diff --git a/utils/spdx/src/main/kotlin/model/SpdxExternalReference.kt b/utils/spdx/src/main/kotlin/model/SpdxExternalReference.kt index a08cf672f6781..dddb151d62e3c 100644 --- a/utils/spdx/src/main/kotlin/model/SpdxExternalReference.kt +++ b/utils/spdx/src/main/kotlin/model/SpdxExternalReference.kt @@ -19,7 +19,9 @@ package org.ossreviewtoolkit.utils.spdx.model +import com.fasterxml.jackson.annotation.JsonAlias import com.fasterxml.jackson.annotation.JsonInclude +import com.fasterxml.jackson.annotation.JsonProperty import com.fasterxml.jackson.annotation.JsonValue import com.fasterxml.jackson.core.JsonParser import com.fasterxml.jackson.databind.DeserializationContext @@ -56,10 +58,22 @@ data class SpdxExternalReference( */ val referenceLocator: String ) { + /** + * See https://spdx.github.io/spdx-spec/v2.2.2/package-information/#721-external-reference-field for valid category + * values. Note that early versions of the version 2.2 JSON schema erroneously used underscores instead of dashes. + * Follow the proposed practice to support both for compatibility. + */ enum class Category { SECURITY, + + @JsonAlias("PACKAGE_MANAGER") + @JsonProperty("PACKAGE-MANAGER") PACKAGE_MANAGER, + + @JsonAlias("PERSISTENT_ID") + @JsonProperty("PERSISTENT-ID") PERSISTENT_ID, + OTHER } diff --git a/utils/spdx/src/test/kotlin/model/SpdxExternalReferenceTest.kt b/utils/spdx/src/test/kotlin/model/SpdxExternalReferenceTest.kt new file mode 100644 index 0000000000000..c65c3b77c4335 --- /dev/null +++ b/utils/spdx/src/test/kotlin/model/SpdxExternalReferenceTest.kt @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2023 The ORT Project Authors (see ) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * License-Filename: LICENSE + */ + +package org.ossreviewtoolkit.utils.spdx.model + +import io.kotest.assertions.json.shouldEqualJson +import io.kotest.core.spec.style.WordSpec +import io.kotest.matchers.collections.shouldContainExactly + +import org.ossreviewtoolkit.utils.spdx.SpdxModelMapper + +class SpdxExternalReferenceTest : WordSpec({ + "Serializing a categories" should { + "use dashes in names" { + SpdxModelMapper.toJson(SpdxExternalReference.Category.entries) shouldEqualJson """ + [ + "SECURITY", + "PACKAGE-MANAGER", + "PERSISTENT-ID", + "OTHER" + ] + """.trimIndent() + } + } + + "Deserializing a categories" should { + "accept dashes in names" { + SpdxModelMapper.fromJson>( + """ + [ + "SECURITY", + "PACKAGE-MANAGER", + "PERSISTENT-ID", + "OTHER" + ] + """.trimIndent() + ) shouldContainExactly SpdxExternalReference.Category.entries + } + + "accept underscores in names" { + SpdxModelMapper.fromJson>( + """ + [ + "SECURITY", + "PACKAGE_MANAGER", + "PERSISTENT_ID", + "OTHER" + ] + """.trimIndent() + ) shouldContainExactly SpdxExternalReference.Category.entries + } + } +})