Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nuget UNLICENSED License Expression Produces Invalid File #915

Open
south11235 opened this issue Nov 15, 2024 · 1 comment
Open

Nuget UNLICENSED License Expression Produces Invalid File #915

south11235 opened this issue Nov 15, 2024 · 1 comment
Labels
bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed ready for development Issue is sufficiently defined and suitable for contributors to start working

Comments

@south11235
Copy link

south11235 commented Nov 15, 2024
edited
Loading

Nuget documentation defines UNLICENSED as a valid license-expression: https://github.com/nuget/home/wiki/packaging-license-within-the-nupkg-(technical-spec)#nugets-license-expression-abnf

dotnet-CycloneDX: version: 3.0.6

Steps to reproduce:

  1. .nuspec file contains <license type="expression">UNLICENSED</license>
  2. create cyclonedx file

Result:
Output contains:

      <licenses>
        <license>
          <id>UNLICENSED</id>
        </license>
      </licenses>

This is invalid because a license ID element is required to contain an SPDX-valid string. "UNLICENSED" is not allowed ( https://cyclonedx.org/docs/1.6/json/#tab-pane_metadata_component_licenses_oneOf_i0_items_license_oneOf_i0 ) on the list of valid SPDX ENUM values.

cyclonedx --version: 0.27.1+6c0e6c8f45d446ed4a28891040592e4ae4a39c3c
cyclonedx validate --input-file target_dotnet.xml --input-format xml --fail-on-errors --input-version=v1_5

Validating XML BOM...
Validation failed at line number 861 and position 27: The 'http://cyclonedx.org/schema/bom/1.5:id' element is invalid - The value 'UNLICENSED' is invalid according to its datatype 'http://cyclonedx.org/schema/spdx:licenseId' - The Enumeration constraint failed.
BOM is not valid.

Desired Output:

Reference via License Name:

      <licenses>
        <license>
          <name>UNLICENSED</name>
        </license>
      </licenses>
@github-actions github-actions bot added the triage Don't know what to do with this yet label Nov 15, 2024
@mtsfoni mtsfoni added bug Something isn't working help wanted Extra attention is needed good first issue Good for newcomers ready for development Issue is sufficiently defined and suitable for contributors to start working and removed triage Don't know what to do with this yet labels Nov 18, 2024
@mtsfoni
Copy link
Contributor

mtsfoni commented Nov 18, 2024

Probably, can make a simple condition to handle the specific case <license type="expression">UNLICENSED</license> as name and not id.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed ready for development Issue is sufficiently defined and suitable for contributors to start working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@south11235 @mtsfoni