaL9sfdSCNt27naxUkEBq9C/Zq+AfhD9mT4J6D8FvBa77bR7QLcXjriS9uWO6a4f/aeQs3sCAOAK9zCSlleCeMTtVqXjT7pbTmuz+xF93JrY8HGRjm2OWCavSp2lU7Se8Kb7r7c12UE9yT4Efs5fBP8AZl8IP4E+Bnw/tfD+mS3BnnhglklkmkIxukllZ5JDgADcxwOBgV21FFePVq1a9R1KsnKT3bd2/Vs9qjRo4ekqdKKjFaJJJJeiWgUUUVmaBXiXw9/4ur+2J4t+IL/vNN8C6XF4d0puqm7kPm3Tj0Zf9WfYivUfiX440/4a/D7WvH+qYMGkabNdMhON5RSVQe7HCj3NcV+xz4I1Dwb8BdKvdfy2r+IpJNc1mVhhpLi6bzMsPUIY1PutfLZt/wAKHEGCwC+GnzYif/bnuUk/WpOUv+4fkfT5X/sGQ4zHP4qlqEP+3/fqtelOEY/9v+Z6jRRRX1J8wFFFFABRRRQAUUUUAFcl8ePirpnwP+DHif4uavtMPh/RZ7xY3OBNIqHy4vq77UHuwrra+aP+Cgzv8V/EPww/Y5sXLj4geLkvPEkSnP8AxJdPxc3Ct/d3MI9pPBKEc1xZjiJ4bBTnD4to/wCKT5Y/i19zPOzbFTweX1KlP47Wj/ik1GP/AJNJP0TKP7AH7Cvwh+HPw48IfHzxt8PYLr4mappp1TU9cvJpWeGW7Zptqwl/KidEkWMsqBuDzya+paRESNBHGgVVGFUDAA9KWqwWCw+Aw0aNGKSVr2Vruyu33b3bLy7LsLleEjh6EUkkr2SV3ZJyfdvdt66hRRRXWdwUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFUvEvhvQfGXhzUPCHirSYL/S9VspbPUrG5TdHc28qFJI3B6qysQR3Bq7RQB+eHwo/4N5Phj4A+LfgHUvGv7aXxf8AHPwo+E3iaPxB8L/gn4r1lLjSNEvoSxtdz433EVuWIiQgFV+Usys6v9UftS/sc6X+1T8UPg5418WfEG+sdG+EfxAHjFPDVtZo0es6nDbSw2Tyyk7o1gaaWQBQdzEZxtBrw39qH/g4M/4Jm/sr/GDUvgBrnxP13xj4y0SZote0L4c+FbnWH0yRTh45pYlEIdTlXQOXRgVYKeK9I/YQ/wCCtH7CX/BR641TQf2X/jGL3xFoUXm634P1zTJ9N1ayj3BTI1vcKpkjDMqtJGXRWZVZgSBQB9I0UV4X8d/+ClX7E37M/wAc/Dv7Nfxp+NqaT438VXum2mi6FB4f1G9aSW/ufstmJZLW3kjt1lmyivMyLkckDmgD3SivLf2k/wBtH9mv9kh9Ds/jv8Q5NO1DxNLPH4d0LSdBvtX1PUzCoaZoLHT4J7mVI1ZS7rGVTeu4jcM7v7P/AO0Z8E/2pvhvB8W/gD8QrPxJoE91Nam8tUkje3uYXKTW88MqrLbzIww0UqK6nqozQBx3gf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV41+2x+zHd/tHfDK3uvAuqjR/H/hG9GsfD/xAhCtZ6hHgiNm/wCeUu0I4OR91iG2AV7LRW+FxNbB4iNak7Si7/8AAa6pq6a6ptHPisLRxuGlQqq8ZKz/AEafRp2ae6aTPJv2Nf2nLT9qD4Rr4j1XSTo/ivRLt9J8ceHJQVl0vVIflljKnkIxG5DzwcE7lYD1mvk79rHw7rn7HPxzt/8AgoD8MNKnn8O6gsOmfGvQLGMsbixyFh1ZEHWaAkBj1KY+6DI1fUnhzxFoXi7w/Y+KvDGqwX+m6laR3Vhe20gaOeGRQyOpHUFSCD7125lhqK5cVh1+6qXsv5ZL4oP0vePeDT6M4csxVaTlhMS71adrv+eL+Ga9bWkuk1JbNF2iiivLPWCiiigAooooAKKKKACiiigCrrei6T4k0e68P69p8V3ZXtu8F3bTLlJY2BDKR6EGvEvgtrerfs4fEpf2XvHeoSzaDqJef4b61dNnfFnL6fIx/wCWkefl9QQOMote71xvx1+DeifHDwDP4Q1O4e0u45FudG1WHiXT7xOY5kI5GDwQCMgkZHUfO57luKqunmGAS+s0b8qvZVIPWdKT7TteLfwVFGW3Pf6DJMxw1JTwGOf+zVrcz3dOa0hViu8b2kl8dNyjvy27KivMP2a/jJrnjrTr/wCHHxOt0svHPhSQWviC06C5X/lneR9N0cgwcjgE9ACufT69PLMywubYGGKw7fLLo1ZxadpRkukoyTjJPZrtZvzcyy7E5VjZ4Wuvej1WqkmrxlF9Yyi1KLW6fqkUUUV3nCFZHj3wL4W+JvgvVPh7430iO/0nWbKS01C0lHEkbjB56gjqCOQQCORWvRUyjGcXGSumTOEakHGSuno13T3Pmn9izx14q+DfjbVf2CPjLq0lzqvhS2+1+ANbuuDrnh8kiLB7ywY8tlHZcDIjLH6WrxL9tr9n3xN8VvB2m/E/4OzLZ/En4f3Z1XwZfAYM7AfvrF+m6OdBsKkgbtuTtLZ639mP9oLwx+018HdM+KnhyFrWWcNb6xpUp/e6bfR/LPbSA4IKt0yASpVsDdXl4GUsJVeBqPZXg31h29YbPvHlfc8bLZzwNd5dVd+VXpt/ah/LfrKnpF9XHkl3PQKKKK9Y9sKKKKACiiigAooooAKKKKACqmv69o3hbQr3xN4i1KGy0/TrSS5vry4fbHBDGpZ3YnooUEk+gq3Xyp+29r2s/tMfF3w//wAE7vh1qc0Nvq8aa18WdUtHIbT9CjcFbXcPuy3LhVA6hdpIKua7cvwf13EqDfLFXcpfyxWsn92iXVtLqcOY436jhXUiuabajGP80npFffq30ipPoH7EWg6z+0z8XvEH/BRD4iabNDbatHJonwl0u7TDafoUbkNd7T92W5cM2eoXcASjivquqmgaDo3hXQrLwx4c0yGy0/TrSO1sbO3TbHBDGoVEUdgFAAHoKt0ZhjPruJc0uWKtGMf5YrSK+7VvrJt9Qy7BfUcKqcnzTbcpS/mk9ZP79EukVFdAoooriO4KKKKAPE/2xZZPHD+DP2c7F2L+NvEcZ1RUPI021xPcHjp0THrg17VFFHBEsMMaoiKFRVGAAOgFeKfDP/i6n7XvjP4lSfvNO8FWEXhnR26qblj5t2w9GVv3ZPowr22vluHf9uxmNzR7VKns4f8AXuhemreUqntZeejPp+IP9iwmDyxb04e0n/18rWm7+cafso+WoUUUV9SfMBRRRQAUUUUAFFFFABXzP+z/AP8AF9P28vij8fJT52k+A7SHwJ4ZkPK+eh8/UGHYMspVMjkq+K9l/aJ+Len/AAH+Bnir4v6iUK6Bos91BHIeJZwuIY/+BylE/wCBVxv7Afwk1D4O/sp+FtG8Qh21zV7Ztb8QzTD95Je3jGd9/qyh1jP/AFzry8T/ALRmNGh0heo/l7sP/JnJ/I8XGf7Vm1DD9IXqy+XuU1/4E5S/7dPZaKKK9Q9oKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK8r/bo+K+v/Af9iT4x/HHwpceVqngz4V+Idd02UDOy4tNNuLiNvwaMGvVK4P9qX4ffC/4tfsx/Eb4VfG/xX/YPgvxN4D1fSfF+uf2jFZ/2dpdzZSw3Vz58wMcHlwvI/mSAom3cwIBoA8i/wCCQH7Lfwr/AGU/+CePwr8KfDjwxa2t9rngjS9c8XawsI+1a3q93ax3F1d3Mv35naWV9pcsVQKgO1QK8s/4Kx/DLwV8L/2mP2Vf25/BGg2umfEGx/aK8PeBtT16zhWOfVNA13ztPubK4ZQDOitJFJHv3eWVfbjeTXzRpX/BO/8A4I0aFpdtomif8HE3xZs7Kzt0gs7O1/bK0aOKCJFCpGiKgCqqgAADAAAFdH8I/wDgnb/wR5vPjv8ADnxFYf8ABcL4g/EnXfDPxD0XXfCPg7xL+1No+tW2o6zaXsU1lF9j8stOzTKqBI8SNvKqQWoA/WCvj3/gtP8A8kB+FP8A2dF8NP8A1JbOvsKvBf2sf+CZ37HX7b/i3TfG37S3gfxLrd7pFvaxadHpvxN8QaRawm2uJLiCYW2nX8EBnSWRnWcoZRhBvwiBQDwv9tS2+LnjL/grV8J/Cn7HPiPQPDPxZ0T4K+IdS13xJ49sZNQ0OXwtPqVhC1mLCF4p7i7N7FBIskVzbiKON95lEioN/wD4IvSX+leEPjx4B+IKxXHxK0T9ojXD8V9c025V9L1nW7i0sbgXVggjQ21v9kktI/sz7pInicPJKxMj+qeM/wDgmR+xZ8QvAfg74f8AjD4YatexeAI7mPwfrrePdbTXtMjuGLTomsJeDUGSQn5la4ZSFUEYRQPQ/wBnr9mz4G/sp/DpPhR+z78ObLw1oQvZr2a1tXkkkuruZt0tzcTSs8txO5A3Syu7tgZY4FAHmHwC1L4r6n+378X5Piz4L8PaJcx/CvwOmmReHfE8+qJcWY1XxdsmleaytDDKTuBiVZFUAESNkgfQ9eM+B/8AlIX8UP8AsjPgP/07eL69moAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigCtrGj6V4h0i60DXdOhvLG+tnt7y0uYw8c8TqVdGU8MpUkEHqDXyn+zHrGq/sQftBSfsKePtQmk8E+JHn1P4K63eSFhGm7fcaM7nq8bNujzyQ3XLoo+ta8t/a/8A2ZtG/an+Dlz4Ek1JtL12xuE1Lwh4hhJWbSNUh+aC4Rl5Az8rY5KscYOCPUy3E0Yc2GxD/dVLJv8AlkvhmvOLeq6xcl2PKzPC1p8uKwy/fU7tLbmi/ig/KSWj6TUX3PUqK8T/AGH/ANpnWfj58Pr7wr8UdNXSviT4Gvf7H8f6IwCmO7TIW6QDgwzqpdSPlzuAJCgn2yuPFYWtg8RKjVXvR+59mn1TVmn1TTOzCYqjjcNGvSfuyXzXRpro00010aaCiiiuc6QooooAKKKKACiiigAooooA8h/aU+F3ilNRsP2hvg3bD/hMvC8Z8yzXga1p+cy2bgfeOMlO4PTkqR3fwm+KPhb4y+ArD4heELkvaX0WWif/AFlvKOHicdmVsg/mMgg10deA+Oba4/ZF+LUnxe0WB/8AhX3i69RPGVjEpK6RfOdqX6KOiOTh8dz3JQD4/ME+GsxlmcP92qte3XSEtIxrpdto1v7vLV3hNn12Aa4jy+OWz/3mkn7B/wA8dXKg/PeVH+9zU9pxR79RTLa5t7y3ju7SdJYpUDxSxsGV1IyCCOCCO9Pr69NNXR8k007MKKKKYgr5U+K0cn7CX7TqftEaWjRfC/4mX8Vl8RbZB+60XVmOINUwOFSQkrKeBkljuZkA+q6xfiN8PvCXxX8Cat8N/HekpfaRrVi9rf2z/wASMMZB/hYHDKw5VgCORXFjsLLE0k6btUi+aL7Nd/KSvGS7PukedmWCnjKCdJ8tWD5oPtJdH/dkrxkuqfdI2Y5I5Y1licMrAFWU5BB7ilr5s/Ym+IXi34XeK9X/AGEPjXqr3HiDwZbC48Gazc8HXvD5O2CQeskPEbgdAAOdjNX0nV4PFRxlBVErPZp7xktGn6P71ZrRmmAxsMfhlVSs9VKL3jJaSi/NP71ZrRoKKKK6jtCiiigAooooAKKKKAOF/aU+PnhD9mT4Ka98afGrbrXR7Qtb2aNiS9uWO2G3T/aeQqvsCSeAa89/YD+Afi/4a/D/AFT4yfGpPN+JfxOvxrnjKZ0w1puH+j2C5+6kEZ27f4WZgCQFrhdS/wCM8f23U0Nf9J+FnwJ1MS33eDXPFePlj9HS0UnPo+QQVkFfW1e1if8AhOwCwq/iVLSn5R3hD/2+S7uCex4WF/4U8weLf8OleNPzltOf4ezi+ym1uFFFFeKe6FFFFABWB8U/Hdh8MPhxrfxB1LaYtI0yW52MceY6qdifVm2qPc1v18Z/8FRfjv4r0bU9P+A2jGGLTL7TYdS1Z9oZ7gidxHCc/dUNCHP97I7DB+T444lo8JcMYjMZ35kuWFlf95O6h8k9X5R8z6rgvhyrxVxJQy+FuVvmnd29yNnP5taLzfke/fsfeA7/AMCfATRzru5tW1zfrOsyuMO9xdHzTu/2gpRT/u16dXDfs1fETxB8V/gX4c+IHinR0sb/AFGyZri3jjKIdkjxh1U9FdVDgejiu5r0uHIYOnw/hI4Rt0vZQ5W1ZtOKd2nqm7uTv1k/V+bxDPF1M+xcsUkqntJ8yTuk1Jqya0aVklbol6Iooor2jxwooooAKKKKACiiigD5n/b5J+L3j74VfsdWhMkPjLxWNW8UxLyP7H04CeVH9BI+0KT/ABR4r6YAAGAMAdAK+Z/2bP8Ai+X7b3xY/aMm/faX4RWHwF4WlPK7oCJr9h2z55UBh1ViK+mK8vLf3062Kf25WX+GF4r73zs8XKf9oqV8a/8Al5K0f8FO8F98ueXzCiiivUPaCiiigAooooAK8Z/YP/5Ihrn/AGWb4j/+prrdezV4z+wf/wAkQ1z/ALLN8R//AFNdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK83/bJ8cfDT4ZfshfFX4k/GfwKPFHg7w98N9c1PxZ4ZMMcg1fTINPnlurPZIQj+bCjx7WIU78HjNekV5F/wUD+Ffjn46/sF/G74I/DDSF1DxL4y+EXiXQ/D1g9zHCLm+u9LubeCIySMqRhpJEXc7BRnJIAJoA+Wfif+xr/AMEMfgv+xzpn7bnxJ/4Js/Da08J6lp3h+6+zWnw8sp7uH+17mztbVCgABIlvYQ5DYADEZxz7x4I/4JFf8Ev/AIa+NNI+I3w//YJ+Feja9oGqW+paJq+neDrWK4sbuCRZYZ4nVMo6SKrKw5BUGvz3/aM0X/gv9+0L/wAE/NP/AGCrz/gkD4a0u00+w8LWw8SxfHvRZZHGi3+n3it5BkUDzTYBCN/yiUn5tuD9UfCL9sf/AILpeKPix4X8NfF3/gjb4X8L+E9R8RWVr4n8TW/x90q8k0jTpJ0S5u1t0+adooi8gjX5nKbRyaAPuuiiigAooooA8Z8D/wDKQv4of9kZ8B/+nbxfXs1eM+B/+UhfxQ/7Iz4D/wDTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD5a/bZ8AeLvgJ8RtO/wCCh3wO0WW71Dw7aCy+J3h60GDr/h/ILyY6Ge3ADqx/hQZO2Pafoz4efEDwj8VfA2lfEjwFrMWoaNrdjHd6deQniSJxkZHVSOhU8ggg4INa80MNxC9vcRLJHIpV0dchgeCCD1FfIvwmmm/4J6ftPj9m/WpWj+EfxP1KW7+Gt5I37rQNYc7ptJJP3Y5Sd0Q9SANzGRh7lP8A4VcD7J/xqS93vOmtXHzlDWUe8OaP2UeDU/4SMf7VfwazXN2hUeil5RnpGXafLL7TPryiiivDPeCiiigAooooAKKKKACiiigAqn4g8P6N4r0O78NeItOivLC/t3gu7WZcrLGwwyn8DVyipnCFSDhNXTVmnqmno011TTsyoTnTmpwdmndNaNNapp90zwr4G+INZ/Z9+Ig/ZW+IWoyz6Xcq8/w41u5b/j4tgctYu3TzYs/L6r6AoK91rivj18F9J+OHgOTwzc3bWOpWsq3eg6vDkS6feJzHKpHOM8EDqCehwRkfs2/GfV/iLo994H+Itoth438LTC08S6fwBIcfJdR+scg+YEcAnjgqT8llM55Bj1k1d3pSu8PJ9lrKg2/tU1rTu7ypaaypO/1WaQhnuBeb0VarGyxEV3eirJL7NR6VLaRq66RqK3plFFFfXnyYUUUUAeG/tu/ALxZ8R/DGlfGT4KsLb4l/Du6bU/Cdwo/4/VA/f6fJ03RzICu0kfNgZAZs9v8As1/H3wn+0v8AB7Sfiz4TVoReRmPUdOlP73T7xPlmtpBwQyNnqBlSrYwwru6+A/2qf2mNJ/4Jjfti6hrfgDw//bmkfEvQ11nxN4L+2G0S0vxM8S38MvluoMuyXem35mUkkfJjw8wr0snr/XZu1OVoz9dozS6v7MratWf2T5vNMTQyDEf2jUdqM2o1PJ7Qml1enJJLVx5Xryn35RXG/s/fG7wn+0d8HNC+NXgiK4j03XbVpIobpQJIXSR4pY2xwSskbrkcHbkcGuyr2aVSnWpxqQd4tJp909UfQUa1LEUY1abvGSTTXVNXT+4KKKKs0CiiigArwv8Ab1/aG8T/AAZ+F9l4D+EUX2r4kfEPUBoPgSyQ/MlxJgSXjddscCNvLEFQxTdwSa9t1XVNN0PS7nW9Zv4rWzs7d57u6nkCRwxIpZnZjwFABJJ6AV8sfsa6VqX7WPx313/goT43sJU0ZUm0D4OaddIVNtpUbss+obT92S4fcAeGC715Uqa9bK6NKLljK6vTpWdn9qb+CHo2ry/uxfc8jNa9WShgqDtUq3V19mC+Ofqk+WP9+S7M9s/Za/Z68MfsufA7Q/g54Zl+0HT4DJqmpOP3moXsh3T3Lk8ku5JGScKFXOFFehUUV51etVxNaVWo7yk22+7Z6VChSw1CNGkrRikkuyWiCiiisjUKKKKAML4mfEPw58KPAeqfEPxZc+XY6XatNLgjdIeixrnqzMQoHqwry39n34EWXjDQ7/4yftB+CtM1bxL4zukv5LLV7CO4TS7UDFtbIsqnYVQgngHJAPK5qp4p/wCMpP2ho/AEP73wP8OrtLnxAw5j1PV+fKtfRki5LD1ypHKmveq+Nw9KlxNm8sVWipYbDuUKaaTjOp8NWpZppqGtKndNX9rJdGfX16tXhvKY4WlJxxNdRnUabUoU/ip07pppz0qzs07eyi+qGwww20KW9vCsccahY40UBVUDAAA6CnUUV9kkkrI+Qbbd2FFFFABRRRQAUUUUAFfPP/BTf9pj4lfsq/syv8QPhRaw/wBsX+uW+lxX88AlXT1kjlc3GxgVYgxBAGBXMgJBxg/Q1fLHxSsbL9s39tfT/gfeWcWofD/4QRx6x4yt5oxJb6lrcyEWlm6nKuscZZ2ByDmRGHSvLzipWWCdKjLlqVPdi1um+vpFJtvt52PFz6rXWXSoYeTjVqtQg1upPd+kYqUm+iWmrRw//BDj4u+LfHfwQ8U+BNf8Polr4d1xZ7XXFRg2oS3hmlmWRjw8iFFJbrtlQEcAn7frL8H+CPBfw80OPwx4A8IaXoemxMzRado+nx20CEnJIjjUKCT14rUrTKsHVy/LqeGqT53FWvt1f5ba69zXJMBWyvKqWEq1OeUFbmta+r/K9tde+oUUUV6B6oUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRXy1+3D+3z8e/2PPip4I0jTf2LH8T/D3xV428N+GdQ+I8/xEtLBbC81fUksVWKwEM1xcNEZEkbcIkYNgSZBIAPqWivJf2hviF+2l4O8QWFn+zF+y94F8eaZNZl9SvvFfxbuPDsttPvIEaRRaPfCVduDvLocnG3jJ5n/AIJpftoeNf2+f2aD+0X4v+Clh4IguvFWraXodtpXi5tattVs7G5a0/tCG4eztG8qWaKcIDECURXz8+1QDa8D/wDKQv4of9kZ8B/+nbxfXqviG+vbZbSx02RY5r67ECTMm4RgI8jNjudqHHuRXlXgf/lIX8UP+yM+A/8A07eL69S8Qf8AIW0P/sKv/wCklxQAg8P6vjnxzqmfaG0/+MUv/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqVz3xa+Kfgf4G/C7xF8Z/ibqs1h4c8KaLc6tr1/b6fPdvbWdvE0s0oht0eWTaisxVEZsA4BoAu/8I/q3/Q86r/35tP8A4xR/wj+rf9Dzqv8A35tP/jFcve/tO/AbTv2aH/bEvPiRZp8NU8Gf8JYfFYilMJ0c2v2oXQQJ5hBhwwQJvOQoXccV8of8FLP26/8AgoD8HP2Xrv8Abg/YE8H/AAa1j4S6X8LIfGV3rnxRGuRarfCQPKsFtpsKQMgNubd83EsTBpGVkBTBAPtf/hH9W/6HnVf+/Np/8Yo/4R/Vv+h51X/vzaf/ABisr4G+N9W+JvwT8HfEjXre3hvvEPhbT9SvYrRGWJJZ7aOV1QMzEKGcgAknGMk9ap/tE6n+0DpHwb1m/wD2WfCvhfWvHqrAvh/TvGmqT2elyM08aytcTQRySKqQmVwEUlmRV43ZAB0P/CP6t/0POq/9+bT/AOMUh0DWQMx+ONSLDoJILUr+IEIP6ivlH/glh+2X+2H+0n8R/j58FP20dA+Gln4m+Dfjqy0GOb4X22oJY3Cz2K3TEvfSvJKRvChtkWcH5K+w6AKPhzUbnVNJS5vFUTJLLDNsGFLxyNGxA7AlSfxq9WX4P/5BM3/YVvv/AErlrUoAKKKKACuA/ab/AGePBf7UfwZ1b4PeNg0Ud9GJNO1KFf32nXicw3UR4IdG54I3KWU8Ma7+itaNarh60atN2lFpp9mjKvQpYmjKlVV4yTTT6pngH7Cn7Q/jPx9o2s/s9/H7bbfFP4bTrp/ieNj/AMhW3x/o+pxZxvSZNpJH8RyQodRXv9fnh/wXP0P4pfDW98C/tM/Aka3oOpQWt/o3ijxf4ZvZrW4itnMD2sEskLAiMt9oIJ4BwM8rWn/wTz/4KWzeDvgro/g79vfWfE+ialfXjnwp428U6FcJZavYFU8vdeFSHlVxMDI+FKBCXJzX1WL4eq4/LY5tgkmpvWnH4oyV+blV9Y3XMklzRjLZpJnyOE4jpZfmksnxzadNaVZaRlF25eZtaSs+Vyb5ZSjum2j78oqh4a8U+GfGmiQeJfB3iKx1bTbpN9rqGm3aTwTL6q6Eqw+hq/XyLjKLs1Zn2UZRkk07phRRRSGFFFFABRRRQAUUUUAFePftJfDTxVpmsWP7SXwas9/izw1CVv8ATo+Brmm5zLauB95gMsh5ORgAnbj2GivNzfK6GcYGWHqNxejjJfFCcXeM4vpKL1XRq8XeMmn6OVZnXynGxxFNKS1Uov4ZwkrShJdYyWj6p2krOKa5/wCFvxL8LfF/wJp/xC8HXnm2OoQ7lVsb4XHDxOOzq2QR7cZGDXQV4B4shl/Y++Lb/EnTImX4ceMr9U8T2sYymiai5wt6oH3YpDgPjof+ALXvsM0NxClxbyrJG6hkdGyGB5BBHUVxZFmlfGQnhcYlHE0Wo1Etnf4akP7lRLmW/LLng9Ya9md5ZQwk4YnCNyw1a7pt7q3xU5f36bdn/MuWa0lo6iiivfPCCvEf2tP+Cf8A8Af2yr/S9b+KUer2Wp6REYLfVNBvI4Z5ICxbyH8yORWQMWYfLkFmwRk59uorDE4XDYyi6VeClF9Hsc2MwWEzDDuhiYKcHumrrTY+Urj9lT42fsVSnxl+wvqs+u+GEAfXPhH4j1FnjucAb5rC4fJgnbGSp+ViT97Cx16/+zh+1p8KP2mNMuYvCV1c6Z4g0tvL8QeENbh+z6lpcoOGWWFuSoPG9cr2JByo9Orx39o/9jPwF8eNTtviLoGsXng34g6UM6J478Pny7uEgYEcwBAuYuxR/wCEkAqCc+f9Tr5f72C1h1pt6f8Abjfwv+6/cf8Ad3PK+oYnK/ey7WHWk3Zf9w278j/uu8H/AHHqexUV8z+A/wBsf4g/A7xZZ/BT9vjQ7XQb+6l8jQPiTpykaFrpHTzHwBaTkclWwvU/INufpaKWKeJZoZFdHUMjqchgehB7iu3C4yhi4vk0a3i9JRfZrp5PVPdNo9HBZhhsfFum2pR0lFq0ovtKL1Xk9U902h1FFeJfte/tdL8BINM+GXww8N/8JZ8UvFxMHg3whbtksxyDd3JBHlW0eCzMSN21gCAHdPSwuFr4yuqNJXk/kkurb2SS1beiRpi8XQwVB1qztFfNtvRJJatt6JLVv8PFv2x/2pvh3+1b8TNB/wCCc/wM+LFp9p8Va89p8R9ZtZSi2OnW6+bPZQysAs0820x4jLgbWRvvHH2N4U8LeH/A/hjTvBnhPSorHS9JsorPTrKBcJBBGgREUegUAfhX5vfsrf8ABDj4yfCb9pHwp8Xfib8XvDs+j+GtUtNYMOjPcNeXF5CySiEiSJUWPzVwX3kso+6pbj9Ma9/iJZVhoUMJl1b2lOKbk7bzb1b0V9Eklb3Vpd3bPnuGnm+JnXxmZ0PZVJNRir7QS0S1dlzNtu/vN3srJBRRRXzB9UFFFFABXmv7T3xd1f4aeCYNB8Cwi58X+KboaZ4WsxjPnvw059EiU7iTwDtB4NeiajqNhpGnz6tql3Hb21rC01xPK21I41BLMxPQAAkn2rxH9njTr/46fEvUf2sfFVpIlgVk0z4e2NwuDBYqxWS72no8zZ56hdw5BWvmuIcZiZKnleDly18Rdcy3p01b2lX1SfLDvUnH+Vn0eQYTDxdTM8ZHmo0LPle1So7+zp+ja5p9qcJfzI9F+BXwi0n4I/DSw8B6bMbiaIGbU79877y7fmWZieSS3TOSFCjtXX0UV7mDweGy/CU8Nh48sIJRil0SVl/wXu223q2eJjMXiMfip4nES5pzblJvq27v/htkkktEgooorpOcKKKKACiiigAooooA89/am+POk/s1/ArX/i3qMIuLiwtfL0iw5Jvb6Q7LeAAcndIVzjkKGPasH9iD4C6t8BvgZa2njeZrnxh4lu5de8bX8uDJPqdyd8isR12DbHxwShI+9Xn3jD/jLr9uzT/h7H+/8DfBBo9W17vFfeI5VP2WA9m8hMucdG3qw5FfUNeThv8AbMfPEP4YXhD1+3L77QXlGR4mE/4UMzni38FO9OHm/wDl5L70oJ9oy7hRRRXrHthRRRQAUUUUAFFFFABXjP7B/wDyRDXP+yzfEf8A9TXW69mrxn9g/wD5Ihrn/ZZviP8A+prrdAHs1FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfnp/wAF7v2xf2Wvg/4O+FvwZ+KHx58NaF4ri+OXw98VyaBqWpLHdLolv4khafUCh58hBbXBZ+g8l/Sv0LooA+P/APgox+25oF//AME0dQ+Jn7GvxD0zxPrfxkntvAnwd1jRLwSQ32s6vcnTopoZF4JgzcXBPQC0b0r6I/Zo+Angv9lr9nrwT+zh8O4NmieB/C9lounEoFaVLeFY/NfHV3Kl2PUsxJ613FFAHzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPc/EH/IW0P8A7Cr/APpJcV5b4H/5SF/FD/sjPgP/ANO3i+vUvEH/ACFtD/7Cr/8ApJcUAcN+0b+zP/w0V/Y3/GQPxO8C/wBj/aP+Sc+K/wCy/t3m+V/x8fu383Z5XydNvmSdd3HmP/Ds/wD6yBftN/8Ah1v/ALmr6bor0aGbZjhqSp0qlorpywf5wb/E83EZPluKrOrVp3k93zTXlsqkV+CPmT/h2f8A9ZAv2m//AA63/wBzUf8ADs//AKyBftN/+HW/+5q+m6K2/t3Nv+fv/ktP/wCVGH+r+T/8+v8Ayap/8tPmT/h2f/1kC/ab/wDDrf8A3NXT/Bz9hv8A4U98SNO+I3/DYPx08U/2d53/ABIfGXxB+3abdeZC8X76DyV37d+9eRh0Vu2K90oqKmdZnVpuE6l01Z+7DZ+lNP7mvU0p5HlVGopwp2ad171TdetRr70/QKra1o2k+I9Hu/D2vadDeWN/bSW97aXEYaOeJ1KujKeCpUkEdwas0V5Z6p+GGn634s1b4aaZ/wAGwt/qd9Jr1l+0g/h7Up3kb7RJ8I7cr4jS8aX+F3tmis1GcEDZk5wfvr/gvL8TPg78P/8Agk/8cPhZrPxB8NaJq2pfCq+i8P8Ahy61a3trm6QKEVbe3Zg0gGNoCKemO1fVEfwD+BUPxhk/aHi+C3hJfiBLpn9my+OV8OWo1h7Pj/Rje+X55i4H7vft4HHFYXxu/Yy/Y+/aZ1qz8SftIfso/DX4g6jp1qbbT7/xv4F0/Vp7WAsXMUb3ULsibiW2qQMknFAGF+w58Zvg/wCPf2TfBE/gT4q+G9bTQPAGjJrraPrlvdf2cwsI8rP5bt5R+R+Gwflb0Ndt4W/aF+A/jf4P2/7QnhL4zeF9Q8B3Vu1xb+MrbXYG0uSJZDE0gud/lbRIpTO7G4EdaofBn9k79lj9nHStW0L9nn9mn4f+A7HXtn9u2fgzwbY6XFqOxWVPPS2iQTbVdwN4OA7AdTVqL9mn9nKD4KH9mqH4AeCU+HJtTbHwAvhWzGieSZTKYvsPl+RsMhLldmNx3YzzQB8J/wDBJv8AaH+AFz/wUL/bUs7f45eDpJvFXxs0c+GIk8TWhbWB/Y8CZtQJM3Hz/L+73fNx1r9Iq8T8E/8ABNT/AIJzfDXxdpvxA+HP7AXwT0DXtGvI7vSNb0T4VaRaXdjcIdyTQzRW6vE6kAhlIIIyDXtlAGX4P/5BM3/YVvv/AErlrUrL8H/8gmb/ALCt9/6Vy1qUAFFFFABRRRQAVR8R+GfDfjHRbjw34u8P2WqaddJsurDUbRJ4Zl9GRwVYexFXqKabi7p2YnGMlZq6PmXxN/wTM8C+FdbuPHX7H3xW8SfBvX5n8yWPw3cm40i6ft5+nzExuOmFUqo/u1R/4aJ/b2/ZoP2f9pj9nSD4keHYPv8Ajb4TZe7RB/HPpsuHLY5YxlUXHevqiivWWcVqq5cZBVl/e+NelRWl9/MvI8eWS0KTc8FN0X/d+B+tN3h9yg/M8t+Af7aP7M/7S6fZ/hJ8VtPvNSUH7RoN4xtdRgZfvBraYLJ8pyCwBXI6mvUq8o+Pn7Ef7Mf7Sj/2j8UPhbZSawhDW/iPTM2epQuv3WFzCVdtp5AcsvtXlv8Awof/AIKC/szfvv2ePj/a/FTw5B93wd8VDt1FEH8MOpR4Lv0A83ai46Gn9VyvF/7vV9nL+Wpt8qkVb/wKMfUn63m2D/3mj7SP81Lf505O/wD4BKXofVNFfNHhP/gpr8M9E16DwF+1l8OfEfwa8RzNsjj8XWpfTLl+/kahGPKkQf32CLx1r6M0LX9C8UaRBr/hnWrTUbC6jD2t7YXKzQzKf4ldCVYe4NceLy/GYJr20Gk9nvF+kleL+TO7CZjgsen7Com1utpL1i7SXzXzLdFFFcZ2hRRRQAUUUUAUfE3hrQvGXh698K+JtNjvNP1C2aC7tpRlZEYYI9vqOQeRXjXwG8S658CvH5/ZR+JOpST2pief4d63cn/j+shybNm/56xDgDuo6AbM+51w/wAf/gtp/wAbvAraGt82n6xYTreeHdZiyJLC9TlJARztJ4YdwfUAj5zPcuxUpwzLAL/aaKdleyq03rOlJ/3rc1Nv4Kii9pTPockzDDRhPLsc/wDZ61rvd05rSNWK8r8s0vjpuS3jA7iivNv2b/jTqHxP0C88L+O7Ead408MTiy8UaYcDEo+7cIO8UgG4EcdQMjBPpNerluY4XNsDDF4d3hJddGmtHGS3UotOMovVSTXr5eY5ficrxs8LiFaUX01TT1UovZxkmpRa0aafoUUUV3HEFFFFAGP488AeCfih4UvPA3xD8L2Ws6Rfx7LvT7+ASRyDscHoQeQwwQQCCCM180y/Dj9pH9gKRtV+BcepfEv4SxMXuvAV3OZdY8PxdS2nytzcRL/zxbngAclpK+rq8b/a7/a40v8AZv0bTvCvhLw7J4p+IviuU2vgnwVZHM19OePOlx/q7dOrucDAIBHJXF5RLNcTGNC6q/ZkrJpbu99HBbyUvdtd6bnjZvh8EqX1upN05wWk4/Er7Rt9tN2XI07t6Weq4j4kf8FN/hDc/DPSLn9mc/8ACd+PvF87WPhPwRbgpdR3YHztexkhraKLO52bAYD5W25deo/ZB/ZFu/gtPqfxm+M/iNfFfxZ8XASeKvFEi5W3U4K2NoCB5VtHhQAAN+0EgAIq+S+C/wDgmd8V9AsG/aHtf2gbnSvj7qN9Nqmq69aQqdHkeYKW01rYLhrYbQu/G4nL7ThVHpnwU/bZuJPG8P7P37Wfg5fh98RG+WyWaXOleIBnAlsbgnadxx+6Y7gSFBZgQN55xLLaby6pZOTs60b8lXXSKbScF/cl8cveUpLlivHwVfEyxtOtnMeSWnsv+fabVrvV8tZ9pO0U+WnJvmb+gaKKKR9iFFFFABRRXKfGz4s6H8E/htqXxC1xfNFpHts7NT893ctxFCvfLNjpnAyegrnxeLw+Aws8TiJKMIJyk3skldv+t9EtWjowmFxGOxUMPQi5Tm1GKW7bdkv6829Ezzn9pHVtT+M3j7TP2SvB17JFFfRrqHjy/t2wbPTFYEQZHR5mwMehGQVY17TpGkaZoGk22haLZR21nZW6QWtvEuFijRQqqB2AAArzj9l34T654C8JXfjT4hsJvGXi+6/tLxLcMOY3Yfu7YeiRKdoHQEtjjFen14PD2ExFR1M1xkXGtiLWi96dJX9nT8nZ89TvUm19hHuZ/isPTVPK8JJSo0L3ktqlV29pU81dclP/AKdwT+2wooor6Y+bCiiigAooooAKKKKACvOP2sfj5Yfs1fAfXfipLbi5v7eAW2g6ftLNe6hKdlvCFHLZcgkDnarHtXo9fL2u5/a7/bxtfDC/v/AvwLZL7Uu8V/4mlU+TH6N9mQFuOVkDKRhq8/Ma9SlQUKX8Sb5Y+Te8vSKvJ+iXU8vNsTVoYZU6D/e1HyQ8m95ekI3k/RLqej/sU/AO/wD2fPgRY6B4ruDdeKtbuJda8aag7BnutUuTvmLMPvbfljB7iPPc161RRXVh6FPC0I0ae0VZf13erfm2dmFw1LB4aFCkvdikl8u/m9W31bbCiiitjoCiiigAooooAKKKKACvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9epeIP+Qtof/YVf/0kuK8t8D/8pC/ih/2RnwH/AOnbxfXqXiD/AJC2h/8AYVf/ANJLigDUorjPi7+0J8IPgP8A2f8A8LW8Xf2V/avm/YP+JfcT+b5Wzf8A6mN9uPMTrjOeM4NcX/w8I/ZB/wCiu/8AlA1D/wCR68LGcUcM5diZYfF42lTqRteMqkIyV1dXTaaunf0PbwfDPEeYYeOIwuDq1KctpRpylF2dnZpNOzVvU9norxj/AIeEfsg/9Fd/8oGof/I9H/Dwj9kH/orv/lA1D/5Hrl/124N/6GVD/wAG0/8A5I6v9TeL/wDoX1//AAVP/wCRPZ6K8Y/4eEfsg/8ARXf/ACgah/8AI9bXw9/bG/Zw+KvjCz8BeAviN9v1a/8AM+yWn9kXkW/ZG0jfNJCqjCIx5I6Y64Fa0OL+E8TWjRo4+jKcmkkqsG23okkndtvRIyrcJ8U4ajKrVwNaMIptt05pJLVttqySW7PTaKK5X46Xvxd034LeLdS+ANlo9z45tvDl7N4PtfEEEktjcaksDtbRXCxSxOYmlCK211IDEg8V9EfPnVUV8Oal/wAFgrRf+CI8H/BUTR/CtjN4svvBsUFj4QMMpifxlJcDTf7M8oOJmjXU8oUDCTykJyD8w8w/4Lm/sJ/Db46f8EwfHH7XX7XXhL+0vjF4J+BKqBoXiXVLXQtN1WJGmmmttPF20L4nmlCvP5z7FjBY7QaAP0yorz39kj/k1L4Y/wDZPdF/9IYaT9p39l/4V/te/DA/Bv40jW5fDc+ow3Wo6fofiO70tr9YskW801pJHK0LE5aMOA20A8cUAeh0V+Vmrfs1fAL9jj/gtL8AfgX/AMEr9CvPCmr3Wm6xqf7R3hDw5rV3NoqeF/soWzudTglleOK6a5YCBgBIzMpbKlCf1ToAy/B//IJm/wCwrff+lctalZfg/wD5BM3/AGFb7/0rlrUoAKKKKACiiigAooooAKKKKACiiigDN8WeDvCPj3QZ/C3jnwvp2s6ZdLtudO1WyS4glHoySAqfxFfOmu/8E0fD3gLV5/Gf7Fvxp8TfB/WJpDLLp+lXBvtEupPWawuCUPoNpCqOi19O0V24XMcbgk1Rm0nut4v1i7xfzXzOHF5bgcc060E5LaSupL0kmpL5O3kfK/8Aw1B+2/8As1/6L+1d+zMPGmgwcP48+EZa5ZUH8c+nSkSrxy7qQg5wDXr3wF/a/wD2bv2mLTzfg18WdL1W6VS0+kPIYL6DHXfbShZVAORu27eOCa9KryD49fsJfsv/ALRl5/b/AI++Glvba+jB7fxVoMhsNThkH3XE8OGcjsJN4HpXZ9ZyrGfx6TpS/mp6x+dOT/8ASJL0OP6rm+C/3eqqsf5amkvlUiv/AEuD9T1+ivlb/hT/APwUW/Zj/e/BD40af8ZPDUH3fC3xIYW2sJGP4IdRTCyuePmmwo7LWt4J/wCCm/wdg8Qw/D39prwf4g+DniiU7VsfHNmY7G4bu0F8o8mSMf322A9qmWTYipFzwklWj/c+JesHaa+SkvMcc7w1OShjIujJ/wA/wv0qK8H83F+R9J0VX0rVtK13TYdZ0PU7e8s7mMSW91aTLJHKh6MrKSGB9RVivJaadmewmmroKKKKQzxv9pD4c+KfDmv2f7TnwcsTJ4l8PQGPWdLj4GuaZ1kgYDrIoG5DyeMYJCgej/DT4jeFviz4H074geDb8XGn6lAJIicbo26NG47OrAqR6g1u18C/tEfG74ofsk/tJ+JfCfwSvX0bQ7+7ttTl0q4s45ra5mkhRpXiDoTGjMWUhCOUIyMAD834nzrC+HmIeb1FJ4XESUakIq7jVa92rFaL31Hlqq6u1CavLmUv0PhrJ8Vx9h1lVNpYmhFypzk7KVJP3qUnq/dcuam7OycoO0bNffVFeG6H+2s/9i2d54z/AGbfibp801rHJPNB4UaW13FQTscPkrnplQcYyKtD9vj9nS0OPEmq65ox7jVPDV2mPrtjavfhxtwnKClLGQhez9/mp766+0pw79/meHPgzimMnGOElO2nucs9u3JOf5fI9oory7Sv21P2WdYx9k+NOkpnp9q8yD/0ai4rnP2iv29fg98HPhwfEHw/1mx8c+I9QmFn4c8NeHdQjuJLq7fhPNaMnyIR1aR8ADgZJAPrYDOskzStGlhcXSnKTsrVaf61F9/RHk4/J85yyjKrisLVhGKu70qn6QfyXVmp+1z+1toX7NHh6w0bQ9Bl8T+PfE8xs/BHgqwObjUrk8b2xzHAhOXkPAHA5rE/ZE/ZJ134aazqP7Q/7Q+vQ+J/i74qiH9t6wBmDSLc8rp1kD/q4U4BIwXIyeMVR/Y1/ZmvfDmv3/7TX7QHjDT/ABb8W/E8AGo6haTrLa6DanldOsQCQkag4Zhy5zyRkt9E19VXxeGwuHeFwU1JS+Oovt/3Yv8A59p/ObV37vLE+Vw+DxOLxKxeOg48v8Om/sf3pLrUa+UE+Ve9zSCuR+NfwJ+FP7Q/gif4ffF3wfbavp0vzReaNsttJjAlhkHzROP7ykdwcgkHrqK8WpTp1qbhUScXunqmerVpUq9J06sVKL0aaumvNM+UF8T/ALS//BPpha/EB9W+KnwegOIfEcUfm6/4Zh7C6Qf8fcCj/loOVAJO0BUP0j8Nfif8P/jF4OtPiB8MfFtlrWj3ybre+sZdyk91YdUcdCjAMp4IBrdZVZSrAEEYIPevm74lfsYeMPhh4yu/jv8AsJ+JLXwl4iuX83XPBV4p/sHxFjkh4lwLaU84kTAyf4NzPXl+yxeW60b1KX8t7zj/AIW/iX92Tuvsyex4vscdlGtC9Wj/ACN3nBf3G376X8knzL7MnpE+kqK8W/Z1/bR8IfGPX5vhL8QvDl34E+JOnLjVPBOvMFlfAyZbWThbqIgEhl5wM424Y+016GHxNDF0vaUpXX5Pqmt011TSaPVwmMw2Oo+1oS5l+KfVNOzTXVNJrsFeC6Vj9qb9opvET/vvAvw0vTFpw6xaprYHzS+jJAMAH+9ggkMRXRftUfEvxHoujad8HfhjNnxj43nax0tkPNjb4/f3jY5UImcHrk5GdpFdt8KPhp4c+D/w90v4c+FYdtpplsIxIRhppDy8rf7TMSx9z6V8xjv+F/Oll61oYdxnW7SqfFSpeajpVqLypRe7R9pgf+EHJnj3pXrqUKXeNP4atXyctaVN+dWS2TOiooor64+UCiiigAooooAKKKKACiiqmv67o/hbQr3xN4h1GKz0/TrSS6vrudsJBDGpd3Y9gFBJ9hSbSV2JtRTb2R59+158foP2bPgNrPxJgt/tWrFFsfDWnBdzXupTnZbxKo5b5juIHO1GxVb9jH4A3H7OnwG0zwfr9z9q8SajLJq3jDUXfc93qlyd87s38W04jDd1jB6mvmnwB+1h8Hf+Cg37f3hHw/puq3Nt4V8Aaddar4b0vVrfy313W1OBOEBYbIYQZYwxDgox2gFgPuuvGwFejmmLnjKclKELwhb5Ocvm7RX91dmfPZXicPnOOqY+lJSpwvThbXs6kvm7RX92Lez1KKKK9o+iCiiigAooooAKKKKACiiigArxn9g//kiGuf8AZZviP/6mut17NXjP7B//ACRDXP8Ass3xH/8AU11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiivkL/got+1J+3h+yl8RPh74y+FGh/CO4+FXiD4leEfCevf8JDFqlx4hkl1bV47KdrdIZIbaFY45VZHdpSWzmPAGQD69or5U/b8/4KB6l+zl8UvCv7N/wy8YfDTwz4n8Q+Hr7xLr3jj4waybPw74T0K1nt7Y3VwFlha5mnurqGCGBZogSJGaRQgDexfsm+NfiX8Rfgrp/jX4ofE/4beNLrUJpZdO8U/CZZl0XUbPOI5YhNcXJDZDBts0i5HDdQADC8D/APKQv4of9kZ8B/8Ap28X16l4g/5C2h/9hV//AEkuK8t8D/8AKQv4of8AZGfAf/p28X16l4g/5C2h/wDYVf8A9JLigDUooooAKKKKACiiigAooooA/KrR/wDglj+2Ha/8FN4vhLc+ArQfsgab8fJ/jrYat/blp5jeIpNOXZpAsxL56QR6o0l0B5Xkle4bFe+/8FsrL9t74yfsr+N/2PP2Tf2FdT+JcPxI8B3enXPjC1+IWiaTBolzIxRY5LfULiKSf5QH3J8vzYzkV9sUUAfOP/BPr4g/td6j+zzH4I/aP/Ye1P4V6v4I8M6bpmh2upePtH1ceInhtDG7o2nzSLbAPEgxKQf3oIztNc78f/jp/wAFVLv/AIJuJ8SfgB+w7pth+0drkX2U/Di98eaXd23hlnmlQ3jXkk0Vre+XCscqxhwC8qg5COD9YUUAfnb/AMEuPCH7WP7Jj2vw78Vf8Eo/iJb614815L/4wfHfxj8XfCeoahrF++fM1C7jtb+Sdoo8sIrWEMIkO1QWLs36JUUUAZfg/wD5BM3/AGFb7/0rlrUrL8H/APIJm/7Ct9/6Vy1qUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABWT428BeB/iV4em8JfEPwfpmu6XcDE+n6vYx3EL+5SQEZ9+1a1FVGUoSUouzXVaEyhGcXGSun0eq+5ny/qv8AwTZh+GOpTeK/2H/jz4l+E+oSSGWTQopjqWg3L9T5llcEhSem4NhQflWq/wDw1t+2N+zd/on7YX7LsniDRYOJPiB8JC17AEH/AC0nsZMTQgDlnyF67VNfVFFess4qVly42CrLu9J/KcbS/wDAudHjvJadB82BqSovtHWHzpyvH/wHkZ578Cv2rv2d/wBpbTP7R+CfxZ0nXHWPfPYRT+XeQD1kt5AssY7ZZQD2Jr0KvGfjr+wH+y7+0Bqf/CVeKPh8ukeJUk8238XeFZzp2pwy9pPOhx5jDt5gcD0rzz/hXH/BST9mEeb8LPifpXxw8MQfd8PeOWGn67HGP4Ir9f3c7erzevC0/qeW4v8A3WtyS/lqWX3VF7r/AO3lD1F9dzTB6Yqjzx/npXf30376/wC3XP0PqmsnxB4B8C+LNQtdW8U+C9J1O6sW3WVzqGmxTSW5znKM6koc88YrwjwB/wAFNfgXfeI4vh1+0BomufCHxY/H9j/ECxNrBMehaG8/1MkeSMOxTd2FfRFhf2OqWUWpaZexXNvPGHguIJA6SKRkMrDgg+orzMfldailTxlHR6rmSlF21TTtKLtumm7b6M9PL81oYhupg62q0fK3GSvo01eMo32aaV9tSWggMNrDIPUGivK/2r/2rfBf7K/geDV9U0+41vxJrVx9i8H+ENMG691q9bAWKNQCQgLLvfBCgjgsyqxh8PWxdaNGlG8paJf106tvRK7bSQ8TiaGEoSrVpcsY6t/1u3skrttpJNsxP2yPjj8Ff2d/B1tceIPhpp/ivxZ4huPsXg3wbb6bFNea1eNgKiqVYrGCyl5MEKCAMsyqeN/ZY/4J/wCk6PpGp/E39qnQ9I1zxr4slFzf6LZW6xaT4fjP3bO0gjwgKjAaXlmI+8eWfa/ZN/ZS8aaR4yuv2sf2r9Qt9b+LGv2+yOKM7rPwrZHO3T7MZIUgEh5ASWJYAnLvJ9D1WZ5dkCoPCLD0qrfxzlTpyu19mDlBtQT3as5vXSNk88sx+fSrrGTr1aSX8Omqk48qf2pqM0nNraLuoLTWTk15DqP7Bv7KGov5zfCWG3kByslnqd3CVPsElA/Sqv8Awwx8KrP/AJFnxv450TH3f7K8Wzpt+m/dXtFFfIy4M4SlLmWBpJ94wUH98HB/ifXR4w4qjHl+u1Wu0puS+6amvwPF/wDhkzxlpn/IsftcfEuHH3RqerR3gH/faDNH/Cj/ANrHSjnQv2y3nQdINV8EWkmfq4bdXtFFL/U/I4/wlUh/gr14/wDuaRX+tudS/iunP/HQoS/9xI8X/wCEb/b10n/kH/Er4davjp/auj3Vvu+vknij/hKv28dJ/wCQh8Kvh/q+Ov8AZWuXFvn6ecOK9ooo/wBWHD+DjsTH/uNzL7p05fmH+sin/FwWGl/3C5X98KkfyPlD9orwb8Tv2h9Ah0z4w/sN3yahpzeZonirwt46tBqOlzA5ElvIF3rggHacqSASMgEcL4b/AG6f2rv2SvB97o37WvwP8S67pFpH5WgeP5NN8klzhYotR2bkBJIHmq25sDh2JYfdNUfEnhrw/wCMdAvPCvivRrbUdN1C3aC9sbyESRTRsMFWU8EVyS4ZzalVnXoZlU53Fr3oUXd2aXM4whez2bi2vNaHiZhLKsXWjicNgqdCunFuUJVXGaTXu1KcptTi1pdShON/cmtj5K/YE+PR/aL/AGhPFPj/AMcadDca9c+HYm0i8smJtLKxjkVHgiUliu55EfO45w3TJz9h18m6j+xv8SP2NfFd78Y/2BrO2vdNu0U+JPhZrdyWjvo1yc2V1IS8EvJIRmKknuAqV7D+zf8Atb/Cr9paxurPw1NdaT4l0k+X4h8G67D9n1LS5QcMJIm5ZQeN65HIBwcqM+C8Fjcgy7+zszq8+Ic6k+dq3tOeXNfm2lJL4tpaJcvKla8/4twnEGdpvDfVZckIRp83NTfJGz9jJ293qoO043fMpNuT9Rooor7Y4gooooAKKKKACiivOf2jf2o/hV+zH4Zh1nx9qM1xqWoSeToPhvS4vP1DVpyQFighHLZJALHCgkAnJAOVatSw9J1KslGK3b/r+uiZjiMRQwtGVWtJRit29v67LVt6JN6HbeK/FnhjwJ4cvPF/jPX7TS9L0+AzXuoX86xRQoOrMzHA/wAivlnXfHHxq/4KPx3ngb4Mi98E/Be6WS01zxxe2m3UPFEByksFhDIP3cDDKtKw5Bx2aM6XhT9mj4w/te+I7P4uftywrp3h61nFz4Y+DllcFrW2/uTak4x9pmx/yz+6OQQAzR19QWdnaadaRafp9rHBBBGscEEKBUjRRgKoHAAAAAHSvMcMTmq99OnRfTac159YRfb4mt3FOx4zhi86X7xOlh39nadRf3usIP8Al+OS+JwTsfJX7H//AAST+H37KHxx/wCF3H4p3/iO5sI508PWc2mLbCyEqNEzSMsjee/lOyghUHzE7emPrmiiuzA5fg8to+yw0OWN27a7v1ud+W5Xl+UYf2GDpqEbt2V9311bf/A0Ciiiuw9AKKKKACiiigAooooAKKKKACvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvgz/gt18XNXj8O/Dj4L+Df2dfjF4z1XTPi74G8a3954B+Ems65YQaXYa/HPdBrqyt5IluEitpH+zlvMKtGduJFz950UAfnL+034Q0Hxd+3t8Cv+CtWufshfEfxv4CtvhprfhPVPDsnwtvZ/EPhS/a8E1lqcuhyxfbSrL9thJSFnjE0b42uGHr//AASJ+Enjn4feFPjL8QtW+DuqfDfwl8SfjZqfif4dfD7W7BbO70nSpbSzgaWW0B/0Frm5gubn7MQCgmBYBnYD67ooA+ePgF8MfDfwu/b9+L+n+GtS8Q3Meo/CvwPfXDeIvF2o6w6Svqvi4FYnv55mgi+UYhjKxKclUBY59z8Qf8hbQ/8AsKv/AOklxXlvgf8A5SF/FD/sjPgP/wBO3i+vUvEH/IW0P/sKv/6SXFAGpRXnH7QX/DXf/Eo/4ZW/4Vv/AMvH9vf8LB+3/wDTPyPs/wBj/wC22/f/ALGO9eb/APG3b/q3D/yv1w1sd7Go4eyqSt1jC6+T5l+R5uIzL6vWdP2FWVusYXT9Hzr8tz6Por5w/wCNu3/VuH/lfo/427f9W4f+V+sv7T/6cVf/AAD/AO3MP7Y/6hq3/gv/AO6H0fRXzh/xt2/6tw/8r9dJ8I/+HjH/AAsLT/8AhfH/AApT/hFP3v8Aav8AwiP9r/2j/qn8ryvtH7v/AFvl7t38G7HOKqGY881H2NRX6uFkvV870NKea+0qKH1esru13Tsl5t87su7sz2uiiuV+Onwc8FftD/Bbxb8BviPYfadA8Z+HL3RdYhAGWtrmB4ZNuejBXJB7EA9q9E9U6qvlz/goH/wVe+En/BOqacfEr9nP41+M7aw8MjX9Z1b4bfD1tR07SrDzZYjJdX0ssNtAwMLko8gbaVOPmXPwXN+1h8ZvEv8AwRW03/gl/L4iZPj9f/Fb/hmLUZVyXiWGbyp9UK53tb/2EokM2cFpN249/sf/AIK8/DDwd8Ev+CFfxk+DXw70sWWgeE/gjLo+iWa/8sbS2tkhiT3wiKKAPrf4deN9J+Jvw+0L4kaDb3ENj4h0a11Kyiu0VZUiniWVFcKzAMFcAgEjOcE9axP2gvjTbfs+fCjUvitdfDPxn4xXT5IEXw78P/Dsmq6tdtLMkSiG2QgsAXDMxIVEVnYhVJqj+yR/yal8Mf8Asnui/wDpDDXoLBipCtg44OOlAHyv8Jf+CtXwh8cfHTwz+zr8Yv2c/jN8F/E3jh5ovAyfF3wTHYWniCeKMySW1tdWtzcw+eIxu8qR0Y5AALMAfqmvyx/ac+GH7VH7PH7df7LPxh/4KVftQ2Hxu8B3XxitfC/w+07wf4Og8J/8I/4x1K2njsdRurQPdPqUIEcicXUXkMwfZICyn9TqAMvwf/yCZv8AsK33/pXLWpWX4P8A+QTN/wBhW+/9K5a1KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDE+IHw1+HvxX8OS+EPib4I0rX9Lm/1lhq9hHcRE/3grggMOzDkdjXzvff8E4tV+EN7L4k/YV/aH8R/DGdpDK3ha7lOq6BcMTkg2twSYi3ILqzFQflUV9R0V3YXMsbg4uNKfuveLtKL9YyvF/cn5nBi8swOOkp1Ye8tpK8ZL0lFqS9LteR+f37Wf8AwUw/bp/Yk8L2HhT41/s6+CZfEerSyDQ/F+maxNPpGoRw7PO/0TKTxuPMj4aRAd+QMDFdN/wSjktv2um8Qft9fGmaTWfH7a9caFpyzW+yx8PWkcUUgh0+Ms2wMtxhpCd5ywzku0n1L8d/2cvgn+014QTwJ8c/h/a+INMiuBPBDPLJFJDIBjdHLEySRnBIO1hkcHIrT+FPwk+G/wADvAtl8NPhP4RtdD0PT1ItbC0BwCTlmZmJZ2J5LMSx7k17dbOsreSOjh8P7PETdpSjonG92ldtpPS8VZabtPlPCo5Hmqz1V8Rifa4aCvCEtZKdrJu0Um462k7vXZNcx0dFFFfLH1gUUUUAFFFFABRRRQAUUUUAFeQftIfsbfD74/X9r490rVLzwj4+0kZ0Lx34ebyr22YDhJcEC4i7GN+xYAruOfX6KxxGHoYqk6dWN0/6uuqa6NNNdGc+KwmGxtF0q8VKL/Po09010aaa6M+ZfA/7YXxH+Animz+DH7fWi2ujXN1KIPD/AMTtNQjRNbPYTHAFnORyVbCdThF27vpiGaG5hS4t5lkjkUNHIjAqykZBBHUVl+OPAng34l+FbzwR8QPDNlrGkahF5d5p9/AJI5F9wehB5BHIIBBBFfNE/wAL/wBo/wDYGnfWf2fI9R+JHwpRi958O725MmraDHnLNp0rZM8Y/wCeDZPGBks0g87nxeW/xL1KX8284/4kvjX95LmXVS3PJ9pjso0q3rUf5t6kF/eS+OK/miudfajLc+raK4f4C/tF/CL9pXwaPGvwl8VR38KMI7+ykHl3VhL3inhPzRuMHrwcZUkc13FenSq0q9NVKck4vZrVM9mjXo4mkqtKSlF6pp3T+YUVT8Q+ItA8I6Hd+J/FOtWunadYwNNe317OsUMEajJd3YgKB6mvl3U/jD8dv2+NRn8G/sv3194J+FyTNBrXxSuLdo73WFB2vDpcbYKKeQZzgjnG0rtfnxeNp4VqFnKcvhit3/kl1k7Jeb0fJjsxo4Jxgk51JfDCPxPz7KK6ylaK7t2T6747/tmapb+OJf2dP2TvCkXjj4kMNt6BIf7L8OLnBmv5l4BU/wDLIHcSMHBKq2j+zl+xnpfwv8TTfG34y+K5fHnxQ1KP/iYeLNTjGyyUg/6PYxfdt4gCVG0BiCfug7B3XwI/Z8+FH7N3gaLwB8JfDEen2gPmXdwx33F9NjmaeU/NI59TwOgAAAHa1hRwVSrVVfGNSktYxXww9P5pf33/ANuqK35sPl1atWWJx7UprWMV8EPS/wAUu85K/wDKorcooor0z2QooooAKKKKACiiigAooooAKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPGfA/wDykL+KH/ZGfAf/AKdvF9epeIP+Qtof/YVf/wBJLivLfA//ACkL+KH/AGRnwH/6dvF9eoeKWNrJpurOjGGy1DzLgqpJVGhlj3YHYGQE+gyaANaisoeOfBJGf+Ew0sfW/jH/ALNS/wDCc+Cf+hw0r/wYR/8AxVAGpRWX/wAJz4J/6HDSv/BhH/8AFUf8Jz4J/wChw0r/AMGEf/xVAGpRWX/wnPgn/ocNK/8ABhH/APFUf8Jz4J/6HDSv/BhH/wDFUAalFZf/AAnPgn/ocNK/8GEf/wAVR/wnPgn/AKHDSv8AwYR//FUAfOVn/wAEjv2VrH/gpRN/wVJhv/FJ8fS2bougtqcH9hRXj2Cae+pJbeR5gu2tEEJk83aQSduTmrf/AAUD/wCCZ3hv/golo7+D/iF+1v8AGrwR4YvNBk0nXPCPw48TWFnpuswu5ZmuormxuDI+DtyGUbQBjvX0F/wnPgn/AKHDSv8AwYR//FUf8Jz4J/6HDSv/AAYR/wDxVAHj37H/AOwyv7IPw61n4Y237Wvxk+Imn6nY29np0nxL8S2d7NoUEMLxLHYtbWduIQVYZ3B+Y0xjBzVX/gn54f8A+GPfD37H7/tT/G4p4ZuVuLD4lx/EN4vFssyzSyh59QjiUTD980ZRoyjRqqspxXtf/Cc+Cf8AocNK/wDBhH/8VR/wnPgn/ocNK/8ABhH/APFUAfMfwq/4JC/Bfwf8cvDX7RPxs/aI+M3xt8S+CJnuPA7fGHxvHqFn4funXYbq2tLW3toBPt4EsiO4wrAhlVh9YVl/8Jz4J/6HDSv/AAYR/wDxVIfHXgsD5fFumueyx3qMx+gByfwoAXwf/wAgmb/sK33/AKVy1qVmeEIpo9DEk8LRme6uLhUdcMFkneRcg9DhhxWnQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeD/Hr9iex8XeMj8ef2d/F8nw8+JkKk/27p0Q+yauOvk39vjbOjYAL4LDgnftArzTX/wDgq1a/s3xv8O/20Pgn4g0Tx1ZqhMHheGG6sdVgbcFvbaSWZNsTMjAqSSp4ySGC/YdfMn7eH/BNDwd+234m0bx2/wARrrwxrelWIsJbtNNF5Fc2gkeRYzGZI9rK8khDBv4yCDxjwMzweOw9KVfKtKresdOWV93Z2Sku6av1voz5fOcBmeEozxOSWVZvWDtySvvLldkpre6cebXmvoznPhN8NPHP/BSCz0r9oP8AaT1qC3+Gks5ufCHwu0S/LwXPlyMon1KZcec4ZSPKGApGCF+dW+t9M0zTdF06DR9H0+C0tLWFYra1tohHHDGowqKqgBVAAAA4ArlP2fvgl4T/AGcvg5oXwV8ES3Emm6FatHFNdMDJM7yPLLI2OAWkkdsDgbsDgV2Vd+XYN4agpVNaskueV7tu2qv2TvZKyS2XV+nlOAeDwynW1rTSdSTd25W1V/5U7qKSUUtl1ZRRRXoHqhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV4z+wf/yRDXP+yzfEf/1Ndbr2avGf2D/+SIa5/wBlm+I//qa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeM+B/+UhfxQ/7Iz4D/wDTt4vr2avMfib+yD8Fviz8SJfi54km8a6f4guNDtNIu77wj8UfEGgC5s7aa6mt45YtMvreOUxyXt0Vd1LDzmGcYAx/+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9cjrP7AWjSfHjw3qOj/Ev4wp4Hi8I63H4isz+0d4y3y6q91pR06QZ1XfhYE1QHawXMi7gx2FQD6Uorxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLej/hg/4I/wDQ8fGb/wASO8a//LegD2aivGf+GD/gj/0PHxm/8SO8a/8Ay3o/4YP+CP8A0PHxm/8AEjvGv/y3oA9morxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLeuR+Cf7AWjWHg29g+MvxL+MN3q7eLvEElnLD+0d4ywulPrF4+lx/u9VUZTT2tEORuyp3FmyxAPpSivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9morxn/hg/wCCP/Q8fGb/AMSO8a//AC3o/wCGD/gj/wBDx8Zv/EjvGv8A8t6APZqK8Z/4YP8Agj/0PHxm/wDEjvGv/wAt6P8Ahg/4I/8AQ8fGb/xI7xr/APLegD2aivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9mor5r+JH7AWjXXjL4fz/AA7+Jfxhg0i28XTSePIpP2jvGWbnSjo+pJHGu7VScjUH05/kKtiM87dyt13/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV4z/wwf8ABH/oePjN/wCJHeNf/lvR/wAMH/BH/oePjN/4kd41/wDlvQB7NRXjP/DB/wAEf+h4+M3/AIkd41/+W9H/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV81/Df9gLRrXxl8QJ/iJ8S/jDPpFz4uhk8BxR/tHeMs22lDR9NSSNtuqg5OoJqL/OWbEg527VXrv+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//Lej/hg/4I/9Dx8Zv/EjvGv/AMt6APZqK8Z/4YP+CP8A0PHxm/8AEjvGv/y3o/4YP+CP/Q8fGb/xI7xr/wDLegD2aivGf+GD/gj/ANDx8Zv/ABI7xr/8t6P+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//LeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9H/DB/wAEf+h4+M3/AIkd41/+W9AHs1FeM/8ADB/wR/6Hj4zf+JHeNf8A5b0f8MH/AAR/6Hj4zf8AiR3jX/5b0AezUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9cjo37AWjR/HjxJqOsfEv4wv4Hl8I6JH4dsx+0d4y3xaql1qp1GQ41XfhoH0sDcxXMbbQp3lgD6Uorxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t6P+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLej/hg/wCCP/Q8fGb/AMSO8a//AC3oA9morxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t65H9n/APYC0bTfgP4J0747/Ev4w3vji38I6bH4zvIP2jvGWyfVVtYxdyL5eqqmGnEhG1VXB4AGBQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezV4z+wf/AMkQ1z/ss3xH/wDU11uj/hg/4I/9Dx8Zv/EjvGv/AMt6774N/BvwB8A/AEHwy+GVhf2+k29/fXoGqa5ealcy3N5eTXt1NLdXsss8zyXFxNIWkdjl8DAAAAOoooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvy0i/Zk+Gv7cXwj/bD/bB+OAvbj4m+D/ih440D4XeM49VnhvPAVr4cjNvpx0xkcCzPn27XchQDzmnbzN6nFfqXXxx8YP+CWfxM8U638V/CfwO/bNv/h98Mvjrqk2o/FHwVB4Kgv71rq6to7XUpdK1F50OnG8hiUSb4bnbIzyR+WzcAHu37D/xb8T/AB//AGLPhB8d/GqqNZ8bfC7w/r2rhIwgF1eadBcS4UcKN8jcdq+I/wDgoF+x9+yp8EPHfw4+HX7Dfw2k0j9qfxv8SNL1fwt4p0bWLubWLTS7fU4Z9a1TVrmSV5JNLFp9pgeKctHI9xHFGhbAX7msPgr458G+Ovh5bfCT4sxeGvhn4J8L3ej6l8NYfDUFwmr/ALq3i0+Rb52860FokMgEaAiXzvnI2DPzF8FP+Can7fHwM+Onj39oLRP+Chfw71zxN8RddF1r2v8Air9nm5u9STTo2/0bSIJ08RRpBaQISscccSruZpGDOxNAHV/8FNf2cf2YfE1lF8c/il/wTG8Q/tGeJV0ptLtbXwxHZS3emW8QlmRlF5fW/kZeVwJLVZLjcw+U7Vx8tfDnUdd+Of7E37Bn7HXxA+PF5448L/Fzxtqdv8SNattUvlfVtO0fTdX1EeHrma4WK5dI57W3spxKsckn2F1dRudT92/Hr4Lftz+M/Htzrf7Pf7ceheBfD13YRwtoOtfCCHXJrOZQQ09tc/brbazZB2zRzqCOBg4rz64/4JO+BPDn7I/w5/Z1+D/xn8QeH/FPwn8ZN4x8FfE2+tIL++XxBNPdzXt1dwERx3MN0b+9Sa3BjUpPtUoUQgA5r9jLwJ4W/ZD/AOCn/wAW/wBiX4G6Z/ZHwx1H4ReGfH+ieELWVzYeHNSn1DVNNvI7OIki3juFs7eZolwgdWZQNzZ+168I/ZK/Y38VfAz4leO/2iPjn8bv+FjfE74iJp1prXiO38Npo9jZaZYJKLPT7KyE05giVri4lYtNI8kkzMzcKB7vQAUUUUAfMH/BZn4r/EP4Nf8ABNj4keLPhT4ru9B16/8A7H8P2eu6fJsuNNXVtYsdLluonHMckcV5I6uOVZQwIIzXkUv7NPwY/wCCcn/BSX9mjwp+x94R/wCEP0L4u2vivwx8RNCsb2Z7fXPsOjNqlnqVykjsJL2KW0kQ3R/eut26uzAgV9e/tT/s3/Dz9r39njxd+zT8VRdroXjDR5LG8uNPm8u5tWJDxXMLkELNFKscqMQQHjUkEcV5F8Ef2D/jRpv7Q/hj9pX9sH9rgfFjXPh94bvtH+HlvY+BIdAttN+2iJLzULlI7mc3d9LFBHF5gMUSI0gSFTISAD2X9oD9nP4O/tSeAR8Lfjr4UfXfDrX8V3caQdRuLeG6ePOxJhBIhmiycmJyY2wNykDFfH//AATO8DfDKz/bk+N+rfsM6AdC/Zr07w9pnhxbDS7iQaBqvja2ubr+0rvR4ixSOKG3a2tZ5IAscs8ZxvMTNXrX7SX7Gf7Yn7QX7Ivjb9m2D/goPNoeu+L/ABffXEXjm1+HMKS6d4anuWdNBSG1vLdjsgK2xvRKkzoGb5WbK7H7Iv7L37Uv7OXgYfCLxV+0X8OLvwdpPhb+yfBeh/D34KSeHToUqhVimDT6xfJOqKG/dtGNzHcznkMAfGXxw+Bn7Pn7Lv7ePwI8K/s3fsX+Iv2fXi+NOn2Wp/Hmd0j0jxlZvBKG0AyWd1czXcmoOyQodTS3AdCVcybFe/8AtjfsJ+JtE/bY+Pn7bnxd/wCCVHw1/aM8C61pfh650t/EHimzj1zTbTTNJ8u++w2VxZTJO7tkiN57cuYABu3LX0dqv/BPr9qD44eL/A7/ALaP7dNn468I+AfGen+K9N8LeFfhXB4efVdUsJRNYyahc/bbozRxTBZTFBHbq7Iu75RtO9+0d+yj+3b8bdV8WeFPBn/BRKx8H/D/AMWwtayaLa/CC2uda0qzkgWKeGz1Nr1I0Zv3jLLLayvGZOD8q4APY/2cfij8L/jf+z94I+MXwSwPB/ifwpp+p+F0FuIfLsJrdJIEMY/1ZWNlUp/CQR2rtK5T4FfBjwH+zl8FfCfwB+F2nyWvhvwV4cs9E0O3ml8yRLW2hWGPe/8AG+1AWY8sST3rq6ACiiigD4d/aQ+FXgH9tb/grnpv7Jv7Svh2PxR8NPAv7PS+M7TwRqUjHTdR1vUNbnsBd3MAIW5a3t7FliEgZY2u3YAMQa6j/gj9qut6P8PfjP8As73Gv6hqOhfBv9oXxD4N8Ey6pfSXU9voiQWV/a2hmlLSSrbjUGtkLsWEcCLn5a7n9p39i/x/8Tvjv4a/aw/Zq/aAi+GnxL8P+Grzw1d6rqPhJdd03WdEuJo7g2l1Zm4tmLRXESywyxzIyM0gYOrlap/C39hn4jfAD9lq++DXwF/amv8ARfH/AIh8ct4t8ZfFfVfCVnqNxrWpXWpR3eps1i5WCJbiFXtIwp/0eIxldzRgkA47/gpZ+zf/AMEyfDvgfxV+2J+2/wDBuDxLqA06HTdMknvbu41Ke7K+TZ2GiwrL+4vppCFj+yqkjSNuZsKWHLeD/i3+19+zB/wTP+Bf7OHxA8R/2l+1D8RvD9p4Y0OTXLgXkmnXxgMt1ql+5P79NMs8yzuSRNNEke4tcKT0v7U3/BO39qn47ftt+H/2vvA37Z3hHS7DwVo/2bwD4D8bfBybX7Lw/fyLtudViaLWbISXki5jWWSNjFGSqEZZm9T8b/sLfBz9qD4beFfD3/BQz4Z/Dv4z+I/DK3Ri1u/8Ara2aSTuu97aznuLprbckcCsPOfcYg2RkKAD8+P2edf1X/gnZ/wSX/b8u/2f/FOoy6v8OfjJ4yh8Pa/qF6bm/N3/AGPpES6lLI2TJP5rm4ZjwXycY4r2Dxp+yT8Hv+CZPx9/ZN+IP7LWm3Glan44+JS/D34oXMepTyv44tb3QdRujf6kXdvtV1Fd2EVwtw2XBd13bGK16f8Asz/8ER/2Nv2dfAfx5+Gtp8PfDk+k/HXV9Xiv10TwzHpk2k+Hb61hhXQ4pEkctFC0csqSDYA82RGpXJ1fgr/wTj+MWh/Fr4a/ED9qb9sy6+KemfBa0uU+GGif8IPBpDxXcto1iNR1OdLiX+0btLR5YkdEt0BmeTyy5BAB9ZUUUUAFeX/tu/FvxN8Af2L/AIvfHfwWqtrPgr4X6/r2kq8YcG5s9OnuIsqeGG+NeD1r1Csvxt4M8M/EbwZq/wAPfGukx3+ja9pdxp2rWE2dlzbTxtFLG2OcMjMp+tAH5jv+zL8Nv2IPg/8AseftifBH7bb/ABP8YfFDwNoPxR8aSarPNeePLbxGgt9S/tNnci8/fXC3cZcHyWgXy9ijFfpT8XPhR4I+Ofw31b4S/EmwurvQdcthb6pa2ep3FnJNFuDFPOt3SVA23B2sCQSOhNfLfwg/4JY/EvwrrXwo8IfG/wDbNv8A4gfDD4FapDqPwv8ABM/gqCxvRc2ttJa6bJquopO/9omzhlby9kNtukVJJPMZefXfiZ8CP2s/GXhH4x+HPCP7bDeH7nx0kEXww1GP4f2sr/DyMWkUM+zbNG2pPJKs06yTMhiaUKMqgyAfMH7O3wW+Bfw4/wCCutv4H/4JueBYfCngb4feANVsP2jV8MzSR6Be6zcvaPo+nmLcYpNWgC3U8sqjzI4p1SR8yBK8f/bt8ZXv7Z/x6+B/7YsfiGRfhn4H/a/8FeEfg/ZR3W2HW511jZrHiJ1BxJE00AsrRjkCK3uJl+W6Uj67/wCCfX7Cn7Uv7Dvh3w/8I739qP4ca/8AD3R4bhr/AEXRPgpd6VqurXsqsz31xqU2vXZkuJJ286WR4XaUkjK5BHG/tHf8G/X/AATb+NMPhH/hAP2XPhn4Hn0D4i6T4i1240/4fW0za9p9rOZLnSZdrx7YrlTsdzvAHJjfpQByv/BRX9gT4l/Hb/goFpf7UQ/4J+/DH9oXwbpfwSXw7H4a+InjC30zyNT/ALWluzNaiayuleQQkIN4iQ+cf3owa+nP+CdHxi+BPxy/Y58HeNf2cPhY3gTwtbw3Wkw+BJLCK1fw5d2V1LaXenNFESiGG4hlT5flYAMOGFUfjN+zx+2bf65bWP7Jn7aHhv4Y+ELbw/baZa+FdR+DkGt/2eYQyia0n+3W3lnYY1EcqTRr5QwuCQer/Y0/ZS8EfsVfs7aH+zz4E17VNYg0uW7u9R17XJVe91fULy6lu7y9nZFVd8txPK+AAFDBRwooA9RooooAK+Mf+Cj+gad+0B+2t+zF+xD8SxNefDbxxN4w8R+OPDguXit/EB0WwtPsdjdbCDNbefqHntASUkNqm4MBivs6vEv2xf2P9S/aT1LwH8T/AIZ/FubwB8Sfhfr0+qeB/GC6KmpwQi5tntbyzurN5Ixc2s8D4dFkicNHG6yKU5APHv8AgnD4f039n79tj9pz9iL4ZLNZ/DbwRJ4P8SeB/DZuXlt/D51qxu/tlja7yTDbedp/nrApCRtdPtCg4r079uT9mT/gn54+8OXf7SX7fPgfw/qvh/wJ4eme4vvGV7M+maZahjI832Uv5JmJwFk8szE7UQ5IBzvg5+wz8VfhB8O/jB4isv2qZbv44/GNmudW+L7eCrcQaVdw2Is9N+y6Q8rxfZbNFVkt5ZZDIzSmSRvMOOS/bf8A+Cdf7TP7X3ij4TavaftneHbHSPhqsWoap4R8W/CRtY0rxP4giUCLVrqC31WyB8pgZIrZi8SSHfhiq7QD598P/sfftR/tRf8ABBnxh+zvo/gfUZp/G/js6r8JfBHxK1p0vNM8FjxTa3+nadqE9x5joU06EnY5kdI2SIgsuwd7+yF4y+Cn7HHxY+JvwJg/4Jg+BP2fPijb/Ce58b6enw91G21PSvGGjWUjRNsvIbS0l8yC5ljV4JYUYC4V1LKc19NH4S/tx33wDuPBuqftmeFbb4inWlubLx1onwfEOnpZqUP2SXS7jU7gybsOGlW5jbDjbtK5blv2ff2EfiD4X/aO1f8Aa7/a1/aNi+Knjy98Et4P0ZdO8Fx6Doui6LJcpc3EEFl9ouXeSeaOJpJpZ3JWJEUKowQD4XsPgd4R+Av/AAS2+Av/AAVw8KXd7N8fdV1z4feLPG3xCbUpm1DxYviPVtPg1LSrxt+JrQw6pJGlvjZCIIzGEKZr9eq+KPh9/wAEivGHhXTfAfwD8V/tg3+v/AL4X+MbXxD4J+F03g2GK/DWVwbnTbC+1b7QxvLK0m8tkiFvG7CCJZJHCnP2vQAUUUUAFflpF+zJ8Nf24vhH+2H+2D8cBe3HxN8H/FDxxoHwu8Zx6rPDeeArXw5GbfTjpjI4FmfPt2u5CgHnNO3mb1OK/Uuvjj4wf8Es/iZ4p1v4r+E/gd+2bf8Aw++GXx11SbUfij4Kg8FQX9611dW0drqUulai86HTjeQxKJN8NztkZ5I/LZuAD3b9h/4t+J/j/wDsWfCD47+NVUaz42+F3h/XtXCRhALq806C4lwo4Ub5G47V8R/8FAv2Pv2VPgh47+HHw6/Yb+G0mkftT+N/iRper+FvFOjaxdzaxaaXb6nDPrWqatcySvJJpYtPtMDxTlo5HuI4o0LYC/c1h8FfHPg3x18PLb4SfFmLw18M/BPhe70fUvhrD4aguE1f91bxafIt87edaC0SGQCNARL53zkbBn5i+Cn/AATU/b4+Bnx08e/tBaJ/wUL+HeueJviLroute1/xV+zzc3epJp0bf6NpEE6eIo0gtIEJWOOOJV3M0jBnYmgDlP8Agoh+wB8TPjX/AMFDov2qZf8Agnf8Mf2h/B1j8DrTw3B4d+IXjG20yS21OPV727kktFnsrpHk8mWNB5nkofNx5owaofHr4T+FP+Cov/BMn4AXn7Ev7Knhq98G+HfixpOq6j8HPG1zDo1haWOjvf2d/o1yFhnSMJcI1sQkUoP3grLX1V+0H8Ev27PHXjq61f8AZ1/br0L4f+H7zTY7dtE1f4PQa7PZzDcHuba5N9b7XYFTtmjnQFfu4JFYHgf9hf4pfs0/sn+CP2Zv2I/2oj4MuPCd9c3WqeI/GfguHxI3iOW6luLm7ku4hPasskt3cPcFoZY9p+UDbxQByP8AwS38RfAvwT4v+J/7JvhP9gzw3+zt4/8ABdzpmp+MvB3hG4tbrTNWtb6KUWWp2t5bwwfao2FvNG2+GOSNoirKMivsGvAv2Qf2KvEf7P8A8S/H37RXxs+O1z8Svif8SV0628Q+Jf8AhH4tIsbTT9PSVbOwsbGOSX7PChuJ3YtLK8jyFmY4GPfaACiiigD5g/4LM/Ff4h/Br/gmx8SPFnwp8V3eg69f/wBj+H7PXdPk2XGmrq2sWOly3UTjmOSOK8kdXHKsoYEEZryKX9mn4Mf8E5P+Ckv7NHhT9j7wj/wh+hfF218V+GPiJoVjezPb659h0ZtUs9SuUkdhJexS2kiG6P711u3V2YECvr39qf8AZv8Ah5+17+zx4u/Zp+Kou10Lxho8ljeXGnzeXc2rEh4rmFyCFmilWOVGIIDxqSCOK8i+CP7B/wAaNN/aH8MftK/tg/tcD4sa58PvDd9o/wAPLex8CQ6Bbab9tESXmoXKR3M5u76WKCOLzAYokRpAkKmQkAHsv7QH7Ofwd/ak8Aj4W/HXwo+u+HWv4ru40g6jcW8N08ediTCCRDNFk5MTkxtgblIGK+I/2Gk+HPwn/ac/aP8Ai7+wf4RbTP2cPB3gK306HRtLuJBoOt+ONPe9l1G40eIkxxxR2/2a0nkhCxyzxnG8xM1e7ftJfsZ/tiftBfsi+Nv2bYP+Cg82h674v8X31xF45tfhzCkuneGp7lnTQUhtby3Y7ICtsb0SpM6Bm+Vmyu9+xp+y/wDtFfs4+Frf4R/E/wCNfwx8Q/D3SPDiaT4b8HeBvgvN4bTT1Uqo3SS6xfLLH5YdTH5almfcXPIYA/N79hP4j+Frb4JfBf8A4KZ/tqf8E7v+EgPjrxZpE2tftLa14/W58R6drOoagtvb3Y0wR/6HoqXkkVrDFDc8W4jZrbDEH6M8Ffsk/B7/AIKcftB/tY+PP2ptNuNV1HwP8ST8PfhhcS6lPE/ge1s9B066+36aUdfst1Ld38tw1wuHJjRd2xQtdj4T/wCCO3jLQ/BfhX9lbXf2yr/VP2c/BPjG017w/wDCt/BMEepPFZ341Cx0q61n7QxuLGC5SJggtkmZIURpiBmuy+NX/BOX4x638W/iV8Q/2WP2zLn4V6b8aLO2j+J+i/8ACDw6u8t1DaCx/tHTJnuIf7Ou3tEiid3S4QmGOTyw4JIB1f8AwSY+O3j79pr/AIJp/BH46fFPUJLzxJ4h+HenTa5fzD5726SMRSXLf7UrIZDjjLnHFfQ1cr8Dfgz4B/Z0+DHhT4B/CzS2svDfgzw9Z6Lodq8m90tbaFYo97fxuVQFmPLMSTya6qgAooooA+A4/wBmr4Mf8FG/+Ck/7S3hP9sHwh/wmGg/CKz8KeGPh5oN/ezJb6J9v0ddUvNStkjdRHeyS3UcYuh+9RbRFRlANeuf8EZvit8Q/jJ/wTa+HPir4q+LLvX9d09tZ8P3mu6hJvuNSXSdZvtLiupXPMkkkVnG7OeWZixyTUvxv/YQ+NGpftD+Jv2lv2Pf2tx8J9e+IHhux0b4h2994Eh1+21L7EJUs9Qt0kuYDa30UU8kQkJlidBGHhYxgnqPhh+xxrv7OHwT+D37PH7LHxvu/CPhX4aapbt4kg1HQLfVbnxhpqw3H2i1mmlKm1mnuplunuYhu3oyhQrnAB8w/wDBX/8AZP8A2H/h58HfFvxM0P4O3WoftI/FK8m074L6romt3Z8UT+LZkP2OTTpzNvs7e2cJcTeWY7eKCFy4wcNzv/BRvxt8efG37WH7NX/BPDxh8Ipvi2mufDXVvEfjjwhD4qOg6N4r1myS0gRtUu1jZl02EteXBhWKUSzPaq0LAceveJ/+Cb/7a0n7cfi39t/wT+3j4EOq6xYrpPg3T/G3wIuNYbwbow5awsZItftUXzXAeabylkmYKGO1VUemftK/sR/EL44eIvhd8evAn7Qlt4L+M/wus7u1sPHEHg1b3TNTgvreKLUbW50uS5VmtpnhilRFuRJC0a7ZW+bcAfKWvfBrQv2wf+CWX7Qn/BPP9lT9jbRPhH8RfDvjax0jxd8JG8QxSaRb3zT6XqAube7VFjazuLARyqywxkkODCG+96d/wTzj+BP7OX7XGufspah/wTG8B/s6fEjX/A58RaVf/DrU7XU9L8VaNbXccEyreRWdpIs0E08Ja3lhHyyh1Zhk16X8KP2C/jR8FPhd8QL/AMBftfyf8Ln+J/jODxL4x+K2p+A7a4triaGK3torOPSvOVYrNLS2jt0jE5lUFn84seLv7PX7DXxQ8J/tO3P7ZP7V37TSfE7x9B4Ok8LeGF0fwZH4f0fQNLmuY7m5EFoLm6keeaWGEvPJOx2xKihVyKAPpCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDzP9sX9rT4O/sMfs0+Lf2qvjzq81p4Y8Iab9pvRaxh57qRnWOG2hUkBpZZXjiQEgbnG4qMkfLnw9+Mv/BwB+0L4Ls/jf4C+An7NXwu0PW7Vb3QvAHxP1PX9Q19LZxujF7cWPlwWsrIVJQRSNHnDqGBUc1/wdBaBrd5/wAExIvHEGk3F/oPgv4reGNf8aWdvEZDLpEN55c25B95Q8sTHsAuTwM1+gnhPxX4a8eeFtN8b+DNdtdU0fWLCG+0rUrGYSQ3dtKgkjljYcMjIysCOCCKAPiD9tv/AIKRftsfsif8E5/Df7TPjz9m7wl4P+J938T9L8LeIPCOrapLrWmJb3Govatd209tJbs6ywqk8W45TzArqxU1931+dn/BzPdWt3/wTp0Q2tzHJ5fxz8IJJ5bhtrDUBlTjoR6V+idAHyr+xZ+3H8Wf2jf2+P2q/wBlnxv4e8O2vh/4Ga94ZsvCV5pVpOl5dx6jp81zObt5JnSRleNQnlpEApOQx5Hy3+wx+3d/wXy/b2/ZBg/bN+DHhb9lC40661DVYLHwVqWi+I7LUb02N1LbtEtz/aEsEckhiOxmGzLDcVGSO/8A+CVv/KYz/gol/wBjh4C/9Mt1Xy3/AMEH/AP/AAWC+IP/AASt0Twv+yT8e/gT4F8B6j4h8SQadrmv+DNW1HxPprtqlys0yFbtbN2Ehdow0WANobJyaAP0y/4Jf/t8eGv+Clf7GXhf9q/QfBVx4ZudVkurHXvDV1cec+l6jazNBPCJNq+Ym5d6NtUlHXKq2VHG/wDBRr9v74xfs5fF34Q/scfsk/CXQfF3xk+ON/qkfhRfGOqy2eiaPZabbC5vL69eFWlkVYz8sUeGfa+DlVR+/wD+Cbv7B/w+/wCCbX7IHhf9kv4d+Jb3XYdC+0XGqeIdSiEc+q39xM01xcsgJEYZ3IVMttRUUsxBY8//AMFE/wDgmL8I/wDgohZeD/EOv/Ejxl8PvH3w41G4vvh78Svh9q/2PVdEmnVFmRWIIeKQRx70OCQgAZctkAzfgHq3/BZ/RfjT4e0j9q7wr+zjr3gDUWuE8Qa18MbrW7DU9HZbaV4XW31BpY7lGmWKI7ZFYCQttwpr3f4x/tB/AT9nbQYfFX7QPxv8IeBdLuJTFBqXjHxLa6ZbyOBkqslzIiscHoDmvze1j4q/8FTP+CRf7X/wH+Fv7SH7aen/ALR3wf8Ajj8RbbwNBJr3g630nxF4ev7oqsE6y2zN9pjVmDO8jP8AKrDbGWVq2f2SPgr8H/22P+C0n7X3jr9sjwHo3jjX/hFqHhvw18NPDHjCwjvrTw5olxYPcG5trWcMivcyDzDNtLAlgpAcggH6LfDL4ufCj41+E4/Hvwa+J3h7xboUsjRxa14Y1qC/tHdQCyiaB2QkZGRnjIrl/A37ZX7IHxP+Is3wg+Gn7Vnw28ReLbdnW48L6F450+71GIpneGtopmlXbg5yvGDmvi3/AILzeDPCH7EP/BGX4wWX7HngLRvhfYeLvEWkxeL7rwNo8WnRww399Y2F9dmO3VVDy2yR27sBllbnnmuR/wCC0v8AwT4/YK/Zf/4I3+Ivid+z38IPCXw/8QfB/TNI1j4XfEHwvp9vaataajDeWyW8i30SiWd7gsFdmZvMaQOcuFYAH6ReMvjb8GPhz4r0nwJ8Qvi74Y0HXNetL260LRtZ1+2tbvUYLOLzruWCGV1eZIIj5krICI1+ZiBzWb4E/af/AGafij8PdV+Lfwy/aH8DeIvCmhXUttrnifQvFtneafp08SJJLFPcxStHC6JJGzK7AqsikgBhn81/+CgHwj8Pftq/8FOv+Cb/AIP/AGmvCkd7ZeI/BXjPWPGPhy4jKwXk8WiafetaTx9HhNxGqyQsCroGRgQxFVP+C13w2/4RX9rP9kb9ib4AfsZeD/E/w68b+K/E/iXxF8HbTV7XwlovjTWNM061NnFe3CW7xMIU/e+VJG4n8qOIjhSoB+mPwY/al/Zk/aQN8P2eP2jPAnj3+zCBqX/CF+L7LVPshJwBL9mlfy8kH72Old3X5P2/7IH7evib9uj4CftJfCT/AIJDfDL9m9/AnjFLfx74m8B/F7TLoa14VuU8m9sLiytNPtBcBVKyxli5Ro8KoJBH6wUAfNPgz9sz4kfGj/gpd41/Y++Duj6CfA/wh8D2lz8T/Et/aTTXZ8Ral+807TbQpMkaLHapJPOzLIxLxxgRnLHE/wCCSn7ePxZ/bS+G/wARPB/7Tnhjw7oPxc+D/wAUNV8HeP8AR/C1tPBYs0Eha1vLeO4mmkWGaE8M0jbmikZcKQB5X/wQfaXU/H37bfiPxPk+JJv21/F9pemT/WCwt4rNbFOeTGqNIEPp0rnPjH4h0H/gmj/wXq0r48eJdVh0T4XftZ/DmfSvF2oXD+Xa2XivQIfOtrqZhwvmWP7lRjLPJI2Tg0Ae6eNv28Pi/rP/AAV/8H/8E5fgX4c8N3nhzSPhpe+M/jZr2p2dxNd6bDI4g0y0tHjnjjhneYo7iVJd0MoKhdpJzfh78VP+Cq/7Qn7Jfgb4m/s+fGD9kPVvF95qesR+Mda0r+2dd8LXMEV48VoumzWd6r+aiIVuPMdwJQyqF2kV5v8A8EAfDGvfHHwz8ZP+CsfxH0qaDXv2mfiPcah4djvE/fWXhPTWex0m2OeQQqTZIwHURNjoav8A/BsH/wAoYvhr/wBjB4q/9SLUaAPPPgj+2h/wXn+OP7bHxv8A2ItE1b9kWy1r4GweHJdb1m68F+KDa6iNYsDewiALqhceWg2tvA56ZFfoj8Aofj/b/CPR4f2pNS8HXfjxUm/4SC48AWV3b6Q7edJ5X2eO7kkmUeT5Qbe7ZcORgEAfEP8AwT5/5WAf+ChH/YP+Fn/qNtXvVh+1h+31c/tHt8K73/glN4itvAY8WyaavxSb4u+HGtzpi3DRpqv2AXH2vY0QE3kbPNAbaV3AigDL/Zb/AG4/iz8bv+CoP7Uv7FHivw94dt/CvwQtfBcnhTUNPtJ01C7Or6Sby5+1u8zRyBZBiPy448Lw28819U1+eH/BPn/lYB/4KEf9g/4Wf+o21fQn/BWj9qDVf2Pv+CdvxT+N3hR5T4lh8NtpXg2K25ml1vUHWxsBGo5dhc3ET4HOEbpjIAPOP2e/26f22f2s/wBlz4xftE/s1fBTwL4muNP+L2peG/gTpV/qU+mW2u6JYX0NjPql7dvJIGzIt9IqxJHlbdUwWbNVP+CT/wC3R+3B+0z+0F+0V+zX+3T4L+F+j+JPgnrXh+yg/wCFXR6gbWX+0bS4umEkt7M7TFFSFdyxxDdv4YbTX0B+wL+zBpf7F37Fnwx/ZZ0tIs+CfBtlp+oTQ/duL4Rh7ucf9dLhppPq9fKf/BLH/lL5/wAFDf8AsdvAv/pknoA+2P2g/j18Lf2Xfgl4n/aF+NfiaPSPC3hDSJdR1m/k5KxIOEReryOxVEQcu7qoyWAr48/4I7f8FLv2wf27Pj3+0H8Jv2tvgb4Y+H8nwxk8K3nhjw/pEF0NRtbHXLO8v4YNSkmnkSS6jt0tFfy44QshmBXoF8+/4Kt/HH4ia7/wUI+G/wAGPi9+xP8AH/x38AfhzY2/jbUl+E3wmvvEFt4v8UiVhp9ndvEFiFpZBTctEXYyTGIOhVQa80/4JLft36b44/4La/tevH+yb8dtK/4WzrXgRIBrnwvubY+E/sWhXaE67ub/AIlYn6wGTPmryKAPu34V/tmfEJf+CkfxE/YA+O2iaHZyJ4QsvG3wf1nR7aaE6zoLv9lvYLkSyyKby2vFwTHtDwyo3lptJb6Tr8+v+CgrzaT/AMF3P2BdQ8J5GqalY/Eyy11Yv+W2mJolvKolx0RZcsueC9foLQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAGf4t8JeFvH3hbUvA3jjw7ZaxousWMtlq2lalarPb3ltKhSSGWNwVdGVipUgggkGvjDSP+CE/wAFfh5aTeEv2df23f2oPhR4Kkmd4Ph38P8A4xyQaPZB2LOlstzBPPbKSScRTL14Ir7fooA+TvjP/wAEa/2S/i/+wnpv/BPaz17x34U8FaV4li8QW+reHvE/m60+pLdyXj3Ml5qEd0XkkuJZJHYrnLfLtAAHN+GP+CM+ueGfEuneJH/4K/8A7aupDT76G5Onap8YbGW2uvLcN5UyDTAXjbG1lBGVJGRX2rRQB4z8AP2HPhN+zl+0r8Z/2pvBHiHxFdeIPjnqWkXvi2z1W7geztJNOtZLaAWiRwo8askjF/MeUlgMFRwT9gf9hz4Tf8E6v2atL/ZZ+CfiHxFqnh/SdSv722vPFN3BPeNJd3UlzIGeCGFCoeRguEBCgZJPJ9mooAK8H/bF/wCCfPwx/bK8Q+GvHmufF74oeAPFXhGC6t9B8WfCrx5caJfQwXLRNNC+wNFOjGCP5ZI2HBx1OfeKKAPkf4Jf8Ebf2ffhl+0DoP7Ufxd+Ofxi+N3jfwisv/CF6t8afHf9rR+HXkG2SWztoYYII5CP4zGxBAYEMoYbv7Vn/BKf4A/tQ/G20/ae0b4lfEn4T/E+30kaVdfEL4O+Lv7G1HUtPB3La3YaKWC6jU4x5kTMNqjdhVA+m6KAPCvhj/wT4+DXg79mjxb+yr8VPGnjr4veHPHlzczeL7z4v+LJdav9RE8EMDR+cQnkxqkEflpCsYjYF02sS1eI+F/+CBf7Kthd+F9C+Jv7Qfx2+JPgHwVqMF74U+EXxF+Jbah4Y0+S3/49l+yiBJJ44RgRxzyyIFG0gqSp+46KAPH/AIs/sU/Cv4x/tdfCT9tDxPr/AIgg8U/Bmz1628L2FhdQLp90mr2qWtybpHhaRyqIDH5ckeGyW3jipf2yP2Iv2e/27fhna/DH9oDw3eTx6VqsWq+G9d0TU5bDVdB1GLPlXtldwkSW8y5PIOCDhgw4r1uigD5U+CP/AASl8PfCP4p6D8VfF/7d37TPxLl8NXf2rRtD+I/xbe70yOYIyLJLbW0Futyyhjjz/M555NfVdFFAHyZ8F/2WvjH+zL/wVQ+KHxc+Hng4ah8Ifj54ZsdZ8UXkOoW8Z8NeLtNUW2TbySLLJDfWrhi8SyFZrc7wisGPX/8ABSr/AIJpfs8f8FUf2fbf9nT9o6/8Rafplj4gt9a03V/Cd5Bb6hZXcSSRho5J4JkCtHNKjAoch+MEAj6EooA5j4J/CDwN+z78HfCvwK+GWmGz8O+DvD1nouiWzEFo7W2hWGMMQBubagJbAyST3rhv2Ef2KfhX/wAE9f2ZND/ZS+C+v+INT8O6Beahc2d74ouoJr13vL2a8lDvBDDGQJJ3C4QYUKDk5J9gooA8Z+Dv7Dnwm+CP7YHxj/bX8KeIfEVx4q+N8OgR+K9P1C7gfT7QaRZGztvsiJCskZaM5k8ySTLcrsHFezUUUAfFfxq/4Ik/DX4rftb/ABC/bO8D/tz/ALSHwr8VfE9dKXxbafCnx7Y6VY3I06xisrYbG0+WQ7Y4y3zyN88shG0NtHPan/wRa8anx98NIdZ/4KAfGP4neCPDPxV0rxx4r0X43eLI9anluNIgvDp1vYGC1gWGN7q6WW4Em8SC1gwAU5+9aKAON/aB+EE/x8+D2ufCK2+LXjLwK+tQRxL4s+H2rpYaxp22VJN9tO8cqxsdmwko2Udh3yPjP4S/8G/Xw8+Cvxf1j45eBv8Agpr+13D4h8T6tY6h4xun+KOnD/hI5LQbYFvimlq1wgjzHgtnYzAEZr7+ooAK8b+Bn7EPwo/Z/wD2pfjR+1x4N8QeIbnxJ8dLjQpvFtlqd3A9jaNpNnJaWws0SFJIw0cjGTzJJcsAV2Dg+yUUAfJnw/8A2WfjH8S/+CtPjD9uf46+Dho/hjwB4Cg8DfBGxl1C3uH1Bblxd6rrbJDI5ty7lLSNJNshjidmRMrn6zoooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/9k= + + + + + + + Who are the intended users of the model? + + + Who are the intended users of the model? + + + What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance? + + + What are the known tradeoffs in accuracy/performance of the model? + + + + The name of the risk + Strategy used to address this risk + + + + + The groups or individuals at risk of being systematically disadvantaged by the model + Expected benefits to the identified groups + Expected harms to the identified groups + With respect to the benefits and harms outlined, please describe any mitigation strategy implemented. + + + + + + + diff --git a/src/test/resources/1.6/valid-machine-learning-considerations-env-1.6.json b/src/test/resources/1.6/valid-machine-learning-considerations-env-1.6.json new file mode 100644 index 0000000000..07637f754e --- /dev/null +++ b/src/test/resources/1.6/valid-machine-learning-considerations-env-1.6.json @@ -0,0 +1,66 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:ed5c5ba0-2be6-4b58-ac29-01a7fd375123", + "version": 1, + "components": [ + { + "bom-ref": "huggingface.co-meta-llama-Llama-2-7b", + "group": "meta-llama", + "name": "Llama-2-7b", + "type": "machine-learning-model", + "supplier": { + "name": "Hugging Face" + }, + "publisher": "meta", + "externalReferences": [ + { + "type": "distribution", + "url": "https://huggingface.co/meta-llama/Llama-2-7b" + } + ], + "modelCard": { + "considerations": { + "environmentalConsiderations": { + "energyConsumptions": [ + { + "activity": "training", + "energyProviders": [ + { + "description": "Meta data-center, US-East", + "organization": { + "name": "Meta", + "address": { + "country": "United States", + "region": "New Jersey", + "locality": "Newark" + } + }, + "energySource": "natural-gas", + "energyProvided": { + "value": 0.4, + "unit": "kWh" + } + } + ], + "activityEnergyCost": { + "value": 0.4, + "unit": "kWh" + }, + "co2CostEquivalent": { + "value": 31.22, + "unit": "tCO2eq" + }, + "co2CostOffset": { + "value": 31.22, + "unit": "tCO2eq" + } + } + ] + } + } + } + } + ] +} diff --git a/src/test/resources/1.6/valid-machine-learning-considerations-env-1.6.textproto b/src/test/resources/1.6/valid-machine-learning-considerations-env-1.6.textproto new file mode 100644 index 0000000000..c045c9e60c --- /dev/null +++ b/src/test/resources/1.6/valid-machine-learning-considerations-env-1.6.textproto @@ -0,0 +1,57 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:ed5c5ba0-2be6-4b58-ac29-01a7fd375123" +components { + type: CLASSIFICATION_MACHINE_LEARNING_MODEL + bom_ref: "huggingface.co-meta-llama-Llama-2-7b" + group: "meta-llama" + name: "Llama-2-7b" + publisher: "meta" + supplier { + name: "Hugging Face" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DISTRIBUTION + url: "https://huggingface.co/meta-llama/Llama-2-7b" + } + modelCard { + considerations { + environmentalConsiderations { + energyConsumptions { + activity: ACTIVITY_TYPE_TRAINING + activityEnergyCost { + value: 0.4 + unit: ENERGY_MEASURE_UNIT_TYPE_KILOWATT_HOURS + } + energyProviders { + description: "Meta data-center, US-East" + organization { + name: "Meta" + address { + country: "United States" + region: "New Jersey" + locality: "Newark" + } + } + energySource: ENERGY_SOURCE_TYPE_NATURAL_GAS + energyProvided { + value: 0.4 + unit: ENERGY_MEASURE_UNIT_TYPE_KILOWATT_HOURS + } + } + co2CostEquivalent { + value: 31.22 + unit: CO2_MEASURE_UNIT_TYPE_TONNES_CO2_EQUIVALENT + } + co2CostOffset { + value: 31.22 + unit: CO2_MEASURE_UNIT_TYPE_TONNES_CO2_EQUIVALENT + } + } + } + } + } +} diff --git a/src/test/resources/1.6/valid-machine-learning-considerations-env-1.6.xml b/src/test/resources/1.6/valid-machine-learning-considerations-env-1.6.xml new file mode 100644 index 0000000000..d4c54bc455 --- /dev/null +++ b/src/test/resources/1.6/valid-machine-learning-considerations-env-1.6.xml @@ -0,0 +1,57 @@ + + + + + + Hugging Face + + meta + meta-llama + Llama-2-7b + + + https://huggingface.co/meta-llama/Llama-2-7b + + + + + + + + training + + Meta data-center, US-East + + Meta +
+ United States + New Jersey + Newark +
+ + natural-gas + + 0.4 + kWh + + + + 0.4 + kWh + + + 31.22 + tCO2eq + + + 31.22 + tCO2eq + + + + + + + + + diff --git a/src/test/resources/1.6/valid-metadata-author-1.6.json b/src/test/resources/1.6/valid-metadata-author-1.6.json new file mode 100644 index 0000000000..196c0eca60 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-author-1.6.json @@ -0,0 +1,17 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "authors": [ + { + "name": "Samantha Wright", + "email": "samantha.wright@example.com", + "phone": "800-555-1212" + } + ] + }, + "components": [] +} diff --git a/src/test/resources/1.6/valid-metadata-author-1.6.textproto b/src/test/resources/1.6/valid-metadata-author-1.6.textproto new file mode 100644 index 0000000000..0997b267a8 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-author-1.6.textproto @@ -0,0 +1,13 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + authors { + name: "Samantha Wright" + email: "samantha.wright@example.com" + phone: "800-555-1212" + } +} diff --git a/src/test/resources/1.6/valid-metadata-author-1.6.xml b/src/test/resources/1.6/valid-metadata-author-1.6.xml new file mode 100644 index 0000000000..a8217789d6 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-author-1.6.xml @@ -0,0 +1,13 @@ + + + + + + Samantha Wright + samantha.wright@example.com + 800-555-1212 + + + + + diff --git a/src/test/resources/1.6/valid-metadata-license-1.6.json b/src/test/resources/1.6/valid-metadata-license-1.6.json new file mode 100644 index 0000000000..4861f5ab9e --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-license-1.6.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + }, + { + "license": { + "name": "My License", + "text": { + "content": "My License Text" + } + } + } + ] + }, + "components": [] +} diff --git a/src/test/resources/1.6/valid-metadata-license-1.6.textproto b/src/test/resources/1.6/valid-metadata-license-1.6.textproto new file mode 100644 index 0000000000..b761c2ecef --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-license-1.6.textproto @@ -0,0 +1,21 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + licenses { + license { + id: "Apache-2.0" + } + } + licenses { + license { + name: "My License" + text { + value: "My License Text" + } + } + } +} diff --git a/src/test/resources/1.6/valid-metadata-license-1.6.xml b/src/test/resources/1.6/valid-metadata-license-1.6.xml new file mode 100644 index 0000000000..e8c02a313c --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-license-1.6.xml @@ -0,0 +1,17 @@ + + + + + + Apache-2.0 + + + My License + My License Text + + + + + \ No newline at end of file diff --git a/src/test/resources/1.6/valid-metadata-lifecycle-1.6.json b/src/test/resources/1.6/valid-metadata-lifecycle-1.6.json new file mode 100644 index 0000000000..275ba3daed --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-lifecycle-1.6.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "lifecycles": [ + { + "phase": "build" + }, + { + "phase": "post-build" + }, + { + "name": "platform-integration-testing", + "description": "Integration testing specific to the runtime platform" + } + ] + }, + "components": [] +} diff --git a/src/test/resources/1.6/valid-metadata-lifecycle-1.6.textproto b/src/test/resources/1.6/valid-metadata-lifecycle-1.6.textproto new file mode 100644 index 0000000000..6b47e0eba4 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-lifecycle-1.6.textproto @@ -0,0 +1,20 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + lifecycles [ + { + phase: LIFECYCLE_PHASE_BUILD + }, + { + phase: LIFECYCLE_PHASE_POST_BUILD + }, + { + name: "platform-integration-testing" + description: "Integration testing specific to the runtime platform" + } + ] +} diff --git a/src/test/resources/1.6/valid-metadata-lifecycle-1.6.xml b/src/test/resources/1.6/valid-metadata-lifecycle-1.6.xml new file mode 100644 index 0000000000..8b4a845836 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-lifecycle-1.6.xml @@ -0,0 +1,18 @@ + + + + + + build + + + post-build + + + platform-integration-testing + Integration testing specific to the runtime platform + + + + + \ No newline at end of file diff --git a/src/test/resources/1.6/valid-metadata-manufacture-1.6.json b/src/test/resources/1.6/valid-metadata-manufacture-1.6.json new file mode 100644 index 0000000000..2c9b204a9f --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-manufacture-1.6.json @@ -0,0 +1,24 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "manufacture": { + "bom-ref": "manufacturer-1", + "name": "Acme, Inc. // deprecated", + "url": [ + "https://example.com" + ], + "contact": [ + { + "bom-ref": "contact-1", + "name": "Acme Professional Services", + "email": "professional.services@example.com" + } + ] + } + }, + "components": [] +} diff --git a/src/test/resources/1.6/valid-metadata-manufacture-1.6.textproto b/src/test/resources/1.6/valid-metadata-manufacture-1.6.textproto new file mode 100644 index 0000000000..aa5b216f55 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-manufacture-1.6.textproto @@ -0,0 +1,18 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + manufacture { + name: "Acme, Inc. // deprecated" + url: "https://example.com" + contact { + name: "Acme Professional Services" + email: "professional.services@example.com" + bom_ref: "contact-1" + } + bom_ref: "manufacturer-1" + } +} diff --git a/src/test/resources/1.6/valid-metadata-manufacture-1.6.xml b/src/test/resources/1.6/valid-metadata-manufacture-1.6.xml new file mode 100644 index 0000000000..78ea7e226d --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-manufacture-1.6.xml @@ -0,0 +1,14 @@ + + + + + Acme, Inc. // deprecated + https://example.com + + Acme Professional Services + professional.services@example.com + + + + + diff --git a/src/test/resources/1.6/valid-metadata-manufacturer-1.6.json b/src/test/resources/1.6/valid-metadata-manufacturer-1.6.json new file mode 100644 index 0000000000..0b373b3be4 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-manufacturer-1.6.json @@ -0,0 +1,24 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "manufacturer": { + "bom-ref": "manufacturer-1", + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "bom-ref": "contact-1", + "name": "Acme Professional Services", + "email": "professional.services@example.com" + } + ] + } + }, + "components": [] +} diff --git a/src/test/resources/1.6/valid-metadata-manufacturer-1.6.textproto b/src/test/resources/1.6/valid-metadata-manufacturer-1.6.textproto new file mode 100644 index 0000000000..1ec048566e --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-manufacturer-1.6.textproto @@ -0,0 +1,18 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + manufacturer { + name: "Acme, Inc." + url: "https://example.com" + contact { + name: "Acme Professional Services" + email: "professional.services@example.com" + bom_ref: "contact-1" + } + bom_ref: "manufacturer-1" + } +} diff --git a/src/test/resources/1.6/valid-metadata-manufacturer-1.6.xml b/src/test/resources/1.6/valid-metadata-manufacturer-1.6.xml new file mode 100644 index 0000000000..94a536cc4d --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-manufacturer-1.6.xml @@ -0,0 +1,14 @@ + + + + + Acme, Inc. + https://example.com + + Acme Professional Services + professional.services@example.com + + + + + diff --git a/src/test/resources/1.6/valid-metadata-supplier-1.6.json b/src/test/resources/1.6/valid-metadata-supplier-1.6.json new file mode 100644 index 0000000000..e212c7a126 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-supplier-1.6.json @@ -0,0 +1,24 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "supplier": { + "bom-ref": "supplier-1", + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "bom-ref": "contact-1", + "name": "Acme Distribution", + "email": "distribution@example.com" + } + ] + } + }, + "components": [] +} diff --git a/src/test/resources/1.6/valid-metadata-supplier-1.6.textproto b/src/test/resources/1.6/valid-metadata-supplier-1.6.textproto new file mode 100644 index 0000000000..fe4bd39c2f --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-supplier-1.6.textproto @@ -0,0 +1,18 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + supplier { + name: "Acme, Inc." + url: "https://example.com" + contact { + name: "Acme Distribution" + email: "distribution@example.com" + bom_ref: "contact-1" + } + bom_ref: "supplier-1" + } +} diff --git a/src/test/resources/1.6/valid-metadata-supplier-1.6.xml b/src/test/resources/1.6/valid-metadata-supplier-1.6.xml new file mode 100644 index 0000000000..213a2b377b --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-supplier-1.6.xml @@ -0,0 +1,14 @@ + + + + + Acme, Inc. + https://example.com + + Acme Distribution + distribution@example.com + + + + + diff --git a/src/test/resources/1.6/valid-metadata-timestamp-1.6.json b/src/test/resources/1.6/valid-metadata-timestamp-1.6.json new file mode 100644 index 0000000000..90c8f4ced4 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-timestamp-1.6.json @@ -0,0 +1,11 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "timestamp": "2020-04-13T20:20:39+00:00" + }, + "components": [] +} diff --git a/src/test/resources/1.6/valid-metadata-timestamp-1.6.textproto b/src/test/resources/1.6/valid-metadata-timestamp-1.6.textproto new file mode 100644 index 0000000000..f276e2f863 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-timestamp-1.6.textproto @@ -0,0 +1,12 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + timestamp { + seconds: 1586809239 + nanos: 0 + } +} diff --git a/src/test/resources/1.6/valid-metadata-timestamp-1.6.xml b/src/test/resources/1.6/valid-metadata-timestamp-1.6.xml new file mode 100644 index 0000000000..ed8322eb02 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-timestamp-1.6.xml @@ -0,0 +1,7 @@ + + + + 2020-04-13T20:20:39Z + + + diff --git a/src/test/resources/1.6/valid-metadata-tool-1.6.json b/src/test/resources/1.6/valid-metadata-tool-1.6.json new file mode 100644 index 0000000000..9c7b8b5861 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-tool-1.6.json @@ -0,0 +1,48 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "tools": { + "components": [ + { + "type": "application", + "group": "Awesome Vendor", + "name": "Awesome Tool", + "version": "9.1.