pax_global_header00006660000000000000000000000064147601176130014520gustar00rootroot0000000000000052 comment=65026ac193fc6b070a6c9b432f8091a7b7f5a8c7 cyclonedx-python-lib-9.1.0/000077500000000000000000000000001476011761300156025ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/.editorconfig000066400000000000000000000011021476011761300202510ustar00rootroot00000000000000# EditorConfig is awesome: https://EditorConfig.org root = true [*] insert_final_newline = true charset = utf-8 trim_trailing_whitespace = true end_of_line = lf [*.py] indent_style = space indent_size = 4 [*.{yml,yaml}] indent_style = space indent_size = 2 [*.toml] indent_style = space indent_size = 2 [*.md] charset = latin1 indent_style = space indent_size = 2 # 2 trailing spaces indicate line breaks. trim_trailing_whitespace = false [*.{rst,txt}] indent_style = space indent_size = 4 [{*.ini,.bandit,.flake8}] charset = latin1 indent_style = space indent_size = 4 cyclonedx-python-lib-9.1.0/.flake8000066400000000000000000000031231476011761300167540ustar00rootroot00000000000000[flake8] ## https://flake8.pycqa.org/en/latest/user/configuration.html ## keep in sync with isort config - in `isort.cfg` file exclude = build,dist,__pycache__,.eggs,*.egg-info*, *_cache,*.cache, .git,.tox,.venv,venv,.venv*,venv*, _OLD,_TEST, docs max-line-length = 120 max-complexity = 10 ignore = # ignore `self`, `cls` markers of flake8-annotations>=2.0 ANN101,ANN102 # ignore ANN401 for dynamically typed *args and **kwargs ANN401 # See https://www.flake8rules.com/rules/W503.html # > Despite being in the best practice section, this will soon be considered an anti-pattern. # So lets ignore this "suggestion" that is actually an anti-pattern already! W503 ## https://pypi.org/project/flake8-copyright-validator/ copyright-text = '# This file is part of CycloneDX Python Library' '#' '# Licensed under the Apache License, Version 2.0 (the "License");' '# you may not use this file except in compliance with the License.' '# You may obtain a copy of the License at' '#' '# http://www.apache.org/licenses/LICENSE-2.0' '#' '# Unless required by applicable law or agreed to in writing, software' '# distributed under the License is distributed on an "AS IS" BASIS,' '# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.' '# See the License for the specific language governing permissions and' '# limitations under the License.' '#' '# SPDX-License-Identifier: Apache-2.0' '# Copyright (c) OWASP Foundation. All Rights Reserved.' lines-to-exclude = ## shebang '#!' cyclonedx-python-lib-9.1.0/.gitattributes000066400000000000000000000000541476011761300204740ustar00rootroot00000000000000 cyclonedx/schema/** linguist-vendored cyclonedx-python-lib-9.1.0/.github/000077500000000000000000000000001476011761300171425ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/.github/dependabot.yml000066400000000000000000000014111476011761300217670ustar00rootroot00000000000000# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates version: 2 updates: - package-ecosystem: 'pip' directory: '/' schedule: interval: 'weekly' day: 'saturday' allow: - dependency-type: 'all' versioning-strategy: 'auto' labels: [ 'dependencies' ] commit-message: ## prefix maximum string length of 15 prefix: 'chore' include: 'scope' open-pull-requests-limit: 999 - package-ecosystem: 'github-actions' directory: '/' schedule: interval: 'weekly' day: 'saturday' labels: [ 'dependencies' ] commit-message: ## prefix maximum string length of 15 prefix: 'chore' include: 'scope' open-pull-requests-limit: 999 cyclonedx-python-lib-9.1.0/.github/workflows/000077500000000000000000000000001476011761300211775ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/.github/workflows/python.yml000066400000000000000000000200471476011761300232460ustar00rootroot00000000000000# For details of what checks are run for PRs please refer below # docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions name: Python CI on: push: branches: ["main", "next"] tags: [ 'v*' ] pull_request: workflow_dispatch: schedule: # schedule daily tests, since some dependencies are not intended to be pinned # this means: at 23:42 every day - cron: '42 23 * * *' concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true env: REPORTS_DIR: CI_reports PYTHON_VERSION_DEFAULT: "3.11" POETRY_VERSION: "1.8.1" TESTS_REPORTS_ARTIFACT: tests-reports jobs: coding-standards: name: Linting & CodingStandards runs-on: ubuntu-latest timeout-minutes: 10 steps: - name: Checkout # see https://github.com/actions/checkout uses: actions/checkout@v4 - name: Setup Python Environment # see https://github.com/actions/setup-python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry uses: Gr1N/setup-poetry@v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies run: poetry install --no-root - name: Run tox run: poetry run tox run -e flake8 -s false security-issues: name: find Security Issues runs-on: ubuntu-latest timeout-minutes: 10 steps: - name: Checkout # see https://github.com/actions/checkout uses: actions/checkout@v4 - name: Setup Python Environment # see https://github.com/actions/setup-python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry uses: Gr1N/setup-poetry@v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies run: poetry install --no-root - name: Run tox run: poetry run tox run -e bandit -s false static-code-analysis: name: StaticCodingAnalysis (py${{ matrix.python-version}} ${{ matrix.toxenv-factors }}) runs-on: ${{ matrix.os }} timeout-minutes: 10 strategy: fail-fast: false matrix: include: - # test with the latest dependencies os: ubuntu-latest python-version: '3.13' toxenv-factors: '-current' - # test with the lowest dependencies os: ubuntu-latest python-version: '3.8' toxenv-factors: '-lowest' steps: - name: Checkout # see https://github.com/actions/checkout uses: actions/checkout@v4 - name: Setup Python Environment # see https://github.com/actions/setup-python uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} architecture: 'x64' - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry uses: Gr1N/setup-poetry@v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies run: poetry install --no-root - name: Run tox run: poetry run tox run -e mypy${{ matrix.toxenv-factors }} -s false build-and-test: name: Test (${{ matrix.os }} py${{ matrix.python-version }} ${{ matrix.toxenv-factors }}) runs-on: ${{ matrix.os }} timeout-minutes: 15 strategy: fail-fast: false matrix: os: ['ubuntu-latest', 'windows-latest', 'macos-13'] python-version: - "3.13" # highest supported - "3.12" - "3.11" - "3.10" - "3.9" - "3.8" # lowest supported toxenv-factors: - '-allExtras' - '-noExtras' steps: - name: Disabled Git auto EOL CRLF transforms run: | git config --global core.autocrlf false git config --global core.eol lf - name: Checkout # see https://github.com/actions/checkout uses: actions/checkout@v4 - name: Create reports directory run: mkdir ${{ env.REPORTS_DIR }} - name: Setup Python Environment # see https://github.com/actions/setup-python uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} architecture: 'x64' - name: Validate Python Environment shell: python run: | import sys print('Python %s on %s in %s' % (sys.version, sys.platform, sys.getdefaultencoding())) - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry uses: Gr1N/setup-poetry@v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies run: poetry install --no-root - name: Ensure build successful run: poetry build - name: Run tox run: poetry run tox run -e py${{ matrix.toxenv-factors }} -s false - name: Generate coverage reports if: ${{ failure() || success() }} shell: bash run: | set -eux poetry run coverage report -m poetry run coverage xml -o '${{ env.REPORTS_DIR }}/coverage/${{ matrix.os }}_py${{ matrix.python-version }}_${{ matrix.toxenv-factors }}.cobertura.xml' - name: Artifact reports if: ${{ ! cancelled() }} # see https://github.com/actions/upload-artifact uses: actions/upload-artifact@v4 with: name: ${{ env.TESTS_REPORTS_ARTIFACT }}-${{ matrix.os }}-py${{ matrix.python-version }}${{ matrix.toxenv-factors }} path: ${{ env.REPORTS_DIR }} if-no-files-found: error report-coverage: name: Publish test coverage needs: [ "build-and-test" ] runs-on: ubuntu-latest timeout-minutes: 5 steps: - name: fetch test artifacts # see https://github.com/actions/download-artifact uses: actions/download-artifact@v4 with: path: ${{ env.REPORTS_DIR }} pattern: ${{ env.TESTS_REPORTS_ARTIFACT }}-* merge-multiple: true - name: Run codacy-coverage-reporter env: CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }} if: ${{ env.CODACY_PROJECT_TOKEN != '' }} ## see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets # see https://github.com/codacy/codacy-coverage-reporter-action uses: codacy/codacy-coverage-reporter-action@v1 with: project-token: ${{ env.CODACY_PROJECT_TOKEN }} coverage-reports: ${{ env.REPORTS_DIR }}/coverage/* examples: name: Examples E:${{ matrix.install-extras || '' }} runs-on: ubuntu-latest timeout-minutes: 10 strategy: fail-fast: false matrix: install-extras: - '' # none - json-validation - xml-validation steps: - name: Checkout # see https://github.com/actions/checkout uses: actions/checkout@v4 - name: Setup Python Environment # see https://github.com/actions/setup-python uses: actions/setup-python@v5 with: python-version: '>=3.8 <=3.13' # supported version range - name: Validate Python Environment shell: python run: | import sys print('Python %s on %s in %s' % (sys.version, sys.platform, sys.getdefaultencoding())) - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry uses: Gr1N/setup-poetry@v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install package and prod dependencies run: poetry install --only=main --extras='${{ matrix.install-extras }}' -vvv - name: run all examples run: > find examples -type f -name '*.py' -print0 | xargs -0 -L1 -t poetry run python cyclonedx-python-lib-9.1.0/.github/workflows/release.yml000066400000000000000000000107651476011761300233530ustar00rootroot00000000000000name: Release on: workflow_dispatch: inputs: release_force: # see https://python-semantic-release.readthedocs.io/en/latest/github-action.html#command-line-options description: | Force release be one of: [major | minor | patch] Leave empty for auto-detect based on commit messages. type: choice options: - "" # auto - no force - major # force major - minor # force minor - patch # force patch default: "" required: false prerelease_token: description: 'The "prerelease identifier" to use as a prefix for the "prerelease" part of a semver. Like the rc in `1.2.0-rc.8`.' type: choice options: - rc - beta - alpha default: rc required: false prerelease: description: "Is a pre-release" type: boolean default: false required: false concurrency: group: deploy cancel-in-progress: false # prevent hickups with semantic-release env: PYTHON_VERSION_DEFAULT: "3.11" POETRY_VERSION: "1.8.1" jobs: quicktest: runs-on: ubuntu-latest steps: - name: Checkout code # see https://github.com/actions/checkout uses: actions/checkout@v4 - name: Setup Python Environment # see https://github.com/actions/setup-python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry uses: Gr1N/setup-poetry@v9 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Install dependencies run: poetry install --no-root - name: Run tox run: poetry run tox run -e py -s false release: needs: - quicktest # https://github.community/t/how-do-i-specify-job-dependency-running-in-another-workflow/16482 # limit this to being run on regular commits, not the commits that semantic-release will create # but also allow manual workflow dispatch if: "!contains(github.event.head_commit.message, 'chore(release):')" runs-on: ubuntu-latest permissions: # NOTE: this enables trusted publishing. # See https://github.com/pypa/gh-action-pypi-publish/tree/release/v1#trusted-publishing # and https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/ id-token: write contents: write steps: - name: Checkout code # see https://github.com/actions/checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup python # see https://github.com/actions/setup-python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - name: Install and configure Poetry # See https://github.com/marketplace/actions/install-poetry-action uses: snok/install-poetry@v1 with: version: ${{ env.POETRY_VERSION }} virtualenvs-create: true virtualenvs-in-project: true installer-parallel: true - name: Install dependencies run: poetry install --no-root - name: View poetry version run: poetry --version - name: Python Semantic Release id: release # see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html # see https://github.com/python-semantic-release/python-semantic-release uses: python-semantic-release/python-semantic-release@v9.1.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} force: ${{ github.event.inputs.release_force }} prerelease: ${{ github.event.inputs.prerelease }} prerelease_token: ${{ github.event.inputs.prerelease_token }} - name: Publish package distributions to PyPI if: steps.release.outputs.released == 'true' # see https://github.com/pypa/gh-action-pypi-publish uses: pypa/gh-action-pypi-publish@release/v1 with: attestations: true - name: Publish package distributions to GitHub Releases if: steps.release.outputs.released == 'true' # see https://github.com/python-semantic-release/upload-to-gh-release uses: python-semantic-release/upload-to-gh-release@main with: github_token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.release.outputs.tag }} cyclonedx-python-lib-9.1.0/.gitignore000066400000000000000000000064331476011761300176000ustar00rootroot00000000000000# Exclude coverage test-reports # Exlude IDE related files .idea/* .vscode/* # pdoc3 HTML output html/ # mypy caches /.*cache # Exlude built docs /docs/_build/ /docs/autoapi/ # # # # # copy from https://raw.githubusercontent.com/github/gitignore/main/Python.gitignore # # # # # Byte-compiled / optimized / DLL files __pycache__/ *.py[cod] *$py.class # C extensions *.so # Distribution / packaging .Python build/ develop-eggs/ dist/ downloads/ eggs/ .eggs/ lib/ lib64/ parts/ sdist/ var/ wheels/ share/python-wheels/ *.egg-info/ .installed.cfg *.egg MANIFEST # PyInstaller # Usually these files are written by a python script from a template # before PyInstaller builds the exe, so as to inject date/other infos into it. *.manifest *.spec # Installer logs pip-log.txt pip-delete-this-directory.txt # Unit test / coverage reports htmlcov/ .tox/ .nox/ .coverage .coverage.* .cache nosetests.xml coverage.xml *.cover *.py,cover .hypothesis/ .pytest_cache/ cover/ # Translations *.mo *.pot # Django stuff: *.log local_settings.py db.sqlite3 db.sqlite3-journal # Flask stuff: instance/ .webassets-cache # Scrapy stuff: .scrapy # Sphinx documentation docs/_build/ # PyBuilder .pybuilder/ target/ # Jupyter Notebook .ipynb_checkpoints # IPython profile_default/ ipython_config.py # pyenv # For a library or package, you might want to ignore these files since the code is # intended to run in multiple environments; otherwise, check them in: .python-version # pipenv # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. # However, in case of collaboration, if having platform-specific dependencies or dependencies # having no cross-platform support, pipenv may install dependencies that don't work, or not # install all needed dependencies. Pipfile.lock # poetry # Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. # This is especially recommended for binary packages to ensure reproducibility, and is more # commonly ignored for libraries. # https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control poetry.lock # pdm # Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. pdm.lock # pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it # in version control. # https://pdm.fming.dev/#use-with-ide .pdm.toml # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm __pypackages__/ # Celery stuff celerybeat-schedule celerybeat.pid # SageMath parsed files *.sage.py # Environments .env .venv env/ venv/ ENV/ env.bak/ venv.bak/ # Spyder project settings .spyderproject .spyproject # Rope project settings .ropeproject # mkdocs documentation /site # mypy .mypy_cache/ .dmypy.json dmypy.json # Pyre type checker .pyre/ # pytype static type analyzer .pytype/ # Cython debug symbols cython_debug/ # PyCharm # JetBrains specific template is maintained in a separate JetBrains.gitignore that can # be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore # and can be added to the global gitignore or merged into this file. For a more nuclear # option (not recommended) you can uncomment the following to ignore the entire idea folder. #.idea/ cyclonedx-python-lib-9.1.0/.isort.cfg000066400000000000000000000011261476011761300175010ustar00rootroot00000000000000[settings] ## read the docs: https://pycqa.github.io/isort/docs/configuration/options.html ## keep in sync with flake8 config - in `.flake8` file known_first_party = cyclonedx skip_gitignore = false skip_glob = build/*,dist/*,__pycache__,.eggs,*.egg-info*, *_cache,*.cache, .git/*,.tox/*,.venv/*,venv/*,.venv*/*,venv*/*, _OLD/*,_TEST/*, docs/* combine_as_imports = true default_section = THIRDPARTY ensure_newline_before_comments = true include_trailing_comma = true line_length = 120 multi_line_output = 3 src_paths = cyclonedx tests typings examples tools cyclonedx-python-lib-9.1.0/.mypy.ini000066400000000000000000000015101476011761300173540ustar00rootroot00000000000000[mypy] files = cyclonedx/, examples/ mypy_path = $MYPY_CONFIG_FILE_DIR/typings show_error_codes = True pretty = True warn_unreachable = True allow_redefinition = False # ignore_missing_imports = False # follow_imports = normal # follow_imports_for_stubs = True ### Strict mode ### warn_unused_configs = True disallow_subclassing_any = True disallow_any_generics = True disallow_untyped_calls = True disallow_untyped_defs = True disallow_incomplete_defs = True check_untyped_defs = True disallow_untyped_decorators = True no_implicit_optional = True warn_redundant_casts = True warn_return_any = True no_implicit_reexport = True warn_unused_ignores = True [mypy-pytest.*] ignore_missing_imports = True [mypy-tests.*] disallow_untyped_decorators = False cyclonedx-python-lib-9.1.0/.pre-commit-config.yaml000066400000000000000000000010101476011761300220530ustar00rootroot00000000000000fail_fast: true repos: - repo: local hooks: - id: system name: mypy entry: poetry run tox -e mypy-current pass_filenames: false language: system - repo: local hooks: - id: system name: isort entry: poetry run isort -c . pass_filenames: false language: system - repo: local hooks: - id: system name: flake8 entry: poetry run flake8 cyclonedx/ tests/ pass_filenames: false language: system cyclonedx-python-lib-9.1.0/.readthedocs.yaml000066400000000000000000000011451476011761300210320ustar00rootroot00000000000000# Read the Docs configuration file # See https://docs.readthedocs.io/en/stable/config-file/v2.html for details # Required version: 2 # Set the version of Python and other tools you might need build: os: ubuntu-22.04 tools: python: "3.11" # You can also specify other tool versions: # nodejs: "16" # rust: "1.55" # golang: "1.17" # Build documentation in the docs/ directory with Sphinx sphinx: configuration: docs/conf.py # Formats formats: all # Optionally declare the Python requirements required to build your docs python: install: - requirements: docs/requirements.txt cyclonedx-python-lib-9.1.0/CHANGELOG.md000066400000000000000000004431531476011761300174250ustar00rootroot00000000000000# CHANGELOG ## v9.1.0 (2025-02-27) ### Feature * feat: `model.VulnerabilityAnalysis` properties for issued/updated datetime (#794) Signed-off-by: Indivar Mishra <indimishra@gmail.com> ([`4a3955a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4a3955a610bad97550e11c426c61c1295b76f804)) ### Fix * fix: improved comparison functionality of `model.VulnerabilityAnalysis` (#795) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7d57c73`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7d57c73ef63bfb016099f4c0312b6702da488efc)) ## v9.0.2 (2025-02-26) ## v9.0.0 (2025-02-26) ### Breaking * feat!: 9.0.1 (#777) ### BREAKING Changes * Fix: `model.vulnerability.VulnerabilityReference`'s properties are all mandatory ([#790](https://github.com/CycloneDX/cyclonedx-python-lib/issues/790) via [#792](https://github.com/CycloneDX/cyclonedx-python-lib/pull/792)) * Refactor: Rename `spdx.is_compund_expression` -> `spdx.is_expression` ([#779](https://github.com/CycloneDX/cyclonedx-python-lib/pull/779)) * Behavior: `BomRef` affects comparison/hashing ([#754](https://github.com/CycloneDX/cyclonedx-python-lib/pull/754) & [#780](https://github.com/CycloneDX/cyclonedx-python-lib/pull/780)) This is only a breaking change if you relied on ordering of elements. * Behavior: streamline comparison/hashing functions ([#755](https://github.com/CycloneDX/cyclonedx-python-lib/pull/755)) This is only a breaking change if you relied on ordering of elements. * Dependency: bump dependency `py-serializable >=2 <3`, was `>=1.1.1 <2` ([#775](https://github.com/CycloneDX/cyclonedx-python-lib/pull/775)) This is only a breaking change if you have other packages depend on that specific version. --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: wkoot <3715211+wkoot@users.noreply.github.com> Signed-off-by: semantic-release <semantic-release@bot.local> Co-authored-by: wkoot <3715211+wkoot@users.noreply.github.com> Co-authored-by: semantic-release <semantic-release@bot.local> ([`e6f91fa`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e6f91fa98cbb02cda62fd0bc5b1f1b9bf19902ee)) ## v8.9.0 (2025-02-25) ### Documentation * docs: extended instructions for "contributing" (#783) supersedes https://github.com/CycloneDX/cyclonedx-python-lib/pull/773/files#r1954324461 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e2a4ed3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e2a4ed3608253b65a0f902f225fe7b7dd29ab864)) ### Feature * feat: avoid raising `NoPropertiesProvidedException` for optional parameters (#786) the following classes' init no longer raise `NoPropertiesProvidedException`: * `cyclonedx.model.IdentifiableAction` * `cyclonedx.model.component.Commit` * `cyclonedx.model.component.ComponentEvidence` * `cyclonedx.model.component.Diff` * `cyclonedx.model.component.Pedigree` * `cyclonedx.model.issue.IssueTypeSource` * `cyclonedx.model.vulnerability.VulnerabilityAnalysis` * `cyclonedx.model.vulnerability.VulnerabilityCredits` * `cyclonedx.model.vulnerability.VulnerabilityRating` * `cyclonedx.model.vulnerability.VulnerabilitySource` --------- Signed-off-by: Indivar Mishra <indimishra@gmail.com> ([`845b8d5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/845b8d538d2f0fcadb3a3257a066ad58e3640c97)) ## v8.8.0 (2025-02-12) ### Feature * feat: add `cyclonedx.model.crypto.ProtocolProperties.crypto_refs` (#767) Signed-off-by: Indivar Mishra <indimishra@gmail.com> ([`beb35f5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/beb35f55e3e75d625db45e4ff084dee02e919ef6)) ## v8.7.0 (2025-02-06) ### Feature * feat: allow empty `OrganizationalContact` object (#772) fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/771 --------- Signed-off-by: Johannes Feichtner <johannes@web-wack.at> Signed-off-by: Johannes Feichtner <johannes.feichtner@dynatrace.com> ([`03b35f4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/03b35f4293ab3b4c402c7bb8ff458831e492cb8b)) ## v8.6.0 (2025-02-04) ### Feature * feat: expand the capabilities of `models.definition.Standard` (#713) --------- Signed-off-by: Hakan Dilek <hakandilek@gmail.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`901dcdc`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/901dcdc60a8a46d30878764d7b8bda69c6ba8b80)) * feat: allow empty `OrganizationalEntity` object (#768) fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/764 Signed-off-by: Johannes Feichtner <johannes@web-wack.at> ([`472bded`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/472bded38cd480ba6885d44c798e015b63c89190)) ## v8.5.1 (2025-01-28) ### Documentation * docs: responsibilities & capabilities (#763) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`ab4ae45`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ab4ae4578555f010914d7e904133dd478d7c80c1)) * docs: Fix typos in in conda-forge.md and remove unused reference in README (#762) - Fix few typos in conda-forge.md - Removed unused PEP-508 ref in README.md Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com> ([`66ece7a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/66ece7ae0042740a541ceed3048b89c4f2b24145)) * docs: modernize docstrings for CDX1.6 (#759) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`fb9a42e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fb9a42ef9bda6407ddf4c49e75d10aa0fc91e46d)) ### Feature * feat: couple classes and their serializes (#757) Deprecates `.serialization.BomRefHelper` and `.serialization.LicenseRepositoryHelper` fixes #756 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`6003feb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6003febaa032969732ee246deb739d1e13bae581)) ## v8.5.0 (2024-11-18) ### Documentation * docs: remove invalid docsting note about auto-assigned `bom-ref` values (#733) ([`5aa5787`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5aa5787767c60dc23fd09f6cf14e54e5b0efceb4)) ### Feature * feat: support CycloneDX 1.6.1 (#742) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`55eafed`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/55eafedf50d395911a697bd9c85eeab5820934ff)) ## v8.4.0 (2024-10-29) ### Feature * feat: add factory method `XsUri.make_bom_link()` (#728) --------- Signed-off-by: Saquib Saifee <saquibsaifee@ibm.com> Co-authored-by: Saquib Saifee <saquibsaifee@ibm.com> ([`5ec73d0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5ec73d0668b4f9e087cc11a2e1a0e242ad1b5dd6)) ### Fix * fix: no warning for missing dependencies if no component exists (#720) --------- Signed-off-by: weichslgartner <weichslgartner@gmail.com> ([`d9c3ded`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d9c3ded34f443cd04f1f0041f0dd948db3db40e7)) ### Unknown * doc: fix `Definitions` docstring (#731) --------- Signed-off-by: Hakan Dilek <hakandilek@gmail.com> ([`5860b67`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5860b67f562fc474903b0fb1a162c70eeca2f3d0)) ## v8.3.0 (2024-10-26) ### Documentation * docs: revisit examples readme (#725) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e9020f0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e9020f0b709a5245d1749d2811b8568f892869bb)) ### Feature * feat: add basic support for Definitions (#701) --------- Signed-off-by: Hakan Dilek <hakandilek@gmail.com> ([`a1573e5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a1573e5af12bb54c7328c73971dc2c2f8d820c0a)) ## v8.2.1 (2024-10-24) ### Fix * fix: encode quotation mark in URL (#724) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a7c7c97`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a7c7c97c37ee1c7988c028aa779f74893f858c7b)) ## v8.2.0 (2024-10-22) ### Feature * feat: Add Python 3.13 support (#718) Signed-off-by: gruebel <anton.gruebel@gmail.com> ([`d4be3ba`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d4be3ba6b3ccc65553a7dd10ad559c1eddfbb19b)) ## v8.1.0 (2024-10-21) ### Documentation * docs: fix code examples regarding outputting (#709) Signed-off-by: Hakan Dilek <hakandilek@gmail.com> ([`c72d5f4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c72d5f483d5c1990fe643c4c25e37373d4d3248f)) ### Feature * feat: add support for Lifecycles in BOM metadata (#698) --------- Signed-off-by: Johannes Feichtner <johannes@web-wack.at> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: Johannes Feichtner <343448+Churro@users.noreply.github.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`6cfeb71`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6cfeb711f11aec8fa4d7be885f6797cc2eaa7e67)) ## v8.0.0 (2024-10-14) ### Breaking * feat!: v8.0.0 (#665) ### BREAKING Changes * Removed `cyclonedx.mode.ThisTool`, utilize `cyclonedx.builder.this.this_tool()` instead. * Moved `cyclonedx.model.Tool` to `cyclonedx.model.tool.Tool`. * Property `cyclonedx.mode.bom.BomMetaData.tools` is of type `cyclonedx.model.tool.ToolRepository` now, was `SortedSet[cyclonedx.model.Tool]`. The getter will act accordingly; the setter might act in a backwards-compatible way. * Property `cyclonedx.mode.vulnerability.Vulnerability.tools` is of type `cyclonedx.model.tool.ToolRepository` now, was `SortedSet[cyclonedx.model.Tool]`. The getter will act accordingly; the setter might act in a backwards-compatible way. * Constructor `cyclonedx.model.license.LicenseExpression()` accepts optional argument `acknowledgement` only as key-word argument, no longer as positional argument. ### Changes * Constructor of `cyclonedx.model.bom.BomMetaData` also accepts an instance of `cyclonedx.model.tool.ToolRepository` for argument `tools`. * Constructor of `cyclonedx.model.bom.BomMetaData` no longer adds this very library as a tool. Downstream users SHOULD add it manually, like `my-bom.metadata.tools.components.add(cyclonedx.builder.this.this_component())`. ### Fixes * Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered. ### Added Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5 * New class `cyclonedx.model.tool.ToolRepository`. * New function `cyclonedx.builder.this.this_component()` -- representation of this very python library as a `Component`. * New function `cyclonedx.builder.this.this_tool()` -- representation of this very python library as a `Tool`. * New function `cyclonedx.model.tool.Tool.from_component()`. ### Dependencies * Raised runtime dependency `py-serializable>=1.1.1,<2`, was `>=1.1.0,<2`. --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: Joshua Kugler <tek30584@adobe.com> Signed-off-by: semantic-release <semantic-release@bot.local> Co-authored-by: Joshua Kugler <joshua@azariah.com> Co-authored-by: semantic-release <semantic-release@bot.local> ([`002f966`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/002f96630ce8fc6f1766ee6cc92a16b35a821c69)) ### Documentation * docs(chaneglog): omit chore/ci/refactor/style/test/build (#703) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a210809`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a210809efb34c2dc895fc0c6d96a3412a9097625)) ## v7.6.2 (2024-10-07) ### Documentation * docs: fix some doc strings Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`4fa8fc1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4fa8fc1b6703ecf6788b72f2d53c6a17e2146cf7)) ### Fix * fix: behavior of and typing for crypto setters with optional values (#694) fixes #690 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`d8b20bd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d8b20bdc5224ea30cf767f6f3f1a6f8ff2754973)) ## v7.6.1 (2024-09-18) ### Fix * fix: file copyright headers (#676) utilizes flake8 plugin <https://pypi.org/project/flake8-copyright-validator/> to assert the correct headers Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`35e00b4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/35e00b4ee5a9306b9e97b011025409bcbfcef309)) ## v7.6.0 (2024-08-14) ### Feature * feat: `HashType.from_composite_str` for Blake2b, SHA3, Blake3 (#663) The code mistreated hashes for Blake2b and SHA3. Code for explicitly handling SHA1 & BLAKE3 was added, as those have no variants defined in the CycloneDX specification. fixes #652 --------- Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com> Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c59036e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c59036e06ddc97284f82efbbc168dc2d89d090d1)) ## v7.5.1 (2024-07-08) ### Fix * fix: XML serialize `normalizedString` and `token` properly (#646) fixes #638 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b40f739`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b40f739206a44f7dbd94042fb5e1a37c047ea024)) ## v7.5.0 (2024-07-04) ### Feature * feat: add workaround property for v1.5 and v1.6 (#642) Property `workaround` was missing from the vulnerability model. It was added in spec v1.5 and was marked as TODO before. This is my first contribution on this project so if I done something wrong, just say me :smiley: Signed-off-by: Louis Maillard <louis.maillard@savoirfairelinux.com> Signed-off-by: Louis Maillard <louis.maillard@protonmail.com> Co-authored-by: Louis Maillard <louis.maillard@savoirfairelinux.com> ([`b5ebcf8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b5ebcf8104faf57030cbc5d8190c78524ab86431)) ## v7.4.1 (2024-06-12) ### Documentation * docs: exclude dep bumps from changelog (#627) fixes #616 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`60361f7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/60361f781a1b356f24a553e133e0f58a2ad37a7d)) ### Fix * fix: `cyclonedx.model.Property.value` value is optional (#631) `cyclonedx.model.Property.value` value is optional, in accordance with the spec. fixes #630 --------- Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`ad0f98b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ad0f98b433fd85ba14db6b6288f33d98bc79ee51)) ## v7.4.0 (2024-05-23) ### Documentation * docs: OSSP best practice percentage Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`75f58dc`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/75f58dcd41c1495737bff69d354beeeff7660c15)) ### Feature * feat: updated SPDX license list to `v3.24.0` (#622) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3f9770a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3f9770a95fbe48dfc0cb911a6526690017c2fb37)) ## v7.3.4 (2024-05-06) ### Fix * fix: allow suppliers with empty-string names (#611) fixes #600 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b331aeb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b331aeb4b7261c7b1359c592b2dcda27bd35e369)) ## v7.3.3 (2024-05-06) ### Fix * fix: json validation allow arbitrary `$schema` value (#613) fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/612 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`08b7c60`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/08b7c607360b65215d9d29d42ae86e60c6efe49b)) ## v7.3.2 (2024-04-26) ### Fix * fix: properly sort components based on all properties (#599) reverts #587 - as this one introduced errors fixes #598 fixes #586 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: Paul Horton <paul.horton@owasp.org> Co-authored-by: Paul Horton <paul.horton@owasp.org> ([`8df488c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8df488cb422a6363421fee39714df4e8e8e7a593)) ## v7.3.1 (2024-04-22) ### Fix * fix: include all fields of `Component` in `__lt__` function for #586 (#587) Fixes #586. Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`d784685`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d7846850d1ad33184d1d58b59fdf41a778d05900)) ## v7.3.0 (2024-04-19) ### Feature * feat: license factory set `acknowledgement` (#593) add a parameter to `LicenseFactory.make_*()` methods, to set the `LicenseAcknowledgement`. Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7ca2455`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7ca2455018d0e191afaaa2fd136a7e4d5b325ec6)) ## v7.2.0 (2024-04-19) ### Feature * feat: disjunctive license acknowledgement (#591) --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`9bf1839`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9bf1839859a244e790e91c3e1edd82d333598d60)) ### Unknown * doc: poor merge resolved Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`a498faa`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a498faaab248d0512bad9e66afbd8fb1d6c42a66)) ## v7.1.0 (2024-04-10) ### Documentation * docs: missing schema support table & update schema support to reflect version 7.0.0 (#584) Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`d230e67`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d230e67188661a5fb94730e52bf59c11c965c8d7)) ### Feature * feat: support `bom.properties` for CycloneDX v1.5+ (#585) Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`1d1c45a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1d1c45ac82c7927acc388489228a9b5990f68aa7)) ## v7.0.0 (2024-04-09) ### Breaking * feat!: Support for CycloneDX v1.6 * added draft v1.6 schemas and boilerplate for v1.6 Signed-off-by: Paul Horton <paul.horton@owasp.org> * re-generated test snapshots for v1.6 Signed-off-by: Paul Horton <paul.horton@owasp.org> * note `bom.metadata.manufacture` as deprecated Signed-off-by: Paul Horton <paul.horton@owasp.org> * work on `bom.metadata` for v1.6 Signed-off-by: Paul Horton <paul.horton@owasp.org> * Deprecated `.component.author`. Added `.component.authors` and `.component.manufacturer` Signed-off-by: Paul Horton <paul.horton@owasp.org> * work to add `.component.omniborid` - but tests deserialisation tests fail due to schema differences (`.component.author` not in 1.6) Signed-off-by: Paul Horton <paul.horton@owasp.org> * work to get deserialization tests passing Signed-off-by: Paul Horton <paul.horton@owasp.org> * chore(deps): bump `py-serializable` to >=1.0.3 to resolve issues with deserialization to XML Signed-off-by: Paul Horton <paul.horton@owasp.org> * imports tidied Signed-off-by: Paul Horton <paul.horton@owasp.org> * properly added `.component.swhid` Signed-off-by: Paul Horton <paul.horton@owasp.org> * add `.component.cryptoProperties` - with test failures for SchemaVersion < 1.6 Signed-off-by: Paul Horton <paul.horton@owasp.org> * typing and bandit ignores Signed-off-by: Paul Horton <paul.horton@owasp.org> * coding standards Signed-off-by: Paul Horton <paul.horton@owasp.org> * test filtering Signed-off-by: Paul Horton <paul.horton@owasp.org> * coding standards Signed-off-by: Paul Horton <paul.horton@owasp.org> * additional tests to increase code coverage Signed-off-by: Paul Horton <paul.horton@owasp.org> * corrected CryptoMode enum Signed-off-by: Paul Horton <paul.horton@owasp.org> * coding standards Signed-off-by: Paul Horton <paul.horton@owasp.org> * Added `address` to `organizationalEntity` Signed-off-by: Paul Horton <paul.horton@owasp.org> * Added `address` to `organizationalEntity` Signed-off-by: Paul Horton <paul.horton@owasp.org> * raise `UserWarning` in `.component.version` has length > 1024 Signed-off-by: Paul Horton <paul.horton@owasp.org> * coding standards and typing Signed-off-by: Paul Horton <paul.horton@owasp.org> * add `acknowledgement` to `LicenseExpression` (#582) Signed-off-by: Paul Horton <paul.horton@owasp.org> * more proper way to filter test cases Signed-off-by: Paul Horton <paul.horton@owasp.org> * update schema to published versions Signed-off-by: Paul Horton <paul.horton@owasp.org> * fetch schema 1.6 JSON Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * fetch test data for CDX 1.6 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * reformat Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * reformat Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * refactor Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * style Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * refactor Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * docs Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> --------- Signed-off-by: Paul Horton <paul.horton@owasp.org> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8bbdf46`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8bbdf461434ab66673a496a8305c2878bf5c88da)) ## v6.4.4 (2024-03-18) ### Fix * fix: wrong extra name for xml validation (#571) Signed-off-by: Christoph Reiter <reiter.christoph@gmail.com> ([`10e38e2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/10e38e25095de4b2dafbfcd1fd81dce7a9c0f124)) ## v6.4.3 (2024-03-04) ### Fix * fix: serialization of `model.component.Diff` (#557) Fixes #556 --------- Signed-off-by: rcross-lc <151086351+rcross-lc@users.noreply.github.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`22fa873`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/22fa8734bf1a3a8789ad7578bfa0c86cf0a49d4a)) ## v6.4.2 (2024-03-01) ### Build * build: use poetry v1.8.1 (#560) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`6f81dfa`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6f81dfaed32b76f251647f6291791e714ab158a3)) ### Documentation * docs: update architecture description and examples (#550) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a19fd28`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a19fd2828355ae031164ef7a0dda2a8ea2365108)) * docs: exclude internal docs from rendering (#545) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7e55dfe`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7e55dfe213cb2a88b3686f9e8bf93cf4642a2ccd)) ### Unknown * docs Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`63cff7e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/63cff7ee697c9d5fb96da3c8c16f7c9bc7b34e58)) * docs (#546) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b0e5b43`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b0e5b43880e17ec6ce23d5d4e1e7a9a2547c1e79)) ## v6.4.1 (2024-01-30) ### Documentation * docs: ship docs with `sdist` build (#544) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`52ef01c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/52ef01c99319d5aed950e7f6ef6fcfe731ac8b2f)) * docs: refactor example Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c1776b7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c1776b718b81cf72ef0c0251504e0d3631e30b17)) ### Fix * fix: `model.BomRef` no longer equal to unset peers (#543) fixes [#539](https://github.com/CycloneDX/cyclonedx-python-lib/issues/539) --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1fd7fee`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1fd7fee9dec888c10087921f2e5a7a60062fb419)) ## v6.4.0 (2024-01-22) ### Documentation * docs: add OpenSSF Best Practices shield (#532) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`59c4381`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/59c43814b07db0aa881d87192939eb93e79b0cc2)) ### Feature * feat: support `py-serializable` v1.0 (#531) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e1e7277`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e1e72777d8a355c6854f4d9eb26c1e2083c806df)) ## v6.3.0 (2024-01-06) ### Documentation * docs: add `Documentation` url to project meta Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1080b73`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1080b7387a0bbc49a067cd2efefb1545470947e5)) * docs: add `Documentation` url to project meta Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c4288b3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c4288b35e0e1050f0982f7492cfcd3bea34b445c)) ### Feature * feat: enable dependency `py-serializable 0.17` (#529) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`9f24220`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9f24220029cd18cd191f63876899cd86be52dce1)) ## v6.2.0 (2023-12-31) ### Build * build: allow additional major-version RC branch patterns Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`f8af156`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f8af156c9c38f737b7067722d2a96f8a2a4fcb48)) ### Documentation * docs: fix typo Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`2563996`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/25639967c93ad464e486f2fe6a148b3be439f43d)) * docs: update intro and description Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`f0bd05d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f0bd05dc854b5b71421b82cfb527fcb8f41a7c4a)) * docs: buld docs on ubuntu22.04 python311 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b3e9ab7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b3e9ab77696f2ee763f1746f8142bdf471477c39)) ### Feature * feat: allow `lxml` requirement in range of `>=4,<6` (#523) Updates the requirements on [lxml](https://github.com/lxml/lxml) to permit the latest version. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](https://github.com/lxml/lxml/compare/lxml-4.0.0...lxml-5.0.0) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([`7d12b9a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7d12b9a9f7a2fdc5e6bb12f891c6f4291e20e65e)) ### Unknown * docs Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7dcd166`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7dcd16621002713dcf1ce8e17bc5762320fae4fa)) ## v6.1.0 (2023-12-22) ### Feature * feat: add function to map python `hashlib` algorithms to CycloneDX (#519) new API: `model.HashType.from_hashlib_alg()` Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`81f8cf5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/81f8cf59b1f40ffbd213789a8b1b621a01e3f631)) ## v6.0.0 (2023-12-10) ### Breaking * feat!: v6.0.0 (#492) ### Breaking Changes * Removed symbols that were already marked as deprecated (via [#493]) * Removed symbols in `parser.*` ([#489] via [#495]) * Removed `output.LATEST_SUPPORTED_SCHEMA_VERSION` ([#491] via [#494]) * Serialization of unsupported enum values might downgrade/migrate/omit them ([#490] via [#496]) Handling might raise warnings if a data loss occurred due to omitting. The result is a guaranteed valid XML/JSON, since no (enum-)invalid values are rendered. * Serialization of any `model.component.Component` with unsupported `type` raises `exception.serialization.SerializationOfUnsupportedComponentTypeException` ([#490] via [#496]) * Object `model.bom_ref.BomRef`'s property `value` defaults to `Null`, was arbitrary `UUID` ([#504] via [#505]) This change does not affect serialization. All `bom-ref`s are guaranteed to have unique values on rendering. * Removed helpers from public API ([#503] via [#506]) ### Added * Basic support for CycloneDX 1.5 ([#404] via [#488]) * No data models were enhanced nor added, yet. Pull requests to add functionality are welcome. * Existing enumerable got new cases, to reflect features of CycloneDX 1.5 ([#404] via [#488]) * Outputters were enabled to render CycloneDX 1.5 ([#404] via [#488]) ### Tests * Created (regression/unit/integration/functional) tests for CycloneDX 1.5 ([#404] via [#488]) * Created (regression/functional) tests for Enums' handling and completeness ([#490] via [#496]) ### Misc * Bumped dependency `py-serializable@^0.16`, was `@^0.15` (via [#496]) ---- ### API Changes — the details for migration * Added new sub-package `exception.serialization` (via [#496]) * Removed class `models.ComparableTuple` ([#503] via [#506]) * Enum `model.ExternalReferenceType` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) * Removed function `models.get_now_utc` ([#503] via [#506]) * Removed function `models.sha1sum` ([#503] via [#506]) * Enum `model.component.ComponentType` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) * Removed `model.component.Component.__init__()`'s deprecated optional kwarg `namespace` (via [#493]) Use kwarg `group` instead. * Removed `model.component.Component.__init__()`'s deprecated optional kwarg `license_str` (via [#493]) Use kwarg `licenses` instead. * Removed deprecated method `model.component.Component.get_namespace()` (via [#493]) * Removed class `models.dependency.DependencyDependencies` ([#503] via [#506]) * Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `source_name` (via [#493]) Use kwarg `source` instead. * Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `source_url` (via [#493]) Use kwarg `source` instead. * Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `recommendations` (via [#493]) Use kwarg `recommendation` instead. * Removed `model.vulnerability.VulnerabilityRating.__init__()`'s deprecated optional kwarg `score_base` (via [#493]) Use kwarg `score` instead. * Enum `model.vulnerability.VulnerabilityScoreSource` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488]) * Removed `output.LATEST_SUPPORTED_SCHEMA_VERSION` ([#491] via [#494]) * Removed deprecated function `output.get_instance()` (via [#493]) Use function `output.make_outputter()` instead. * Added new class `output.json.JsonV1Dot5`, to reflect CycloneDX 1.5 ([#404] via [#488]) * Added new item to dict `output.json.BY_SCHEMA_VERSION`, to reflect CycloneDX 1.5 ([#404] via [#488]) * Added new class `output.xml.XmlV1Dot5`, to reflect CycloneDX 1.5 ([#404] via [#488]) * Added new item to dict `output.xml.BY_SCHEMA_VERSION`, to reflect CycloneDX 1.5 ([#404] via [#488]) * Removed class `parser.ParserWarning` ([#489] via [#495]) * Removed class `parser.BaseParser` ([#489] via [#495]) * Enum `schema.SchemaVersion` got new case `V1_5`, to reflect CycloneDX 1.5 ([#404] via [#488]) [#404]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/404 [#488]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/488 [#489]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/489 [#490]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/490 [#491]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/491 [#493]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/493 [#494]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/494 [#495]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/495 [#496]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/496 [#503]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/503 [#504]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/504 [#505]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/505 [#506]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/506 --------- Signed-off-by: Johannes Feichtner <johannes@web-wack.at> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: semantic-release <semantic-release> Co-authored-by: Johannes Feichtner <343448+Churro@users.noreply.github.com> Co-authored-by: semantic-release <semantic-release> ([`74865f8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/74865f8e498c9723c2ce3556ceecb6a3cfc4c490)) ## v5.2.0 (2023-12-02) ### Documentation * docs: keywaords & funding (#486) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3189e59`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3189e59ff8e3d3d10f7b949b5a08397ff3d3642b)) ### Feature * feat: `model.XsUri` migrate control characters according to spec (#498) fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/497 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e490429`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e49042976f8577af4061c34394db270612488cdf)) ## v5.1.1 (2023-11-02) ### Fix * fix: update own `externalReferences` (#480) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`edb3dde`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/edb3dde889c06755dd1963ed21dd803db3ea0dcc)) ## v5.1.0 (2023-10-31) ### Documentation * docs: advance license docs Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`f61a730`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f61a7303de1d5dacf0917a1d66f5ebe0732ccd75)) ### Feature * feat: guarantee unique `BomRef`s in serialization result (#479) Incorporate `output.BomRefDiscriminator` on serialization Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a648775`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a648775bb5195621e17fdbae92950ab6d56a665a)) ## v5.0.1 (2023-10-24) ### Documentation * docs: revisit project meta (#475) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c3254d0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c3254d055f3cda96d2849222a0bba7be8cf486a3)) * docs: fix RTFD build (#476) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b9fcfb4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b9fcfb40af366fdee7258ccb720e0fad27994824)) ### Unknown * "chore(deps): revert bump python-semantic-release/python-semantic-release (#474)" This reverts commit 9c3ffac34e89610ccc4f9701444127e1e6f5ee07. Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`aae7304`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/aae73048c7aebe5920ec888225bdbde08111601b)) ## v5.0.0 (2023-10-24) ### Breaking * feat!: v5.0.0 (#440) BREAKING CHANGES ---------------- * Dropped support for python<3.8 ([#436] via [#441]; enable [#433]) * Reworked license related models, collections, and factories ([#365] via [#466]) * Behavior * Method `model.bom.Bom.validate()` will throw `exception.LicenseExpressionAlongWithOthersException`, if detecting invalid license constellation ([#453] via [#452]) * Fixed tuple comparison when unequal lengths (via [#461]) * API * Enum `schema.SchemaVersion` is no longer string-like ([#442] via [#447]) * Enum `schema.OutputVersion` is no longer string-like ([#442] via [#447]) * Abstract class `output.BaseOutput` requires implementation of new method `output_format` ([#446] via [#447]) * Abstract method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458]) * Abstract method `output.BaseOutput.output_as_string()` accepts arbitrary kwargs (via [#458], [#462]) * Removed class `factory.license.LicenseChoiceFactory` (via [#466]) The old functionality was integrated into `factory.license.LicenseFactory`. * Method `factory.license.LicenseFactory.make_from_string()`'s parameter `name_or_spdx` was renamed to `value` (via [#466]) * Method `factory.license.LicenseFactory.make_from_string()`'s return value can also be a `LicenseExpression` ([#365] via [#466]) The behavior imitates the old `factory.license.LicenseChoiceFactory.make_from_string()` * Renamed class `module.License` to `module.license.DisjunctliveLicense` ([#365] via [#466]) * Removed class `module.LicenseChoice` ([#365] via [#466]) Use dedicated classes `module.license.DisjunctliveLicense` and `module.license.LicenseExpression` instead * All occurrences of `models.LicenseChoice` were replaced by `models.licenses.License` ([#365] via [#466]) * All occurrences of `SortedSet[LicenseChoice]` were specialized to `models.license.LicenseRepository` ([#365] via [#466]) Fixed ---------------- * Serialization of multy-licenses ([#365] via [#466]) * Detect unused "dependent" components in `model.bom.validate()` (via [#464]) Changed ---------------- * Updated latest supported list of supported SPDX license identifiers (via [#433]) * Shipped schema files are moved to a protected space (via [#433]) These files were never intended for public use. * XML output uses a default namespace, which makes results smaller. ([#438] via [#458]) Added ---------------- * Support for Python 3.12 (via [#460]) * JSON- & XML-Validators ([#432], [#446] via [#433], [#448]) The functionality might require additional dependencies, that can be installed with the extra "validation". See the docs in section "Installation" for details. * JSON & XML can be generated in a more human-friendly form ([#437], [#438] via [#458]) * Type hints, typings & overloads for better integration downstream (via [#463]) * API * New function `output.make_outputter()` (via [#469]) This replaces the deprecated function `output.get_instance()`. * New sub-package `validation` ([#432], [#446] via [#433], [#448], [#469], [#468], [#469]) * New class `exception.MissingOptionalDependencyException` ([#432] via [#433]) * New class `exception.LicenseExpressionAlongWithOthersException` ([#453] via [#452]) * New dictionaries `output.{json,xml}.BY_SCHEMA_VERSION` ([#446] via [#447]) * Existing implementations of class `output.BaseOutput` now have a new method `output_format` ([#446] via [#447]) * Existing implementations of method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458]) * Existing implementations of method `output.BaseOutput.output_to_file()` got new optional parameter `indent` ([#437] via [#458]) * New method `factory.license.LicenseFactory.make_with_expression()` (via [#466]) * New class `model.license.DisjunctiveLicense` ([#365] via [#466]) * New class `model.license.LicenseExpression` ([#365] via [#466]) * New class `model.license.LicenseRepository` ([#365] via [#466]) * New class `serialization.LicenseRepositoryHelper` ([#365] via [#466]) Deprecated ---------------- * Function `output.get_instance()` might be removed, use `output.make_outputter()` instead (via [#469]) Tests ---------------- * Added validation tests with official CycloneDX schema test data ([#432] via [#433]) * Use proper snapshots, instead of pseudo comparison ([#437] via [#464]) * Added regression test for bug [#365] (via [#466], [#467]) Misc ---------------- * Dependencies: bumped `py-serializable@^0.15.0`, was `@^0.11.1` (via [#458], [#463], [#464], [#466]) * Style: streamlined quotes and strings (via [#472]) * Chore: bumped internal dev- and QA-tools ([#436] via [#441], [#472]) * Chore: added more QA tools to prevent common security issues (via [#473]) [#432]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/432 [#433]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/433 [#436]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/436 [#437]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/437 [#365]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/365 [#438]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/438 [#440]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/440 [#441]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/441 [#442]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/442 [#446]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/446 [#447]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/447 [#448]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/448 [#452]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/452 [#453]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/453 [#458]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/458 [#460]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/460 [#461]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/461 [#462]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/462 [#463]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/463 [#464]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/464 [#466]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/466 [#467]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/467 [#468]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/468 [#469]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/469 [#472]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/472 [#473]: https://github.com/CycloneDX/cyclonedx-python-lib/pull/473 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> Signed-off-by: semantic-release <semantic-release> Co-authored-by: semantic-release <semantic-release> ([`26b151c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/26b151cba7d7d484f23ee7888444f09ad6d016b1)) ## v4.2.3 (2023-10-16) ### Fix * fix: SPDX-expression-validation internal crashes are cought and handled (#471) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`5fa66a0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5fa66a043818eb5747dbd630496c6d31f818c0ab)) ## v4.2.2 (2023-09-14) ### Documentation * docs: fix shield in README Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`6a941b1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6a941b1ef5cc0f9e956173cce7e9da57e8c6bf22)) * docs(example): showcase `LicenseChoiceFactory` (#428) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c56ec83`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c56ec8395dd203ac41fa6f4c43970a50c0e80efb)) ### Fix * fix: ship meta files (#434) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3a1a8a5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3a1a8a5c1cbe8d8989b4cb335269a02b5c6d4f38)) ## v4.2.1 (2023-09-06) ### Fix * fix: `LicenseChoiceFactory.make_from_string()` prioritize SPDX id over expression (#427) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e1bdfdd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e1bdfddcfab97359fbde9f53dc65f56fc8ec4ba9)) ## v4.2.0 (2023-09-06) ### Feature * feat: complete SPDX license expression (#425) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e06f9fd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e06f9fd2c30e8976766f326ff216103d2560cb9a)) ## v4.1.0 (2023-08-27) ### Documentation * docs(examples): showcase shorthand dependency management (#403) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8b32efb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8b32efb322a3281d58e9f980bb9001b112aa944a)) ### Feature * feat: programmatic access to library's version (#417) adds `cyclonedx.__version__` Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3585ea9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3585ea9911ae521e86793ef18f5891289fb0b604)) ## v4.0.1 (2023-06-28) ### Documentation * docs(examples): README (#399) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1d262ba`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1d262ba57eab0d61b947fc293fc59c6234f19647)) * docs: add exaple how to build and serialize (#397) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`65e22bd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/65e22bdc6a1a3fc02a6282146bc8fbc17ddb32fa)) ### Fix * fix: conditional warning if no root dependencies were found (#398) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c8175bb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c8175bb6aebac7f129d42d7a5a0ae928212c20cb)) ### Unknown * 4.0.1 Automatically generated by python-semantic-release ([`4a72f51`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4a72f515ad7b5e46a07f31bea18a94b162e87715)) * Add missing space in warning message. (#364) Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com> Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com> ([`dad0d28`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/dad0d28ceb7381d1b503e5b29776fc01513f8b04)) ## v4.0.0 (2023-03-20) ### Breaking * feat: Release 4.0.0 #341) Highlights of this release include: * Support for De-serialization from JSON and XML to this Pythonic Model * Deprecation of Python 3.6 support * Support for Python 3.11 * Support for `BomLink` * Support VEX without needing `Component` in the same `Bom` * Support for `services` having `dependencies` BREAKING CHANGE: Large portions of this library have been re-written for this release and many methods and contracts have changed. Signed-off-by: Paul Horton <paul.horton@owasp.org> * feat: support VEX without Components in the same BOM BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component Signed-off-by: Paul Horton <paul.horton@owasp.org> * feat: support VEX without Components in the same BOM BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component Signed-off-by: Paul Horton <paul.horton@owasp.org> feat: allow `version` of BOM to be defined feat: allow `serial_number` of BOM to be prescribed feat: add helper method to get URN for a BOM according to https://www.iana.org/assignments/urn-formal/cdx Signed-off-by: Paul Horton <paul.horton@owasp.org> * chore: fix release workflow * chore: editorconfig Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * feat: support for deserialization from JSON and XML (#290) BREAKING CHANGE: * feat: drop Python 3.6 support Signed-off-by: Hakan Dilek <hakandilek@gmail.com> Signed-off-by: Paul Horton <paul.horton@owasp.org> Co-authored-by: Hakan Dilek <hakandilek@gmail.com> Co-authored-by: Hakan Dilek <hakandilek@users.noreply.github.com> * fix: update `serializable` to include XML safety changes Signed-off-by: Paul Horton <paul.horton@owasp.org> * feat: Support for Python 3.11 (#349) * feat: officially test and support Python 3.11 Signed-off-by: Paul Horton <paul.horton@owasp.org> * removed unused imports Signed-off-by: Paul Horton <paul.horton@owasp.org> * bump `poetry` to `1.1.12` in CI Signed-off-by: Paul Horton <paul.horton@owasp.org> * fix: remove `toml` as dependency as not used and seems to be breaking Python 3.11 CI Signed-off-by: Paul Horton <paul.horton@owasp.org> * fix: removed `types-toml` from dependencies - not used Signed-off-by: Paul Horton <paul.horton@owasp.org> --------- Signed-off-by: Paul Horton <paul.horton@owasp.org> * fix: removed `autopep8` in favour of `flake8` as both have conflicting dependencies now Signed-off-by: Paul Horton <paul.horton@owasp.org> * chore: bump dev dependencies fix: removed `setuptools` as dependency Signed-off-by: Paul Horton <paul.horton@owasp.org> * tests: compoennt versions optional (#350) * chore: exclude `venv*` from QA; add typing to QA Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * tests: component versions are optional Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * doc: doc updates for new deserialization feature Signed-off-by: Paul Horton <paul.horton@owasp.org> * doc: doc updates for contribution Signed-off-by: Paul Horton <paul.horton@owasp.org> --------- Signed-off-by: Paul Horton <paul.horton@owasp.org> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: Hakan Dilek <hakandilek@gmail.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Hakan Dilek <hakandilek@gmail.com> Co-authored-by: Hakan Dilek <hakandilek@users.noreply.github.com> ([`8fb1b14`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8fb1b14f5e04e85f21e654c44fa6b9b774867757)) ### Unknown * 4.0.0 Automatically generated by python-semantic-release ([`40fbfda`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/40fbfda428cfa71b16fd6e5e8d5f49cea4b5438b)) ## v3.1.5 (2023-01-12) ### Fix * fix: mak test's schema paths relative to `cyclonedx` package (#338) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1f0c05f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1f0c05fe2b2a22bc84a1a437dd59390f2ceaf986)) ### Unknown * 3.1.5 Automatically generated by python-semantic-release ([`ba603cf`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ba603cf96fad51a85d5159e83c402d613fefbb7c)) ## v3.1.4 (2023-01-11) ### Fix * fix(tests): include tests in `sdist` builds (#337) * feat: include `tests` in `sdist` builds for #336 * delete unexpected `DS_Store` file Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`936ad7d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/936ad7d0c26d8f98040203d3234ca8f1afbd73ab)) ### Unknown * 3.1.4 Automatically generated by python-semantic-release ([`0b19294`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0b19294e4820f0da5e81decd4d902ef7789ecb61)) ## v3.1.3 (2023-01-07) ### Fix * fix: serialize dependency graph for nested components (#329) * tests: regression tests for issue #328 * fix: for issue #328 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`fb3f835`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fb3f8351881783281f8b7e796098a4c145b35927)) ### Unknown * 3.1.3 Automatically generated by python-semantic-release ([`11a420c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/11a420c5fc38bb48d2a91713cc74574acb131184)) ## v3.1.2 (2023-01-06) ### Documentation * docs: typo Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`539b57a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/539b57a00e4e60e239bb26141f219366121e7bc2)) * docs: fix shields (#324) caused by https://github.com/badges/shields/issues/8671 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`555dad4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/555dad4bc255066036ecca028192eb83df8ba5a0)) * docs: fix typo (#318) Signed-off-by: Roland Weber <rolweber@de.ibm.com> ([`63bfb87`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/63bfb8772fe78e9842675d17862c456150dbbc15)) ### Fix * fix: prevent errors on metadata handling for some specification versions (#330) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`f08a656`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f08a65649aee750397edc061eb3b8325a69bb4b4)) ### Unknown * 3.1.2 Automatically generated by python-semantic-release ([`0853d14`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0853d14780b8e44e9b285bee2ac6b81551640c5f)) * clarify sign-off step (#319) Signed-off-by: Roland Weber <rolweber@de.ibm.com> ([`007fb96`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/007fb96a1ec23b9516bc383afa85b3efc2707aa8)) ## v3.1.1 (2022-11-28) ### Fix * fix: type hint for `get_component_by_purl` is incorrect chore: force automated release Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`3f20bf0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3f20bf04a65d5c539230281437255b5f48e17621)) ### Unknown * 3.1.1 Automatically generated by python-semantic-release ([`503955e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/503955ea9e19e1d3ca611df36508dcf1aa93905c)) * Merge pull request #310 from gruebel/fix-method-type-hint fix: type hint for `get_component_by_purl` is incorrect ([`06037b9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/06037b99e0d6ebc5388d3c5e0799a68233ed92e8)) * move tests to model bom file Signed-off-by: gruebel <anton.gruebel@gmail.com> ([`4c8a3ab`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4c8a3ab0eef349c007285ff9dfed0c00c6732a96)) * fix type hint for get_component_by_purl Signed-off-by: gruebel <anton.gruebel@gmail.com> ([`735c05e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/735c05eebb792eed55aeb4d5a7be8043ee1cd9ae)) ## v3.1.0 (2022-09-15) ### Feature * feat: out-factor SPDX compund detection Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`fd4d537`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fd4d537c9dced0e38f14d99dee174cc5bb0bd465)) * feat: out-factor SPDX compund detection Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`2b69925`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2b699252f8857d97231a689ea9cbfcdff9459626)) * feat: license factories Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`033bad2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/033bad2a50fd2236c712d4621caa57b04fcc2043)) ### Unknown * 3.1.0 Automatically generated by python-semantic-release ([`e52c174`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e52c17447b1520103ccb24192ab92560429df595)) * Merge pull request #305 from CycloneDX/license-factories feat: add license factories to more easily support creation of `License` or `LicenseChoice` from SPDX license strings #304 ([`5ff4494`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5ff4494b0e0d76d04cf8a4245ce0426f0abbd8f9)) * Merge pull request #301 from CycloneDX/fix-poetry-in-tox chore: fix poetry in tox ([`92aea8d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/92aea8d3413cd2af820cc8160ef48a737951b0ea)) * remove v3 from CHANGELOG #286 (#287) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7029721`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/702972105364a3ab225ea5a586c48cec664601ca)) * 3.0.0 Automatically generated by python-semantic-release ([`69582ff`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/69582ff7a9e3a1cfb2c7193c3d194d69e35899c1)) ## v2.7.1 (2022-08-01) ### Fix * fix: pinned `mypy <= 0.961` due to #278 Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`d6955cb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d6955cb86d8da7a72d0146d0dbeb7c34a794a954)) * fix: properly support nested `components` and `services` #275 Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`6597db7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6597db740f222c68ad90f74fb8fdb58b72642adb)) ### Unknown * Merge pull request #276 from CycloneDX/fix/bom-validation-nested-components-isue-275 fix: BOM validation fails when Components or Services are nested #275 fix: updated dependencies #271, #270, #269 and #256 ([`68a0cdd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/68a0cddc0a226947d76b6a275cfceba383797d3b)) * Merge branch 'main' into fix/bom-validation-nested-components-isue-275 ([`6caee65`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6caee657260e46f18cade24a73b4f17bc5ad6dd8)) * added tests to cover new `Component.get_all_nested_components()` method Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`75a77ed`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/75a77ed6576f362435d1a3e6e59cbc5d871b9971)) * Revert "chore: re-added `isort` to pre-commit hooks" This reverts commit f50ee1eb79f3f4e5b9d21824e64192d0af43d3f0. Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`5f7f30e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5f7f30e6a79f7cef6fff296ae0d7e5381f9b5cda)) * removed tests where services are part of dependency tree - see #277 Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`f26862b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f26862b0b7f85e3610efbdf17cf304ddc71e5366)) * aded XML output tests for Issue #275 Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`ebef5f2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ebef5f212fec13fc8c9bf00553f9bf3f77a0d3f6)) * updated XML output tests Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`356c37e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/356c37ebea85eb10e2505f2b16264d95f292bd55)) * addressed JSON output for #275 including test addiitions Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`692c005`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/692c005c686157134a79e3ffc8ab1e7ce8942de9)) ## v2.7.0 (2022-07-21) ### Feature * feat: support for CycloneDX schema `1.4.2` - adds `vulnerability.properties` to the schema ([`32e7929`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/32e792928bdf37133e966ef72ec01b0bc698482d)) * feat: support for CycloneDX schema version `1.4.2` - Provides support for `vulnerability.properties` Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`db7445c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/db7445cd343fc35c6d6fc9f5af3e28cf97a19732)) * feat: added updated CycloneDX 1.4.2 schemas Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`7fb27ae`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7fb27aed58f7de10f8c6b703699bba315af353e7)) ### Unknown * 2.7.0 Automatically generated by python-semantic-release ([`96d155e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/96d155e864d83482242c22f69af8e7c618d05a1b)) ## v2.6.0 (2022-06-20) ### Feature * feat: reduce unnessessarry type casting of `set`/`SortedSet` (#203) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`089d971`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/089d9714f8f9f8c70076e48baa18340899cc29fa)) ### Unknown * 2.6.0 Automatically generated by python-semantic-release ([`8481e9b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8481e9bd8dc5196c2e703e5cd19974bb22bc270e)) ## v2.5.2 (2022-06-15) ### Fix * fix: add expected lower-than comparators for `OrganizationalEntity` and `VulnerabilityCredits` (#248) Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`0046ee1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0046ee19547be8dafe5d73bad886b9c5f725f26e)) ### Unknown * 2.5.2 Automatically generated by python-semantic-release ([`fb9a796`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fb9a796d0b34c2d930503790c74d6d7ed5e3c3d6)) ## v2.5.1 (2022-06-10) ### Fix * fix: add missing `Vulnerability` comparator for sorting (#246) Partial fix for #245. Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`c3f3d0d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c3f3d0d105f0dcf991175040b6d6c2b6e7e25d8f)) ### Unknown * 2.5.1 Automatically generated by python-semantic-release ([`1ea5b20`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1ea5b20f1c93e6e6b3799444c7ea6fd65a2e068c)) ## v2.5.0 (2022-06-10) ### Build * build: move typing to dev-dependencies Move `types-setuptools` and `types-toml` to dev-dependencies (#226) Signed-off-by: Adam Johnson <me@adamj.eu> ([`0e2376b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0e2376baade068ae0490b05550837d104e9abfa4)) ### Documentation * docs: fix typo "This is out" -> "This is our" Fix typo in comments: "This is out" -> "This is our" (#233) Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`ef0278a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ef0278a2044147e73a281c5a59f95049d4af7641)) ### Feature * feat: use `SortedSet` in model to improve reproducibility - this will provide predictable ordering of various items in generated CycloneDX documents - thanks to @RodneyRichardson Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`8a1c404`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8a1c4043f502292b32c4ab36a8618cf3f67ac8df)) ### Unknown * 2.5.0 Automatically generated by python-semantic-release ([`c820423`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c820423ffffb90ec7a42d8873d99428277f9ae28)) * Merge pull request #235 from RodneyRichardson/use-sorted-set feat: use `SortedSet` in model to improve reproducibility - this will provide predictable ordering of various items in generated CycloneDX documents - thanks to @RodneyRichardson ([`c43f6d8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c43f6d8ce41a9de91a84cea7a40045cab8121792)) * Merge branch 'CycloneDX:main' into use-sorted-set ([`1b8ac25`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1b8ac252a28af1b938d6cad4182e6f2d586b26c0)) * Fix SortedSet type hints for python < 3.8 Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`71eeb4a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/71eeb4aeeb9e911df2422c097ebfb671c648242d)) * Fix line length warning. Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`e9ee712`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e9ee71291da882a924a9edec7d1f5d6be62797e6)) * Fix more type hints for python < 3.8 Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`f042bce`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f042bcef1829a852dd787e226d883f5bbd5c39c3)) * Fix SortedSet type hints for python < 3.8 Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`2e283ab`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2e283abed0b67e9e70c825e0d7c6ad7e6691c678)) * Fix type hint on ComparableTuple Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`43ef908`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/43ef908d61fd03e5a4c2ecfabdf22764c8613429)) * Sort usings. Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`8f86c12`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8f86c1292d5d0c550a4ec6018b81400255567f93)) * Fix sonatype-lift warnings Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`f1e92e3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f1e92e3cfbe9df2b07b745582608f9f72531684c)) * Fix warnings. Change tuple -> Tuple Fix Diff initialization Add sorting to AttachedText Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`2b47ff6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2b47ff612335b538ceab5e77b60dbe058f739e2e)) * Reduce sortedcontainers.pyi to only the functions used. Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`ef0fbe2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ef0fbe2130f763888cb34e8e71a6520d282a0cda)) * Remove flake8 warnings Remove unused imports and trailing whitespace. Sort usings in pyi file. Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`41d1bee`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/41d1bee824381c25a8c6870abeb1f484c33c78ba)) * Add type hints for SortedSet Fix use of set/Set. Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`df0f554`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/df0f554bff311886705327fd863d573e82123f9e)) * Replace object type hint in __lt__ with Any Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`ec22f68`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ec22f683e1b12843421a23cff15f91628a7dfffe)) * Make reorder() return type explicit List (as flagged by sonatype-lift bot) Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`695ee86`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/695ee862ce9043807a9d825324970cd1b770a46c)) * Use SortedSet in model to improve reproducibility Added `__lt__()` to all model classes used in SortedSet, with tests Explicitly declared Enums as (str, Enum) to allow sorting Added dependency to sortedcollections package Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> ([`368f522`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/368f5221e54a635cd03255efd56d4da2a8d7f56b)) ## v2.4.0 (2022-05-17) ### Feature * feat(deps): remove unused `typing-extensions` constraints PullRequest and details via #224 Signed-off-by: gruebel <anton.gruebel@gmail.com> ([`2ce358a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2ce358a37e6ce5f06aa9297aed17f8f5bea38e93)) ### Unknown * 2.4.0 Automatically generated by python-semantic-release ([`4874354`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/48743542fd2f3219a4f2295f363ae6e5bcf2a738)) * revert `types-toml` on lowest setup ([`32ece98`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/32ece98b24fd6966722b8cdf698f01b8fb1b8821)) ## v2.3.0 (2022-04-20) ### Feature * feat: add support for Dependency Graph in Model and output serialisation Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`ea34513`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ea34513f8229a909007793288ace2f6f51684333)) ### Unknown * 2.3.0 Automatically generated by python-semantic-release ([`5c1047a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5c1047afc75726cca4130b90b8459418ec6342e8)) * Merge pull request #210 from CycloneDX/feat/support-bom-dependencies feat: add support for Dependency Graph in Model and output serialisation (JSON and XML) ([`938169c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/938169c05b458967cd1dabc338981d296f5b2842)) * Merge pull request #214 from CycloneDX/feat/support-bom-dependencies-no-cast no cast ([`2551545`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/25515456f2707964032c1f9642bae3d79ba2b994)) * no cast Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`dec3b70`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/dec3b703f7e69cd2b3fdff34583ee052b1cbb1d2)) * update to use `Set` operators (more Pythonic) Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`f01665e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f01665e96c87b9dd1fdb37d907a8339ba819e2cc)) * missing closing `>` in `BomRef.__repr__` Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`2c7c4be`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2c7c4be8210231dcfaf9e8937bd943f3ea6683c3)) * removed unnecessary condition - `self.get_bom().components` is always a `Set` Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`5eb5669`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5eb5669bdeb982c9f0b4a72f2264a8559e9a3bc3)) * added additional tests to validate Component in Metadata is properly represented in Dependency Graph Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`b8d526e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b8d526ee52b3923c7755a897e0c042c159fb8d99)) * adjusted unit tests to account for inclusion of Component in Bom Metadata in Dependency Graphy Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`c605f2b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c605f2be90092f09bb0eb89dccb27767d78dcfac)) * updates based on feedback from @jkowalleck Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`04511f3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/04511f3c523bc26b0b434d8334d37eccaaaf1ea4)) * Merge branch 'feat/support-bom-dependencies' of github.com:CycloneDX/cyclonedx-python-lib into feat/support-bom-dependencies ([`8fb408c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8fb408cfe7941efca424777a94084755ee8a50e4)) * doc: updated docs to reflect support for Dependency Graph Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`a680544`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a68054491529631c792e51c764bbf64a5e9b4834)) * updated file hash in test Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`56f3d5d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/56f3d5d432b6c50679cfd733cf2b0ed2ea55400e)) * removed unused import Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`61c3338`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/61c3338e139a8e1a72a659080f2043b352007561)) * doc: updated docs to reflect support for Dependency Graph Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`3df017f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3df017feaaa461bcfa7082f58a5824aa92493b59)) * updated file hash in test Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`449cb1e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/449cb1e56e64e6c144c0d2b6b69649df2d6e5320)) * removed unused import Signed-off-by: Paul Horton <paul.horton@owasp.org> ([`f487c4a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f487c4a44f5604fa3d1da2c0bc57d09e22057973)) ## v2.2.0 (2022-04-12) ### Feature * feat: Bump XML schemas to latest fix version for 1.2-1.4 - see: https://github.com/CycloneDX/specification/issues/122 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`bd2e756`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bd2e756de15c37b34d2866e8de521556420bd5d3)) * feat: bump JSON schemas to latest fix verison for 1.2 and 1.3 - see: - https://github.com/CycloneDX/specification/issues/123 - https://github.com/CycloneDX/specification/issues/84 - https://github.com/CycloneDX/specification/issues/125 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`bd6a088`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bd6a088d51c995c0f08271f56aedb456c60c1a2e)) ### Unknown * 2.2.0 Automatically generated by python-semantic-release ([`67ecfac`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/67ecfacc38817398319ac5d627f2b3a17fb45b3f)) * Merge pull request #207 from CycloneDX/feat/update-schemas feat: Update CycloneDX Schemas to latest patch versions ([`2c55cb5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2c55cb51042694d48a2eccd8e505833196effb59)) * mark schema files as vendored Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a9c3e77`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a9c3e77998e7c05af5ba097891cd05a8cdb89232)) * Merge pull request #191 from CycloneDX/feat/pre-commit-hooks [DEV] Add pre-commit hooks ([`91ceeb1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/91ceeb1fdafddf20af546d383a2fb16393977ef5)) ## v2.1.1 (2022-04-05) ### Fix * fix: prevent error if `version` not set Signed-off-by: Paul Horton <phorton@sonatype.com> ([`b9a84b5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b9a84b5b39fe6cb1560764e86f8bd144f2a901e3)) ### Unknown * 2.1.1 Automatically generated by python-semantic-release ([`f78d608`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f78d6081abc1a8adb80ef0c79a07c624ad9e3a5c)) * Merge pull request #194 from CycloneDX/fix/json-output-version-optional-bug-193 fix: `version` being optional in JSON output can raise error ([`6f7e09a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6f7e09aa4d05a4a2dc60569732f6b2ae5582a154)) ## v2.1.0 (2022-03-28) ### Feature * feat: output errors are verbose Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`bfe8fb1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bfe8fb18825251fd9f146458122aa06137ec27c0)) ### Fix * fix: `version` being optional in JSON output can raise error Signed-off-by: Paul Horton <phorton@sonatype.com> ([`ba0c82f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ba0c82fbde7ba47502c45caf4fa89e9e4381f482)) ### Unknown * 2.1.0 Automatically generated by python-semantic-release ([`c58f8f8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c58f8f8456211fbeac79340b480063791c05f404)) * Merge pull request #198 from CycloneDX/verbose_outout_errors fix: improved output errors - file/directory is now included ([`4618c62`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4618c62da54f90a67d89583d5339ef0532b7813a)) * updated to be more pythonic Signed-off-by: Paul Horton <phorton@sonatype.com> ([`a1bbf00`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a1bbf001ba9546c998062a0201d4e2562607749e)) * doc: added CONTRIBUTING to public docs doc: included pre-commit hooks in CONTRIBUTING Signed-off-by: Paul Horton <phorton@sonatype.com> ([`f38215f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f38215f2b370e14f5629edff1ade97734b3a79cd)) * Merge pull request #182 from CycloneDX/sort-imports style: sort imports ([`aa37e56`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/aa37e56964b35642e2bf92f336a767fba1914e2b)) ## v2.0.0 (2022-02-21) ### Breaking * feat: bump dependencies BREAKING CHANGE: Adopt PEP-3102 BREAKING CHANGE: Optional Lists are now non-optional Sets BREAKING CHANGE: Remove concept of DEFAULT schema version - replaced with LATEST schema version BREAKING CHANGE: Added `BomRef` data type Signed-off-by: Paul Horton <phorton@sonatype.com> ([`da3f0ca`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/da3f0ca3e8b90b37301c03f889eb089bca649b09)) ### Feature * feat: completed work on #155 (#172) fix: resolved #169 (part of #155) feat: as part of solving #155, #147 has been implemented Signed-off-by: Paul Horton <phorton@sonatype.com> ([`a926b34`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a926b34c7facb8b3709936fe00b62a0b80338f31)) * feat: support complete model for `bom.metadata` (#162) * feat: support complete model for `bom.metadata` fix: JSON comparison in unit tests was broken chore: corrected some source license headers Signed-off-by: Paul Horton <phorton@sonatype.com> ([`2938a6c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2938a6c001a5b0b25477241d4ad6601030c55165)) * feat: support for `bom.externalReferences` in JSON and XML #124 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`1b733d7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1b733d75a78e3757010a8049cab5c7d4656dc2a5)) * feat: Complete support for `bom.components` (#155) * fix: implemented correct `__hash__` methods in models (#153) Signed-off-by: Paul Horton <phorton@sonatype.com> ([`32c0139`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/32c01396251834c69a5b23c82a5554faf8447f61)) * feat: support services in XML BOMs feat: support nested services in JSON and XML BOMs Signed-off-by: Paul Horton <phorton@sonatype.com> ([`9edf6c9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9edf6c940d20a44f5b99c557392a9fa4532b332e)) ### Fix * fix: `license_url` not serialised in XML output #179 (#180) Signed-off-by: Paul Horton <phorton@sonatype.com> ([`f014d7c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f014d7c4411de9ed5e9cb877878ae416d85b2d92)) * fix: `Component.bom_ref` is not Optional in our model implementation (in the schema it is) - we generate a UUID if `bom_ref` is not supplied explicitly Signed-off-by: Paul Horton <phorton@sonatype.com> ([`5c954d1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5c954d1e39ce8509ab36e6de7d521927ad3c997c)) * fix: temporary fix for `__hash__` of Component with `properties` #153 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`a51766d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a51766d202c3774003dd7cd8c115b2d9b3da1f50)) * fix: further fix for #150 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`1f55f3e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1f55f3edfeacfc515ef0b5e493c27dd6e14861d6)) * fix: regression introduced by first fix for #150 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`c09e396`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c09e396b98c484d1d3d509a5c41746133fe41276)) * fix: Components with no version (optional since 1.4) produce invalid BOM output in XML #150 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`70d25c8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/70d25c8c162e05a5992761ccddbad617558346d1)) * fix: `expression` not supported in Component Licsnes for version 1.0 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`15b081b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/15b081bd1891566dbe00e18a8b21d3be87154f72)) ### Unknown * 2.0.0 Automatically generated by python-semantic-release ([`a4af3dc`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a4af3dccbddf4ea91b277746d2305fadf6078ed8)) * Merge pull request #148 from CycloneDX/feat/add-bom-services ([`631e400`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/631e4009340f4466fb45f25bbf3ce7ffa4d8adca)) * Merge branch 'main' into feat/add-bom-services ([`9a32351`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9a3235155bd04450c6e520ee6de04b2d6f2c5d0a)) * doc: added RTD badge to README Signed-off-by: Paul Horton <phorton@sonatype.com> ([`b20d9d1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b20d9d1aceebfa8bae21250e6ae39234caffbb0e)) * implemented `__str__` for `BomRef` Signed-off-by: Paul Horton <phorton@sonatype.com> ([`670bde4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/670bde47a8a60db764aa706797f1d8ed7cf2c227)) * Continuation of #170 - missed updating Vulnerability to use `BomRef` (#175) * BREAKING CHANGE: added new model `BomRef` unlocking logic later to ensure uniquness and dependency references Signed-off-by: Paul Horton <phorton@sonatype.com> * updated Vulnerability to also use new `BomRef` model Signed-off-by: Paul Horton <phorton@sonatype.com> ([`0d82c01`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0d82c019afce3e4aefe56bff9607cfd60186c6b0)) * BREAKING CHANGE: added new model `BomRef` unlocking logic later to ensure uniquness and dependency references (#174) Signed-off-by: Paul Horton <phorton@sonatype.com> ([`d189f2c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d189f2c16870deb683e62cd06a6072b008eab05d)) * BREAKING CHANGE: replaced concept of default schema version with latest supported #171 (#173) Signed-off-by: Paul Horton <phorton@sonatype.com> ([`020fcf0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/020fcf03ef3985dac82a38b8810d6d6cd301809c)) * BREAKING CHANGE: Updated default schema version to 1.4 from 1.3 (#164) Signed-off-by: Paul Horton <phorton@sonatype.com> ([`9b6ce4b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9b6ce4bd7b5a2a332e9f01f93db57b78f65af048)) * BREAKING CHANGE: update models to use `Set` rather than `List` (#160) * BREAKING CHANGE: update models to use `Set` and `Iterable` rather than `List[..]` BREAKING CHANGE: update final models to use `@property` wip Signed-off-by: Paul Horton <phorton@sonatype.com> ([`142b8bf`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/142b8bf4dbb2e61d131b7ca2ec332aac472ef3cd)) * removed unnecessary calls to `hash()` in `__hash__()` methods as pointed out by @jkowalleck Signed-off-by: Paul Horton <phorton@sonatype.com> ([`0f1fd6d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0f1fd6dfdd41073cbdbb456cf019c7f2ed9e2175)) * BREAKING CHANGE: adopted PEP-3102 for model classes (#158) Signed-off-by: Paul Horton <phorton@sonatype.com> ([`b3c8d9a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b3c8d9a676190f20dfc4ab1b915c1e53c4ac5a82)) * doc: added page to docs to call out which parts of the specification this library supports Signed-off-by: Paul Horton <phorton@sonatype.com> ([`41a4be0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/41a4be0cedcd26b6645b6e3606cce8e3708c569f)) * attempt to resolve Lift finding Signed-off-by: Paul Horton <phorton@sonatype.com> ([`2090c08`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2090c0868ca82c4b53c6ffc6f439c0d675147601)) * removed unused imports Signed-off-by: Paul Horton <phorton@sonatype.com> ([`a35d540`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a35d540c97b898eb152f453003f46ce0e18b7ea6)) * WIP on `bom.services` * WIP but a lil hand up for @madpah Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> * chore: added missing license header Signed-off-by: Paul Horton <phorton@sonatype.com> * No default values for required fields * Add Services to BOM * Typo fix * aligned classes with standards, commented out Signature work for now, added first tests for Services Signed-off-by: Paul Horton <phorton@sonatype.com> * addressed standards Signed-off-by: Paul Horton <phorton@sonatype.com> * 1.2.0 Automatically generated by python-semantic-release Signed-off-by: Paul Horton <phorton@sonatype.com> * feat: `bom-ref` for Component and Vulnerability default to a UUID (#142) * feat: `bom-ref` for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141 Signed-off-by: Paul Horton <phorton@sonatype.com> * doc: updated documentation to reflect change Signed-off-by: Paul Horton <phorton@sonatype.com> * patched other tests to support UUID for bom-ref Signed-off-by: Paul Horton <phorton@sonatype.com> * better syntax Signed-off-by: Paul Horton <phorton@sonatype.com> * 1.3.0 Automatically generated by python-semantic-release Signed-off-by: Paul Horton <phorton@sonatype.com> * WIP but a lil hand up for @madpah Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> Signed-off-by: Paul Horton <phorton@sonatype.com> * chore: added missing license header Signed-off-by: Paul Horton <phorton@sonatype.com> * aligned classes with standards, commented out Signature work for now, added first tests for Services Signed-off-by: Paul Horton <phorton@sonatype.com> * removed signature from this branch Signed-off-by: Paul Horton <phorton@sonatype.com> * Add Services to BOM * Typo fix * addressed standards Signed-off-by: Paul Horton <phorton@sonatype.com> * resolved typing issues from merge Signed-off-by: Paul Horton <phorton@sonatype.com> * added a bunch more tests for JSON output Signed-off-by: Paul Horton <phorton@sonatype.com> Co-authored-by: Paul Horton <phorton@sonatype.com> Co-authored-by: github-actions <action@github.com> ([`b45ff18`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b45ff187056893c5fb294cbf9de854fd130bb7be)) ## v1.3.0 (2022-01-24) ### Feature * feat: `bom-ref` for Component and Vulnerability default to a UUID (#142) * feat: `bom-ref` for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141 Signed-off-by: Paul Horton <phorton@sonatype.com> * doc: updated documentation to reflect change Signed-off-by: Paul Horton <phorton@sonatype.com> * patched other tests to support UUID for bom-ref Signed-off-by: Paul Horton <phorton@sonatype.com> * better syntax Signed-off-by: Paul Horton <phorton@sonatype.com> ([`3953bb6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3953bb676f423c325ca4d80f3fcee33ad042ad93)) ### Unknown * 1.3.0 Automatically generated by python-semantic-release ([`4178181`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/41781819e2de8f650271e7de11d395fa43939f22)) ## v1.2.0 (2022-01-24) ### Feature * feat: add CPE to component (#138) * Added CPE to component Setting CPE was missing for component, now it is possible to set CPE and output CPE for a component. Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> * Fixing problems with CPE addition - Fixed styling errors - Added reference to CPE Spec - Adding CPE parameter as last parameter to not break arguments Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> * Again fixes for Style and CPE reference Missing in the last commit Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> * Added CPE as argument before deprecated arguments Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> * Added testing for CPE addition and error fixing - Added output tests for CPE in XML and JSON - Fixes style error in components - Fixes order for CPE output in XML (CPE has to come before PURL) Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> * Fixed output tests CPE was still in the wrong position in one of the tests - fixed Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> * Fixed minor test fixtures issues - cpe was still in wrong position in 1.2 JSON - Indentation fixed in 1.4 JSON Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> * Fixed missing comma in JSON 1.2 test file Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> ([`269ee15`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/269ee155f203d5771c56edb92f7279466bf2012f)) ### Unknown * 1.2.0 Automatically generated by python-semantic-release ([`97c215c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/97c215cf0c4e8c315ed84cbcb92b22c6b7bcd8c2)) ## v1.1.1 (2022-01-19) ### Fix * fix: bump dependencies (#136) Signed-off-by: Paul Horton <phorton@sonatype.com> ([`18ec498`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/18ec4987f6aa4a259d30000a19aa6ee1d49681d1)) ### Unknown * 1.1.1 Automatically generated by python-semantic-release ([`dec63de`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/dec63de950e0ad81cbb51373b0e647bce551297e)) ## v1.1.0 (2022-01-13) ### Feature * feat: add support for `bom.metadata.component` (#118) * Add support for metadata component Part of #6 Signed-off-by: Artem Smotrakov <asmotrakov@riotgames.com> * Better docs and simpler ifs Signed-off-by: Artem Smotrakov <asmotrakov@riotgames.com> ([`1ac31f4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1ac31f4cb14b6c466e092ff38ee2aa472c883c5d)) ### Unknown * 1.1.0 Automatically generated by python-semantic-release ([`d4007bd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d4007bd5986173eb2645eebcdd2c6405150f1456)) ## v1.0.0 (2022-01-13) ### Unknown * Manually generated release ([`3509fb6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3509fb643af12cc4393309a006c6bbe63b1bd674)) * Support for CycloneDX schema version 1.4 (#108) BREAKING CHANGE: Support for CycloneDX 1.4. This includes: - Support for `tools` having `externalReferences` - Allowing `version` for a `Component` to be optional in 1.4 - Support for `releaseNotes` per `Component` - Support for the core schema implementation of Vulnerabilities (VEX) Other changes included in this PR: - Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat) - Fixes to ensure schema is adhered to in 1.0 - URI's are now used throughout the library through a new `XsUri` class to provide URI validation - Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/) - `$schema` is now included in JSON BOMs - Concrete Parsers how now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python - Added reference to release of this library on Anaconda Signed-off-by: Paul Horton <phorton@sonatype.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Paul Horton <phorton@sonatype.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`7fb6da9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7fb6da9166050333ae5db7e35ab792b9bdee48d4)) * Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib ([`d26970b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d26970bcc52568645c303f060d71cbc25edbfe78)) * Update CONTRIBUTING.md ([`4448d9b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4448d9b4846a7dfb9eeee355d41fbb100a48d388)) ## v0.12.3 (2021-12-15) ### Fix * fix: removed requirements-parser as dependency (temp) as not available for Python 3 as Wheel (#98) Signed-off-by: Paul Horton <phorton@sonatype.com> ([`3677d9f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3677d9fd584b7c0eb715954bb7b8adc59c0bc9b1)) ### Unknown * 0.12.3 Automatically generated by python-semantic-release ([`cfc9d38`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cfc9d382aea3f69f79d50a4fbb8607346f86ce03)) ## v0.12.2 (2021-12-09) ### Fix * fix: tightened dependency `packageurl-python` (#95) fixes #94 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`eb4ae5c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/eb4ae5ca8842877b780a755b6611feef847bdb8c)) ### Unknown * 0.12.2 Automatically generated by python-semantic-release ([`54b9f74`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/54b9f744be28b53795bd03e78576eed15b70c10a)) ## v0.12.1 (2021-12-09) ### Fix * fix: further loosened dependency definitions see #44 updated some locked dependencies to latest versions Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`8bef6ec`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8bef6ecad36f51a003b266d776c9520d33e06034)) ### Unknown * 0.12.1 Automatically generated by python-semantic-release ([`43fc36e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/43fc36ebc966ac511e5b7dbff9b0bef6f88d5d2c)) ## v0.12.0 (2021-12-09) ### Feature * feat: loosed dependency versions to make this library more consumable * feat: lowering minimum dependency versions Signed-off-by: Paul Horton <phorton@sonatype.com> * feat: lowering minimum dependency versions Signed-off-by: Paul Horton <phorton@sonatype.com> * feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library Signed-off-by: Paul Horton <phorton@sonatype.com> * feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library Signed-off-by: Paul Horton <phorton@sonatype.com> * feat: lowering minimum version for importlib-metadata to 3.4.0 with modified import statement Signed-off-by: Paul Horton <phorton@sonatype.com> ([`55f10fb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/55f10fb5524dafa68112c0836806c27bdd74fcbe)) ### Unknown * 0.12.0 Automatically generated by python-semantic-release ([`1a907ea`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1a907eae0a3436844ffc2782b990c4b502f409e6)) * Merge pull request #88 from CycloneDX/contributing-file initial CONTRIBUTING file ([`20035bb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/20035bb5dde8dd3b619b200aec7037c338b18c74)) * initial CONTRIBUTING file Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`6ffe14d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6ffe14d4d51d246cda66ce99ee20893ede8d017f)) * CHORE: poetry(deps): bump filelock from 3.3.2 to 3.4.0 poetry(deps): bump filelock from 3.3.2 to 3.4.0 ([`e144aa2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e144aa29a0fd61483f4940da08ff542c9c3c3332)) * CHORE: poetry(deps): bump types-setuptools from 57.4.2 to 57.4.4 poetry(deps): bump types-setuptools from 57.4.2 to 57.4.4 ([`5fcdcb7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5fcdcb701a9da5c9a786e0fe690bfd0a8d5d4e0c)) * poetry(deps): bump filelock from 3.3.2 to 3.4.0 Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.3.2 to 3.4.0. - [Release notes](https://github.com/tox-dev/py-filelock/releases) - [Changelog](https://github.com/tox-dev/py-filelock/blob/main/docs/changelog.rst) - [Commits](https://github.com/tox-dev/py-filelock/compare/3.3.2...3.4.0) --- updated-dependencies: - dependency-name: filelock dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> ([`8d4520e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8d4520ee3ee781a3a2f4db879e79e38b40fe4829)) * CHORE: poetry(deps-dev): bump flake8-bugbear from 21.9.2 to 21.11.29 poetry(deps-dev): bump flake8-bugbear from 21.9.2 to 21.11.29 ([`fc6e3ac`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fc6e3acd5a1875a27e3b8037ad3b9a794598c894)) * poetry(deps): bump types-setuptools from 57.4.2 to 57.4.4 Bumps [types-setuptools](https://github.com/python/typeshed) from 57.4.2 to 57.4.4. - [Release notes](https://github.com/python/typeshed/releases) - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-setuptools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> ([`00dcbb8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/00dcbb80d25c00b2b9bd4f6b765275cd956b33fa)) * CHORE: poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2 poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2 ([`28f9676`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/28f96769e653c3b7c76cb07ba1a4ecbbc43ab46c)) * poetry(deps-dev): bump flake8-bugbear from 21.9.2 to 21.11.29 Bumps [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) from 21.9.2 to 21.11.29. - [Release notes](https://github.com/PyCQA/flake8-bugbear/releases) - [Commits](https://github.com/PyCQA/flake8-bugbear/compare/21.9.2...21.11.29) --- updated-dependencies: - dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> ([`1eec2e8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1eec2e8aab5f31f3070be34eccfd8791ef2edcca)) * CHORE: poetry(deps-dev): bump coverage from 6.1.2 to 6.2 poetry(deps-dev): bump coverage from 6.1.2 to 6.2 ([`bdd9365`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bdd93650a64ce2385f4f29bc1f20df6530e9012c)) * CHORE: poetry(deps): bump mako from 1.1.5 to 1.1.6 poetry(deps): bump mako from 1.1.5 to 1.1.6 ([`33d3ecc`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/33d3ecc80f47c947d2fc2b13743471dd6dc941ab)) * poetry(deps-dev): bump coverage from 6.1.2 to 6.2 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.1.2 to 6.2. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/6.1.2...6.2) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> ([`be1af9b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/be1af9b9955a31b6c1a8627010bfd4d932c9f9f1)) * DOCS: fix README shields & links ([`43b1121`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/43b112128acd9e28a47e46d8691ead46e39b288e)) * doc: readme maintenance - shields & links (#72) * README: restructure links Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * README: add lan to fenced code blocks Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * README: fix some formatting Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * README: modernized shields Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * README: harmonize links Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * README: add language to code fences Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * README: markdown fixes Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * README: removed py version shield Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`3d0ea2f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3d0ea2f4c6ee5c2dedf1abb779f46543896fff4a)) * poetry(deps): bump mako from 1.1.5 to 1.1.6 Bumps [mako](https://github.com/sqlalchemy/mako) from 1.1.5 to 1.1.6. - [Release notes](https://github.com/sqlalchemy/mako/releases) - [Changelog](https://github.com/sqlalchemy/mako/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/mako/commits) --- updated-dependencies: - dependency-name: mako dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> ([`3344b86`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3344b862490ecb419c9b1f74bd7548ddcf392329)) * Merge pull request #47 from CycloneDX/dependabot/pip/filelock-3.3.2 poetry(deps): bump filelock from 3.3.1 to 3.3.2 ([`3f967b3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3f967b3d0ec47ba5bcc1cdd8fb29970ba69d7aed)) * FIX: update Conda package parsing to handle `build` containing underscore (#66) * fix: update conda package parsing to handle `build` containing underscore Signed-off-by: Paul Horton <phorton@sonatype.com> * updated some typings Signed-off-by: Paul Horton <phorton@sonatype.com> ([`2c6020a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2c6020a208aa1c0fd13ab337db6343ad1d2d5c43)) * poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2 Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 4.8.1 to 4.8.2. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/CHANGES.rst) - [Commits](https://github.com/python/importlib_metadata/compare/v4.8.1...v4.8.2) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> ([`003f6b4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/003f6b410e0e32e8c454ad157999b031471baf6f)) * poetry(deps): bump filelock from 3.3.1 to 3.3.2 Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.3.1 to 3.3.2. - [Release notes](https://github.com/tox-dev/py-filelock/releases) - [Changelog](https://github.com/tox-dev/py-filelock/blob/main/docs/changelog.rst) - [Commits](https://github.com/tox-dev/py-filelock/compare/3.3.1...3.3.2) --- updated-dependencies: - dependency-name: filelock dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> ([`55022b7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/55022b7a63763436d193cefda6d6a4e0ad36fb40)) * Merge pull request #45 from CycloneDX/dependabot/pip/importlib-resources-5.4.0 poetry(deps): bump importlib-resources from 5.3.0 to 5.4.0 ([`b8acf9f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b8acf9f3e087f37c2f9afded2d8555c053f09a43)) * Merge pull request #70 from CycloneDX/dependabot/pip/pyparsing-3.0.6 poetry(deps): bump pyparsing from 3.0.5 to 3.0.6 ([`faa8628`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/faa862813e27bb4b828f6116c95961b156cd7547)) * Merge pull request #69 from CycloneDX/dependabot/pip/coverage-6.1.2 poetry(deps-dev): bump coverage from 6.1.1 to 6.1.2 ([`eba56dc`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/eba56dc6512304e2956563d173bdb363b785fa50)) * poetry(deps): bump pyparsing from 3.0.5 to 3.0.6 Bumps [pyparsing](https://github.com/pyparsing/pyparsing) from 3.0.5 to 3.0.6. - [Release notes](https://github.com/pyparsing/pyparsing/releases) - [Changelog](https://github.com/pyparsing/pyparsing/blob/master/CHANGES) - [Commits](https://github.com/pyparsing/pyparsing/compare/pyparsing_3.0.5...pyparsing_3.0.6) --- updated-dependencies: - dependency-name: pyparsing dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> ([`4f2b2d8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4f2b2d89291b1c20385ce6431959586acfeab1cd)) * poetry(deps-dev): bump coverage from 6.1.1 to 6.1.2 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.1.1 to 6.1.2. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/6.1.1...6.1.2) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> ([`1d0f5ea`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1d0f5ea2ed5dfb38ce1d1d8170773cb880f228dc)) ## v0.11.1 (2021-11-10) ### Fix * fix: constructor for `Vulnerability` to correctly define `ratings` as optional Signed-off-by: William Woodruff <william@trailofbits.com> ([`395a0ec`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/395a0ec14ebcba8e0849a0ced30ec4163c42fa7a)) ### Unknown * 0.11.1 Automatically generated by python-semantic-release ([`a80f87a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a80f87a588f8b52bfd8e9c5b12edf0fdde56c510)) * FEAT: Support Python 3.10 (#64) * fix: tested with Python 3.10 Signed-off-by: Paul Horton <phorton@sonatype.com> * added trove classifier for Python 3.10 Signed-off-by: Paul Horton <phorton@sonatype.com> * fix: upgrade Poetry version to workaround issue between Poetry and Python 3.10 (see: https://github.com/python-poetry/poetry/issues/4210) Signed-off-by: Paul Horton <phorton@sonatype.com> ([`385b835`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/385b835f44fadb0f227b6a8ac992b0c73afc6ef0)) * poetry(deps): bump importlib-resources from 5.3.0 to 5.4.0 Bumps [importlib-resources](https://github.com/python/importlib_resources) from 5.3.0 to 5.4.0. - [Release notes](https://github.com/python/importlib_resources/releases) - [Changelog](https://github.com/python/importlib_resources/blob/main/CHANGES.rst) - [Commits](https://github.com/python/importlib_resources/compare/v5.3.0...v5.4.0) --- updated-dependencies: - dependency-name: importlib-resources dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> ([`a1dd775`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a1dd7752459b70b432784ec2b7d8a1cb24a916a9)) ## v0.11.0 (2021-11-10) ### Feature * feat: Typing & PEP 561 * adde file for type checkers according to PEP 561 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * added static code analysis as a dev-test Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * added the "typed" trove Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * added `flake8-annotations` to the tests Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * added type hints Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * further typing updates Signed-off-by: Paul Horton <phorton@sonatype.com> * further typing additions and test updates Signed-off-by: Paul Horton <phorton@sonatype.com> * further typing Signed-off-by: Paul Horton <phorton@sonatype.com> * further typing - added type stubs for toml and setuptools Signed-off-by: Paul Horton <phorton@sonatype.com> * further typing Signed-off-by: Paul Horton <phorton@sonatype.com> * typing work Signed-off-by: Paul Horton <phorton@sonatype.com> * coding standards Signed-off-by: Paul Horton <phorton@sonatype.com> * fixed tox and mypy running in correct python version Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * supressed mypy for `cyclonedx.utils.conda.parse_conda_json_to_conda_package` Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * fixed type hints Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * fixed some typing related flaws Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> * added flake8-bugbear for code analysis Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Co-authored-by: Paul Horton <phorton@sonatype.com> ([`9144765`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/91447656c0914ceb2af2e4b7282292ec7b93f5bf)) ### Unknown * 0.11.0 Automatically generated by python-semantic-release ([`7262783`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7262783dbcf5823065670f3f7cbba0ce25b3a4ea)) * Merge pull request #41 from jkowalleck/improv-abstract fixed some abstract definitions ([`f34e2c2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f34e2c2bc7aed20968a5ac69337ed484d097af3b)) * Merge pull request #42 from jkowalleck/improv-pipenv slacked pipenv parser ([`08bc4ab`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/08bc4ab2b01c76d7472a558cae02deab0485c61c)) * Merge pull request #43 from jkowalleck/improv-conda-typehints fixed typehints/docs in `_BaseCondaParser` ([`931016d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/931016d9b700280692903db5aa653d390a80bd63)) * Merge pull request #54 from jkowalleck/create-CODEOWNERS created CODEOWNERS ([`7f28bef`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7f28bef15ed0b9ed6af88286d5f6dcc0726b6feb)) * Merge pull request #56 from CycloneDX/dependabot/pip/py-1.11.0 poetry(deps): bump py from 1.10.0 to 1.11.0 ([`f1cda3c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f1cda3c3ba859336d70da36d4966bc7c247af97a)) * Merge pull request #58 from CycloneDX/dependabot/pip/pyparsing-3.0.5 poetry(deps): bump pyparsing from 2.4.7 to 3.0.5 ([`0525439`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0525439d2237684ce531449d19e60456fc46d26b)) * Merge pull request #19 from CycloneDX/dependabot/pip/zipp-3.6.0 poetry(deps): bump zipp from 3.5.0 to 3.6.0 ([`c54c968`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c54c96853e3325571dee26038e965279d5b9cfe2)) * poetry(deps): bump py from 1.10.0 to 1.11.0 Bumps [py](https://github.com/pytest-dev/py) from 1.10.0 to 1.11.0. - [Release notes](https://github.com/pytest-dev/py/releases) - [Changelog](https://github.com/pytest-dev/py/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/py/compare/1.10.0...1.11.0) --- updated-dependencies: - dependency-name: py dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> ([`330711f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/330711fe911739ac9119a0721f7f7bde6e1389e4)) * Merge pull request #57 from CycloneDX/dependabot/pip/coverage-6.1.1 poetry(deps-dev): bump coverage from 5.5 to 6.1.1 ([`fa55e5c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fa55e5ceef65749ccbf6bd0303db649346c79019)) * poetry(deps): bump pyparsing from 2.4.7 to 3.0.5 Bumps [pyparsing](https://github.com/pyparsing/pyparsing) from 2.4.7 to 3.0.5. - [Release notes](https://github.com/pyparsing/pyparsing/releases) - [Changelog](https://github.com/pyparsing/pyparsing/blob/master/CHANGES) - [Commits](https://github.com/pyparsing/pyparsing/compare/pyparsing_2.4.7...pyparsing_3.0.5) --- updated-dependencies: - dependency-name: pyparsing dependency-type: indirect update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> ([`3bedaff`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3bedaffc7f52026348cc6e2a38ba193ba71d4f29)) * Merge pull request #55 from CycloneDX/dependabot/pip/virtualenv-20.10.0 poetry(deps): bump virtualenv from 20.8.1 to 20.10.0 ([`4c3df85`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4c3df857eba656f1ccb51ba9ad6af2cb49226747)) * CI/CT runs on main & master branch ([`2d0df7b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2d0df7bacf4ead54eee7378ede8626cc93fce3df)) * poetry(deps-dev): bump coverage from 5.5 to 6.1.1 Bumps [coverage](https://github.com/nedbat/coveragepy) from 5.5 to 6.1.1. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/coverage-5.5...6.1.1) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> ([`e322d74`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e322d7476b4a17b012d27c26683809bd1dee86b1)) * poetry(deps): bump virtualenv from 20.8.1 to 20.10.0 Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.8.1 to 20.10.0. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](https://github.com/pypa/virtualenv/compare/20.8.1...20.10.0) --- updated-dependencies: - dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> ([`3927cdc`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3927cdcd2c37af23543832dbfae2d087cb09787c)) * created CODEOWNERS Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e8e499c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e8e499cb2b74f9d7e7afe4d0f00e1725eabb655e)) * fixed typehints/docs in `_BaseCondaParser` Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`af6ddfd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/af6ddfdc8c7cbdd1bade5ea0c89896ca9791eb3d)) * slacked pipenv parser Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a3572ba`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a3572ba61ca537de8efd0855c774819a963cd212)) * fixed some abstract definitions Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`9e67998`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9e67998e53558363b2c76c75f13bb2772fb5a22d)) ## v0.10.2 (2021-10-21) ### Fix * fix: correct way to write utf-8 encoded files Signed-off-by: Paul Horton <phorton@sonatype.com> ([`49f9369`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/49f9369b3eba47a3a8d1bcc505546d7dfaf4c5fe)) ### Unknown * 0.10.2 Automatically generated by python-semantic-release ([`79538e9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/79538e92834e548a3f9697388a47efa3b27da678)) ## v0.10.1 (2021-10-21) ### Fix * fix: ensure output to file is UTF-8 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`a10da20`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a10da20865e90e9a0a5bb1e12fba9cfd23970c39)) * fix: ensure output to file is UTF-8 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`193bf64`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/193bf64cdb19bf6fb9662367402dcf7eaab8dd1a)) ### Unknown * 0.10.1 Automatically generated by python-semantic-release ([`e6451a3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e6451a39ee18fcf49287a8f685df730846e965b7)) * Merge pull request #40 from CycloneDX/fix/issue-39-windows-UnicodeEncodeError FIX: Resolve file encoding issues on Windows ([`48329e0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/48329e033e499f4b9a2c204b2fe5c7c512689605)) * remove memoryview from sha1 file hashing Signed-off-by: Paul Horton <phorton@sonatype.com> ([`a56be0f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a56be0f2044c1c867c383a7ed26f5fce4097d21a)) * added debug to CI to aid understanding of miss matching SHA1 hashes on Windows Signed-off-by: Paul Horton <phorton@sonatype.com> ([`10c6b51`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/10c6b51ec1fb8fc816002fda96e551ff0e430941)) ## v0.10.0 (2021-10-20) ### Feature * feat: add support for Conda Signed-off-by: Paul Horton <phorton@sonatype.com> ([`bd29c78`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bd29c782d39a4956f482b9e4de20d7f829beefba)) ### Unknown * 0.10.0 Automatically generated by python-semantic-release ([`eea3598`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/eea35980ab121899d46178ec10e90058d0e1be45)) * Merge pull request #38 from CycloneDX/feat/conda-support feat: add support for Conda ([`ee5d36d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ee5d36dd677abfb1ba5600b44abf45cb2612b792)) * add support pre Python 3.8 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`2d01116`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2d011165e36d03c8d82c7b92b56f1aeec9c18cd6)) * doc: updated documentation with Conda support (and missed updates for externalReferences) Signed-off-by: Paul Horton <phorton@sonatype.com> ([`57e9dc7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/57e9dc7b2adcfa2bac60a854c91bf77947e8e9cf)) ## v0.9.1 (2021-10-19) ### Fix * fix: missing check for Classifiers in Environment Parser Signed-off-by: Paul Horton <phorton@sonatype.com> ([`b7fa38e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b7fa38e9740bbc5b4c406410df37c3b34818010c)) ### Unknown * 0.9.1 Automatically generated by python-semantic-release ([`f132c92`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f132c92bf38f1c173b381f18817f0f86b6ddde85)) * Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib ([`51a1e50`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/51a1e50aad27c1f862812031be74281e839815df)) ## v0.9.0 (2021-10-19) ### Feature * feat: add support for parsing package licenses when using the `Environment` Parsers Signed-off-by: Paul Horton <phorton@sonatype.com> ([`c414eaf`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c414eafde2abaca1005a2a0af6993fcdc17897d3)) ### Unknown * 0.9.0 Automatically generated by python-semantic-release ([`ad65564`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ad6556462d92381dcd8494ca93496ea796282565)) * Merge pull request #36 from CycloneDX/feat/add-license-support Add support for parsing package licenses from installed packages ([`d45f75b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d45f75b88611ab97f39bde672cbdd9e8ff71dd3e)) ## v0.8.3 (2021-10-14) ### Fix * fix: coding standards violations Signed-off-by: Paul Horton <phorton@sonatype.com> ([`00cd1ca`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/00cd1ca20899b6861b1b959611a3556ffad36832)) * fix: handle `Pipfile.lock` dependencies without an `index` specified fix: multiple fixes in variable scoping to prevent accidental data sharing Signed-off-by: Paul Horton <phorton@sonatype.com> ([`26c62fb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/26c62fb996c4b1b2bf719e10c9072cf4fbadab9f)) ### Unknown * 0.8.3 Automatically generated by python-semantic-release ([`91f9a8b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/91f9a8bb60fe8faddd86268c0ede89cd0caa5a76)) * Merge pull request #34 from CycloneDX/fix/issue-33-pipfile-lock-parse-failure BUG: Fixe for `Pipfile.lock` parsing + accidental data sharing issues identified during testing ([`4079323`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4079323617263886319ddcf80ee1d77909a40b69)) ## v0.8.2 (2021-10-14) ### Fix * fix: add namespace and subpath support to Component to complete PackageURL Spec support Signed-off-by: Paul Horton <phorton@sonatype.com> ([`780adeb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/780adebe3861ef08eb1e8817a5e9e3451c0a2137)) ### Unknown * 0.8.2 Automatically generated by python-semantic-release ([`298318f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/298318fdbf252115f874eb544c2d1f24abb6ab5a)) * Merge pull request #32 from CycloneDX/feat/full-packageurl-support Add `namespace` and `subpath` support to `Component` ([`bb3af91`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bb3af916f1ff0e224d9c197596570bca98ea4525)) ## v0.8.1 (2021-10-12) ### Fix * fix: multiple hashes being created for an externalRefernce which is not as required Signed-off-by: Paul Horton <phorton@sonatype.com> ([`970d192`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/970d19202d13d4becbbf040b3a9fb115dd7a0795)) ### Unknown * 0.8.1 Automatically generated by python-semantic-release ([`70689a2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/70689a21edfd5f17cd2aabc09d4579646a4f1633)) ## v0.8.0 (2021-10-12) ### Feature * feat: add support for `externalReferneces` for `Components` and associated enhancements to parsers to obtain information where possible/known Signed-off-by: Paul Horton <phorton@sonatype.com> ([`a152852`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a152852b361bbb7a69c9f7ab61ae7ea6dcffd214)) ### Unknown * 0.8.0 Automatically generated by python-semantic-release ([`7a49f9d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7a49f9d8cd791e9b1a7e1a8587e589e3b8319ec7)) * Merge pull request #29 from CycloneDX/feat/component-external-references FEATURE: Add support for `externalReferences` against `Component`s ([`bdee0ea`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bdee0ea277d9f378b3a5e225c2ac3d8e20e2c53c)) * doc: notable improvements to API documentation generation (added search, branding, a little styling) Signed-off-by: Paul Horton <phorton@sonatype.com> ([`e7a5b5a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e7a5b5a2c5b5681a75a24e9739d13ead01f362e3)) ## v0.7.0 (2021-10-11) ### Feature * feat: support for pipenv.lock file parsing Signed-off-by: Paul Horton <phorton@sonatype.com> ([`68a2dff`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/68a2dffc770d40f693b6891a580d1f7d8018f71c)) ### Unknown * 0.7.0 Automatically generated by python-semantic-release ([`827bd1c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/827bd1cf2db6cfcffdae98dbd6d24efac63d0cb6)) * Merge pull request #27 from CycloneDX/feat/add-pipenv-support FEATURE: Add `Pipfile.lock` (pipenv) support ([`2c42e2a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2c42e2a616c07eec1f844b4fbc4e1e3b4a0815d8)) * doc: updated README.md to include Pipfile.lock parsing Signed-off-by: Paul Horton <phorton@sonatype.com> ([`2c66834`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2c66834ee6aac75b3e810d13b5a3b41967043252)) ## v0.6.2 (2021-10-11) ### Fix * fix: added ability to add tools in addition to this library when generating CycloneDX + plus fixes relating to multiple BOM instances Signed-off-by: Paul Horton <phorton@sonatype.com> ([`e03a25c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e03a25c3d2a1a0b711204bb26c7b898eadacdcb0)) ### Unknown * 0.6.2 Automatically generated by python-semantic-release ([`e68fbc2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e68fbc2ff5576fc1f5c0444f601c58f40f3cd917)) * Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib ([`2bf2711`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2bf27119e7a1a3716706c28c3fb259496d0de6f1)) ## v0.6.1 (2021-10-11) ### Fix * fix: better methods for checking if a Component is already represented in the BOM, and the ability to get the existing instance Signed-off-by: Paul Horton <phorton@sonatype.com> ([`5fee85f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5fee85fc38376478a1a438d228c632a5d14f4740)) ### Unknown * 0.6.1 Automatically generated by python-semantic-release ([`c530460`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c530460f504939d34e8c73066bfdd252dd95f090)) * Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib ([`eb3a46b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/eb3a46b4365818dec08ea079f47e4abd75ebbd64)) ## v0.6.0 (2021-10-11) ### Feature * feat: helper method for representing a File as a Component taking into account versioning for files as per https://github.com/CycloneDX/cyclonedx.org/issues/34 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`7e0fb3c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7e0fb3c7e32e08cb8667ad11461c7f8208dfdf7f)) * feat: support for non-PyPi Components - PackageURL type is now definable when creating a Component Signed-off-by: Paul Horton <phorton@sonatype.com> ([`fde79e0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fde79e02705bce216e62acd05056b6d2046cde22)) ### Unknown * 0.6.0 Automatically generated by python-semantic-release ([`907cd2d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/907cd2d317f3cfd28febb450959938d09815b9c2)) * Merge pull request #25 from CycloneDX/feat/additions-to-enable-integration-into-checkov Support for representing File as Component ([`63a86b0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/63a86b05aa722078d57f143f35c1f5600396ec7a)) ## v0.5.0 (2021-10-11) ### Build * build: updated dependencies, moved pdoc3 to a dev dependency Signed-off-by: Paul Horton <phorton@sonatype.com> ([`6a9947d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6a9947de1036b63804352e45c035d40658d3db01)) ### Feature * feat: add support for tool(s) that generated the SBOM Signed-off-by: Paul Horton <phorton@sonatype.com> ([`7d1e6ef`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7d1e6ef04d473407b9b4eefc2ef18e6723838f94)) ### Fix * fix: bumped a dependency version Signed-off-by: Paul Horton <phorton@sonatype.com> ([`efc1053`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/efc1053ec9ed3f57711f78f1eca181f7bff0c3bf)) ### Unknown * 0.5.0 Automatically generated by python-semantic-release ([`a655d29`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a655d29ae9a93bdd72fee481d6a0ec8b71f6cce0)) * Merge pull request #20 from CycloneDX/feat/additional-metadata feat: add support for tool(s) that generated the SBOM ([`b33cbf4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b33cbf4cb40179e5710729b89d3c120e69448777)) * fix for Pytho< 3.8 support in tests Signed-off-by: Paul Horton <phorton@sonatype.com> ([`c9b6019`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c9b6019609ae206ba965d0c4f7c06ffcf8835e1d)) * ensure support for Python < 3.8 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`53a82cf`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/53a82cfbe7e828380c31b2441113f318d2a2c99e)) * ensure support for Python < 3.8 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`2a9e56a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2a9e56a7e1e0235a06aa70f7750f1656f9305a8a)) * doc: added documentation Signed-off-by: Paul Horton <phorton@sonatype.com> ([`cf13c68`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cf13c6817552c0a6549ecd7131fdcd437ccc7210)) * poetry(deps): bump zipp from 3.5.0 to 3.6.0 Bumps [zipp](https://github.com/jaraco/zipp) from 3.5.0 to 3.6.0. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/CHANGES.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.5.0...v3.6.0) --- updated-dependencies: - dependency-name: zipp dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> ([`30f2547`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/30f254724b49c7596c58f11ef8f5a182706ef03a)) * doc: bumped gh-action for publishing docs Signed-off-by: Paul Horton <phorton@sonatype.com> ([`ac70eee`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ac70eeed9325892ef9ae44b162d8a3ae43a435cc)) * doc: added documentation to model/bom Signed-off-by: Paul Horton <phorton@sonatype.com> ([`fe98ada`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fe98ada121279f6119f3045abd737cc5b775a30f)) * doc: formatting Signed-off-by: Paul Horton <phorton@sonatype.com> ([`1ad7fb1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1ad7fb117acbec87def897f4dc549dc398decce6)) * doc: added missing docstrings to allow documentation to generate Signed-off-by: Paul Horton <phorton@sonatype.com> ([`ed743d9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ed743d9b90904a6719309de85078657f9e4a48cd)) * Merge pull request #10 from coderpatros/docs Add initial doc generation and publishing ([`7873ad9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7873ad9d3fed8c04b94999c21345ae4ca198e091)) ## v0.4.1 (2021-09-27) ### Build * build: dependencies updated Signed-off-by: Paul Horton <phorton@sonatype.com> ([`0411826`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/04118263c2fed1241c4a9f38cc256542ba543d50)) ### Fix * fix: improved handling for `requirements.txt` content without pinned or declared versions Signed-off-by: Paul Horton <phorton@sonatype.com> ([`7f318cb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7f318cb495ac1754029088cae1ef2574c58da2e5)) ### Unknown * 0.4.1 Automatically generated by python-semantic-release ([`d5b7a2f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d5b7a2fc731b29fd7a3f29fe3c94f14a98a82e69)) * Merge pull request #15 from CycloneDX/fix/issue-14-requirements-unpinned-versions fix: improved handling for `requirements.txt` content without pinned … ([`f248015`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f248015ff9719dd0029f6267067356672f16f8c3)) * Add initial doc generation and publishing Signed-off-by: Patrick Dwyer <patrick.dwyer@owasp.org> ([`cd1b558`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cd1b558fe472895f9332d9844f99e652c14ec41e)) ## v0.4.0 (2021-09-16) ### Feature * feat: support for localising vectors (i.e. stripping out any scheme prefix) Signed-off-by: Paul Horton <phorton@sonatype.com> ([`b9e9e17`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b9e9e17ba1e2c1c9dfe551c61ad5152eebd829ab)) * feat: helper methods for deriving Severity and SourceType Signed-off-by: Paul Horton <phorton@sonatype.com> ([`6a86ec2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6a86ec27c13ff5e413c5a5f96d9b7671646f9388)) ### Fix * fix: removed print call Signed-off-by: Paul Horton <phorton@sonatype.com> ([`8806553`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/880655304c082a88d94d6d50c64d33ad931cc974)) * fix: relaxed typing of parameter to be compatible with Python < 3.9 Signed-off-by: Paul Horton <phorton@sonatype.com> ([`f9c7990`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f9c7990695119969c5055bc92a233030db999b84)) * fix: removed print call Signed-off-by: Paul Horton <phorton@sonatype.com> ([`d272d2e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d272d2ea7d3331bde0660bdc87a6ac3331ae0720)) * fix: remove unused commented out code Signed-off-by: Paul Horton <phorton@sonatype.com> ([`ba4f285`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ba4f285fdbe124c28f7ea60310347cf896540125)) ### Unknown * 0.4.0 Automatically generated by python-semantic-release ([`f441413`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f441413668676c0435b173c01d612e9040d6f6db)) ## v0.3.0 (2021-09-15) ### Feature * feat: adding support for extension schema that descriptions vulnerability disclosures Signed-off-by: Paul Horton <phorton@sonatype.com> ([`d496695`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d4966951ab6c0229171cfe97723421bb0302c4fc)) ### Unknown * 0.3.0 Automatically generated by python-semantic-release ([`a5c3dab`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a5c3dab5818c183bd88385c7ad88e11eb34a0417)) * Merge pull request #5 from CycloneDX/feat/support-schema-extension-vulnerability-1.0 FEATURE: add support for Vulnerability Disclosures ([`6914272`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/69142723935199409f6bf91b68ecf1e91107f165)) * doc: updated README to explain support for Vulnerability Disclosures Signed-off-by: Paul Horton <phorton@sonatype.com> ([`f477bf0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f477bf03fc78cc2652e97cd77a3e7ab66306a39b)) ## v0.2.0 (2021-09-14) ### Feature * feat: added helper method to return a PackageURL object representing a Component Signed-off-by: Paul Horton <phorton@sonatype.com> ([`367bef1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/367bef11bb1a7ede3100acae39581e33d20fa7f5)) ### Fix * fix: whitespace on empty line removed Signed-off-by: Paul Horton <phorton@sonatype.com> ([`cfc952e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cfc952eb5f3feb97a41b6c895657058429da3430)) ### Unknown * 0.2.0 Automatically generated by python-semantic-release ([`866eda7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/866eda764d01ee85778bea662c7556113121137e)) * Merge pull request #4 from CycloneDX/feat/component-as-packageurl fix: whitespace on empty line removed ([`ddc37f3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ddc37f395a1dbace39280a4f7b1074d954414f2d)) * Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib ([`6142d2e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6142d2e3b9b655ebf95b59c93525ce8008851b34)) ## v0.1.0 (2021-09-13) ### Feature * feat: add poetry support Signed-off-by: Paul Horton <phorton@sonatype.com> ([`f3ac42f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f3ac42f298b8d093b0ac368993beba43c58c251a)) ### Unknown * 0.1.0 Automatically generated by python-semantic-release ([`0da668f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0da668f398bef2baee63b0d342063b6dc0eea71a)) * Merge pull request #3 from CycloneDX/feat/poetry-lock-support FEATURE: Adde poetry.lock parser support ([`37ba7c6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/37ba7c61a17881fc02119dcfd7b6e0a7cab48cbf)) * feat(parser) - added support for parsing dependencies from poetry.lock files. Signed-off-by: Paul Horton <phorton@sonatype.com> ([`15bc553`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/15bc5539e2339581f80048a571ca632f17988530)) * fix(parser) parsers were able to share state unexpectedly Signed-off-by: Paul Horton <phorton@sonatype.com> ([`dc59914`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/dc59914e961104d9fcd37822b172d798e68b6ebd)) ## v0.0.11 (2021-09-10) ### Fix * fix(test): test was not updated for revised author statement Signed-off-by: Paul Horton <phorton@sonatype.com> ([`d1c9d37`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d1c9d379a1e92ee49aae8d133e2ad3e117054ec9)) * fix(build): test failure and dependency missing Fixed failing tests due to dependency on now removed VERSION file Added flake8 officially as a DEV dependency to poetry Signed-off-by: Paul Horton <phorton@sonatype.com> ([`9a2cfe9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9a2cfe94386b51acca44ae3bacae319b9b3c8f0d)) * fix(build): removed artefacts associtated with non-poetry build Tidied up project to remove items associated with non-Poetry build process. Also aligned a few references in README to new home of this project under CycloneDX. Signed-off-by: Paul Horton <phorton@sonatype.com> ([`f9119d4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f9119d49e462cf1f7ccca9c50af2936f8962fd6d)) ### Unknown * 0.0.11 Automatically generated by python-semantic-release ([`1c0aa71`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1c0aa716b36e1305b7a3a2b9e2dfd6e5c6ac0011)) * Merge pull request #2 from CycloneDX/fix/tidy-up-build-remove-pip fix(build): removed artefacts associated with non-poetry build ([`b7de7b3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b7de7b3c9ba2c8c824d898ee994169b66b78b07a)) ## v0.0.10 (2021-09-08) ### Fix * fix: add in pypi badge ([`6098c36`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6098c36715b2459d7b04ced5ba6294437576e481)) ### Unknown * 0.0.10 Automatically generated by python-semantic-release ([`245d809`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/245d809c3918d023ae58af2fb352f14912be091c)) ## v0.0.9 (2021-09-08) ### Fix * fix: additional info to poetry, remove circleci ([`2fcfa5a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2fcfa5ac3a7d9d7f372be6d69e1c616b551877df)) ### Unknown * 0.0.9 Automatically generated by python-semantic-release ([`e4a90cf`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e4a90cfc46db3284e1f3e53f6555405fc14dc654)) * Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main ([`69aaba5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/69aaba5f941cbffc40b47d18c6f9dd9dd754b57b)) ## v0.0.8 (2021-09-08) ### Fix * fix: initial release to pypi, tell poetry to include cyclonedx package ([`a030177`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a030177cb1a370713c4438b13b7520ef6afd19f6)) ### Unknown * 0.0.8 Automatically generated by python-semantic-release ([`fc3f24c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fc3f24c13938948c4786ecf8ace3fc241c0f458e)) * Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main ([`da2d18c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/da2d18cd60a781bf097e563466bda0d3e51b9e8f)) ## v0.0.7 (2021-09-08) ### Fix * fix: release with full name ([`4c620ed`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4c620ed053aac8c31343b1ca84ca56912b762ab2)) ### Unknown * 0.0.7 Automatically generated by python-semantic-release ([`19943e8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/19943e8287bbe67031cada6f5377d438f2b033c1)) ## v0.0.6 (2021-09-08) ### Fix * fix: initial release to pypi ([`99687db`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/99687dbec1389bf323bb625bfb707306aa3b8d1a)) ### Unknown * 0.0.6 Automatically generated by python-semantic-release ([`98ad249`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/98ad24950dbb5f5b08db41e1bb4e359f8f0b8b49)) * Switch to using action ([`cce468a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cce468a7004d848ddbaab4affa392bd2f74414dd)) ## v0.0.5 (2021-09-08) ### Unknown * 0.0.5 Automatically generated by python-semantic-release ([`9bf4b9a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9bf4b9a29cc4b0bbdf5771ffc22b918a6081a0a1)) * Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main ([`eeec0bb`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/eeec0bba7d0a615f8384caa50ed95c2240b5a951)) * Try this on for size ([`aa93310`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/aa93310830a86aa441337be34081c46d9475384c)) ## v0.0.4 (2021-09-08) ### Unknown * 0.0.4 Automatically generated by python-semantic-release ([`b16d6c5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b16d6c59495de396c73dfe1ffabcbfd325dfa619)) * Use python3 to install ([`4c810e1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4c810e16b1a93afb923652f66e77ee08ff0ffd49)) ## v0.0.3 (2021-09-08) ### Unknown * 0.0.3 Automatically generated by python-semantic-release ([`05306ee`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/05306ee235df1d7aa662c9323e6186cc3d1129dc)) * Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main ([`f1d120c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f1d120c5dca530424dd79b3303458cc0adbc28de)) * Bump up version of poetry ([`89db268`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/89db2689bbdb94f2f290abe1bf721b163d75001e)) ## v0.0.2 (2021-09-08) ### Unknown * 0.0.2 Automatically generated by python-semantic-release ([`e15dec6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e15dec696bd88d00f5f5fdce74cb407bc65a42e2)) * Remove check for push ([`71b1270`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/71b12709f0fb55852cbb030669a80a5ebd2f2e92)) * Manual deploy workflow ([`9b4ac33`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9b4ac335becf7e7b83cd3fa619c8975b6335f5eb)) * License headers, OWASP etc... ([`559b8d2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/559b8d227e52b6798a71149c87f4090ea1244c85)) * Fixed unit tests pinned to a VERISON. ([`5d907d5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5d907d58e57f2eb7731047a51a88104cb07c1796)) * Bump to version 0.0.2 ([`1050839`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/105083951dc93f28a4816c0c699af7db7f2789d9)) * Implemented writing SBOM to a file. ([`74f4153`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/74f4153d84c3bbdb875eac679fe933b777f90f18)) * Updated badge in README to include Python 3.6+ support. ([`0a5903c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0a5903c56971a19172fe904f02836c5c5e2262db)) * Removed print() statement accidentally left in. ([`22965a7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/22965a707de6db7bb08721809035562be72c69d5)) * Merge pull request #1 from sonatype-nexus-community/features/initial-port-of-v1.1-generation-from-jake Initial port of library code to new library ([`2f2634b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2f2634b86612b4f0d2142b09f3aece588937fcaa)) * Added license headers to all source files. Added classifiers for Python version to setup.py. ([`bb6bb24`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bb6bb24440996257ce609b0f399f930153b65e8e)) * Renamed model file to not reference CycloneDX as the models are agnostic on purpose. ([`03d03ed`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/03d03edfca7bed56d21733120cb5b002a32bb466)) * Forgot to add updated poetry.lock file relfecting Python 3.6+ support ([`5d3d491`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/5d3d49184039a2f41411cd96d5dfcf1544fab05f)) * Updated project to state support from Python v3.6+ ([`619ee1d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/619ee1dfc23f7220a1941c3fa5068761346c84cb)) * Adding Python 3.6 support for test & CI. ([`daa12ba`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/daa12ba8925128da040cf836bc3f16a2126e9091)) * Fixing CircleCI config. ([`a446f4c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a446f4cb197fd40a3065a372108c1719cde91136)) * Fixes to GitHub actions. ([`d2aa277`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d2aa277bce954100adad42e33c095bc1f9ce23cd)) * Disabled Py3.6 checks and added flake8. ([`8c01da3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8c01da3d8f6038fb24df07ab3fb0945c79893e9f)) * Attempt to fix CI's for multiple Python environments. ([`affb6b2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/affb6b2dc7afeaff5b5cd0a1d4f65678394a2ff7)) * Added