Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

External elements fails SHACL validation #956

Open
goneall opened this issue Jan 8, 2025 · 5 comments
Open

External elements fails SHACL validation #956

goneall opened this issue Jan 8, 2025 · 5 comments
Labels
RDF/OWL/SHACL RDF graph, schema, ontology, constraint

Comments

@goneall
Copy link
Member

goneall commented Jan 8, 2025

If we only reference the SPDX listed license by URI, we get the following validation error:

Violation of type sh:ClassConstraintComponent:
	Severity: sh:Violation
	Source Shape:
		@prefix sh: <http://www.w3.org/ns/shacl#> .
		@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

		[] sh:class <https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo> ;
		    sh:maxCount 1 ;
		    sh:nodeKind sh:IRI ;
		    sh:path <https://spdx.org/rdf/3.0.1/terms/Core/dataLicense> .
	Focus Node: <https://swinslow.net/spdx-examples/example2/hello-src-v3-specv3/document0>
	Value Node: <http://spdx.org/licenses/CC0-1.0>
	Result path: <https://spdx.org/rdf/3.0.1/terms/Core/dataLicense>
	Message: Value does not have class <https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo>

The same error occurs for relationship "to" in the declared license.

In SPDX 2.X we were able to just reference listed licenses by URI - they didn't have to be in the document.

This is causing the example pull request 105 to fail.

Below is the example file which reproduces the error:

example2-src.json

@goneall goneall changed the title Listed licenses not defined in the SPDX file fails validation External elements fails SHACL validation Jan 9, 2025
@bact
Copy link
Collaborator

bact commented Jan 9, 2025

Related to this: spdx/LicenseListPublisher#183 ?

@bact
Copy link
Collaborator

bact commented Jan 9, 2025

Dataset Example 1 has a workaround by define the element itself, to pass the validation -- but this is of course should not be a preferred way.

https://github.com/spdx/spdx-examples/blob/6a5d3a00fdc3d2bcdd9bb9959a0aa09c1f9dc801/dataset/example01/spdx3.0/example01.spdx3.json#L168-L175

@bact bact added the RDF/OWL/SHACL RDF graph, schema, ontology, constraint label Jan 9, 2025
@goneall
Copy link
Member Author

goneall commented Jan 9, 2025

I wonder if there is a way to specify a property must be of class Element or not of any class at call.

@goneall
Copy link
Member Author

goneall commented Jan 9, 2025

Note that the spdx3-validate utility handles the external imports correctly.

We could adopt the spdx3-validate utility as the "official" SPDX validator and not require the SHACL file to handle this situation.

@bact
Copy link
Collaborator

bact commented Jan 10, 2025

Does there a way to tell pyshacl to skip a specific type error or errors from a specific type of element?
If we can do that, we can still have pyshacl in validation CI, along with spdx3-validate, just to make sure we don't miss anything we are unaware of.

But, yes, for general audience, I think the spdx3-validate should be advertise an official validator for SPDX, as it does more than just shape constrains but also does things that specified within SPDX spec (that does not get encoded in the RDF/SHACL).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
RDF/OWL/SHACL RDF graph, schema, ontology, constraint
Projects
None yet
Development

No branches or pull requests

2 participants