Fix LicenseRef validation to match the spec

goneall · goneall · commit 3c69eed71911 · 2025-11-19T11:09:58.000-08:00
Disallow LicenseRef-'s ending in '+' Also fixes some error documentation and JavaDocs Fixes #51 Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
diff --git a/src/main/java/org/spdx/library/model/v2/SpdxVerificationHelper.java b/src/main/java/org/spdx/library/model/v2/SpdxVerificationHelper.java
@@ -86,7 +86,7 @@ public class SpdxVerificationHelper {
 		SpdxConstantsCompatV2.CREATOR_PREFIX_ORGANIZATION, SpdxConstantsCompatV2.CREATOR_PREFIX_TOOL};
 	static final String[] VALID_ORIGINATOR_SUPPLIER_PREFIXES = new String[] {SpdxConstantsCompatV2.NOASSERTION_VALUE, "Person:", "Organization:"};
 	static final Pattern SPDX_ELEMENT_ID_PATTERN = Pattern.compile(".*" + SpdxConstantsCompatV2.SPDX_ELEMENT_REF_PRENUM+"([0-9a-zA-Z\\.\\-\\+]+)$");
-	static final Pattern LICENSE_ID_PATTERN = Pattern.compile(".*" + SpdxConstantsCompatV2.NON_STD_LICENSE_ID_PRENUM+"([0-9a-zA-Z\\.\\-\\_]+)\\+?$");
+	static final Pattern LICENSE_ID_PATTERN = Pattern.compile(".*" + SpdxConstantsCompatV2.NON_STD_LICENSE_ID_PRENUM+"([0-9a-zA-Z\\.\\-\\_]+)$");
 	static final Pattern EXTERNAL_DOC_REF_PATTERN = Pattern.compile(".*" + SpdxConstantsCompatV2.EXTERNAL_DOC_REF_PRENUM+"([0-9a-zA-Z\\.\\-\\+]+)$");; 
 	static final Pattern CREATED_DATE_PATTERN = Pattern.compile("^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}Z$");
 
@@ -95,7 +95,7 @@ public static String verifyNonStdLicenseId(String licenseUri) {
 			return null;
 		} else {
 			return "Invalid license objectUri '"+licenseUri+"'.  Must start with 'LicenseRef-' " +
-					"and made up of the characters from the set 'a'-'z', 'A'-'Z', '0'-'9', '+', '_', '.', and '-'.";
+					"and made up of the characters from the set 'a'-'z', 'A'-'Z', '0'-'9', '.', and '-'.";
 		}
 	}
 	
diff --git a/src/main/java/org/spdx/library/model/v2/license/SimpleLicensingInfo.java b/src/main/java/org/spdx/library/model/v2/license/SimpleLicensingInfo.java
@@ -40,7 +40,7 @@ public abstract class SimpleLicensingInfo extends AnyLicenseInfo {
 	
 	/**
 	 * Open or create a model object with the default store and default document URI
-	 * @param objectUri ID for this object - must be unique within the SPDX document
+	 * @param id ID for this object - must be unique within the SPDX document
 	 * @throws InvalidSPDXAnalysisException 
 	 */
 	SimpleLicensingInfo(String id) throws InvalidSPDXAnalysisException {
@@ -54,7 +54,7 @@ public abstract class SimpleLicensingInfo extends AnyLicenseInfo {
 	 * Create a new SimpleLicensingInfo object
 	 * @param modelStore container which includes the license
 	 * @param documentUri URI for the SPDX document containing the license
-	 * @param objectUri identifier for the license
+	 * @param id identifier for the license
 	 * @param copyManager if non-null, allows for copying of any properties set which use other model stores or document URI's
 	 * @param create if true, create the license if it does not exist
 	 * @throws InvalidSPDXAnalysisException 
diff --git a/src/test/java/org/spdx/library/model/compat/v2/SpdxVerificationHelperTest.java b/src/test/java/org/spdx/library/model/compat/v2/SpdxVerificationHelperTest.java
@@ -51,15 +51,16 @@ protected void tearDown() throws Exception {
 	}
 
 	/**
-	 * Test method for {@link org.spdx.library.SpdxVerificationHelper#verifyNonStdLicenseid(java.lang.String)}.
+	 * Test method for {@link org.spdx.library.model.v2.SpdxVerificationHelper#verifyNonStdLicenseid(java.lang.String)}.
 	 */
 	public void testVerifyNonStdLicenseId() {
 		assertTrue(Objects.isNull(SpdxVerificationHelper.verifyNonStdLicenseId(SpdxConstantsCompatV2.NON_STD_LICENSE_ID_PRENUM+"something")));
 		assertFalse(Objects.isNull(SpdxVerificationHelper.verifyNonStdLicenseId("InvalidID")));
+		assertFalse(Objects.isNull(SpdxVerificationHelper.verifyNonStdLicenseId(SpdxConstantsCompatV2.NON_STD_LICENSE_ID_PRENUM+"something+")));
 	}
 