support for Python versions 3.7+ ([`ae24ba9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ae24ba9c26ddf4ef91937e8489b1894a986724de)) * Added missing ENV var for GH actions. ([`c750ec6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c750ec62411c6d4473d3cc0a33dc96f90a443cef)) * Missed wrapping a coverage command with poetry. ([`3c74c82`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3c74c822445e5aeaaa387c8e5522ca8cd841cfd8)) * Added poetry virtualenv caching + wrapped tox and coverage with poetry to ensure they run in the poetry venv. ([`780e3df`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/780e3dfa043957174e1f79cf450d1ee69d6530d3)) * Fixed typo in Github action. ([`3953675`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/395367531e7a00c086e723a78d059e6016fb242e)) * Correction: Supported Python version in setup.py ([`2f4917b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2f4917ba81f8ddba994a2c5012303bccb307a419)) * Updated poetry dependencies and configuration. ([`75041e5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/75041e51ff684853d7c2b94e5a722a4ec14043fc)) * Initial draft GitHub actions being added. ([`e2403e8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e2403e8c4194be6bee70a58ef86d9acec6de5dbb)) * Added Poetry supprot. ([`e9a67f8`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e9a67f8a405b6c664d2b91bd4966a8ade9902d40)) * Addressing issues reported by flake8. ([`3ad394c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3ad394c14d9cbf3e706f4fe47b6f83938576a2ac)) * Refactored output classes to use multiple inheritance allowing a single place to define which schema version support various attributes and elements. ([`95c5b38`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/95c5b389bb5c8c358420aaf5c62694dcabe663ce)) * Updated README to reflect support for author. ([`bff5954`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bff5954f70967f3605fa6226a223590b89e07313)) * Skeleton support for 'author' + v1.1 and v1.0 for JSON added (along with tests). ([`e987f35`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e987f357314199442ed2c5823575833915dfccb1)) * Corrected typo in README ([`0d2c355`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0d2c35519374b4efddf399dd519e5a1443a56692)) * Updated README to include a summary of the support this library provides across the different schema versions. ([`34f421f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/34f421f4076d16c30ddf291f5c1866c1b623258a)) * Initial support for V1.0 and V1.1 in XML output format. ([`37f6b00`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/37f6b00b7e354b76a9f8f72ed2c1004a0e728319)) * Added 'serialNumber' to SBOMs (JSON and XML). ([`50e3c75`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/50e3c7546b92e3241feefa6dea0fbfa9c1145843)) * Added a bunch more content to the README to explain how the library can be used. ([`bb41dc6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bb41dc6d333f59025aae97c602cbe41343645b20)) * Added metadata initial support to JSON output format. ([`8c5590f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/8c5590fd3c5c59de9a5b6cf49005f4c6e444265d)) * Addition of simple 'metadata' element for XML SBOM's. ([`f9e9773`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/f9e97733b0cc57bbb71341b4ced4ccc8f09b7f28)) * Added initial JSON outputter and associated tests. ([`3e1f5ec`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3e1f5ec9354a779adf44129656a1ccdcffadee6d)) * Fix to generate HTML coverage reports and stash in CircleCI builds. ([`dd88603`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/dd886032b92d491f462d62f269f3df7ed823d436)) * Added HTML coverage report. ([`ce700e5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ce700e5bdff7ce4a8bd5614239b129e59afe2908)) * Missed coverage as a dependency for testing. ([`01643d6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/01643d67f73ec8ee35884d0bcc15c892649f6b72)) * Added coverage reporting for tests ([`c34b1a6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c34b1a63fd7958d2b1060ba51054a55b57228549)) * Added first tests for XML SBOM generation (v1.3 and v1.2). ([`cb4337a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cb4337a1cb14ee62471140add8954dd7c5b6b314)) * WIP: Starting to generate XML output for BOMs ([`35bdfca`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/35bdfca4fc01cdb3fa7ab6fb37b1c05eaa7189ec)) * Updated CircleCI config to run tox. Fixed fomratting in tests. ([`9a56230`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9a5623098ff712df0cefbd2327e8058f9ac74e17)) * Rebasing from main. ([`822ab8b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/822ab8b43a06bf1712d134d44acb136e70134c05)) * Initial skeleton tests for output genereation. ([`a614f3e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a614f3e9cc6210a25daff79e4ec428f15221cc1e)) * pretty badge ([`60e975c`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/60e975c12cdf6c15c9e38585becaf53850609d67)) * initial CI for discussion ([`7e88cd5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7e88cd5920480cd6bde4e72b8b85314242964013)) * Added a little more information to the README. ([`460c624`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/460c62487e66df750a99e10a62bf19bf0baf2e76)) * Fixed issue reported by Flake8. Ensuring tests run on PY 3.9. ([`cce130f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cce130f53a7c73554015ce672cbe8799e863e64b)) * Basic structure without any output generation available (very basic Component definition). ([`6ac5dc2`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/6ac5dc29fb4bc52f66698966e0b570588621be72)) * Added tox config with flake8 and py3.9 support. ([`1def201`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1def2015d3aad4b58980d9b86cca840f19ac4ee6)) * Initially added skeleton packaging structure and official CycloneDX schemas. ([`ac519c9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ac519c9a21bc8e4a75927868f32f29febc648509)) * Added inital blank README prior to branching for initial work. ([`b175f6a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b175f6a9178c510cfa14b5d2788feecfd65d8e94)) * Added inital blank README prior to branching for initial work. ([`e8b5d48`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e8b5d4802079f92da106b8e0a68f9311c328a656)) * Initial commit ([`62353b0`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/62353b0ce57f797bcb9dfd97871e886db8269478)) cyclonedx-python-lib-9.1.0/CODEOWNERS000066400000000000000000000004111476011761300171710ustar00rootroot00000000000000# see https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners # all maintainers are default-reviewers of new pull requests. # see https://github.com/orgs/CycloneDX/teams/python-maintainers * @CycloneDX/python-maintainers cyclonedx-python-lib-9.1.0/CONTRIBUTING.md000066400000000000000000000052201476011761300200320ustar00rootroot00000000000000# Contributing Any contribution is welcome. Please read the [CycloneDX contributing guidelines](https://github.com/CycloneDX/.github/blob/master/CONTRIBUTING.md) first. Pull-requests from forks are welcome. We love to see your purposed changes, but we also like to discuss things first. Please open a ticket and explain your intended changes to the community. And don't forget to mention that discussion in your pull-request later. Find the needed basics here: * [how to fork a repository](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo) * [how create a pull request from a fork](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) ## Setup This project uses [poetry]. Have it installed and setup first. To install dev-dependencies and tools: ```shell poetry install --all-extras ``` ## Code style This project uses [PEP8] Style Guide for Python Code. This project loves sorted imports. Get it all applied via: ```shell poetry run isort . poetry run autopep8 -ir cyclonedx/ tests/ typings/ examples/ ``` This project prefers `f'strings'` over `'string'.format()`. This project prefers `'single quotes'` over `"double quotes"`. This project prefers `lower_snake_case` variable names. ## Documentation This project uses [Sphinx] to generate documentation which is automatically published to [readthedocs.io]. Source for documentation is stored in the `docs` folder in [RST] format. You can generate the documentation locally by running: ```shell cd docs pip install -r requirements.txt make html ``` ## Testing Run all tests in dedicated environments, via: ```shell poetry run tox run ``` See also: [python test snapshots docs](tests/_data/snapshots/README.md) ## Sign off your commits Please sign off your commits, to show that you agree to publish your changes under the current terms and licenses of the project , and to indicate agreement with [Developer Certificate of Origin (DCO)](https://developercertificate.org/). ```shell git commit --signed-off ... ``` ## Pre-commit hooks If you like to take advantage of [pre-commit hooks], you can do so to cover most of the topics on this page when contributing. ```shell pre-commit install ``` All our pre-commit checks will run locally before you can commit! [poetry]: https://python-poetry.org [PEP8]: https://www.python.org/dev/peps/pep-0008 [Sphinx]: https://www.sphinx-doc.org/ [readthedocs.io]: https://cyclonedx-python-library.readthedocs.io/ [RST]: https://en.wikipedia.org/wiki/ReStructuredText [pre-commit hooks]: https://pre-commit.com cyclonedx-python-lib-9.1.0/LICENSE000066400000000000000000000261351476011761300166160ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. cyclonedx-python-lib-9.1.0/NOTICE000066400000000000000000000002231476011761300165030ustar00rootroot00000000000000CycloneDX Python Lib Copyright (c) OWASP Foundation This product includes software developed by the CycloneDX community (https://cyclonedx.org/). cyclonedx-python-lib-9.1.0/README.md000066400000000000000000000103451476011761300170640ustar00rootroot00000000000000# CycloneDX Python Library [![shield_pypi-version]][link_pypi] [![shield_conda-forge-version]][link_conda-forge] [![shield_rtfd]][link_rtfd] [![shield_gh-workflow-test]][link_gh-workflow-test] [![shield_coverage]][link_codacy] [![shield_ossf-best-practices]][link_ossf-best-practices] [![shield_license]][license_file] [![shield_website]][link_website] [![shield_slack]][link_slack] [![shield_groups]][link_discussion] [![shield_twitter-follow]][link_twitter] ---- OWASP [CycloneDX][link_website] is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. This Python package provides data models, validators and more, to help you create/render/read CycloneDX documents. > [!NOTE] > This package is a software library not intended for standalone use. > For generating Software Bill of Materials (SBOM), check out [CycloneDX Python][cyclonedx-python] or [Jake][jake]. ## Documentation Complete documentation is available on [Read the Docs][link_rtfd]. This includes: - Responsibilities & Capabilities - Install Instructions - API Reference - Usage Examples - Integration Guides - Best Practices ## Python Support We endeavour to support all functionality for all [current actively supported Python versions](https://www.python.org/downloads/). However, some features may not be possible/present in older Python versions due to their lack of support. ## Changelog See our [CHANGELOG][chaneglog_file]. ## Contributing Feel free to open issues, bugreports or pull requests. See the [CONTRIBUTING][contributing_file] file for details. ## Copyright & License CycloneDX Python Lib is Copyright (c) OWASP Foundation. All Rights Reserved. Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE][license_file] file for the full license. [cyclonedx-python]: https://github.com/CycloneDX/cyclonedx-python [jake]: https://github.com/sonatype-nexus-community/jake [license_file]: https://github.com/CycloneDX/cyclonedx-python-lib/blob/master/LICENSE [chaneglog_file]: https://github.com/CycloneDX/cyclonedx-python-lib/blob/master/CHANGELOG.md [contributing_file]: https://github.com/CycloneDX/cyclonedx-python-lib/blob/master/CONTRIBUTING.md [shield_gh-workflow-test]: https://img.shields.io/github/actions/workflow/status/CycloneDX/cyclonedx-python-lib/python.yml?branch=main&logo=GitHub&logoColor=white "build" [shield_coverage]: https://img.shields.io/codacy/coverage/1f9d451e9cdc49ce99c2a1247adab341?logo=Codacy&logoColor=white "test coverage" [shield_ossf-best-practices]: https://img.shields.io/cii/percentage/7956?label=OpenSSF%20best%20practices "OpenSSF best practices" [shield_pypi-version]: https://img.shields.io/pypi/v/cyclonedx-python-lib?logo=pypi&logoColor=white&label=PyPI "PyPI" [shield_conda-forge-version]: https://img.shields.io/conda/vn/conda-forge/cyclonedx-python-lib?logo=anaconda&logoColor=white&label=conda-forge "conda-forge" [shield_rtfd]: https://img.shields.io/readthedocs/cyclonedx-python-library?logo=readthedocs&logoColor=white "Read the Docs" [shield_license]: https://img.shields.io/github/license/CycloneDX/cyclonedx-python-lib?logo=open%20source%20initiative&logoColor=white "license" [shield_website]: https://img.shields.io/badge/https://-cyclonedx.org-blue.svg "homepage" [shield_slack]: https://img.shields.io/badge/slack-join-blue?logo=Slack&logoColor=white "slack join" [shield_groups]: https://img.shields.io/badge/discussion-groups.io-blue.svg "groups discussion" [shield_twitter-follow]: https://img.shields.io/badge/Twitter-follow-blue?logo=Twitter&logoColor=white "twitter follow" [link_gh-workflow-test]: https://github.com/CycloneDX/cyclonedx-python-lib/actions/workflows/python.yml?query=branch%3Amain [link_pypi]: https://pypi.org/project/cyclonedx-python-lib/ [link_conda-forge]: https://anaconda.org/conda-forge/cyclonedx-python-lib [link_rtfd]: https://cyclonedx-python-library.readthedocs.io/en/latest/ [link_codacy]: https://app.codacy.com/gh/CycloneDX/cyclonedx-python-lib [link_ossf-best-practices]: https://www.bestpractices.dev/projects/7956 [link_website]: https://cyclonedx.org/ [link_slack]: https://cyclonedx.org/slack/invite [link_discussion]: https://groups.io/g/CycloneDX [link_twitter]: https://twitter.com/CycloneDX_Spec cyclonedx-python-lib-9.1.0/bandit.yml000066400000000000000000000003671476011761300175740ustar00rootroot00000000000000# https://bandit.readthedocs.io # filename must be like this, so codacy can pick it up: https://github.com/codacy/codacy-bandit/blob/master/src/main/scala/codacy/bandit/Bandit.scala#L35C49-L35C59 exclude_dirs: - docs - .venv skips: - B101 cyclonedx-python-lib-9.1.0/cyclonedx/000077500000000000000000000000001476011761300175725ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/cyclonedx/__init__.py000066400000000000000000000016041476011761300217040ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ Python library for CycloneDX """ # !! version is managed by semantic_release # do not use typing here, or else `semantic_release` might have issues finding the variable __version__ = "9.1.0" # noqa:Q000 cyclonedx-python-lib-9.1.0/cyclonedx/_internal/000077500000000000000000000000001476011761300215455ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/cyclonedx/_internal/__init__.py000066400000000000000000000015541476011761300236630ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ !!! ALL SYMBOLS IN HERE ARE INTERNAL. Everything might change without any notice. """ # THIS FILE IS INTENDED TO BE EMPTY. # Put symbols in own modules/packages, not in this file! cyclonedx-python-lib-9.1.0/cyclonedx/_internal/bom_ref.py000066400000000000000000000030001476011761300235210ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ !!! ALL SYMBOLS IN HERE ARE INTERNAL. Everything might change without any notice. """ from typing import Literal, Optional, Union, overload from ..model.bom_ref import BomRef @overload def bom_ref_from_str(bom_ref: BomRef, optional: bool = ...) -> BomRef: ... # pragma: no cover @overload def bom_ref_from_str(bom_ref: Optional[str], optional: Literal[False] = False) -> BomRef: ... # pragma: no cover @overload def bom_ref_from_str(bom_ref: Optional[str], optional: Literal[True] = ...) -> Optional[BomRef]: ... # pragma: no cover def bom_ref_from_str(bom_ref: Optional[Union[str, BomRef]], optional: bool = False) -> Optional[BomRef]: if isinstance(bom_ref, BomRef): return bom_ref if bom_ref: return BomRef(value=str(bom_ref)) return None \ if optional \ else BomRef() cyclonedx-python-lib-9.1.0/cyclonedx/_internal/compare.py000066400000000000000000000050121476011761300235430ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ !!! ALL SYMBOLS IN HERE ARE INTERNAL. Everything might change without any notice. """ from itertools import zip_longest from typing import TYPE_CHECKING, Any, Dict, Optional, Tuple if TYPE_CHECKING: # pragma: no cover from packageurl import PackageURL class ComparableTuple(Tuple[Optional[Any], ...]): """ Allows comparison of tuples, allowing for None values. """ def __lt__(self, other: Any) -> bool: for s, o in zip_longest(self, other): if s == o: continue # the idea is to have any consistent order, not necessarily "natural" order. if s is None: return False if o is None: return True return bool(s < o) return False def __gt__(self, other: Any) -> bool: for s, o in zip_longest(self, other): if s == o: continue # the idea is to have any consistent order, not necessarily "natural" order. if s is None: return True if o is None: return False return bool(s > o) return False class ComparableDict(ComparableTuple): """ Allows comparison of dictionaries, allowing for missing/None values. """ def __new__(cls, d: Dict[Any, Any]) -> 'ComparableDict': return super(ComparableDict, cls).__new__(cls, sorted(d.items())) class ComparablePackageURL(ComparableTuple): """ Allows comparison of PackageURL, allowing for qualifiers. """ def __new__(cls, p: 'PackageURL') -> 'ComparablePackageURL': return super(ComparablePackageURL, cls).__new__(cls, ( p.type, p.namespace, p.version, ComparableDict(p.qualifiers) if isinstance(p.qualifiers, dict) else p.qualifiers, p.subpath )) cyclonedx-python-lib-9.1.0/cyclonedx/_internal/hash.py000066400000000000000000000022761476011761300230510ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ !!! ALL SYMBOLS IN HERE ARE INTERNAL. Everything might change without any notice. """ from hashlib import sha1 def file_sha1sum(filename: str) -> str: """ Generate a SHA1 hash of the provided file. Args: filename: Absolute path to file to hash as `str` Returns: SHA-1 hash """ h = sha1() # nosec B303, B324 with open(filename, 'rb') as f: for byte_block in iter(lambda: f.read(4096), b''): h.update(byte_block) return h.hexdigest() cyclonedx-python-lib-9.1.0/cyclonedx/_internal/time.py000066400000000000000000000016011476011761300230530ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ !!! ALL SYMBOLS IN HERE ARE INTERNAL. Everything might change without any notice. """ from datetime import datetime, timezone def get_now_utc() -> datetime: return datetime.now(tz=timezone.utc) cyclonedx-python-lib-9.1.0/cyclonedx/builder/000077500000000000000000000000001476011761300212205ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/cyclonedx/builder/__init__.py000066400000000000000000000013311476011761300233270ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ Builders used in this library. """ cyclonedx-python-lib-9.1.0/cyclonedx/builder/this.py000066400000000000000000000065741476011761300225550ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """Representation of this very python library.""" __all__ = ['this_component', 'this_tool', ] from .. import __version__ as __ThisVersion # noqa: N812 from ..model import ExternalReference, ExternalReferenceType, XsUri from ..model.component import Component, ComponentType from ..model.license import DisjunctiveLicense, LicenseAcknowledgement from ..model.tool import Tool # !!! keep this file in sync with `pyproject.toml` def this_component() -> Component: """Representation of this very python library as a :class:`Component`.""" return Component( type=ComponentType.LIBRARY, group='CycloneDX', name='cyclonedx-python-lib', version=__ThisVersion or 'UNKNOWN', description='Python library for CycloneDX', licenses=(DisjunctiveLicense(id='Apache-2.0', acknowledgement=LicenseAcknowledgement.DECLARED),), external_references=( # let's assume this is not a fork ExternalReference( type=ExternalReferenceType.WEBSITE, url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib/#readme') ), ExternalReference( type=ExternalReferenceType.DOCUMENTATION, url=XsUri('https://cyclonedx-python-library.readthedocs.io/') ), ExternalReference( type=ExternalReferenceType.VCS, url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib') ), ExternalReference( type=ExternalReferenceType.BUILD_SYSTEM, url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib/actions') ), ExternalReference( type=ExternalReferenceType.ISSUE_TRACKER, url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib/issues') ), ExternalReference( type=ExternalReferenceType.LICENSE, url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE') ), ExternalReference( type=ExternalReferenceType.RELEASE_NOTES, url=XsUri('https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md') ), # we cannot assert where the lib was fetched from, but we can give a hint ExternalReference( type=ExternalReferenceType.DISTRIBUTION, url=XsUri('https://pypi.org/project/cyclonedx-python-lib/') ), ), # to be extended... ) def this_tool() -> Tool: """Representation of this very python library as a :class:`Tool`.""" return Tool.from_component(this_component()) cyclonedx-python-lib-9.1.0/cyclonedx/exception/000077500000000000000000000000001476011761300215705ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/cyclonedx/exception/__init__.py000066400000000000000000000020231476011761300236760ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ Exceptions that are specific to the CycloneDX library implementation. """ class CycloneDxException(Exception): # noqa: N818 """ Root exception thrown by this library. """ pass class MissingOptionalDependencyException(CycloneDxException): # noqa: N818 """Validation did not happen, due to missing dependencies.""" pass cyclonedx-python-lib-9.1.0/cyclonedx/exception/factory.py000066400000000000000000000030621476011761300236120ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ Exceptions relating to specific conditions that occur when factoring a model. """ from . import CycloneDxException class CycloneDxFactoryException(CycloneDxException): """ Base exception that covers all exceptions that may be thrown during model factoring.. """ pass class LicenseChoiceFactoryException(CycloneDxFactoryException): """ Base exception that covers all LicenseChoiceFactory exceptions. """ pass class InvalidSpdxLicenseException(LicenseChoiceFactoryException): """ Thrown when an invalid SPDX License is provided. """ pass class LicenseFactoryException(CycloneDxFactoryException): """ Base exception that covers all LicenseFactory exceptions. """ pass class InvalidLicenseExpressionException(LicenseFactoryException): """ Thrown when an invalid License expressions is provided. """ pass cyclonedx-python-lib-9.1.0/cyclonedx/exception/model.py000066400000000000000000000075441476011761300232540ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ Exceptions relating to specific conditions that occur when modelling CycloneDX BOM. """ from . import CycloneDxException class CycloneDxModelException(CycloneDxException): """ Base exception that covers all exceptions that may be thrown during model creation. """ pass class InvalidLocaleTypeException(CycloneDxModelException): """ Raised when the supplied locale does not conform to ISO-639 specification. Good examples: - en - en-US - en-GB - fr - fr-CA The language code MUST be lowercase. If the country code is specified, the country code MUST be upper case. The language code and country code MUST be separated by a minus sign. """ pass class InvalidNistQuantumSecurityLevelException(CycloneDxModelException): """ Raised when an invalid value is provided for an NIST Quantum Security Level as defined at https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/ evaluation-criteria/security-(evaluation-criteria). """ pass class InvalidOmniBorIdException(CycloneDxModelException): """ Raised when a supplied value for an OmniBOR ID does not meet the format requirements as defined at https://www.iana.org/assignments/uri-schemes/prov/gitoid. """ pass class InvalidRelatedCryptoMaterialSizeException(CycloneDxModelException): """ Raised when the supplied size of a Related Crypto Material is negative. """ pass class InvalidSwhidException(CycloneDxModelException): """ Raised when a supplied value for an Swhid does not meet the format requirements as defined at https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html. """ pass class InvalidUriException(CycloneDxModelException): """ Raised when a `str` is provided that needs to be a valid URI, but isn't. """ pass class MutuallyExclusivePropertiesException(CycloneDxModelException): """ Raised when mutually exclusive properties are provided. """ pass class NoPropertiesProvidedException(CycloneDxModelException): """ Raised when attempting to construct a model class and providing NO values (where all properites are defined as Optional, but at least one is required). """ pass class UnknownComponentDependencyException(CycloneDxModelException): """ Exception raised when a dependency has been noted for a Component that is NOT a Component BomRef in this Bom. """ pass class UnknownHashTypeException(CycloneDxModelException): """ Exception raised when we are unable to determine the type of hash from a composite hash string. """ pass class LicenseExpressionAlongWithOthersException(CycloneDxModelException): """ Exception raised when a LicenseExpression was detected along with other licenses. If a LicenseExpression exists, than it must stand alone. See https://github.com/CycloneDX/specification/pull/205 """ pass class InvalidCreIdException(CycloneDxModelException): """ Raised when a supplied value for an CRE ID does not meet the format requirements as defined at https://opencre.org/ """ pass cyclonedx-python-lib-9.1.0/cyclonedx/exception/output.py000066400000000000000000000022421476011761300235020ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ Exceptions that are for specific error scenarios during the output of a Model to a SBOM. """ from . import CycloneDxException class BomGenerationErrorException(CycloneDxException): """ Raised if there is an unknown error. """ pass class FormatNotSupportedException(CycloneDxException): """ Exception raised when attempting to output a BOM to a format not supported in the requested version. For example, JSON is not supported prior to 1.2. """ pass cyclonedx-python-lib-9.1.0/cyclonedx/exception/serialization.py000066400000000000000000000033641476011761300250250ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ Exceptions relating to specific conditions that occur when (de)serializing/(de)normalizing CycloneDX BOM. """ from . import CycloneDxException class CycloneDxSerializationException(CycloneDxException): """ Base exception that covers all exceptions that may be thrown during model serializing/normalizing. """ pass class CycloneDxDeserializationException(CycloneDxException): """ Base exception that covers all exceptions that may be thrown during model deserializing/denormalizing. """ pass class SerializationOfUnsupportedComponentTypeException(CycloneDxSerializationException): """ Raised when attempting serializing/normalizing a :py:class:`cyclonedx.model.component.Component` to a :py:class:`cyclonedx.schema.schema.BaseSchemaVersion` which does not support that :py:class:`cyclonedx.model.component.ComponentType` . """ class SerializationOfUnexpectedValueException(CycloneDxSerializationException, ValueError): """ Raised when attempting serializing/normalizing a type that is not expected there. """ cyclonedx-python-lib-9.1.0/cyclonedx/factory/000077500000000000000000000000001476011761300212415ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/cyclonedx/factory/__init__.py000066400000000000000000000013321476011761300233510ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ Factories used in this library. """ cyclonedx-python-lib-9.1.0/cyclonedx/factory/license.py000066400000000000000000000101551476011761300232370ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from typing import TYPE_CHECKING, Optional from ..exception.factory import InvalidLicenseExpressionException, InvalidSpdxLicenseException from ..model.license import DisjunctiveLicense, LicenseExpression from ..spdx import fixup_id as spdx_fixup, is_expression as is_spdx_expression if TYPE_CHECKING: # pragma: no cover from ..model import AttachedText, XsUri from ..model.license import License, LicenseAcknowledgement class LicenseFactory: """Factory for :class:`cyclonedx.model.license.License`.""" def make_from_string(self, value: str, *, license_text: Optional['AttachedText'] = None, license_url: Optional['XsUri'] = None, license_acknowledgement: Optional['LicenseAcknowledgement'] = None ) -> 'License': """Make a :class:`cyclonedx.model.license.License` from a string.""" try: return self.make_with_id(value, text=license_text, url=license_url, acknowledgement=license_acknowledgement) except InvalidSpdxLicenseException: pass try: return self.make_with_expression(value, acknowledgement=license_acknowledgement) except InvalidLicenseExpressionException: pass return self.make_with_name(value, text=license_text, url=license_url, acknowledgement=license_acknowledgement) def make_with_expression(self, expression: str, *, acknowledgement: Optional['LicenseAcknowledgement'] = None ) -> LicenseExpression: """Make a :class:`cyclonedx.model.license.LicenseExpression` with a compound expression. Utilizes :func:`cyclonedx.spdx.is_expression`. :raises InvalidLicenseExpressionException: if param `value` is not known/supported license expression """ if is_spdx_expression(expression): return LicenseExpression(expression, acknowledgement=acknowledgement) raise InvalidLicenseExpressionException(expression) def make_with_id(self, spdx_id: str, *, text: Optional['AttachedText'] = None, url: Optional['XsUri'] = None, acknowledgement: Optional['LicenseAcknowledgement'] = None ) -> DisjunctiveLicense: """Make a :class:`cyclonedx.model.license.DisjunctiveLicense` from an SPDX-ID. :raises InvalidSpdxLicenseException: if param `spdx_id` was not known/supported SPDX-ID """ spdx_license_id = spdx_fixup(spdx_id) if spdx_license_id is None: raise InvalidSpdxLicenseException(spdx_id) return DisjunctiveLicense(id=spdx_license_id, text=text, url=url, acknowledgement=acknowledgement) def make_with_name(self, name: str, *, text: Optional['AttachedText'] = None, url: Optional['XsUri'] = None, acknowledgement: Optional['LicenseAcknowledgement'] = None ) -> DisjunctiveLicense: """Make a :class:`cyclonedx.model.license.DisjunctiveLicense` with a name.""" return DisjunctiveLicense(name=name, text=text, url=url, acknowledgement=acknowledgement) cyclonedx-python-lib-9.1.0/cyclonedx/model/000077500000000000000000000000001476011761300206725ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/cyclonedx/model/__init__.py000066400000000000000000001202071476011761300230050ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ Uniform set of models to represent objects within a CycloneDX software bill-of-materials. You can either create a `cyclonedx.model.bom.Bom` yourself programmatically, or generate a `cyclonedx.model.bom.Bom` from a `cyclonedx.parser.BaseParser` implementation. """ import re from datetime import datetime from enum import Enum from functools import reduce from json import loads as json_loads from typing import Any, Dict, FrozenSet, Generator, Iterable, List, Optional, Tuple, Type, Union from urllib.parse import quote as url_quote from uuid import UUID from warnings import warn from xml.etree.ElementTree import Element as XmlElement # nosec B405 import py_serializable as serializable from sortedcontainers import SortedSet from .._internal.compare import ComparableTuple as _ComparableTuple from ..exception.model import InvalidLocaleTypeException, InvalidUriException, UnknownHashTypeException from ..exception.serialization import CycloneDxDeserializationException, SerializationOfUnexpectedValueException from ..schema.schema import ( SchemaVersion1Dot0, SchemaVersion1Dot1, SchemaVersion1Dot2, SchemaVersion1Dot3, SchemaVersion1Dot4, SchemaVersion1Dot5, SchemaVersion1Dot6, ) from .bom_ref import BomRef _BOM_LINK_PREFIX = 'urn:cdx:' @serializable.serializable_enum class DataFlow(str, Enum): """ This is our internal representation of the dataFlowType simple type within the CycloneDX standard. .. note:: See the CycloneDX Schema: https://cyclonedx.org/docs/1.6/xml/#type_dataFlowType """ INBOUND = 'inbound' OUTBOUND = 'outbound' BI_DIRECTIONAL = 'bi-directional' UNKNOWN = 'unknown' @serializable.serializable_class class DataClassification: """ This is our internal representation of the `dataClassificationType` complex type within the CycloneDX standard. DataClassification might be deprecated since CycloneDX 1.5, but it is not deprecated in this library. In fact, this library will try to provide a compatibility layer if needed. .. note:: See the CycloneDX Schema for dataClassificationType: https://cyclonedx.org/docs/1.6/xml/#type_dataClassificationType """ def __init__( self, *, flow: DataFlow, classification: str, ) -> None: self.flow = flow self.classification = classification @property @serializable.xml_attribute() def flow(self) -> DataFlow: """ Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. - Inbound flow states that data enters the service - Outbound flow states that data leaves the service - Bi-directional states that data flows both ways - Unknown states that the direction is not known Returns: `DataFlow` """ return self._flow @flow.setter def flow(self, flow: DataFlow) -> None: self._flow = flow @property @serializable.xml_name('.') @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def classification(self) -> str: """ Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed. Returns: `str` """ return self._classification @classification.setter def classification(self, classification: str) -> None: self._classification = classification def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.flow, self.classification )) def __eq__(self, other: object) -> bool: if isinstance(other, DataClassification): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: object) -> bool: if isinstance(other, DataClassification): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_enum class Encoding(str, Enum): """ This is our internal representation of the encoding simple type within the CycloneDX standard. .. note:: See the CycloneDX Schema: https://cyclonedx.org/docs/1.6/#type_encoding """ BASE_64 = 'base64' @serializable.serializable_class class AttachedText: """ This is our internal representation of the `attachedTextType` complex type within the CycloneDX standard. .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_attachedTextType """ DEFAULT_CONTENT_TYPE = 'text/plain' def __init__( self, *, content: str, content_type: str = DEFAULT_CONTENT_TYPE, encoding: Optional[Encoding] = None, ) -> None: self.content_type = content_type self.encoding = encoding self.content = content @property @serializable.xml_attribute() @serializable.xml_name('content-type') @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def content_type(self) -> str: """ Specifies the content type of the text. Defaults to text/plain if not specified. Returns: `str` """ return self._content_type @content_type.setter def content_type(self, content_type: str) -> None: self._content_type = content_type @property @serializable.xml_attribute() def encoding(self) -> Optional[Encoding]: """ Specifies the optional encoding the text is represented in. Returns: `Encoding` if set else `None` """ return self._encoding @encoding.setter def encoding(self, encoding: Optional[Encoding]) -> None: self._encoding = encoding @property @serializable.xml_name('.') def content(self) -> str: """ The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text. Returns: `str` """ return self._content @content.setter def content(self, content: str) -> None: self._content = content def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.content_type, self.encoding, self.content, )) def __eq__(self, other: object) -> bool: if isinstance(other, AttachedText): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, AttachedText): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_enum class HashAlgorithm(str, Enum): """ This is our internal representation of the hashAlg simple type within the CycloneDX standard. .. note:: See the CycloneDX Schema: https://cyclonedx.org/docs/1.6/#type_hashAlg """ # see `_HashTypeRepositorySerializationHelper.__CASES` for view/case map BLAKE2B_256 = 'BLAKE2b-256' # Only supported in >= 1.2 BLAKE2B_384 = 'BLAKE2b-384' # Only supported in >= 1.2 BLAKE2B_512 = 'BLAKE2b-512' # Only supported in >= 1.2 BLAKE3 = 'BLAKE3' # Only supported in >= 1.2 MD5 = 'MD5' SHA_1 = 'SHA-1' SHA_256 = 'SHA-256' SHA_384 = 'SHA-384' SHA_512 = 'SHA-512' SHA3_256 = 'SHA3-256' SHA3_384 = 'SHA3-384' # Only supported in >= 1.2 SHA3_512 = 'SHA3-512' class _HashTypeRepositorySerializationHelper(serializable.helpers.BaseHelper): """ THIS CLASS IS NON-PUBLIC API """ __CASES: Dict[Type[serializable.ViewType], FrozenSet[HashAlgorithm]] = dict() __CASES[SchemaVersion1Dot0] = frozenset({ HashAlgorithm.MD5, HashAlgorithm.SHA_1, HashAlgorithm.SHA_256, HashAlgorithm.SHA_384, HashAlgorithm.SHA_512, HashAlgorithm.SHA3_256, HashAlgorithm.SHA3_512, }) __CASES[SchemaVersion1Dot1] = __CASES[SchemaVersion1Dot0] __CASES[SchemaVersion1Dot2] = __CASES[SchemaVersion1Dot1] | { HashAlgorithm.BLAKE2B_256, HashAlgorithm.BLAKE2B_384, HashAlgorithm.BLAKE2B_512, HashAlgorithm.BLAKE3, HashAlgorithm.SHA3_384, } __CASES[SchemaVersion1Dot3] = __CASES[SchemaVersion1Dot2] __CASES[SchemaVersion1Dot4] = __CASES[SchemaVersion1Dot3] __CASES[SchemaVersion1Dot5] = __CASES[SchemaVersion1Dot4] __CASES[SchemaVersion1Dot6] = __CASES[SchemaVersion1Dot5] @classmethod def __prep(cls, hts: Iterable['HashType'], view: Type[serializable.ViewType]) -> Generator['HashType', None, None]: cases = cls.__CASES.get(view, ()) for ht in hts: if ht.alg in cases: yield ht else: warn(f'serialization omitted due to unsupported HashAlgorithm: {ht!r}', category=UserWarning, stacklevel=0) @classmethod def json_normalize(cls, o: Iterable['HashType'], *, view: Optional[Type[serializable.ViewType]], **__: Any) -> List[Any]: assert view is not None return [ json_loads( ht.as_json( # type:ignore[attr-defined] view_=view) ) for ht in cls.__prep(o, view) ] @classmethod def xml_normalize(cls, o: Iterable['HashType'], *, element_name: str, view: Optional[Type[serializable.ViewType]], xmlns: Optional[str], **__: Any) -> XmlElement: assert view is not None elem = XmlElement(element_name) elem.extend( ht.as_xml( # type:ignore[attr-defined] view_=view, as_string=False, element_name='hash', xmlns=xmlns ) for ht in cls.__prep(o, view) ) return elem @classmethod def json_denormalize(cls, o: Any, **__: Any) -> List['HashType']: return [ HashType.from_json( # type:ignore[attr-defined] ht) for ht in o ] @classmethod def xml_denormalize(cls, o: 'XmlElement', *, default_ns: Optional[str], **__: Any) -> List['HashType']: return [ HashType.from_xml( # type:ignore[attr-defined] ht, default_ns) for ht in o ] _MAP_HASHLIB: Dict[str, HashAlgorithm] = { # from hashlib.algorithms_guaranteed 'md5': HashAlgorithm.MD5, 'sha1': HashAlgorithm.SHA_1, # sha224: 'sha256': HashAlgorithm.SHA_256, 'sha384': HashAlgorithm.SHA_384, 'sha512': HashAlgorithm.SHA_512, # blake2b: # blake2s: # sha3_224: 'sha3_256': HashAlgorithm.SHA3_256, 'sha3_384': HashAlgorithm.SHA3_384, 'sha3_512': HashAlgorithm.SHA3_512, # shake_128: # shake_256: } @serializable.serializable_class class HashType: """ This is our internal representation of the hashType complex type within the CycloneDX standard. .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_hashType """ @staticmethod def from_hashlib_alg(hashlib_alg: str, content: str) -> 'HashType': """ Attempts to convert a hashlib-algorithm to our internal model classes. Args: hashlib_alg: Hash algorith - like it is used by `hashlib`. Example: `sha256`. content: Hash value. Raises: `UnknownHashTypeException` if the algorithm of hash cannot be determined. Returns: An instance of `HashType`. """ alg = _MAP_HASHLIB.get(hashlib_alg.lower()) if alg is None: raise UnknownHashTypeException(f'Unable to determine hash alg for {hashlib_alg!r}') return HashType(alg=alg, content=content) @staticmethod def from_composite_str(composite_hash: str) -> 'HashType': """ Attempts to convert a string which includes both the Hash Algorithm and Hash Value and represent using our internal model classes. Args: composite_hash: Composite Hash string of the format `HASH_ALGORITHM`:`HASH_VALUE`. Example: `sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b`. Valid case insensitive prefixes are: `md5`, `sha1`, `sha256`, `sha384`, `sha512`, `blake2b256`, `blake2b384`, `blake2b512`, `blake2256`, `blake2384`, `blake2512`, `sha3-256`, `sha3-384`, `sha3-512`, `blake3`. Raises: `UnknownHashTypeException` if the type of hash cannot be determined. Returns: An instance of `HashType`. """ parts = composite_hash.split(':') algorithm_prefix = parts[0].lower() if algorithm_prefix == 'md5': return HashType( alg=HashAlgorithm.MD5, content=parts[1].lower() ) elif algorithm_prefix[0:4] == 'sha3': return HashType( alg=getattr(HashAlgorithm, f'SHA3_{algorithm_prefix[5:]}'), content=parts[1].lower() ) elif algorithm_prefix == 'sha1': return HashType( alg=HashAlgorithm.SHA_1, content=parts[1].lower() ) elif algorithm_prefix[0:3] == 'sha': # This is actually SHA2... return HashType( alg=getattr(HashAlgorithm, f'SHA_{algorithm_prefix[3:]}'), content=parts[1].lower() ) elif algorithm_prefix[0:7] == 'blake2b': return HashType( alg=getattr(HashAlgorithm, f'BLAKE2B_{algorithm_prefix[7:]}'), content=parts[1].lower() ) elif algorithm_prefix[0:6] == 'blake2': return HashType( alg=getattr(HashAlgorithm, f'BLAKE2B_{algorithm_prefix[6:]}'), content=parts[1].lower() ) elif algorithm_prefix[0:6] == 'blake3': return HashType( alg=HashAlgorithm.BLAKE3, content=parts[1].lower() ) raise UnknownHashTypeException(f'Unable to determine hash type from {composite_hash!r}') def __init__( self, *, alg: HashAlgorithm, content: str, ) -> None: self.alg = alg self.content = content @property @serializable.xml_attribute() def alg(self) -> HashAlgorithm: """ Specifies the algorithm used to create the hash. Returns: `HashAlgorithm` """ return self._alg @alg.setter def alg(self, alg: HashAlgorithm) -> None: self._alg = alg @property @serializable.xml_name('.') @serializable.xml_string(serializable.XmlStringSerializationType.TOKEN) def content(self) -> str: """ Hash value content. Returns: `str` """ return self._content @content.setter def content(self, content: str) -> None: self._content = content def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.alg, self.content )) def __eq__(self, other: object) -> bool: if isinstance(other, HashType): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, HashType): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_enum class ExternalReferenceType(str, Enum): """ Enum object that defines the permissible 'types' for an External Reference according to the CycloneDX schema. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_externalReferenceType """ # see `_ExternalReferenceSerializationHelper.__CASES` for view/case map ADVERSARY_MODEL = 'adversary-model' # Only supported in >= 1.5 ADVISORIES = 'advisories' ATTESTATION = 'attestation' # Only supported in >= 1.5 BOM = 'bom' BUILD_META = 'build-meta' BUILD_SYSTEM = 'build-system' CERTIFICATION_REPORT = 'certification-report' # Only supported in >= 1.5 CHAT = 'chat' CODIFIED_INFRASTRUCTURE = 'codified-infrastructure' # Only supported in >= 1.5 COMPONENT_ANALYSIS_REPORT = 'component-analysis-report' # Only supported in >= 1.5 CONFIGURATION = 'configuration' # Only supported in >= 1.5 DIGITAL_SIGNATURE = 'digital-signature' # Only supported in >= 1.6 DISTRIBUTION = 'distribution' DISTRIBUTION_INTAKE = 'distribution-intake' # Only supported in >= 1.5 DOCUMENTATION = 'documentation' DYNAMIC_ANALYSIS_REPORT = 'dynamic-analysis-report' # Only supported in >= 1.5 ELECTRONIC_SIGNATURE = 'electronic-signature' # Only supported in >= 1.6 EVIDENCE = 'evidence' # Only supported in >= 1.5 EXPLOITABILITY_STATEMENT = 'exploitability-statement' # Only supported in >= 1.5 FORMULATION = 'formulation' # Only supported in >= 1.5 ISSUE_TRACKER = 'issue-tracker' LICENSE = 'license' LOG = 'log' # Only supported in >= 1.5 MAILING_LIST = 'mailing-list' MATURITY_REPORT = 'maturity-report' # Only supported in >= 1.5 MODEL_CARD = 'model-card' # Only supported in >= 1.5 PENTEST_REPORT = 'pentest-report' # Only supported in >= 1.5 POAM = 'poam' # Only supported in >= 1.5 QUALITY_METRICS = 'quality-metrics' # Only supported in >= 1.5 RELEASE_NOTES = 'release-notes' # Only supported in >= 1.4 RFC_9166 = 'rfc-9116' # Only supported in >= 1.6 RISK_ASSESSMENT = 'risk-assessment' # Only supported in >= 1.5 RUNTIME_ANALYSIS_REPORT = 'runtime-analysis-report' # Only supported in >= 1.5 SECURITY_CONTACT = 'security-contact' # Only supported in >= 1.5 STATIC_ANALYSIS_REPORT = 'static-analysis-report' # Only supported in >= 1.5 SOCIAL = 'social' SOURCE_DISTRIBUTION = 'source-distribution' # Only supported in >= 1.6 SCM = 'vcs' SUPPORT = 'support' THREAT_MODEL = 'threat-model' # Only supported in >= 1.5 VCS = 'vcs' VULNERABILITY_ASSERTION = 'vulnerability-assertion' # Only supported in >= 1.5 WEBSITE = 'website' # -- OTHER = 'other' class _ExternalReferenceSerializationHelper(serializable.helpers.BaseHelper): """ THIS CLASS IS NON-PUBLIC API """ __CASES: Dict[Type[serializable.ViewType], FrozenSet[ExternalReferenceType]] = dict() __CASES[SchemaVersion1Dot1] = frozenset({ ExternalReferenceType.VCS, ExternalReferenceType.ISSUE_TRACKER, ExternalReferenceType.WEBSITE, ExternalReferenceType.ADVISORIES, ExternalReferenceType.BOM, ExternalReferenceType.MAILING_LIST, ExternalReferenceType.SOCIAL, ExternalReferenceType.CHAT, ExternalReferenceType.DOCUMENTATION, ExternalReferenceType.SUPPORT, ExternalReferenceType.DISTRIBUTION, ExternalReferenceType.LICENSE, ExternalReferenceType.BUILD_META, ExternalReferenceType.BUILD_SYSTEM, ExternalReferenceType.OTHER, }) __CASES[SchemaVersion1Dot2] = __CASES[SchemaVersion1Dot1] __CASES[SchemaVersion1Dot3] = __CASES[SchemaVersion1Dot2] __CASES[SchemaVersion1Dot4] = __CASES[SchemaVersion1Dot3] | { ExternalReferenceType.RELEASE_NOTES } __CASES[SchemaVersion1Dot5] = __CASES[SchemaVersion1Dot4] | { ExternalReferenceType.DISTRIBUTION_INTAKE, ExternalReferenceType.SECURITY_CONTACT, ExternalReferenceType.MODEL_CARD, ExternalReferenceType.LOG, ExternalReferenceType.CONFIGURATION, ExternalReferenceType.EVIDENCE, ExternalReferenceType.FORMULATION, ExternalReferenceType.ATTESTATION, ExternalReferenceType.THREAT_MODEL, ExternalReferenceType.ADVERSARY_MODEL, ExternalReferenceType.RISK_ASSESSMENT, ExternalReferenceType.VULNERABILITY_ASSERTION, ExternalReferenceType.EXPLOITABILITY_STATEMENT, ExternalReferenceType.PENTEST_REPORT, ExternalReferenceType.STATIC_ANALYSIS_REPORT, ExternalReferenceType.DYNAMIC_ANALYSIS_REPORT, ExternalReferenceType.RUNTIME_ANALYSIS_REPORT, ExternalReferenceType.COMPONENT_ANALYSIS_REPORT, ExternalReferenceType.MATURITY_REPORT, ExternalReferenceType.CERTIFICATION_REPORT, ExternalReferenceType.QUALITY_METRICS, ExternalReferenceType.CODIFIED_INFRASTRUCTURE, ExternalReferenceType.POAM, } __CASES[SchemaVersion1Dot6] = __CASES[SchemaVersion1Dot5] | { ExternalReferenceType.SOURCE_DISTRIBUTION, ExternalReferenceType.ELECTRONIC_SIGNATURE, ExternalReferenceType.DIGITAL_SIGNATURE, ExternalReferenceType.RFC_9166, } @classmethod def __normalize(cls, extref: ExternalReferenceType, view: Type[serializable.ViewType]) -> str: return ( extref if extref in cls.__CASES.get(view, ()) else ExternalReferenceType.OTHER ).value @classmethod def json_normalize(cls, o: Any, *, view: Optional[Type[serializable.ViewType]], **__: Any) -> str: assert view is not None return cls.__normalize(o, view) @classmethod def xml_normalize(cls, o: Any, *, view: Optional[Type[serializable.ViewType]], **__: Any) -> str: assert view is not None return cls.__normalize(o, view) @classmethod def deserialize(cls, o: Any) -> ExternalReferenceType: return ExternalReferenceType(o) @serializable.serializable_class class XsUri(serializable.helpers.BaseHelper): """ Helper class that allows us to perform validation on data strings that are defined as xs:anyURI in CycloneDX schema. Developers can just use this via `str(XsUri('https://www.google.com'))`. .. note:: See XSD definition for xsd:anyURI: http://www.datypic.com/sc/xsd/t-xsd_anyURI.html See JSON Schema definition for iri-reference: https://tools.ietf.org/html/rfc3987 """ _INVALID_URI_REGEX = re.compile(r'%(?![0-9A-F]{2})|#.*#', re.IGNORECASE + re.MULTILINE) __SPEC_REPLACEMENTS = ( (' ', '%20'), ('"', '%22'), ("'", '%27'), ('[', '%5B'), (']', '%5D'), ('<', '%3C'), ('>', '%3E'), ('{', '%7B'), ('}', '%7D'), ) @staticmethod def __spec_replace(v: str, r: Tuple[str, str]) -> str: return v.replace(*r) @classmethod def _spec_migrate(cls, o: str) -> str: """ Make a string valid to - XML::anyURI spec. - JSON::iri-reference spec. BEST EFFORT IMPLEMENTATION @see http://www.w3.org/TR/xmlschema-2/#anyURI @see http://www.datypic.com/sc/xsd/t-xsd_anyURI.html @see https://datatracker.ietf.org/doc/html/rfc2396 @see https://datatracker.ietf.org/doc/html/rfc3987 """ return reduce(cls.__spec_replace, cls.__SPEC_REPLACEMENTS, o) def __init__(self, uri: str) -> None: if re.search(XsUri._INVALID_URI_REGEX, uri): raise InvalidUriException( f"Supplied value '{uri}' does not appear to be a valid URI." ) self._uri = self._spec_migrate(uri) def __eq__(self, other: Any) -> bool: if isinstance(other, XsUri): return self._uri == other._uri return False def __lt__(self, other: Any) -> bool: if isinstance(other, XsUri): return self._uri < other._uri return NotImplemented def __hash__(self) -> int: return hash(self._uri) def __repr__(self) -> str: return f'' def __str__(self) -> str: return self._uri @property @serializable.json_name('.') @serializable.xml_name('.') def uri(self) -> str: return self._uri @classmethod def serialize(cls, o: Any) -> str: if isinstance(o, XsUri): return str(o) raise SerializationOfUnexpectedValueException( f'Attempt to serialize a non-XsUri: {o!r}') @classmethod def deserialize(cls, o: Any) -> 'XsUri': try: return XsUri(uri=str(o)) except ValueError as err: raise CycloneDxDeserializationException( f'XsUri string supplied does not parse: {o!r}' ) from err @classmethod def make_bom_link( cls, serial_number: Union[UUID, str], version: int = 1, bom_ref: Optional[Union[str, BomRef]] = None ) -> 'XsUri': """ Generate a BOM-Link URI. Args: serial_number: The unique serial number of the BOM. version: The version of the BOM. The default version is 1. bom_ref: The unique identifier of the component, service, or vulnerability within the BOM. Returns: XsUri: Instance of XsUri with the generated BOM-Link URI. """ bom_ref_part = f'#{url_quote(str(bom_ref))}' if bom_ref else '' return cls(f'{_BOM_LINK_PREFIX}{serial_number}/{version}{bom_ref_part}') def is_bom_link(self) -> bool: """ Check if the URI is a BOM-Link. Returns: `bool` """ return self._uri.startswith(_BOM_LINK_PREFIX) @serializable.serializable_class class ExternalReference: """ This is our internal representation of an ExternalReference complex type that can be used in multiple places within a CycloneDX BOM document. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_externalReference """ def __init__( self, *, type: ExternalReferenceType, url: XsUri, comment: Optional[str] = None, hashes: Optional[Iterable[HashType]] = None, ) -> None: self.url = url self.comment = comment self.type = type self.hashes = hashes or [] # type:ignore[assignment] @property @serializable.xml_sequence(1) def url(self) -> XsUri: """ The URL to the external reference. Returns: `XsUri` """ return self._url @url.setter def url(self, url: XsUri) -> None: self._url = url @property def comment(self) -> Optional[str]: """ An optional comment describing the external reference. Returns: `str` if set else `None` """ return self._comment @comment.setter def comment(self, comment: Optional[str]) -> None: self._comment = comment @property @serializable.type_mapping(_ExternalReferenceSerializationHelper) @serializable.xml_attribute() def type(self) -> ExternalReferenceType: """ Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the "other" type. Returns: `ExternalReferenceType` """ return self._type @type.setter def type(self, type: ExternalReferenceType) -> None: self._type = type @property @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.type_mapping(_HashTypeRepositorySerializationHelper) def hashes(self) -> 'SortedSet[HashType]': """ The hashes of the external reference (if applicable). Returns: Set of `HashType` """ return self._hashes @hashes.setter def hashes(self, hashes: Iterable[HashType]) -> None: self._hashes = SortedSet(hashes) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self._type, self._url, self._comment, _ComparableTuple(self._hashes) )) def __eq__(self, other: object) -> bool: if isinstance(other, ExternalReference): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, ExternalReference): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class Property: """ This is our internal representation of `propertyType` complex type that can be used in multiple places within a CycloneDX BOM document. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_propertyType Specifies an individual property with a name and value. """ def __init__( self, *, name: str, value: Optional[str] = None, ) -> None: self.name = name self.value = value @property @serializable.xml_attribute() def name(self) -> str: """ The name of the property. Duplicate names are allowed, each potentially having a different value. Returns: `str` """ return self._name @name.setter def name(self, name: str) -> None: self._name = name @property @serializable.xml_name('.') @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def value(self) -> Optional[str]: """ Value of this Property. Returns: `str` """ return self._value @value.setter def value(self, value: Optional[str]) -> None: self._value = value def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.name, self.value )) def __eq__(self, other: object) -> bool: if isinstance(other, Property): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, Property): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class NoteText: """ This is our internal representation of the Note.text complex type that can be used in multiple places within a CycloneDX BOM document. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_releaseNotesType """ DEFAULT_CONTENT_TYPE: str = 'text/plain' def __init__( self, *, content: str, content_type: Optional[str] = None, encoding: Optional[Encoding] = None, ) -> None: self.content = content self.content_type = content_type or NoteText.DEFAULT_CONTENT_TYPE self.encoding = encoding @property @serializable.xml_name('.') def content(self) -> str: """ Get the text content of this Note. Returns: `str` note content """ return self._content @content.setter def content(self, content: str) -> None: self._content = content @property @serializable.xml_attribute() @serializable.xml_name('content-type') def content_type(self) -> Optional[str]: """ Get the content-type of this Note. Defaults to 'text/plain' if one was not explicitly specified. Returns: `str` content-type """ return self._content_type @content_type.setter def content_type(self, content_type: str) -> None: self._content_type = content_type @property @serializable.xml_attribute() def encoding(self) -> Optional[Encoding]: """ Get the encoding method used for the note's content. Returns: `Encoding` if set else `None` """ return self._encoding @encoding.setter def encoding(self, encoding: Optional[Encoding]) -> None: self._encoding = encoding def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.content, self.content_type, self.encoding )) def __eq__(self, other: object) -> bool: if isinstance(other, NoteText): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, NoteText): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class Note: """ This is our internal representation of the Note complex type that can be used in multiple places within a CycloneDX BOM document. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_releaseNotesType @todo: Replace ``NoteText`` with ``AttachedText``? """ _LOCALE_TYPE_REGEX = re.compile(r'^[a-z]{2}(?:\-[A-Z]{2})?$') def __init__( self, *, text: NoteText, locale: Optional[str] = None, ) -> None: self.text = text self.locale = locale @property def text(self) -> NoteText: """ Specifies the full content of the release note. Returns: `NoteText` """ return self._text @text.setter def text(self, text: NoteText) -> None: self._text = text @property @serializable.xml_sequence(1) def locale(self) -> Optional[str]: """ Get the ISO locale of this Note. The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. Examples include: "en", "en-US", "fr" and "fr-CA". Returns: `str` locale if set else `None` """ return self._locale @locale.setter def locale(self, locale: Optional[str]) -> None: self._locale = locale if isinstance(locale, str): if not re.search(Note._LOCALE_TYPE_REGEX, locale): self._locale = None raise InvalidLocaleTypeException( f'Supplied locale {locale!r} is not a valid locale.' ' Locale string should be formatted as the ISO-639 (or higher) language code and optional' " ISO-3166 (or higher) country code. according to ISO-639 format. Examples include: 'en', 'en-US'." ) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.locale, self.text )) def __eq__(self, other: object) -> bool: if isinstance(other, Note): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, Note): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class IdentifiableAction: """ This is our internal representation of the `identifiableActionType` complex type. .. note:: See the CycloneDX specification: https://cyclonedx.org/docs/1.6/xml/#type_identifiableActionType """ def __init__( self, *, timestamp: Optional[datetime] = None, name: Optional[str] = None, email: Optional[str] = None, ) -> None: self.timestamp = timestamp self.name = name self.email = email @property @serializable.type_mapping(serializable.helpers.XsdDateTime) def timestamp(self) -> Optional[datetime]: """ The timestamp in which the action occurred. Returns: `datetime` if set else `None` """ return self._timestamp @timestamp.setter def timestamp(self, timestamp: Optional[datetime]) -> None: self._timestamp = timestamp @property @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def name(self) -> Optional[str]: """ The name of the individual who performed the action. Returns: `str` if set else `None` """ return self._name @name.setter def name(self, name: Optional[str]) -> None: self._name = name @property @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def email(self) -> Optional[str]: """ The email address of the individual who performed the action. Returns: `str` if set else `None` """ return self._email @email.setter def email(self, email: Optional[str]) -> None: self._email = email def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.timestamp, self.name, self.email )) def __eq__(self, other: object) -> bool: if isinstance(other, IdentifiableAction): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, IdentifiableAction): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class Copyright: """ This is our internal representation of the `copyrightsType` complex type. .. note:: See the CycloneDX specification: https://cyclonedx.org/docs/1.6/xml/#type_copyrightsType """ def __init__( self, *, text: str, ) -> None: self.text = text @property @serializable.xml_name('.') def text(self) -> str: """ Copyright statement. Returns: `str` if set else `None` """ return self._text @text.setter def text(self, text: str) -> None: self._text = text def __eq__(self, other: object) -> bool: if isinstance(other, Copyright): return self._text == other._text return False def __lt__(self, other: Any) -> bool: if isinstance(other, Copyright): return self._text < other._text return NotImplemented def __hash__(self) -> int: return hash(self._text) def __repr__(self) -> str: return f'' cyclonedx-python-lib-9.1.0/cyclonedx/model/bom.py000066400000000000000000000660721476011761300220340ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from datetime import datetime from itertools import chain from typing import TYPE_CHECKING, Generator, Iterable, Optional, Union from uuid import UUID, uuid4 from warnings import warn import py_serializable as serializable from sortedcontainers import SortedSet from .._internal.compare import ComparableTuple as _ComparableTuple from .._internal.time import get_now_utc as _get_now_utc from ..exception.model import LicenseExpressionAlongWithOthersException, UnknownComponentDependencyException from ..schema.schema import ( SchemaVersion1Dot0, SchemaVersion1Dot1, SchemaVersion1Dot2, SchemaVersion1Dot3, SchemaVersion1Dot4, SchemaVersion1Dot5, SchemaVersion1Dot6, ) from ..serialization import UrnUuidHelper from . import _BOM_LINK_PREFIX, ExternalReference, Property from .bom_ref import BomRef from .component import Component from .contact import OrganizationalContact, OrganizationalEntity from .definition import Definitions from .dependency import Dependable, Dependency from .license import License, LicenseExpression, LicenseRepository, _LicenseRepositorySerializationHelper from .lifecycle import Lifecycle, LifecycleRepository, _LifecycleRepositoryHelper from .service import Service from .tool import Tool, ToolRepository, _ToolRepositoryHelper from .vulnerability import Vulnerability if TYPE_CHECKING: # pragma: no cover from packageurl import PackageURL @serializable.serializable_class class BomMetaData: """ This is our internal representation of the metadata complex type within the CycloneDX standard. .. note:: See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.6/#type_metadata """ def __init__( self, *, tools: Optional[Union[Iterable[Tool], ToolRepository]] = None, authors: Optional[Iterable[OrganizationalContact]] = None, component: Optional[Component] = None, supplier: Optional[OrganizationalEntity] = None, licenses: Optional[Iterable[License]] = None, properties: Optional[Iterable[Property]] = None, timestamp: Optional[datetime] = None, manufacturer: Optional[OrganizationalEntity] = None, lifecycles: Optional[Iterable[Lifecycle]] = None, # Deprecated as of v1.6 manufacture: Optional[OrganizationalEntity] = None, ) -> None: self.timestamp = timestamp or _get_now_utc() self.tools = tools or [] # type:ignore[assignment] self.authors = authors or [] # type:ignore[assignment] self.component = component self.supplier = supplier self.licenses = licenses or [] # type:ignore[assignment] self.properties = properties or [] # type:ignore[assignment] self.manufacturer = manufacturer self.lifecycles = lifecycles or [] # type:ignore[assignment] self.manufacture = manufacture if manufacture: warn( '`bom.metadata.manufacture` is deprecated from CycloneDX v1.6 onwards. ' 'Please use `bom.metadata.component.manufacturer` instead.', DeprecationWarning) @property @serializable.type_mapping(serializable.helpers.XsdDateTime) @serializable.xml_sequence(1) def timestamp(self) -> datetime: """ The date and time (in UTC) when this BomMetaData was created. Returns: `datetime` instance in UTC timezone """ return self._timestamp @timestamp.setter def timestamp(self, timestamp: datetime) -> None: self._timestamp = timestamp @property @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.type_mapping(_LifecycleRepositoryHelper) @serializable.xml_sequence(2) def lifecycles(self) -> LifecycleRepository: """ An optional list of BOM lifecycle stages. Returns: Set of `Lifecycle` """ return self._lifecycles @lifecycles.setter def lifecycles(self, lifecycles: Iterable[Lifecycle]) -> None: self._lifecycles = LifecycleRepository(lifecycles) @property @serializable.type_mapping(_ToolRepositoryHelper) @serializable.xml_sequence(3) def tools(self) -> ToolRepository: """ Tools used to create this BOM. Returns: :class:`ToolRepository` object. """ return self._tools @tools.setter def tools(self, tools: Union[Iterable[Tool], ToolRepository]) -> None: self._tools = tools \ if isinstance(tools, ToolRepository) \ else ToolRepository(tools=tools) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'author') @serializable.xml_sequence(4) def authors(self) -> 'SortedSet[OrganizationalContact]': """ The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors. Returns: Set of `OrganizationalContact` """ return self._authors @authors.setter def authors(self, authors: Iterable[OrganizationalContact]) -> None: self._authors = SortedSet(authors) @property @serializable.xml_sequence(5) def component(self) -> Optional[Component]: """ The (optional) component that the BOM describes. Returns: `cyclonedx.model.component.Component` instance for this Bom Metadata. """ return self._component @component.setter def component(self, component: Component) -> None: """ The (optional) component that the BOM describes. Args: component `cyclonedx.model.component.Component` instance to add to this Bom Metadata. Returns: None """ self._component = component @property @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(6) def manufacture(self) -> Optional[OrganizationalEntity]: """ The organization that manufactured the component that the BOM describes. Returns: `OrganizationalEntity` if set else `None` """ return self._manufacture @manufacture.setter def manufacture(self, manufacture: Optional[OrganizationalEntity]) -> None: """ @todo Based on https://github.com/CycloneDX/specification/issues/346, we should set this data on `.component.manufacturer`. """ self._manufacture = manufacture @property @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(7) def manufacturer(self) -> Optional[OrganizationalEntity]: """ The organization that created the BOM. Manufacturer is common in BOMs created through automated processes. BOMs created through manual means may have `@.authors` instead. Returns: `OrganizationalEntity` if set else `None` """ return self._manufacturer @manufacturer.setter def manufacturer(self, manufacturer: Optional[OrganizationalEntity]) -> None: self._manufacturer = manufacturer @property @serializable.xml_sequence(8) def supplier(self) -> Optional[OrganizationalEntity]: """ The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager. Returns: `OrganizationalEntity` if set else `None` """ return self._supplier @supplier.setter def supplier(self, supplier: Optional[OrganizationalEntity]) -> None: self._supplier = supplier @property @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.type_mapping(_LicenseRepositorySerializationHelper) @serializable.xml_sequence(9) def licenses(self) -> LicenseRepository: """ A optional list of statements about how this BOM is licensed. Returns: Set of `LicenseChoice` """ return self._licenses @licenses.setter def licenses(self, licenses: Iterable[License]) -> None: self._licenses = LicenseRepository(licenses) @property @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'property') @serializable.xml_sequence(10) def properties(self) -> 'SortedSet[Property]': """ Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Return: Set of `Property` """ return self._properties @properties.setter def properties(self, properties: Iterable[Property]) -> None: self._properties = SortedSet(properties) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( _ComparableTuple(self.authors), self.component, _ComparableTuple(self.licenses), self.manufacture, _ComparableTuple(self.properties), _ComparableTuple(self.lifecycles), self.supplier, self.timestamp, self.tools, self.manufacturer )) def __eq__(self, other: object) -> bool: if isinstance(other, BomMetaData): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class(ignore_during_deserialization=['$schema', 'bom_format', 'spec_version']) class Bom: """ This is our internal representation of a bill-of-materials (BOM). Once you have an instance of `cyclonedx.model.bom.Bom`, you can pass this to an instance of `cyclonedx.output.BaseOutput` to produce a CycloneDX document according to a specific schema version and format. """ def __init__( self, *, components: Optional[Iterable[Component]] = None, services: Optional[Iterable[Service]] = None, external_references: Optional[Iterable[ExternalReference]] = None, serial_number: Optional[UUID] = None, version: int = 1, metadata: Optional[BomMetaData] = None, dependencies: Optional[Iterable[Dependency]] = None, vulnerabilities: Optional[Iterable[Vulnerability]] = None, properties: Optional[Iterable[Property]] = None, definitions: Optional[Definitions] = None, ) -> None: """ Create a new Bom that you can manually/programmatically add data to later. Returns: New, empty `cyclonedx.model.bom.Bom` instance. """ self.serial_number = serial_number or uuid4() self.version = version self.metadata = metadata or BomMetaData() self.components = components or [] # type:ignore[assignment] self.services = services or [] # type:ignore[assignment] self.external_references = external_references or [] # type:ignore[assignment] self.vulnerabilities = vulnerabilities or [] # type:ignore[assignment] self.dependencies = dependencies or [] # type:ignore[assignment] self.properties = properties or [] # type:ignore[assignment] self.definitions = definitions or Definitions() @property @serializable.type_mapping(UrnUuidHelper) @serializable.view(SchemaVersion1Dot1) @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_attribute() def serial_number(self) -> UUID: """ Unique UUID for this BOM Returns: `UUID` instance `UUID` instance """ return self._serial_number @serial_number.setter def serial_number(self, serial_number: UUID) -> None: self._serial_number = serial_number @property @serializable.xml_attribute() def version(self) -> int: return self._version @version.setter def version(self, version: int) -> None: self._version = version @property @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(10) def metadata(self) -> BomMetaData: """ Get our internal metadata object for this Bom. Returns: Metadata object instance for this Bom. .. note:: See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.6/#type_metadata """ return self._metadata @metadata.setter def metadata(self, metadata: BomMetaData) -> None: self._metadata = metadata @property @serializable.include_none(SchemaVersion1Dot0) @serializable.include_none(SchemaVersion1Dot1) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'component') @serializable.xml_sequence(20) def components(self) -> 'SortedSet[Component]': """ Get all the Components currently in this Bom. Returns: Set of `Component` in this Bom """ return self._components @components.setter def components(self, components: Iterable[Component]) -> None: self._components = SortedSet(components) @property @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'service') @serializable.xml_sequence(30) def services(self) -> 'SortedSet[Service]': """ Get all the Services currently in this Bom. Returns: Set of `Service` in this BOM """ return self._services @services.setter def services(self, services: Iterable[Service]) -> None: self._services = SortedSet(services) @property @serializable.view(SchemaVersion1Dot1) @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'reference') @serializable.xml_sequence(40) def external_references(self) -> 'SortedSet[ExternalReference]': """ Provides the ability to document external references related to the BOM or to the project the BOM describes. Returns: Set of `ExternalReference` """ return self._external_references @external_references.setter def external_references(self, external_references: Iterable[ExternalReference]) -> None: self._external_references = SortedSet(external_references) @property @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'dependency') @serializable.xml_sequence(50) def dependencies(self) -> 'SortedSet[Dependency]': return self._dependencies @dependencies.setter def dependencies(self, dependencies: Iterable[Dependency]) -> None: self._dependencies = SortedSet(dependencies) # @property # ... # @serializable.view(SchemaVersion1Dot3) # @serializable.view(SchemaVersion1Dot4) # @serializable.view(SchemaVersion1Dot5) # @serializable.xml_sequence(6) # def compositions(self) -> ...: # ... # TODO Since CDX 1.3 # # @compositions.setter # def compositions(self, ...) -> None: # ... # TODO Since CDX 1.3 @property # @serializable.view(SchemaVersion1Dot3) @todo: Update py-serializable to support view by OutputFormat filtering # @serializable.view(SchemaVersion1Dot4) @todo: Update py-serializable to support view by OutputFormat filtering @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'property') @serializable.xml_sequence(70) def properties(self) -> 'SortedSet[Property]': """ Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Return: Set of `Property` """ return self._properties @properties.setter def properties(self, properties: Iterable[Property]) -> None: self._properties = SortedSet(properties) @property @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'vulnerability') @serializable.xml_sequence(80) def vulnerabilities(self) -> 'SortedSet[Vulnerability]': """ Get all the Vulnerabilities in this BOM. Returns: Set of `Vulnerability` """ return self._vulnerabilities @vulnerabilities.setter def vulnerabilities(self, vulnerabilities: Iterable[Vulnerability]) -> None: self._vulnerabilities = SortedSet(vulnerabilities) # @property # ... # @serializable.view(SchemaVersion1Dot5) # @serializable.xml_sequence(9) # def annotations(self) -> ...: # ... # TODO Since CDX 1.5 # # @annotations.setter # def annotations(self, ...) -> None: # ... # TODO Since CDX 1.5 # @property # ... # @serializable.view(SchemaVersion1Dot5) # @formulation.xml_sequence(10) # def formulation(self) -> ...: # ... # TODO Since CDX 1.5 # # @formulation.setter # def formulation(self, ...) -> None: # ... # TODO Since CDX 1.5 @property @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(110) def definitions(self) -> Optional[Definitions]: """ The repository for definitions Returns: `Definitions` """ return self._definitions if len(self._definitions.standards) > 0 else None @definitions.setter def definitions(self, definitions: Definitions) -> None: self._definitions = definitions def get_component_by_purl(self, purl: Optional['PackageURL']) -> Optional[Component]: """ Get a Component already in the Bom by its PURL Args: purl: An instance of `packageurl.PackageURL` to look and find `Component`. Returns: `Component` or `None` """ if purl: found = [x for x in self.components if x.purl == purl] if len(found) == 1: return found[0] return None def get_urn_uuid(self) -> str: """ Get the unique reference for this Bom. Returns: URN formatted UUID that uniquely identified this Bom instance. """ return self.serial_number.urn def has_component(self, component: Component) -> bool: """ Check whether this Bom contains the provided Component. Args: component: The instance of `cyclonedx.model.component.Component` to check if this Bom contains. Returns: `bool` - `True` if the supplied Component is part of this Bom, `False` otherwise. """ return component in self.components def _get_all_components(self) -> Generator[Component, None, None]: if self.metadata.component: yield from self.metadata.component.get_all_nested_components(include_self=True) for c in self.components: yield from c.get_all_nested_components(include_self=True) def get_vulnerabilities_for_bom_ref(self, bom_ref: BomRef) -> 'SortedSet[Vulnerability]': """ Get all known Vulnerabilities that affect the supplied bom_ref. Args: bom_ref: `BomRef` Returns: `SortedSet` of `Vulnerability` """ vulnerabilities: SortedSet[Vulnerability] = SortedSet() for v in self.vulnerabilities: for target in v.affects: if target.ref == bom_ref.value: vulnerabilities.add(v) return vulnerabilities def has_vulnerabilities(self) -> bool: """ Check whether this Bom has any declared vulnerabilities. Returns: `bool` - `True` if this Bom has at least one Vulnerability, `False` otherwise. """ return bool(self.vulnerabilities) def register_dependency(self, target: Dependable, depends_on: Optional[Iterable[Dependable]] = None) -> None: _d = next(filter(lambda _d: _d.ref == target.bom_ref, self.dependencies), None) if _d: # Dependency Target already registered - but it might have new dependencies to add if depends_on: _d.dependencies.update(map(lambda _d: Dependency(ref=_d.bom_ref), depends_on)) else: # First time we are seeing this target as a Dependency self._dependencies.add(Dependency( ref=target.bom_ref, dependencies=map(lambda _dep: Dependency(ref=_dep.bom_ref), depends_on) if depends_on else [] )) if depends_on: # Ensure dependents are registered with no further dependents in the DependencyGraph for _d2 in depends_on: self.register_dependency(target=_d2, depends_on=None) def urn(self) -> str: return f'{_BOM_LINK_PREFIX}{self.serial_number}/{self.version}' def validate(self) -> bool: """ Perform data-model level validations to make sure we have some known data integrity prior to attempting output of this `Bom` Returns: `bool` """ # 0. Make sure all Dependable have a Dependency entry if self.metadata.component: self.register_dependency(target=self.metadata.component) for _c in self.components: self.register_dependency(target=_c) for _s in self.services: self.register_dependency(target=_s) # 1. Make sure dependencies are all in this Bom. component_bom_refs = set(map(lambda c: c.bom_ref, self._get_all_components())) | set( map(lambda s: s.bom_ref, self.services)) dependency_bom_refs = set(chain( (d.ref for d in self.dependencies), chain.from_iterable(d.dependencies_as_bom_refs() for d in self.dependencies) )) dependency_diff = dependency_bom_refs - component_bom_refs if len(dependency_diff) > 0: raise UnknownComponentDependencyException( 'One or more Components have Dependency references to Components/Services that are not known in this ' f'BOM. They are: {dependency_diff}') # 2. if root component is set and there are other components: dependencies should exist for the Component # this BOM is describing if self.metadata.component and len(self.components) > 0 and not any(map( lambda d: d.ref == self.metadata.component.bom_ref and len(d.dependencies) > 0, # type: ignore[union-attr] self.dependencies )): warn( f'The Component this BOM is describing {self.metadata.component.purl} has no defined dependencies ' 'which means the Dependency Graph is incomplete - you should add direct dependencies to this ' '"root" Component to complete the Dependency Graph data.', category=UserWarning, stacklevel=1 ) # 3. If a LicenseExpression is set, then there must be no other license. # see https://github.com/CycloneDX/specification/pull/205 elem: Union[BomMetaData, Component, Service] for elem in chain( # type: ignore[assignment] [self.metadata], self.metadata.component.get_all_nested_components(include_self=True) if self.metadata.component else [], chain.from_iterable(c.get_all_nested_components(include_self=True) for c in self.components), self.services ): if len(elem.licenses) > 1 and any(isinstance(li, LicenseExpression) for li in elem.licenses): raise LicenseExpressionAlongWithOthersException( f'Found LicenseExpression along with others licenses in: {elem!r}') return True def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.serial_number, self.version, self.metadata, _ComparableTuple( self.components), _ComparableTuple(self.services), _ComparableTuple(self.external_references), _ComparableTuple( self.dependencies), _ComparableTuple(self.properties), _ComparableTuple(self.vulnerabilities), )) def __eq__(self, other: object) -> bool: if isinstance(other, Bom): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' cyclonedx-python-lib-9.1.0/cyclonedx/model/bom_ref.py000066400000000000000000000062071476011761300226620ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from typing import TYPE_CHECKING, Any, Optional import py_serializable as serializable from ..exception.serialization import CycloneDxDeserializationException, SerializationOfUnexpectedValueException if TYPE_CHECKING: # pragma: no cover from typing import Type, TypeVar _T_BR = TypeVar('_T_BR', bound='BomRef') @serializable.serializable_class class BomRef(serializable.helpers.BaseHelper): """ An identifier that can be used to reference objects elsewhere in the BOM. This copies a similar pattern used in the CycloneDX PHP Library. .. note:: See https://github.com/CycloneDX/cyclonedx-php-library/blob/master/docs/dev/decisions/BomDependencyDataModel.md """ def __init__(self, value: Optional[str] = None) -> None: self.value = value @property @serializable.json_name('.') @serializable.xml_name('.') def value(self) -> Optional[str]: return self._value @value.setter def value(self, value: Optional[str]) -> None: # empty strings become `None` self._value = value or None def __eq__(self, other: object) -> bool: return (self is other) or ( isinstance(other, BomRef) # `None` value is not discriminative in this domain # see also: `BomRefDiscriminator` and other._value is not None and self._value is not None and other._value == self._value ) def __lt__(self, other: Any) -> bool: if isinstance(other, BomRef): return str(self) < str(other) return NotImplemented def __hash__(self) -> int: return hash(self._value or f'__id__{id(self)}') def __repr__(self) -> str: return f'' def __str__(self) -> str: return self._value or '' def __bool__(self) -> bool: return self._value is not None # region impl BaseHelper @classmethod def serialize(cls, o: Any) -> Optional[str]: if isinstance(o, cls): return o.value raise SerializationOfUnexpectedValueException( f'Attempt to serialize a non-BomRef: {o!r}') @classmethod def deserialize(cls: 'Type[_T_BR]', o: Any) -> '_T_BR': try: return cls(value=str(o)) except ValueError as err: raise CycloneDxDeserializationException( f'BomRef string supplied does not parse: {o!r}' ) from err # endregion impl BaseHelper cyclonedx-python-lib-9.1.0/cyclonedx/model/component.py000066400000000000000000001623371476011761300232620ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import re from enum import Enum from os.path import exists from typing import Any, Dict, FrozenSet, Iterable, Optional, Set, Type, Union from warnings import warn # See https://github.com/package-url/packageurl-python/issues/65 import py_serializable as serializable from packageurl import PackageURL from sortedcontainers import SortedSet from .._internal.bom_ref import bom_ref_from_str as _bom_ref_from_str from .._internal.compare import ComparablePackageURL as _ComparablePackageURL, ComparableTuple as _ComparableTuple from .._internal.hash import file_sha1sum as _file_sha1sum from ..exception.model import InvalidOmniBorIdException, InvalidSwhidException from ..exception.serialization import ( CycloneDxDeserializationException, SerializationOfUnexpectedValueException, SerializationOfUnsupportedComponentTypeException, ) from ..schema.schema import ( SchemaVersion1Dot0, SchemaVersion1Dot1, SchemaVersion1Dot2, SchemaVersion1Dot3, SchemaVersion1Dot4, SchemaVersion1Dot5, SchemaVersion1Dot6, ) from ..serialization import PackageUrl as PackageUrlSH from . import ( AttachedText, Copyright, ExternalReference, HashAlgorithm, HashType, IdentifiableAction, Property, XsUri, _HashTypeRepositorySerializationHelper, ) from .bom_ref import BomRef from .contact import OrganizationalContact, OrganizationalEntity from .crypto import CryptoProperties from .dependency import Dependable from .issue import IssueType from .license import License, LicenseRepository, _LicenseRepositorySerializationHelper from .release_note import ReleaseNotes @serializable.serializable_class class Commit: """ Our internal representation of the `commitType` complex type. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_commitType """ def __init__( self, *, uid: Optional[str] = None, url: Optional[XsUri] = None, author: Optional[IdentifiableAction] = None, committer: Optional[IdentifiableAction] = None, message: Optional[str] = None, ) -> None: self.uid = uid self.url = url self.author = author self.committer = committer self.message = message @property @serializable.xml_sequence(1) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def uid(self) -> Optional[str]: """ A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes. Returns: `str` if set else `None` """ return self._uid @uid.setter def uid(self, uid: Optional[str]) -> None: self._uid = uid @property @serializable.xml_sequence(2) def url(self) -> Optional[XsUri]: """ The URL to the commit. This URL will typically point to a commit in a version control system. Returns: `XsUri` if set else `None` """ return self._url @url.setter def url(self, url: Optional[XsUri]) -> None: self._url = url @property @serializable.xml_sequence(3) def author(self) -> Optional[IdentifiableAction]: """ The author who created the changes in the commit. Returns: `IdentifiableAction` if set else `None` """ return self._author @author.setter def author(self, author: Optional[IdentifiableAction]) -> None: self._author = author @property @serializable.xml_sequence(4) def committer(self) -> Optional[IdentifiableAction]: """ The person who committed or pushed the commit Returns: `IdentifiableAction` if set else `None` """ return self._committer @committer.setter def committer(self, committer: Optional[IdentifiableAction]) -> None: self._committer = committer @property @serializable.xml_sequence(5) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def message(self) -> Optional[str]: """ The text description of the contents of the commit. Returns: `str` if set else `None` """ return self._message @message.setter def message(self, message: Optional[str]) -> None: self._message = message def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.uid, self.url, self.author, self.committer, self.message )) def __eq__(self, other: object) -> bool: if isinstance(other, Commit): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, Commit): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class ComponentEvidence: """ Our internal representation of the `componentEvidenceType` complex type. Provides the ability to document evidence collected through various forms of extraction or analysis. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_componentEvidenceType """ def __init__( self, *, licenses: Optional[Iterable[License]] = None, copyright: Optional[Iterable[Copyright]] = None, ) -> None: self.licenses = licenses or [] # type:ignore[assignment] self.copyright = copyright or [] # type:ignore[assignment] # @property # ... # @serializable.view(SchemaVersion1Dot5) # @serializable.xml_sequence(1) # def identity(self) -> ...: # ... # TODO since CDX1.5 # # @identity.setter # def identity(self, ...) -> None: # ... # TODO since CDX1.5 # @property # ... # @serializable.view(SchemaVersion1Dot5) # @serializable.xml_sequence(2) # def occurrences(self) -> ...: # ... # TODO since CDX1.5 # # @occurrences.setter # def occurrences(self, ...) -> None: # ... # TODO since CDX1.5 # @property # ... # @serializable.view(SchemaVersion1Dot5) # @serializable.xml_sequence(3) # def callstack(self) -> ...: # ... # TODO since CDX1.5 # # @callstack.setter # def callstack(self, ...) -> None: # ... # TODO since CDX1.5 @property @serializable.type_mapping(_LicenseRepositorySerializationHelper) @serializable.xml_sequence(4) def licenses(self) -> LicenseRepository: """ Optional list of licenses obtained during analysis. Returns: Set of `LicenseChoice` """ return self._licenses @licenses.setter def licenses(self, licenses: Iterable[License]) -> None: self._licenses = LicenseRepository(licenses) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'text') @serializable.xml_sequence(5) def copyright(self) -> 'SortedSet[Copyright]': """ Optional list of copyright statements. Returns: Set of `Copyright` """ return self._copyright @copyright.setter def copyright(self, copyright: Iterable[Copyright]) -> None: self._copyright = SortedSet(copyright) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( _ComparableTuple(self.licenses), _ComparableTuple(self.copyright), )) def __eq__(self, other: object) -> bool: if isinstance(other, ComponentEvidence): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_enum class ComponentScope(str, Enum): """ Enum object that defines the permissable 'scopes' for a Component according to the CycloneDX schema. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_scope """ # see `_ComponentScopeSerializationHelper.__CASES` for view/case map REQUIRED = 'required' OPTIONAL = 'optional' EXCLUDED = 'excluded' # Only supported in >= 1.1 class _ComponentScopeSerializationHelper(serializable.helpers.BaseHelper): """ THIS CLASS IS NON-PUBLIC API """ __CASES: Dict[Type[serializable.ViewType], FrozenSet[ComponentScope]] = dict() __CASES[SchemaVersion1Dot0] = frozenset({ ComponentScope.REQUIRED, ComponentScope.OPTIONAL, }) __CASES[SchemaVersion1Dot1] = __CASES[SchemaVersion1Dot0] | { ComponentScope.EXCLUDED, } __CASES[SchemaVersion1Dot2] = __CASES[SchemaVersion1Dot1] __CASES[SchemaVersion1Dot3] = __CASES[SchemaVersion1Dot2] __CASES[SchemaVersion1Dot4] = __CASES[SchemaVersion1Dot3] __CASES[SchemaVersion1Dot5] = __CASES[SchemaVersion1Dot4] __CASES[SchemaVersion1Dot6] = __CASES[SchemaVersion1Dot5] @classmethod def __normalize(cls, cs: ComponentScope, view: Type[serializable.ViewType]) -> Optional[str]: return cs.value \ if cs in cls.__CASES.get(view, ()) \ else None @classmethod def json_normalize(cls, o: Any, *, view: Optional[Type[serializable.ViewType]], **__: Any) -> Optional[str]: assert view is not None return cls.__normalize(o, view) @classmethod def xml_normalize(cls, o: Any, *, view: Optional[Type[serializable.ViewType]], **__: Any) -> Optional[str]: assert view is not None return cls.__normalize(o, view) @classmethod def deserialize(cls, o: Any) -> ComponentScope: return ComponentScope(o) @serializable.serializable_enum class ComponentType(str, Enum): """ Enum object that defines the permissible 'types' for a Component according to the CycloneDX schema. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_classification """ # see `_ComponentTypeSerializationHelper.__CASES` for view/case map APPLICATION = 'application' CONTAINER = 'container' # Only supported in >= 1.2 CRYPTOGRAPHIC_ASSET = 'cryptographic-asset' # Only supported in >= 1.6 DATA = 'data' # Only supported in >= 1.5 DEVICE = 'device' DEVICE_DRIVER = 'device-driver' # Only supported in >= 1.5 FILE = 'file' # Only supported in >= 1.1 FIRMWARE = 'firmware' # Only supported in >= 1.2 FRAMEWORK = 'framework' LIBRARY = 'library' MACHINE_LEARNING_MODEL = 'machine-learning-model' # Only supported in >= 1.5 OPERATING_SYSTEM = 'operating-system' PLATFORM = 'platform' # Only supported in >= 1.5 class _ComponentTypeSerializationHelper(serializable.helpers.BaseHelper): """ THIS CLASS IS NON-PUBLIC API """ __CASES: Dict[Type[serializable.ViewType], FrozenSet[ComponentType]] = dict() __CASES[SchemaVersion1Dot0] = frozenset({ ComponentType.APPLICATION, ComponentType.DEVICE, ComponentType.FRAMEWORK, ComponentType.LIBRARY, ComponentType.OPERATING_SYSTEM, }) __CASES[SchemaVersion1Dot1] = __CASES[SchemaVersion1Dot0] | { ComponentType.FILE, } __CASES[SchemaVersion1Dot2] = __CASES[SchemaVersion1Dot1] | { ComponentType.CONTAINER, ComponentType.FIRMWARE, } __CASES[SchemaVersion1Dot3] = __CASES[SchemaVersion1Dot2] __CASES[SchemaVersion1Dot4] = __CASES[SchemaVersion1Dot3] __CASES[SchemaVersion1Dot5] = __CASES[SchemaVersion1Dot4] | { ComponentType.DATA, ComponentType.DEVICE_DRIVER, ComponentType.MACHINE_LEARNING_MODEL, ComponentType.PLATFORM, } __CASES[SchemaVersion1Dot6] = __CASES[SchemaVersion1Dot5] | { ComponentType.CRYPTOGRAPHIC_ASSET, } @classmethod def __normalize(cls, ct: ComponentType, view: Type[serializable.ViewType]) -> Optional[str]: if ct in cls.__CASES.get(view, ()): return ct.value raise SerializationOfUnsupportedComponentTypeException(f'unsupported {ct!r} for view {view!r}') @classmethod def json_normalize(cls, o: Any, *, view: Optional[Type[serializable.ViewType]], **__: Any) -> Optional[str]: assert view is not None return cls.__normalize(o, view) @classmethod def xml_normalize(cls, o: Any, *, view: Optional[Type[serializable.ViewType]], **__: Any) -> Optional[str]: assert view is not None return cls.__normalize(o, view) @classmethod def deserialize(cls, o: Any) -> ComponentType: return ComponentType(o) @serializable.serializable_class class Diff: """ Our internal representation of the `diffType` complex type. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_diffType """ def __init__( self, *, text: Optional[AttachedText] = None, url: Optional[XsUri] = None, ) -> None: self.text = text self.url = url @property def text(self) -> Optional[AttachedText]: """ Specifies the optional text of the diff. Returns: `AttachedText` if set else `None` """ return self._text @text.setter def text(self, text: Optional[AttachedText]) -> None: self._text = text @property def url(self) -> Optional[XsUri]: """ Specifies the URL to the diff. Returns: `XsUri` if set else `None` """ return self._url @url.setter def url(self, url: Optional[XsUri]) -> None: self._url = url def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.url, self.text, )) def __eq__(self, other: object) -> bool: if isinstance(other, Diff): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, Diff): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_enum class PatchClassification(str, Enum): """ Enum object that defines the permissible `patchClassification`s. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_patchClassification """ BACKPORT = 'backport' CHERRY_PICK = 'cherry-pick' MONKEY = 'monkey' UNOFFICIAL = 'unofficial' @serializable.serializable_class class Patch: """ Our internal representation of the `patchType` complex type. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_patchType """ def __init__( self, *, type: PatchClassification, diff: Optional[Diff] = None, resolves: Optional[Iterable[IssueType]] = None, ) -> None: self.type = type self.diff = diff self.resolves = resolves or [] # type:ignore[assignment] @property @serializable.xml_attribute() def type(self) -> PatchClassification: """ Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality. Returns: `PatchClassification` """ return self._type @type.setter def type(self, type: PatchClassification) -> None: self._type = type @property def diff(self) -> Optional[Diff]: """ The patch file (or diff) that show changes. .. note:: Refer to https://en.wikipedia.org/wiki/Diff. Returns: `Diff` if set else `None` """ return self._diff @diff.setter def diff(self, diff: Optional[Diff]) -> None: self._diff = diff @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'issue') def resolves(self) -> 'SortedSet[IssueType]': """ Optional list of issues resolved by this patch. Returns: Set of `IssueType` """ return self._resolves @resolves.setter def resolves(self, resolves: Iterable[IssueType]) -> None: self._resolves = SortedSet(resolves) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.type, self.diff, _ComparableTuple(self.resolves) )) def __eq__(self, other: object) -> bool: if isinstance(other, Patch): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, Patch): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class Pedigree: """ Our internal representation of the `pedigreeType` complex type. Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_pedigreeType """ def __init__( self, *, ancestors: Optional[Iterable['Component']] = None, descendants: Optional[Iterable['Component']] = None, variants: Optional[Iterable['Component']] = None, commits: Optional[Iterable[Commit]] = None, patches: Optional[Iterable[Patch]] = None, notes: Optional[str] = None, ) -> None: self.ancestors = ancestors or [] # type:ignore[assignment] self.descendants = descendants or [] # type:ignore[assignment] self.variants = variants or [] # type:ignore[assignment] self.commits = commits or [] # type:ignore[assignment] self.patches = patches or [] # type:ignore[assignment] self.notes = notes @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'component') @serializable.xml_sequence(1) def ancestors(self) -> "SortedSet['Component']": """ Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from. Returns: Set of `Component` """ return self._ancestors @ancestors.setter def ancestors(self, ancestors: Iterable['Component']) -> None: self._ancestors = SortedSet(ancestors) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'component') @serializable.xml_sequence(2) def descendants(self) -> "SortedSet['Component']": """ Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component. Returns: Set of `Component` """ return self._descendants @descendants.setter def descendants(self, descendants: Iterable['Component']) -> None: self._descendants = SortedSet(descendants) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'component') @serializable.xml_sequence(3) def variants(self) -> "SortedSet['Component']": """ Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor. Returns: Set of `Component` """ return self._variants @variants.setter def variants(self, variants: Iterable['Component']) -> None: self._variants = SortedSet(variants) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'commit') @serializable.xml_sequence(4) def commits(self) -> 'SortedSet[Commit]': """ A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant. Returns: Set of `Commit` """ return self._commits @commits.setter def commits(self, commits: Iterable[Commit]) -> None: self._commits = SortedSet(commits) @property @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'patch') @serializable.xml_sequence(5) def patches(self) -> 'SortedSet[Patch]': """ A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits. Returns: Set of `Patch` """ return self._patches @patches.setter def patches(self, patches: Iterable[Patch]) -> None: self._patches = SortedSet(patches) @property @serializable.xml_sequence(6) def notes(self) -> Optional[str]: """ Notes, observations, and other non-structured commentary describing the components pedigree. Returns: `str` if set else `None` """ return self._notes @notes.setter def notes(self, notes: Optional[str]) -> None: self._notes = notes def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( _ComparableTuple(self.ancestors), _ComparableTuple(self.descendants), _ComparableTuple(self.variants), _ComparableTuple(self.commits), _ComparableTuple(self.patches), self.notes )) def __eq__(self, other: object) -> bool: if isinstance(other, Pedigree): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class Swid: """ Our internal representation of the `swidType` complex type. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_swidType """ def __init__( self, *, tag_id: str, name: str, version: Optional[str] = None, tag_version: Optional[int] = None, patch: Optional[bool] = None, text: Optional[AttachedText] = None, url: Optional[XsUri] = None, ) -> None: self.tag_id = tag_id self.name = name self.version = version self.tag_version = tag_version self.patch = patch self.text = text self.url = url @property @serializable.xml_attribute() def tag_id(self) -> str: """ Maps to the tagId of a SoftwareIdentity. Returns: `str` """ return self._tag_id @tag_id.setter def tag_id(self, tag_id: str) -> None: self._tag_id = tag_id @property @serializable.xml_attribute() def name(self) -> str: """ Maps to the name of a SoftwareIdentity. Returns: `str` """ return self._name @name.setter def name(self, name: str) -> None: self._name = name @property @serializable.xml_attribute() def version(self) -> Optional[str]: """ Maps to the version of a SoftwareIdentity. Returns: `str` if set else `None`. """ return self._version @version.setter def version(self, version: Optional[str]) -> None: self._version = version @property @serializable.xml_attribute() def tag_version(self) -> Optional[int]: """ Maps to the tagVersion of a SoftwareIdentity. Returns: `int` if set else `None` """ return self._tag_version @tag_version.setter def tag_version(self, tag_version: Optional[int]) -> None: self._tag_version = tag_version @property @serializable.xml_attribute() def patch(self) -> Optional[bool]: """ Maps to the patch of a SoftwareIdentity. Returns: `bool` if set else `None` """ return self._patch @patch.setter def patch(self, patch: Optional[bool]) -> None: self._patch = patch @property def text(self) -> Optional[AttachedText]: """ Specifies the full content of the SWID tag. Returns: `AttachedText` if set else `None` """ return self._text @text.setter def text(self, text: Optional[AttachedText]) -> None: self._text = text @property def url(self) -> Optional[XsUri]: """ The URL to the SWID file. Returns: `XsUri` if set else `None` """ return self._url @url.setter def url(self, url: Optional[XsUri]) -> None: self._url = url def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.tag_id, self.name, self.version, self.tag_version, self.patch, self.url, self.text, )) def __eq__(self, other: object) -> bool: if isinstance(other, Swid): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class OmniborId(serializable.helpers.BaseHelper): """ Helper class that allows us to perform validation on data strings that must conform to https://www.iana.org/assignments/uri-schemes/prov/gitoid. """ _VALID_OMNIBOR_ID_REGEX = re.compile(r'^gitoid:(blob|tree|commit|tag):sha(1|256):([a-z0-9]+)$') def __init__(self, id: str) -> None: if OmniborId._VALID_OMNIBOR_ID_REGEX.match(id) is None: raise InvalidOmniBorIdException( f'Supplied value "{id} does not meet format specification.' ) self._id = id @property @serializable.json_name('.') @serializable.xml_name('.') def id(self) -> str: return self._id @classmethod def serialize(cls, o: Any) -> str: if isinstance(o, OmniborId): return str(o) raise SerializationOfUnexpectedValueException( f'Attempt to serialize a non-OmniBorId: {o!r}') @classmethod def deserialize(cls, o: Any) -> 'OmniborId': try: return OmniborId(id=str(o)) except ValueError as err: raise CycloneDxDeserializationException( f'OmniBorId string supplied does not parse: {o!r}' ) from err def __eq__(self, other: Any) -> bool: if isinstance(other, OmniborId): return self._id == other._id return False def __lt__(self, other: Any) -> bool: if isinstance(other, OmniborId): return self._id < other._id return NotImplemented def __hash__(self) -> int: return hash(self._id) def __repr__(self) -> str: return f'' def __str__(self) -> str: return self._id @serializable.serializable_class class Swhid(serializable.helpers.BaseHelper): """ Helper class that allows us to perform validation on data strings that must conform to https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html. """ _VALID_SWHID_REGEX = re.compile(r'^swh:1:(cnp|rel|rev|dir|cnt):([0-9a-z]{40})(.*)?$') def __init__(self, id: str) -> None: if Swhid._VALID_SWHID_REGEX.match(id) is None: raise InvalidSwhidException( f'Supplied value "{id} does not meet format specification.' ) self._id = id @property @serializable.json_name('.') @serializable.xml_name('.') def id(self) -> str: return self._id @classmethod def serialize(cls, o: Any) -> str: if isinstance(o, Swhid): return str(o) raise SerializationOfUnexpectedValueException( f'Attempt to serialize a non-Swhid: {o!r}') @classmethod def deserialize(cls, o: Any) -> 'Swhid': try: return Swhid(id=str(o)) except ValueError as err: raise CycloneDxDeserializationException( f'Swhid string supplied does not parse: {o!r}' ) from err def __eq__(self, other: Any) -> bool: if isinstance(other, Swhid): return self._id == other._id return False def __lt__(self, other: Any) -> bool: if isinstance(other, Swhid): return self._id < other._id return NotImplemented def __hash__(self) -> int: return hash(self._id) def __repr__(self) -> str: return f'' def __str__(self) -> str: return self._id @serializable.serializable_class class Component(Dependable): """ This is our internal representation of a Component within a Bom. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_component """ @staticmethod def for_file(absolute_file_path: str, path_for_bom: Optional[str]) -> 'Component': """ Helper method to create a Component that represents the provided local file as a Component. Args: absolute_file_path: Absolute path to the file you wish to represent path_for_bom: Optionally, if supplied this is the path that will be used to identify the file in the BOM Returns: `Component` representing the supplied file """ if not exists(absolute_file_path): raise FileExistsError(f'Supplied file path {absolute_file_path!r} does not exist') sha1_hash: str = _file_sha1sum(absolute_file_path) return Component( name=path_for_bom if path_for_bom else absolute_file_path, version=f'0.0.0-{sha1_hash[0:12]}', hashes=[ HashType(alg=HashAlgorithm.SHA_1, content=sha1_hash) ], type=ComponentType.FILE, purl=PackageURL( type='generic', name=path_for_bom if path_for_bom else absolute_file_path, version=f'0.0.0-{sha1_hash[0:12]}' ) ) def __init__( self, *, name: str, type: ComponentType = ComponentType.LIBRARY, mime_type: Optional[str] = None, bom_ref: Optional[Union[str, BomRef]] = None, supplier: Optional[OrganizationalEntity] = None, publisher: Optional[str] = None, group: Optional[str] = None, version: Optional[str] = None, description: Optional[str] = None, scope: Optional[ComponentScope] = None, hashes: Optional[Iterable[HashType]] = None, licenses: Optional[Iterable[License]] = None, copyright: Optional[str] = None, purl: Optional[PackageURL] = None, external_references: Optional[Iterable[ExternalReference]] = None, properties: Optional[Iterable[Property]] = None, release_notes: Optional[ReleaseNotes] = None, cpe: Optional[str] = None, swid: Optional[Swid] = None, pedigree: Optional[Pedigree] = None, components: Optional[Iterable['Component']] = None, evidence: Optional[ComponentEvidence] = None, modified: bool = False, manufacturer: Optional[OrganizationalEntity] = None, authors: Optional[Iterable[OrganizationalContact]] = None, omnibor_ids: Optional[Iterable[OmniborId]] = None, swhids: Optional[Iterable[Swhid]] = None, crypto_properties: Optional[CryptoProperties] = None, tags: Optional[Iterable[str]] = None, # Deprecated in v1.6 author: Optional[str] = None, ) -> None: self.type = type self.mime_type = mime_type self._bom_ref = _bom_ref_from_str(bom_ref) self.supplier = supplier self.manufacturer = manufacturer self.authors = authors or [] # type:ignore[assignment] self.author = author self.publisher = publisher self.group = group self.name = name self.version = version self.description = description self.scope = scope self.hashes = hashes or [] # type:ignore[assignment] self.licenses = licenses or [] # type:ignore[assignment] self.copyright = copyright self.cpe = cpe self.purl = purl self.omnibor_ids = omnibor_ids or [] # type:ignore[assignment] self.swhids = swhids or [] # type:ignore[assignment] self.swid = swid self.modified = modified self.pedigree = pedigree self.external_references = external_references or [] # type:ignore[assignment] self.properties = properties or [] # type:ignore[assignment] self.components = components or [] # type:ignore[assignment] self.evidence = evidence self.release_notes = release_notes self.crypto_properties = crypto_properties self.tags = tags or [] # type:ignore[assignment] if modified: warn('`.component.modified` is deprecated from CycloneDX v1.3 onwards. ' 'Please use `@.pedigree` instead.', DeprecationWarning) if author: warn('`.component.author` is deprecated from CycloneDX v1.6 onwards. ' 'Please use `@.authors` or `@.manufacturer` instead.', DeprecationWarning) @property @serializable.type_mapping(_ComponentTypeSerializationHelper) @serializable.xml_attribute() def type(self) -> ComponentType: """ Get the type of this Component. Returns: Declared type of this Component as `ComponentType`. """ return self._type @type.setter def type(self, type: ComponentType) -> None: self._type = type @property @serializable.xml_string(serializable.XmlStringSerializationType.TOKEN) def mime_type(self) -> Optional[str]: """ Get any declared mime-type for this Component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type. Returns: `str` if set else `None` """ return self._mime_type @mime_type.setter def mime_type(self, mime_type: Optional[str]) -> None: self._mime_type = mime_type @property @serializable.json_name('bom-ref') @serializable.type_mapping(BomRef) @serializable.view(SchemaVersion1Dot1) @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_attribute() @serializable.xml_name('bom-ref') def bom_ref(self) -> BomRef: """ An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. Returns: `BomRef` """ return self._bom_ref @property @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(1) def supplier(self) -> Optional[OrganizationalEntity]: """ The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager. Returns: `OrganizationalEntity` if set else `None` """ return self._supplier @supplier.setter def supplier(self, supplier: Optional[OrganizationalEntity]) -> None: self._supplier = supplier @property @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(2) def manufacturer(self) -> Optional[OrganizationalEntity]: """ The organization that created the component. Manufacturer is common in components created through automated processes. Components created through manual means may have `@.authors` instead. Returns: `OrganizationalEntity` if set else `None` """ return self._manufacturer @manufacturer.setter def manufacturer(self, manufacturer: Optional[OrganizationalEntity]) -> None: self._manufacturer = manufacturer @property @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'author') @serializable.xml_sequence(3) def authors(self) -> 'SortedSet[OrganizationalContact]': """ The person(s) who created the component. Authors are common in components created through manual processes. Components created through automated means may have `@.manufacturer` instead. Returns: `Iterable[OrganizationalContact]` if set else `None` """ return self._authors @authors.setter def authors(self, authors: Iterable[OrganizationalContact]) -> None: self._authors = SortedSet(authors) @property @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) # todo: this is deprecated in v1.6? @serializable.xml_sequence(4) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def author(self) -> Optional[str]: """ The person(s) or organization(s) that authored the component. Returns: `str` if set else `None` """ return self._author @author.setter def author(self, author: Optional[str]) -> None: self._author = author @property @serializable.xml_sequence(5) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def publisher(self) -> Optional[str]: """ The person(s) or organization(s) that published the component Returns: `str` if set else `None` """ return self._publisher @publisher.setter def publisher(self, publisher: Optional[str]) -> None: self._publisher = publisher @property @serializable.xml_sequence(6) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def group(self) -> Optional[str]: """ The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: `apache`, `org.apache.commons`, and `apache.org`. Returns: `str` if set else `None` """ return self._group @group.setter def group(self, group: Optional[str]) -> None: self._group = group @property @serializable.xml_sequence(7) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def name(self) -> str: """ The name of the component. This will often be a shortened, single name of the component. Examples: `commons-lang3` and `jquery`. Returns: `str` """ return self._name @name.setter def name(self, name: str) -> None: self._name = name @property @serializable.include_none(SchemaVersion1Dot0, '') @serializable.include_none(SchemaVersion1Dot1, '') @serializable.include_none(SchemaVersion1Dot2, '') @serializable.include_none(SchemaVersion1Dot3, '') @serializable.xml_sequence(8) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def version(self) -> Optional[str]: """ The component version. The version should ideally comply with semantic versioning but is not enforced. This is NOT optional for CycloneDX Schema Version < 1.4 but was agreed to default to an empty string where a version was not supplied for schema versions < 1.4 Returns: Declared version of this Component as `str` or `None` """ return self._version @version.setter def version(self, version: Optional[str]) -> None: if version and len(version) > 1024: warn('`.component.version`has a maximum length of 1024 from CycloneDX v1.6 onwards.', UserWarning) self._version = version @property @serializable.xml_sequence(9) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def description(self) -> Optional[str]: """ Get the description of this Component. Returns: `str` if set, else `None`. """ return self._description @description.setter def description(self, description: Optional[str]) -> None: self._description = description @property @serializable.type_mapping(_ComponentScopeSerializationHelper) @serializable.xml_sequence(10) def scope(self) -> Optional[ComponentScope]: """ Specifies the scope of the component. If scope is not specified, 'required' scope should be assumed by the consumer of the BOM. Returns: `ComponentScope` or `None` """ return self._scope @scope.setter def scope(self, scope: Optional[ComponentScope]) -> None: self._scope = scope @property @serializable.type_mapping(_HashTypeRepositorySerializationHelper) @serializable.xml_sequence(11) def hashes(self) -> 'SortedSet[HashType]': """ Optional list of hashes that help specify the integrity of this Component. Returns: Set of `HashType` """ return self._hashes @hashes.setter def hashes(self, hashes: Iterable[HashType]) -> None: self._hashes = SortedSet(hashes) @property @serializable.view(SchemaVersion1Dot1) @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.type_mapping(_LicenseRepositorySerializationHelper) @serializable.xml_sequence(12) def licenses(self) -> LicenseRepository: """ A optional list of statements about how this Component is licensed. Returns: Set of `LicenseChoice` """ return self._licenses @licenses.setter def licenses(self, licenses: Iterable[License]) -> None: self._licenses = LicenseRepository(licenses) @property @serializable.xml_sequence(13) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def copyright(self) -> Optional[str]: """ An optional copyright notice informing users of the underlying claims to copyright ownership in a published work. Returns: `str` or `None` """ return self._copyright @copyright.setter def copyright(self, copyright: Optional[str]) -> None: self._copyright = copyright @property @serializable.xml_sequence(14) def cpe(self) -> Optional[str]: """ Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See https://nvd.nist.gov/products/cpe Returns: `str` if set else `None` """ return self._cpe @cpe.setter def cpe(self, cpe: Optional[str]) -> None: self._cpe = cpe @property @serializable.type_mapping(PackageUrlSH) @serializable.xml_sequence(15) def purl(self) -> Optional[PackageURL]: """ Specifies the package-url (PURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec Returns: `PackageURL` or `None` """ return self._purl @purl.setter def purl(self, purl: Optional[PackageURL]) -> None: self._purl = purl @property @serializable.json_name('omniborId') @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, child_name='omniborId') @serializable.xml_sequence(16) def omnibor_ids(self) -> 'SortedSet[OmniborId]': """ Specifies the OmniBOR Artifact ID. The OmniBOR, if specified, MUST be valid and conform to the specification defined at: https://www.iana.org/assignments/uri-schemes/prov/gitoid Returns: `Iterable[str]` or `None` """ return self._omnibor_ids @omnibor_ids.setter def omnibor_ids(self, omnibor_ids: Iterable[OmniborId]) -> None: self._omnibor_ids = SortedSet(omnibor_ids) @property @serializable.json_name('swhid') @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, child_name='swhid') @serializable.xml_sequence(17) def swhids(self) -> 'SortedSet[Swhid]': """ Specifies the Software Heritage persistent identifier (SWHID). The SWHID, if specified, MUST be valid and conform to the specification defined at: https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html Returns: `Iterable[Swhid]` if set else `None` """ return self._swhids @swhids.setter def swhids(self, swhids: Iterable[Swhid]) -> None: self._swhids = SortedSet(swhids) @property @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(18) def swid(self) -> Optional[Swid]: """ Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. Returns: `Swid` if set else `None` """ return self._swid @swid.setter def swid(self, swid: Optional[Swid]) -> None: self._swid = swid @property @serializable.view(SchemaVersion1Dot0) # todo: Deprecated in v1.3 @serializable.xml_sequence(19) def modified(self) -> bool: return self._modified @modified.setter def modified(self, modified: bool) -> None: self._modified = modified @property @serializable.view(SchemaVersion1Dot1) @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(20) def pedigree(self) -> Optional[Pedigree]: """ Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Returns: `Pedigree` if set else `None` """ return self._pedigree @pedigree.setter def pedigree(self, pedigree: Optional[Pedigree]) -> None: self._pedigree = pedigree @property @serializable.view(SchemaVersion1Dot1) @serializable.view(SchemaVersion1Dot2) @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'reference') @serializable.xml_sequence(21) def external_references(self) -> 'SortedSet[ExternalReference]': """ Provides the ability to document external references related to the component or to the project the component describes. Returns: Set of `ExternalReference` """ return self._external_references @external_references.setter def external_references(self, external_references: Iterable[ExternalReference]) -> None: self._external_references = SortedSet(external_references) @property @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'property') @serializable.xml_sequence(22) def properties(self) -> 'SortedSet[Property]': """ Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Return: Set of `Property` """ return self._properties @properties.setter def properties(self, properties: Iterable[Property]) -> None: self._properties = SortedSet(properties) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'component') @serializable.xml_sequence(23) def components(self) -> "SortedSet['Component']": """ A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. Returns: Set of `Component` """ return self._components @components.setter def components(self, components: Iterable['Component']) -> None: self._components = SortedSet(components) @property @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(24) def evidence(self) -> Optional[ComponentEvidence]: """ Provides the ability to document evidence collected through various forms of extraction or analysis. Returns: `ComponentEvidence` if set else `None` """ return self._evidence @evidence.setter def evidence(self, evidence: Optional[ComponentEvidence]) -> None: self._evidence = evidence @property @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(25) def release_notes(self) -> Optional[ReleaseNotes]: """ Specifies optional release notes. Returns: `ReleaseNotes` or `None` """ return self._release_notes @release_notes.setter def release_notes(self, release_notes: Optional[ReleaseNotes]) -> None: self._release_notes = release_notes # @property # ... # @serializable.view(SchemaVersion1Dot5) # @serializable.xml_sequence(22) # def model_card(self) -> ...: # ... # TODO since CDX1.5 # # @model_card.setter # def model_card(self, ...) -> None: # ... # TODO since CDX1.5 # @property # ... # @serializable.view(SchemaVersion1Dot5) # @serializable.xml_sequence(23) # def data(self) -> ...: # ... # TODO since CDX1.5 # # @data.setter # def data(self, ...) -> None: # ... # TODO since CDX1.5 @property @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(30) def crypto_properties(self) -> Optional[CryptoProperties]: """ Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) is only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference. Returns: `CryptoProperties` or `None` """ return self._crypto_properties @crypto_properties.setter def crypto_properties(self, crypto_properties: Optional[CryptoProperties]) -> None: self._crypto_properties = crypto_properties @property @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'tag') @serializable.xml_sequence(31) def tags(self) -> 'SortedSet[str]': """ Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Returns: `Iterable[str]` """ return self._tags @tags.setter def tags(self, tags: Iterable[str]) -> None: self._tags = SortedSet(tags) def get_all_nested_components(self, include_self: bool = False) -> Set['Component']: components = set() if include_self: components.add(self) for c in self.components: components.update(c.get_all_nested_components(include_self=True)) return components def get_pypi_url(self) -> str: if self.version: return f'https://pypi.org/project/{self.name}/{self.version}' else: return f'https://pypi.org/project/{self.name}' def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.type, self.group, self.name, self.version, self.bom_ref.value, None if self.purl is None else _ComparablePackageURL(self.purl), self.swid, self.cpe, _ComparableTuple(self.swhids), self.supplier, self.author, self.publisher, self.description, self.mime_type, self.scope, _ComparableTuple(self.hashes), _ComparableTuple(self.licenses), self.copyright, self.pedigree, _ComparableTuple(self.external_references), _ComparableTuple(self.properties), _ComparableTuple(self.components), self.evidence, self.release_notes, self.modified, _ComparableTuple(self.authors), _ComparableTuple(self.omnibor_ids), self.manufacturer, self.crypto_properties, _ComparableTuple(self.tags), )) def __eq__(self, other: object) -> bool: if isinstance(other, Component): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, Component): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' cyclonedx-python-lib-9.1.0/cyclonedx/model/contact.py000066400000000000000000000270371476011761300227100ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from typing import Any, Iterable, Optional, Union import py_serializable as serializable from sortedcontainers import SortedSet from .._internal.bom_ref import bom_ref_from_str as _bom_ref_from_str from .._internal.compare import ComparableTuple as _ComparableTuple from ..schema.schema import SchemaVersion1Dot6 from . import XsUri from .bom_ref import BomRef @serializable.serializable_class class PostalAddress: """ This is our internal representation of the `postalAddressType` complex type that can be used in multiple places within a CycloneDX BOM document. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_postalAddressType """ def __init__( self, *, bom_ref: Optional[Union[str, BomRef]] = None, country: Optional[str] = None, region: Optional[str] = None, locality: Optional[str] = None, post_office_box_number: Optional[str] = None, postal_code: Optional[str] = None, street_address: Optional[str] = None, ) -> None: self._bom_ref = _bom_ref_from_str(bom_ref, optional=True) self.country = country self.region = region self.locality = locality self.post_office_box_number = post_office_box_number self.postal_code = postal_code self.street_address = street_address @property @serializable.json_name('bom-ref') @serializable.type_mapping(BomRef) @serializable.xml_attribute() @serializable.xml_name('bom-ref') def bom_ref(self) -> Optional[BomRef]: """ An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. Returns: `BomRef` """ return self._bom_ref @property @serializable.xml_sequence(10) def country(self) -> Optional[str]: """ The country name or the two-letter ISO 3166-1 country code. Returns: `str` or `None` """ return self._country @country.setter def country(self, country: Optional[str]) -> None: self._country = country @property @serializable.xml_sequence(20) def region(self) -> Optional[str]: """ The region or state in the country. For example, Texas. Returns: `str` or `None` """ return self._region @region.setter def region(self, region: Optional[str]) -> None: self._region = region @property @serializable.xml_sequence(30) def locality(self) -> Optional[str]: """ The locality or city within the country. For example, Austin. Returns: `str` or `None` """ return self._locality @locality.setter def locality(self, locality: Optional[str]) -> None: self._locality = locality @property @serializable.xml_sequence(40) def post_office_box_number(self) -> Optional[str]: """ The post office box number. For example, 901. Returns: `str` or `None` """ return self._post_office_box_number @post_office_box_number.setter def post_office_box_number(self, post_office_box_number: Optional[str]) -> None: self._post_office_box_number = post_office_box_number @property @serializable.xml_sequence(60) def postal_code(self) -> Optional[str]: """ The postal code. For example, 78758. Returns: `str` or `None` """ return self._postal_code @postal_code.setter def postal_code(self, postal_code: Optional[str]) -> None: self._postal_code = postal_code @property @serializable.xml_sequence(70) def street_address(self) -> Optional[str]: """ The street address. For example, 100 Main Street. Returns: `str` or `None` """ return self._street_address @street_address.setter def street_address(self, street_address: Optional[str]) -> None: self._street_address = street_address def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.country, self.region, self.locality, self.postal_code, self.post_office_box_number, self.street_address, None if self.bom_ref is None else self.bom_ref.value, )) def __eq__(self, other: object) -> bool: if isinstance(other, PostalAddress): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, PostalAddress): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class OrganizationalContact: """ This is our internal representation of the `organizationalContact` complex type that can be used in multiple places within a CycloneDX BOM document. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_organizationalContact """ def __init__( self, *, name: Optional[str] = None, phone: Optional[str] = None, email: Optional[str] = None, ) -> None: self.name = name self.email = email self.phone = phone @property @serializable.xml_sequence(1) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def name(self) -> Optional[str]: """ Get the name of the contact. Returns: `str` if set else `None` """ return self._name @name.setter def name(self, name: Optional[str]) -> None: self._name = name @property @serializable.xml_sequence(2) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def email(self) -> Optional[str]: """ Get the email of the contact. Returns: `str` if set else `None` """ return self._email @email.setter def email(self, email: Optional[str]) -> None: self._email = email @property @serializable.xml_sequence(3) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def phone(self) -> Optional[str]: """ Get the phone of the contact. Returns: `str` if set else `None` """ return self._phone @phone.setter def phone(self, phone: Optional[str]) -> None: self._phone = phone def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.name, self.email, self.phone )) def __eq__(self, other: object) -> bool: if isinstance(other, OrganizationalContact): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, OrganizationalContact): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class OrganizationalEntity: """ This is our internal representation of the `organizationalEntity` complex type that can be used in multiple places within a CycloneDX BOM document. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_organizationalEntity """ def __init__( self, *, name: Optional[str] = None, urls: Optional[Iterable[XsUri]] = None, contacts: Optional[Iterable[OrganizationalContact]] = None, address: Optional[PostalAddress] = None, ) -> None: self.name = name self.address = address self.urls = urls or [] # type:ignore[assignment] self.contacts = contacts or [] # type:ignore[assignment] @property @serializable.xml_sequence(10) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def name(self) -> Optional[str]: """ Get the name of the organization. Returns: `str` if set else `None` """ return self._name @name.setter def name(self, name: Optional[str]) -> None: self._name = name @property @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(20) def address(self) -> Optional[PostalAddress]: """ The physical address (location) of the organization. Returns: `PostalAddress` or `None` """ return self._address @address.setter def address(self, address: Optional[PostalAddress]) -> None: self._address = address @property @serializable.json_name('url') @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, 'url') @serializable.xml_sequence(30) def urls(self) -> 'SortedSet[XsUri]': """ Get a list of URLs of the organization. Multiple URLs are allowed. Returns: Set of `XsUri` """ return self._urls @urls.setter def urls(self, urls: Iterable[XsUri]) -> None: self._urls = SortedSet(urls) @property @serializable.json_name('contact') @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, 'contact') @serializable.xml_sequence(40) def contacts(self) -> 'SortedSet[OrganizationalContact]': """ Get a list of contact person at the organization. Multiple contacts are allowed. Returns: Set of `OrganizationalContact` """ return self._contacts @contacts.setter def contacts(self, contacts: Iterable[OrganizationalContact]) -> None: self._contacts = SortedSet(contacts) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.name, _ComparableTuple(self.urls), _ComparableTuple(self.contacts) )) def __eq__(self, other: object) -> bool: if isinstance(other, OrganizationalEntity): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, OrganizationalEntity): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' cyclonedx-python-lib-9.1.0/cyclonedx/model/crypto.py000066400000000000000000001430421476011761300225700ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ This set of classes represents cryptoPropertiesType Complex Type in the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ from datetime import datetime from enum import Enum from typing import Any, Iterable, Optional import py_serializable as serializable from sortedcontainers import SortedSet from .._internal.compare import ComparableTuple as _ComparableTuple from ..exception.model import InvalidNistQuantumSecurityLevelException, InvalidRelatedCryptoMaterialSizeException from ..schema.schema import SchemaVersion1Dot6 from .bom_ref import BomRef @serializable.serializable_enum class CryptoAssetType(str, Enum): """ This is our internal representation of the cryptoPropertiesType.assetType ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ ALGORITHM = 'algorithm' CERTIFICATE = 'certificate' PROTOCOL = 'protocol' RELATED_CRYPTO_MATERIAL = 'related-crypto-material' @serializable.serializable_enum class CryptoPrimitive(str, Enum): """ This is our internal representation of the cryptoPropertiesType.algorithmProperties.primitive ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ AE = 'ae' BLOCK_CIPHER = 'block-cipher' COMBINER = 'combiner' DRBG = 'drbg' HASH = 'hash' KDF = 'kdf' KEM = 'kem' KEY_AGREE = 'key-agree' MAC = 'mac' PKE = 'pke' SIGNATURE = 'signature' STREAM_CIPHER = 'stream-cipher' XOF = 'xof' OTHER = 'other' UNKNOWN = 'unknown' @serializable.serializable_enum class CryptoExecutionEnvironment(str, Enum): """ This is our internal representation of the cryptoPropertiesType.algorithmProperties.executionEnvironment ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ HARDWARE = 'hardware' SOFTWARE_ENCRYPTED_RAM = 'software-encrypted-ram' SOFTWARE_PLAIN_RAM = 'software-plain-ram' SOFTWARE_TEE = 'software-tee' OTHER = 'other' UNKNOWN = 'unknown' @serializable.serializable_enum class CryptoImplementationPlatform(str, Enum): """ This is our internal representation of the cryptoPropertiesType.algorithmProperties.implementationPlatform ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ ARMV7_A = 'armv7-a' ARMV7_M = 'armv7-m' ARMV8_A = 'armv8-a' ARMV8_M = 'armv8-m' ARMV9_A = 'armv9-a' ARMV9_M = 'armv9-m' GENERIC = 'generic' PPC64 = 'ppc64' PPC64LE = 'ppc64le' S390X = 's390x' X86_32 = 'x86_32' X86_64 = 'x86_64' OTHER = 'other' UNKNOWN = 'unknown' @serializable.serializable_enum class CryptoCertificationLevel(str, Enum): """ This is our internal representation of the cryptoPropertiesType.algorithmProperties.certificationLevel ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ NONE = 'none' FIPS140_1_L1 = 'fips140-1-l1' FIPS140_1_L2 = 'fips140-1-l2' FIPS140_1_L3 = 'fips140-1-l3' FIPS140_1_L4 = 'fips140-1-l4' FIPS140_2_L1 = 'fips140-2-l1' FIPS140_2_L2 = 'fips140-2-l2' FIPS140_2_L3 = 'fips140-2-l3' FIPS140_2_L4 = 'fips140-2-l4' FIPS140_3_L1 = 'fips140-3-l1' FIPS140_3_L2 = 'fips140-3-l2' FIPS140_3_L3 = 'fips140-3-l3' FIPS140_3_L4 = 'fips140-3-l4' CC_EAL1 = 'cc-eal1' CC_EAL1_PLUS = 'cc-eal1+' CC_EAL2 = 'cc-eal2' CC_EAL2_PLUS = 'cc-eal2+' CC_EAL3 = 'cc-eal3' CC_EAL3_PLUS = 'cc-eal3+' CC_EAL4 = 'cc-eal4' CC_EAL4_PLUS = 'cc-eal4+' CC_EAL5 = 'cc-eal5' CC_EAL5_PLUS = 'cc-eal5+' CC_EAL6 = 'cc-eal6' CC_EAL6_PLUS = 'cc-eal6+' CC_EAL7 = 'cc-eal7' CC_EAL7_PLUS = 'cc-eal7+' OTHER = 'other' UNKNOWN = 'unknown' @serializable.serializable_enum class CryptoMode(str, Enum): """ This is our internal representation of the cryptoPropertiesType.algorithmProperties.mode ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ CBC = 'cbc' CCM = 'ccm' CFB = 'cfb' CTR = 'ctr' ECB = 'ecb' GCM = 'gcm' OFB = 'ofb' OTHER = 'other' UNKNOWN = 'unknown' @serializable.serializable_enum class CryptoPadding(str, Enum): """ This is our internal representation of the cryptoPropertiesType.algorithmProperties.padding ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ PKCS5 = 'pkcs5' PKCS7 = 'pkcs7' PKCS1V15 = 'pkcs1v15' OAEP = 'oaep' RAW = 'raw' OTHER = 'other' UNKNOWN = 'unknown' @serializable.serializable_enum class CryptoFunction(str, Enum): """ This is our internal representation of the cryptoPropertiesType.algorithmProperties.cryptoFunctions.cryptoFunction ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ DECAPSULATE = 'decapsulate' DECRYPT = 'decrypt' DIGEST = 'digest' ENCAPSULATE = 'encapsulate' ENCRYPT = 'encrypt' GENERATE = 'generate' KEYDERIVE = 'keyderive' KEYGEN = 'keygen' SIGN = 'sign' TAG = 'tag' VERIFY = 'verify' OTHER = 'other' UNKNOWN = 'unknown' @serializable.serializable_class class AlgorithmProperties: """ This is our internal representation of the cryptoPropertiesType.algorithmProperties ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ def __init__( self, *, primitive: Optional[CryptoPrimitive] = None, parameter_set_identifier: Optional[str] = None, curve: Optional[str] = None, execution_environment: Optional[CryptoExecutionEnvironment] = None, implementation_platform: Optional[CryptoImplementationPlatform] = None, certification_levels: Optional[Iterable[CryptoCertificationLevel]] = None, mode: Optional[CryptoMode] = None, padding: Optional[CryptoPadding] = None, crypto_functions: Optional[Iterable[CryptoFunction]] = None, classical_security_level: Optional[int] = None, nist_quantum_security_level: Optional[int] = None, ) -> None: self.primitive = primitive self.parameter_set_identifier = parameter_set_identifier self.curve = curve self.execution_environment = execution_environment self.implementation_platform = implementation_platform self.certification_levels = certification_levels or [] # type:ignore[assignment] self.mode = mode self.padding = padding self.crypto_functions = crypto_functions or [] # type:ignore[assignment] self.classical_security_level = classical_security_level self.nist_quantum_security_level = nist_quantum_security_level @property @serializable.xml_sequence(1) def primitive(self) -> Optional[CryptoPrimitive]: """ Cryptographic building blocks used in higher-level cryptographic systems and protocols. Primitives represent different cryptographic routines: deterministic random bit generators (drbg, e.g. CTR_DRBG from NIST SP800-90A-r1), message authentication codes (mac, e.g. HMAC-SHA-256), blockciphers (e.g. AES), streamciphers (e.g. Salsa20), signatures (e.g. ECDSA), hash functions (e.g. SHA-256), public-key encryption schemes (pke, e.g. RSA), extended output functions (xof, e.g. SHAKE256), key derivation functions (e.g. pbkdf2), key agreement algorithms (e.g. ECDH), key encapsulation mechanisms (e.g. ML-KEM), authenticated encryption (ae, e.g. AES-GCM) and the combination of multiple algorithms (combiner, e.g. SP800-56Cr2). Returns: `CryptoPrimitive` or `None` """ return self._primitive @primitive.setter def primitive(self, primitive: Optional[CryptoPrimitive]) -> None: self._primitive = primitive @property @serializable.xml_sequence(2) def parameter_set_identifier(self) -> Optional[str]: """ An identifier for the parameter set of the cryptographic algorithm. Examples: in AES128, '128' identifies the key length in bits, in SHA256, '256' identifies the digest length, '128' in SHAKE128 identifies its maximum security level in bits, and 'SHA2-128s' identifies a parameter set used in SLH-DSA (FIPS205). Returns: `str` or `None` """ return self._parameter_set_identifier @parameter_set_identifier.setter def parameter_set_identifier(self, parameter_set_identifier: Optional[str]) -> None: self._parameter_set_identifier = parameter_set_identifier @property @serializable.xml_sequence(3) def curve(self) -> Optional[str]: """ The specific underlying Elliptic Curve (EC) definition employed which is an indicator of the level of security strength, performance and complexity. Absent an authoritative source of curve names, CycloneDX recommends use of curve names as defined at https://neuromancer.sk/std/, the source from which can be found at https://github.com/J08nY/std-curves. Returns: `str` or `None` """ return self._curve @curve.setter def curve(self, curve: Optional[str]) -> None: self._curve = curve @property @serializable.xml_sequence(4) def execution_environment(self) -> Optional[CryptoExecutionEnvironment]: """ The target and execution environment in which the algorithm is implemented in. Returns: `CryptoExecutionEnvironment` or `None` """ return self._execution_environment @execution_environment.setter def execution_environment(self, execution_environment: Optional[CryptoExecutionEnvironment]) -> None: self._execution_environment = execution_environment @property @serializable.xml_sequence(4) def implementation_platform(self) -> Optional[CryptoImplementationPlatform]: """ The target platform for which the algorithm is implemented. The implementation can be 'generic', running on any platform or for a specific platform. Returns: `CryptoImplementationPlatform` or `None` """ return self._implementation_platform @implementation_platform.setter def implementation_platform(self, implementation_platform: Optional[CryptoImplementationPlatform]) -> None: self._implementation_platform = implementation_platform @property @serializable.json_name('certificationLevel') @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, child_name='certificationLevel') @serializable.xml_sequence(5) def certification_levels(self) -> 'SortedSet[CryptoCertificationLevel]': """ The certification that the implementation of the cryptographic algorithm has received, if any. Certifications include revisions and levels of FIPS 140 or Common Criteria of different Extended Assurance Levels (CC-EAL). Returns: `Iterable[CryptoCertificationLevel]` """ return self._certification_levels @certification_levels.setter def certification_levels(self, certification_levels: Iterable[CryptoCertificationLevel]) -> None: self._certification_levels = SortedSet(certification_levels) @property @serializable.xml_sequence(6) def mode(self) -> Optional[CryptoMode]: """ The mode of operation in which the cryptographic algorithm (block cipher) is used. Returns: `CryptoMode` or `None` """ return self._mode @mode.setter def mode(self, mode: Optional[CryptoMode]) -> None: self._mode = mode @property @serializable.xml_sequence(8) def padding(self) -> Optional[CryptoPadding]: """ The padding scheme that is used for the cryptographic algorithm. Returns: `CryptoPadding` or `None` """ return self._padding @padding.setter def padding(self, padding: Optional[CryptoPadding]) -> None: self._padding = padding @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, child_name='cryptoFunction') @serializable.xml_sequence(9) def crypto_functions(self) -> 'SortedSet[CryptoFunction]': """ The cryptographic functions implemented by the cryptographic algorithm. Returns: `Iterable[CryptoFunction]` """ return self._crypto_functions @crypto_functions.setter def crypto_functions(self, crypto_functions: Iterable[CryptoFunction]) -> None: self._crypto_functions = SortedSet(crypto_functions) @property @serializable.xml_sequence(10) def classical_security_level(self) -> Optional[int]: """ The classical security level that a cryptographic algorithm provides (in bits). Returns: `int` or `None` """ return self._classical_security_level @classical_security_level.setter def classical_security_level(self, classical_security_level: Optional[int]) -> None: self._classical_security_level = classical_security_level @property @serializable.xml_sequence(11) def nist_quantum_security_level(self) -> Optional[int]: """ The NIST security strength category as defined in https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/ evaluation-criteria/security-(evaluation-criteria). A value of 0 indicates that none of the categories are met. Returns: `int` or `None` """ return self._nist_quantum_security_level @nist_quantum_security_level.setter def nist_quantum_security_level(self, nist_quantum_security_level: Optional[int]) -> None: if nist_quantum_security_level is not None and ( nist_quantum_security_level < 0 or nist_quantum_security_level > 6 ): raise InvalidNistQuantumSecurityLevelException( 'NIST Quantum Security Level must be (0 <= value <= 6)' ) self._nist_quantum_security_level = nist_quantum_security_level def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.primitive, self._parameter_set_identifier, self.curve, self.execution_environment, self.implementation_platform, _ComparableTuple(self.certification_levels), self.mode, self.padding, _ComparableTuple(self.crypto_functions), self.classical_security_level, self.nist_quantum_security_level, )) def __eq__(self, other: object) -> bool: if isinstance(other, AlgorithmProperties): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class CertificateProperties: """ This is our internal representation of the `cryptoPropertiesType.certificateProperties` complex type within CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ def __init__( self, *, subject_name: Optional[str] = None, issuer_name: Optional[str] = None, not_valid_before: Optional[datetime] = None, not_valid_after: Optional[datetime] = None, signature_algorithm_ref: Optional[BomRef] = None, subject_public_key_ref: Optional[BomRef] = None, certificate_format: Optional[str] = None, certificate_extension: Optional[str] = None, ) -> None: self.subject_name = subject_name self.issuer_name = issuer_name self.not_valid_before = not_valid_before self.not_valid_after = not_valid_after self.signature_algorithm_ref = signature_algorithm_ref self.subject_public_key_ref = subject_public_key_ref self.certificate_format = certificate_format self.certificate_extension = certificate_extension @property @serializable.xml_sequence(10) def subject_name(self) -> Optional[str]: """ The subject name for the certificate. Returns: `str` or `None` """ return self._subject_name @subject_name.setter def subject_name(self, subject_name: Optional[str]) -> None: self._subject_name = subject_name @property @serializable.xml_sequence(20) def issuer_name(self) -> Optional[str]: """ The issuer name for the certificate. Returns: `str` or `None` """ return self._issuer_name @issuer_name.setter def issuer_name(self, issuer_name: Optional[str]) -> None: self._issuer_name = issuer_name @property @serializable.type_mapping(serializable.helpers.XsdDateTime) @serializable.xml_sequence(30) def not_valid_before(self) -> Optional[datetime]: """ The date and time according to ISO-8601 standard from which the certificate is valid. Returns: `datetime` or `None` """ return self._not_valid_before @not_valid_before.setter def not_valid_before(self, not_valid_before: Optional[datetime]) -> None: self._not_valid_before = not_valid_before @property @serializable.type_mapping(serializable.helpers.XsdDateTime) @serializable.xml_sequence(40) def not_valid_after(self) -> Optional[datetime]: """ The date and time according to ISO-8601 standard from which the certificate is not valid anymore. Returns: `datetime` or `None` """ return self._not_valid_after @not_valid_after.setter def not_valid_after(self, not_valid_after: Optional[datetime]) -> None: self._not_valid_after = not_valid_after @property @serializable.type_mapping(BomRef) @serializable.xml_sequence(50) def signature_algorithm_ref(self) -> Optional[BomRef]: """ The bom-ref to signature algorithm used by the certificate. Returns: `BomRef` or `None` """ return self._signature_algorithm_ref @signature_algorithm_ref.setter def signature_algorithm_ref(self, signature_algorithm_ref: Optional[BomRef]) -> None: self._signature_algorithm_ref = signature_algorithm_ref @property @serializable.type_mapping(BomRef) @serializable.xml_sequence(60) def subject_public_key_ref(self) -> Optional[BomRef]: """ The bom-ref to the public key of the subject. Returns: `BomRef` or `None` """ return self._subject_public_key_ref @subject_public_key_ref.setter def subject_public_key_ref(self, subject_public_key_ref: Optional[BomRef]) -> None: self._subject_public_key_ref = subject_public_key_ref @property @serializable.xml_sequence(70) def certificate_format(self) -> Optional[str]: """ The format of the certificate. Examples include X.509, PEM, DER, and CVC. Returns: `str` or `None` """ return self._certificate_format @certificate_format.setter def certificate_format(self, certificate_format: Optional[str]) -> None: self._certificate_format = certificate_format @property @serializable.xml_sequence(80) def certificate_extension(self) -> Optional[str]: """ The file extension of the certificate. Examples include crt, pem, cer, der, and p12. Returns: `str` or `None` """ return self._certificate_extension @certificate_extension.setter def certificate_extension(self, certificate_extension: Optional[str]) -> None: self._certificate_extension = certificate_extension def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.subject_name, self.issuer_name, self.not_valid_before, self.not_valid_after, self.certificate_format, self.certificate_extension )) def __eq__(self, other: object) -> bool: if isinstance(other, CertificateProperties): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_enum class