feat: add properties for licenses

peschuster · peschuster · commit 4258e99ba972 · 2026-03-16T17:32:02.000+01:00
Signed-off-by: Peter Schuster &lt;p.schuster@pilz.de&gt;
diff --git a/cyclonedx/model/license.py b/cyclonedx/model/license.py
@@ -22,7 +22,7 @@
 
 from enum import Enum
 from json import loads as json_loads
-from typing import TYPE_CHECKING, Any, Optional, Union
+from typing import TYPE_CHECKING, Any, Iterable, Optional, Union
 from warnings import warn
 from xml.etree.ElementTree import Element  # nosec B405
 
@@ -34,7 +34,7 @@
 from ..exception.model import MutuallyExclusivePropertiesException
 from ..exception.serialization import CycloneDxDeserializationException
 from ..schema.schema import SchemaVersion1Dot5, SchemaVersion1Dot6, SchemaVersion1Dot7
-from . import AttachedText, XsUri
+from . import AttachedText, Property, XsUri
 from .bom_ref import BomRef
 
 
@@ -85,6 +85,7 @@ def __init__(
         id: Optional[str] = None, name: Optional[str] = None,
         text: Optional[AttachedText] = None, url: Optional[XsUri] = None,
         acknowledgement: Optional[LicenseAcknowledgement] = None,
+        properties: Optional[Iterable[Property]] = None,
     ) -> None:
         if not id and not name:
             raise MutuallyExclusivePropertiesException('Either `id` or `name` MUST be supplied')
@@ -99,6 +100,7 @@ def __init__(
         self._text = text
         self._url = url
         self._acknowledgement = acknowledgement
+        self._properties = SortedSet(properties or [])
 
     @property
     @serializable.view(SchemaVersion1Dot5)
@@ -188,6 +190,26 @@ def url(self) -> Optional[XsUri]:
     def url(self, url: Optional[XsUri]) -> None:
         self._url = url
 
+    @property
+    @serializable.view(SchemaVersion1Dot5)
+    @serializable.view(SchemaVersion1Dot6)
+    @serializable.view(SchemaVersion1Dot7)
+    @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'property')
+    @serializable.xml_sequence(4)
+    def properties(self) -> 'SortedSet[Property]':
+        """
+        Provides the ability to document properties in a key/value store. This provides flexibility to include data not
+        officially supported in the standard without having to use additional namespaces or create extensions.
+
+        Return:
+            Set of `Property`
+        """
+        return self._properties
+
+    @properties.setter
+    def properties(self, properties: Iterable[Property]) -> None:
+        self._properties = SortedSet(properties)
+
     # @property
     # ...
     # @serializable.view(SchemaVersion1Dot5)
@@ -200,18 +222,6 @@ def url(self, url: Optional[XsUri]) -> None:
     # def licensing(self, ...) -> None:
     #     ...  # TODO since CDX1.5
 
-    # @property
-    # ...
-    # @serializable.view(SchemaVersion1Dot5)
-    # @serializable.view(SchemaVersion1Dot6)
-    # @serializable.xml_sequence(6)
-    # def properties(self) -> ...:
-    #     ...  # TODO since CDX1.5
-    #
-    # @licensing.setter
-    # def properties(self, ...) -> None:
-    #     ...  # TODO since CDX1.5
-
     @property
     @serializable.view(SchemaVersion1Dot6)
     @serializable.view(SchemaVersion1Dot7)
@@ -245,6 +255,7 @@ def __comparable_tuple(self) -> _ComparableTuple:
             self._url,
             self._text,
             self._bom_ref.value,
+            _ComparableTuple(self._properties),
         ))
 
     def __eq__(self, other: object) -> bool:
diff --git a/tests/_data/models.py b/tests/_data/models.py
@@ -1101,6 +1101,31 @@ def get_bom_with_licenses() -> Bom:
         ])
 
 
+def get_bom_v1_5_with_license_properties() -> Bom:
+    return _make_bom(
+        components=[
+            Component(
+                name='c-with-license-properties', type=ComponentType.LIBRARY, bom_ref='C1',
+                licenses=[
+                    DisjunctiveLicense(
+                        id='Apache-2.0',
+                        properties=[
+                            Property(name='key1', value='val1'),
+                            Property(name='key2', value='val2'),
+                        ]
+                    ),
+                    DisjunctiveLicense(
+                        name='some other license',
+                        properties=[
+                            Property(name='myname', value='proprietary'),
+                        ]
+                    ),
+                ]
+            ),
+        ],
+    )
+
+
 def get_bom_metadata_licenses_invalid() -> Bom:
     return Bom(metadata=BomMetaData(licenses=get_invalid_license_repository()))
 