 	/**
-	 * Test method for {@link org.spdx.library.SpdxVerificationHelper#verifyCreator(java.lang.String)}.
+	 * Test method for {@link org.spdx.library.model.v2.SpdxVerificationHelper#verifyCreator(java.lang.String)}.
 	 */
 	public void testVerifyCreator() {
 		assertTrue(Objects.isNull(SpdxVerificationHelper.verifyCreator("Person:me")));
@@ -69,7 +70,7 @@ public void testVerifyCreator() {
 	}
 
 	/**
-	 * Test method for {@link org.spdx.library.SpdxVerificationHelper#verifyOriginator(java.lang.String)}.
+	 * Test method for {@link org.spdx.library.model.v2.SpdxVerificationHelper#verifyOriginator(java.lang.String)}.
 	 */
 	public void testVerifyOriginator() {
 		assertTrue(Objects.isNull(SpdxVerificationHelper.verifyOriginator("Person:me")));
@@ -79,7 +80,7 @@ public void testVerifyOriginator() {
 	}
 
 	/**
-	 * Test method for {@link org.spdx.library.SpdxVerificationHelper#verifySupplier(java.lang.String)}.
+	 * Test method for {@link org.spdx.library.model.v2.SpdxVerificationHelper#verifySupplier(java.lang.String)}.
 	 */
 	public void testVerifySupplier() {
 		assertTrue(Objects.isNull(SpdxVerificationHelper.verifySupplier("Person:me")));
@@ -89,7 +90,7 @@ public void testVerifySupplier() {
 	}
 
 	/**
-	 * Test method for {@link org.spdx.library.SpdxVerificationHelper#verifyDate(java.lang.String)}.
+	 * Test method for {@link org.spdx.library.model.v2.SpdxVerificationHelper#verifyDate(java.lang.String)}.
 	 */
 	public void testVerifyDate() {
 		DateFormat format = new SimpleDateFormat(SpdxConstantsCompatV2.SPDX_DATE_FORMAT);
@@ -99,7 +100,7 @@ public void testVerifyDate() {
 	}
 
 	/**
-	 * Test method for {@link org.spdx.library.SpdxVerificationHelper#verifyAnnotator(java.lang.String)}.
+	 * Test method for {@link org.spdx.library.model.v2.SpdxVerificationHelper#verifyAnnotator(java.lang.String)}.
 	 */
 	public void testVerifyAnnotator() {
 		assertTrue(Objects.isNull(SpdxVerificationHelper.verifyAnnotator("Person:me")));
@@ -109,23 +110,23 @@ public void testVerifyAnnotator() {
 	}
 
 	/**
-	 * Test method for {@link org.spdx.library.SpdxVerificationHelper#isValidExternalDocRef(java.lang.String)}.
+	 * Test method for {@link org.spdx.library.model.v2.SpdxVerificationHelper#isValidExternalDocRef(java.lang.String)}.
 	 */
 	public void testIsValidExternalDocRef() {
 		assertTrue(SpdxVerificationHelper.isValidExternalDocRef("DocumentRef-SPDXA"));
 		assertFalse(SpdxVerificationHelper.isValidExternalDocRef("WrongDocRef-SPDXA"));
 	}
 
 	/**
-	 * Test method for {@link org.spdx.library.SpdxVerificationHelper#isValidUri(java.lang.String)}.
+	 * Test method for {@link org.spdx.library.model.v2.SpdxVerificationHelper#isValidUri(java.lang.String)}.
 	 */
 	public void testIsValidUri() {
 		assertTrue(SpdxVerificationHelper.isValidUri("https://spdx.org/spdx-specification-21-web-version#h.h430e9ypa0j9"));
 		assertFalse(SpdxVerificationHelper.isValidUri("bad uri"));
 	}
 
 	/**
-	 * Test method for {@link org.spdx.library.SpdxVerificationHelper#verifyChecksumString(java.lang.String, org.spdx.library.model.compat.v2.compat.v2.enumerations.ChecksumAlgorithm)}.
+	 * Test method for {@link org.spdx.library.model.v2.SpdxVerificationHelper#verifyChecksumString(java.lang.String, org.spdx.library.model.v2.enumerations.ChecksumAlgorithm, java.lang.String)}.
 	 */
 	public void testVerifyChecksumString() {
 		assertTrue(Objects.isNull(SpdxVerificationHelper.verifyChecksumString("bc527343c7ffc103111f3a694b004e2f", ChecksumAlgorithm.MD5, Version.CURRENT_SPDX_VERSION)));
@@ -153,7 +154,7 @@ public void testVerifyChecksumString() {
 	}
 
 	/**
-	 * Test method for {@link org.spdx.library.SpdxVerificationHelper#verifyDownloadLocation(java.lang.String)}.
+	 * Test method for {@link org.spdx.library.model.v2.SpdxVerificationHelper#verifyDownloadLocation(java.lang.String)}.
 	 */
 	public void testVerifyDownloadLocation() {
 		assertTrue(Objects.isNull(SpdxVerificationHelper.verifyDownloadLocation("NONE")));