RelatedCryptoMaterialType(str, Enum): """ This is our internal representation of the cryptoPropertiesType.relatedCryptoMaterialProperties.type ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ ADDITIONAL_DATA = 'additional-data' CIPHERTEXT = 'ciphertext' CREDENTIAL = 'credential' DIGEST = 'digest' INITIALIZATION_VECTOR = 'initialization-vector' KEY = 'key' NONCE = 'nonce' PASSWORD = 'password' # nosec PRIVATE_KEY = 'private-key' PUBLIC_KEY = 'public-key' SALT = 'salt' SECRET_KEY = 'secret-key' # nosec SEED = 'seed' SHARED_SECRET = 'shared-secret' # nosec SIGNATURE = 'signature' TAG = 'tag' TOKEN = 'token' # nosec OTHER = 'other' UNKNOWN = 'unknown' @serializable.serializable_enum class RelatedCryptoMaterialState(str, Enum): """ This is our internal representation of the cryptoPropertiesType.relatedCryptoMaterialProperties.state ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ ACTIVE = 'active' COMPROMISED = 'compromised' DEACTIVATED = 'deactivated' DESTROYED = 'destroyed' PRE_ACTIVATION = 'pre-activation' SUSPENDED = 'suspended' @serializable.serializable_class class RelatedCryptoMaterialSecuredBy: """ This is our internal representation of the `cryptoPropertiesType.relatedCryptoMaterialProperties.securedBy` complex type within CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ def __init__( self, *, mechanism: Optional[str] = None, algorithm_ref: Optional[BomRef] = None, ) -> None: self.mechanism = mechanism self.algorithm_ref = algorithm_ref @property @serializable.xml_sequence(10) def mechanism(self) -> Optional[str]: """ Specifies the mechanism by which the cryptographic asset is secured by. Examples include HSM, TPM, XGX, Software, and None. Returns: `str` or `None` """ return self._mechanism @mechanism.setter def mechanism(self, mechanism: Optional[str]) -> None: self._mechanism = mechanism @property @serializable.type_mapping(BomRef) @serializable.xml_sequence(20) def algorithm_ref(self) -> Optional[BomRef]: """ The bom-ref to the algorithm. Returns: `BomRef` or `None` """ return self._algorithm_ref @algorithm_ref.setter def algorithm_ref(self, algorithm_ref: Optional[BomRef]) -> None: self._algorithm_ref = algorithm_ref def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.mechanism, self.algorithm_ref )) def __eq__(self, other: object) -> bool: if isinstance(other, RelatedCryptoMaterialSecuredBy): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class RelatedCryptoMaterialProperties: """ This is our internal representation of the `cryptoPropertiesType.relatedCryptoMaterialProperties` complex type within CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ def __init__( self, *, type: Optional[RelatedCryptoMaterialType] = None, id: Optional[str] = None, state: Optional[RelatedCryptoMaterialState] = None, algorithm_ref: Optional[BomRef] = None, creation_date: Optional[datetime] = None, activation_date: Optional[datetime] = None, update_date: Optional[datetime] = None, expiration_date: Optional[datetime] = None, value: Optional[str] = None, size: Optional[int] = None, format: Optional[str] = None, secured_by: Optional[RelatedCryptoMaterialSecuredBy] = None, ) -> None: self.type = type self.id = id self.state = state self.algorithm_ref = algorithm_ref self.creation_date = creation_date self.activation_date = activation_date self.update_date = update_date self.expiration_date = expiration_date self.value = value self.size = size self.format = format self.secured_by = secured_by @property @serializable.xml_sequence(10) def type(self) -> Optional[RelatedCryptoMaterialType]: """ The type for the related cryptographic material. Returns """ return self._type @type.setter def type(self, type: Optional[RelatedCryptoMaterialType]) -> None: self._type = type @property @serializable.xml_sequence(20) def id(self) -> Optional[str]: """ The optional unique identifier for the related cryptographic material. :return: """ return self._id @id.setter def id(self, id: Optional[str]) -> None: self._id = id @property @serializable.xml_sequence(30) def state(self) -> Optional[RelatedCryptoMaterialState]: """ The key state as defined by NIST SP 800-57. Returns: `RelatedCryptoMaterialState` or `None` """ return self._state @state.setter def state(self, state: Optional[RelatedCryptoMaterialState]) -> None: self._state = state @property @serializable.type_mapping(BomRef) @serializable.xml_sequence(40) def algorithm_ref(self) -> Optional[BomRef]: """ The bom-ref to the algorithm used to generate the related cryptographic material. Returns: `BomRef` or `None` """ return self._algorithm_ref @algorithm_ref.setter def algorithm_ref(self, algorithm_ref: Optional[BomRef]) -> None: self._algorithm_ref = algorithm_ref @property @serializable.type_mapping(serializable.helpers.XsdDateTime) @serializable.xml_sequence(50) def creation_date(self) -> Optional[datetime]: """ The date and time (timestamp) when the related cryptographic material was created. Returns: `datetime` or `None` """ return self._creation_date @creation_date.setter def creation_date(self, creation_date: Optional[datetime]) -> None: self._creation_date = creation_date @property @serializable.type_mapping(serializable.helpers.XsdDateTime) @serializable.xml_sequence(60) def activation_date(self) -> Optional[datetime]: """ The date and time (timestamp) when the related cryptographic material was activated. Returns: `datetime` or `None` """ return self._activation_date @activation_date.setter def activation_date(self, activation_date: Optional[datetime]) -> None: self._activation_date = activation_date @property @serializable.type_mapping(serializable.helpers.XsdDateTime) @serializable.xml_sequence(70) def update_date(self) -> Optional[datetime]: """ The date and time (timestamp) when the related cryptographic material was updated. Returns: `datetime` or `None` """ return self._update_date @update_date.setter def update_date(self, update_date: Optional[datetime]) -> None: self._update_date = update_date @property @serializable.type_mapping(serializable.helpers.XsdDateTime) @serializable.xml_sequence(80) def expiration_date(self) -> Optional[datetime]: """ The date and time (timestamp) when the related cryptographic material expires. Returns: `datetime` or `None` """ return self._expiration_date @expiration_date.setter def expiration_date(self, expiration_date: Optional[datetime]) -> None: self._expiration_date = expiration_date @property @serializable.xml_sequence(90) def value(self) -> Optional[str]: """ The associated value of the cryptographic material. Returns: `str` or `None` """ return self._value @value.setter def value(self, value: Optional[str]) -> None: self._value = value @property @serializable.xml_sequence(100) def size(self) -> Optional[int]: """ The size of the cryptographic asset (in bits). Returns: `int` or `None` """ return self._size @size.setter def size(self, size: Optional[int]) -> None: if size and size < 0: raise InvalidRelatedCryptoMaterialSizeException('Size must be greater than zero') self._size = size @property @serializable.xml_sequence(110) def format(self) -> Optional[str]: """ The format of the related cryptographic material (e.g. P8, PEM, DER). Returns: `str` or `None` """ return self._format @format.setter def format(self, format: Optional[str]) -> None: self._format = format @property @serializable.xml_sequence(120) def secured_by(self) -> Optional[RelatedCryptoMaterialSecuredBy]: """ The mechanism by which the cryptographic asset is secured by. Returns: `RelatedCryptoMaterialSecuredBy` or `None` """ return self._secured_by @secured_by.setter def secured_by(self, secured_by: Optional[RelatedCryptoMaterialSecuredBy]) -> None: self._secured_by = secured_by def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.type, self.id, self.state, self.algorithm_ref, self.creation_date, self.activation_date, self.update_date, self.expiration_date, self.value, self.size, self.format, self.secured_by )) def __eq__(self, other: object) -> bool: if isinstance(other, RelatedCryptoMaterialProperties): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_enum class ProtocolPropertiesType(str, Enum): """ This is our internal representation of the cryptoPropertiesType.protocolProperties.type ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ IKE = 'ike' IPSEC = 'ipsec' SSH = 'ssh' SSTP = 'sstp' TLS = 'tls' WPA = 'wpa' OTHER = 'other' UNKNOWN = 'unknown' @serializable.serializable_class class ProtocolPropertiesCipherSuite: """ This is our internal representation of the `cryptoPropertiesType.protocolProperties.cipherSuites.cipherSuite` complex type within CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ def __init__( self, *, name: Optional[str] = None, algorithms: Optional[Iterable[BomRef]] = None, identifiers: Optional[Iterable[str]] = None, ) -> None: self.name = name self.algorithms = algorithms or [] # type:ignore[assignment] self.identifiers = identifiers or [] # type:ignore[assignment] @property @serializable.xml_sequence(10) def name(self) -> Optional[str]: """ A common name for the cipher suite. For example: TLS_DHE_RSA_WITH_AES_128_CCM. Returns: `str` or `None` """ return self._name @name.setter def name(self, name: Optional[str]) -> None: self._name = name @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'algorithm') @serializable.xml_sequence(20) def algorithms(self) -> 'SortedSet[BomRef]': """ A list BomRefs to algorithms related to the cipher suite. Returns: `Iterable[BomRef]` or `None` """ return self._algorithms @algorithms.setter def algorithms(self, algorithms: Iterable[BomRef]) -> None: self._algorithms = SortedSet(algorithms) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'identifier') @serializable.xml_sequence(20) def identifiers(self) -> 'SortedSet[str]': """ A list of common identifiers for the cipher suite. Examples include 0xC0 and 0x9E. Returns: `Iterable[str]` or `None` """ return self._identifiers @identifiers.setter def identifiers(self, identifiers: Iterable[str]) -> None: self._identifiers = SortedSet(identifiers) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.name, _ComparableTuple(self.algorithms), _ComparableTuple(self.identifiers) )) def __eq__(self, other: object) -> bool: if isinstance(other, ProtocolPropertiesCipherSuite): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, ProtocolPropertiesCipherSuite): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class Ikev2TransformTypes: """ This is our internal representation of the `cryptoPropertiesType.protocolProperties.ikev2TransformTypes` complex type within CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ def __init__( self, *, encr: Optional[Iterable[BomRef]] = None, prf: Optional[Iterable[BomRef]] = None, integ: Optional[Iterable[BomRef]] = None, ke: Optional[Iterable[BomRef]] = None, esn: Optional[bool] = None, auth: Optional[Iterable[BomRef]] = None, ) -> None: self.encr = encr or [] # type:ignore[assignment] self.prf = prf or [] # type:ignore[assignment] self.integ = integ or [] # type:ignore[assignment] self.ke = ke or [] # type:ignore[assignment] self.esn = esn self.auth = auth or [] # type:ignore[assignment] @property @serializable.xml_sequence(10) def encr(self) -> 'SortedSet[BomRef]': """ Transform Type 1: encryption algorithms. Returns: `Iterable[BomRef]` or `None` """ return self._encr @encr.setter def encr(self, encr: Iterable[BomRef]) -> None: self._encr = SortedSet(encr) @property @serializable.xml_sequence(20) def prf(self) -> 'SortedSet[BomRef]': """ Transform Type 2: pseudorandom functions. Returns: `Iterable[BomRef]` or `None` """ return self._prf @prf.setter def prf(self, prf: Iterable[BomRef]) -> None: self._prf = SortedSet(prf) @property @serializable.xml_sequence(30) def integ(self) -> 'SortedSet[BomRef]': """ Transform Type 3: integrity algorithms. Returns: `Iterable[BomRef]` or `None` """ return self._integ @integ.setter def integ(self, integ: Iterable[BomRef]) -> None: self._integ = SortedSet(integ) @property @serializable.xml_sequence(40) def ke(self) -> 'SortedSet[BomRef]': """ Transform Type 4: Key Exchange Method (KE) per RFC9370, formerly called Diffie-Hellman Group (D-H). Returns: `Iterable[BomRef]` or `None` """ return self._ke @ke.setter def ke(self, ke: Iterable[BomRef]) -> None: self._ke = SortedSet(ke) @property @serializable.xml_sequence(50) def esn(self) -> Optional[bool]: """ Specifies if an Extended Sequence Number (ESN) is used. Returns: `bool` or `None` """ return self._esn @esn.setter def esn(self, esn: Optional[bool]) -> None: self._esn = esn @property @serializable.xml_sequence(60) def auth(self) -> 'SortedSet[BomRef]': """ IKEv2 Authentication method. Returns: `Iterable[BomRef]` or `None` """ return self._auth @auth.setter def auth(self, auth: Iterable[BomRef]) -> None: self._auth = SortedSet(auth) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( _ComparableTuple(self.encr), _ComparableTuple(self.prf), _ComparableTuple(self.integ), _ComparableTuple(self.ke), self.esn, _ComparableTuple(self.auth) )) def __eq__(self, other: object) -> bool: if isinstance(other, Ikev2TransformTypes): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class ProtocolProperties: """ This is our internal representation of the `cryptoPropertiesType.protocolProperties` complex type within CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ def __init__( self, *, type: Optional[ProtocolPropertiesType] = None, version: Optional[str] = None, cipher_suites: Optional[Iterable[ProtocolPropertiesCipherSuite]] = None, ikev2_transform_types: Optional[Ikev2TransformTypes] = None, crypto_refs: Optional[Iterable[BomRef]] = None, ) -> None: self.type = type self.version = version self.cipher_suites = cipher_suites or [] # type:ignore[assignment] self.ikev2_transform_types = ikev2_transform_types self.crypto_refs = crypto_refs or [] # type:ignore[assignment] @property @serializable.xml_sequence(10) def type(self) -> Optional[ProtocolPropertiesType]: """ The concrete protocol type. Returns: `ProtocolPropertiesType` or `None` """ return self._type @type.setter def type(self, type: Optional[ProtocolPropertiesType]) -> None: self._type = type @property @serializable.xml_sequence(20) def version(self) -> Optional[str]: """ The version of the protocol. Examples include 1.0, 1.2, and 1.99. Returns: `str` or `None` """ return self._version @version.setter def version(self, version: Optional[str]) -> None: self._version = version @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'cipherSuite') @serializable.xml_sequence(30) def cipher_suites(self) -> 'SortedSet[ProtocolPropertiesCipherSuite]': """ A list of cipher suites related to the protocol. Returns: `Iterable[ProtocolPropertiesCipherSuite]` """ return self._cipher_suites @cipher_suites.setter def cipher_suites(self, cipher_suites: Iterable[ProtocolPropertiesCipherSuite]) -> None: self._cipher_suites = SortedSet(cipher_suites) @property @serializable.xml_sequence(40) def ikev2_transform_types(self) -> Optional[Ikev2TransformTypes]: """ The IKEv2 transform types supported (types 1-4), defined in RFC7296 section 3.3.2, and additional properties. Returns: `Ikev2TransformTypes` or `None` """ return self._ikev2_transform_types @ikev2_transform_types.setter def ikev2_transform_types(self, ikev2_transform_types: Optional[Ikev2TransformTypes]) -> None: self._ikev2_transform_types = ikev2_transform_types @property @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, 'cryptoRef') @serializable.json_name('cryptoRefArray') def crypto_refs(self) -> 'SortedSet[BomRef]': """ A list of protocol-related cryptographic assets. Returns: `Iterable[BomRef]` """ return self._crypto_refs @crypto_refs.setter def crypto_refs(self, crypto_refs: Iterable[BomRef]) -> None: self._crypto_refs = SortedSet(crypto_refs) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.type, self.version, _ComparableTuple(self.cipher_suites), self.ikev2_transform_types, _ComparableTuple(self.crypto_refs) )) def __eq__(self, other: object) -> bool: if isinstance(other, ProtocolProperties): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class CryptoProperties: """ This is our internal representation of the `cryptoPropertiesType` complex type within CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_cryptoPropertiesType """ def __init__( self, *, asset_type: Optional[CryptoAssetType] = None, algorithm_properties: Optional[AlgorithmProperties] = None, certificate_properties: Optional[CertificateProperties] = None, related_crypto_material_properties: Optional[RelatedCryptoMaterialProperties] = None, protocol_properties: Optional[ProtocolProperties] = None, oid: Optional[str] = None, ) -> None: self.asset_type = asset_type self.algorithm_properties = algorithm_properties self.certificate_properties = certificate_properties self.related_crypto_material_properties = related_crypto_material_properties self.protocol_properties = protocol_properties self.oid = oid @property @serializable.xml_sequence(10) def asset_type(self) -> Optional[CryptoAssetType]: """ Cryptographic assets occur in several forms. Algorithms and protocols are most commonly implemented in specialized cryptographic libraries. They may however also be 'hardcoded' in software components. Certificates and related cryptographic material like keys, tokens, secrets or passwords are other cryptographic assets to be modelled. Returns: `CryptoAssetType` """ return self._asset_type @asset_type.setter def asset_type(self, asset_type: Optional[CryptoAssetType]) -> None: self._asset_type = asset_type @property @serializable.xml_sequence(20) def algorithm_properties(self) -> Optional[AlgorithmProperties]: """ Additional properties specific to a cryptographic algorithm. Returns: `AlgorithmProperties` or `None` """ return self._algorithm_properties @algorithm_properties.setter def algorithm_properties(self, algorithm_properties: Optional[AlgorithmProperties]) -> None: self._algorithm_properties = algorithm_properties @property @serializable.xml_sequence(30) def certificate_properties(self) -> Optional[CertificateProperties]: """ Properties for cryptographic assets of asset type 'certificate'. Returns: `CertificateProperties` or `None` """ return self._certificate_properties @certificate_properties.setter def certificate_properties(self, certificate_properties: Optional[CertificateProperties]) -> None: self._certificate_properties = certificate_properties @property @serializable.xml_sequence(40) def related_crypto_material_properties(self) -> Optional[RelatedCryptoMaterialProperties]: """ Properties for cryptographic assets of asset type 'relatedCryptoMaterial'. Returns: `RelatedCryptoMaterialProperties` or `None` """ return self._related_crypto_material_properties @related_crypto_material_properties.setter def related_crypto_material_properties( self, related_crypto_material_properties: Optional[RelatedCryptoMaterialProperties] ) -> None: self._related_crypto_material_properties = related_crypto_material_properties @property @serializable.xml_sequence(50) def protocol_properties(self) -> Optional[ProtocolProperties]: """ Properties specific to cryptographic assets of type: 'protocol'. Returns: `ProtocolProperties` or `None` """ return self._protocol_properties @protocol_properties.setter def protocol_properties(self, protocol_properties: Optional[ProtocolProperties]) -> None: self._protocol_properties = protocol_properties @property @serializable.xml_sequence(60) def oid(self) -> Optional[str]: """ The object identifier (OID) of the cryptographic asset. Returns: `str` or `None` """ return self._oid @oid.setter def oid(self, oid: Optional[str]) -> None: self._oid = oid def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.asset_type, self.algorithm_properties, self.certificate_properties, self.related_crypto_material_properties, self.protocol_properties, self.oid, )) def __eq__(self, other: object) -> bool: if isinstance(other, CryptoProperties): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, CryptoProperties): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' cyclonedx-python-lib-9.1.0/cyclonedx/model/definition.py000066400000000000000000000477221476011761300234100ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import re from typing import TYPE_CHECKING, Any, Iterable, Optional, Union import py_serializable as serializable from sortedcontainers import SortedSet from .._internal.bom_ref import bom_ref_from_str as _bom_ref_from_str from .._internal.compare import ComparableTuple as _ComparableTuple from ..exception.model import InvalidCreIdException from ..exception.serialization import SerializationOfUnexpectedValueException from . import ExternalReference, Property from .bom_ref import BomRef if TYPE_CHECKING: # pragma: no cover from typing import Type, TypeVar _T_CreId = TypeVar('_T_CreId', bound='CreId') @serializable.serializable_class class CreId(serializable.helpers.BaseHelper): """ Helper class that allows us to perform validation on data strings that must conform to Common Requirements Enumeration (CRE) identifier(s). """ _VALID_CRE_REGEX = re.compile(r'^CRE:[0-9]+-[0-9]+$') def __init__(self, id: str) -> None: if CreId._VALID_CRE_REGEX.match(id) is None: raise InvalidCreIdException( f'Supplied value "{id} does not meet format specification.' ) self._id = id @property @serializable.json_name('.') @serializable.xml_name('.') def id(self) -> str: return self._id @classmethod def serialize(cls, o: Any) -> str: if isinstance(o, cls): return str(o) raise SerializationOfUnexpectedValueException( f'Attempt to serialize a non-CreId: {o!r}') @classmethod def deserialize(cls: 'Type[_T_CreId]', o: Any) -> '_T_CreId': return cls(id=str(o)) def __eq__(self, other: Any) -> bool: if isinstance(other, CreId): return self._id == other._id return False def __lt__(self, other: Any) -> bool: if isinstance(other, CreId): return self._id < other._id return NotImplemented def __hash__(self) -> int: return hash(self._id) def __repr__(self) -> str: return f'' def __str__(self) -> str: return self._id @serializable.serializable_class class Requirement: """ A requirement comprising a standard. """ def __init__( self, *, bom_ref: Optional[Union[str, BomRef]] = None, identifier: Optional[str] = None, title: Optional[str] = None, text: Optional[str] = None, descriptions: Optional[Iterable[str]] = None, open_cre: Optional[Iterable[CreId]] = None, parent: Optional[Union[str, BomRef]] = None, properties: Optional[Iterable[Property]] = None, external_references: Optional[Iterable[ExternalReference]] = None, ) -> None: self._bom_ref = _bom_ref_from_str(bom_ref) self.identifier = identifier self.title = title self.text = text self.descriptions = descriptions or () # type:ignore[assignment] self.open_cre = open_cre or () # type:ignore[assignment] self.parent = parent # type:ignore[assignment] self.properties = properties or () # type:ignore[assignment] self.external_references = external_references or () # type:ignore[assignment] @property @serializable.type_mapping(BomRef) @serializable.json_name('bom-ref') @serializable.xml_name('bom-ref') @serializable.xml_attribute() def bom_ref(self) -> BomRef: """ An optional identifier which can be used to reference the requirement elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. Returns: `BomRef` """ return self._bom_ref @property @serializable.xml_sequence(1) def identifier(self) -> Optional[str]: """ Returns: The identifier of the requirement. """ return self._identifier @identifier.setter def identifier(self, identifier: Optional[str]) -> None: self._identifier = identifier @property @serializable.xml_sequence(2) def title(self) -> Optional[str]: """ Returns: The title of the requirement. """ return self._title @title.setter def title(self, title: Optional[str]) -> None: self._title = title @property @serializable.xml_sequence(3) def text(self) -> Optional[str]: """ Returns: The text of the requirement. """ return self._text @text.setter def text(self, text: Optional[str]) -> None: self._text = text @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'description') @serializable.xml_sequence(4) def descriptions(self) -> 'SortedSet[str]': """ Returns: A SortedSet of descriptions of the requirement. """ return self._descriptions @descriptions.setter def descriptions(self, descriptions: Iterable[str]) -> None: self._descriptions = SortedSet(descriptions) @property @serializable.json_name('openCre') @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, 'openCre') @serializable.xml_sequence(5) def open_cre(self) -> 'SortedSet[CreId]': """ CRE is a structured and standardized framework for uniting security standards and guidelines. CRE links each section of a resource to a shared topic identifier (a Common Requirement). Through this shared topic link, all resources map to each other. Use of CRE promotes clear and unambiguous communication among stakeholders. Returns: The Common Requirements Enumeration (CRE) identifier(s). CREs must match regular expression: ^CRE:[0-9]+-[0-9]+$ """ return self._open_cre @open_cre.setter def open_cre(self, open_cre: Iterable[CreId]) -> None: self._open_cre = SortedSet(open_cre) @property @serializable.type_mapping(BomRef) @serializable.xml_sequence(6) def parent(self) -> Optional[BomRef]: """ Returns: The optional bom-ref to a parent requirement. This establishes a hierarchy of requirements. Top-level requirements must not define a parent. Only child requirements should define parents. """ return self._parent @parent.setter def parent(self, parent: Optional[Union[str, BomRef]]) -> None: self._parent = _bom_ref_from_str(parent, optional=True) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'property') @serializable.xml_sequence(7) def properties(self) -> 'SortedSet[Property]': """ Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Return: Set of `Property` """ return self._properties @properties.setter def properties(self, properties: Iterable[Property]) -> None: self._properties = SortedSet(properties) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'reference') @serializable.xml_sequence(8) def external_references(self) -> 'SortedSet[ExternalReference]': """ Provides the ability to document external references related to the component or to the project the component describes. Returns: Set of `ExternalReference` """ return self._external_references @external_references.setter def external_references(self, external_references: Iterable[ExternalReference]) -> None: self._external_references = SortedSet(external_references) def __comparable_tuple(self) -> _ComparableTuple: # all properties are optional - so need to compare all, in hope that one is unique return _ComparableTuple(( self.identifier, self.bom_ref.value, self.title, self.text, _ComparableTuple(self.descriptions), _ComparableTuple(self.open_cre), self.parent, _ComparableTuple(self.properties), _ComparableTuple(self.external_references) )) def __lt__(self, other: Any) -> bool: if isinstance(other, Requirement): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __eq__(self, other: object) -> bool: if isinstance(other, Requirement): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class Level: """ Level of compliance for a standard. """ def __init__( self, *, bom_ref: Optional[Union[str, BomRef]] = None, identifier: Optional[str] = None, title: Optional[str] = None, description: Optional[str] = None, requirements: Optional[Iterable[Union[str, BomRef]]] = None, ) -> None: self._bom_ref = _bom_ref_from_str(bom_ref) self.identifier = identifier self.title = title self.description = description self.requirements = requirements or () # type:ignore[assignment] @property @serializable.type_mapping(BomRef) @serializable.json_name('bom-ref') @serializable.xml_name('bom-ref') @serializable.xml_attribute() def bom_ref(self) -> BomRef: """ An optional identifier which can be used to reference the level elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. Returns: `BomRef` """ return self._bom_ref @property @serializable.xml_sequence(1) def identifier(self) -> Optional[str]: """ Returns: The identifier of the level. """ return self._identifier @identifier.setter def identifier(self, identifier: Optional[str]) -> None: self._identifier = identifier @property @serializable.xml_sequence(2) def title(self) -> Optional[str]: """ Returns: The title of the level. """ return self._title @title.setter def title(self, title: Optional[str]) -> None: self._title = title @property @serializable.xml_sequence(3) def description(self) -> Optional[str]: """ Returns: The description of the level. """ return self._description @description.setter def description(self, description: Optional[str]) -> None: self._description = description @property @serializable.xml_sequence(4) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'requirement') def requirements(self) -> 'SortedSet[BomRef]': """ Returns: A SortedSet of requirements associated with the level. """ return self._requirements @requirements.setter def requirements(self, requirements: Iterable[Union[str, BomRef]]) -> None: self._requirements = SortedSet(map(_bom_ref_from_str, # type: ignore[arg-type] requirements)) def __comparable_tuple(self) -> _ComparableTuple: # all properties are optional - so need to compare all, in hope that one is unique return _ComparableTuple(( self.identifier, self.bom_ref.value, self.title, self.description, _ComparableTuple(self.requirements) )) def __lt__(self, other: Any) -> bool: if isinstance(other, Level): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __eq__(self, other: object) -> bool: if isinstance(other, Level): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class Standard: """ A standard of regulations, industry or organizational-specific standards, maturity models, best practices, or any other requirements. """ def __init__( self, *, bom_ref: Optional[Union[str, BomRef]] = None, name: Optional[str] = None, version: Optional[str] = None, description: Optional[str] = None, owner: Optional[str] = None, requirements: Optional[Iterable[Requirement]] = None, levels: Optional[Iterable[Level]] = None, external_references: Optional[Iterable['ExternalReference']] = None # TODO: signature ) -> None: self._bom_ref = _bom_ref_from_str(bom_ref) self.name = name self.version = version self.description = description self.owner = owner self.requirements = requirements or () # type:ignore[assignment] self.levels = levels or () # type:ignore[assignment] self.external_references = external_references or () # type:ignore[assignment] # TODO: signature @property @serializable.type_mapping(BomRef) @serializable.json_name('bom-ref') @serializable.xml_name('bom-ref') @serializable.xml_attribute() def bom_ref(self) -> BomRef: """ An optional identifier which can be used to reference the standard elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. Returns: `BomRef` """ return self._bom_ref @property @serializable.xml_sequence(1) def name(self) -> Optional[str]: """ Returns: The name of the standard """ return self._name @name.setter def name(self, name: Optional[str]) -> None: self._name = name @property @serializable.xml_sequence(2) def version(self) -> Optional[str]: """ Returns: The version of the standard """ return self._version @version.setter def version(self, version: Optional[str]) -> None: self._version = version @property @serializable.xml_sequence(3) def description(self) -> Optional[str]: """ Returns: The description of the standard """ return self._description @description.setter def description(self, description: Optional[str]) -> None: self._description = description @property @serializable.xml_sequence(4) def owner(self) -> Optional[str]: """ Returns: The owner of the standard, often the entity responsible for its release. """ return self._owner @owner.setter def owner(self, owner: Optional[str]) -> None: self._owner = owner @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'requirement') @serializable.xml_sequence(5) def requirements(self) -> 'SortedSet[Requirement]': """ Returns: A SortedSet of requirements comprising the standard. """ return self._requirements @requirements.setter def requirements(self, requirements: Iterable[Requirement]) -> None: self._requirements = SortedSet(requirements) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'level') @serializable.xml_sequence(6) def levels(self) -> 'SortedSet[Level]': """ Returns: A SortedSet of levels associated with the standard. Some standards have different levels of compliance. """ return self._levels @levels.setter def levels(self, levels: Iterable[Level]) -> None: self._levels = SortedSet(levels) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'reference') @serializable.xml_sequence(7) def external_references(self) -> 'SortedSet[ExternalReference]': """ Returns: A SortedSet of external references associated with the standard. """ return self._external_references @external_references.setter def external_references(self, external_references: Iterable[ExternalReference]) -> None: self._external_references = SortedSet(external_references) # @property # @serializable.xml_sequence(8) # # MUST NOT RENDER FOR XML -- this is JSON only # def signature(self) -> ...: # ... # # @signature.setter # def levels(self, signature: ...) -> None: # ... def __comparable_tuple(self) -> _ComparableTuple: # all properties are optional - so need to apply all, in hope that one is unique return _ComparableTuple(( self.name, self.version, self.bom_ref.value, self.description, self.owner, _ComparableTuple(self.requirements), _ComparableTuple(self.levels), _ComparableTuple(self.external_references) )) def __lt__(self, other: Any) -> bool: if isinstance(other, Standard): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __eq__(self, other: object) -> bool: if isinstance(other, Standard): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class(name='definitions') class Definitions: """ The repository for definitions """ def __init__( self, *, standards: Optional[Iterable[Standard]] = None ) -> None: self.standards = standards or () # type:ignore[assignment] @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'standard') @serializable.xml_sequence(1) def standards(self) -> 'SortedSet[Standard]': """ Returns: A SortedSet of Standards """ return self._standards @standards.setter def standards(self, standards: Iterable[Standard]) -> None: self._standards = SortedSet(standards) def __bool__(self) -> bool: return len(self._standards) > 0 def __comparable_tuple(self) -> _ComparableTuple: # all properties are optional - so need to apply all, in hope that one is unique return _ComparableTuple(self._standards) def __eq__(self, other: object) -> bool: if isinstance(other, Definitions): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, Definitions): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' cyclonedx-python-lib-9.1.0/cyclonedx/model/dependency.py000066400000000000000000000073261476011761300233720ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from abc import ABC, abstractmethod from typing import Any, Iterable, List, Optional, Set import py_serializable as serializable from sortedcontainers import SortedSet from .._internal.compare import ComparableTuple as _ComparableTuple from ..exception.serialization import SerializationOfUnexpectedValueException from .bom_ref import BomRef class _DependencyRepositorySerializationHelper(serializable.helpers.BaseHelper): """ THIS CLASS IS NON-PUBLIC API """ @classmethod def serialize(cls, o: Any) -> List[str]: if isinstance(o, (SortedSet, set)): return [str(i.ref) for i in o] raise SerializationOfUnexpectedValueException( f'Attempt to serialize a non-DependencyRepository: {o!r}') @classmethod def deserialize(cls, o: Any) -> Set['Dependency']: dependencies = set() if isinstance(o, list): for v in o: dependencies.add(Dependency(ref=BomRef(value=v))) return dependencies @serializable.serializable_class class Dependency: """ Models a Dependency within a BOM. .. note:: See https://cyclonedx.org/docs/1.6/xml/#type_dependencyType """ def __init__(self, ref: BomRef, dependencies: Optional[Iterable['Dependency']] = None) -> None: self.ref = ref self.dependencies = dependencies or [] # type:ignore[assignment] @property @serializable.type_mapping(BomRef) @serializable.xml_attribute() def ref(self) -> BomRef: return self._ref @ref.setter def ref(self, ref: BomRef) -> None: self._ref = ref @property @serializable.json_name('dependsOn') @serializable.type_mapping(_DependencyRepositorySerializationHelper) @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, 'dependency') def dependencies(self) -> 'SortedSet[Dependency]': return self._dependencies @dependencies.setter def dependencies(self, dependencies: Iterable['Dependency']) -> None: self._dependencies = SortedSet(dependencies) def dependencies_as_bom_refs(self) -> Set[BomRef]: return set(map(lambda d: d.ref, self.dependencies)) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.ref, _ComparableTuple(self.dependencies) )) def __eq__(self, other: object) -> bool: if isinstance(other, Dependency): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, Dependency): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' class Dependable(ABC): """ Dependable objects can be part of the Dependency Graph """ @property @abstractmethod def bom_ref(self) -> BomRef: ... # pragma: no cover cyclonedx-python-lib-9.1.0/cyclonedx/model/impact_analysis.py000066400000000000000000000070071476011761300244300ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ This set of classes represents the data about Impact Analysis. Impact Analysis is new for CycloneDX schema version 1. .. note:: See the CycloneDX Schema extension definition https://cyclonedx.org/docs/1.6 """ from enum import Enum import py_serializable as serializable @serializable.serializable_enum class ImpactAnalysisAffectedStatus(str, Enum): """ Enum object that defines the permissible impact analysis affected states. The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_impactAnalysisAffectedStatusType """ AFFECTED = 'affected' UNAFFECTED = 'unaffected' UNKNOWN = 'unknown' @serializable.serializable_enum class ImpactAnalysisJustification(str, Enum): """ Enum object that defines the rationale of why the impact analysis state was asserted. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_impactAnalysisJustificationType """ CODE_NOT_PRESENT = 'code_not_present' CODE_NOT_REACHABLE = 'code_not_reachable' PROTECTED_AT_PERIMITER = 'protected_at_perimeter' PROTECTED_AT_RUNTIME = 'protected_at_runtime' PROTECTED_BY_COMPILER = 'protected_by_compiler' PROTECTED_BY_MITIGATING_CONTROL = 'protected_by_mitigating_control' REQUIRES_CONFIGURATION = 'requires_configuration' REQUIRES_DEPENDENCY = 'requires_dependency' REQUIRES_ENVIRONMENT = 'requires_environment' @serializable.serializable_enum class ImpactAnalysisResponse(str, Enum): """ Enum object that defines the valid rationales as to why the impact analysis state was asserted. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_impactAnalysisResponsesType """ CAN_NOT_FIX = 'can_not_fix' ROLLBACK = 'rollback' UPDATE = 'update' WILL_NOT_FIX = 'will_not_fix' WORKAROUND_AVAILABLE = 'workaround_available' @serializable.serializable_enum class ImpactAnalysisState(str, Enum): """ Enum object that defines the permissible impact analysis states. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_impactAnalysisStateType """ RESOLVED = 'resolved' RESOLVED_WITH_PEDIGREE = 'resolved_with_pedigree' EXPLOITABLE = 'exploitable' IN_TRIAGE = 'in_triage' FALSE_POSITIVE = 'false_positive' NOT_AFFECTED = 'not_affected' cyclonedx-python-lib-9.1.0/cyclonedx/model/issue.py000066400000000000000000000162411476011761300224000ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from enum import Enum from typing import Any, Iterable, Optional import py_serializable as serializable from sortedcontainers import SortedSet from .._internal.compare import ComparableTuple as _ComparableTuple from . import XsUri @serializable.serializable_enum class IssueClassification(str, Enum): """ This is our internal representation of the enum `issueClassification`. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_issueClassification """ DEFECT = 'defect' ENHANCEMENT = 'enhancement' SECURITY = 'security' @serializable.serializable_class class IssueTypeSource: """ This is our internal representation ofa source within the IssueType complex type that can be used in multiple places within a CycloneDX BOM document. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_issueType """ def __init__( self, *, name: Optional[str] = None, url: Optional[XsUri] = None, ) -> None: self.name = name self.url = url @property @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def name(self) -> Optional[str]: """ The name of the source. For example "National Vulnerability Database", "NVD", and "Apache". Returns: `str` if set else `None` """ return self._name @name.setter def name(self, name: Optional[str]) -> None: self._name = name @property def url(self) -> Optional[XsUri]: """ Optional url of the issue documentation as provided by the source. Returns: `XsUri` if set else `None` """ return self._url @url.setter def url(self, url: Optional[XsUri]) -> None: self._url = url def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.name, self.url )) def __eq__(self, other: object) -> bool: if isinstance(other, IssueTypeSource): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, IssueTypeSource): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class IssueType: """ This is our internal representation of an IssueType complex type that can be used in multiple places within a CycloneDX BOM document. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_issueType """ def __init__( self, *, type: IssueClassification, id: Optional[str] = None, name: Optional[str] = None, description: Optional[str] = None, source: Optional[IssueTypeSource] = None, references: Optional[Iterable[XsUri]] = None, ) -> None: self.type = type self.id = id self.name = name self.description = description self.source = source self.references = references or [] # type:ignore[assignment] @property @serializable.xml_attribute() def type(self) -> IssueClassification: """ Specifies the type of issue. Returns: `IssueClassification` """ return self._type @type.setter def type(self, type: IssueClassification) -> None: self._type = type @property @serializable.xml_sequence(1) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def id(self) -> Optional[str]: """ The identifier of the issue assigned by the source of the issue. Returns: `str` if set else `None` """ return self._id @id.setter def id(self, id: Optional[str]) -> None: self._id = id @property @serializable.xml_sequence(2) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def name(self) -> Optional[str]: """ The name of the issue. Returns: `str` if set else `None` """ return self._name @name.setter def name(self, name: Optional[str]) -> None: self._name = name @property @serializable.xml_sequence(3) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def description(self) -> Optional[str]: """ A description of the issue. Returns: `str` if set else `None` """ return self._description @description.setter def description(self, description: Optional[str]) -> None: self._description = description @property @serializable.xml_sequence(4) def source(self) -> Optional[IssueTypeSource]: """ The source of this issue. Returns: `IssueTypeSource` if set else `None` """ return self._source @source.setter def source(self, source: Optional[IssueTypeSource]) -> None: self._source = source @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'url') @serializable.xml_sequence(5) def references(self) -> 'SortedSet[XsUri]': """ Any reference URLs related to this issue. Returns: Set of `XsUri` """ return self._references @references.setter def references(self, references: Iterable[XsUri]) -> None: self._references = SortedSet(references) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.type, self.id, self.name, self.description, self.source, _ComparableTuple(self.references) )) def __eq__(self, other: object) -> bool: if isinstance(other, IssueType): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, IssueType): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' cyclonedx-python-lib-9.1.0/cyclonedx/model/license.py000066400000000000000000000417111476011761300226720ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ License related things """ from enum import Enum from json import loads as json_loads from typing import TYPE_CHECKING, Any, Dict, List, Optional, Type, Union from warnings import warn from xml.etree.ElementTree import Element # nosec B405 import py_serializable as serializable from sortedcontainers import SortedSet from .._internal.compare import ComparableTuple as _ComparableTuple from ..exception.model import MutuallyExclusivePropertiesException from ..exception.serialization import CycloneDxDeserializationException from ..schema.schema import SchemaVersion1Dot6 from . import AttachedText, XsUri @serializable.serializable_enum class LicenseAcknowledgement(str, Enum): """ This is our internal representation of the `type_licenseAcknowledgementEnumerationType` ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_licenseAcknowledgementEnumerationType """ CONCLUDED = 'concluded' DECLARED = 'declared' # In an error, the name of the enum was `LicenseExpressionAcknowledgement`. # Even though this was changed, there might be some downstream usage of this symbol, so we keep it around ... LicenseExpressionAcknowledgement = LicenseAcknowledgement """Deprecated alias for :class:`LicenseAcknowledgement`""" @serializable.serializable_class(name='license') class DisjunctiveLicense: """ This is our internal representation of `licenseType` complex type that can be used in multiple places within a CycloneDX BOM document. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/json/#components_items_licenses """ def __init__( self, *, id: Optional[str] = None, name: Optional[str] = None, text: Optional[AttachedText] = None, url: Optional[XsUri] = None, acknowledgement: Optional[LicenseAcknowledgement] = None, ) -> None: if not id and not name: raise MutuallyExclusivePropertiesException('Either `id` or `name` MUST be supplied') if id and name: warn( 'Both `id` and `name` have been supplied - `name` will be ignored!', category=RuntimeWarning, stacklevel=1 ) self._id = id self._name = name if not id else None self._text = text self._url = url self._acknowledgement = acknowledgement @property @serializable.xml_sequence(1) def id(self) -> Optional[str]: """ A SPDX license ID. .. note:: See the list of expected values: https://cyclonedx.org/docs/1.6/json/#components_items_licenses_items_license_id Returns: `str` or `None` """ return self._id @id.setter def id(self, id: Optional[str]) -> None: self._id = id if id is not None: self._name = None @property @serializable.xml_sequence(1) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def name(self) -> Optional[str]: """ If SPDX does not define the license used, this field may be used to provide the license name. Returns: `str` or `None` """ return self._name @name.setter def name(self, name: Optional[str]) -> None: self._name = name if name is not None: self._id = None @property @serializable.xml_sequence(2) def text(self) -> Optional[AttachedText]: """ Specifies the optional full text of the attachment Returns: `AttachedText` else `None` """ return self._text @text.setter def text(self, text: Optional[AttachedText]) -> None: self._text = text @property @serializable.xml_sequence(3) def url(self) -> Optional[XsUri]: """ The URL to the attachment file. If the attachment is a license or BOM, an externalReference should also be specified for completeness. Returns: `XsUri` or `None` """ return self._url @url.setter def url(self, url: Optional[XsUri]) -> None: self._url = url # @property # ... # @serializable.view(SchemaVersion1Dot5) # @serializable.view(SchemaVersion1Dot6) # @serializable.xml_sequence(5) # def licensing(self) -> ...: # ... # TODO since CDX1.5 # # @licensing.setter # def licensing(self, ...) -> None: # ... # TODO since CDX1.5 # @property # ... # @serializable.view(SchemaVersion1Dot5) # @serializable.view(SchemaVersion1Dot6) # @serializable.xml_sequence(6) # def properties(self) -> ...: # ... # TODO since CDX1.5 # # @licensing.setter # def properties(self, ...) -> None: # ... # TODO since CDX1.5 # @property # @serializable.json_name('bom-ref') # @serializable.type_mapping(BomRefHelper) # @serializable.view(SchemaVersion1Dot5) # @serializable.view(SchemaVersion1Dot6) # @serializable.xml_attribute() # @serializable.xml_name('bom-ref') # def bom_ref(self) -> BomRef: # ... # TODO since CDX1.5 @property @serializable.view(SchemaVersion1Dot6) @serializable.xml_attribute() def acknowledgement(self) -> Optional[LicenseAcknowledgement]: """ Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in evidence.licenses. Observed licenses form the evidence necessary to substantiate a concluded license. Returns: `LicenseAcknowledgement` or `None` """ return self._acknowledgement @acknowledgement.setter def acknowledgement(self, acknowledgement: Optional[LicenseAcknowledgement]) -> None: self._acknowledgement = acknowledgement def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self._acknowledgement, self._id, self._name, self._url, self._text, )) def __eq__(self, other: object) -> bool: if isinstance(other, DisjunctiveLicense): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, DisjunctiveLicense): return self.__comparable_tuple() < other.__comparable_tuple() if isinstance(other, LicenseExpression): return False # self after any LicenseExpression return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class(name='expression') class LicenseExpression: """ This is our internal representation of `licenseType`'s expression type that can be used in multiple places within a CycloneDX BOM document. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/json/#components_items_licenses_items_expression """ def __init__( self, value: str, *, acknowledgement: Optional[LicenseAcknowledgement] = None, ) -> None: self._value = value self._acknowledgement = acknowledgement @property @serializable.xml_name('.') @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) @serializable.json_name('expression') def value(self) -> str: """ Value of this LicenseExpression. Returns: `str` """ return self._value @value.setter def value(self, value: str) -> None: self._value = value # @property # @serializable.json_name('bom-ref') # @serializable.type_mapping(BomRefHelper) # @serializable.view(SchemaVersion1Dot5) # @serializable.view(SchemaVersion1Dot6) # @serializable.xml_attribute() # @serializable.xml_name('bom-ref') # def bom_ref(self) -> BomRef: # ... # TODO since CDX1.5 @property @serializable.view(SchemaVersion1Dot6) @serializable.xml_attribute() def acknowledgement(self) -> Optional[LicenseAcknowledgement]: """ Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in evidence.licenses. Observed licenses form the evidence necessary to substantiate a concluded license. Returns: `LicenseAcknowledgement` or `None` """ return self._acknowledgement @acknowledgement.setter def acknowledgement(self, acknowledgement: Optional[LicenseAcknowledgement]) -> None: self._acknowledgement = acknowledgement def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self._acknowledgement, self._value, )) def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __eq__(self, other: object) -> bool: if isinstance(other, LicenseExpression): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, LicenseExpression): return self.__comparable_tuple() < other.__comparable_tuple() if isinstance(other, DisjunctiveLicense): return True # self before any DisjunctiveLicense return NotImplemented def __repr__(self) -> str: return f'' License = Union[LicenseExpression, DisjunctiveLicense] """TypeAlias for a union of supported license models. - :class:`LicenseExpression` - :class:`DisjunctiveLicense` """ if TYPE_CHECKING: # pragma: no cover # workaround for https://github.com/python/mypy/issues/5264 # this code path is taken when static code analysis or documentation tools runs through. class LicenseRepository(SortedSet[License]): """Collection of :class:`License`. This is a `set`, not a `list`. Order MUST NOT matter here. If you wanted a certain order, then you should also express whether the items are concat by `AND` or `OR`. If you wanted to do so, you should use :class:`LicenseExpression`. As a model, this MUST accept multiple :class:`LicenseExpression` along with multiple :class:`DisjunctiveLicense`, as this was an accepted in CycloneDX JSON before v1.5. So for modeling purposes, this is supported. Denormalizers/deserializers will be thankful. The normalization/serialization process SHOULD take care of these facts and do what is needed. """ else: class LicenseRepository(SortedSet): """Collection of :class:`License`. This is a `set`, not a `list`. Order MUST NOT matter here. If you wanted a certain order, then you should also express whether the items are concat by `AND` or `OR`. If you wanted to do so, you should use :class:`LicenseExpression`. As a model, this MUST accept multiple :class:`LicenseExpression` along with multiple :class:`DisjunctiveLicense`, as this was an accepted in CycloneDX JSON before v1.5. So for modeling purposes, this is supported. Denormalizers/deserializers will be thankful. The normalization/serialization process SHOULD take care of these facts and do what is needed. """ class _LicenseRepositorySerializationHelper(serializable.helpers.BaseHelper): """ THIS CLASS IS NON-PUBLIC API """ @classmethod def json_normalize(cls, o: LicenseRepository, *, view: Optional[Type[serializable.ViewType]], **__: Any) -> Any: if len(o) == 0: return None expression = next((li for li in o if isinstance(li, LicenseExpression)), None) if expression: # mixed license expression and license? this is an invalid constellation according to schema! # see https://github.com/CycloneDX/specification/pull/205 # but models need to allow it for backwards compatibility with JSON CDX < 1.5 return [json_loads(expression.as_json(view_=view))] # type:ignore[attr-defined] return [ {'license': json_loads( li.as_json( # type:ignore[attr-defined] view_=view) )} for li in o if isinstance(li, DisjunctiveLicense) ] @classmethod def json_denormalize(cls, o: List[Dict[str, Any]], **__: Any) -> LicenseRepository: repo = LicenseRepository() for li in o: if 'license' in li: repo.add(DisjunctiveLicense.from_json( # type:ignore[attr-defined] li['license'])) elif 'expression' in li: repo.add(LicenseExpression.from_json( # type:ignore[attr-defined] li )) else: raise CycloneDxDeserializationException(f'unexpected: {li!r}') return repo @classmethod def xml_normalize(cls, o: LicenseRepository, *, element_name: str, view: Optional[Type[serializable.ViewType]], xmlns: Optional[str], **__: Any) -> Optional[Element]: if len(o) == 0: return None elem = Element(element_name) expression = next((li for li in o if isinstance(li, LicenseExpression)), None) if expression: # mixed license expression and license? this is an invalid constellation according to schema! # see https://github.com/CycloneDX/specification/pull/205 # but models need to allow it for backwards compatibility with JSON CDX < 1.5 elem.append(expression.as_xml( # type:ignore[attr-defined] view_=view, as_string=False, element_name='expression', xmlns=xmlns)) else: elem.extend( li.as_xml( # type:ignore[attr-defined] view_=view, as_string=False, element_name='license', xmlns=xmlns) for li in o if isinstance(li, DisjunctiveLicense) ) return elem @classmethod def xml_denormalize(cls, o: Element, default_ns: Optional[str], **__: Any) -> LicenseRepository: repo = LicenseRepository() for li in o: tag = li.tag if default_ns is None else li.tag.replace(f'{{{default_ns}}}', '') if tag == 'license': repo.add(DisjunctiveLicense.from_xml( # type:ignore[attr-defined] li, default_ns)) elif tag == 'expression': repo.add(LicenseExpression.from_xml( # type:ignore[attr-defined] li, default_ns)) else: raise CycloneDxDeserializationException(f'unexpected: {li!r}') return repo cyclonedx-python-lib-9.1.0/cyclonedx/model/lifecycle.py000066400000000000000000000201531476011761300232040ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ This set of classes represents the lifecycles types in the CycloneDX standard. .. note:: Introduced in CycloneDX v1.5 .. note:: See the CycloneDX Schema for lifecycles: https://cyclonedx.org/docs/1.6/#metadata_lifecycles """ from enum import Enum from json import loads as json_loads from typing import TYPE_CHECKING, Any, Dict, List, Optional, Type, Union from xml.etree.ElementTree import Element # nosec B405 import py_serializable as serializable from py_serializable.helpers import BaseHelper from sortedcontainers import SortedSet from .._internal.compare import ComparableTuple as _ComparableTuple from ..exception.serialization import CycloneDxDeserializationException if TYPE_CHECKING: # pragma: no cover from py_serializable import ViewType @serializable.serializable_enum class LifecyclePhase(str, Enum): """ Enum object that defines the permissible 'phase' for a Lifecycle according to the CycloneDX schema. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_classification """ DESIGN = 'design' PRE_BUILD = 'pre-build' BUILD = 'build' POST_BUILD = 'post-build' OPERATIONS = 'operations' DISCOVERY = 'discovery' DECOMMISSION = 'decommission' @serializable.serializable_class class PredefinedLifecycle: """ Object that defines pre-defined phases in the product lifecycle. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#metadata_lifecycles """ def __init__(self, phase: LifecyclePhase) -> None: self._phase = phase @property def phase(self) -> LifecyclePhase: return self._phase @phase.setter def phase(self, phase: LifecyclePhase) -> None: self._phase = phase def __hash__(self) -> int: return hash(self._phase) def __eq__(self, other: object) -> bool: if isinstance(other, PredefinedLifecycle): return self._phase == other._phase return False def __lt__(self, other: Any) -> bool: if isinstance(other, PredefinedLifecycle): return self._phase < other._phase if isinstance(other, NamedLifecycle): return True # put PredefinedLifecycle before any NamedLifecycle return NotImplemented def __repr__(self) -> str: return f'' @serializable.serializable_class class NamedLifecycle: """ Object that defines custom state in the product lifecycle. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#metadata_lifecycles """ def __init__(self, name: str, *, description: Optional[str] = None) -> None: self._name = name self._description = description @property @serializable.xml_sequence(1) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def name(self) -> str: """ Name of the lifecycle phase. Returns: `str` """ return self._name @name.setter def name(self, name: str) -> None: self._name = name @property @serializable.xml_sequence(2) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def description(self) -> Optional[str]: """ Description of the lifecycle phase. Returns: `str` """ return self._description @description.setter def description(self, description: Optional[str]) -> None: self._description = description def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self._name, self._description )) def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __eq__(self, other: object) -> bool: if isinstance(other, NamedLifecycle): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, NamedLifecycle): return self.__comparable_tuple() < other.__comparable_tuple() if isinstance(other, PredefinedLifecycle): return False # put NamedLifecycle after any PredefinedLifecycle return NotImplemented def __repr__(self) -> str: return f'' Lifecycle = Union[PredefinedLifecycle, NamedLifecycle] """TypeAlias for a union of supported lifecycle models. - :class:`PredefinedLifecycle` - :class:`NamedLifecycle` """ if TYPE_CHECKING: # pragma: no cover # workaround for https://github.com/python/mypy/issues/5264 # this code path is taken when static code analysis or documentation tools runs through. class LifecycleRepository(SortedSet[Lifecycle]): """Collection of :class:`Lifecycle`. This is a `set`, not a `list`. Order MUST NOT matter here. """ else: class LifecycleRepository(SortedSet): """Collection of :class:`Lifecycle`. This is a `set`, not a `list`. Order MUST NOT matter here. """ class _LifecycleRepositoryHelper(BaseHelper): @classmethod def json_normalize(cls, o: LifecycleRepository, *, view: Optional[Type['ViewType']], **__: Any) -> Any: if len(o) == 0: return None return [json_loads(li.as_json( # type:ignore[union-attr] view_=view)) for li in o] @classmethod def json_denormalize(cls, o: List[Dict[str, Any]], **__: Any) -> LifecycleRepository: repo = LifecycleRepository() for li in o: if 'phase' in li: repo.add(PredefinedLifecycle.from_json( # type:ignore[attr-defined] li)) elif 'name' in li: repo.add(NamedLifecycle.from_json( # type:ignore[attr-defined] li)) else: raise CycloneDxDeserializationException(f'unexpected: {li!r}') return repo @classmethod def xml_normalize(cls, o: LifecycleRepository, *, element_name: str, view: Optional[Type['ViewType']], xmlns: Optional[str], **__: Any) -> Optional[Element]: if len(o) == 0: return None elem = Element(element_name) for li in o: elem.append(li.as_xml( # type:ignore[union-attr] view_=view, as_string=False, element_name='lifecycle', xmlns=xmlns)) return elem @classmethod def xml_denormalize(cls, o: Element, default_ns: Optional[str], **__: Any) -> LifecycleRepository: repo = LifecycleRepository() ns_map = {'bom': default_ns or ''} # Do not iterate over `o` and do not check for expected `.tag` of items. # This check could have been done by schema validators before even deserializing. for li in o.iterfind('bom:lifecycle', ns_map): if li.find('bom:phase', ns_map) is not None: repo.add(PredefinedLifecycle.from_xml( # type:ignore[attr-defined] li, default_ns)) elif li.find('bom:name', ns_map) is not None: repo.add(NamedLifecycle.from_xml( # type:ignore[attr-defined] li, default_ns)) else: raise CycloneDxDeserializationException(f'unexpected content: {li!r}') return repo cyclonedx-python-lib-9.1.0/cyclonedx/model/release_note.py000066400000000000000000000220441476011761300237130ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from datetime import datetime from typing import Iterable, Optional import py_serializable as serializable from sortedcontainers import SortedSet from .._internal.compare import ComparableTuple as _ComparableTuple from ..model import Note, Property, XsUri from ..model.issue import IssueType @serializable.serializable_class class ReleaseNotes: """ This is our internal representation of a `releaseNotesType` for a Component in a BOM. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_releaseNotesType """ def __init__( self, *, type: str, title: Optional[str] = None, featured_image: Optional[XsUri] = None, social_image: Optional[XsUri] = None, description: Optional[str] = None, timestamp: Optional[datetime] = None, aliases: Optional[Iterable[str]] = None, tags: Optional[Iterable[str]] = None, resolves: Optional[Iterable[IssueType]] = None, notes: Optional[Iterable[Note]] = None, properties: Optional[Iterable[Property]] = None, ) -> None: self.type = type self.title = title self.featured_image = featured_image self.social_image = social_image self.description = description self.timestamp = timestamp self.aliases = aliases or [] # type:ignore[assignment] self.tags = tags or [] # type:ignore[assignment] self.resolves = resolves or [] # type:ignore[assignment] self.notes = notes or [] # type:ignore[assignment] self.properties = properties or [] # type:ignore[assignment] @property @serializable.xml_sequence(1) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def type(self) -> str: """ The software versioning type. It is **RECOMMENDED** that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged. * **major** = A major release may contain significant changes or may introduce breaking changes. * **minor** = A minor release, also known as an update, may contain a smaller number of changes than major releases. * **patch** = Patch releases are typically unplanned and may resolve defects or important security issues. * **pre-release** = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability. * **internal** = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it. """ return self._type @type.setter def type(self, type: str) -> None: self._type = type @property @serializable.xml_sequence(2) def title(self) -> Optional[str]: """ The title of the release. """ return self._title @title.setter def title(self, title: Optional[str]) -> None: self._title = title @property @serializable.xml_sequence(3) def featured_image(self) -> Optional[XsUri]: """ The URL to an image that may be prominently displayed with the release note. """ return self._featured_image @featured_image.setter def featured_image(self, featured_image: Optional[XsUri]) -> None: self._featured_image = featured_image @property @serializable.xml_sequence(4) def social_image(self) -> Optional[XsUri]: """ The URL to an image that may be used in messaging on social media platforms. """ return self._social_image @social_image.setter def social_image(self, social_image: Optional[XsUri]) -> None: self._social_image = social_image @property @serializable.xml_sequence(5) def description(self) -> Optional[str]: """ A short description of the release. """ return self._description @description.setter def description(self, description: Optional[str]) -> None: self._description = description @property @serializable.type_mapping(serializable.helpers.XsdDateTime) @serializable.xml_sequence(6) def timestamp(self) -> Optional[datetime]: """ The date and time (timestamp) when the release note was created. """ return self._timestamp @timestamp.setter def timestamp(self, timestamp: Optional[datetime]) -> None: self._timestamp = timestamp @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'alias') @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) @serializable.xml_sequence(7) def aliases(self) -> 'SortedSet[str]': """ One or more alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names). Returns: Set of `str` """ return self._aliases @aliases.setter def aliases(self, aliases: Iterable[str]) -> None: self._aliases = SortedSet(aliases) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'tag') @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) @serializable.xml_sequence(8) def tags(self) -> 'SortedSet[str]': """ One or more tags that may aid in search or retrieval of the release note. Returns: Set of `str` """ return self._tags @tags.setter def tags(self, tags: Iterable[str]) -> None: self._tags = SortedSet(tags) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'issue') @serializable.xml_sequence(9) def resolves(self) -> 'SortedSet[IssueType]': """ A collection of issues that have been resolved. Returns: Set of `IssueType` """ return self._resolves @resolves.setter def resolves(self, resolves: Iterable[IssueType]) -> None: self._resolves = SortedSet(resolves) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'note') @serializable.xml_sequence(10) def notes(self) -> 'SortedSet[Note]': """ Zero or more release notes containing the locale and content. Multiple note elements may be specified to support release notes in a wide variety of languages. Returns: Set of `Note` """ return self._notes @notes.setter def notes(self, notes: Iterable[Note]) -> None: self._notes = SortedSet(notes) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'property') @serializable.xml_sequence(11) def properties(self) -> 'SortedSet[Property]': """ Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Returns: Set of `Property` """ return self._properties @properties.setter def properties(self, properties: Iterable[Property]) -> None: self._properties = SortedSet(properties) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.type, self.title, self.featured_image, self.social_image, self.description, self.timestamp, _ComparableTuple(self.aliases), _ComparableTuple(self.tags), _ComparableTuple(self.resolves), _ComparableTuple(self.notes), _ComparableTuple(self.properties) )) def __eq__(self, other: object) -> bool: if isinstance(other, ReleaseNotes): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' cyclonedx-python-lib-9.1.0/cyclonedx/model/service.py000066400000000000000000000315661476011761300227170ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ This set of classes represents the data that is possible about known Services. .. note:: See the CycloneDX Schema extension definition https://cyclonedx.org/docs/1.6/xml/#type_servicesType """ from typing import Any, Iterable, Optional, Union import py_serializable as serializable from sortedcontainers import SortedSet from .._internal.bom_ref import bom_ref_from_str as _bom_ref_from_str from .._internal.compare import ComparableTuple as _ComparableTuple from ..schema.schema import SchemaVersion1Dot3, SchemaVersion1Dot4, SchemaVersion1Dot5, SchemaVersion1Dot6 from . import DataClassification, ExternalReference, Property, XsUri from .bom_ref import BomRef from .contact import OrganizationalEntity from .dependency import Dependable from .license import License, LicenseRepository, _LicenseRepositorySerializationHelper from .release_note import ReleaseNotes @serializable.serializable_class class Service(Dependable): """ Class that models the `service` complex type in the CycloneDX schema. .. note:: See the CycloneDX schema: https://cyclonedx.org/docs/1.6/xml/#type_service """ def __init__( self, *, name: str, bom_ref: Optional[Union[str, BomRef]] = None, provider: Optional[OrganizationalEntity] = None, group: Optional[str] = None, version: Optional[str] = None, description: Optional[str] = None, endpoints: Optional[Iterable[XsUri]] = None, authenticated: Optional[bool] = None, x_trust_boundary: Optional[bool] = None, data: Optional[Iterable[DataClassification]] = None, licenses: Optional[Iterable[License]] = None, external_references: Optional[Iterable[ExternalReference]] = None, properties: Optional[Iterable[Property]] = None, services: Optional[Iterable['Service']] = None, release_notes: Optional[ReleaseNotes] = None, ) -> None: self._bom_ref = _bom_ref_from_str(bom_ref) self.provider = provider self.group = group self.name = name self.version = version self.description = description self.endpoints = endpoints or [] # type:ignore[assignment] self.authenticated = authenticated self.x_trust_boundary = x_trust_boundary self.data = data or [] # type:ignore[assignment] self.licenses = licenses or [] # type:ignore[assignment] self.external_references = external_references or [] # type:ignore[assignment] self.services = services or [] # type:ignore[assignment] self.release_notes = release_notes self.properties = properties or [] # type:ignore[assignment] @property @serializable.json_name('bom-ref') @serializable.type_mapping(BomRef) @serializable.xml_attribute() @serializable.xml_name('bom-ref') def bom_ref(self) -> BomRef: """ An optional identifier which can be used to reference the service elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. Returns: `BomRef` unique identifier for this Service """ return self._bom_ref @property @serializable.xml_sequence(1) def provider(self) -> Optional[OrganizationalEntity]: """ Get the organization that provides the service. Returns: `OrganizationalEntity` if set else `None` """ return self._provider @provider.setter def provider(self, provider: Optional[OrganizationalEntity]) -> None: self._provider = provider @property @serializable.xml_sequence(2) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def group(self) -> Optional[str]: """ The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided. Returns: `str` if provided else `None` """ return self._group @group.setter def group(self, group: Optional[str]) -> None: self._group = group @property @serializable.xml_sequence(3) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def name(self) -> str: """ The name of the service. This will often be a shortened, single name of the service. Returns: `str` """ return self._name @name.setter def name(self, name: str) -> None: self._name = name @property @serializable.xml_sequence(4) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def version(self) -> Optional[str]: """ The service version. Returns: `str` if set else `None` """ return self._version @version.setter def version(self, version: Optional[str]) -> None: self._version = version @property @serializable.xml_sequence(5) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def description(self) -> Optional[str]: """ Specifies a description for the service. Returns: `str` if set else `None` """ return self._description @description.setter def description(self, description: Optional[str]) -> None: self._description = description @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'endpoint') @serializable.xml_sequence(6) def endpoints(self) -> 'SortedSet[XsUri]': """ A list of endpoints URI's this service provides. Returns: Set of `XsUri` """ return self._endpoints @endpoints.setter def endpoints(self, endpoints: Iterable[XsUri]) -> None: self._endpoints = SortedSet(endpoints) @property @serializable.xml_sequence(7) def authenticated(self) -> Optional[bool]: """ A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication. Returns: `bool` if set else `None` """ return self._authenticated @authenticated.setter def authenticated(self, authenticated: Optional[bool]) -> None: self._authenticated = authenticated @property @serializable.json_name('x-trust-boundary') @serializable.xml_name('x-trust-boundary') @serializable.xml_sequence(8) def x_trust_boundary(self) -> Optional[bool]: """ A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed. Returns: `bool` if set else `None` """ return self._x_trust_boundary @x_trust_boundary.setter def x_trust_boundary(self, x_trust_boundary: Optional[bool]) -> None: self._x_trust_boundary = x_trust_boundary # @property # ... # @serializable.view(SchemaVersion1Dot5) # @serializable.xml_sequence(9) # def trust_zone(self) -> ...: # ... # since CDX1.5 # # @trust_zone.setter # def trust_zone(self, ...) -> None: # ... # since CDX1.5 @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'classification') @serializable.xml_sequence(10) def data(self) -> 'SortedSet[DataClassification]': """ Specifies the data classification. Returns: Set of `DataClassification` """ # TODO since CDX1.5 also supports `dataflow`, not only `DataClassification` return self._data @data.setter def data(self, data: Iterable[DataClassification]) -> None: self._data = SortedSet(data) @property @serializable.type_mapping(_LicenseRepositorySerializationHelper) @serializable.xml_sequence(11) def licenses(self) -> LicenseRepository: """ A optional list of statements about how this Service is licensed. Returns: Set of `LicenseChoice` """ # TODO since CDX1.5 also supports `dataflow`, not only `DataClassification` return self._licenses @licenses.setter def licenses(self, licenses: Iterable[License]) -> None: self._licenses = LicenseRepository(licenses) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'reference') @serializable.xml_sequence(12) def external_references(self) -> 'SortedSet[ExternalReference]': """ Provides the ability to document external references related to the Service. Returns: Set of `ExternalReference` """ return self._external_references @external_references.setter def external_references(self, external_references: Iterable[ExternalReference]) -> None: self._external_references = SortedSet(external_references) @property @serializable.view(SchemaVersion1Dot3) @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'property') @serializable.xml_sequence(13) def properties(self) -> 'SortedSet[Property]': """ Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Return: Set of `Property` """ return self._properties @properties.setter def properties(self, properties: Iterable[Property]) -> None: self._properties = SortedSet(properties) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'service') @serializable.xml_sequence(14) def services(self) -> "SortedSet['Service']": """ A list of services included or deployed behind the parent service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies. Returns: Set of `Service` """ return self._services @services.setter def services(self, services: Iterable['Service']) -> None: self._services = SortedSet(services) @property @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(15) def release_notes(self) -> Optional[ReleaseNotes]: """ Specifies optional release notes. Returns: `ReleaseNotes` or `None` """ return self._release_notes @release_notes.setter def release_notes(self, release_notes: Optional[ReleaseNotes]) -> None: self._release_notes = release_notes def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.group, self.name, self.version, self.bom_ref.value, self.provider, self.description, self.authenticated, _ComparableTuple(self.data), _ComparableTuple(self.endpoints), _ComparableTuple(self.external_references), _ComparableTuple(self.licenses), _ComparableTuple(self.properties), self.release_notes, _ComparableTuple(self.services), self.x_trust_boundary )) def __eq__(self, other: object) -> bool: if isinstance(other, Service): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, Service): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' cyclonedx-python-lib-9.1.0/cyclonedx/model/tool.py000066400000000000000000000320241476011761300222220ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from itertools import chain from typing import TYPE_CHECKING, Any, Dict, Iterable, List, Optional, Type, Union from warnings import warn from xml.etree.ElementTree import Element # nosec B405 import py_serializable as serializable from py_serializable.helpers import BaseHelper from sortedcontainers import SortedSet from .._internal.compare import ComparableTuple as _ComparableTuple from ..schema import SchemaVersion from ..schema.schema import SchemaVersion1Dot4, SchemaVersion1Dot5, SchemaVersion1Dot6 from . import ExternalReference, HashType, _HashTypeRepositorySerializationHelper from .component import Component from .service import Service if TYPE_CHECKING: # pragma: no cover from py_serializable import ObjectMetadataLibrary, ViewType @serializable.serializable_class class Tool: """ This is our internal representation of the `toolType` complex type within the CycloneDX standard. Tool(s) are the things used in the creation of the CycloneDX document. Tool might be deprecated since CycloneDX 1.5, but it is not deprecated in this library. In fact, this library will try to provide a compatibility layer if needed. .. note:: See the CycloneDX Schema for toolType: https://cyclonedx.org/docs/1.6/#type_toolType """ def __init__( self, *, vendor: Optional[str] = None, name: Optional[str] = None, version: Optional[str] = None, hashes: Optional[Iterable[HashType]] = None, external_references: Optional[Iterable[ExternalReference]] = None, ) -> None: self.vendor = vendor self.name = name self.version = version self.hashes = hashes or () # type:ignore[assignment] self.external_references = external_references or () # type:ignore[assignment] @property @serializable.xml_sequence(1) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def vendor(self) -> Optional[str]: """ The name of the vendor who created the tool. Returns: `str` if set else `None` """ return self._vendor @vendor.setter def vendor(self, vendor: Optional[str]) -> None: self._vendor = vendor @property @serializable.xml_sequence(2) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def name(self) -> Optional[str]: """ The name of the tool. Returns: `str` if set else `None` """ return self._name @name.setter def name(self, name: Optional[str]) -> None: self._name = name @property @serializable.xml_sequence(3) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def version(self) -> Optional[str]: """ The version of the tool. Returns: `str` if set else `None` """ return self._version @version.setter def version(self, version: Optional[str]) -> None: self._version = version @property @serializable.type_mapping(_HashTypeRepositorySerializationHelper) @serializable.xml_sequence(4) def hashes(self) -> 'SortedSet[HashType]': """ The hashes of the tool (if applicable). Returns: Set of `HashType` """ return self._hashes @hashes.setter def hashes(self, hashes: Iterable[HashType]) -> None: self._hashes = SortedSet(hashes) @property @serializable.view(SchemaVersion1Dot4) @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'reference') @serializable.xml_sequence(5) def external_references(self) -> 'SortedSet[ExternalReference]': """ External References provides a way to document systems, sites, and information that may be relevant but which are not included with the BOM. Returns: Set of `ExternalReference` """ return self._external_references @external_references.setter def external_references(self, external_references: Iterable[ExternalReference]) -> None: self._external_references = SortedSet(external_references) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.vendor, self.name, self.version, _ComparableTuple(self.hashes), _ComparableTuple(self.external_references) )) def __eq__(self, other: object) -> bool: if isinstance(other, Tool): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, Tool): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @classmethod def from_component(cls: Type['Tool'], component: 'Component') -> 'Tool': return cls( vendor=component.group, name=component.name, version=component.version, hashes=component.hashes, external_references=component.external_references, ) @classmethod def from_service(cls: Type['Tool'], service: 'Service') -> 'Tool': return cls( vendor=service.group, name=service.name, version=service.version, external_references=service.external_references, ) class ToolRepository: """ The repository of tool formats """ def __init__( self, *, components: Optional[Iterable[Component]] = None, services: Optional[Iterable[Service]] = None, # Deprecated since v1.5 tools: Optional[Iterable[Tool]] = None ) -> None: if tools: warn('`@.tools` is deprecated from CycloneDX v1.5 onwards. ' 'Please use `@.components` and `@.services` instead.', DeprecationWarning) self.components = components or () # type:ignore[assignment] self.services = services or () # type:ignore[assignment] self.tools = tools or () # type:ignore[assignment] @property def components(self) -> 'SortedSet[Component]': """ Returns: A SortedSet of Components """ return self._components @components.setter def components(self, components: Iterable[Component]) -> None: self._components = SortedSet(components) @property def services(self) -> 'SortedSet[Service]': """ Returns: A SortedSet of Services """ return self._services @services.setter def services(self, services: Iterable[Service]) -> None: self._services = SortedSet(services) @property def tools(self) -> 'SortedSet[Tool]': return self._tools @tools.setter def tools(self, tools: Iterable[Tool]) -> None: self._tools = SortedSet(tools) def __len__(self) -> int: return len(self._tools) \ + len(self._components) \ + len(self._services) def __bool__(self) -> bool: return len(self._tools) > 0 \ or len(self._components) > 0 \ or len(self._services) > 0 def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( _ComparableTuple(self._tools), _ComparableTuple(self._components), _ComparableTuple(self._services) )) def __eq__(self, other: object) -> bool: if isinstance(other, ToolRepository): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) class _ToolRepositoryHelper(BaseHelper): @staticmethod def __all_as_tools(o: ToolRepository) -> 'SortedSet[Tool]': # use a set here, so the collection gets deduplicated. # use SortedSet set here, so the order stays reproducible. return SortedSet(chain( o.tools, map(Tool.from_component, o.components), map(Tool.from_service, o.services), )) @staticmethod def __supports_components_and_services(view: Any) -> bool: try: return view is not None and view().schema_version_enum >= SchemaVersion.V1_5 except Exception: # pragma: no cover return False @classmethod def json_normalize(cls, o: ToolRepository, *, view: Optional[Type['ViewType']], **__: Any) -> Any: if len(o.tools) > 0 or not cls.