@@ -1601,6 +1626,7 @@ def get_bom_for_issue540_duplicate_components() -> Bom:
     get_bom_with_services_complex,
     get_bom_with_services_simple,
     get_bom_with_licenses,
+    get_bom_v1_5_with_license_properties,
     get_bom_with_multiple_licenses,
     get_bom_for_issue_497_urls,
     get_bom_for_issue_598_multiple_components_with_purl_qualifiers,
diff --git a/tests/_data/snapshots/get_bom_v1_5_with_license_properties-1.5.json.bin b/tests/_data/snapshots/get_bom_v1_5_with_license_properties-1.5.json.bin
@@ -0,0 +1,60 @@
+{
+  "components": [
+    {
+      "bom-ref": "C1",
+      "licenses": [
+        {
+          "license": {
+            "id": "Apache-2.0",
+            "properties": [
+              {
+                "name": "key1",
+                "value": "val1"
+              },
+              {
+                "name": "key2",
+                "value": "val2"
+              }
+            ]
+          }
+        },
+        {
+          "license": {
+            "name": "some other license",
+            "properties": [
+              {
+                "name": "myname",
+                "value": "proprietary"
+              }
+            ]
+          }
+        }
+      ],
+      "name": "c-with-license-properties",
+      "type": "library"
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "C1"
+    }
+  ],
+  "metadata": {
+    "timestamp": "2023-01-07T13:44:32.312678+00:00"
+  },
+  "properties": [
+    {
+      "name": "key1",
+      "value": "val1"
+    },
+    {
+      "name": "key2",
+      "value": "val2"
+    }
+  ],
+  "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac",
+  "version": 1,
+  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.5"
+}
diff --git a/tests/_data/snapshots/get_bom_v1_5_with_license_properties-1.5.xml.bin b/tests/_data/snapshots/get_bom_v1_5_with_license_properties-1.5.xml.bin
@@ -0,0 +1,33 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
+  <metadata>
+    <timestamp>2023-01-07T13:44:32.312678+00:00</timestamp>
+  </metadata>
+  <components>
+    <component type="library" bom-ref="C1">
+      <name>c-with-license-properties</name>
+      <licenses>
+        <license>
+          <id>Apache-2.0</id>
+          <properties>
+            <property name="key1">val1</property>
+            <property name="key2">val2</property>
+          </properties>
+        </license>
+        <license>
+          <name>some other license</name>
+          <properties>
+            <property name="myname">proprietary</property>
+          </properties>
+        </license>
+      </licenses>
+    </component>
+  </components>
+  <dependencies>
+    <dependency ref="C1"/>
+  </dependencies>
+  <properties>
+    <property name="key1">val1</property>
+    <property name="key2">val2</property>
+  </properties>
+</bom>
diff --git a/tests/_data/snapshots/get_bom_v1_5_with_license_properties-1.6.json.bin b/tests/_data/snapshots/get_bom_v1_5_with_license_properties-1.6.json.bin
@@ -0,0 +1,60 @@
+{
+  "components": [
+    {
+      "bom-ref": "C1",
+      "licenses": [
+        {
+          "license": {
+            "id": "Apache-2.0",
+            "properties": [
+              {
+                "name": "key1",
+                "value": "val1"
+              },
+              {
+                "name": "key2",
+                "value": "val2"
+              }
+            ]
+          }
+        },
+        {
+          "license": {
+            "name": "some other license",
+            "properties": [
+              {
+                "name": "myname",
+                "value": "proprietary"
+              }
+            ]
+          }
+        }
+      ],
+      "name": "c-with-license-properties",
+      "type": "library"
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "C1"
+    }
+  ],
+  "metadata": {
+    "timestamp": "2023-01-07T13:44:32.312678+00:00"
+  },
+  "properties": [
+    {
+      "name": "key1",
+      "value": "val1"
+    },
+    {
+      "name": "key2",
+      "value": "val2"
+    }
+  ],
+  "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac",
+  "version": 1,
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6"
+}
diff --git a/tests/_data/snapshots/get_bom_v1_5_with_license_properties-1.6.xml.bin b/tests/_data/snapshots/get_bom_v1_5_with_license_properties-1.6.xml.bin
@@ -0,0 +1,33 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.6" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
+  <metadata>
+    <timestamp>2023-01-07T13:44:32.312678+00:00</timestamp>
+  </metadata>
+  <components>
+    <component type="library" bom-ref="C1">
+      <name>c-with-license-properties</name>
+      <licenses>
+        <license>
+          <id>Apache-2.0</id>
+          <properties>
+            <property name="key1">val1</property>
+            <property name="key2">val2</property>
+          </properties>
+        </license>
+        <license>
+          <name>some other license</name>
+          <properties>
+            <property name="myname">proprietary</property>
+          </properties>
+        </license>
+      </licenses>
+    </component>
+  </components>
+  <dependencies>
+    <dependency ref="C1"/>
+  </dependencies>
+  <properties>
+    <property name="key1">val1</property>
+    <property name="key2">val2</property>
+  </properties>
+</bom>
diff --git a/tests/_data/snapshots/get_bom_v1_5_with_license_properties-1.7.json.bin b/tests/_data/snapshots/get_bom_v1_5_with_license_properties-1.7.json.bin
@@ -0,0 +1,60 @@
+{
+  "components": [
+    {
+      "bom-ref": "C1",
+      "licenses": [
+        {
+          "license": {
+            "id": "Apache-2.0",
+            "properties": [
+              {
+                "name": "key1",
+                "value": "val1"
+              },
+              {
+                "name": "key2",
+                "value": "val2"
+              }
+            ]
+          }
+        },
+        {
+          "license": {
+            "name": "some other license",
+            "properties": [
+              {
+                "name": "myname",
+                "value": "proprietary"
+              }
+            ]
+          }
+        }
+      ],
+      "name": "c-with-license-properties",
+      "type": "library"
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "C1"
+    }
+  ],
+  "metadata": {
+    "timestamp": "2023-01-07T13:44:32.312678+00:00"
+  },
+  "properties": [
+    {
+      "name": "key1",
+      "value": "val1"
+    },
+    {
+      "name": "key2",
+      "value": "val2"
+    }
+  ],
+  "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac",
+  "version": 1,
+  "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.7"
+}
diff --git a/tests/_data/snapshots/get_bom_v1_5_with_license_properties-1.7.xml.bin b/tests/_data/snapshots/get_bom_v1_5_with_license_properties-1.7.xml.bin
diff --git a/tests/test_model_license.py b/tests/test_model_license.py