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "25ed8e31b995bb927966616df2a42b979a2717f0" + }, + { + "alg": "SHA-256", + "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + ] + } + ], + "services": [ + { + "provider": { + "name": "Acme Org", + "url": [ + "https://example.com" + ] + }, + "group": "com.example", + "name": "Acme Signing Server", + "description": "Signs artifacts", + "endpoints": [ + "https://example.com/sign", + "https://example.com/verify", + "https://example.com/tsa" + ] + } + ] + } + }, + "components": [] +} diff --git a/src/test/resources/1.6/valid-metadata-tool-1.6.textproto b/src/test/resources/1.6/valid-metadata-tool-1.6.textproto new file mode 100644 index 0000000000..872a92f249 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-tool-1.6.textproto @@ -0,0 +1,40 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + tools { + components { + type: CLASSIFICATION_APPLICATION + group: "Awesome Vendor" + name: "Awesome Tool" + version: "9.1.2" + hashes { + alg: HASH_ALG_SHA_1 + value: "25ed8e31b995bb927966616df2a42b979a2717f0" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + } + services { + provider: { + name: "Acme Org", + url: [ + "https://example.com" + ] + }, + group: "com.example", + name: "Acme Signing Server", + description: "Signs artifacts", + endpoints: [ + "https://example.com/sign", + "https://example.com/verify", + "https://example.com/tsa" + ] + } + } +} diff --git a/src/test/resources/1.6/valid-metadata-tool-1.6.xml b/src/test/resources/1.6/valid-metadata-tool-1.6.xml new file mode 100644 index 0000000000..8293686e8b --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-tool-1.6.xml @@ -0,0 +1,35 @@ + + + + + + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df + + + + + + + Acme Org + https://example.com + + com.example + Acme Signing Server + Signs artifacts + + https://example.com/sign + https://example.com/verify + https://example.com/tsa + + + + + + + diff --git a/src/test/resources/1.6/valid-metadata-tool-deprecated-1.6.json b/src/test/resources/1.6/valid-metadata-tool-deprecated-1.6.json new file mode 100644 index 0000000000..485bdd11c2 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-tool-deprecated-1.6.json @@ -0,0 +1,27 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "tools": [ + { + "vendor": "Awesome Vendor", + "name": "Awesome Tool", + "version": "9.1.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "25ed8e31b995bb927966616df2a42b979a2717f0" + }, + { + "alg": "SHA-256", + "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + ] + } + ] + }, + "components": [] +} diff --git a/src/test/resources/1.6/valid-metadata-tool-deprecated-1.6.textproto b/src/test/resources/1.6/valid-metadata-tool-deprecated-1.6.textproto new file mode 100644 index 0000000000..432b1eabcb --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-tool-deprecated-1.6.textproto @@ -0,0 +1,21 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + tools { + vendor: "Awesome Vendor" + name: "Awesome Tool" + version: "9.1.2" + hashes { + alg: HASH_ALG_SHA_1 + value: "25ed8e31b995bb927966616df2a42b979a2717f0" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + } +} diff --git a/src/test/resources/1.6/valid-metadata-tool-deprecated-1.6.xml b/src/test/resources/1.6/valid-metadata-tool-deprecated-1.6.xml new file mode 100644 index 0000000000..0f1dc4fa03 --- /dev/null +++ b/src/test/resources/1.6/valid-metadata-tool-deprecated-1.6.xml @@ -0,0 +1,17 @@ + + + + + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df + + + + + + diff --git a/src/test/resources/1.6/valid-minimal-viable-1.6.json b/src/test/resources/1.6/valid-minimal-viable-1.6.json new file mode 100644 index 0000000000..0ee56744f2 --- /dev/null +++ b/src/test/resources/1.6/valid-minimal-viable-1.6.json @@ -0,0 +1,13 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library" + } + ] +} diff --git a/src/test/resources/1.6/valid-minimal-viable-1.6.textproto b/src/test/resources/1.6/valid-minimal-viable-1.6.textproto new file mode 100644 index 0000000000..08ca51bec0 --- /dev/null +++ b/src/test/resources/1.6/valid-minimal-viable-1.6.textproto @@ -0,0 +1,10 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + name: "acme-library" +} diff --git a/src/test/resources/1.6/valid-minimal-viable-1.6.xml b/src/test/resources/1.6/valid-minimal-viable-1.6.xml new file mode 100644 index 0000000000..56e9c31d51 --- /dev/null +++ b/src/test/resources/1.6/valid-minimal-viable-1.6.xml @@ -0,0 +1,8 @@ + + + + + acme-library + + + diff --git a/src/test/resources/1.6/valid-patch-1.6.json b/src/test/resources/1.6/valid-patch-1.6.json new file mode 100644 index 0000000000..2bb68e50b8 --- /dev/null +++ b/src/test/resources/1.6/valid-patch-1.6.json @@ -0,0 +1,89 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "group": "com.acme", + "name": "sample-library", + "version": "1.0.0", + "pedigree": { + "ancestors": [ + { + "type": "library", + "group": "org.example", + "name": "sample-library", + "version": "1.0.0" + } + ], + "patches": [ + { + "type": "unofficial", + "diff": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "blah" + }, + "url": "uri/to/changes.diff" + }, + "resolves": [ + { + "type": "enhancement", + "id": "JIRA-17240", + "description": "Great new feature that does something", + "source": { + "name": "Acme Org", + "url": "https://issues.acme.org/17240" + } + } + ] + }, + { + "type": "backport", + "diff": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "blah" + }, + "url": "uri/to/changes.diff" + }, + "resolves": [ + { + "type": "security", + "id": "CVE-2019-9997", + "name": "CVE-2019-9997", + "description": "blah blah", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + }, + "references": [ + "http://some/other/site-1", + "http://some/other/site-2" + ] + }, + { + "type": "defect", + "id": "JIRA-874319", + "description": "Enable to do something", + "source": { + "name": "Example Org", + "url": "https://issues.example.org/874319" + }, + "references": [ + "http://some/other/site-1", + "http://some/other/site-2" + ] + } + ] + } + ] + } + } + ] +} diff --git a/src/test/resources/1.6/valid-patch-1.6.textproto b/src/test/resources/1.6/valid-patch-1.6.textproto new file mode 100644 index 0000000000..2dd43f6b9f --- /dev/null +++ b/src/test/resources/1.6/valid-patch-1.6.textproto @@ -0,0 +1,74 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + group: "com.acme" + name: "sample-library" + version: "1.0.0" + pedigree { + ancestors { + type: CLASSIFICATION_LIBRARY + group: "org.example" + name: "sample-library" + version: "1.0.0" + } + patches { + type: PATCH_CLASSIFICATION_UNOFFICIAL + diff { + text { + content_type: "text/plain" + encoding: "base64" + value: "blah" + } + url: "uri/to/changes.diff" + } + resolves { + type: ISSUE_CLASSIFICATION_ENHANCEMENT + id: "JIRA-17240" + description: "Great new feature that does something" + source { + name: "Acme Org" + url: "https://issues.acme.org/17240" + } + } + } + patches { + type: PATCH_CLASSIFICATION_BACKPORT + diff { + text { + content_type: "text/plain" + encoding: "base64" + value: "blah" + } + url: "uri/to/changes.diff" + } + resolves { + type: ISSUE_CLASSIFICATION_SECURITY + id: "CVE-2019-9997" + name: "CVE-2019-9997" + description: "blah blah" + source { + name: "NVD" + url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + references: "http://some/other/site-1" + references: "http://some/other/site-2" + } + resolves { + type: ISSUE_CLASSIFICATION_DEFECT + id: "JIRA-874319" + description: "Enable to do something" + source { + name: "Example Org" + url: "https://issues.example.org/874319" + } + references: "http://some/other/site-1" + references: "http://some/other/site-2" + } + } + } +} diff --git a/src/test/resources/1.6/valid-patch-1.6.xml b/src/test/resources/1.6/valid-patch-1.6.xml new file mode 100644 index 0000000000..b543548ef9 --- /dev/null +++ b/src/test/resources/1.6/valid-patch-1.6.xml @@ -0,0 +1,70 @@ + + + + + com.acme + sample-library + 1.0.0 + + + + org.example + sample-library + 1.0.0 + + + + + + blah + uri/to/changes.diff + + + + JIRA-17240 + Great new feature that does something + + Acme Org + https://issues.acme.org/17240 + + + + + + + blah + uri/to/changes.diff + + + + CVE-2019-9997 + CVE-2019-9997 + blah blah + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + http://some/other/site-1 + http://some/other/site-2 + + + + JIRA-874319 + Enable to do something + + Example Org + https://issues.example.org/874319 + + + http://some/other/site-1 + http://some/other/site-2 + + + + + + + + + diff --git a/src/test/resources/1.6/valid-properties-1.6.json b/src/test/resources/1.6/valid-properties-1.6.json new file mode 100644 index 0000000000..ad62c6f984 --- /dev/null +++ b/src/test/resources/1.6/valid-properties-1.6.json @@ -0,0 +1,101 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "Two" + }, + { + "name": "Bar", + "value": "Foo" + }, + { + "name": "value-is-optional" + } + ] + }, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "Two" + }, + { + "name": "Bar", + "value": "Foo" + }, + { + "name": "value-is-optional" + } + ] + } + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "Two" + }, + { + "name": "Bar", + "value": "Foo" + }, + { + "name": "value-is-optional" + } + ] + } + ], + "services": [ + { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "group": "org.partner", + "name": "Stock ticker service", + "endpoints": [ + "https://partner.org/api/v1/stock" + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "Two" + }, + { + "name": "Bar", + "value": "Foo" + }, + { + "name": "value-is-optional" + } + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-properties-1.6.textproto b/src/test/resources/1.6/valid-properties-1.6.textproto new file mode 100644 index 0000000000..338706830a --- /dev/null +++ b/src/test/resources/1.6/valid-properties-1.6.textproto @@ -0,0 +1,84 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + properties { + name: "Foo" + value: "Bar" + } + properties { + name: "Foo" + value: "Two" + } + properties { + name: "Bar" + value: "Foo" + } + properties { + name: "value-is-optional" + } +} +components { + type: CLASSIFICATION_LIBRARY + name: "acme-library" + version: "1.0.0" + licenses { + license { + id: "Apache-2.0" + properties { + name: "Foo" + value: "Bar" + } + properties { + name: "Foo" + value: "Two" + } + properties { + name: "Bar" + value: "Foo" + } + properties { + name: "value-is-optional" + } + } + } + properties { + name: "Foo" + value: "Bar" + } + properties { + name: "Foo" + value: "Two" + } + properties { + name: "Bar" + value: "Foo" + } + properties { + name: "value-is-optional" + } +} +services { + bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + group: "org.partner" + name: "Stock ticker service" + endpoints: "https://partner.org/api/v1/stock" + properties { + name: "Foo" + value: "Bar" + } + properties { + name: "Foo" + value: "Two" + } + properties { + name: "Bar" + value: "Foo" + } + properties { + name: "value-is-optional" + } +} diff --git a/src/test/resources/1.6/valid-properties-1.6.xml b/src/test/resources/1.6/valid-properties-1.6.xml new file mode 100644 index 0000000000..ac03d4b89d --- /dev/null +++ b/src/test/resources/1.6/valid-properties-1.6.xml @@ -0,0 +1,49 @@ + + + + + Bar + Two + Foo + + + + + + acme-library + 1.0.0 + + + Apache-2.0 + + Bar + Two + Foo + + + + + + Bar + Two + Foo + + + + + + + org.partner + Stock ticker service + + https://partner.org/api/v1/stock + + + Bar + Two + Foo + + + + + diff --git a/src/test/resources/1.6/valid-random-attributes-1.6.xml b/src/test/resources/1.6/valid-random-attributes-1.6.xml new file mode 100644 index 0000000000..ce0be1cb54 --- /dev/null +++ b/src/test/resources/1.6/valid-random-attributes-1.6.xml @@ -0,0 +1,118 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + Apache Catalina + + + Apache-2.0 + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-07T22:01:45Z + John Doe + john.doe@example.com + + + 2018-11-07T22:01:45Z + Jane Doe + jane.doe@example.com + + Initial commit + + + Commentary here + + + + org.example + mylibrary + 1.0.0 + required + + 2342c2eaf1feb9a80195dbaddf2ebaa3 + 68b78babe00a053f9e35ec6a2d9080f5b90122b0 + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 + 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef + + + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + + Copyright Example Inc. All rights reserved. + cpe:/a:example:myapplication:1.0.0 + pkg:maven/com.example/myapplication@1.0.0?packaging=war + false + + + http://example.org/docs + All component versions are documented here + + + http://example.org/security + + + + + com.example + myframework + 1.0.0 + Example Inc, enterprise framework + required + + cfcb0b64aacd2f81c1cd546543de965a + 7fbeef2346c45d565c3341f037bce4e088af8a52 + 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 + 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 + + + + Some random license + + + pkg:maven/com.example/myframework@1.0.0?packaging=war + false + + + http://example.com/myframework + + + http://example.com/security + + + + + diff --git a/src/test/resources/1.6/valid-release-notes-1.6.json b/src/test/resources/1.6/valid-release-notes-1.6.json new file mode 100644 index 0000000000..0be9e48a55 --- /dev/null +++ b/src/test/resources/1.6/valid-release-notes-1.6.json @@ -0,0 +1,201 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-example", + "version": "1.0.0", + "externalReferences": [ + { + "type": "release-notes", + "url": "https://example.com/releases/1.0.0" + } + ], + "releaseNotes": { + "type": "major", + "title": "My new release", + "featuredImage": "https://example.com/featured_image.png", + "socialImage": "https://example.com/social_image.png", + "description": "The main description of your release", + "timestamp": "2021-09-17T00:51:18+00:00", + "aliases": [ + "Project Orion" + ], + "tags": [ + "CMS", + "SEO", + "wysiwyg" + ], + "resolves": [ + { + "type": "enhancement", + "id": "JIRA-17240", + "description": "Great new feature that does something", + "source": { + "name": "Acme Org", + "url": "https://issues.example.com/17240" + } + }, + { + "type": "security", + "id": "CVE-2019-9997", + "name": "CVE-2019-9997", + "description": "A security issue was fixed that did something bad", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + }, + "references": [ + "http://some/other/site-1", + "http://some/other/site-2" + ] + } + ], + "notes": [ + { + "locale": "en-US", + "text": { + "contentType": "text/html", + "encoding": "base64", + "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+" + } + }, + { + "locale": "es", + "text": { + "contentType": "text/html", + "encoding": "base64", + "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4=" + } + } + ] + } + } + ], + "services": [ + { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "provider": { + "name": "Partner Org", + "url": [ + "https://partner.org" + ], + "contact": [ + { + "name": "Support", + "email": "support@partner.org", + "phone": "800-555-1212" + } + ] + }, + "group": "org.partner", + "name": "Stock ticker service", + "version": "2020-Q2", + "description": "Provides real-time stock information", + "endpoints": [ + "https://partner.org/api/v1/lookup", + "https://partner.org/api/v1/stock" + ], + "authenticated": true, + "x-trust-boundary": true, + "data": [ + { + "classification": "PII", + "flow": "inbound" + }, + { + "classification": "PIFI", + "flow": "outbound" + }, + { + "classification": "public", + "flow": "bi-directional" + }, + { + "classification": "partner-data", + "flow": "unknown" + } + ], + "licenses": [ + { + "license": { + "name": "Partner license" + } + } + ], + "externalReferences": [ + { + "type": "website", + "url": "http://partner.org" + }, + { + "type": "documentation", + "url": "http://api.partner.org/swagger" + } + ], + "releaseNotes": { + "type": "major", + "title": "My new release", + "featuredImage": "https://example.com/featured_image.png", + "socialImage": "https://example.com/social_image.png", + "description": "The main description of your release", + "timestamp": "2021-09-17T00:51:18+00:00", + "aliases": [ + "Project Orion" + ], + "tags": [ + "CMS", + "SEO", + "wysiwyg" + ], + "resolves": [ + { + "type": "enhancement", + "id": "JIRA-17240", + "description": "Great new feature that does something", + "source": { + "name": "Acme Org", + "url": "https://issues.example.com/17240" + } + }, + { + "type": "security", + "id": "CVE-2019-9997", + "name": "CVE-2019-9997", + "description": "A security issue was fixed that did something bad", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + }, + "references": [ + "http://some/other/site-1", + "http://some/other/site-2" + ] + } + ], + "notes": [ + { + "locale": "en-US", + "text": { + "contentType": "text/html", + "encoding": "base64", + "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+" + } + }, + { + "locale": "es", + "text": { + "contentType": "text/html", + "encoding": "base64", + "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4=" + } + } + ] + } + } + ] +} diff --git a/src/test/resources/1.6/valid-release-notes-1.6.textproto b/src/test/resources/1.6/valid-release-notes-1.6.textproto new file mode 100644 index 0000000000..9870ee17ca --- /dev/null +++ b/src/test/resources/1.6/valid-release-notes-1.6.textproto @@ -0,0 +1,168 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + name: "acme-example" + version: "1.0.0" + external_references { + type: EXTERNAL_REFERENCE_TYPE_RELEASE_NOTES + url: "https://example.com/releases/1.0.0" + } + releaseNotes: { + type: "major" + title: "My new release" + featuredImage: "https://example.com/featured_image.png" + socialImage: "https://example.com/social_image.png" + description: "The main description of your release" + timestamp { + seconds: 1631839878 + nanos: 0 + } + aliases: "Project Orion" + tags: "CMS" + tags: "SEO" + tags: "wysiwyg" + resolves { + type: ISSUE_CLASSIFICATION_ENHANCEMENT + id: "JIRA-17240" + description: "Great new feature that does something" + source { + name: "Acme Org" + url: "https://issues.example.com/17240" + } + } + resolves { + type: ISSUE_CLASSIFICATION_SECURITY + id: "CVE-2019-9997" + name: "CVE-2019-9997" + description: "A security issue was fixed that did something bad" + source { + name: "NVD" + url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + references: "http://some/other/site-1" + references: "http://some/other/site-2" + } + notes { + locale: "en-US" + text: { + content_type: "text/html" + encoding: "base64" + value: "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+" + } + } + notes { + locale: "es", + text: { + content_type: "text/html" + encoding: "base64" + value: "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4=" + } + } + } +} +services { + bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + provider { + name: "Partner Org" + url: "https://partner.org" + contact { + name: "Support" + email: "support@partner.org" + phone: "800-555-1212" + } + } + group: "org.partner" + name: "Stock ticker service" + version: "2020-Q2" + description: "Provides real-time stock information" + endpoints: "https://partner.org/api/v1/lookup" + endpoints: "https://partner.org/api/v1/stock" + authenticated: true + x_trust_boundary: true + data { + flow: DATA_FLOW_INBOUND + value: "PII" + } + data { + flow: DATA_FLOW_OUTBOUND + value: "PIFI" + } + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "public" + } + data { + flow: DATA_FLOW_UNKNOWN + value: "partner-data" + } + licenses { + license { + name: "Partner license" + } + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_WEBSITE + url: "http://partner.org" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "http://api.partner.org/swagger" + } + releaseNotes: { + type: "major" + title: "My new release" + featuredImage: "https://example.com/featured_image.png" + socialImage: "https://example.com/social_image.png" + description: "The main description of your release" + timestamp { + seconds: 1631839878 + nanos: 0 + } + aliases: "Project Orion" + tags: "CMS" + tags: "SEO" + tags: "wysiwyg" + resolves { + type: ISSUE_CLASSIFICATION_ENHANCEMENT + id: "JIRA-17240" + description: "Great new feature that does something" + source { + name: "Acme Org" + url: "https://issues.example.com/17240" + } + } + resolves { + type: ISSUE_CLASSIFICATION_SECURITY + id: "CVE-2019-9997" + name: "CVE-2019-9997" + description: "A security issue was fixed that did something bad" + source { + name: "NVD" + url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + references: "http://some/other/site-1" + references: "http://some/other/site-2" + } + notes { + locale: "en-US" + text: { + content_type: "text/html" + encoding: "base64" + value: "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+" + } + } + notes { + locale: "es", + text: { + content_type: "text/html" + encoding: "base64" + value: "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4=" + } + } + } +} diff --git a/src/test/resources/1.6/valid-release-notes-1.6.xml b/src/test/resources/1.6/valid-release-notes-1.6.xml new file mode 100644 index 0000000000..15caa3557c --- /dev/null +++ b/src/test/resources/1.6/valid-release-notes-1.6.xml @@ -0,0 +1,154 @@ + + + + + acme-example + 1.0.0 + + + https://example.com/releases/1.0.0 + + + + major + My new release + https://example.com/featured_image.png + https://example.com/social_image.png + The main description of your release + 2021-09-17T00:51:18+00:00 + + Project Orion + + + CMS + SEO + wysiwyg + + + + JIRA-17240 + Great new feature that does something + + Acme Org + https://issues.example.com/17240 + + + + CVE-2019-9997 + CVE-2019-9997 + A security issue was fixed that did something bad + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + http://some/other/site-1 + http://some/other/site-2 + + + + + + en-US + PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+ + + + es + PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4= + + + + + + + + + Partner Org + https://partner.org + + Support + support@partner.org + 800-555-1212 + + + org.partner + Stock ticker service + 2020-Q2 + Provides real-time stock information + + https://partner.org/api/v1/lookup + https://partner.org/api/v1/stock + + true + true + + PII + PIFI + public + partner-data + + + + Partner license + + + + + http://partner.org + + + http://api.partner.org/swagger + + + + major + My new release + https://example.com/featured_image.png + https://example.com/social_image.png + The main description of your release + 2021-09-17T00:51:18+00:00 + + Project Orion + + + CMS + SEO + wysiwyg + + + + JIRA-17240 + Great new feature that does something + + Acme Org + https://issues.example.com/17240 + + + + CVE-2019-9997 + CVE-2019-9997 + A security issue was fixed that did something bad + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + http://some/other/site-1 + http://some/other/site-2 + + + + + + en-US + PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+ + + + es + PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4= + + + + + + diff --git a/src/test/resources/1.6/valid-saasbom-1.6.json b/src/test/resources/1.6/valid-saasbom-1.6.json new file mode 100644 index 0000000000..0aa16dd0d6 --- /dev/null +++ b/src/test/resources/1.6/valid-saasbom-1.6.json @@ -0,0 +1,304 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "timestamp": "2021-01-10T12:00:00Z", + "component": { + "bom-ref": "acme-stock-application", + "type": "application", + "name": "Acme SaaSBOM Example", + "version": "2022-1" + } + }, + "services": [ + { + "bom-ref": "stock-ticker-service", + "provider": { + "name": "Acme Inc", + "url": [ "https://example.com" ] + }, + "group": "com.example", + "name": "Stock Ticker Service", + "version": "2022-1", + "endpoints": [ + "https://example.com/", + "https://example.com/app" + ], + "authenticated": true, + "trustZone": "Acme Public Zone", + "data": [ + { + "name": "Consumer to Stock Service", + "description": "Traffic to/from consumer to service", + "classification": "Customer", + "flow": "bi-directional", + "source": [ + "https://0.0.0.0" + ], + "destination": [ + "https://0.0.0.0" + ] + }, + { + "name": "Stock Service to MS-1", + "description": "Traffic to/from stock service to microservice-1", + "classification": "PII", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + ] + }, + { + "name": "Stock Service to MS-2", + "description": "Traffic to/from stock service to microservice-2", + "classification": "PIFI", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" + ] + }, + { + "name": "Stock Service to MS-3", + "description": "Traffic to/from stock service to microservice-3", + "classification": "Public", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" + ] + } + ], + "externalReferences": [ + { + "type": "documentation", + "url": "https://example.com/app/swagger" + } + ], + "services": [ + { + "bom-ref": "ms-1.example.com", + "provider": { + "name": "Acme Inc", + "url": [ "https://example.com" ] + }, + "group": "com.example", + "name": "Microservice 1", + "version": "2022-1", + "description": "Example Microservice", + "endpoints": [ + "https://ms-1.example.com" + ], + "authenticated": true, + "trustZone": "Acme Private Zone", + "data": [ + { + "name": "Stock Service to MS-1", + "description": "Traffic to/from stock service to microservice-1", + "classification": "PII", + "flow": "bi-directional", + "governance": { + "owners": [ + { + "organization": { + "name": "Customer Name" + } + } + ] + }, + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + ] + }, + { + "name": "MS-1 to Database", + "description": "Traffic to/from microservice-1 to database", + "classification": "PII", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" + ] + } + ], + "externalReferences": [ + { + "type": "documentation", + "url": "https://ms-1.example.com/swagger" + } + ] + }, + { + "bom-ref": "ms-2.example.com", + "provider": { + "name": "Acme Inc", + "url": [ "https://example.com" ] + }, + "group": "com.example", + "name": "Microservice 2", + "version": "2022-1", + "description": "Example Microservice", + "endpoints": [ + "https://ms-2.example.com" + ], + "authenticated": true, + "trustZone": "Acme Private Zone", + "data": [ + { + "name": "Stock Service to MS-2", + "description": "Traffic to/from stock service to microservice-2", + "classification": "PIFI", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + ] + } + ], + "externalReferences": [ + { + "type": "documentation", + "url": "https://ms-2.example.com/swagger" + } + ] + }, + { + "bom-ref": "ms-3.example.com", + "provider": { + "name": "Acme Inc", + "url": [ "https://example.com" ] + }, + "group": "com.example", + "name": "Microservice 3", + "version": "2022-1", + "description": "Example Microservice", + "endpoints": [ + "https://ms-3.example.com" + ], + "authenticated": true, + "trustZone": "Acme Private Zone", + "data": [ + { + "name": "Stock Service to MS-3", + "description": "Traffic to/from stock service to microservice-3", + "classification": "Public", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + ] + }, + { + "name": "MS-3 to S3", + "description": "Data pushed from microservice-3 to S3 bucket", + "classification": "Public", + "flow": "outbound", + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com" + ] + } + ], + "externalReferences": [ + { + "type": "documentation", + "url": "https://ms-3.example.com/swagger" + } + ] + }, + { + "bom-ref": "ms-1-pgsql.example.com", + "group": "org.postgresql", + "name": "Postgres", + "version": "14.1", + "description": "Postgres database for Microservice #1", + "endpoints": [ + "https://ms-1-pgsql.example.com:5432" + ], + "authenticated": true, + "trustZone": "Acme Private Zone", + "data": [ + { + "name": "MS-1 to Database", + "description": "Traffic to/from microservice-1 to database", + "classification": "PII", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + ] + } + ] + }, + { + "bom-ref": "s3-example.amazon.com", + "group": "com.amazon", + "name": "S3", + "description": "S3 bucket", + "endpoints": [ + "https://s3-example.amazon.com" + ], + "authenticated": true, + "trustZone": "Public Internet", + "data": [ + { + "name": "MS-3 to S3", + "description": "Data pushed from microservice-3 to S3 bucket", + "classification": "PII", + "flow": "inbound", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" + ] + } + ] + } + ] + } + ], + "dependencies": [ + { + "ref": "acme-stock-application", + "dependsOn": [ "stock-ticker-service" ] + }, + { + "ref": "stock-ticker-service", + "dependsOn": [ + "ms-1.example.com", + "ms-2.example.com", + "ms-3.example.com" + ] + }, + { + "ref": "ms-1.example.com", + "dependsOn": [ "ms-1-pgsql.example.com" ] + }, + { + "ref": "ms-2.example.com", + "dependsOn": [ ] + }, + { + "ref": "ms-3.example.com", + "dependsOn": [ "s3-example.amazon.com" ] + } + ] +} diff --git a/src/test/resources/1.6/valid-saasbom-1.6.textproto b/src/test/resources/1.6/valid-saasbom-1.6.textproto new file mode 100644 index 0000000000..2edfb9523d --- /dev/null +++ b/src/test/resources/1.6/valid-saasbom-1.6.textproto @@ -0,0 +1,237 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + timestamp { + seconds: 1610280000 + nanos: 0 + } + component { + type: CLASSIFICATION_APPLICATION + bom_ref: "acme-stock-application" + name: "Acme SaaSBOM Example" + version: "2022-1" + } +} +services { + bom_ref: "stock-ticker-service" + provider { + name: "Acme Inc" + url: "https://example.com" + } + group: "com.example" + name: "Stock Ticker Service" + version:"2022-1" + endpoints: "https://example.com/" + endpoints: "https://example.com/app" + authenticated: true + trustZone: "Acme Public Zone" + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "Customer" + name: "Consumer to Stock Service", + description: "Traffic to/from consumer to service" + source: "https://0.0.0.0" + destination: "https://0.0.0.0" + } + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "PII" + name: "Stock Service to MS-1" + description: "Traffic to/from stock service to microservice-1" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + } + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "PIFI" + name: "Stock Service to MS-2" + description: "Traffic to/from stock service to microservice-2" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" + } + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "Public" + name: "Stock Service to MS-3" + description: "Traffic to/from stock service to microservice-3" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "https://example.com/app/swagger" + } + services { + bom_ref: "ms-1.example.com" + provider { + name: "Acme Inc" + url: "https://example.com" + } + group: "com.example" + name: "Microservice 1" + version:"2022-1" + description: "Example Microservice" + endpoints: "https://ms-1.example.com" + authenticated: true + trustZone: "Acme Private Zone" + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "PII" + name: "Stock Service to MS-1" + description: "Traffic to/from stock service to microservice-1" + governance: { + owners: [ + { + organization: { + name: "Customer Name" + } + } + ] + } + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + } + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "PII" + name: "MS-1 to Database" + description: "Traffic to/from microservice-1 to database" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "https://ms-1.example.com/swagger" + } + } + services { + bom_ref: "ms-2.example.com" + provider { + name: "Acme Inc" + url: "https://example.com" + } + group: "com.example" + name: "Microservice 2" + version:"2022-1" + description: "Example Microservice" + endpoints: "https://ms-2.example.com" + authenticated: true + trustZone: "Acme Private Zone" + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "PIFI" + name: "Stock Service to MS-2" + description: "Traffic to/from stock service to microservice-2" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "https://ms-2.example.com/swagger" + } + } + services { + bom_ref: "ms-3.example.com" + provider { + name: "Acme Inc" + url: "https://example.com" + } + group: "com.example" + name: "Microservice 3" + version:"2022-1" + description: "Example Microservice" + endpoints: "https://ms-3.example.com" + authenticated: true + trustZone: "Acme Private Zone" + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "Public" + name: "Stock Service to MS-3" + description: "Traffic to/from stock service to microservice-3" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + } + data { + flow: DATA_FLOW_OUTBOUND + value: "Public" + name: "MS-3 to S3" + description: "Data pushed from microservice-3 to S3 bucket" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "https://ms-3.example.com/swagger" + } + } + services { + bom_ref: "ms-1-pgsql.example.com" + group: "org.postgresql" + name: "Postgres" + version:"14.1" + description: "Postgres database for Microservice #1" + endpoints: "https://ms-1-pgsql.example.com:5432" + authenticated: true + trustZone: "Acme Private Zone" + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "PII" + name: "MS-1 to Database" + description: "Traffic to/from microservice-1 to database" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + } + } + services { + bom_ref: "s3-example.amazon.com" + group: "com.amazon" + name: "S3" + description: "S3 bucket" + endpoints: "https://s3-example.amazon.com" + authenticated: true + trustZone: "Public Internet" + data { + flow: DATA_FLOW_INBOUND + value: "PII" + name: "MS-3 to S3" + description: "Data pushed from microservice-3 to S3 bucket" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" + } + } +} +dependencies { + ref: "acme-stock-application" + dependencies { + ref: "stock-ticker-service" + } +} +dependencies { + ref: "stock-ticker-service" + dependencies { + ref: "ms-1.example.com" + } + dependencies { + ref: "ms-2.example.com" + } + dependencies { + ref: "ms-3.example.com" + } +} +dependencies { + ref: "ms-1.example.com", + dependencies { + ref: "ms-1-pgsql.example.com" + } +} +dependencies { + ref: "ms-2.example.com", +} +dependencies { + ref: "ms-3.example.com", + dependencies { + ref: "s3-example.amazon.com" + } +} diff --git a/src/test/resources/1.6/valid-saasbom-1.6.xml b/src/test/resources/1.6/valid-saasbom-1.6.xml new file mode 100644 index 0000000000..433cf3d922 --- /dev/null +++ b/src/test/resources/1.6/valid-saasbom-1.6.xml @@ -0,0 +1,246 @@ + + + + 2021-01-10T12:00:00Z + + Acme SaaSBOM Example + 2022-1 + + + + + + Acme Inc + https://example.com + + com.example + Stock Ticker Service + 2022-1 + + https://example.com/ + https://example.com/app + + true + Acme Public Zone + + + Customer + + https://0.0.0.0 + + + https://0.0.0.0 + + + + PII + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com + + + + PIFI + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com + + + + Public + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com + + + + + + https://example.com/app/swagger + + + + + + Acme Inc + https://example.com + + com.example + Microservice 1 + 2022-1 + Example Microservice + + https://ms-1.example.com + + true + Acme Private Zone + + + PII + + + + + Customer Name + + + + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service + + + + PII + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com + + + + + + https://ms-1.example.com/swagger + + + + + + Acme Inc + https://example.com + + com.example + Microservice 2 + 2022-1 + Example Microservice + + https://ms-2.example.com + + true + Acme Private Zone + + + PIFI + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service + + + + + + https://ms-2.example.com/swagger + + + + + + Acme Inc + https://example.com + + com.example + Microservice 3 + 2022-1 + Example Microservice + + https://ms-3.example.com + + true + Acme Private Zone + + + Public + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service + + + + Public + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com + + + + + + https://ms-3.example.com/swagger + + + + + org.postgresql + Postgres + 14.1 + Postgres database for Microservice #1 + + https://ms-1-pgsql.example.com:5432 + + true + Acme Private Zone + + + PII + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com + + + + + + com.amazon + S3 + S3 bucket + + https://s3-example.amazon.com + + true + Public Internet + + + PII + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/resources/1.6/valid-service-1.6.json b/src/test/resources/1.6/valid-service-1.6.json new file mode 100644 index 0000000000..f5dc557d40 --- /dev/null +++ b/src/test/resources/1.6/valid-service-1.6.json @@ -0,0 +1,102 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "pkg:maven/com.acme/stock-java-client@1.0.12", + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "stock-java-client", + "version": "1.0.12", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.acme/stock-java-client@1.0.12" + } + ], + "services": [ + { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "provider": { + "name": "Partner Org", + "url": [ + "https://partner.org" + ], + "contact": [ + { + "name": "Support", + "email": "support@partner.org", + "phone": "800-555-1212" + } + ] + }, + "group": "org.partner", + "name": "Stock ticker service", + "version": "2020-Q2", + "description": "Provides real-time stock information", + "endpoints": [ + "https://partner.org/api/v1/lookup", + "https://partner.org/api/v1/stock" + ], + "authenticated": true, + "x-trust-boundary": true, + "data": [ + { + "classification": "PII", + "flow": "inbound" + }, + { + "classification": "PIFI", + "flow": "outbound" + }, + { + "classification": "public", + "flow": "bi-directional" + }, + { + "classification": "partner-data", + "flow": "unknown" + } + ], + "licenses": [ + { + "license": { + "name": "Partner license" + } + } + ], + "externalReferences": [ + { + "type": "website", + "url": "http://partner.org" + }, + { + "type": "documentation", + "url": "http://api.partner.org/swagger" + } + ] + } + ], + "dependencies": [ + { + "ref": "pkg:maven/com.acme/stock-java-client@1.0.12", + "dependsOn": [ + "b2a46a4b-8367-4bae-9820-95557cfe03a8" + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-service-1.6.textproto b/src/test/resources/1.6/valid-service-1.6.textproto new file mode 100644 index 0000000000..c43ac6974f --- /dev/null +++ b/src/test/resources/1.6/valid-service-1.6.textproto @@ -0,0 +1,79 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:maven/com.acme/stock-java-client@1.0.12" + publisher: "Acme Inc" + group: "com.acme" + name: "stock-java-client" + version: "1.0.12" + hashes { + alg: HASH_ALG_SHA_1 + value: "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + } + licenses { + license { + id: "Apache-2.0" + } + } + purl: "pkg:maven/com.acme/stock-java-client@1.0.12" +} +services { + bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + provider { + name: "Partner Org" + url: "https://partner.org" + contact { + name: "Support" + email: "support@partner.org" + phone: "800-555-1212" + } + } + group: "org.partner" + name: "Stock ticker service" + version: "2020-Q2" + description: "Provides real-time stock information" + endpoints: "https://partner.org/api/v1/lookup" + endpoints: "https://partner.org/api/v1/stock" + authenticated: true + x_trust_boundary: true + data { + flow: DATA_FLOW_INBOUND + value: "PII" + } + data { + flow: DATA_FLOW_OUTBOUND + value: "PIFI" + } + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "public" + } + data { + flow: DATA_FLOW_UNKNOWN + value: "partner-data" + } + licenses { + license { + name: "Partner license" + } + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_WEBSITE + url: "http://partner.org" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "http://api.partner.org/swagger" + } +} +dependencies { + ref: "pkg:maven/com.acme/stock-java-client@1.0.12" + dependencies { + ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + } +} diff --git a/src/test/resources/1.6/valid-service-1.6.xml b/src/test/resources/1.6/valid-service-1.6.xml new file mode 100644 index 0000000000..643effaed8 --- /dev/null +++ b/src/test/resources/1.6/valid-service-1.6.xml @@ -0,0 +1,67 @@ + + + + + Acme Inc + com.acme + stock-java-client + 1.0.12 + + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + + + + Apache-2.0 + + + pkg:maven/com.acme/stock-java-client@1.0.12 + + + + + + Partner Org + https://partner.org + + Support + support@partner.org + 800-555-1212 + + + org.partner + Stock ticker service + 2020-Q2 + Provides real-time stock information + + https://partner.org/api/v1/lookup + https://partner.org/api/v1/stock + + true + true + + PII + PIFI + public + partner-data + + + + Partner license + + + + + http://partner.org + + + http://api.partner.org/swagger + + + + + + + + + + diff --git a/src/test/resources/1.6/valid-service-empty-objects-1.6.json b/src/test/resources/1.6/valid-service-empty-objects-1.6.json new file mode 100644 index 0000000000..7338836de0 --- /dev/null +++ b/src/test/resources/1.6/valid-service-empty-objects-1.6.json @@ -0,0 +1,23 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "services": [ + { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "provider": { + "contact": [ + ] + }, + "name": "Stock ticker service", + "endpoints": [ + ], + "data": [ + ], + "externalReferences": [ + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-service-empty-objects-1.6.textproto b/src/test/resources/1.6/valid-service-empty-objects-1.6.textproto new file mode 100644 index 0000000000..1b20a3196b --- /dev/null +++ b/src/test/resources/1.6/valid-service-empty-objects-1.6.textproto @@ -0,0 +1,12 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +services { + bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + provider { + } + name: "Stock ticker service" +} diff --git a/src/test/resources/1.6/valid-service-empty-objects-1.6.xml b/src/test/resources/1.6/valid-service-empty-objects-1.6.xml new file mode 100644 index 0000000000..38023db33b --- /dev/null +++ b/src/test/resources/1.6/valid-service-empty-objects-1.6.xml @@ -0,0 +1,16 @@ + + + + + + + Stock ticker service + + + + + + + + + diff --git a/src/test/resources/1.6/valid-signatures-1.6.json b/src/test/resources/1.6/valid-signatures-1.6.json new file mode 100644 index 0000000000..5542c90eff --- /dev/null +++ b/src/test/resources/1.6/valid-signatures-1.6.json @@ -0,0 +1,79 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "5366293e-0740-4dcf-b1d0-0c1fc26e4981", + "type": "application", + "name": "amce app", + "version": "1.0", + "signature": { + "algorithm": "ES256", + "certificatePath": [ + "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", + "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" + ], + "value": "tqITqIm0gUMWXIjqDgwqzqPw1CwTUKRewZQ5YpX3VwFMWV68NJgX4npU91cSwSC-MRlx1QfOYwSQkeU26VpXSg" + } + } + ], + "services": [ + { + "bom-ref": "ee10d0a2-baba-4656-a5ac-d49e172a0d3d", + "group": "org.partner", + "name": "Stock ticker service", + "version": "2020-Q2", + "endpoints": [ + "https://partner.org/api/v1/lookup", + "https://partner.org/api/v1/stock" + ], + "authenticated": true, + "x-trust-boundary": true, + "data": [ + { + "classification": "PII", + "flow": "inbound" + } + ], + "signature": { + "algorithm": "ES256", + "certificatePath": [ + "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", + "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" + ], + "value": "6A77T3RBTAuVpZOgFFFfOvGOQ1hqMbfSQ91VucRM1RIP6QqX9kEF1Pi1_vCl37qpVzK51kIyppgUF_i9s999XA" + } + } + ], + "compositions": [ + { + "aggregate": "complete", + "assemblies": [ + "5366293e-0740-4dcf-b1d0-0c1fc26e4981", + "ee10d0a2-baba-4656-a5ac-d49e172a0d3d" + ], + "dependencies": [ + "5366293e-0740-4dcf-b1d0-0c1fc26e4981" + ], + "signature": { + "algorithm": "ES256", + "certificatePath": [ + "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", + "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" + ], + "value": "lm6wx-elyBTbNMKNF8riooZhvrm6f5j8JpvgP9JtVv50dd7sXQLH7PqJcn9fmKV8eoF8cszPllEsQQhEQOM4hA" + } + } + ], + "signature": { + "algorithm": "ES256", + "certificatePath": [ + "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", + "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" + ], + "value": "m4pMbQQVV61TlP4Og7a75SeY8lh00LkkUDXZ4PIhXsR512MPRgZmusFYorJlYq9wM3P9n9gM3T8BTg9XdFdQkQ" + } +} diff --git a/src/test/resources/1.6/valid-standard-1.6.json b/src/test/resources/1.6/valid-standard-1.6.json new file mode 100644 index 0000000000..3150227b6e --- /dev/null +++ b/src/test/resources/1.6/valid-standard-1.6.json @@ -0,0 +1,79 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "definitions": { + "standards": [ + { + "bom-ref": "standard-1", + "name": "Sample Standard", + "version": "1.0.0", + "description": "Description here", + "owner": "Acme Inc", + "requirements": [ + { + "bom-ref": "requirement-1", + "identifier": "v1", + "title": "Title here" + }, + { + "bom-ref": "requirement-1.1", + "identifier": "v1.1", + "title": "Title here", + "text": "Text here", + "descriptions": [ + "Requirement is described here", + "and here" + ], + "parent": "requirement-1" + }, + { + "bom-ref": "requirement-1.1.1", + "identifier": "v1.1.1", + "text": "Text of the requirement here", + "descriptions": [ + "Supplemental text here" + ], + "openCre": [ + "CRE:616-305" + ], + "parent": "requirement-1.1" + } + ], + "levels": [ + { + "bom-ref": "level-1", + "identifier": "Level 1", + "description": "Description here", + "requirements": [ + "requirement-1.1.1" + ] + }, + { + "bom-ref": "level-2", + "identifier": "Level 2", + "description": "Description here", + "requirements": [ + "requirement-1.1.1" + ] + }, + { + "bom-ref": "level-3", + "identifier": "Level 3", + "description": "Description here", + "requirements": [ + "requirement-1.1.1" + ] + } + ], + "signature": { + "algorithm": "ES256", + "certificatePath": [ "MIIB...", "MIID..." ], + "value": "tqIT..." + } + } + ] + } +} diff --git a/src/test/resources/1.6/valid-standard-1.6.textproto b/src/test/resources/1.6/valid-standard-1.6.textproto new file mode 100644 index 0000000000..3388c5cd94 --- /dev/null +++ b/src/test/resources/1.6/valid-standard-1.6.textproto @@ -0,0 +1,73 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6", +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +definitions { + standards: [ + { + bom_ref: "standard-1" + name: "Sample Standard" + version: "1.0.0" + description: "Description here" + owner: "Acme Inc" + requirements: [ + { + bom_ref: "requirement-1" + identifier: "v1" + title: "Title here" + }, + { + bom_ref: "requirement-1.1" + identifier: "v1.1" + title: "Title here" + text: "Text here" + descriptions: [ + "Requirement is described here", + "and here" + ] + parent: "requirement-1" + }, + { + bom_ref: "requirement-1.1.1" + identifier: "v1.1.1" + text: "Text of the requirement here" + descriptions: [ + "Supplemental text here" + ] + openCre: [ + "CRE:616-305" + ], + parent: "requirement-1.1" + } + ] + levels: [ + { + bom_ref: "level-1" + identifier: "Level 1" + description: "Description here" + requirements: [ + "requirement-1.1.1" + ] + }, + { + bom_ref: "level-2" + identifier: "Level 2" + description: "Description here" + requirements: [ + "requirement-1.1.1" + ] + }, + { + bom_ref: "level-3" + identifier: "Level 3" + description: "Description here" + requirements: [ + "requirement-1.1.1" + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/src/test/resources/1.6/valid-standard-1.6.xml b/src/test/resources/1.6/valid-standard-1.6.xml new file mode 100644 index 0000000000..cdf5c037e0 --- /dev/null +++ b/src/test/resources/1.6/valid-standard-1.6.xml @@ -0,0 +1,64 @@ + + + + + + Sample Standard + 1.0.0 + Description here + Acme Inc + + + v1 + Title here + + + v1.1 + Title here + Text here + + Requirement is described here + and here + + requirement-1 + + + v1.1.1 + Text of the requirement here + + Supplemental text here + + CRE:616-305 + requirement-1.1 + + + + + Level 1 + Description here + + requirement-1.1.1 + + + + Level 2 + Description here + + requirement-1.1.1 + + + + Level 3 + Description here + + requirement-1.1.1 + + + + + + + + + + \ No newline at end of file diff --git a/src/test/resources/1.6/valid-tags-1.6.json b/src/test/resources/1.6/valid-tags-1.6.json new file mode 100644 index 0000000000..1052997b9f --- /dev/null +++ b/src/test/resources/1.6/valid-tags-1.6.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "my-json-parser", + "version": "1.0", + "tags": [ "json-parser", "javascript", "node.js" ] + } + ], + "services": [ + { + "name": "my service", + "endpoints": [ "https://example.com/myservice" ], + "tags": [ "microservice", "golang", "aws", "us-east-1" ] + } + ] +} diff --git a/src/test/resources/1.6/valid-tags-1.6.textproto b/src/test/resources/1.6/valid-tags-1.6.textproto new file mode 100644 index 0000000000..a2df47d681 --- /dev/null +++ b/src/test/resources/1.6/valid-tags-1.6.textproto @@ -0,0 +1,17 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + name: "my-json-parser" + version: "1.0" + tags: [ "json-parser", "javascript", "node.js" ] +} +services { + name: "my service" + endpoints: [ "https://example.com/myservice" ] + tags: [ "microservice", "golang", "aws", "us-east-1" ] +} diff --git a/src/test/resources/1.6/valid-tags-1.6.xml b/src/test/resources/1.6/valid-tags-1.6.xml new file mode 100644 index 0000000000..49497a1c5e --- /dev/null +++ b/src/test/resources/1.6/valid-tags-1.6.xml @@ -0,0 +1,28 @@ + + + + + my-json-parser + 1.0 + + json-parser + javascript + node.js + + + + + + my service + + https://example.com/myservice + + + microservice + golang + aws + us-east-1 + + + + diff --git a/src/test/resources/1.6/valid-vulnerability-1.6.json b/src/test/resources/1.6/valid-vulnerability-1.6.json new file mode 100644 index 0000000000..52bb70f136 --- /dev/null +++ b/src/test/resources/1.6/valid-vulnerability-1.6.json @@ -0,0 +1,170 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "type": "library", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.4", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + } + ], + "vulnerabilities": [ + { + "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", + "source": { + "name": "Snyk", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + }, + "references": [ + { + "id": "CVE-2018-7489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ], + "ratings": [ + { + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + }, + "score": 9.8, + "severity": "critical", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "justification": "An optional reason for rating the vulnerability as it was" + } + ], + "cwes": [ + 184, + 502 + ], + "description": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", + "detail": "", + "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", + "workaround": "Describe the workarounds here", + "proofOfConcept": { + "reproductionSteps": "Precise steps to reproduce go here", + "environment": "Describe the environment", + "supportingMaterial": [ + { + "contentType": "image/jpeg", + "encoding": "base64", + "content": "/9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k=" + } + ] + }, + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/1931" + } + ], + "created": "2021-01-01T00:00:00.000Z", + "published": "2021-01-01T00:00:00.000Z", + "updated": "2021-01-01T00:00:00.000Z", + "rejected": "2022-01-01T00:00:00.000Z", + "credits": { + "organizations": [ + { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ] + } + ], + "individuals": [ + { + "name": "Jane Doe", + "email": "jane.doe@example.com" + } + ] + }, + "tools": { + "components": [ + { + "type": "application", + "group": "Snyk", + "name": "Snyk CLI (Linux)", + "version": "1.729.0", + "hashes": [ + { + "alg": "SHA-256", + "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ], + "services": [ + { + "provider": { + "name": "Acme Inc" + }, + "name": "Acme BOM Analyzer", + "endpoints": [ + "https://example.com/analyze" + ] + } + ] + }, + "analysis": { + "state": "not_affected", + "justification": "code_not_reachable", + "response": ["will_not_fix", "update"], + "detail": "An optional explanation of why the application is not affected by the vulnerable component.", + "firstIssued": "2022-01-01T00:00:00.000Z", + "lastUpdated": "2022-02-01T00:00:00.000Z" + }, + "affects": [ + { + "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "versions": [ + { + "range": "vers:semver/<2.6.7.5", + "status": "affected" + }, + { + "range": "vers:semver/2.7.0|<2.8.11.1", + "status": "affected" + }, + { + "range": "vers:semver/2.9.0|<2.9.5", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "You" + }, + { + "name": "Foo", + "value": "Two" + }, + { + "name": "Bar", + "value": "Foo" + } + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-vulnerability-1.6.textproto b/src/test/resources/1.6/valid-vulnerability-1.6.textproto new file mode 100644 index 0000000000..bec68ebfae --- /dev/null +++ b/src/test/resources/1.6/valid-vulnerability-1.6.textproto @@ -0,0 +1,164 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + group: "com.fasterxml.jackson.core" + name: "jackson-databind" + version: "2.9.4" + purl: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" +} +vulnerabilities { + bom_ref: "6eee14da-8f42-4cc4-bb65-203235f02415" + id: "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + source: { + name: "Snyk" + url: "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + } + references: { + id: "CVE-2018-7489" + source: { + name: "NVD", + url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ratings: { + source: { + name: "NVD" + url: "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + } + score: 9.8 + severity: SEVERITY_CRITICAL + method: SCORE_METHOD_CVSSV3 + vector: "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + justification: "An optional reason for rating the vulnerability as it was" + } + cwes: 184 + cwes: 502 + description: "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath." + detail: "" + recommendation: "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher." + proofOfConcept: { + reproductionSteps: "Precise steps to reproduce go here" + environment: "Describe the environment" + supportingMaterial: [ + { + content_type: "image/jpeg" + encoding: "base64" + value: "/9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k=" + } + ] + } + advisories: { + title: "GitHub Commit" + url: "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + } + advisories: { + title: "GitHub Issue" + url: "https://github.com/FasterXML/jackson-databind/issues/1931" + } + created: { + seconds: 1609459200 + nanos: 0 + } + published: { + seconds: 1609459200 + nanos: 0 + } + updated: { + seconds: 1609459200 + nanos: 0 + } + rejected: { + seconds: 1640995200 + nanos: 0 + } + credits: { + organizations: { + name: "Acme, Inc." + url: "https://example.com" + } + individuals: { + name: "Jane Doe" + email: "jane.doe@example.com" + } + } + tools: { + components: [ + { + type: CLASSIFICATION_APPLICATION, + group: "Snyk", + name: "Snyk CLI (Linux)", + version: "1.729.0", + hashes: [ + { + alg: HASH_ALG_SHA_256 + value: "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ] + services: [ + { + provider: { + name: "Acme Inc" + }, + name: "Acme BOM Analyzer", + endpoints: [ + "https://example.com/analyze" + ] + } + ] + } + analysis: { + state: IMPACT_ANALYSIS_STATE_NOT_AFFECTED + justification: IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_REACHABLE + response: VULNERABILITY_RESPONSE_WILL_NOT_FIX + response: VULNERABILITY_RESPONSE_UPDATE + detail: "An optional explanation of why the application is not affected by the vulnerable component." + firstIssued: { + seconds: 1640995200 + nanos: 0 + } + lastUpdated: { + seconds: 1643673600 + nanos: 0 + } + } + affects: { + ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + versions: { + range: "vers:semver/<2.6.7.5" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + versions: { + range: "vers:semver/2.7.0|<2.8.11.1" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + versions: { + range: "vers:semver/2.9.0|<2.9.5" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + } + properties { + name: "Foo" + value: "Bar" + } + properties { + name: "Foo" + value: "You" + } + properties { + name: "Foo" + value: "Two" + } + properties { + name: "Bar" + value: "Foo" + } + workaround: "Describe the workarounds here" +} diff --git a/src/test/resources/1.6/valid-vulnerability-1.6.xml b/src/test/resources/1.6/valid-vulnerability-1.6.xml new file mode 100644 index 0000000000..33a5412f18 --- /dev/null +++ b/src/test/resources/1.6/valid-vulnerability-1.6.xml @@ -0,0 +1,144 @@ + + + + + com.fasterxml.jackson.core + jackson-databind + 2.9.4 + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + + + SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + Snyk + https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + + + + NVD + https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0 + + 9.8 + critical + CVSSv3 + AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + An optional reason for rating the vulnerability as it was + + + + 184 + 502 + + FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. + + Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher. + Describe the workarounds here + + Precise steps to reproduce go here + Describe the environment + + /9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k= + + + + + GitHub Commit + https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2 + + + GitHub Issue + https://github.com/FasterXML/jackson-databind/issues/1931 + + + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + 2022-01-01T00:00:00.000Z + + + + Acme, Inc. + https://example.com + + + + + Jane Doe + jane.doe@example.com + + + + + + + Snyk + Snyk CLI (Linux) + 1.729.0 + + 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d + + + + + + + Acme Inc + + Acme BOM Analyzer + + https://example.com/analyze + + + + + + not_affected + code_not_reachable + + will_not_fix + update + + An optional explanation of why the application is not affected by the vulnerable component. + 2022-01-01T00:00:00.000Z + 2022-02-01T00:00:00.000Z + + + + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + vers:semver/<2.6.7.5 + affected + + + vers:semver/2.7.0|<2.8.11.1 + affected + + + vers:semver/2.9.0|<2.9.5 + affected + + + + + + Bar + You + Two + Foo + + + + diff --git a/src/test/resources/1.6/valid-vulnerability-tool-1.6.json b/src/test/resources/1.6/valid-vulnerability-tool-1.6.json new file mode 100644 index 0000000000..c0f77d3639 --- /dev/null +++ b/src/test/resources/1.6/valid-vulnerability-tool-1.6.json @@ -0,0 +1,169 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "type": "library", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.4", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + } + ], + "vulnerabilities": [ + { + "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", + "source": { + "name": "Snyk", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + }, + "references": [ + { + "id": "CVE-2018-7489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ], + "ratings": [ + { + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + }, + "score": 9.8, + "severity": "critical", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "justification": "An optional reason for rating the vulnerability as it was" + } + ], + "cwes": [ + 184, + 502 + ], + "description": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", + "detail": "", + "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", + "workaround": "Describe the workarounds here", + "proofOfConcept": { + "reproductionSteps": "Precise steps to reproduce go here", + "environment": "Describe the environment", + "supportingMaterial": [ + { + "contentType": "image/jpeg", + "encoding": "base64", + "content": "/9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k=" + } + ] + }, + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/1931" + } + ], + "created": "2021-01-01T00:00:00.000Z", + "published": "2021-01-01T00:00:00.000Z", + "updated": "2021-01-01T00:00:00.000Z", + "rejected": "2022-01-01T00:00:00.000Z", + "credits": { + "organizations": [ + { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ] + } + ], + "individuals": [ + { + "name": "Jane Doe", + "email": "jane.doe@example.com" + } + ] + }, + "tools": { + "components": [ + { + "type": "application", + "group": "Snyk", + "name": "Snyk CLI (Linux)", + "version": "1.729.0", + "hashes": [ + { + "alg": "SHA-256", + "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ], + "services": [ + { + "provider": { + "name": "Acme Inc" + }, + "name": "Acme BOM Analyzer", + "endpoints": [ + "https://example.com/analyze" + ] + } + ] + }, + "analysis": { + "state": "not_affected", + "justification": "code_not_reachable", + "response": ["will_not_fix", "update"], + "detail": "An optional explanation of why the application is not affected by the vulnerable component.", + "firstIssued": "2022-01-01T00:00:00.000Z", + "lastUpdated": "2022-02-01T00:00:00.000Z" + }, + "affects": [ + { + "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "versions": [ + { + "range": "vers:semver/<2.6.7.5", + "status": "affected" + }, + { + "range": "vers:semver/2.7.0|<2.8.11.1", + "status": "affected" + }, + { + "range": "vers:semver/2.9.0|<2.9.5", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "You" + }, + { + "name": "Foo", + "value": "Two" + }, + { + "name": "Bar", + "value": "Foo" + } + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-vulnerability-tool-1.6.textproto b/src/test/resources/1.6/valid-vulnerability-tool-1.6.textproto new file mode 100644 index 0000000000..5720fbb868 --- /dev/null +++ b/src/test/resources/1.6/valid-vulnerability-tool-1.6.textproto @@ -0,0 +1,164 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + group: "com.fasterxml.jackson.core" + name: "jackson-databind" + version: "2.9.4" + purl: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" +} +vulnerabilities { + bom_ref: "6eee14da-8f42-4cc4-bb65-203235f02415" + id: "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + source: { + name: "Snyk" + url: "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + } + references: { + id: "CVE-2018-7489" + source: { + name: "NVD", + url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ratings: { + source: { + name: "NVD" + url: "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + } + score: 9.8 + severity: SEVERITY_CRITICAL + method: SCORE_METHOD_CVSSV3 + vector: "AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + justification: "An optional reason for rating the vulnerability as it was" + } + cwes: 184 + cwes: 502 + description: "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath." + detail: "" + recommendation: "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher." + proofOfConcept: { + reproductionSteps: "Precise steps to reproduce go here" + environment: "Describe the environment" + supportingMaterial: [ + { + content_type: "image/jpeg" + encoding: "base64" + value: "/9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k=" + } + ] + } + advisories: { + title: "GitHub Commit" + url: "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + } + advisories: { + title: "GitHub Issue" + url: "https://github.com/FasterXML/jackson-databind/issues/1931" + } + created: { + seconds: 3173618478 + nanos: 3 + } + published: { + seconds: 3173618478 + nanos: 3 + } + updated: { + seconds: 3173618478 + nanos: 3 + } + rejected: { + seconds: 3173618478 + nanos: 3 + } + credits: { + organizations: { + name: "Acme, Inc." + url: "https://example.com" + } + individuals: { + name: "Jane Doe" + email: "jane.doe@example.com" + } + } + tools: { + components: [ + { + type: CLASSIFICATION_APPLICATION, + group: "Snyk", + name: "Snyk CLI (Linux)", + version: "1.729.0", + hashes: [ + { + alg: HASH_ALG_SHA_256 + value: "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ] + services: [ + { + provider: { + name: "Acme Inc" + }, + name: "Acme BOM Analyzer", + endpoints: [ + "https://example.com/analyze" + ] + } + ] + } + analysis: { + state: IMPACT_ANALYSIS_STATE_NOT_AFFECTED + justification: IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_REACHABLE + response: VULNERABILITY_RESPONSE_WILL_NOT_FIX + response: VULNERABILITY_RESPONSE_UPDATE + detail: "An optional explanation of why the application is not affected by the vulnerable component." + firstIssued: { + seconds: 1641042000 + nanos: 3 + } + lastUpdated: { + seconds: 1643720400 + nanos: 3 + } + } + affects: { + ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + versions: { + range: "vers:semver/<2.6.7.5" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + versions: { + range: "vers:semver/2.7.0|<2.8.11.1" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + versions: { + range: "vers:semver/2.9.0|<2.9.5" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + } + properties { + name: "Foo" + value: "Bar" + } + properties { + name: "Foo" + value: "You" + } + properties { + name: "Foo" + value: "Two" + } + properties { + name: "Bar" + value: "Foo" + } + workaround: "Describe the workarounds here" +} diff --git a/src/test/resources/1.6/valid-vulnerability-tool-1.6.xml b/src/test/resources/1.6/valid-vulnerability-tool-1.6.xml new file mode 100644 index 0000000000..115b91d50d --- /dev/null +++ b/src/test/resources/1.6/valid-vulnerability-tool-1.6.xml @@ -0,0 +1,151 @@ + + + + + com.fasterxml.jackson.core + jackson-databind + 2.9.4 + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + + + SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + Snyk + https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + + + + NVD + https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0 + + 9.8 + critical + CVSSv3 + AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + An optional reason for rating the vulnerability as it was + + + + 184 + 502 + + FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. + + Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher. + Describe the workarounds here + + Precise steps to reproduce go here + Describe the environment + + /9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k= + + + + + GitHub Commit + https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2 + + + GitHub Issue + https://github.com/FasterXML/jackson-databind/issues/1931 + + + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + 2022-01-01T00:00:00.000Z + + + + Acme, Inc. + https://example.com + + + + + Jane Doe + jane.doe@example.com + + + + + + + Snyk + Snyk CLI (Linux) + 1.729.0 + + 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d + + + + + + + Acme Inf + + Acme BOM Analyzer + + https://example.com/analyze + + + + + + not_affected + code_not_reachable + + will_not_fix + update + + An optional explanation of why the application is not affected by the vulnerable component. + 2022-01-01T00:00:00.000Z + 2022-02-01T00:00:00.000Z + + + + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + vers:semver/<2.6.7.5 + affected + + + vers:semver/2.7.0|<2.8.11.1 + affected + + + vers:semver/2.9.0|<2.9.5 + affected + + + + + + Bar + You + Two + Foo + + + + diff --git a/src/test/resources/1.6/valid-vulnerability-tool-deprecated-1.6.json b/src/test/resources/1.6/valid-vulnerability-tool-deprecated-1.6.json new file mode 100644 index 0000000000..cf2a90f326 --- /dev/null +++ b/src/test/resources/1.6/valid-vulnerability-tool-deprecated-1.6.json @@ -0,0 +1,155 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "type": "library", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.4", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + } + ], + "vulnerabilities": [ + { + "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", + "source": { + "name": "Snyk", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + }, + "references": [ + { + "id": "CVE-2018-7489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ], + "ratings": [ + { + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + }, + "score": 9.8, + "severity": "critical", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "justification": "An optional reason for rating the vulnerability as it was" + } + ], + "cwes": [ + 184, + 502 + ], + "description": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", + "detail": "", + "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", + "workaround": "Describe the workarounds here", + "proofOfConcept": { + "reproductionSteps": "Precise steps to reproduce go here", + "environment": "Describe the environment", + "supportingMaterial": [ + { + "contentType": "image/jpeg", + "encoding": "base64", + "content": "/9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k=" + } + ] + }, + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/1931" + } + ], + "created": "2021-01-01T00:00:00.000Z", + "published": "2021-01-01T00:00:00.000Z", + "updated": "2021-01-01T00:00:00.000Z", + "rejected": "2022-01-01T00:00:00.000Z", + "credits": { + "organizations": [ + { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ] + } + ], + "individuals": [ + { + "name": "Jane Doe", + "email": "jane.doe@example.com" + } + ] + }, + "tools": [ + { + "vendor": "Snyk", + "name": "Snyk CLI (Linux)", + "version": "1.729.0", + "hashes": [ + { + "alg": "SHA-256", + "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ], + "analysis": { + "state": "not_affected", + "justification": "code_not_reachable", + "response": ["will_not_fix", "update"], + "detail": "An optional explanation of why the application is not affected by the vulnerable component.", + "firstIssued": "2022-01-01T00:00:00.000Z", + "lastUpdated": "2022-02-01T00:00:00.000Z" + }, + "affects": [ + { + "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "versions": [ + { + "range": "vers:semver/<2.6.7.5", + "status": "affected" + }, + { + "range": "vers:semver/2.7.0|<2.8.11.1", + "status": "affected" + }, + { + "range": "vers:semver/2.9.0|<2.9.5", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "You" + }, + { + "name": "Foo", + "value": "Two" + }, + { + "name": "Bar", + "value": "Foo" + } + ] + } + ] +} diff --git a/src/test/resources/1.6/valid-vulnerability-tool-deprecated-1.6.textproto b/src/test/resources/1.6/valid-vulnerability-tool-deprecated-1.6.textproto new file mode 100644 index 0000000000..d3b95deef4 --- /dev/null +++ b/src/test/resources/1.6/valid-vulnerability-tool-deprecated-1.6.textproto @@ -0,0 +1,146 @@ +# proto-file: schema/bom-1.6.proto +# proto-message: Bom + +spec_version: "1.6" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + group: "com.fasterxml.jackson.core" + name: "jackson-databind" + version: "2.9.4" + purl: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" +} +vulnerabilities { + bom_ref: "6eee14da-8f42-4cc4-bb65-203235f02415" + id: "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + source: { + name: "Snyk" + url: "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + } + references: { + id: "CVE-2018-7489" + source: { + name: "NVD", + url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ratings: { + source: { + name: "NVD" + url: "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + } + score: 9.8 + severity: SEVERITY_CRITICAL + method: SCORE_METHOD_CVSSV3 + vector: "AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + justification: "An optional reason for rating the vulnerability as it was" + } + cwes: 184 + cwes: 502 + description: "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath." + detail: "" + recommendation: "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher." + proofOfConcept: { + reproductionSteps: "Precise steps to reproduce go here" + environment: "Describe the environment" + supportingMaterial: [ + { + content_type: "image/jpeg" + encoding: "base64" + value: "/9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k=" + } + ] + } + advisories: { + title: "GitHub Commit" + url: "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + } + advisories: { + title: "GitHub Issue" + url: "https://github.com/FasterXML/jackson-databind/issues/1931" + } + created: { + seconds: 3173618478 + nanos: 3 + } + published: { + seconds: 3173618478 + nanos: 3 + } + updated: { + seconds: 3173618478 + nanos: 3 + } + rejected: { + seconds: 3173618478 + nanos: 3 + } + credits: { + organizations: { + name: "Acme, Inc." + url: "https://example.com" + } + individuals: { + name: "Jane Doe" + email: "jane.doe@example.com" + } + } + tools: { + vendor: "Snyk" + name: "Snyk CLI (Linux)" + version: "1.729.0" + hashes: { + alg: HASH_ALG_SHA_256 + value: "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + } + analysis: { + state: IMPACT_ANALYSIS_STATE_NOT_AFFECTED + justification: IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_REACHABLE + response: VULNERABILITY_RESPONSE_WILL_NOT_FIX + response: VULNERABILITY_RESPONSE_UPDATE + detail: "An optional explanation of why the application is not affected by the vulnerable component." + firstIssued: { + seconds: 1641042000 + nanos: 3 + } + lastUpdated: { + seconds: 1643720400 + nanos: 3 + } + } + affects: { + ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + versions: { + range: "vers:semver/<2.6.7.5" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + versions: { + range: "vers:semver/2.7.0|<2.8.11.1" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + versions: { + range: "vers:semver/2.9.0|<2.9.5" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + } + properties { + name: "Foo" + value: "Bar" + } + properties { + name: "Foo" + value: "You" + } + properties { + name: "Foo" + value: "Two" + } + properties { + name: "Bar" + value: "Foo" + } + workaround: "Describe the workarounds here" +} diff --git a/src/test/resources/1.6/valid-vulnerability-tool-deprecated-1.6.xml b/src/test/resources/1.6/valid-vulnerability-tool-deprecated-1.6.xml new file mode 100644 index 0000000000..1855bc70e4 --- /dev/null +++ b/src/test/resources/1.6/valid-vulnerability-tool-deprecated-1.6.xml @@ -0,0 +1,138 @@ + + + + + com.fasterxml.jackson.core + jackson-databind + 2.9.4 + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + + + SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + Snyk + https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + + + + NVD + https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0 + + 9.8 + critical + CVSSv3 + AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + An optional reason for rating the vulnerability as it was + + + + 184 + 502 + + FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. + + Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher. + Describe the workarounds here + + Precise steps to reproduce go here + Describe the environment + + /9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k= + + + + + GitHub Commit + https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2 + + + GitHub Issue + https://github.com/FasterXML/jackson-databind/issues/1931 + + + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + 2022-01-01T00:00:00.000Z + + + + Acme, Inc. + https://example.com + + + + + Jane Doe + jane.doe@example.com + + + + + + Snyk + Snyk CLI (Linux) + 1.729.0 + + 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d + + + + + not_affected + code_not_reachable + + will_not_fix + update + + An optional explanation of why the application is not affected by the vulnerable component. + 2022-01-01T00:00:00.000Z + 2022-02-01T00:00:00.000Z + + + + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + vers:semver/<2.6.7.5 + affected + + + vers:semver/2.7.0|<2.8.11.1 + affected + + + vers:semver/2.9.0|<2.9.5 + affected + + + + + + Bar + You + Two + Foo + + + + diff --git a/src/test/resources/1.6/valid-xml-signature-1.6.xml b/src/test/resources/1.6/valid-xml-signature-1.6.xml new file mode 100644 index 0000000000..930c06ace1 --- /dev/null +++ b/src/test/resources/1.6/valid-xml-signature-1.6.xml @@ -0,0 +1,177 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + + + Apache-2.0 + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-07T22:01:45Z + John Doe + jdoe@example.com + + + 2018-11-07T22:01:45Z + John Doe + jdoe@example.com + + Initial commit + + + + + + org.example + mylibrary + 1.0.0 + required + + 2342c2eaf1feb9a80195dbaddf2ebaa3 + 68b78babe00a053f9e35ec6a2d9080f5b90122b0 + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 + 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef + + + + Apache-2.0 + blah + fdaf + + + Copyright Example Inc. All rights reserved. + cpe:/a:example:myapplication:1.0.0 + pkg:maven/com.example/myapplication@1.0.0?packaging=war + false + + + com.example + myframework + 1.0.0 + Example Inc, enterprise framework + required + + cfcb0b64aacd2f81c1cd546543de965a + 7fbeef2346c45d565c3341f037bce4e088af8a52 + 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 + 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 + + + + Apache-2.0 + + + pkg:maven/com.example/myframework@1.0.0?packaging=war + false + + + http://example.com/myframework + + + http://example.com/security + + + + + + + + + + + + + + PrB8/rofGs34XwIX5OIdYSjV2aKSe5VaztJKBvsgjIk= + + + + ePGNg30Zl9CW7RZdcRn8gFCp1AlWncjudA9pQDXyqZOvyj9RC2YtkI688WdfDOdVRZs6mflJFXr7 + IKA9wY6jVrEqZmlef55Qp/8iGwOjOjWbwYsm2AhrdkUi9gaFSWEd8uITYHOpWbiPFSsnimiK9+ft + 56dkg/oJMLdXzlaukzq9iGkRcafRkW433OQcZIXwD2K8lg4cdD0pNNNqBa+PgIvzbxA5H84TyQDB + HBcQiw/j1edRBJgPOwlqzZDUawOJaFhAPUQ+GGKMetIJH2FqqrHXGuV1NIwnbWTCg40RdOcBdCrl + PDtDVjFh34uZ4dYBpJBIlM4daD2N4B6WPB5iHRyuZTczF2q03ObabuTgkpK6EeadFVqFNsEOOPPt + MDDyda+Lwff5KjvUHvRRtUDIOm2rNIQKzaseulwYcA9UWQHAFcupJmWcLLM4zzY7F/uOdZuSurzh + U6h5kdb76Juepof6ee4Q5YpwNOGNL5JfB4C3sc/Dbbv8dZ8OuXFYSZN7reUGZzCNksByqERPEbAe + n1ldJu1HnRXRQpwaon8Asy9CuNmPfFCfDwOs2B4p4tb+tLNIKFHdRlpd19Zr9vCMCbltXeqq0Cpq + OejSyLYGqSWzzzUh449dJrg6KTevrTNEln5GAlLBFSdjM5JA7KV2u/GyDVFwSEW7UKooGN4CtgU= + + + + CN=bomsigner,OU=development,O=cyclonedx + + MIIE+DCCAuCgAwIBAgIEXGzayTANBgkqhkiG9w0BAQsFADA+MRIwEAYDVQQKDAljeWNsb25lZHgx + FDASBgNVBAsMC2RldmVsb3BtZW50MRIwEAYDVQQDDAlib21zaWduZXIwHhcNMTkwMjIwMDQ0MjQ5 + WhcNNDkwMjIwMDQ0MjQ5WjA+MRIwEAYDVQQKDAljeWNsb25lZHgxFDASBgNVBAsMC2RldmVsb3Bt + ZW50MRIwEAYDVQQDDAlib21zaWduZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCo + 5JZsM4ZLfWW/dpRlU6CpnItWspddF+bEVDETKVwVj9tGpqR5jURgKS/BOQP2TGUsR3/ZJJBhYRll + ONhrUQrVKV/I6wp3Z40qPEa1RJLE+QlG9iL8qBV52CnXkLmnUSax3dspSzmSct5vDiTnvpHG9jr0 + AKFeTjy7U9rv8GJybz0ijwlpBoO9JRdYPX2PrrzoSeJLoxKq+GwuyCZ5LhXRN0p1a+NAirTAmY+c + G1ZTLkMmfeCUy1t6H/bG4RnYOSSPOvk7Rb68lQpUqb+pbbNuB2o/b9cDwtLLCtGVlu+5Wj8mrytY + 3FGFQM20j3yVeRInmGqTTDBelQa/CO4JKqBlmaeYEIvNYbFs9+AlqadivwDO51RpdPo9fPSpsBpy + ZMv6S2bXNuUML+Rk99WyKJTPM0PTZhRLZ64ZXEhlz3kQWVoSlrcwwim6sj6LRUb5IRqA3lxRFUI6 + NXKyiQLamQp+t3/9OGW9L1rLCcw7yFo0s8LhMTPMiv4ol9/hQViT+8ICzDsr0OM9ZiF4/UagFRlt + IClV70cjh1DpsZjzQIRVGaj8uQ/JdtfRz4E43Ki7U0a2Vpho/t6poLVndv46tkX5nYGtMW4WfMoD + ZflQ9pajvvKtr2jB1wob6nsU+VTmAcWZy4BCPH+XyfDw/0SFBdUceJJJtPWIeYFDUY7onptf+wID + AQABMA0GCSqGSIb3DQEBCwUAA4ICAQCOVariNgK+9OF/5T9ZaSvZbkk45RTmzgQNXtFc5xfRvqwP + s+pu/DFXm1R+ltjyS5j3w6NBZUFUI5MqLQr6JEEDrbu8BvfBO57wJNAEATj1JIHEfDfh7BxnBF8f + oYFOwbrh4jOt0wz0FW2obsSVmF4GSvS7tTlWqTcsxjdZVmwP40RWu18B9jzv7M61adrWD3ksDA5O + amSOsZi3Nt0aacDkyGRdCIEFi0fplxQInXMtD1z3RhXu2JSTAIr54Cei49Bh71kAXSWHMCog/f8a + lSrZyqZBty/ACfU9DqlPIM+giHePKm4z2bcdpUdKZk6wcKDn4CvuBOqsMBMg7L05UEyyqTPD/4dk + 2GwJ8Nv0E5gsYHCIXF2cZ3OUVsw0mB/ozleEJVDE02uZZN/1wW1Xq028LsMdgN0Wk1WvWyF5MEdh + nPWuhqp6tNaDI/kK6XQF+LjYJUzua3AQFOHfYNLKhO6d+bJ4rr0833v4v3cLW34kbXkKb6U3Yv8X + SK3jBGCACiPgnc0N6awkh1kDlrZQ7GMsl14c+2+vpl9Lf0sL0mRUIyICfSC8MjlsP/BZH3emyfsk + iWivPALomycKqP+PSkt1WaWApGENZWk1wNN99FYSYlt6LViW2p6T97fRx4jPRlHu+wecfD2k9RP4 + bt5W2HWfOP0zNAS7SnAVLEl2QZxXKw== + + + + + + qOSWbDOGS31lv3aUZVOgqZyLVrKXXRfmxFQxEylcFY/bRqakeY1EYCkvwTkD9kxlLEd/2SSQYWEZ + ZTjYa1EK1SlfyOsKd2eNKjxGtUSSxPkJRvYi/KgVedgp15C5p1Emsd3bKUs5knLebw4k576RxvY6 + 9AChXk48u1Pa7/Bicm89Io8JaQaDvSUXWD19j6686EniS6MSqvhsLsgmeS4V0TdKdWvjQIq0wJmP + nBtWUy5DJn3glMtbeh/2xuEZ2Dkkjzr5O0W+vJUKVKm/qW2zbgdqP2/XA8LSywrRlZbvuVo/Jq8r + WNxRhUDNtI98lXkSJ5hqk0wwXpUGvwjuCSqgZZmnmBCLzWGxbPfgJamnYr8AzudUaXT6PXz0qbAa + cmTL+ktm1zblDC/kZPfVsiiUzzND02YUS2euGVxIZc95EFlaEpa3MMIpurI+i0VG+SEagN5cURVC + OjVysokC2pkKfrd//ThlvS9aywnMO8haNLPC4TEzzIr+KJff4UFYk/vCAsw7K9DjPWYheP1GoBUZ + bSApVe9HI4dQ6bGY80CEVRmo/LkPyXbX0c+BONyou1NGtlaYaP7eqaC1Z3b+OrZF+Z2BrTFuFnzK + A2X5UPaWo77yra9owdcKG+p7FPlU5gHFmcuAQjx/l8nw8P9EhQXVHHiSSbT1iHmBQ1GO6J6bX/s= + + AQAB + + + + diff --git a/src/test/resources/bom-1.2-metadata-pedigree.xml b/src/test/resources/bom-1.2-metadata-pedigree.xml new file mode 100644 index 0000000000..e4776a2ddb --- /dev/null +++ b/src/test/resources/bom-1.2-metadata-pedigree.xml @@ -0,0 +1,35 @@ + + + + + com.acme + sample-library + 1.0.0 + + + + org.example + sample-library-ancestor-1 + 1.0.0 + + + org.example + sample-library-ancestor-2 + 1.0.0 + + + + + org.example + sample-library-descendant + 1.0.1 + + + + + + + + diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index f91b591137..87d6ddb43e 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -14,19 +14,44 @@ "description": "Integration testing specific to the runtime platform" } ], - "tools": [ - { - "vendor": "Awesome Vendor", - "name": "Awesome Tool", - "version": "9.1.2", - "hashes": [ - { - "alg": "SHA-1", - "content": "25ed8e31b995bb927966616df2a42b979a2717f0" - } - ] - } - ], + "tools": { + "components": [ + { + "type": "application", + "group": "Awesome Vendor", + "name": "Awesome Tool", + "version": "9.1.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "25ed8e31b995bb927966616df2a42b979a2717f0" + }, + { + "alg": "SHA-256", + "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + ] + } + ], + "services": [ + { + "provider": { + "name": "Acme Org", + "url": [ + "https://example.com" + ] + }, + "group": "com.example", + "name": "Acme Signing Server", + "description": "Signs artifacts", + "endpoints": [ + "https://example.com/sign", + "https://example.com/verify", + "https://example.com/tsa" + ] + } + ] + }, "authors": [ { "name": "Samantha Wright", @@ -403,6 +428,7 @@ ], "authenticated": true, "x-trust-boundary": true, + "trustZone": "value", "data": [ { "flow": "inbound", @@ -547,19 +573,33 @@ } ] }, - "tools": [ - { - "vendor": "Sonatype", - "name": "Sonatype CLI", - "version": "1.131", - "hashes": [ - { - "alg": "SHA-256", - "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" - } - ] - } - ], + "tools": { + "components": [ + { + "type": "application", + "group": "Sonatype", + "name": "Sonatype CLI", + "version": "1.131", + "hashes": [ + { + "alg": "SHA-256", + "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ], + "services": [ + { + "provider": { + "name": "Sonatype" + }, + "name": "Sonatype CLI Scanner", + "endpoints": [ + "https://www.sonatype.com/scanner" + ] + } + ] + }, "analysis": { "state": "not_affected", "justification": "code_not_reachable", @@ -567,8 +607,8 @@ "update" ], "detail": "An optional explanation of why the application is not affected by the vulnerable component.", - "firstIssued": "2022-01-01T00:00:00.000Z", - "lastUpdated": "2022-02-01T00:00:00.000Z" + "firstIssued": "2022-01-01T00:00:00Z", + "lastUpdated": "2022-02-01T00:00:00Z" }, "affects": [ { diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index c0c9f517eb..6f06d98288 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -12,14 +12,32 @@ - - Awesome Vendor - Awesome Tool - 9.1.2 - - 25ed8e31b995bb927966616df2a42b979a2717f0 - - + + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + + + + + + + Acme Org + https://example.com + + com.example + Acme Signing Server + Signs artifacts + + https://example.com/sign + https://example.com/verify + https://example.com/tsa + + + @@ -311,6 +329,7 @@ true true + value PII PIFI @@ -421,14 +440,27 @@ - - Sonatype - Sonatype CLI - 1.131 - - 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d - - + + + Sonatype + Sonatype CLI + 1.131 + + 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d + + + + + + + Sonatype + + Sonatype CLI Scanner + + https://www.sonatype.com/scanner + + + not_affected diff --git a/src/test/resources/bom-object-locator.json b/src/test/resources/bom-object-locator.json new file mode 100644 index 0000000000..2620601c44 --- /dev/null +++ b/src/test/resources/bom-object-locator.json @@ -0,0 +1,38 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "component": { + "bom-ref": "0a7ac0b2-0f52-45c6-8f73-4dbcfb25286b", + "type": "application", + "name": "Acme Application", + "version": "9.1.1" + } + }, + "components": [ + { + "bom-ref": "ac9c4a17-2bc2-42ef-81af-01a8e363501f", + "type": "library", + "name": "tomcat-catalina", + "version": "9.0.14" + } + ], + "services": [ + { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "name": "Stock ticker service" + } + ], + "vulnerabilities": [ + { + "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", + "source": { + "name": "Snyk", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + } + } + ] +} diff --git a/src/test/resources/regression/issue214-expected-output.json b/src/test/resources/regression/issue214-expected-output.json index 86474430c5..98121eb0f5 100644 --- a/src/test/resources/regression/issue214-expected-output.json +++ b/src/test/resources/regression/issue214-expected-output.json @@ -4,6 +4,7 @@ "version" : 1, "components" : [ { + "type" : "library", "group" : "org.example", "name" : "mylibrary", "version" : "1.0.0", @@ -27,8 +28,7 @@ } ] } - ], - "type" : "library" + ] } ] -} +} \ No newline at end of file diff --git a/src/test/resources/regression/issue214-expected-output.xml b/src/test/resources/regression/issue214-expected-output.xml index d2db29b8fe..8e20256b1f 100644 --- a/src/test/resources/regression/issue214-expected-output.xml +++ b/src/test/resources/regression/issue214-expected-output.xml @@ -1,21 +1,21 @@ - - - - - org.example - mylibrary - 1.0.0 - - - https://example.org/support/sbom/portal-server/1.0.0 - An external SBOM that describes what this component includes - - 2cd42512b65500dc7ba0ff13490b0b73 - 226247b40160f2892fa4c7851b5b913d5d10912d - 09a72795a920c1a9c0209cfb8395f8d97089832d249cba8c0938a3423b3ed1d1 - - - - - + + + + + org.example + mylibrary + 1.0.0 + + + https://example.org/support/sbom/portal-server/1.0.0 + An external SBOM that describes what this component includes + + 2cd42512b65500dc7ba0ff13490b0b73 + 226247b40160f2892fa4c7851b5b913d5d10912d + 09a72795a920c1a9c0209cfb8395f8d97089832d249cba8c0938a3423b3ed1d1 + + + + + diff --git a/src/test/resources/regression/issue408-1.5.json b/src/test/resources/regression/issue408-1.5.json new file mode 100644 index 0000000000..114cf87e55 --- /dev/null +++ b/src/test/resources/regression/issue408-1.5.json @@ -0,0 +1,70 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:1624fa6f-aebe-4dba-8ead-f2c876c9b832", + "version": 1, + "metadata": { + "licenses": [ + { + "id": "MIT" + }, + { + "name": "MIT" + } + ] + }, + "components": [ + { + "type": "library", + "name": "test", + "licenses": [ + { + "id": "MIT", + "bom-ref": "test-1" + }, + { + "name": "MIT WITH Libtool-exception" + } + ] + }, + { + "type": "library", + "name": "test", + "licenses": [ + { + "expression": "CC0-1.0", + "bom-ref": "test" + } + ] + }, + { + "type": "library", + "name": "test-1", + "evidence": { + "licenses": [ + { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + }, + { + "id": "LGPL-2.1-only", + "url": "https://opensource.org/licenses/LGPL-2.1" + } + ] + } + } + ], + "services": [ + { + "name": "Stock ticker service", + "licenses": [ + { + "name": "Partner license" + }, + { + "name": "test" + } + ] + } + ] +} diff --git a/src/test/resources/regression/issue408-1.5.xml b/src/test/resources/regression/issue408-1.5.xml new file mode 100644 index 0000000000..0e01d71fb7 --- /dev/null +++ b/src/test/resources/regression/issue408-1.5.xml @@ -0,0 +1,60 @@ + + + + + + MIT + + + MIT + + + + + + test + + + MIT + + + MIT WITH Libtool-exception + + + + + test + + CC0-1.0 + + + + test-1 + + + + Apache-2.0 + http://www.apache.org/licenses/LICENSE-2.0 + + + LGPL-2.1-only + https://opensource.org/licenses/LGPL-2.1 + + + + + + + + Stock ticker service + + + Partner license + + + test + + + + + diff --git a/src/test/resources/regression/issue408-extensible-type.xml b/src/test/resources/regression/issue408-extensible-type.xml new file mode 100644 index 0000000000..66027b405c --- /dev/null +++ b/src/test/resources/regression/issue408-extensible-type.xml @@ -0,0 +1,21 @@ + + + + + concluded-license + 1.0 + + + MIT + test + + + MIT WITH Libtool-exception + test1 + + + pkg:npm/%40ort/concluded-license@1.0?classifier=sources + test + + + \ No newline at end of file diff --git a/src/test/resources/regression/issue408-external-reference.json b/src/test/resources/regression/issue408-external-reference.json new file mode 100644 index 0000000000..4440ccebce --- /dev/null +++ b/src/test/resources/regression/issue408-external-reference.json @@ -0,0 +1,60 @@ +{ + "bomFormat" : "CycloneDX", + "specVersion" : "1.6", + "serialNumber" : "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version" : 1, + "components" : [ + { + "group" : "org.example", + "name" : "mylibrary", + "version" : "1.0.0", + "externalReferences" : [ + { + "type" : "advisories", + "url" : "https://example.org/security/feed/csaf", + "comment" : "Security advisories from the vendor" + }, + { + "type" : "bom", + "url" : "https://example.org/support/sbom/portal-server/1.0.0", + "comment" : "An external SBOM that describes what this component includes", + "hashes" : [ + { + "alg" : "SHA-256", + "content" : "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + } + ] + }, + { + "type" : "documentation", + "url" : "https://example.org/support/documentation/portal-server/1.0.0", + "comment" : "Vendor provided documentation for the product" + } + ], + "type" : "library" + } + ], + "externalReferences" : [ + { + "type" : "advisories", + "url" : "https://example.org/security/feed/csaf", + "comment" : "Security advisories from the vendor" + }, + { + "type" : "bom", + "url" : "https://example.org/support/sbom/portal-server/1.0.0", + "comment" : "An external SBOM that describes what this component includes", + "hashes" : [ + { + "alg" : "SHA-256", + "content" : "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + } + ] + }, + { + "type" : "documentation", + "url" : "https://example.org/support/documentation/portal-server/1.0.0", + "comment" : "Vendor provided documentation for the product" + } + ] +} \ No newline at end of file diff --git a/src/test/resources/regression/issue408-external-reference.xml b/src/test/resources/regression/issue408-external-reference.xml new file mode 100644 index 0000000000..283ca315b9 --- /dev/null +++ b/src/test/resources/regression/issue408-external-reference.xml @@ -0,0 +1,44 @@ + + + + + org.example + mylibrary + 1.0.0 + + + https://example.org/security/feed/csaf + Security advisories from the vendor + + + https://example.org/support/sbom/portal-server/1.0.0 + An external SBOM that describes what this component includes + + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + + + + https://example.org/support/documentation/portal-server/1.0.0 + Vendor provided documentation for the product + + + + + + + https://example.org/security/feed/csaf + Security advisories from the vendor + + + https://example.org/support/sbom/portal-server/1.0.0 + An external SBOM that describes what this component includes + + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + + + + https://example.org/support/documentation/portal-server/1.0.0 + Vendor provided documentation for the product + + + diff --git a/src/test/resources/regression/issue408.json b/src/test/resources/regression/issue408.json new file mode 100644 index 0000000000..368590ef41 --- /dev/null +++ b/src/test/resources/regression/issue408.json @@ -0,0 +1,76 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:1624fa6f-aebe-4dba-8ead-f2c876c9b832", + "version": 1, + "metadata": { + "licenses": [ + { + "id": "MIT" + }, + { + "name": "MIT-test", + "properties": { + "name": "name", + "value": "value1" + } + } + ] + }, + "components": [ + { + "type": "library", + "name": "test", + "licenses": [ + { + "id": "MIT", + "acknowledgement": "concluded", + "bom-ref": "test-1" + }, + { + "name": "MIT WITH Libtool-exception" + } + ] + }, + { + "type": "library", + "name": "test", + "licenses": [ + { + "expression": "CC0-1.0", + "acknowledgement": "concluded", + "bom-ref": "test" + } + ] + }, + { + "type": "library", + "name": "test-1", + "evidence": { + "licenses": [ + { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + }, + { + "id": "LGPL-2.1-only", + "url": "https://opensource.org/licenses/LGPL-2.1" + } + ] + } + } + ], + "services": [ + { + "name": "Stock ticker service", + "licenses": [ + { + "name": "Partner license" + }, + { + "name": "test" + } + ] + } + ] +} diff --git a/src/test/resources/regression/issue408.xml b/src/test/resources/regression/issue408.xml new file mode 100644 index 0000000000..b75b1d93cd --- /dev/null +++ b/src/test/resources/regression/issue408.xml @@ -0,0 +1,63 @@ + + + + + + MIT + + + MIT-test + + value1 + + + + + + + test + + + MIT + + + MIT WITH Libtool-exception + + + + + test + + CC0-1.0 + + + + test-1 + + + + Apache-2.0 + http://www.apache.org/licenses/LICENSE-2.0 + + + LGPL-2.1-only + https://opensource.org/licenses/LGPL-2.1 + + + + + + + + Stock ticker service + + + Partner license + + + test + + + + + diff --git a/src/test/resources/regression/issue492.json b/src/test/resources/regression/issue492.json new file mode 100644 index 0000000000..a88564fb10 --- /dev/null +++ b/src/test/resources/regression/issue492.json @@ -0,0 +1,17 @@ +{ + "bomFormat":"CycloneDX", + "specVersion":"1.4", + "serialNumber":"urn:uuid:0c81ff2e-d64e-4897-bfa4-2f0f7d8ab767", + "version" : 1, + "metadata" : { + "timestamp":"2024-12-09T21:56:45Z", + "tools": [ + { + "name": "tool-a" + }, + { + "name": "tool-b" + } + ] + } +} \ No newline at end of file diff --git a/src/test/resources/regression/issue492.xml b/src/test/resources/regression/issue492.xml new file mode 100644 index 0000000000..c562d1f78e --- /dev/null +++ b/src/test/resources/regression/issue492.xml @@ -0,0 +1,18 @@ + + + + 2024-12-09T21:56:45Z + + + corp A + tool A + 1-A + + + corp B + tool B + 1-B + + + + diff --git a/src/test/resources/regression/issue507.json b/src/test/resources/regression/issue507.json new file mode 100644 index 0000000000..6d5b063b0d --- /dev/null +++ b/src/test/resources/regression/issue507.json @@ -0,0 +1,28 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "components": [ + { + "type": "library", + "name": "acme-library", + "licenses": [ + { + "license": { + "name": "foo", + "licensing": { + "purchaser": { + "organization": { + "contact": [ + { + "name": "" + } + ] + } + } + } + } + } + ] + } + ] +} \ No newline at end of file diff --git a/src/test/resources/regression/issue562.json b/src/test/resources/regression/issue562.json new file mode 100644 index 0000000000..c2222e9c2b --- /dev/null +++ b/src/test/resources/regression/issue562.json @@ -0,0 +1,25 @@ +{ + "bomFormat":"CycloneDX", + "specVersion":"1.6", + "serialNumber":"urn:uuid:0c81ff2e-d64e-4897-bfa4-2f0f7d8ab767", + "version" : 1, + "metadata" : { + "timestamp":"2024-12-09T21:56:45Z", + "tools" : { + "components" : [ { + "type":"application", + "name":"TOOL 1", + "version":"v1" + }, { + "type":"application", + "name":"TOOL 2", + "version":"v2" + } ] + }, + "authors" : [ { + "name":"Author 1" + }, { + "name":"Author 2" + } ] + } +} \ No newline at end of file diff --git a/src/test/resources/regression/issue562.xml b/src/test/resources/regression/issue562.xml new file mode 100644 index 0000000000..dc37b7f13b --- /dev/null +++ b/src/test/resources/regression/issue562.xml @@ -0,0 +1,26 @@ + + + + 2024-12-09T21:56:45Z + + + + TOOL 1 + v1 + + + TOOL 2 + v2 + + + + + + Author 1 + + + Author 2 + + + + diff --git a/src/test/resources/regression/issue571.json b/src/test/resources/regression/issue571.json new file mode 100644 index 0000000000..41e037498f --- /dev/null +++ b/src/test/resources/regression/issue571.json @@ -0,0 +1,21 @@ +{ + "bomFormat":"CycloneDX", + "specVersion":"1.6", + "serialNumber":"urn:uuid:0c81ff2e-d64e-4897-bfa4-2f0f7d8ab767", + "version" : 1, + "metadata" : { + "timestamp":"2024-12-09T21:56:45Z", + "tools" : { + "components" : [ { + "type":"application", + "name":"TOOL 1", + "version":"v1" + } ] + }, + "authors" : [ { + "name":"Author 1" + }, { + "name":"Author 2" + } ] + } +} \ No newline at end of file diff --git a/src/test/resources/regression/issue571.xml b/src/test/resources/regression/issue571.xml new file mode 100644 index 0000000000..cedea26a76 --- /dev/null +++ b/src/test/resources/regression/issue571.xml @@ -0,0 +1,22 @@ + + + + 2024-12-09T21:56:45Z + + + + TOOL 1 + v1 + + + + + + Author 1 + + + Author 2 + + + + diff --git a/src/test/resources/regression/valid-metadata-tool-no-services.xml b/src/test/resources/regression/valid-metadata-tool-no-services.xml new file mode 100644 index 0000000000..39e80a96c5 --- /dev/null +++ b/src/test/resources/regression/valid-metadata-tool-no-services.xml @@ -0,0 +1,19 @@ + + + + + + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df + + + + + + + diff --git a/src/test/resources/security/xxe-protection.xml b/src/test/resources/security/xxe-protection.xml new file mode 100644 index 0000000000..f91bdcb498 --- /dev/null +++ b/src/test/resources/security/xxe-protection.xml @@ -0,0 +1,27 @@ + + %sp; %param1; %exfil;]> + + + + Example Application &xxe;3 + 2.1.0 + This is an example application + + + Apache-2.0 + + + pkg:npm/example-app@2.1.0 + + + Example Library + 3.2.1 + + + MIT + + + pkg:npm/example-lib@3.2.1 + + + \ No newline at end of file