__supports_components_and_services(view): ts = cls.__all_as_tools(o) return tuple(ts) if ts else None elem: Dict[str, Any] = {} if o.components: elem['components'] = tuple(o.components) if o.services: elem['services'] = tuple(o.services) return elem or None @classmethod def json_denormalize(cls, o: Union[List[Dict[str, Any]], Dict[str, Any]], **__: Any) -> ToolRepository: tools = None components = None services = None if isinstance(o, Dict): components = map(lambda c: Component.from_json( # type:ignore[attr-defined] c), o.get('components', ())) services = map(lambda s: Service.from_json( # type:ignore[attr-defined] s), o.get('services', ())) elif isinstance(o, Iterable): tools = map(lambda t: Tool.from_json( # type:ignore[attr-defined] t), o) return ToolRepository(components=components, services=services, tools=tools) @classmethod def xml_normalize(cls, o: ToolRepository, *, element_name: str, view: Optional[Type['ViewType']], xmlns: Optional[str], **__: Any) -> Optional[Element]: elem = Element(element_name) if len(o.tools) > 0 or not cls.__supports_components_and_services(view): elem.extend( ti.as_xml( # type:ignore[attr-defined] view_=view, as_string=False, element_name='tool', xmlns=xmlns) for ti in cls.__all_as_tools(o) ) else: if o.components: elem_c = Element(f'{{{xmlns}}}components' if xmlns else 'components') elem_c.extend( ci.as_xml( # type:ignore[attr-defined] view_=view, as_string=False, element_name='component', xmlns=xmlns) for ci in o.components) elem.append(elem_c) if o.services: elem_s = Element(f'{{{xmlns}}}services' if xmlns else 'services') elem_s.extend( si.as_xml( # type:ignore[attr-defined] view_=view, as_string=False, element_name='service', xmlns=xmlns) for si in o.services) elem.append(elem_s) return elem \ if len(elem) > 0 \ else None @classmethod def xml_denormalize(cls, o: Element, *, default_ns: Optional[str], prop_info: 'ObjectMetadataLibrary.SerializableProperty', ctx: Type[Any], **kwargs: Any) -> ToolRepository: ns_map = {'bom': default_ns or ''} # Do not iterate over `o` and do not check for expected `.tag` of items. # This check could have been done by schema validators before even deserializing. tools = None components = None services = None ts = o.findall('bom:tool', ns_map) if len(ts) > 0: tools = map(lambda t: Tool.from_xml( # type:ignore[attr-defined] t, default_ns), ts) else: components = map(lambda c: Component.from_xml( # type:ignore[attr-defined] c, default_ns), o.iterfind('./bom:components/bom:component', ns_map)) services = map(lambda s: Service.from_xml( # type:ignore[attr-defined] s, default_ns), o.iterfind('./bom:services/bom:service', ns_map)) return ToolRepository(components=components, services=services, tools=tools) cyclonedx-python-lib-9.1.0/cyclonedx/model/vulnerability.py000066400000000000000000001316361476011761300241470ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ This set of classes represents the data that is possible about known Vulnerabilities. Prior to CycloneDX schema version 1.4, vulnerabilities were possible in XML versions ONLY of the standard through a schema extension: https://cyclonedx.org/ext/vulnerability. Since CycloneDX schema version 1.4, this has become part of the core schema. .. note:: See the CycloneDX Schema extension definition https://cyclonedx.org/docs/1.6/#type_vulnerabilitiesType """ import re from datetime import datetime from decimal import Decimal from enum import Enum from typing import Any, Dict, FrozenSet, Iterable, Optional, Tuple, Type, Union import py_serializable as serializable from sortedcontainers import SortedSet from .._internal.bom_ref import bom_ref_from_str as _bom_ref_from_str from .._internal.compare import ComparableTuple as _ComparableTuple from ..exception.model import MutuallyExclusivePropertiesException, NoPropertiesProvidedException from ..schema.schema import SchemaVersion1Dot4, SchemaVersion1Dot5, SchemaVersion1Dot6 from . import Property, XsUri from .bom_ref import BomRef from .contact import OrganizationalContact, OrganizationalEntity from .impact_analysis import ( ImpactAnalysisAffectedStatus, ImpactAnalysisJustification, ImpactAnalysisResponse, ImpactAnalysisState, ) from .tool import Tool, ToolRepository, _ToolRepositoryHelper @serializable.serializable_class class BomTargetVersionRange: """ Class that represents either a version or version range and its affected status. `version` and `version_range` are mutually exclusive. .. note:: See the CycloneDX schema: https://cyclonedx.org/docs/1.6/xml/#type_vulnerabilityType """ def __init__( self, *, version: Optional[str] = None, range: Optional[str] = None, status: Optional[ImpactAnalysisAffectedStatus] = None, ) -> None: if not version and not range: raise NoPropertiesProvidedException( 'One of version or range must be provided for BomTargetVersionRange - neither provided.' ) if version and range: raise MutuallyExclusivePropertiesException( 'Either version or range should be provided for BomTargetVersionRange - both provided.' ) self.version = version self.range = range self.status = status @property @serializable.xml_sequence(1) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def version(self) -> Optional[str]: """ A single version of a component or service. """ return self._version @version.setter def version(self, version: Optional[str]) -> None: self._version = version @property @serializable.xml_sequence(2) def range(self) -> Optional[str]: """ A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst .. note:: The VERSION-RANGE-SPEC from Package URL is not a formalised standard at the time of writing and this no validation of conformance with this draft standard is performed. """ return self._range @range.setter def range(self, range: Optional[str]) -> None: self._range = range @property @serializable.xml_sequence(3) def status(self) -> Optional[ImpactAnalysisAffectedStatus]: """ The vulnerability status for the version or range of versions. """ return self._status @status.setter def status(self, status: Optional[ImpactAnalysisAffectedStatus]) -> None: self._status = status def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.version, self.range, self.status )) def __eq__(self, other: object) -> bool: if isinstance(other, BomTargetVersionRange): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, BomTargetVersionRange): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class BomTarget: """ Class that represents referencing a Component or Service in a BOM. Aims to represent the sub-element `target` of the complex type `vulnerabilityType`. You can either create a `cyclonedx.model.bom.Bom` yourself programmatically, or generate a `cyclonedx.model.bom.Bom` from a `cyclonedx.parser.BaseParser` implementation. .. note:: See the CycloneDX schema: https://cyclonedx.org/docs/1.6/#type_vulnerabilityType """ def __init__( self, *, ref: str, versions: Optional[Iterable[BomTargetVersionRange]] = None, ) -> None: self.ref = ref self.versions = versions or [] # type:ignore[assignment] @property @serializable.xml_sequence(1) def ref(self) -> str: """ Reference to a component or service by the objects `bom-ref`. """ return self._ref @ref.setter def ref(self, ref: str) -> None: self._ref = ref @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'version') @serializable.xml_sequence(2) def versions(self) -> 'SortedSet[BomTargetVersionRange]': """ Zero or more individual versions or range of versions. Returns: Set of `BomTargetVersionRange` """ return self._versions @versions.setter def versions(self, versions: Iterable[BomTargetVersionRange]) -> None: self._versions = SortedSet(versions) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.ref, _ComparableTuple(self.versions) )) def __eq__(self, other: object) -> bool: if isinstance(other, BomTarget): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, BomTarget): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class VulnerabilityAnalysis: """ Class that models the `analysis` sub-element of the `vulnerabilityType` complex type. .. note:: See the CycloneDX schema: https://cyclonedx.org/docs/1.6/xml/#type_vulnerabilityType """ def __init__( self, *, state: Optional[ImpactAnalysisState] = None, justification: Optional[ImpactAnalysisJustification] = None, responses: Optional[Iterable[ImpactAnalysisResponse]] = None, detail: Optional[str] = None, first_issued: Optional[datetime] = None, last_updated: Optional[datetime] = None, ) -> None: self.state = state self.justification = justification self.responses = responses or [] # type:ignore[assignment] self.detail = detail self.first_issued = first_issued self.last_updated = last_updated @property @serializable.xml_sequence(1) def state(self) -> Optional[ImpactAnalysisState]: """ The declared current state of an occurrence of a vulnerability, after automated or manual analysis. Returns: `ImpactAnalysisState` if set else `None` """ return self._state @state.setter def state(self, state: Optional[ImpactAnalysisState]) -> None: self._state = state @property @serializable.xml_sequence(2) def justification(self) -> Optional[ImpactAnalysisJustification]: """ The rationale of why the impact analysis state was asserted. Returns: `ImpactAnalysisJustification` if set else `None` """ return self._justification @justification.setter def justification(self, justification: Optional[ImpactAnalysisJustification]) -> None: self._justification = justification @property @serializable.json_name('response') @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'response') @serializable.xml_sequence(3) def responses(self) -> 'SortedSet[ImpactAnalysisResponse]': """ A list of responses to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable. Returns: Set of `ImpactAnalysisResponse` """ return self._responses @responses.setter def responses(self, responses: Iterable[ImpactAnalysisResponse]) -> None: self._responses = SortedSet(responses) @property @serializable.xml_sequence(4) def detail(self) -> Optional[str]: """ A detailed description of the impact including methods used during assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability. Returns: `str` if set else `None` """ return self._detail @detail.setter def detail(self, detail: Optional[str]) -> None: self._detail = detail @property @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.type_mapping(serializable.helpers.XsdDateTime) @serializable.xml_sequence(5) def first_issued(self) -> Optional[datetime]: return self._first_issued @first_issued.setter def first_issued(self, first_issue: Optional[datetime]) -> None: self._first_issued = first_issue @property @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.type_mapping(serializable.helpers.XsdDateTime) @serializable.xml_sequence(6) def last_updated(self) -> Optional[datetime]: return self._last_updated @last_updated.setter def last_updated(self, last_updated: Optional[datetime]) -> None: self._last_updated = last_updated def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.state, self.justification, _ComparableTuple(self.responses), self.detail, self.first_issued, self.last_updated )) def __eq__(self, other: object) -> bool: if isinstance(other, VulnerabilityAnalysis): return self.__comparable_tuple() == other.__comparable_tuple() return False def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class VulnerabilityAdvisory: """ Class that models the `advisoryType` complex type. .. note:: See the CycloneDX schema: https://cyclonedx.org/docs/1.6/#type_advisoryType """ def __init__( self, *, url: XsUri, title: Optional[str] = None, ) -> None: self.title = title self.url = url @property @serializable.xml_sequence(1) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def title(self) -> Optional[str]: """ The title of this advisory. """ return self._title @title.setter def title(self, title: Optional[str]) -> None: self._title = title @property @serializable.xml_sequence(2) def url(self) -> XsUri: """ The url of this advisory. """ return self._url @url.setter def url(self, url: XsUri) -> None: self._url = url def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.title, self.url )) def __eq__(self, other: object) -> bool: if isinstance(other, VulnerabilityAdvisory): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, VulnerabilityAdvisory): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class VulnerabilitySource: """ Class that models the `vulnerabilitySourceType` complex type. This type is used for multiple purposes in the CycloneDX schema. .. note:: See the CycloneDX schema: https://cyclonedx.org/docs/1.6/xml/#type_vulnerabilitySourceType """ def __init__( self, *, name: Optional[str] = None, url: Optional[XsUri] = None, ) -> None: self.name = name self.url = url @property @serializable.xml_sequence(1) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def name(self) -> Optional[str]: """ Name of this Source. """ return self._name @name.setter def name(self, name: Optional[str]) -> None: self._name = name @property @serializable.xml_sequence(2) def url(self) -> Optional[XsUri]: """ The url of this Source. """ return self._url @url.setter def url(self, url: Optional[XsUri]) -> None: self._url = url def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.name, self.url )) def __eq__(self, other: object) -> bool: if isinstance(other, VulnerabilitySource): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, VulnerabilitySource): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class VulnerabilityReference: """ Class that models the nested `reference` within the `vulnerabilityType` complex type. Vulnerabilities may benefit from pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. These references provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence. .. note:: See the CycloneDX schema: https://cyclonedx.org/docs/1.6/xml/#type_vulnerabilityType .. note:: Properties ``id`` and ``source`` are mandatory. History: * In v1.4 JSON scheme, both properties were mandatory https://github.com/CycloneDX/specification/blob/d570ffb8956d796585b9574e57598c42ee9de770/schema/bom-1.4.schema.json#L1455-L1474 * In v1.4 XML schema, both properties were optional https://github.com/CycloneDX/specification/blob/d570ffb8956d796585b9574e57598c42ee9de770/schema/bom-1.4.xsd#L1788-L1797 * In v1.5 XML schema, both were mandatory https://github.com/CycloneDX/specification/blob/d570ffb8956d796585b9574e57598c42ee9de770/schema/bom-1.5.xsd#L3364-L3374 Decision: Since CycloneDXCoreWorkingGroup chose JSON schema as the dominant schema, the one that serves as first spec implementation, and since XML schema was "fixed" to work same as JSON schema, we'd consider it canon/spec that both properties were always mandatory. """ def __init__( self, *, id: str, source: VulnerabilitySource, ) -> None: self.id = id self.source = source @property @serializable.xml_sequence(1) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def id(self) -> str: """ The identifier that uniquely identifies the vulnerability in the associated Source. For example: CVE-2021-39182. """ return self._id @id.setter def id(self, id: str) -> None: self._id = id @property @serializable.xml_sequence(2) def source(self) -> VulnerabilitySource: """ The source that published the vulnerability. """ return self._source @source.setter def source(self, source: VulnerabilitySource) -> None: self._source = source def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.id, self.source )) def __eq__(self, other: object) -> bool: if isinstance(other, VulnerabilityReference): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, VulnerabilityReference): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_enum class VulnerabilityScoreSource(str, Enum): """ Enum object that defines the permissible source types for a Vulnerability's score. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_scoreSourceType .. note:: No explicit carry-over from the former schema extension: https://github.com/CycloneDX/specification/blob/master/schema/ext/vulnerability-1.0.xsd """ # see `_VulnerabilityScoreSourceSerializationHelper.__CASES` for view/case map CVSS_V2 = 'CVSSv2' CVSS_V3 = 'CVSSv3' CVSS_V3_1 = 'CVSSv31' CVSS_V4 = 'CVSSv4' # Only supported in >= 1.5 OWASP = 'OWASP' # Name change in 1.4 SSVC = 'SSVC' # Only supported in >= 1.5 # -- OTHER = 'other' @staticmethod def get_from_vector(vector: str) -> 'VulnerabilityScoreSource': """ Attempt to derive the correct SourceType from an attack vector. For example, often attack vector strings are prefixed with the scheme in question - such that __CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N__ would be the vector __AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N__ under the __CVSS 3__ scheme. Returns: Always returns an instance of `VulnerabilityScoreSource`. `VulnerabilityScoreSource.OTHER` is returned if the scheme is not obvious or known to us. """ if vector.startswith('CVSS:3.'): return VulnerabilityScoreSource.CVSS_V3 elif vector.startswith('CVSS:2.'): return VulnerabilityScoreSource.CVSS_V2 elif vector.startswith('OWASP'): return VulnerabilityScoreSource.OWASP else: return VulnerabilityScoreSource.OTHER def get_localised_vector(self, vector: str) -> str: """ This method will remove any Source Scheme type from the supplied vector, returning just the vector. .. Note:: Currently supports CVSS 3.x, CVSS 2.x and OWASP schemes. Returns: The vector without any scheme prefix as a `str`. """ if self == VulnerabilityScoreSource.CVSS_V3 and vector.startswith('CVSS:3.'): return re.sub('^CVSS:3\\.\\d/?', '', vector) if self == VulnerabilityScoreSource.CVSS_V2 and vector.startswith('CVSS:2.'): return re.sub('^CVSS:2\\.\\d/?', '', vector) if self == VulnerabilityScoreSource.OWASP and vector.startswith('OWASP'): return re.sub('^OWASP/?', '', vector) return vector def get_value_pre_1_4(self) -> str: """ Some of the enum values changed in 1.4 of the CycloneDX spec. This method allows us to backport some of the changes for pre-1.4. Returns: `str` """ if self == VulnerabilityScoreSource.OWASP: return 'OWASP Risk' return self.value # type:ignore[no-any-return] class _VulnerabilityScoreSourceSerializationHelper(serializable.helpers.BaseHelper): """ THIS CLASS IS NON-PUBLIC API """ __CASES: Dict[Type[serializable.ViewType], FrozenSet[VulnerabilityScoreSource]] = dict() __CASES[SchemaVersion1Dot4] = frozenset({ VulnerabilityScoreSource.CVSS_V2, VulnerabilityScoreSource.CVSS_V3, VulnerabilityScoreSource.CVSS_V3_1, VulnerabilityScoreSource.OWASP, VulnerabilityScoreSource.OTHER, }) __CASES[SchemaVersion1Dot5] = __CASES[SchemaVersion1Dot4] | { VulnerabilityScoreSource.CVSS_V4, VulnerabilityScoreSource.SSVC } __CASES[SchemaVersion1Dot6] = __CASES[SchemaVersion1Dot5] @classmethod def __normalize(cls, vss: VulnerabilityScoreSource, view: Type[serializable.ViewType]) -> str: return ( vss if vss in cls.__CASES.get(view, ()) else VulnerabilityScoreSource.OTHER ).value @classmethod def json_normalize(cls, o: Any, *, view: Optional[Type[serializable.ViewType]], **__: Any) -> str: assert view is not None return cls.__normalize(o, view) @classmethod def xml_normalize(cls, o: Any, *, view: Optional[Type[serializable.ViewType]], **__: Any) -> str: assert view is not None return cls.__normalize(o, view) @classmethod def deserialize(cls, o: Any) -> VulnerabilityScoreSource: return VulnerabilityScoreSource(o) @serializable.serializable_enum class VulnerabilitySeverity(str, Enum): """ Class that defines the permissible severities for a Vulnerability. .. note:: See the CycloneDX schema: https://cyclonedx.org/docs/1.6/#type_severityType """ NONE = 'none' INFO = 'info' # Only >= 1.4 LOW = 'low' MEDIUM = 'medium' HIGH = 'high' CRITICAL = 'critical' UNKNOWN = 'unknown' @staticmethod def get_from_cvss_scores(scores: Union[Tuple[float, ...], float, None]) -> 'VulnerabilitySeverity': """ Derives the Severity of a Vulnerability from it's declared CVSS scores. Args: scores: A `tuple` of CVSS scores. CVSS scoring system allows for up to three separate scores. Returns: Always returns an instance of `VulnerabilitySeverity`. """ if type(scores) is float: scores = (scores,) if scores is None: return VulnerabilitySeverity.UNKNOWN max_cvss_score: float if isinstance(scores, tuple): max_cvss_score = max(scores) else: max_cvss_score = float(scores) if max_cvss_score >= 9.0: return VulnerabilitySeverity.CRITICAL elif max_cvss_score >= 7.0: return VulnerabilitySeverity.HIGH elif max_cvss_score >= 4.0: return VulnerabilitySeverity.MEDIUM elif max_cvss_score > 0.0: return VulnerabilitySeverity.LOW else: return VulnerabilitySeverity.NONE @serializable.serializable_class class VulnerabilityRating: """ Class that models the `ratingType` complex element CycloneDX core schema. This class previously modelled the `scoreType` complexe type in the schema extension used prior to schema version 1.4 - see https://github.com/CycloneDX/specification/blob/master/schema/ext/vulnerability-1.0.xsd. .. note:: See `ratingType` in https://cyclonedx.org/docs/1.6/xml/#ratingType .. warning:: As part of implementing support for CycloneDX schema version 1.4, the three score types defined in the schema extension used prior to 1.4 have been deprecated. The deprecated `score_base` should loosely be equivalent to the new `score` in 1.4 schema. Both `score_impact` and `score_exploitability` are deprecated and removed as they are redundant if you have the vector (the vector allows you to calculate the scores). """ def __init__( self, *, source: Optional[VulnerabilitySource] = None, score: Optional[Decimal] = None, severity: Optional[VulnerabilitySeverity] = None, method: Optional[VulnerabilityScoreSource] = None, vector: Optional[str] = None, justification: Optional[str] = None, ) -> None: self.source = source self.score = score self.severity = severity self.method = method self.vector = vector self.justification = justification if vector and method: self.vector = method.get_localised_vector(vector=vector) @property @serializable.xml_sequence(1) def source(self) -> Optional[VulnerabilitySource]: """ The source that published the vulnerability. """ return self._source @source.setter def source(self, source: Optional[VulnerabilitySource]) -> None: self._source = source @property @serializable.string_format('.1f') @serializable.xml_sequence(2) def score(self) -> Optional[Decimal]: """ The numerical score of the rating. """ return self._score @score.setter def score(self, score: Optional[Decimal]) -> None: self._score = score @property @serializable.xml_sequence(3) def severity(self) -> Optional[VulnerabilitySeverity]: """ The textual representation of the severity that corresponds to the numerical score of the rating. """ return self._severity @severity.setter def severity(self, severity: Optional[VulnerabilitySeverity]) -> None: self._severity = severity @property @serializable.type_mapping(_VulnerabilityScoreSourceSerializationHelper) @serializable.xml_sequence(4) def method(self) -> Optional[VulnerabilityScoreSource]: """ The risk scoring methodology/standard used. """ return self._method @method.setter def method(self, score_source: Optional[VulnerabilityScoreSource]) -> None: self._method = score_source @property @serializable.xml_sequence(5) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def vector(self) -> Optional[str]: """ The textual representation of the metric values used to score the vulnerability - also known as the vector. """ return self._vector @vector.setter def vector(self, vector: Optional[str]) -> None: self._vector = vector @property @serializable.xml_sequence(6) def justification(self) -> Optional[str]: """ An optional reason for rating the vulnerability as it was. """ return self._justification @justification.setter def justification(self, justification: Optional[str]) -> None: self._justification = justification def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.severity, self.score or 0, self.source, self.method, self.vector, self.justification )) def __eq__(self, other: object) -> bool: if isinstance(other, VulnerabilityRating): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, VulnerabilityRating): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class VulnerabilityCredits: """ Class that models the `credits` of `vulnerabilityType` complex type in the CycloneDX schema (version >= 1.4). This class also provides data support for schema versions < 1.4 where Vulnerabilites were possible through a schema extension (in XML only). .. note:: See the CycloneDX schema: https://cyclonedx.org/docs/1.6/xml/#type_vulnerabilityType """ def __init__( self, *, organizations: Optional[Iterable[OrganizationalEntity]] = None, individuals: Optional[Iterable[OrganizationalContact]] = None, ) -> None: self.organizations = organizations or [] # type:ignore[assignment] self.individuals = individuals or [] # type:ignore[assignment] @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'organization') @serializable.xml_sequence(1) def organizations(self) -> 'SortedSet[OrganizationalEntity]': """ The organizations credited with vulnerability discovery. Returns: Set of `OrganizationalEntity` """ return self._organizations @organizations.setter def organizations(self, organizations: Iterable[OrganizationalEntity]) -> None: self._organizations = SortedSet(organizations) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'individual') @serializable.xml_sequence(2) def individuals(self) -> 'SortedSet[OrganizationalContact]': """ The individuals, not associated with organizations, that are credited with vulnerability discovery. Returns: Set of `OrganizationalContact` """ return self._individuals @individuals.setter def individuals(self, individuals: Iterable[OrganizationalContact]) -> None: self._individuals = SortedSet(individuals) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( _ComparableTuple(self.organizations), _ComparableTuple(self.individuals) )) def __eq__(self, other: object) -> bool: if isinstance(other, VulnerabilityCredits): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, VulnerabilityCredits): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' @serializable.serializable_class class Vulnerability: """ Class that models the `vulnerabilityType` complex type in the CycloneDX schema (version >= 1.4). This class also provides data support for schema versions < 1.4 where Vulnerabilites were possible through a schema extension (in XML only). .. note:: See the CycloneDX schema: https://cyclonedx.org/docs/1.6/#type_vulnerabilityType """ def __init__( self, *, bom_ref: Optional[Union[str, BomRef]] = None, id: Optional[str] = None, source: Optional[VulnerabilitySource] = None, references: Optional[Iterable[VulnerabilityReference]] = None, ratings: Optional[Iterable[VulnerabilityRating]] = None, cwes: Optional[Iterable[int]] = None, description: Optional[str] = None, detail: Optional[str] = None, recommendation: Optional[str] = None, workaround: Optional[str] = None, advisories: Optional[Iterable[VulnerabilityAdvisory]] = None, created: Optional[datetime] = None, published: Optional[datetime] = None, updated: Optional[datetime] = None, credits: Optional[VulnerabilityCredits] = None, tools: Optional[Union[Iterable[Tool], ToolRepository]] = None, analysis: Optional[VulnerabilityAnalysis] = None, affects: Optional[Iterable[BomTarget]] = None, properties: Optional[Iterable[Property]] = None, ) -> None: self._bom_ref = _bom_ref_from_str(bom_ref) self.id = id self.source = source self.references = references or [] # type:ignore[assignment] self.ratings = ratings or [] # type:ignore[assignment] self.cwes = cwes or [] # type:ignore[assignment] self.description = description self.detail = detail self.recommendation = recommendation self.workaround = workaround self.advisories = advisories or [] # type:ignore[assignment] self.created = created self.published = published self.updated = updated self.credits = credits self.tools = tools or [] # type:ignore[assignment] self.analysis = analysis self.affects = affects or [] # type:ignore[assignment] self.properties = properties or [] # type:ignore[assignment] @property @serializable.json_name('bom-ref') @serializable.type_mapping(BomRef) @serializable.xml_attribute() @serializable.xml_name('bom-ref') def bom_ref(self) -> BomRef: """ Get the unique reference for this Vulnerability in this BOM. Returns: `BomRef` """ return self._bom_ref @property @serializable.xml_sequence(1) @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING) def id(self) -> Optional[str]: """ The identifier that uniquely identifies the vulnerability. For example: CVE-2021-39182. Returns: `str` if set else `None` """ return self._id @id.setter def id(self, id: Optional[str]) -> None: self._id = id @property @serializable.xml_sequence(2) def source(self) -> Optional[VulnerabilitySource]: """ The source that published the vulnerability. Returns: `VulnerabilitySource` if set else `None` """ return self._source @source.setter def source(self, source: Optional[VulnerabilitySource]) -> None: self._source = source @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'reference') @serializable.xml_sequence(3) def references(self) -> 'SortedSet[VulnerabilityReference]': """ Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provides a way to correlate vulnerabilities across multiple sources of vulnerability intelligence. Returns: Set of `VulnerabilityReference` """ return self._references @references.setter def references(self, references: Iterable[VulnerabilityReference]) -> None: self._references = SortedSet(references) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'rating') @serializable.xml_sequence(4) def ratings(self) -> 'SortedSet[VulnerabilityRating]': """ List of vulnerability ratings. Returns: Set of `VulnerabilityRating` """ return self._ratings @ratings.setter def ratings(self, ratings: Iterable[VulnerabilityRating]) -> None: self._ratings = SortedSet(ratings) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'cwe') @serializable.xml_sequence(5) def cwes(self) -> 'SortedSet[int]': """ A list of CWE (Common Weakness Enumeration) identifiers. .. note:: See https://cwe.mitre.org/ Returns: Set of `int` """ return self._cwes @cwes.setter def cwes(self, cwes: Iterable[int]) -> None: self._cwes = SortedSet(cwes) @property @serializable.xml_sequence(6) def description(self) -> Optional[str]: """ A description of the vulnerability as provided by the source. Returns: `str` if set else `None` """ return self._description @description.setter def description(self, description: Optional[str]) -> None: self._description = description @property @serializable.xml_sequence(7) def detail(self) -> Optional[str]: """ If available, an in-depth description of the vulnerability as provided by the source organization. Details often include examples, proof-of-concepts, and other information useful in understanding root cause. Returns: `str` if set else `None` """ return self._detail @detail.setter def detail(self, detail: Optional[str]) -> None: self._detail = detail @property @serializable.xml_sequence(8) def recommendation(self) -> Optional[str]: """ Recommendations of how the vulnerability can be remediated or mitigated. Returns: `str` if set else `None` """ return self._recommendation @recommendation.setter def recommendation(self, recommendation: Optional[str]) -> None: self._recommendation = recommendation @property @serializable.view(SchemaVersion1Dot5) @serializable.view(SchemaVersion1Dot6) @serializable.xml_sequence(9) def workaround(self) -> Optional[str]: """ A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or impact. Workarounds often involve changes to configuration or deployments. Returns: `str` if set else `None` """ return self._workaround @workaround.setter def workaround(self, workaround: Optional[str]) -> None: self._workaround = workaround # @property # @serializable.view(SchemaVersion1Dot5) # @serializable.xml_sequence(10) # def proof_of_concept(self) -> ...: # ... # TODO since CDX 1.5 # # @proof_of_concept.setter # def proof_of_concept(self, ...) -> None: # ... # TODO since CDX 1.5 @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'advisory') @serializable.xml_sequence(11) def advisories(self) -> 'SortedSet[VulnerabilityAdvisory]': """ Advisories relating to the Vulnerability. Returns: Set of `VulnerabilityAdvisory` """ return self._advisories @advisories.setter def advisories(self, advisories: Iterable[VulnerabilityAdvisory]) -> None: self._advisories = SortedSet(advisories) @property @serializable.type_mapping(serializable.helpers.XsdDateTime) @serializable.xml_sequence(12) def created(self) -> Optional[datetime]: """ The date and time (timestamp) when the vulnerability record was created in the vulnerability database. Returns: `datetime` if set else `None` """ return self._created @created.setter def created(self, created: Optional[datetime]) -> None: self._created = created @property @serializable.type_mapping(serializable.helpers.XsdDateTime) @serializable.xml_sequence(13) def published(self) -> Optional[datetime]: """ The date and time (timestamp) when the vulnerability record was first published. Returns: `datetime` if set else `None` """ return self._published @published.setter def published(self, published: Optional[datetime]) -> None: self._published = published @property @serializable.type_mapping(serializable.helpers.XsdDateTime) @serializable.xml_sequence(14) def updated(self) -> Optional[datetime]: """ The date and time (timestamp) when the vulnerability record was last updated. Returns: `datetime` if set else `None` """ return self._updated @updated.setter def updated(self, updated: Optional[datetime]) -> None: self._updated = updated # @property # @serializable.view(SchemaVersion1Dot5) # @serializable.xml_sequence(15) # def rejected(self) -> ...: # ... # TODO since CDX 1.5 # # @rejected.setter # def rejected(self, ...) -> None: # ... # TODO since CDX 1.5 @property @serializable.xml_sequence(16) def credits(self) -> Optional[VulnerabilityCredits]: """ Individuals or organizations credited with the discovery of the vulnerability. Returns: `VulnerabilityCredits` if set else `None` """ return self._credits @credits.setter def credits(self, credits: Optional[VulnerabilityCredits]) -> None: self._credits = credits @property @serializable.type_mapping(_ToolRepositoryHelper) @serializable.xml_sequence(17) def tools(self) -> ToolRepository: """ Tools used to create this BOM. Returns: :class:`ToolRepository` object. """ return self._tools @tools.setter def tools(self, tools: Union[Iterable[Tool], ToolRepository]) -> None: self._tools = tools \ if isinstance(tools, ToolRepository) \ else ToolRepository(tools=tools) @property @serializable.xml_sequence(18) def analysis(self) -> Optional[VulnerabilityAnalysis]: """ Analysis of the Vulnerability in your context. Returns: `VulnerabilityAnalysis` if set else `None` """ return self._analysis @analysis.setter def analysis(self, analysis: Optional[VulnerabilityAnalysis]) -> None: self._analysis = analysis @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'target') @serializable.xml_sequence(19) def affects(self) -> 'SortedSet[BomTarget]': """ The components or services that are affected by the vulnerability. Returns: Set of `BomTarget` """ return self._affects @affects.setter def affects(self, affects_targets: Iterable[BomTarget]) -> None: self._affects = SortedSet(affects_targets) @property @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'property') @serializable.xml_sequence(20) def properties(self) -> 'SortedSet[Property]': """ Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Return: Set of `Property` """ return self._properties @properties.setter def properties(self, properties: Iterable[Property]) -> None: self._properties = SortedSet(properties) def __comparable_tuple(self) -> _ComparableTuple: return _ComparableTuple(( self.id, self.bom_ref.value, self.source, _ComparableTuple(self.references), _ComparableTuple(self.ratings), _ComparableTuple(self.cwes), self.description, self.detail, self.recommendation, self.workaround, _ComparableTuple(self.advisories), self.created, self.published, self.updated, self.credits, self.tools, self.analysis, _ComparableTuple(self.affects), _ComparableTuple(self.properties) )) def __eq__(self, other: object) -> bool: if isinstance(other, Vulnerability): return self.__comparable_tuple() == other.__comparable_tuple() return False def __lt__(self, other: Any) -> bool: if isinstance(other, Vulnerability): return self.__comparable_tuple() < other.__comparable_tuple() return NotImplemented def __hash__(self) -> int: return hash(self.__comparable_tuple()) def __repr__(self) -> str: return f'' cyclonedx-python-lib-9.1.0/cyclonedx/output/000077500000000000000000000000001476011761300211325ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/cyclonedx/output/__init__.py000066400000000000000000000136561476011761300232560ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ Set of classes and methods for outputting our libraries internal Bom model to CycloneDX documents in varying formats and according to different versions of the CycloneDX schema standard. """ import os from abc import ABC, abstractmethod from itertools import chain from random import random from typing import TYPE_CHECKING, Any, Iterable, Literal, Mapping, Optional, Type, Union, overload from ..schema import OutputFormat, SchemaVersion if TYPE_CHECKING: # pragma: no cover from ..model.bom import Bom from ..model.bom_ref import BomRef from .json import Json as JsonOutputter from .xml import Xml as XmlOutputter class BaseOutput(ABC): def __init__(self, bom: 'Bom', **kwargs: int) -> None: super().__init__(**kwargs) self._bom = bom self._generated: bool = False @property @abstractmethod def schema_version(self) -> SchemaVersion: ... # pragma: no cover @property @abstractmethod def output_format(self) -> OutputFormat: ... # pragma: no cover @property def generated(self) -> bool: return self._generated @generated.setter def generated(self, generated: bool) -> None: self._generated = generated def get_bom(self) -> 'Bom': return self._bom def set_bom(self, bom: 'Bom') -> None: self._bom = bom @abstractmethod def generate(self, force_regeneration: bool = False) -> None: ... # pragma: no cover @abstractmethod def output_as_string(self, *, indent: Optional[Union[int, str]] = None, **kwargs: Any) -> str: ... # pragma: no cover def output_to_file(self, filename: str, allow_overwrite: bool = False, *, indent: Optional[Union[int, str]] = None, **kwargs: Any) -> None: # Check directory writable output_filename = os.path.realpath(filename) output_directory = os.path.dirname(output_filename) if not os.access(output_directory, os.W_OK): raise PermissionError(output_directory) if os.path.exists(output_filename) and not allow_overwrite: raise FileExistsError(output_filename) with open(output_filename, mode='wb') as f_out: f_out.write(self.output_as_string(indent=indent).encode('utf-8')) @overload def make_outputter(bom: 'Bom', output_format: Literal[OutputFormat.JSON], schema_version: SchemaVersion) -> 'JsonOutputter': ... # pragma: no cover @overload def make_outputter(bom: 'Bom', output_format: Literal[OutputFormat.XML], schema_version: SchemaVersion) -> 'XmlOutputter': ... # pragma: no cover @overload def make_outputter(bom: 'Bom', output_format: OutputFormat, schema_version: SchemaVersion) -> Union['XmlOutputter', 'JsonOutputter']: ... # pragma: no cover def make_outputter(bom: 'Bom', output_format: OutputFormat, schema_version: SchemaVersion) -> BaseOutput: """ Helper method to quickly get the correct output class/formatter. Pass in your BOM and optionally an output format and schema version (defaults to XML and latest schema version). Raises error when no instance could be made. :param bom: Bom :param output_format: OutputFormat :param schema_version: SchemaVersion :return: BaseOutput """ if TYPE_CHECKING: # pragma: no cover BY_SCHEMA_VERSION: Mapping[SchemaVersion, Type[BaseOutput]] # noqa:N806 if OutputFormat.JSON is output_format: from .json import BY_SCHEMA_VERSION elif OutputFormat.XML is output_format: from .xml import BY_SCHEMA_VERSION else: raise ValueError(f'Unexpected output_format: {output_format!r}') klass = BY_SCHEMA_VERSION.get(schema_version, None) if klass is None: raise ValueError(f'Unknown {output_format.name}/schema_version: {schema_version!r}') return klass(bom) class BomRefDiscriminator: def __init__(self, bomrefs: Iterable['BomRef'], prefix: str = 'BomRef') -> None: # do not use dict/set here, different BomRefs with same value have same hash and would shadow each other self._bomrefs = tuple((bomref, bomref.value) for bomref in bomrefs) self._prefix = prefix def __enter__(self) -> None: self.discriminate() def __exit__(self, exc_type: Any, exc_val: Any, exc_tb: Any) -> None: self.reset() def discriminate(self) -> None: known_values = [] for bomref, _ in self._bomrefs: value = bomref.value if value is None or value in known_values: value = self._make_unique() bomref.value = value known_values.append(value) def reset(self) -> None: for bomref, original_value in self._bomrefs: bomref.value = original_value def _make_unique(self) -> str: return f'{self._prefix}{str(random())[1:]}{str(random())[1:]}' # nosec B311 @classmethod def from_bom(cls, bom: 'Bom', prefix: str = 'BomRef') -> 'BomRefDiscriminator': return cls(chain( map(lambda c: c.bom_ref, bom._get_all_components()), map(lambda s: s.bom_ref, bom.services), map(lambda v: v.bom_ref, bom.vulnerabilities) ), prefix) cyclonedx-python-lib-9.1.0/cyclonedx/output/json.py000066400000000000000000000103051476011761300224540ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from abc import abstractmethod from json import dumps as json_dumps, loads as json_loads from typing import TYPE_CHECKING, Any, Dict, Literal, Optional, Type, Union from ..exception.output import FormatNotSupportedException from ..schema import OutputFormat, SchemaVersion from ..schema.schema import ( SCHEMA_VERSIONS, BaseSchemaVersion, SchemaVersion1Dot0, SchemaVersion1Dot1, SchemaVersion1Dot2, SchemaVersion1Dot3, SchemaVersion1Dot4, SchemaVersion1Dot5, SchemaVersion1Dot6, ) from . import BaseOutput, BomRefDiscriminator if TYPE_CHECKING: # pragma: no cover from ..model.bom import Bom class Json(BaseOutput, BaseSchemaVersion): def __init__(self, bom: 'Bom') -> None: super().__init__(bom=bom) self._bom_json: Dict[str, Any] = dict() @property def schema_version(self) -> SchemaVersion: return self.schema_version_enum @property def output_format(self) -> Literal[OutputFormat.JSON]: return OutputFormat.JSON def generate(self, force_regeneration: bool = False) -> None: if self.generated and not force_regeneration: return schema_uri: Optional[str] = self._get_schema_uri() if not schema_uri: raise FormatNotSupportedException( f'JSON is not supported by CycloneDX in schema version {self.schema_version.to_version()}') _json_core = { '$schema': schema_uri, 'bomFormat': 'CycloneDX', 'specVersion': self.schema_version.to_version() } _view = SCHEMA_VERSIONS.get(self.schema_version_enum) bom = self.get_bom() bom.validate() with BomRefDiscriminator.from_bom(bom): bom_json: Dict[str, Any] = json_loads( bom.as_json( # type:ignore[attr-defined] view_=_view)) bom_json.update(_json_core) self._bom_json = bom_json self.generated = True def output_as_string(self, *, indent: Optional[Union[int, str]] = None, **kwargs: Any) -> str: self.generate() return json_dumps(self._bom_json, indent=indent) @abstractmethod def _get_schema_uri(self) -> Optional[str]: ... # pragma: no cover class JsonV1Dot0(Json, SchemaVersion1Dot0): def _get_schema_uri(self) -> None: return None class JsonV1Dot1(Json, SchemaVersion1Dot1): def _get_schema_uri(self) -> None: return None class JsonV1Dot2(Json, SchemaVersion1Dot2): def _get_schema_uri(self) -> str: return 'http://cyclonedx.org/schema/bom-1.2b.schema.json' class JsonV1Dot3(Json, SchemaVersion1Dot3): def _get_schema_uri(self) -> str: return 'http://cyclonedx.org/schema/bom-1.3a.schema.json' class JsonV1Dot4(Json, SchemaVersion1Dot4): def _get_schema_uri(self) -> str: return 'http://cyclonedx.org/schema/bom-1.4.schema.json' class JsonV1Dot5(Json, SchemaVersion1Dot5): def _get_schema_uri(self) -> str: return 'http://cyclonedx.org/schema/bom-1.5.schema.json' class JsonV1Dot6(Json, SchemaVersion1Dot6): def _get_schema_uri(self) -> str: return 'http://cyclonedx.org/schema/bom-1.6.schema.json' BY_SCHEMA_VERSION: Dict[SchemaVersion, Type[Json]] = { SchemaVersion.V1_6: JsonV1Dot6, SchemaVersion.V1_5: JsonV1Dot5, SchemaVersion.V1_4: JsonV1Dot4, SchemaVersion.V1_3: JsonV1Dot3, SchemaVersion.V1_2: JsonV1Dot2, SchemaVersion.V1_1: JsonV1Dot1, SchemaVersion.V1_0: JsonV1Dot0, } cyclonedx-python-lib-9.1.0/cyclonedx/output/xml.py000066400000000000000000000103011476011761300222770ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from typing import TYPE_CHECKING, Any, Dict, Literal, Optional, Type, Union from xml.dom.minidom import parseString as dom_parseString # nosec B408 from xml.etree.ElementTree import Element as XmlElement, tostring as xml_dumps # nosec B405 from ..schema import OutputFormat, SchemaVersion from ..schema.schema import ( SCHEMA_VERSIONS, BaseSchemaVersion, SchemaVersion1Dot0, SchemaVersion1Dot1, SchemaVersion1Dot2, SchemaVersion1Dot3, SchemaVersion1Dot4, SchemaVersion1Dot5, SchemaVersion1Dot6, ) from . import BaseOutput, BomRefDiscriminator if TYPE_CHECKING: # pragma: no cover from ..model.bom import Bom class Xml(BaseSchemaVersion, BaseOutput): def __init__(self, bom: 'Bom') -> None: super().__init__(bom=bom) self._bom_xml: str = '' @property def schema_version(self) -> SchemaVersion: return self.schema_version_enum @property def output_format(self) -> Literal[OutputFormat.XML]: return OutputFormat.XML def generate(self, force_regeneration: bool = False) -> None: if self.generated and not force_regeneration: return _view = SCHEMA_VERSIONS[self.schema_version_enum] bom = self.get_bom() bom.validate() xmlns = self.get_target_namespace() with BomRefDiscriminator.from_bom(bom): self._bom_xml = '\n' + xml_dumps( bom.as_xml( # type:ignore[attr-defined] _view, as_string=False, xmlns=xmlns), method='xml', default_namespace=xmlns, encoding='unicode', # `xml-declaration` is inconsistent/bugged in py38, # especially on Windows it will print a non-UTF8 codepage. # Furthermore, it might add an encoding of "utf-8" which is redundant default value of XML. # -> so we write the declaration manually, as long as py38 is supported. xml_declaration=False) self.generated = True @staticmethod def __make_indent(v: Optional[Union[int, str]]) -> str: if isinstance(v, int): return ' ' * v if isinstance(v, str): return v return '' def output_as_string(self, *, indent: Optional[Union[int, str]] = None, **kwargs: Any) -> str: self.generate() return self._bom_xml if indent is None else dom_parseString( # nosecc B318 self._bom_xml).toprettyxml( indent=self.__make_indent(indent) # do not set `encoding` - this would convert result to binary, not string ) def get_target_namespace(self) -> str: return f'http://cyclonedx.org/schema/bom/{self.get_schema_version()}' class XmlV1Dot0(Xml, SchemaVersion1Dot0): def _create_bom_element(self) -> XmlElement: return XmlElement('bom', {'xmlns': self.get_target_namespace(), 'version': '1'}) class XmlV1Dot1(Xml, SchemaVersion1Dot1): pass class XmlV1Dot2(Xml, SchemaVersion1Dot2): pass class XmlV1Dot3(Xml, SchemaVersion1Dot3): pass class XmlV1Dot4(Xml, SchemaVersion1Dot4): pass class XmlV1Dot5(Xml, SchemaVersion1Dot5): pass class XmlV1Dot6(Xml, SchemaVersion1Dot6): pass BY_SCHEMA_VERSION: Dict[SchemaVersion, Type[Xml]] = { SchemaVersion.V1_6: XmlV1Dot6, SchemaVersion.V1_5: XmlV1Dot5, SchemaVersion.V1_4: XmlV1Dot4, SchemaVersion.V1_3: XmlV1Dot3, SchemaVersion.V1_2: XmlV1Dot2, SchemaVersion.V1_1: XmlV1Dot1, SchemaVersion.V1_0: XmlV1Dot0, } cyclonedx-python-lib-9.1.0/cyclonedx/py.typed000066400000000000000000000002311476011761300212650ustar00rootroot00000000000000# Marker file for PEP 561. This package uses inline types. # This file is needed to allow other packages to type-check their code against this package. cyclonedx-python-lib-9.1.0/cyclonedx/schema/000077500000000000000000000000001476011761300210325ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/cyclonedx/schema/__init__.py000066400000000000000000000057741476011761300231600ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from enum import Enum, auto, unique from typing import Any, Type, TypeVar @unique class OutputFormat(Enum): """Output formats. Cases are hashable. Do not rely on the actual/literal values, just use enum cases, like so: my_of = OutputFormat.XML """ JSON = auto() XML = auto() def __hash__(self) -> int: return hash(self.name) def __eq__(self, other: Any) -> bool: return self is other _SV = TypeVar('_SV', bound='SchemaVersion') @unique class SchemaVersion(Enum): """ Schema version. Cases are hashable. Cases are comparable(!=,>=,>,==,<,<=) Do not rely on the actual/literal values, just use enum cases, like so: my_sv = SchemaVersion.V1_3 """ V1_6 = (1, 6) V1_5 = (1, 5) V1_4 = (1, 4) V1_3 = (1, 3) V1_2 = (1, 2) V1_1 = (1, 1) V1_0 = (1, 0) @classmethod def from_version(cls: Type[_SV], version: str) -> _SV: """Return instance based of a version string - e.g. `1.4`""" return cls(tuple(map(int, version.split('.')))[:2]) def to_version(self) -> str: """Return as a version string - e.g. `1.4`""" return '.'.join(map(str, self.value)) def __ne__(self, other: Any) -> bool: if isinstance(other, self.__class__): return self.value != other.value return NotImplemented # pragma: no cover def __lt__(self, other: Any) -> bool: if isinstance(other, self.__class__): return self.value < other.value return NotImplemented # pragma: no cover def __le__(self, other: Any) -> bool: if isinstance(other, self.__class__): return self.value <= other.value return NotImplemented # pragma: no cover def __eq__(self, other: Any) -> bool: if isinstance(other, self.__class__): return self.value == other.value return NotImplemented # pragma: no cover def __ge__(self, other: Any) -> bool: if isinstance(other, self.__class__): return self.value >= other.value return NotImplemented # pragma: no cover def __gt__(self, other: Any) -> bool: if isinstance(other, self.__class__): return self.value > other.value return NotImplemented # pragma: no cover def __hash__(self) -> int: return hash(self.name) cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/000077500000000000000000000000001476011761300217625ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/.editorconfig000066400000000000000000000003701476011761300244370ustar00rootroot00000000000000 # fix settings for files that are copied over, to keep them as is [*.SNAPSHOT.xsd] indent_size = 4 indent_style = space trim_trailing_whitespace = false [*.SNAPSHOT.schema.json] indent_size = 2 indent_style = space trim_trailing_whitespace = falsecyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/.gitattributes000066400000000000000000000002651476011761300246600ustar00rootroot00000000000000# snapshots are vendored for offline use *.SNAPSHOT.* linguist-vendored # specs are vendored for offline use *.xsd linguist-vendored *.schema.json linguist-vendored cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/README.md000066400000000000000000000041021476011761300232360ustar00rootroot00000000000000# Resources: Schema files some schema for offline use as download via [script](../../../tools/schema-downloader.py). original sources: Currently using version [8a27bfd1be5be0dcb2c208a34d2f4fa0b6d75bd7](https://github.com/CycloneDX/specification/commit/8a27bfd1be5be0dcb2c208a34d2f4fa0b6d75bd7) | file | note | |------|------| | [`bom-1.0.SNAPSHOT.xsd`](bom-1.0.SNAPSHOT.xsd) | applied changes: 1 | | [`bom-1.1.SNAPSHOT.xsd`](bom-1.1.SNAPSHOT.xsd) | applied changes: 1 | | [`bom-1.2.SNAPSHOT.xsd`](bom-1.2.SNAPSHOT.xsd) | applied changes: 1 | | [`bom-1.3.SNAPSHOT.xsd`](bom-1.3.SNAPSHOT.xsd) | applied changes: 1 | | [`bom-1.4.SNAPSHOT.xsd`](bom-1.4.SNAPSHOT.xsd) | applied changes: 1 | | [`bom-1.5.SNAPSHOT.xsd`](bom-1.5.SNAPSHOT.xsd) | applied changes: 1 | | [`bom-1.6.SNAPSHOT.xsd`](bom-1.6.SNAPSHOT.xsd) | applied changes: 1 | | [`bom-1.2.SNAPSHOT.schema.json`](bom-1.2.SNAPSHOT.schema.json) | applied changes: 2,3,4,5 | | [`bom-1.3.SNAPSHOT.schema.json`](bom-1.3.SNAPSHOT.schema.json) | applied changes: 2,3,4,5 | | [`bom-1.4.SNAPSHOT.schema.json`](bom-1.4.SNAPSHOT.schema.json) | applied changes: 2,3,4,5 | | [`bom-1.5.SNAPSHOT.schema.json`](bom-1.5.SNAPSHOT.schema.json) | applied changes: 2,3,4,5 | | [`bom-1.6.SNAPSHOT.schema.json`](bom-1.6.SNAPSHOT.schema.json) | applied changes: 2,3,4,5 | | [`bom-1.2-strict.SNAPSHOT.schema.json`](bom-1.2-strict.SNAPSHOT.schema.json) | applied changes: 2,3,4,5 | | [`bom-1.3-strict.SNAPSHOT.schema.json`](bom-1.3-strict.SNAPSHOT.schema.json) | applied changes: 2,3,4,5 | | [`spdx.SNAPSHOT.xsd`](spdx.SNAPSHOT.xsd) | | | [`spdx.SNAPSHOT.schema.json`](spdx.SNAPSHOT.schema.json) | | | [`jsf-0.82.SNAPSHOT.schema.json`](jsf-0.82.SNAPSHOT.schema.json) | | changes: 1. `https?://cyclonedx.org/schema/spdx` was replaced with `spdx.SNAPSHOT.xsd` 2. `spdx.schema.json` was replaced with `spdx.SNAPSHOT.schema.json` 3. `jsf-0.82.schema.json` was replaced with `jsf-0.82.SNAPSHOT.schema.json` 4. `properties.$schema.enum` was removed 5. `required.version` removed, as it is actually optional with default value cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/__init__.py000066400000000000000000000047571476011761300241100ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ Content in here is internal, not for public use. Breaking changes without notice may happen. """ from os.path import dirname, join from typing import Dict, Optional from .. import SchemaVersion __DIR = dirname(__file__) BOM_XML: Dict[SchemaVersion, Optional[str]] = { SchemaVersion.V1_6: join(__DIR, 'bom-1.6.SNAPSHOT.xsd'), SchemaVersion.V1_5: join(__DIR, 'bom-1.5.SNAPSHOT.xsd'), SchemaVersion.V1_4: join(__DIR, 'bom-1.4.SNAPSHOT.xsd'), SchemaVersion.V1_3: join(__DIR, 'bom-1.3.SNAPSHOT.xsd'), SchemaVersion.V1_2: join(__DIR, 'bom-1.2.SNAPSHOT.xsd'), SchemaVersion.V1_1: join(__DIR, 'bom-1.1.SNAPSHOT.xsd'), SchemaVersion.V1_0: join(__DIR, 'bom-1.0.SNAPSHOT.xsd'), } BOM_JSON: Dict[SchemaVersion, Optional[str]] = { SchemaVersion.V1_6: join(__DIR, 'bom-1.6.SNAPSHOT.schema.json'), SchemaVersion.V1_5: join(__DIR, 'bom-1.5.SNAPSHOT.schema.json'), SchemaVersion.V1_4: join(__DIR, 'bom-1.4.SNAPSHOT.schema.json'), SchemaVersion.V1_3: join(__DIR, 'bom-1.3.SNAPSHOT.schema.json'), SchemaVersion.V1_2: join(__DIR, 'bom-1.2.SNAPSHOT.schema.json'), # <= v1.1 is not defined in JSON SchemaVersion.V1_1: None, SchemaVersion.V1_0: None, } BOM_JSON_STRICT: Dict[SchemaVersion, Optional[str]] = { SchemaVersion.V1_6: BOM_JSON[SchemaVersion.V1_6], SchemaVersion.V1_5: BOM_JSON[SchemaVersion.V1_5], SchemaVersion.V1_4: BOM_JSON[SchemaVersion.V1_4], # <= 1.3 need special files SchemaVersion.V1_3: join(__DIR, 'bom-1.3-strict.SNAPSHOT.schema.json'), SchemaVersion.V1_2: join(__DIR, 'bom-1.2-strict.SNAPSHOT.schema.json'), # <= v1.1 is not defined in JSON SchemaVersion.V1_1: None, SchemaVersion.V1_0: None, } SPDX_JSON = join(__DIR, 'spdx.SNAPSHOT.schema.json') SPDX_XML = join(__DIR, 'spdx.SNAPSHOT.xsd') JSF = join(__DIR, 'jsf-0.82.SNAPSHOT.schema.json') cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.0.SNAPSHOT.xsd000066400000000000000000000324441476011761300250200ustar00rootroot00000000000000 The person(s) or organization(s) that published the component The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org. The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery The component version. The version should ideally comply with semantic versioning but is not enforced. Specifies a description for the component Specifies the scope of the component. If scope is not specified, 'runtime' scope will be assumed. A valid SPDX license ID If SPDX does not define the license used, this field may be used to provide the license name An optional copyright notice informing users of the underlying claims to copyright ownership in a published work. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe Specifies the package-url (PURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original. Specifies optional sub-components. This is not a dependency tree. It simply provides an optional way to group large sets of components together. Specifies the type of component. Software applications, libraries, frameworks, and other dependencies should be classified as 'application'. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies the file hash of the component Specifies the algorithm used to create hash The component is required for runtime The component is optional at runtime. Optional components are components that are not capable of being called due to them not be installed or otherwise accessible by any means. Components that are installed but due to configuration or other restrictions are prohibited from being called must be scoped as 'required'. Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. Refer to https://nvd.nist.gov/products/cpe for official specification. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.1.SNAPSHOT.xsd000066400000000000000000001154441476011761300250230ustar00rootroot00000000000000 CycloneDX Software Bill-of-Material Specification https://cyclonedx.org/ Apache License, Version 2.0 Steve Springett Identifier-DataType for interlinked elements. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The person(s) or organization(s) that published the component The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org. The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery The component version. The version should ideally comply with semantic versioning but is not enforced. Specifies a description for the component Specifies the scope of the component. If scope is not specified, 'runtime' scope should be assumed by the consumer of the BOM A valid SPDX license expression. Refer to https://spdx.org/specifications for syntax requirements An optional copyright notice informing users of the underlying claims to copyright ownership in a published work. DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe Specifies the package-url (PURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original. Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Provides the ability to document external references related to the component or to the project the component describes. Specifies optional sub-components. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. Allows any undeclared elements as long as the elements are placed in a different namespace. Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component. Valid choices are: application, framework, library, operating-system, device, or file Refer to the bom:classification documentation for information describing each one An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. A valid SPDX license ID If SPDX does not define the license used, this field may be used to provide the license name Specifies the optional full text of the license The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness. Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies attributes of the license text Specifies the content type of the license text. Defaults to text/plain if not specified. Specifies the optional encoding the license text is represented in Specifies the file hash of the component Specifies the algorithm used to create the hash The component is required for runtime The component is optional at runtime. Optional components are components that are not capable of being called due to them not be installed or otherwise accessible by any means. Components that are installed but due to configuration or other restrictions are prohibited from being called must be scoped as 'required'. Components that are excluded provide the ability to document component usage for test and other non-runtime purposes. Excluded components are not reachable within a call graph at runtime. A software application. Refer to https://en.wikipedia.org/wiki/Application_software for information about applications. A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework for information on how frameworks vary slightly from libraries. A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended. A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, container image, etc) Refer to https://en.wikipedia.org/wiki/Operating_system A hardware device such as a processor, or chip-set. A hardware device containing firmware should include a component for the physical hardware itself, and another component of type 'application' or 'operating-system' (whichever is relevant), describing information about the firmware. A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file for information about files. Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. Refer to https://nvd.nist.gov/products/cpe for official specification. Defines a string representation of a UUID conforming to RFC 4122. Version Control System Issue or defect tracking system, or an Application Lifecycle Management (ALM) system Website Security advisories Bill-of-material document (CycloneDX, SPDX, SWID, etc) Mailing list or discussion group Social media account Real-time chat platform Documentation, guides, or how-to instructions Community or commercial support Direct or repository download location The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) URL to an automated build system Use this if no other types accurately describe the purpose of the external reference External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM. Zero or more external references can be defined The URL to the external reference An optional comment describing the external reference Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the "other" type. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Zero or more commits can be specified. Specifies an individual commit. Allows any undeclared elements as long as the elements are placed in a different namespace. A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes. The URL to the commit. This URL will typically point to a commit in a version control system. The author who created the changes in the commit The person who committed or pushed the commit The text description of the contents of the commit Allows any undeclared elements as long as the elements are placed in a different namespace. The timestamp in which the action occurred The name of the individual who performed the action The email address of the individual who performed the action Allows any undeclared elements as long as the elements are placed in a different namespace. Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known. Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from. Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component. Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor. A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant. Notes, observations, and other non-structured commentary describing the components pedigree. Allows any undeclared elements as long as the elements are placed in a different namespace. Provides the ability to document external references related to the BOM or to the project the BOM describes. Allows any undeclared elements as long as the elements are placed in a different namespace. The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'. Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.2-strict.SNAPSHOT.schema.json000066400000000000000000001103661476011761300277420ustar00rootroot00000000000000{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "type": "object", "title": "CycloneDX Software Bill-of-Material Specification", "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", "required": [ "bomFormat", "specVersion" ], "additionalProperties": false, "properties": { "$schema": { "type": "string" }, "bomFormat": { "$id": "#/properties/bomFormat", "type": "string", "title": "BOM Format", "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces.", "enum": [ "CycloneDX" ] }, "specVersion": { "$id": "#/properties/specVersion", "type": "string", "title": "CycloneDX Specification Version", "description": "The version of the CycloneDX specification a BOM is written to (starting at version 1.2)", "examples": ["1.2"] }, "serialNumber": { "$id": "#/properties/serialNumber", "type": "string", "title": "BOM Serial Number", "description": "Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated.", "default": "", "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" }, "version": { "$id": "#/properties/version", "type": "integer", "title": "BOM Version", "description": "The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'.", "default": 1, "examples": [1] }, "metadata": { "$id": "#/properties/metadata", "$ref": "#/definitions/metadata", "title": "BOM Metadata", "description": "Provides additional information about a BOM." }, "components": { "$id": "#/properties/components", "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components" }, "services": { "$id": "#/properties/services", "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services" }, "externalReferences": { "$id": "#/properties/externalReferences", "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." }, "dependencies": { "$id": "#/properties/dependencies", "type": "array", "items": {"$ref": "#/definitions/dependency"}, "uniqueItems": true, "title": "Dependencies", "description": "Provides the ability to document dependency relationships." } }, "definitions": { "refType": { "$comment": "Identifier-DataType for interlinked elements.", "type": "string" }, "metadata": { "type": "object", "title": "BOM Metadata Object", "additionalProperties": false, "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The date and time (timestamp) when the document was created." }, "tools": { "type": "array", "title": "Creation Tools", "description": "The tool(s) used in the creation of the BOM.", "items": {"$ref": "#/definitions/tool"} }, "authors" :{ "type": "array", "title": "Authors", "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", "items": {"$ref": "#/definitions/organizationalContact"} }, "component": { "title": "Component", "description": "The component that the BOM describes.", "$ref": "#/definitions/component" }, "manufacture": { "title": "Manufacture", "description": "The organization that manufactured the component that the BOM describes.", "$ref": "#/definitions/organizationalEntity" }, "supplier": { "title": "Supplier", "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacture, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" } } }, "tool": { "type": "object", "title": "Tool", "description": "The tool used to create the BOM.", "additionalProperties": false, "properties": { "vendor": { "type": "string", "format": "string", "title": "Tool Vendor", "description": "The date and time (timestamp) when the document was created." }, "name": { "type": "string", "format": "string", "title": "Tool Name", "description": "The date and time (timestamp) when the document was created." }, "version": { "type": "string", "format": "string", "title": "Tool Version", "description": "The date and time (timestamp) when the document was created." }, "hashes": { "$id": "#/definitions/tool/properties/hashes", "type": "array", "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the tool (if applicable)." } } }, "organizationalEntity": { "type": "object", "title": "Organizational Entity Object", "description": "", "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the organization", "default": "", "examples": [ "Example Inc." ], "pattern": "^(.*)$" }, "url": { "type": "array", "title": "URL", "description": "The URL of the organization. Multiple URLs are allowed.", "default": "", "examples": ["https://example.com"], "pattern": "^(.*)$" }, "contact": { "type": "array", "title": "Contact", "description": "A contact at the organization. Multiple contacts are allowed.", "items": {"$ref": "#/definitions/organizationalContact"} } } }, "organizationalContact": { "type": "object", "title": "Organizational Contact Object", "description": "", "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Name", "description": "The name of a contact", "default": "", "examples": ["Contact name"], "pattern": "^(.*)$" }, "email": { "type": "string", "title": "Email Address", "description": "The email address of the contact. Multiple email addresses are allowed.", "default": "", "examples": ["firstname.lastname@example.com"], "pattern": "^(.*)$" }, "phone": { "type": "string", "title": "Phone", "description": "The phone number of the contact. Multiple phone numbers are allowed.", "default": "", "examples": ["800-555-1212"], "pattern": "^(.*)$" } } }, "component": { "type": "object", "title": "Component Object", "required": [ "type", "name", "version" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "application", "framework", "library", "container", "operating-system", "device", "firmware", "file" ], "title": "Component Type", "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component.", "default": "", "examples": ["library"], "pattern": "^(.*)$" }, "mime-type": { "type": "string", "title": "Mime-Type", "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", "default": "", "examples": ["image/jpeg"], "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" }, "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref should be unique.", "default": "", "pattern": "^(.*)$" }, "supplier": { "title": "Component Supplier", "description": " The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" }, "author": { "type": "string", "title": "Component Author", "description": "The person(s) or organization(s) that authored the component", "default": "", "examples": ["Acme Inc"], "pattern": "^(.*)$" }, "publisher": { "type": "string", "title": "Component Publisher", "description": "The person(s) or organization(s) that published the component", "default": "", "examples": ["Acme Inc"], "pattern": "^(.*)$" }, "group": { "type": "string", "title": "Component Group", "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", "default": "", "examples": ["com.acme"], "pattern": "^(.*)$" }, "name": { "type": "string", "title": "Component Name", "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", "default": "", "examples": ["tomcat-catalina"], "pattern": "^(.*)$" }, "version": { "type": "string", "title": "Component Version", "description": "The component version. The version should ideally comply with semantic versioning but is not enforced.", "default": "", "examples": ["9.0.14"], "pattern": "^(.*)$" }, "description": { "type": "string", "title": "Component Description", "description": "Specifies a description for the component", "default": "", "pattern": "^(.*)$" }, "scope": { "type": "string", "enum": [ "required", "optional", "excluded" ], "title": "Component Scope", "description": "Specifies the scope of the component. If scope is not specified, 'required' scope should be assumed by the consumer of the BOM", "default": "required", "pattern": "^(.*)$" }, "hashes": { "type": "array", "title": "Component Hashes", "items": {"$ref": "#/definitions/hash"} }, "licenses": { "type": "array", "title": "Component License(s)", "items": { "additionalProperties": false, "properties": { "license": { "$ref": "#/definitions/license" }, "expression": { "type": "string", "title": "SPDX License Expression", "examples": [ "Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0" ], "pattern": "^(.*)$" } }, "oneOf":[ { "required": ["license"] }, { "required": ["expression"] } ] } }, "copyright": { "type": "string", "title": "Component Copyright", "description": "An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.", "examples": ["Acme Inc"], "pattern": "^(.*)$" }, "cpe": { "type": "string", "title": "Component Common Platform Enumeration (CPE)", "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe", "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"], "pattern": "^(.*)$" }, "purl": { "type": "string", "title": "Component Package URL (purl)", "default": "", "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"], "pattern": "^(.*)$" }, "swid": { "$ref": "#/definitions/swid", "title": "SWID Tag", "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags." }, "modified": { "type": "boolean", "title": "Component Modified From Original", "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." }, "pedigree": { "type": "object", "title": "Component Pedigree", "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", "additionalProperties": false, "properties": { "ancestors": { "type": "array", "title": "Ancestors", "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", "items": {"$ref": "#/definitions/component"} }, "descendants": { "type": "array", "title": "Descendants", "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", "items": {"$ref": "#/definitions/component"} }, "variants": { "type": "array", "title": "Variants", "description": "Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", "items": {"$ref": "#/definitions/component"} }, "commits": { "type": "array", "title": "Commits", "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", "items": {"$ref": "#/definitions/commit"} }, "patches": { "type": "array", "title": "Patches", "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.", "items": {"$ref": "#/definitions/patch"} }, "notes": { "type": "string", "title": "Notes", "description": "Notes, observations, and other non-structured commentary describing the components pedigree.", "pattern": "^(.*)$" } } }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References" }, "components": { "$id": "#/definitions/component/properties/components", "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components" } } }, "swid": { "type": "object", "title": "SWID Tag", "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", "required": [ "tagId", "name" ], "additionalProperties": false, "properties": { "tagId": { "type": "string", "title": "Tag ID", "description": "Maps to the tagId of a SoftwareIdentity." }, "name": { "type": "string", "title": "Name", "description": "Maps to the name of a SoftwareIdentity." }, "version": { "type": "string", "title": "Version", "default": "0.0", "description": "Maps to the version of a SoftwareIdentity." }, "tagVersion": { "type": "integer", "title": "Tag Version", "default": 0, "description": "Maps to the tagVersion of a SoftwareIdentity." }, "patch": { "type": "boolean", "title": "Patch", "default": false, "description": "Maps to the patch of a SoftwareIdentity." }, "text": { "title": "Attachment text", "description": "Specifies the metadata and content of the SWID tag.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "default": "The URL to the SWID file.", "pattern": "^(.*)$" } } }, "attachment": { "type": "object", "title": "Attachment", "description": "Specifies the metadata and content for an attachment.", "required": [ "content" ], "additionalProperties": false, "properties": { "contentType": { "type": "string", "title": "Content-Type", "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", "default": "text/plain" }, "encoding": { "type": "string", "title": "Encoding", "description": "Specifies the optional encoding the text is represented in.", "enum": [ "base64" ], "default": "", "pattern": "^(.*)$" }, "content": { "type": "string", "title": "Attachment Text", "description": "The attachment data" } } }, "hash": { "type": "object", "title": "Hash Objects", "required": [ "alg", "content" ], "additionalProperties": false, "properties": { "alg": { "$ref": "#/definitions/hash-alg" }, "content": { "$ref": "#/definitions/hash-content" } } }, "hash-alg": { "type": "string", "enum": [ "MD5", "SHA-1", "SHA-256", "SHA-384", "SHA-512", "SHA3-256", "SHA3-384", "SHA3-512", "BLAKE2b-256", "BLAKE2b-384", "BLAKE2b-512", "BLAKE3" ], "title": "Hash Algorithm", "default": "", "pattern": "^(.*)$" }, "hash-content": { "type": "string", "title": "Hash Content (value)", "default": "", "examples": ["3942447fac867ae5cdb3229b658f4d48"], "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" }, "license": { "type": "object", "title": "License Object", "oneOf": [ { "required": ["id"] }, { "required": ["name"] } ], "additionalProperties": false, "properties": { "id": { "$ref": "spdx.SNAPSHOT.schema.json", "title": "License ID (SPDX)", "description": "A valid SPDX license ID", "examples": ["Apache-2.0"] }, "name": { "type": "string", "title": "License Name", "description": "If SPDX does not define the license used, this field may be used to provide the license name", "default": "", "examples": ["Acme Software License"], "pattern": "^(.*)$" }, "text": { "title": "License text", "description": "An optional way to include the textual content of a license.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "License URL", "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], "pattern": "^(.*)$" } } }, "commit": { "type": "object", "title": "Commit", "description": "Specifies an individual commit", "additionalProperties": false, "properties": { "uid": { "type": "string", "title": "UID", "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes.", "pattern": "^(.*)$" }, "url": { "type": "string", "title": "URL", "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", "format": "iri-reference" }, "author": { "title": "Author", "description": "The author who created the changes in the commit", "$ref": "#/definitions/identifiableAction" }, "committer": { "title": "Committer", "description": "The person who committed or pushed the commit", "$ref": "#/definitions/identifiableAction" }, "message": { "type": "string", "title": "Message", "description": "The text description of the contents of the commit", "pattern": "^(.*)$" } } }, "patch": { "type": "object", "title": "Patch", "description": "Specifies an individual patch", "required": [ "type" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "unofficial", "monkey", "backport", "cherry-pick" ], "title": "Type", "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality" }, "diff": { "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "$ref": "#/definitions/diff" }, "resolves": { "type": "array", "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues the patch resolves" } } }, "diff": { "type": "object", "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "additionalProperties": false, "properties": { "text": { "title": "Diff text", "description": "Specifies the optional text of the diff", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "description": "Specifies the URL to the diff", "pattern": "^(.*)$" } } }, "issue": { "type": "object", "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "required": [ "type" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "defect", "enhancement", "security" ], "title": "Type", "description": "Specifies the type of issue" }, "id": { "type": "string", "title": "ID", "description": "The identifier of the issue assigned by the source of the issue", "pattern": "^(.*)$" }, "name": { "type": "string", "title": "Name", "description": "The name of the issue", "pattern": "^(.*)$" }, "description": { "type": "string", "title": "Description", "description": "A description of the issue", "pattern": "^(.*)$" }, "source": { "type": "object", "title": "Source", "description": "The source of the issue where it is documented", "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache'", "pattern": "^(.*)$" }, "url": { "type": "string", "title": "URL", "description": "The url of the issue documentation as provided by the source", "pattern": "^(.*)$" } } }, "references": { "type": "array", "title": "References", "description": "A collection of URL's for reference. Multiple URLs are allowed.", "default": "", "examples": ["https://example.com"], "pattern": "^(.*)$" } } }, "identifiableAction": { "type": "object", "title": "Identifiable Action", "description": "Specifies an individual commit", "additionalProperties": false, "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The timestamp in which the action occurred" }, "name": { "type": "string", "title": "Name", "description": "The name of the individual who performed the action", "pattern": "^(.*)$" }, "email": { "type": "string", "format": "idn-email", "title": "E-mail", "description": "The email address of the individual who performed the action" } } }, "externalReference": { "type": "object", "title": "External Reference", "description": "Specifies an individual external reference", "required": [ "url", "type" ], "additionalProperties": false, "properties": { "url": { "type": "string", "title": "URL", "description": "The URL to the external reference", "pattern": "^(.*)$" }, "comment": { "type": "string", "title": "Comment", "description": "An optional comment describing the external reference", "pattern": "^(.*)$" }, "type": { "type": "string", "title": "Type", "description": "Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the \"other\" type.", "enum": [ "vcs", "issue-tracker", "website", "advisories", "bom", "mailing-list", "social", "chat", "documentation", "support", "distribution", "license", "build-meta", "build-system", "other" ] } } }, "dependency": { "type": "object", "title": "Dependency", "description": "Defines the direct dependencies of a component. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free.", "required": [ "ref" ], "additionalProperties": false, "properties": { "ref": { "$ref": "#/definitions/refType", "title": "Reference", "description": "References a component by the components bom-ref attribute" }, "dependsOn": { "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/refType" }, "title": "Depends On", "description": "The bom-ref identifiers of the components that are dependencies of this dependency object." } } }, "service": { "type": "object", "title": "Service Object", "required": [ "name" ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref should be unique.", "default": "", "pattern": "^(.*)$" }, "provider": { "title": "Provider", "description": "The organization that provides the service.", "$ref": "#/definitions/organizationalEntity" }, "group": { "type": "string", "title": "Service Group", "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", "default": "", "examples": ["com.acme"], "pattern": "^(.*)$" }, "name": { "type": "string", "title": "Service Name", "description": "The name of the service. This will often be a shortened, single name of the service.", "default": "", "examples": ["ticker-service"], "pattern": "^(.*)$" }, "version": { "type": "string", "title": "Service Version", "description": "The service version.", "default": "", "examples": ["1.0.0"], "pattern": "^(.*)$" }, "description": { "type": "string", "title": "Service Description", "description": "Specifies a description for the service", "default": "", "pattern": "^(.*)$" }, "endpoints": { "type": "array", "title": "Endpoints", "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", "default": "", "examples": ["https://example.com/api/v1/ticker"], "pattern": "^(.*)$" }, "authenticated": { "type": "boolean", "title": "Authentication Required", "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." }, "x-trust-boundary": { "type": "boolean", "title": "Crosses Trust Boundary", "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." }, "data": { "type": "array", "items": {"$ref": "#/definitions/dataClassification"}, "title": "Data Classification", "description": "Specifies the data classification." }, "licenses": { "type": "array", "title": "Component License(s)", "items": { "additionalProperties": false, "properties": { "license": { "$ref": "#/definitions/license" }, "expression": { "type": "string", "title": "SPDX License Expression", "examples": [ "Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0" ], "pattern": "^(.*)$" } }, "oneOf":[ { "required": ["license"] }, { "required": ["expression"] } ] } }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References" }, "services": { "$id": "#/definitions/service/properties/services", "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services" } } }, "dataClassification": { "type": "object", "title": "Hash Objects", "required": [ "flow", "classification" ], "additionalProperties": false, "properties": { "flow": { "$ref": "#/definitions/dataFlow" }, "classification": { "type": "string" } } }, "dataFlow": { "type": "string", "enum": [ "inbound", "outbound", "bi-directional", "unknown" ], "title": "Data flow direction", "default": "", "pattern": "^(.*)$" } } } cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.2.SNAPSHOT.schema.json000066400000000000000000001066021476011761300264320ustar00rootroot00000000000000{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "type": "object", "title": "CycloneDX Software Bill-of-Material Specification", "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", "required": [ "bomFormat", "specVersion" ], "properties": { "bomFormat": { "$id": "#/properties/bomFormat", "type": "string", "title": "BOM Format", "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces.", "enum": [ "CycloneDX" ] }, "specVersion": { "$id": "#/properties/specVersion", "type": "string", "title": "CycloneDX Specification Version", "description": "The version of the CycloneDX specification a BOM is written to (starting at version 1.2)", "examples": ["1.2"] }, "serialNumber": { "$id": "#/properties/serialNumber", "type": "string", "title": "BOM Serial Number", "description": "Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated.", "default": "", "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" }, "version": { "$id": "#/properties/version", "type": "integer", "title": "BOM Version", "description": "The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'.", "default": 1, "examples": [1] }, "metadata": { "$id": "#/properties/metadata", "$ref": "#/definitions/metadata", "title": "BOM Metadata", "description": "Provides additional information about a BOM." }, "components": { "$id": "#/properties/components", "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components" }, "services": { "$id": "#/properties/services", "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services" }, "externalReferences": { "$id": "#/properties/externalReferences", "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." }, "dependencies": { "$id": "#/properties/dependencies", "type": "array", "items": {"$ref": "#/definitions/dependency"}, "uniqueItems": true, "title": "Dependencies", "description": "Provides the ability to document dependency relationships." } }, "definitions": { "refType": { "$comment": "Identifier-DataType for interlinked elements.", "type": "string" }, "metadata": { "type": "object", "title": "BOM Metadata Object", "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The date and time (timestamp) when the document was created." }, "tools": { "type": "array", "title": "Creation Tools", "description": "The tool(s) used in the creation of the BOM.", "items": {"$ref": "#/definitions/tool"} }, "authors" :{ "type": "array", "title": "Authors", "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", "items": {"$ref": "#/definitions/organizationalContact"} }, "component": { "title": "Component", "description": "The component that the BOM describes.", "$ref": "#/definitions/component" }, "manufacture": { "title": "Manufacture", "description": "The organization that manufactured the component that the BOM describes.", "$ref": "#/definitions/organizationalEntity" }, "supplier": { "title": "Supplier", "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacture, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" } } }, "tool": { "type": "object", "title": "Tool", "description": "The tool used to create the BOM.", "properties": { "vendor": { "type": "string", "format": "string", "title": "Tool Vendor", "description": "The date and time (timestamp) when the document was created." }, "name": { "type": "string", "format": "string", "title": "Tool Name", "description": "The date and time (timestamp) when the document was created." }, "version": { "type": "string", "format": "string", "title": "Tool Version", "description": "The date and time (timestamp) when the document was created." }, "hashes": { "$id": "#/definitions/tool/properties/hashes", "type": "array", "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the tool (if applicable)." } } }, "organizationalEntity": { "type": "object", "title": "Organizational Entity Object", "description": "", "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the organization", "default": "", "examples": [ "Example Inc." ], "pattern": "^(.*)$" }, "url": { "type": "array", "title": "URL", "description": "The URL of the organization. Multiple URLs are allowed.", "default": "", "examples": ["https://example.com"], "pattern": "^(.*)$" }, "contact": { "type": "array", "title": "Contact", "description": "A contact at the organization. Multiple contacts are allowed.", "items": {"$ref": "#/definitions/organizationalContact"} } } }, "organizationalContact": { "type": "object", "title": "Organizational Contact Object", "description": "", "properties": { "name": { "type": "string", "title": "Name", "description": "The name of a contact", "default": "", "examples": ["Contact name"], "pattern": "^(.*)$" }, "email": { "type": "string", "title": "Email Address", "description": "The email address of the contact. Multiple email addresses are allowed.", "default": "", "examples": ["firstname.lastname@example.com"], "pattern": "^(.*)$" }, "phone": { "type": "string", "title": "Phone", "description": "The phone number of the contact. Multiple phone numbers are allowed.", "default": "", "examples": ["800-555-1212"], "pattern": "^(.*)$" } } }, "component": { "type": "object", "title": "Component Object", "required": [ "type", "name", "version" ], "properties": { "type": { "type": "string", "enum": [ "application", "framework", "library", "container", "operating-system", "device", "firmware", "file" ], "title": "Component Type", "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component.", "default": "", "examples": ["library"], "pattern": "^(.*)$" }, "mime-type": { "type": "string", "title": "Mime-Type", "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", "default": "", "examples": ["image/jpeg"], "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" }, "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref should be unique.", "default": "", "pattern": "^(.*)$" }, "supplier": { "title": "Component Supplier", "description": " The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" }, "author": { "type": "string", "title": "Component Author", "description": "The person(s) or organization(s) that authored the component", "default": "", "examples": ["Acme Inc"], "pattern": "^(.*)$" }, "publisher": { "type": "string", "title": "Component Publisher", "description": "The person(s) or organization(s) that published the component", "default": "", "examples": ["Acme Inc"], "pattern": "^(.*)$" }, "group": { "type": "string", "title": "Component Group", "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", "default": "", "examples": ["com.acme"], "pattern": "^(.*)$" }, "name": { "type": "string", "title": "Component Name", "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", "default": "", "examples": ["tomcat-catalina"], "pattern": "^(.*)$" }, "version": { "type": "string", "title": "Component Version", "description": "The component version. The version should ideally comply with semantic versioning but is not enforced.", "default": "", "examples": ["9.0.14"], "pattern": "^(.*)$" }, "description": { "type": "string", "title": "Component Description", "description": "Specifies a description for the component", "default": "", "pattern": "^(.*)$" }, "scope": { "type": "string", "enum": [ "required", "optional", "excluded" ], "title": "Component Scope", "description": "Specifies the scope of the component. If scope is not specified, 'required' scope should be assumed by the consumer of the BOM", "default": "required", "pattern": "^(.*)$" }, "hashes": { "type": "array", "title": "Component Hashes", "items": {"$ref": "#/definitions/hash"} }, "licenses": { "type": "array", "title": "Component License(s)", "items": { "properties": { "license": { "$ref": "#/definitions/license" }, "expression": { "type": "string", "title": "SPDX License Expression", "examples": [ "Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0" ], "pattern": "^(.*)$" } }, "oneOf":[ { "required": ["license"] }, { "required": ["expression"] } ] } }, "copyright": { "type": "string", "title": "Component Copyright", "description": "An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.", "examples": ["Acme Inc"], "pattern": "^(.*)$" }, "cpe": { "type": "string", "title": "Component Common Platform Enumeration (CPE)", "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe", "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"], "pattern": "^(.*)$" }, "purl": { "type": "string", "title": "Component Package URL (purl)", "default": "", "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"], "pattern": "^(.*)$" }, "swid": { "$ref": "#/definitions/swid", "title": "SWID Tag", "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags." }, "modified": { "type": "boolean", "title": "Component Modified From Original", "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." }, "pedigree": { "type": "object", "title": "Component Pedigree", "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", "properties": { "ancestors": { "type": "array", "title": "Ancestors", "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", "items": {"$ref": "#/definitions/component"} }, "descendants": { "type": "array", "title": "Descendants", "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", "items": {"$ref": "#/definitions/component"} }, "variants": { "type": "array", "title": "Variants", "description": "Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", "items": {"$ref": "#/definitions/component"} }, "commits": { "type": "array", "title": "Commits", "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", "items": {"$ref": "#/definitions/commit"} }, "patches": { "type": "array", "title": "Patches", "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.", "items": {"$ref": "#/definitions/patch"} }, "notes": { "type": "string", "title": "Notes", "description": "Notes, observations, and other non-structured commentary describing the components pedigree.", "pattern": "^(.*)$" } } }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References" }, "components": { "$id": "#/definitions/component/properties/components", "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components" } } }, "swid": { "type": "object", "title": "SWID Tag", "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", "required": [ "tagId", "name" ], "properties": { "tagId": { "type": "string", "title": "Tag ID", "description": "Maps to the tagId of a SoftwareIdentity." }, "name": { "type": "string", "title": "Name", "description": "Maps to the name of a SoftwareIdentity." }, "version": { "type": "string", "title": "Version", "default": "0.0", "description": "Maps to the version of a SoftwareIdentity." }, "tagVersion": { "type": "integer", "title": "Tag Version", "default": 0, "description": "Maps to the tagVersion of a SoftwareIdentity." }, "patch": { "type": "boolean", "title": "Patch", "default": false, "description": "Maps to the patch of a SoftwareIdentity." }, "text": { "title": "Attachment text", "description": "Specifies the metadata and content of the SWID tag.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "default": "The URL to the SWID file.", "pattern": "^(.*)$" } } }, "attachment": { "type": "object", "title": "Attachment", "description": "Specifies the metadata and content for an attachment.", "required": [ "content" ], "properties": { "contentType": { "type": "string", "title": "Content-Type", "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", "default": "text/plain" }, "encoding": { "type": "string", "title": "Encoding", "description": "Specifies the optional encoding the text is represented in.", "enum": [ "base64" ], "default": "", "pattern": "^(.*)$" }, "content": { "type": "string", "title": "Attachment Text", "description": "The attachment data" } } }, "hash": { "type": "object", "title": "Hash Objects", "required": [ "alg", "content" ], "properties": { "alg": { "$ref": "#/definitions/hash-alg" }, "content": { "$ref": "#/definitions/hash-content" } } }, "hash-alg": { "type": "string", "enum": [ "MD5", "SHA-1", "SHA-256", "SHA-384", "SHA-512", "SHA3-256", "SHA3-384", "SHA3-512", "BLAKE2b-256", "BLAKE2b-384", "BLAKE2b-512", "BLAKE3" ], "title": "Hash Algorithm", "default": "", "pattern": "^(.*)$" }, "hash-content": { "type": "string", "title": "Hash Content (value)", "default": "", "examples": ["3942447fac867ae5cdb3229b658f4d48"], "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" }, "license": { "type": "object", "title": "License Object", "oneOf": [ { "required": ["id"] }, { "required": ["name"] } ], "properties": { "id": { "$ref": "spdx.SNAPSHOT.schema.json", "title": "License ID (SPDX)", "description": "A valid SPDX license ID", "examples": ["Apache-2.0"] }, "name": { "type": "string", "title": "License Name", "description": "If SPDX does not define the license used, this field may be used to provide the license name", "default": "", "examples": ["Acme Software License"], "pattern": "^(.*)$" }, "text": { "title": "License text", "description": "An optional way to include the textual content of a license.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "License URL", "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], "pattern": "^(.*)$" } } }, "commit": { "type": "object", "title": "Commit", "description": "Specifies an individual commit", "properties": { "uid": { "type": "string", "title": "UID", "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes.", "pattern": "^(.*)$" }, "url": { "type": "string", "title": "URL", "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", "format": "iri-reference" }, "author": { "title": "Author", "description": "The author who created the changes in the commit", "$ref": "#/definitions/identifiableAction" }, "committer": { "title": "Committer", "description": "The person who committed or pushed the commit", "$ref": "#/definitions/identifiableAction" }, "message": { "type": "string", "title": "Message", "description": "The text description of the contents of the commit", "pattern": "^(.*)$" } } }, "patch": { "type": "object", "title": "Patch", "description": "Specifies an individual patch", "required": [ "type" ], "properties": { "type": { "type": "string", "enum": [ "unofficial", "monkey", "backport", "cherry-pick" ], "title": "Type", "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality" }, "diff": { "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "$ref": "#/definitions/diff" }, "resolves": { "type": "array", "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues the patch resolves" } } }, "diff": { "type": "object", "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "properties": { "text": { "title": "Diff text", "description": "Specifies the optional text of the diff", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "description": "Specifies the URL to the diff", "pattern": "^(.*)$" } } }, "issue": { "type": "object", "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "required": [ "type" ], "properties": { "type": { "type": "string", "enum": [ "defect", "enhancement", "security" ], "title": "Type", "description": "Specifies the type of issue" }, "id": { "type": "string", "title": "ID", "description": "The identifier of the issue assigned by the source of the issue", "pattern": "^(.*)$" }, "name": { "type": "string", "title": "Name", "description": "The name of the issue", "pattern": "^(.*)$" }, "description": { "type": "string", "title": "Description", "description": "A description of the issue", "pattern": "^(.*)$" }, "source": { "type": "object", "title": "Source", "description": "The source of the issue where it is documented", "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache'", "pattern": "^(.*)$" }, "url": { "type": "string", "title": "URL", "description": "The url of the issue documentation as provided by the source", "pattern": "^(.*)$" } } }, "references": { "type": "array", "title": "References", "description": "A collection of URL's for reference. Multiple URLs are allowed.", "default": "", "examples": ["https://example.com"], "pattern": "^(.*)$" } } }, "identifiableAction": { "type": "object", "title": "Identifiable Action", "description": "Specifies an individual commit", "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The timestamp in which the action occurred" }, "name": { "type": "string", "title": "Name", "description": "The name of the individual who performed the action", "pattern": "^(.*)$" }, "email": { "type": "string", "format": "idn-email", "title": "E-mail", "description": "The email address of the individual who performed the action" } } }, "externalReference": { "type": "object", "title": "External Reference", "description": "Specifies an individual external reference", "required": [ "url", "type" ], "properties": { "url": { "type": "string", "title": "URL", "description": "The URL to the external reference", "pattern": "^(.*)$" }, "comment": { "type": "string", "title": "Comment", "description": "An optional comment describing the external reference", "pattern": "^(.*)$" }, "type": { "type": "string", "title": "Type", "description": "Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the \"other\" type.", "enum": [ "vcs", "issue-tracker", "website", "advisories", "bom", "mailing-list", "social", "chat", "documentation", "support", "distribution", "license", "build-meta", "build-system", "other" ] } } }, "dependency": { "type": "object", "title": "Dependency", "description": "Defines the direct dependencies of a component. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free.", "required": [ "ref" ], "properties": { "ref": { "$ref": "#/definitions/refType", "format": "string", "title": "Reference", "description": "References a component by the components bom-ref attribute" }, "dependsOn": { "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/refType" }, "title": "Depends On", "description": "The bom-ref identifiers of the components that are dependencies of this dependency object." } } }, "service": { "type": "object", "title": "Service Object", "required": [ "name" ], "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref should be unique.", "default": "", "pattern": "^(.*)$" }, "provider": { "title": "Provider", "description": "The organization that provides the service.", "$ref": "#/definitions/organizationalEntity" }, "group": { "type": "string", "title": "Service Group", "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", "default": "", "examples": ["com.acme"], "pattern": "^(.*)$" }, "name": { "type": "string", "title": "Service Name", "description": "The name of the service. This will often be a shortened, single name of the service.", "default": "", "examples": ["ticker-service"], "pattern": "^(.*)$" }, "version": { "type": "string", "title": "Service Version", "description": "The service version.", "default": "", "examples": ["1.0.0"], "pattern": "^(.*)$" }, "description": { "type": "string", "title": "Service Description", "description": "Specifies a description for the service", "default": "", "pattern": "^(.*)$" }, "endpoints": { "type": "array", "title": "Endpoints", "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", "default": "", "examples": ["https://example.com/api/v1/ticker"], "pattern": "^(.*)$" }, "authenticated": { "type": "boolean", "title": "Authentication Required", "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." }, "x-trust-boundary": { "type": "boolean", "title": "Crosses Trust Boundary", "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." }, "data": { "type": "array", "items": {"$ref": "#/definitions/dataClassification"}, "title": "Data Classification", "description": "Specifies the data classification." }, "licenses": { "type": "array", "title": "Component License(s)", "items": { "properties": { "license": { "$ref": "#/definitions/license" }, "expression": { "type": "string", "title": "SPDX License Expression", "examples": [ "Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0" ], "pattern": "^(.*)$" } }, "oneOf":[ { "required": ["license"] }, { "required": ["expression"] } ] } }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References" }, "services": { "$id": "#/definitions/service/properties/services", "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services" } } }, "dataClassification": { "type": "object", "title": "Hash Objects", "required": [ "flow", "classification" ], "properties": { "flow": { "$ref": "#/definitions/dataFlow" }, "classification": { "type": "string" } } }, "dataFlow": { "type": "string", "enum": [ "inbound", "outbound", "bi-directional", "unknown" ], "title": "Data flow direction", "default": "", "pattern": "^(.*)$" } } } cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.2.SNAPSHOT.xsd000066400000000000000000002251371476011761300250250ustar00rootroot00000000000000 CycloneDX Software Bill-of-Material Specification https://cyclonedx.org/ Apache License, Version 2.0 Steve Springett Identifier-DataType for interlinked elements. The date and time (timestamp) when the document was created. The tool(s) used in the creation of the BOM. The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors. The component that the BOM describes. The organization that manufactured the component that the BOM describes. The organization that supplied the component that the BOM describes. The supplier may often be the manufacture, but may also be a distributor or repackager. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The name of the organization The URL of the organization. Multiple URLs are allowed. A contact person at the organization. Multiple contacts are allowed. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies a tool (manual or automated). The vendor of the tool used to create the BOM. The name of the tool used to create the BOM. The version of the tool used to create the BOM. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The name of the contact The email address of the contact. Multiple email addresses are allowed. The phone number of the contact. Multiple phone numbers are allowed. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager. The person(s) or organization(s) that authored the component The person(s) or organization(s) that published the component The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org. The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery The component version. The version should ideally comply with semantic versioning but is not enforced. Specifies a description for the component Specifies the scope of the component. If scope is not specified, 'runtime' scope should be assumed by the consumer of the BOM A valid SPDX license expression. Refer to https://spdx.org/specifications for syntax requirements An optional copyright notice informing users of the underlying claims to copyright ownership in a published work. DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe Specifies the package-url (PURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original. Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Provides the ability to document external references related to the component or to the project the component describes. Specifies optional sub-components. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. Allows any undeclared elements as long as the elements are placed in a different namespace. Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component. The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type. An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. A valid SPDX license ID If SPDX does not define the license used, this field may be used to provide the license name Specifies the optional full text of the attachment The URL to the attachment file. If the attachment is a license or BOM, an externalReference should also be specified for completeness. Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies attributes of the text Specifies the content type of the text. Defaults to text/plain if not specified. Specifies the optional encoding the text is represented in Specifies the file hash of the component Specifies the algorithm used to create the hash The component is required for runtime The component is optional at runtime. Optional components are components that are not capable of being called due to them not be installed or otherwise accessible by any means. Components that are installed but due to configuration or other restrictions are prohibited from being called must be scoped as 'required'. Components that are excluded provide the ability to document component usage for test and other non-runtime purposes. Excluded components are not reachable within a call graph at runtime. A software application. Refer to https://en.wikipedia.org/wiki/Application_software for information about applications. A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework for information on how frameworks vary slightly from libraries. A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended. A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to https://en.wikipedia.org/wiki/Operating_system A hardware device such as a processor, or chip-set. A hardware device containing firmware should include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device. A special type of software that provides low-level control over a devices hardware. Refer to https://en.wikipedia.org/wiki/Firmware A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file for information about files. Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. Refer to https://nvd.nist.gov/products/cpe for official specification. Specifies the full content of the SWID tag. The URL to the SWID file. Allows any undeclared elements as long as the elements are placed in a different namespace. Maps to the tagId of a SoftwareIdentity. Maps to the name of a SoftwareIdentity. Maps to the version of a SoftwareIdentity. Maps to the tagVersion of a SoftwareIdentity. Maps to the patch of a SoftwareIdentity. Defines a string representation of a UUID conforming to RFC 4122. Version Control System Issue or defect tracking system, or an Application Lifecycle Management (ALM) system Website Security advisories Bill-of-material document (CycloneDX, SPDX, SWID, etc) Mailing list or discussion group Social media account Real-time chat platform Documentation, guides, or how-to instructions Community or commercial support Direct or repository download location The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) URL to an automated build system Use this if no other types accurately describe the purpose of the external reference External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM. Zero or more external references can be defined The URL to the external reference An optional comment describing the external reference Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the "other" type. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Zero or more commits can be specified. Specifies an individual commit. Allows any undeclared elements as long as the elements are placed in a different namespace. A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes. The URL to the commit. This URL will typically point to a commit in a version control system. The author who created the changes in the commit The person who committed or pushed the commit The text description of the contents of the commit Allows any undeclared elements as long as the elements are placed in a different namespace. Zero or more patches can be specified. Specifies an individual patch. Allows any undeclared elements as long as the elements are placed in a different namespace. The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality A patch which is not developed by the creators or maintainers of the software being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch A patch which dynamically modifies runtime behavior. Refer to https://en.wikipedia.org/wiki/Monkey_patch A patch which takes code from a newer version of software and applies it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting A patch created by selectively applying commits from other versions or branches of the same software. A fault, flaw, or bug in software A new feature or behavior in software A special type of defect which impacts security Specifies the optional text of the diff Specifies the URL to the diff Allows any undeclared elements as long as the elements are placed in a different namespace. The identifier of the issue assigned by the source of the issue The name of the issue A description of the issue The source of the issue where it is documented. The name of the source. For example "National Vulnerability Database", "NVD", and "Apache" The url of the issue documentation as provided by the source Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the type of issue The timestamp in which the action occurred The name of the individual who performed the action The email address of the individual who performed the action Allows any undeclared elements as long as the elements are placed in a different namespace. Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known. Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from. Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component. Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor. A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant. A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits. Notes, observations, and other non-structured commentary describing the components pedigree. Allows any undeclared elements as long as the elements are placed in a different namespace. References a component or service by the its bom-ref attribute User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The organization that provides the service. The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided. The name of the service. This will often be a shortened, single name of the service. The service version. Specifies a description for the service. A service endpoint URI. A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication. A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed. Specifies the data classification. A valid SPDX license expression. Refer to https://spdx.org/specifications for syntax requirements Provides the ability to document external references related to the service. Specifies optional sub-service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. Allows any undeclared elements as long as the elements are placed in a different namespace. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the service elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies the data classification. Specifies the flow direction of the data. Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known. Provides additional information about a BOM. Provides the ability to document a list of components. Provides the ability to document a list of external services. Provides the ability to document external references related to the BOM or to the project the BOM describes. Provides the ability to document dependency relationships. Allows any undeclared elements as long as the elements are placed in a different namespace. The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'. Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.3-strict.SNAPSHOT.schema.json000066400000000000000000001166041476011761300277440ustar00rootroot00000000000000{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "type": "object", "title": "CycloneDX Software Bill-of-Material Specification", "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", "required": [ "bomFormat", "specVersion" ], "additionalProperties": false, "properties": { "$schema": { "type": "string" }, "bomFormat": { "$id": "#/properties/bomFormat", "type": "string", "title": "BOM Format", "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces.", "enum": [ "CycloneDX" ] }, "specVersion": { "$id": "#/properties/specVersion", "type": "string", "title": "CycloneDX Specification Version", "description": "The version of the CycloneDX specification a BOM is written to (starting at version 1.2)", "examples": ["1.3"] }, "serialNumber": { "$id": "#/properties/serialNumber", "type": "string", "title": "BOM Serial Number", "description": "Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated.", "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" }, "version": { "$id": "#/properties/version", "type": "integer", "title": "BOM Version", "description": "The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'.", "default": 1, "examples": [1] }, "metadata": { "$id": "#/properties/metadata", "$ref": "#/definitions/metadata", "title": "BOM Metadata", "description": "Provides additional information about a BOM." }, "components": { "$id": "#/properties/components", "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components" }, "services": { "$id": "#/properties/services", "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services" }, "externalReferences": { "$id": "#/properties/externalReferences", "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." }, "dependencies": { "$id": "#/properties/dependencies", "type": "array", "items": {"$ref": "#/definitions/dependency"}, "uniqueItems": true, "title": "Dependencies", "description": "Provides the ability to document dependency relationships." }, "compositions": { "$id": "#/properties/compositions", "type": "array", "items": {"$ref": "#/definitions/compositions"}, "uniqueItems": true, "title": "Compositions", "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness." } }, "definitions": { "refType": { "$comment": "Identifier-DataType for interlinked elements.", "type": "string" }, "metadata": { "type": "object", "title": "BOM Metadata Object", "additionalProperties": false, "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The date and time (timestamp) when the document was created." }, "tools": { "type": "array", "title": "Creation Tools", "description": "The tool(s) used in the creation of the BOM.", "items": {"$ref": "#/definitions/tool"} }, "authors" :{ "type": "array", "title": "Authors", "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", "items": {"$ref": "#/definitions/organizationalContact"} }, "component": { "title": "Component", "description": "The component that the BOM describes.", "$ref": "#/definitions/component" }, "manufacture": { "title": "Manufacture", "description": "The organization that manufactured the component that the BOM describes.", "$ref": "#/definitions/organizationalEntity" }, "supplier": { "title": "Supplier", "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" }, "licenses": { "type": "array", "title": "BOM License(s)", "items": {"$ref": "#/definitions/licenseChoice"} }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values.", "items": {"$ref": "#/definitions/property"} } } }, "tool": { "type": "object", "title": "Tool", "description": "The tool used to create the BOM.", "additionalProperties": false, "properties": { "vendor": { "type": "string", "title": "Tool Vendor", "description": "The date and time (timestamp) when the document was created." }, "name": { "type": "string", "title": "Tool Name", "description": "The date and time (timestamp) when the document was created." }, "version": { "type": "string", "title": "Tool Version", "description": "The date and time (timestamp) when the document was created." }, "hashes": { "$id": "#/definitions/tool/properties/hashes", "type": "array", "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the tool (if applicable)." } } }, "organizationalEntity": { "type": "object", "title": "Organizational Entity Object", "description": "", "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the organization", "examples": [ "Example Inc." ] }, "url": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "URL", "description": "The URL of the organization. Multiple URLs are allowed.", "examples": ["https://example.com"] }, "contact": { "type": "array", "title": "Contact", "description": "A contact at the organization. Multiple contacts are allowed.", "items": {"$ref": "#/definitions/organizationalContact"} } } }, "organizationalContact": { "type": "object", "title": "Organizational Contact Object", "description": "", "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Name", "description": "The name of a contact", "examples": ["Contact name"] }, "email": { "type": "string", "title": "Email Address", "description": "The email address of the contact.", "examples": ["firstname.lastname@example.com"] }, "phone": { "type": "string", "title": "Phone", "description": "The phone number of the contact.", "examples": ["800-555-1212"] } } }, "component": { "type": "object", "title": "Component Object", "required": [ "type", "name", "version" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "application", "framework", "library", "container", "operating-system", "device", "firmware", "file" ], "title": "Component Type", "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component.", "examples": ["library"] }, "mime-type": { "type": "string", "title": "Mime-Type", "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", "examples": ["image/jpeg"], "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" }, "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref should be unique." }, "supplier": { "title": "Component Supplier", "description": " The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" }, "author": { "type": "string", "title": "Component Author", "description": "The person(s) or organization(s) that authored the component", "examples": ["Acme Inc"] }, "publisher": { "type": "string", "title": "Component Publisher", "description": "The person(s) or organization(s) that published the component", "examples": ["Acme Inc"] }, "group": { "type": "string", "title": "Component Group", "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", "examples": ["com.acme"] }, "name": { "type": "string", "title": "Component Name", "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", "examples": ["tomcat-catalina"] }, "version": { "type": "string", "title": "Component Version", "description": "The component version. The version should ideally comply with semantic versioning but is not enforced.", "examples": ["9.0.14"] }, "description": { "type": "string", "title": "Component Description", "description": "Specifies a description for the component" }, "scope": { "type": "string", "enum": [ "required", "optional", "excluded" ], "title": "Component Scope", "description": "Specifies the scope of the component. If scope is not specified, 'required' scope should be assumed by the consumer of the BOM", "default": "required" }, "hashes": { "type": "array", "title": "Component Hashes", "items": {"$ref": "#/definitions/hash"} }, "licenses": { "type": "array", "items": {"$ref": "#/definitions/licenseChoice"}, "title": "Component License(s)" }, "copyright": { "type": "string", "title": "Component Copyright", "description": "An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.", "examples": ["Acme Inc"] }, "cpe": { "type": "string", "title": "Component Common Platform Enumeration (CPE)", "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe", "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"] }, "purl": { "type": "string", "title": "Component Package URL (purl)", "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"] }, "swid": { "$ref": "#/definitions/swid", "title": "SWID Tag", "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags." }, "modified": { "type": "boolean", "title": "Component Modified From Original", "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." }, "pedigree": { "type": "object", "title": "Component Pedigree", "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", "additionalProperties": false, "properties": { "ancestors": { "type": "array", "title": "Ancestors", "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", "items": {"$ref": "#/definitions/component"} }, "descendants": { "type": "array", "title": "Descendants", "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", "items": {"$ref": "#/definitions/component"} }, "variants": { "type": "array", "title": "Variants", "description": "Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", "items": {"$ref": "#/definitions/component"} }, "commits": { "type": "array", "title": "Commits", "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", "items": {"$ref": "#/definitions/commit"} }, "patches": { "type": "array", "title": "Patches", "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.", "items": {"$ref": "#/definitions/patch"} }, "notes": { "type": "string", "title": "Notes", "description": "Notes, observations, and other non-structured commentary describing the components pedigree." } } }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References" }, "components": { "$id": "#/definitions/component/properties/components", "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components" }, "evidence": { "$ref": "#/definitions/componentEvidence", "title": "Evidence", "description": "Provides the ability to document evidence collected through various forms of extraction or analysis." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values.", "items": {"$ref": "#/definitions/property"} } } }, "swid": { "type": "object", "title": "SWID Tag", "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", "required": [ "tagId", "name" ], "additionalProperties": false, "properties": { "tagId": { "type": "string", "title": "Tag ID", "description": "Maps to the tagId of a SoftwareIdentity." }, "name": { "type": "string", "title": "Name", "description": "Maps to the name of a SoftwareIdentity." }, "version": { "type": "string", "title": "Version", "default": "0.0", "description": "Maps to the version of a SoftwareIdentity." }, "tagVersion": { "type": "integer", "title": "Tag Version", "default": 0, "description": "Maps to the tagVersion of a SoftwareIdentity." }, "patch": { "type": "boolean", "title": "Patch", "default": false, "description": "Maps to the patch of a SoftwareIdentity." }, "text": { "title": "Attachment text", "description": "Specifies the metadata and content of the SWID tag.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "description": "The URL to the SWID file.", "format": "iri-reference" } } }, "attachment": { "type": "object", "title": "Attachment", "description": "Specifies the metadata and content for an attachment.", "required": [ "content" ], "additionalProperties": false, "properties": { "contentType": { "type": "string", "title": "Content-Type", "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", "default": "text/plain" }, "encoding": { "type": "string", "title": "Encoding", "description": "Specifies the optional encoding the text is represented in.", "enum": [ "base64" ] }, "content": { "type": "string", "title": "Attachment Text", "description": "The attachment data" } } }, "hash": { "type": "object", "title": "Hash Objects", "required": [ "alg", "content" ], "additionalProperties": false, "properties": { "alg": { "$ref": "#/definitions/hash-alg" }, "content": { "$ref": "#/definitions/hash-content" } } }, "hash-alg": { "type": "string", "enum": [ "MD5", "SHA-1", "SHA-256", "SHA-384", "SHA-512", "SHA3-256", "SHA3-384", "SHA3-512", "BLAKE2b-256", "BLAKE2b-384", "BLAKE2b-512", "BLAKE3" ], "title": "Hash Algorithm" }, "hash-content": { "type": "string", "title": "Hash Content (value)", "examples": ["3942447fac867ae5cdb3229b658f4d48"], "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" }, "license": { "type": "object", "title": "License Object", "oneOf": [ { "required": ["id"] }, { "required": ["name"] } ], "additionalProperties": false, "properties": { "id": { "$ref": "spdx.SNAPSHOT.schema.json", "title": "License ID (SPDX)", "description": "A valid SPDX license ID", "examples": ["Apache-2.0"] }, "name": { "type": "string", "title": "License Name", "description": "If SPDX does not define the license used, this field may be used to provide the license name", "examples": ["Acme Software License"] }, "text": { "title": "License text", "description": "An optional way to include the textual content of a license.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "License URL", "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], "format": "iri-reference" } } }, "licenseChoice": { "type": "object", "title": "License(s)", "additionalProperties": false, "properties": { "license": { "$ref": "#/definitions/license" }, "expression": { "type": "string", "title": "SPDX License Expression", "examples": [ "Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0" ] } }, "oneOf":[ { "required": ["license"] }, { "required": ["expression"] } ] }, "commit": { "type": "object", "title": "Commit", "description": "Specifies an individual commit", "additionalProperties": false, "properties": { "uid": { "type": "string", "title": "UID", "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes." }, "url": { "type": "string", "title": "URL", "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", "format": "iri-reference" }, "author": { "title": "Author", "description": "The author who created the changes in the commit", "$ref": "#/definitions/identifiableAction" }, "committer": { "title": "Committer", "description": "The person who committed or pushed the commit", "$ref": "#/definitions/identifiableAction" }, "message": { "type": "string", "title": "Message", "description": "The text description of the contents of the commit" } } }, "patch": { "type": "object", "title": "Patch", "description": "Specifies an individual patch", "required": [ "type" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "unofficial", "monkey", "backport", "cherry-pick" ], "title": "Type", "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality" }, "diff": { "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "$ref": "#/definitions/diff" }, "resolves": { "type": "array", "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues the patch resolves" } } }, "diff": { "type": "object", "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "additionalProperties": false, "properties": { "text": { "title": "Diff text", "description": "Specifies the optional text of the diff", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "description": "Specifies the URL to the diff", "format": "iri-reference" } } }, "issue": { "type": "object", "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "required": [ "type" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "defect", "enhancement", "security" ], "title": "Type", "description": "Specifies the type of issue" }, "id": { "type": "string", "title": "ID", "description": "The identifier of the issue assigned by the source of the issue" }, "name": { "type": "string", "title": "Name", "description": "The name of the issue" }, "description": { "type": "string", "title": "Description", "description": "A description of the issue" }, "source": { "type": "object", "title": "Source", "description": "The source of the issue where it is documented", "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache'" }, "url": { "type": "string", "title": "URL", "description": "The url of the issue documentation as provided by the source", "format": "iri-reference" } } }, "references": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "References", "description": "A collection of URL's for reference. Multiple URLs are allowed.", "examples": ["https://example.com"] } } }, "identifiableAction": { "type": "object", "title": "Identifiable Action", "description": "Specifies an individual commit", "additionalProperties": false, "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The timestamp in which the action occurred" }, "name": { "type": "string", "title": "Name", "description": "The name of the individual who performed the action" }, "email": { "type": "string", "format": "idn-email", "title": "E-mail", "description": "The email address of the individual who performed the action" } } }, "externalReference": { "type": "object", "title": "External Reference", "description": "Specifies an individual external reference", "required": [ "url", "type" ], "additionalProperties": false, "properties": { "url": { "type": "string", "title": "URL", "description": "The URL to the external reference", "format": "iri-reference" }, "comment": { "type": "string", "title": "Comment", "description": "An optional comment describing the external reference" }, "type": { "type": "string", "title": "Type", "description": "Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the \"other\" type.", "enum": [ "vcs", "issue-tracker", "website", "advisories", "bom", "mailing-list", "social", "chat", "documentation", "support", "distribution", "license", "build-meta", "build-system", "other" ] }, "hashes": { "$id": "#/definitions/externalReference/properties/hashes", "type": "array", "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the external reference (if applicable)." } } }, "dependency": { "type": "object", "title": "Dependency", "description": "Defines the direct dependencies of a component. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free.", "required": [ "ref" ], "additionalProperties": false, "properties": { "ref": { "$ref": "#/definitions/refType", "title": "Reference", "description": "References a component by the components bom-ref attribute" }, "dependsOn": { "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/refType" }, "title": "Depends On", "description": "The bom-ref identifiers of the components that are dependencies of this dependency object." } } }, "service": { "type": "object", "title": "Service Object", "required": [ "name" ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref should be unique." }, "provider": { "title": "Provider", "description": "The organization that provides the service.", "$ref": "#/definitions/organizationalEntity" }, "group": { "type": "string", "title": "Service Group", "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", "examples": ["com.acme"] }, "name": { "type": "string", "title": "Service Name", "description": "The name of the service. This will often be a shortened, single name of the service.", "examples": ["ticker-service"] }, "version": { "type": "string", "title": "Service Version", "description": "The service version.", "examples": ["1.0.0"] }, "description": { "type": "string", "title": "Service Description", "description": "Specifies a description for the service" }, "endpoints": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "Endpoints", "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", "examples": ["https://example.com/api/v1/ticker"] }, "authenticated": { "type": "boolean", "title": "Authentication Required", "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." }, "x-trust-boundary": { "type": "boolean", "title": "Crosses Trust Boundary", "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." }, "data": { "type": "array", "items": {"$ref": "#/definitions/dataClassification"}, "title": "Data Classification", "description": "Specifies the data classification." }, "licenses": { "type": "array", "items": {"$ref": "#/definitions/licenseChoice"}, "title": "Component License(s)" }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References" }, "services": { "$id": "#/definitions/service/properties/services", "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services" }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values.", "items": {"$ref": "#/definitions/property"} } } }, "dataClassification": { "type": "object", "title": "Hash Objects", "required": [ "flow", "classification" ], "additionalProperties": false, "properties": { "flow": { "$ref": "#/definitions/dataFlow" }, "classification": { "type": "string" } } }, "dataFlow": { "type": "string", "enum": [ "inbound", "outbound", "bi-directional", "unknown" ], "title": "Data flow direction" }, "copyright": { "type": "object", "title": "Copyright", "required": [ "text" ], "additionalProperties": false, "properties": { "text": { "type": "string", "title": "Copyright Text" } } }, "componentEvidence": { "type": "object", "title": "Evidence", "description": "Provides the ability to document evidence collected through various forms of extraction or analysis.", "additionalProperties": false, "properties": { "licenses": { "type": "array", "items": {"$ref": "#/definitions/licenseChoice"}, "title": "Component License(s)" }, "copyright": { "type": "array", "items": {"$ref": "#/definitions/copyright"}, "title": "Copyright" } } }, "compositions": { "type": "object", "title": "Compositions", "required": [ "aggregate" ], "additionalProperties": false, "properties": { "aggregate": { "$ref": "#/definitions/aggregateType", "title": "Aggregate", "description": "Specifies an aggregate type that describe how complete a relationship is." }, "assemblies": { "type": "array", "uniqueItems": true, "items": { "type": "string" }, "title": "BOM references", "description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only." }, "dependencies": { "type": "array", "uniqueItems": true, "items": { "type": "string" }, "title": "BOM references", "description": "The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only." } } }, "aggregateType": { "type": "string", "default": "not_specified", "enum": [ "complete", "incomplete", "incomplete_first_party_only", "incomplete_third_party_only", "unknown", "not_specified" ] }, "property": { "type": "object", "title": "Lightweight name-value pair", "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the property. Duplicate names are allowed, each potentially having a different value." }, "value": { "type": "string", "title": "Value", "description": "The value of the property." } } } } } cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.3.SNAPSHOT.schema.json000066400000000000000000001146641476011761300264420ustar00rootroot00000000000000{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "type": "object", "title": "CycloneDX Software Bill-of-Material Specification", "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", "required": [ "bomFormat", "specVersion" ], "properties": { "bomFormat": { "$id": "#/properties/bomFormat", "type": "string", "title": "BOM Format", "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces.", "enum": [ "CycloneDX" ] }, "specVersion": { "$id": "#/properties/specVersion", "type": "string", "title": "CycloneDX Specification Version", "description": "The version of the CycloneDX specification a BOM is written to (starting at version 1.2)", "examples": ["1.3"] }, "serialNumber": { "$id": "#/properties/serialNumber", "type": "string", "title": "BOM Serial Number", "description": "Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated.", "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" }, "version": { "$id": "#/properties/version", "type": "integer", "title": "BOM Version", "description": "The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'.", "default": 1, "examples": [1] }, "metadata": { "$id": "#/properties/metadata", "$ref": "#/definitions/metadata", "title": "BOM Metadata", "description": "Provides additional information about a BOM." }, "components": { "$id": "#/properties/components", "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components" }, "services": { "$id": "#/properties/services", "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services" }, "externalReferences": { "$id": "#/properties/externalReferences", "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." }, "dependencies": { "$id": "#/properties/dependencies", "type": "array", "items": {"$ref": "#/definitions/dependency"}, "uniqueItems": true, "title": "Dependencies", "description": "Provides the ability to document dependency relationships." }, "compositions": { "$id": "#/properties/compositions", "type": "array", "items": {"$ref": "#/definitions/compositions"}, "uniqueItems": true, "title": "Compositions", "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness." } }, "definitions": { "refType": { "$comment": "Identifier-DataType for interlinked elements.", "type": "string" }, "metadata": { "type": "object", "title": "BOM Metadata Object", "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The date and time (timestamp) when the document was created." }, "tools": { "type": "array", "title": "Creation Tools", "description": "The tool(s) used in the creation of the BOM.", "items": {"$ref": "#/definitions/tool"} }, "authors" :{ "type": "array", "title": "Authors", "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", "items": {"$ref": "#/definitions/organizationalContact"} }, "component": { "title": "Component", "description": "The component that the BOM describes.", "$ref": "#/definitions/component" }, "manufacture": { "title": "Manufacture", "description": "The organization that manufactured the component that the BOM describes.", "$ref": "#/definitions/organizationalEntity" }, "supplier": { "title": "Supplier", "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" }, "licenses": { "type": "array", "title": "BOM License(s)", "items": {"$ref": "#/definitions/licenseChoice"} }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values.", "items": {"$ref": "#/definitions/property"} } } }, "tool": { "type": "object", "title": "Tool", "description": "The tool used to create the BOM.", "properties": { "vendor": { "type": "string", "title": "Tool Vendor", "description": "The date and time (timestamp) when the document was created." }, "name": { "type": "string", "title": "Tool Name", "description": "The date and time (timestamp) when the document was created." }, "version": { "type": "string", "title": "Tool Version", "description": "The date and time (timestamp) when the document was created." }, "hashes": { "$id": "#/definitions/tool/properties/hashes", "type": "array", "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the tool (if applicable)." } } }, "organizationalEntity": { "type": "object", "title": "Organizational Entity Object", "description": "", "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the organization", "examples": [ "Example Inc." ] }, "url": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "URL", "description": "The URL of the organization. Multiple URLs are allowed.", "examples": ["https://example.com"] }, "contact": { "type": "array", "title": "Contact", "description": "A contact at the organization. Multiple contacts are allowed.", "items": {"$ref": "#/definitions/organizationalContact"} } } }, "organizationalContact": { "type": "object", "title": "Organizational Contact Object", "description": "", "properties": { "name": { "type": "string", "title": "Name", "description": "The name of a contact", "examples": ["Contact name"] }, "email": { "type": "string", "title": "Email Address", "description": "The email address of the contact.", "examples": ["firstname.lastname@example.com"] }, "phone": { "type": "string", "title": "Phone", "description": "The phone number of the contact.", "examples": ["800-555-1212"] } } }, "component": { "type": "object", "title": "Component Object", "required": [ "type", "name", "version" ], "properties": { "type": { "type": "string", "enum": [ "application", "framework", "library", "container", "operating-system", "device", "firmware", "file" ], "title": "Component Type", "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component.", "examples": ["library"] }, "mime-type": { "type": "string", "title": "Mime-Type", "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", "examples": ["image/jpeg"], "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" }, "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref should be unique." }, "supplier": { "title": "Component Supplier", "description": " The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" }, "author": { "type": "string", "title": "Component Author", "description": "The person(s) or organization(s) that authored the component", "examples": ["Acme Inc"] }, "publisher": { "type": "string", "title": "Component Publisher", "description": "The person(s) or organization(s) that published the component", "examples": ["Acme Inc"] }, "group": { "type": "string", "title": "Component Group", "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", "examples": ["com.acme"] }, "name": { "type": "string", "title": "Component Name", "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", "examples": ["tomcat-catalina"] }, "version": { "type": "string", "title": "Component Version", "description": "The component version. The version should ideally comply with semantic versioning but is not enforced.", "examples": ["9.0.14"] }, "description": { "type": "string", "title": "Component Description", "description": "Specifies a description for the component" }, "scope": { "type": "string", "enum": [ "required", "optional", "excluded" ], "title": "Component Scope", "description": "Specifies the scope of the component. If scope is not specified, 'required' scope should be assumed by the consumer of the BOM", "default": "required" }, "hashes": { "type": "array", "title": "Component Hashes", "items": {"$ref": "#/definitions/hash"} }, "licenses": { "type": "array", "items": {"$ref": "#/definitions/licenseChoice"}, "title": "Component License(s)" }, "copyright": { "type": "string", "title": "Component Copyright", "description": "An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.", "examples": ["Acme Inc"] }, "cpe": { "type": "string", "title": "Component Common Platform Enumeration (CPE)", "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe", "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"] }, "purl": { "type": "string", "title": "Component Package URL (purl)", "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"] }, "swid": { "$ref": "#/definitions/swid", "title": "SWID Tag", "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags." }, "modified": { "type": "boolean", "title": "Component Modified From Original", "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." }, "pedigree": { "type": "object", "title": "Component Pedigree", "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", "properties": { "ancestors": { "type": "array", "title": "Ancestors", "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", "items": {"$ref": "#/definitions/component"} }, "descendants": { "type": "array", "title": "Descendants", "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", "items": {"$ref": "#/definitions/component"} }, "variants": { "type": "array", "title": "Variants", "description": "Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", "items": {"$ref": "#/definitions/component"} }, "commits": { "type": "array", "title": "Commits", "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", "items": {"$ref": "#/definitions/commit"} }, "patches": { "type": "array", "title": "Patches", "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.", "items": {"$ref": "#/definitions/patch"} }, "notes": { "type": "string", "title": "Notes", "description": "Notes, observations, and other non-structured commentary describing the components pedigree." } } }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References" }, "components": { "$id": "#/definitions/component/properties/components", "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components" }, "evidence": { "$ref": "#/definitions/componentEvidence", "title": "Evidence", "description": "Provides the ability to document evidence collected through various forms of extraction or analysis." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values.", "items": {"$ref": "#/definitions/property"} } } }, "swid": { "type": "object", "title": "SWID Tag", "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", "required": [ "tagId", "name" ], "properties": { "tagId": { "type": "string", "title": "Tag ID", "description": "Maps to the tagId of a SoftwareIdentity." }, "name": { "type": "string", "title": "Name", "description": "Maps to the name of a SoftwareIdentity." }, "version": { "type": "string", "title": "Version", "default": "0.0", "description": "Maps to the version of a SoftwareIdentity." }, "tagVersion": { "type": "integer", "title": "Tag Version", "default": 0, "description": "Maps to the tagVersion of a SoftwareIdentity." }, "patch": { "type": "boolean", "title": "Patch", "default": false, "description": "Maps to the patch of a SoftwareIdentity." }, "text": { "title": "Attachment text", "description": "Specifies the metadata and content of the SWID tag.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "description": "The URL to the SWID file.", "format": "iri-reference" } } }, "attachment": { "type": "object", "title": "Attachment", "description": "Specifies the metadata and content for an attachment.", "required": [ "content" ], "properties": { "contentType": { "type": "string", "title": "Content-Type", "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", "default": "text/plain" }, "encoding": { "type": "string", "title": "Encoding", "description": "Specifies the optional encoding the text is represented in.", "enum": [ "base64" ] }, "content": { "type": "string", "title": "Attachment Text", "description": "The attachment data" } } }, "hash": { "type": "object", "title": "Hash Objects", "required": [ "alg", "content" ], "properties": { "alg": { "$ref": "#/definitions/hash-alg" }, "content": { "$ref": "#/definitions/hash-content" } } }, "hash-alg": { "type": "string", "enum": [ "MD5", "SHA-1", "SHA-256", "SHA-384", "SHA-512", "SHA3-256", "SHA3-384", "SHA3-512", "BLAKE2b-256", "BLAKE2b-384", "BLAKE2b-512", "BLAKE3" ], "title": "Hash Algorithm" }, "hash-content": { "type": "string", "title": "Hash Content (value)", "examples": ["3942447fac867ae5cdb3229b658f4d48"], "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" }, "license": { "type": "object", "title": "License Object", "oneOf": [ { "required": ["id"] }, { "required": ["name"] } ], "properties": { "id": { "$ref": "spdx.SNAPSHOT.schema.json", "title": "License ID (SPDX)", "description": "A valid SPDX license ID", "examples": ["Apache-2.0"] }, "name": { "type": "string", "title": "License Name", "description": "If SPDX does not define the license used, this field may be used to provide the license name", "examples": ["Acme Software License"] }, "text": { "title": "License text", "description": "An optional way to include the textual content of a license.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "License URL", "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], "format": "iri-reference" } } }, "licenseChoice": { "type": "object", "title": "License(s)", "properties": { "license": { "$ref": "#/definitions/license" }, "expression": { "type": "string", "title": "SPDX License Expression", "examples": [ "Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0" ] } }, "oneOf":[ { "required": ["license"] }, { "required": ["expression"] } ] }, "commit": { "type": "object", "title": "Commit", "description": "Specifies an individual commit", "properties": { "uid": { "type": "string", "title": "UID", "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes." }, "url": { "type": "string", "title": "URL", "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", "format": "iri-reference" }, "author": { "title": "Author", "description": "The author who created the changes in the commit", "$ref": "#/definitions/identifiableAction" }, "committer": { "title": "Committer", "description": "The person who committed or pushed the commit", "$ref": "#/definitions/identifiableAction" }, "message": { "type": "string", "title": "Message", "description": "The text description of the contents of the commit" } } }, "patch": { "type": "object", "title": "Patch", "description": "Specifies an individual patch", "required": [ "type" ], "properties": { "type": { "type": "string", "enum": [ "unofficial", "monkey", "backport", "cherry-pick" ], "title": "Type", "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality" }, "diff": { "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "$ref": "#/definitions/diff" }, "resolves": { "type": "array", "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues the patch resolves" } } }, "diff": { "type": "object", "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "properties": { "text": { "title": "Diff text", "description": "Specifies the optional text of the diff", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "description": "Specifies the URL to the diff", "format": "iri-reference" } } }, "issue": { "type": "object", "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "required": [ "type" ], "properties": { "type": { "type": "string", "enum": [ "defect", "enhancement", "security" ], "title": "Type", "description": "Specifies the type of issue" }, "id": { "type": "string", "title": "ID", "description": "The identifier of the issue assigned by the source of the issue" }, "name": { "type": "string", "title": "Name", "description": "The name of the issue" }, "description": { "type": "string", "title": "Description", "description": "A description of the issue" }, "source": { "type": "object", "title": "Source", "description": "The source of the issue where it is documented", "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache'" }, "url": { "type": "string", "title": "URL", "description": "The url of the issue documentation as provided by the source", "format": "iri-reference" } } }, "references": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "References", "description": "A collection of URL's for reference. Multiple URLs are allowed.", "examples": ["https://example.com"] } } }, "identifiableAction": { "type": "object", "title": "Identifiable Action", "description": "Specifies an individual commit", "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The timestamp in which the action occurred" }, "name": { "type": "string", "title": "Name", "description": "The name of the individual who performed the action" }, "email": { "type": "string", "format": "idn-email", "title": "E-mail", "description": "The email address of the individual who performed the action" } } }, "externalReference": { "type": "object", "title": "External Reference", "description": "Specifies an individual external reference", "required": [ "url", "type" ], "properties": { "url": { "type": "string", "title": "URL", "description": "The URL to the external reference", "format": "iri-reference" }, "comment": { "type": "string", "title": "Comment", "description": "An optional comment describing the external reference" }, "type": { "type": "string", "title": "Type", "description": "Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the \"other\" type.", "enum": [ "vcs", "issue-tracker", "website", "advisories", "bom", "mailing-list", "social", "chat", "documentation", "support", "distribution", "license", "build-meta", "build-system", "other" ] }, "hashes": { "$id": "#/definitions/externalReference/properties/hashes", "type": "array", "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the external reference (if applicable)." } } }, "dependency": { "type": "object", "title": "Dependency", "description": "Defines the direct dependencies of a component. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free.", "required": [ "ref" ], "properties": { "ref": { "$ref": "#/definitions/refType", "title": "Reference", "description": "References a component by the components bom-ref attribute" }, "dependsOn": { "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/refType" }, "title": "Depends On", "description": "The bom-ref identifiers of the components that are dependencies of this dependency object." } } }, "service": { "type": "object", "title": "Service Object", "required": [ "name" ], "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref should be unique." }, "provider": { "title": "Provider", "description": "The organization that provides the service.", "$ref": "#/definitions/organizationalEntity" }, "group": { "type": "string", "title": "Service Group", "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", "examples": ["com.acme"] }, "name": { "type": "string", "title": "Service Name", "description": "The name of the service. This will often be a shortened, single name of the service.", "examples": ["ticker-service"] }, "version": { "type": "string", "title": "Service Version", "description": "The service version.", "examples": ["1.0.0"] }, "description": { "type": "string", "title": "Service Description", "description": "Specifies a description for the service" }, "endpoints": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "Endpoints", "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", "examples": ["https://example.com/api/v1/ticker"] }, "authenticated": { "type": "boolean", "title": "Authentication Required", "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." }, "x-trust-boundary": { "type": "boolean", "title": "Crosses Trust Boundary", "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." }, "data": { "type": "array", "items": {"$ref": "#/definitions/dataClassification"}, "title": "Data Classification", "description": "Specifies the data classification." }, "licenses": { "type": "array", "items": {"$ref": "#/definitions/licenseChoice"}, "title": "Component License(s)" }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References" }, "services": { "$id": "#/definitions/service/properties/services", "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services" }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values.", "items": {"$ref": "#/definitions/property"} } } }, "dataClassification": { "type": "object", "title": "Hash Objects", "required": [ "flow", "classification" ], "properties": { "flow": { "$ref": "#/definitions/dataFlow" }, "classification": { "type": "string" } } }, "dataFlow": { "type": "string", "enum": [ "inbound", "outbound", "bi-directional", "unknown" ], "title": "Data flow direction" }, "copyright": { "type": "object", "title": "Copyright", "required": [ "text" ], "properties": { "text": { "type": "string", "title": "Copyright Text" } } }, "componentEvidence": { "type": "object", "title": "Evidence", "description": "Provides the ability to document evidence collected through various forms of extraction or analysis.", "properties": { "licenses": { "type": "array", "items": {"$ref": "#/definitions/licenseChoice"}, "title": "Component License(s)" }, "copyright": { "type": "array", "items": {"$ref": "#/definitions/copyright"}, "title": "Copyright" } } }, "compositions": { "type": "object", "title": "Compositions", "required": [ "aggregate" ], "properties": { "aggregate": { "$ref": "#/definitions/aggregateType", "title": "Aggregate", "description": "Specifies an aggregate type that describe how complete a relationship is." }, "assemblies": { "type": "array", "uniqueItems": true, "items": { "type": "string" }, "title": "BOM references", "description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only." }, "dependencies": { "type": "array", "uniqueItems": true, "items": { "type": "string" }, "title": "BOM references", "description": "The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only." } } }, "aggregateType": { "type": "string", "default": "not_specified", "enum": [ "complete", "incomplete", "incomplete_first_party_only", "incomplete_third_party_only", "unknown", "not_specified" ] }, "property": { "type": "object", "title": "Lightweight name-value pair", "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the property. Duplicate names are allowed, each potentially having a different value." }, "value": { "type": "string", "title": "Value", "description": "The value of the property." } } } } } cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.3.SNAPSHOT.xsd000066400000000000000000002553321476011761300250260ustar00rootroot00000000000000 CycloneDX Software Bill-of-Material Specification https://cyclonedx.org/ Apache License, Version 2.0 Identifier-DataType for interlinked elements. The date and time (timestamp) when the document was created. The tool(s) used in the creation of the BOM. The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors. The component that the BOM describes. The organization that manufactured the component that the BOM describes. The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager. Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The name of the organization The URL of the organization. Multiple URLs are allowed. A contact person at the organization. Multiple contacts are allowed. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies a tool (manual or automated). The vendor of the tool used to create the BOM. The name of the tool used to create the BOM. The version of the tool used to create the BOM. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The name of the contact The email address of the contact. The phone number of the contact. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager. The person(s) or organization(s) that authored the component The person(s) or organization(s) that published the component The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org. The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery The component version. The version should ideally comply with semantic versioning but is not enforced. Specifies a description for the component Specifies the scope of the component. If scope is not specified, 'runtime' scope should be assumed by the consumer of the BOM An optional copyright notice informing users of the underlying claims to copyright ownership in a published work. DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe Specifies the package-url (PURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original. Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Provides the ability to document external references related to the component or to the project the component describes. Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Specifies optional sub-components. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. Allows any undeclared elements as long as the elements are placed in a different namespace. Provides the ability to document evidence collected through various forms of extraction or analysis. Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component. The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type. An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. A valid SPDX license ID If SPDX does not define the license used, this field may be used to provide the license name Specifies the optional full text of the attachment The URL to the attachment file. If the attachment is a license or BOM, an externalReference should also be specified for completeness. Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies attributes of the text Specifies the content type of the text. Defaults to text/plain if not specified. Specifies the optional encoding the text is represented in Specifies the file hash of the component Specifies the algorithm used to create the hash The component is required for runtime The component is optional at runtime. Optional components are components that are not capable of being called due to them not be installed or otherwise accessible by any means. Components that are installed but due to configuration or other restrictions are prohibited from being called must be scoped as 'required'. Components that are excluded provide the ability to document component usage for test and other non-runtime purposes. Excluded components are not reachable within a call graph at runtime. A software application. Refer to https://en.wikipedia.org/wiki/Application_software for information about applications. A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework for information on how frameworks vary slightly from libraries. A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended. A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to https://en.wikipedia.org/wiki/Operating_system A hardware device such as a processor, or chip-set. A hardware device containing firmware should include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device. See also the list of known device properties: https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md A special type of software that provides low-level control over a devices hardware. Refer to https://en.wikipedia.org/wiki/Firmware A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file for information about files. Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. Refer to https://nvd.nist.gov/products/cpe for official specification. Specifies the full content of the SWID tag. The URL to the SWID file. Allows any undeclared elements as long as the elements are placed in a different namespace. Maps to the tagId of a SoftwareIdentity. Maps to the name of a SoftwareIdentity. Maps to the version of a SoftwareIdentity. Maps to the tagVersion of a SoftwareIdentity. Maps to the patch of a SoftwareIdentity. Defines a string representation of a UUID conforming to RFC 4122. Version Control System Issue or defect tracking system, or an Application Lifecycle Management (ALM) system Website Security advisories Bill-of-material document (CycloneDX, SPDX, SWID, etc) Mailing list or discussion group Social media account Real-time chat platform Documentation, guides, or how-to instructions Community or commercial support Direct or repository download location The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) URL to an automated build system Use this if no other types accurately describe the purpose of the external reference External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM. Zero or more external references can be defined The URL to the external reference An optional comment describing the external reference Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the "other" type. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Zero or more commits can be specified. Specifies an individual commit. Allows any undeclared elements as long as the elements are placed in a different namespace. A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes. The URL to the commit. This URL will typically point to a commit in a version control system. The author who created the changes in the commit The person who committed or pushed the commit The text description of the contents of the commit Allows any undeclared elements as long as the elements are placed in a different namespace. Zero or more patches can be specified. Specifies an individual patch. Allows any undeclared elements as long as the elements are placed in a different namespace. The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality A patch which is not developed by the creators or maintainers of the software being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch A patch which dynamically modifies runtime behavior. Refer to https://en.wikipedia.org/wiki/Monkey_patch A patch which takes code from a newer version of software and applies it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting A patch created by selectively applying commits from other versions or branches of the same software. A fault, flaw, or bug in software A new feature or behavior in software A special type of defect which impacts security Specifies the optional text of the diff Specifies the URL to the diff Allows any undeclared elements as long as the elements are placed in a different namespace. The identifier of the issue assigned by the source of the issue The name of the issue A description of the issue The source of the issue where it is documented. The name of the source. For example "National Vulnerability Database", "NVD", and "Apache" The url of the issue documentation as provided by the source Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the type of issue The timestamp in which the action occurred The name of the individual who performed the action The email address of the individual who performed the action Allows any undeclared elements as long as the elements are placed in a different namespace. Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known. Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from. Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component. Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor. A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant. A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits. Notes, observations, and other non-structured commentary describing the components pedigree. Allows any undeclared elements as long as the elements are placed in a different namespace. References a component or service by the its bom-ref attribute User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The organization that provides the service. The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided. The name of the service. This will often be a shortened, single name of the service. The service version. Specifies a description for the service. A service endpoint URI. A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication. A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed. Specifies the data classification. Provides the ability to document external references related to the service. Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Specifies optional sub-service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. Allows any undeclared elements as long as the elements are placed in a different namespace. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the service elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies the data classification. Specifies the flow direction of the data. Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known. A valid SPDX license expression. Refer to https://spdx.org/specifications for syntax requirements Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies an aggregate type that describe how complete a relationship is. The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only. Allows any undeclared elements as long as the elements are placed in a different namespace. The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only. Allows any undeclared elements as long as the elements are placed in a different namespace. The relationship is complete. No further relationships including constituent components, services, or dependencies exist. The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. The relationship completeness is not specified. References a component or service by the its bom-ref attribute User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies an individual property with a name and value. The name of the property. Duplicate names are allowed, each potentially having a different value. Provides additional information about a BOM. Provides the ability to document a list of components. Provides the ability to document a list of external services. Provides the ability to document external references related to the BOM or to the project the BOM describes. Provides the ability to document dependency relationships. Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Allows any undeclared elements as long as the elements are placed in a different namespace. The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'. Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.4.SNAPSHOT.schema.json000066400000000000000000002151541476011761300264370ustar00rootroot00000000000000{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/bom-1.4.schema.json", "type": "object", "title": "CycloneDX Software Bill of Materials Standard", "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", "required": [ "bomFormat", "specVersion" ], "additionalProperties": false, "properties": { "$schema": { "type": "string" }, "bomFormat": { "type": "string", "title": "BOM Format", "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces. This value MUST be \"CycloneDX\".", "enum": [ "CycloneDX" ] }, "specVersion": { "type": "string", "title": "CycloneDX Specification Version", "description": "The version of the CycloneDX specification a BOM conforms to (starting at version 1.2).", "examples": ["1.4"] }, "serialNumber": { "type": "string", "title": "BOM Serial Number", "description": "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. Use of serial numbers are RECOMMENDED.", "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" }, "version": { "type": "integer", "title": "BOM Version", "description": "Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. The default version is '1'.", "default": 1, "examples": [1] }, "metadata": { "$ref": "#/definitions/metadata", "title": "BOM Metadata", "description": "Provides additional information about a BOM." }, "components": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components." }, "services": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services." }, "externalReferences": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." }, "dependencies": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/dependency"}, "uniqueItems": true, "title": "Dependencies", "description": "Provides the ability to document dependency relationships." }, "compositions": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/compositions"}, "uniqueItems": true, "title": "Compositions", "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness." }, "vulnerabilities": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/vulnerability"}, "uniqueItems": true, "title": "Vulnerabilities", "description": "Vulnerabilities identified in components or services." }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } }, "definitions": { "refType": { "$comment": "Identifier-DataType for interlinked elements.", "type": "string" }, "metadata": { "type": "object", "title": "BOM Metadata Object", "additionalProperties": false, "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The date and time (timestamp) when the BOM was created." }, "tools": { "type": "array", "title": "Creation Tools", "description": "The tool(s) used in the creation of the BOM.", "additionalItems": false, "items": {"$ref": "#/definitions/tool"} }, "authors" :{ "type": "array", "title": "Authors", "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", "additionalItems": false, "items": {"$ref": "#/definitions/organizationalContact"} }, "component": { "title": "Component", "description": "The component that the BOM describes.", "$ref": "#/definitions/component" }, "manufacture": { "title": "Manufacture", "description": "The organization that manufactured the component that the BOM describes.", "$ref": "#/definitions/organizationalEntity" }, "supplier": { "title": "Supplier", "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" }, "licenses": { "type": "array", "title": "BOM License(s)", "additionalItems": false, "items": {"$ref": "#/definitions/licenseChoice"} }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "additionalItems": false, "items": {"$ref": "#/definitions/property"} } } }, "tool": { "type": "object", "title": "Tool", "description": "Information about the automated or manual tool used", "additionalProperties": false, "properties": { "vendor": { "type": "string", "title": "Tool Vendor", "description": "The name of the vendor who created the tool" }, "name": { "type": "string", "title": "Tool Name", "description": "The name of the tool" }, "version": { "type": "string", "title": "Tool Version", "description": "The version of the tool" }, "hashes": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the tool (if applicable)." }, "externalReferences": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." } } }, "organizationalEntity": { "type": "object", "title": "Organizational Entity Object", "description": "", "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the organization", "examples": [ "Example Inc." ] }, "url": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "URL", "description": "The URL of the organization. Multiple URLs are allowed.", "examples": ["https://example.com"] }, "contact": { "type": "array", "title": "Contact", "description": "A contact at the organization. Multiple contacts are allowed.", "additionalItems": false, "items": {"$ref": "#/definitions/organizationalContact"} } } }, "organizationalContact": { "type": "object", "title": "Organizational Contact Object", "description": "", "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Name", "description": "The name of a contact", "examples": ["Contact name"] }, "email": { "type": "string", "format": "idn-email", "title": "Email Address", "description": "The email address of the contact.", "examples": ["firstname.lastname@example.com"] }, "phone": { "type": "string", "title": "Phone", "description": "The phone number of the contact.", "examples": ["800-555-1212"] } } }, "component": { "type": "object", "title": "Component Object", "required": [ "type", "name" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "application", "framework", "library", "container", "operating-system", "device", "firmware", "file" ], "title": "Component Type", "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component. Types include:\n\n* __application__ = A software application. Refer to [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) for information about applications.\n* __framework__ = A software framework. Refer to [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) for information on how frameworks vary slightly from libraries.\n* __library__ = A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing))\n for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is RECOMMENDED.\n* __container__ = A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization)\n* __operating-system__ = A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system)\n* __device__ = A hardware device such as a processor, or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device.\n See also the list of [known device properties](https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md).\n* __firmware__ = A special type of software that provides low-level control over a devices hardware. Refer to [https://en.wikipedia.org/wiki/Firmware](https://en.wikipedia.org/wiki/Firmware)\n* __file__ = A computer file. Refer to [https://en.wikipedia.org/wiki/Computer_file](https://en.wikipedia.org/wiki/Computer_file) for information about files.", "examples": ["library"] }, "mime-type": { "type": "string", "title": "Mime-Type", "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", "examples": ["image/jpeg"], "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" }, "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "supplier": { "title": "Component Supplier", "description": " The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" }, "author": { "type": "string", "title": "Component Author", "description": "The person(s) or organization(s) that authored the component", "examples": ["Acme Inc"] }, "publisher": { "type": "string", "title": "Component Publisher", "description": "The person(s) or organization(s) that published the component", "examples": ["Acme Inc"] }, "group": { "type": "string", "title": "Component Group", "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", "examples": ["com.acme"] }, "name": { "type": "string", "title": "Component Name", "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", "examples": ["tomcat-catalina"] }, "version": { "type": "string", "title": "Component Version", "description": "The component version. The version should ideally comply with semantic versioning but is not enforced.", "examples": ["9.0.14"] }, "description": { "type": "string", "title": "Component Description", "description": "Specifies a description for the component" }, "scope": { "type": "string", "enum": [ "required", "optional", "excluded" ], "title": "Component Scope", "description": "Specifies the scope of the component. If scope is not specified, 'required' scope SHOULD be assumed by the consumer of the BOM.", "default": "required" }, "hashes": { "type": "array", "title": "Component Hashes", "additionalItems": false, "items": {"$ref": "#/definitions/hash"} }, "licenses": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/licenseChoice"}, "title": "Component License(s)" }, "copyright": { "type": "string", "title": "Component Copyright", "description": "A copyright notice informing users of the underlying claims to copyright ownership in a published work.", "examples": ["Acme Inc"] }, "cpe": { "type": "string", "title": "Component Common Platform Enumeration (CPE)", "description": "Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See [https://nvd.nist.gov/products/cpe](https://nvd.nist.gov/products/cpe)", "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"] }, "purl": { "type": "string", "title": "Component Package URL (purl)", "description": "Specifies the package-url (purl). The purl, if specified, MUST be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec)", "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"] }, "swid": { "$ref": "#/definitions/swid", "title": "SWID Tag", "description": "Specifies metadata and content for [ISO-IEC 19770-2 Software Identification (SWID) Tags](https://www.iso.org/standard/65666.html)." }, "modified": { "type": "boolean", "title": "Component Modified From Original", "description": "[Deprecated] - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating if the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." }, "pedigree": { "type": "object", "title": "Component Pedigree", "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", "additionalProperties": false, "properties": { "ancestors": { "type": "array", "title": "Ancestors", "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", "additionalItems": false, "items": {"$ref": "#/definitions/component"} }, "descendants": { "type": "array", "title": "Descendants", "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", "additionalItems": false, "items": {"$ref": "#/definitions/component"} }, "variants": { "type": "array", "title": "Variants", "description": "Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", "additionalItems": false, "items": {"$ref": "#/definitions/component"} }, "commits": { "type": "array", "title": "Commits", "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", "additionalItems": false, "items": {"$ref": "#/definitions/commit"} }, "patches": { "type": "array", "title": "Patches", "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.", "additionalItems": false, "items": {"$ref": "#/definitions/patch"} }, "notes": { "type": "string", "title": "Notes", "description": "Notes, observations, and other non-structured commentary describing the components pedigree." } } }, "externalReferences": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." }, "components": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system → subsystem → parts assembly in physical supply chains." }, "evidence": { "$ref": "#/definitions/componentEvidence", "title": "Evidence", "description": "Provides the ability to document evidence collected through various forms of extraction or analysis." }, "releaseNotes": { "$ref": "#/definitions/releaseNotes", "title": "Release notes", "description": "Specifies optional release notes." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "additionalItems": false, "items": {"$ref": "#/definitions/property"} }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "swid": { "type": "object", "title": "SWID Tag", "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", "required": [ "tagId", "name" ], "additionalProperties": false, "properties": { "tagId": { "type": "string", "title": "Tag ID", "description": "Maps to the tagId of a SoftwareIdentity." }, "name": { "type": "string", "title": "Name", "description": "Maps to the name of a SoftwareIdentity." }, "version": { "type": "string", "title": "Version", "default": "0.0", "description": "Maps to the version of a SoftwareIdentity." }, "tagVersion": { "type": "integer", "title": "Tag Version", "default": 0, "description": "Maps to the tagVersion of a SoftwareIdentity." }, "patch": { "type": "boolean", "title": "Patch", "default": false, "description": "Maps to the patch of a SoftwareIdentity." }, "text": { "title": "Attachment text", "description": "Specifies the metadata and content of the SWID tag.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "description": "The URL to the SWID file.", "format": "iri-reference" } } }, "attachment": { "type": "object", "title": "Attachment", "description": "Specifies the metadata and content for an attachment.", "required": [ "content" ], "additionalProperties": false, "properties": { "contentType": { "type": "string", "title": "Content-Type", "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", "default": "text/plain" }, "encoding": { "type": "string", "title": "Encoding", "description": "Specifies the optional encoding the text is represented in.", "enum": [ "base64" ] }, "content": { "type": "string", "title": "Attachment Text", "description": "The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text." } } }, "hash": { "type": "object", "title": "Hash Objects", "required": [ "alg", "content" ], "additionalProperties": false, "properties": { "alg": { "$ref": "#/definitions/hash-alg" }, "content": { "$ref": "#/definitions/hash-content" } } }, "hash-alg": { "type": "string", "enum": [ "MD5", "SHA-1", "SHA-256", "SHA-384", "SHA-512", "SHA3-256", "SHA3-384", "SHA3-512", "BLAKE2b-256", "BLAKE2b-384", "BLAKE2b-512", "BLAKE3" ], "title": "Hash Algorithm" }, "hash-content": { "type": "string", "title": "Hash Content (value)", "examples": ["3942447fac867ae5cdb3229b658f4d48"], "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" }, "license": { "type": "object", "title": "License Object", "oneOf": [ { "required": ["id"] }, { "required": ["name"] } ], "additionalProperties": false, "properties": { "id": { "$ref": "spdx.SNAPSHOT.schema.json", "title": "License ID (SPDX)", "description": "A valid SPDX license ID", "examples": ["Apache-2.0"] }, "name": { "type": "string", "title": "License Name", "description": "If SPDX does not define the license used, this field may be used to provide the license name", "examples": ["Acme Software License"] }, "text": { "title": "License text", "description": "An optional way to include the textual content of a license.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "License URL", "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], "format": "iri-reference" } } }, "licenseChoice": { "type": "object", "title": "License(s)", "additionalProperties": false, "properties": { "license": { "$ref": "#/definitions/license" }, "expression": { "type": "string", "title": "SPDX License Expression", "examples": [ "Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0" ] } }, "oneOf":[ { "required": ["license"] }, { "required": ["expression"] } ] }, "commit": { "type": "object", "title": "Commit", "description": "Specifies an individual commit", "additionalProperties": false, "properties": { "uid": { "type": "string", "title": "UID", "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes." }, "url": { "type": "string", "title": "URL", "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", "format": "iri-reference" }, "author": { "title": "Author", "description": "The author who created the changes in the commit", "$ref": "#/definitions/identifiableAction" }, "committer": { "title": "Committer", "description": "The person who committed or pushed the commit", "$ref": "#/definitions/identifiableAction" }, "message": { "type": "string", "title": "Message", "description": "The text description of the contents of the commit" } } }, "patch": { "type": "object", "title": "Patch", "description": "Specifies an individual patch", "required": [ "type" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "unofficial", "monkey", "backport", "cherry-pick" ], "title": "Type", "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality.\n\n* __unofficial__ = A patch which is not developed by the creators or maintainers of the software being patched. Refer to [https://en.wikipedia.org/wiki/Unofficial_patch](https://en.wikipedia.org/wiki/Unofficial_patch)\n* __monkey__ = A patch which dynamically modifies runtime behavior. Refer to [https://en.wikipedia.org/wiki/Monkey_patch](https://en.wikipedia.org/wiki/Monkey_patch)\n* __backport__ = A patch which takes code from a newer version of software and applies it to older versions of the same software. Refer to [https://en.wikipedia.org/wiki/Backporting](https://en.wikipedia.org/wiki/Backporting)\n* __cherry-pick__ = A patch created by selectively applying commits from other versions or branches of the same software." }, "diff": { "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to [https://en.wikipedia.org/wiki/Diff](https://en.wikipedia.org/wiki/Diff)", "$ref": "#/definitions/diff" }, "resolves": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues the patch resolves" } } }, "diff": { "type": "object", "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "additionalProperties": false, "properties": { "text": { "title": "Diff text", "description": "Specifies the optional text of the diff", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "description": "Specifies the URL to the diff", "format": "iri-reference" } } }, "issue": { "type": "object", "title": "Diff", "description": "An individual issue that has been resolved.", "required": [ "type" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "defect", "enhancement", "security" ], "title": "Type", "description": "Specifies the type of issue" }, "id": { "type": "string", "title": "ID", "description": "The identifier of the issue assigned by the source of the issue" }, "name": { "type": "string", "title": "Name", "description": "The name of the issue" }, "description": { "type": "string", "title": "Description", "description": "A description of the issue" }, "source": { "type": "object", "title": "Source", "description": "The source of the issue where it is documented", "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache'" }, "url": { "type": "string", "title": "URL", "description": "The url of the issue documentation as provided by the source", "format": "iri-reference" } } }, "references": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "References", "description": "A collection of URL's for reference. Multiple URLs are allowed.", "examples": ["https://example.com"] } } }, "identifiableAction": { "type": "object", "title": "Identifiable Action", "description": "Specifies an individual commit", "additionalProperties": false, "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The timestamp in which the action occurred" }, "name": { "type": "string", "title": "Name", "description": "The name of the individual who performed the action" }, "email": { "type": "string", "format": "idn-email", "title": "E-mail", "description": "The email address of the individual who performed the action" } } }, "externalReference": { "type": "object", "title": "External Reference", "description": "Specifies an individual external reference", "required": [ "url", "type" ], "additionalProperties": false, "properties": { "url": { "type": "string", "title": "URL", "description": "The URL to the external reference", "format": "iri-reference" }, "comment": { "type": "string", "title": "Comment", "description": "An optional comment describing the external reference" }, "type": { "type": "string", "title": "Type", "description": "Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the \"other\" type.", "enum": [ "vcs", "issue-tracker", "website", "advisories", "bom", "mailing-list", "social", "chat", "documentation", "support", "distribution", "license", "build-meta", "build-system", "release-notes", "other" ] }, "hashes": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the external reference (if applicable)." } } }, "dependency": { "type": "object", "title": "Dependency", "description": "Defines the direct dependencies of a component. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free.", "required": [ "ref" ], "additionalProperties": false, "properties": { "ref": { "$ref": "#/definitions/refType", "title": "Reference", "description": "References a component by the components bom-ref attribute" }, "dependsOn": { "type": "array", "uniqueItems": true, "additionalItems": false, "items": { "$ref": "#/definitions/refType" }, "title": "Depends On", "description": "The bom-ref identifiers of the components that are dependencies of this dependency object." } } }, "service": { "type": "object", "title": "Service Object", "required": [ "name" ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "provider": { "title": "Provider", "description": "The organization that provides the service.", "$ref": "#/definitions/organizationalEntity" }, "group": { "type": "string", "title": "Service Group", "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", "examples": ["com.acme"] }, "name": { "type": "string", "title": "Service Name", "description": "The name of the service. This will often be a shortened, single name of the service.", "examples": ["ticker-service"] }, "version": { "type": "string", "title": "Service Version", "description": "The service version.", "examples": ["1.0.0"] }, "description": { "type": "string", "title": "Service Description", "description": "Specifies a description for the service" }, "endpoints": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "Endpoints", "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", "examples": ["https://example.com/api/v1/ticker"] }, "authenticated": { "type": "boolean", "title": "Authentication Required", "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." }, "x-trust-boundary": { "type": "boolean", "title": "Crosses Trust Boundary", "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." }, "data": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/dataClassification"}, "title": "Data Classification", "description": "Specifies the data classification." }, "licenses": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/licenseChoice"}, "title": "Component License(s)" }, "externalReferences": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." }, "services": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services included or deployed behind the parent service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies." }, "releaseNotes": { "$ref": "#/definitions/releaseNotes", "title": "Release notes", "description": "Specifies optional release notes." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "additionalItems": false, "items": {"$ref": "#/definitions/property"} }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "dataClassification": { "type": "object", "title": "Hash Objects", "required": [ "flow", "classification" ], "additionalProperties": false, "properties": { "flow": { "$ref": "#/definitions/dataFlow", "title": "Directional Flow", "description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known." }, "classification": { "type": "string", "title": "Classification", "description": "Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed." } } }, "dataFlow": { "type": "string", "enum": [ "inbound", "outbound", "bi-directional", "unknown" ], "title": "Data flow direction", "description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known." }, "copyright": { "type": "object", "title": "Copyright", "required": [ "text" ], "additionalProperties": false, "properties": { "text": { "type": "string", "title": "Copyright Text" } } }, "componentEvidence": { "type": "object", "title": "Evidence", "description": "Provides the ability to document evidence collected through various forms of extraction or analysis.", "additionalProperties": false, "properties": { "licenses": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/licenseChoice"}, "title": "Component License(s)" }, "copyright": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/copyright"}, "title": "Copyright" } } }, "compositions": { "type": "object", "title": "Compositions", "required": [ "aggregate" ], "additionalProperties": false, "properties": { "aggregate": { "$ref": "#/definitions/aggregateType", "title": "Aggregate", "description": "Specifies an aggregate type that describe how complete a relationship is." }, "assemblies": { "type": "array", "uniqueItems": true, "items": { "type": "string" }, "title": "BOM references", "description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only." }, "dependencies": { "type": "array", "uniqueItems": true, "items": { "type": "string" }, "title": "BOM references", "description": "The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only." }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "aggregateType": { "type": "string", "default": "not_specified", "enum": [ "complete", "incomplete", "incomplete_first_party_only", "incomplete_third_party_only", "unknown", "not_specified" ] }, "property": { "type": "object", "title": "Lightweight name-value pair", "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the property. Duplicate names are allowed, each potentially having a different value." }, "value": { "type": "string", "title": "Value", "description": "The value of the property." } } }, "localeType": { "type": "string", "pattern": "^([a-z]{2})(-[A-Z]{2})?$", "title": "Locale", "description": "Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code MUST be lower case. If the country code is specified, the country code MUST be upper case. The language code and country code MUST be separated by a minus sign. Examples: en, en-US, fr, fr-CA" }, "releaseType": { "type": "string", "examples": [ "major", "minor", "patch", "pre-release", "internal" ], "description": "The software versioning type. It is RECOMMENDED that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged.\n\n* __major__ = A major release may contain significant changes or may introduce breaking changes.\n* __minor__ = A minor release, also known as an update, may contain a smaller number of changes than major releases.\n* __patch__ = Patch releases are typically unplanned and may resolve defects or important security issues.\n* __pre-release__ = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability.\n* __internal__ = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it." }, "note": { "type": "object", "title": "Note", "description": "A note containing the locale and content.", "required": [ "text" ], "additionalProperties": false, "properties": { "locale": { "$ref": "#/definitions/localeType", "title": "Locale", "description": "The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. Examples include: \"en\", \"en-US\", \"fr\" and \"fr-CA\"" }, "text": { "title": "Release note content", "description": "Specifies the full content of the release note.", "$ref": "#/definitions/attachment" } } }, "releaseNotes": { "type": "object", "title": "Release notes", "required": [ "type" ], "additionalProperties": false, "properties": { "type": { "$ref": "#/definitions/releaseType", "title": "Type", "description": "The software versioning type the release note describes." }, "title": { "type": "string", "title": "Title", "description": "The title of the release." }, "featuredImage": { "type": "string", "format": "iri-reference", "title": "Featured image", "description": "The URL to an image that may be prominently displayed with the release note." }, "socialImage": { "type": "string", "format": "iri-reference", "title": "Social image", "description": "The URL to an image that may be used in messaging on social media platforms." }, "description": { "type": "string", "title": "Description", "description": "A short description of the release." }, "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The date and time (timestamp) when the release note was created." }, "aliases": { "type": "array", "items": { "type": "string" }, "title": "Aliases", "description": "One or more alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names)." }, "tags": { "type": "array", "items": { "type": "string" }, "title": "Tags", "description": "One or more tags that may aid in search or retrieval of the release note." }, "resolves": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues that have been resolved." }, "notes": { "type": "array", "additionalItems": false, "items": {"$ref": "#/definitions/note"}, "title": "Notes", "description": "Zero or more release notes containing the locale and content. Multiple note objects may be specified to support release notes in a wide variety of languages." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "additionalItems": false, "items": {"$ref": "#/definitions/property"} } } }, "advisory": { "type": "object", "title": "Advisory", "description": "Title and location where advisory information can be obtained. An advisory is a notification of a threat to a component, service, or system.", "required": ["url"], "additionalProperties": false, "properties": { "title": { "type": "string", "title": "Title", "description": "An optional name of the advisory." }, "url": { "type": "string", "title": "URL", "format": "iri-reference", "description": "Location where the advisory can be obtained." } } }, "cwe": { "type": "integer", "minimum": 1, "title": "CWE", "description": "Integer representation of a Common Weaknesses Enumerations (CWE). For example 399 (of https://cwe.mitre.org/data/definitions/399.html)" }, "severity": { "type": "string", "title": "Severity", "description": "Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately.", "enum": [ "critical", "high", "medium", "low", "info", "none", "unknown" ] }, "scoreMethod": { "type": "string", "title": "Method", "description": "Specifies the severity or risk scoring methodology or standard used.\n\n* CVSSv2 - [Common Vulnerability Scoring System v2](https://www.first.org/cvss/v2/)\n* CVSSv3 - [Common Vulnerability Scoring System v3](https://www.first.org/cvss/v3-0/)\n* CVSSv31 - [Common Vulnerability Scoring System v3.1](https://www.first.org/cvss/v3-1/)\n* OWASP - [OWASP Risk Rating Methodology](https://owasp.org/www-community/OWASP_Risk_Rating_Methodology)", "enum": [ "CVSSv2", "CVSSv3", "CVSSv31", "OWASP", "other" ] }, "impactAnalysisState": { "type": "string", "title": "Impact Analysis State", "description": "Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. \n\n* __resolved__ = the vulnerability has been remediated. \n* __resolved\\_with\\_pedigree__ = the vulnerability has been remediated and evidence of the changes are provided in the affected components pedigree containing verifiable commit history and/or diff(s). \n* __exploitable__ = the vulnerability may be directly or indirectly exploitable. \n* __in\\_triage__ = the vulnerability is being investigated. \n* __false\\_positive__ = the vulnerability is not specific to the component or service and was falsely identified or associated. \n* __not\\_affected__ = the component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases.", "enum": [ "resolved", "resolved_with_pedigree", "exploitable", "in_triage", "false_positive", "not_affected" ] }, "impactAnalysisJustification": { "type": "string", "title": "Impact Analysis Justification", "description": "The rationale of why the impact analysis state was asserted. \n\n* __code\\_not\\_present__ = the code has been removed or tree-shaked. \n* __code\\_not\\_reachable__ = the vulnerable code is not invoked at runtime. \n* __requires\\_configuration__ = exploitability requires a configurable option to be set/unset. \n* __requires\\_dependency__ = exploitability requires a dependency that is not present. \n* __requires\\_environment__ = exploitability requires a certain environment which is not present. \n* __protected\\_by\\_compiler__ = exploitability requires a compiler flag to be set/unset. \n* __protected\\_at\\_runtime__ = exploits are prevented at runtime. \n* __protected\\_at\\_perimeter__ = attacks are blocked at physical, logical, or network perimeter. \n* __protected\\_by\\_mitigating\\_control__ = preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability.", "enum": [ "code_not_present", "code_not_reachable", "requires_configuration", "requires_dependency", "requires_environment", "protected_by_compiler", "protected_at_runtime", "protected_at_perimeter", "protected_by_mitigating_control" ] }, "rating": { "type": "object", "title": "Rating", "description": "Defines the severity or risk ratings of a vulnerability.", "additionalProperties": false, "properties": { "source": { "$ref": "#/definitions/vulnerabilitySource", "description": "The source that calculated the severity or risk rating of the vulnerability." }, "score": { "type": "number", "title": "Score", "description": "The numerical score of the rating." }, "severity": { "$ref": "#/definitions/severity", "description": "Textual representation of the severity that corresponds to the numerical score of the rating." }, "method": { "$ref": "#/definitions/scoreMethod" }, "vector": { "type": "string", "title": "Vector", "description": "Textual representation of the metric values used to score the vulnerability" }, "justification": { "type": "string", "title": "Justification", "description": "An optional reason for rating the vulnerability as it was" } } }, "vulnerabilitySource": { "type": "object", "title": "Source", "description": "The source of vulnerability information. This is often the organization that published the vulnerability.", "additionalProperties": false, "properties": { "url": { "type": "string", "title": "URL", "description": "The url of the vulnerability documentation as provided by the source.", "examples": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-39182" ] }, "name": { "type": "string", "title": "Name", "description": "The name of the source.", "examples": [ "NVD", "National Vulnerability Database", "OSS Index", "VulnDB", "GitHub Advisories" ] } } }, "vulnerability": { "type": "object", "title": "Vulnerability", "description": "Defines a weakness in an component or service that could be exploited or triggered by a threat source.", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "id": { "type": "string", "title": "ID", "description": "The identifier that uniquely identifies the vulnerability.", "examples": [ "CVE-2021-39182", "GHSA-35m5-8cvj-8783", "SNYK-PYTHON-ENROCRYPT-1912876" ] }, "source": { "$ref": "#/definitions/vulnerabilitySource", "description": "The source that published the vulnerability." }, "references": { "type": "array", "title": "References", "description": "Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence.", "additionalItems": false, "items": { "required": [ "id", "source" ], "additionalProperties": false, "properties": { "id": { "type": "string", "title": "ID", "description": "An identifier that uniquely identifies the vulnerability.", "examples": [ "CVE-2021-39182", "GHSA-35m5-8cvj-8783", "SNYK-PYTHON-ENROCRYPT-1912876" ] }, "source": { "$ref": "#/definitions/vulnerabilitySource", "description": "The source that published the vulnerability." } } } }, "ratings": { "type": "array", "title": "Ratings", "description": "List of vulnerability ratings", "additionalItems": false, "items": { "$ref": "#/definitions/rating" } }, "cwes": { "type": "array", "title": "CWEs", "description": "List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. For example 399 (of https://cwe.mitre.org/data/definitions/399.html)", "examples": [399], "additionalItems": false, "items": { "$ref": "#/definitions/cwe" } }, "description": { "type": "string", "title": "Description", "description": "A description of the vulnerability as provided by the source." }, "detail": { "type": "string", "title": "Details", "description": "If available, an in-depth description of the vulnerability as provided by the source organization. Details often include examples, proof-of-concepts, and other information useful in understanding root cause." }, "recommendation": { "type": "string", "title": "Details", "description": "Recommendations of how the vulnerability can be remediated or mitigated." }, "advisories": { "type": "array", "title": "Advisories", "description": "Published advisories of the vulnerability if provided.", "additionalItems": false, "items": { "$ref": "#/definitions/advisory" } }, "created": { "type": "string", "format": "date-time", "title": "Created", "description": "The date and time (timestamp) when the vulnerability record was created in the vulnerability database." }, "published": { "type": "string", "format": "date-time", "title": "Published", "description": "The date and time (timestamp) when the vulnerability record was first published." }, "updated": { "type": "string", "format": "date-time", "title": "Updated", "description": "The date and time (timestamp) when the vulnerability record was last updated." }, "credits": { "type": "object", "title": "Credits", "description": "Individuals or organizations credited with the discovery of the vulnerability.", "additionalProperties": false, "properties": { "organizations": { "type": "array", "title": "Organizations", "description": "The organizations credited with vulnerability discovery.", "additionalItems": false, "items": { "$ref": "#/definitions/organizationalEntity" } }, "individuals": { "type": "array", "title": "Individuals", "description": "The individuals, not associated with organizations, that are credited with vulnerability discovery.", "additionalItems": false, "items": { "$ref": "#/definitions/organizationalContact" } } } }, "tools": { "type": "array", "title": "Creation Tools", "description": "The tool(s) used to identify, confirm, or score the vulnerability.", "additionalItems": false, "items": {"$ref": "#/definitions/tool"} }, "analysis": { "type": "object", "title": "Impact Analysis", "description": "An assessment of the impact and exploitability of the vulnerability.", "additionalProperties": false, "properties": { "state": { "$ref": "#/definitions/impactAnalysisState" }, "justification": { "$ref": "#/definitions/impactAnalysisJustification" }, "response": { "type": "array", "title": "Response", "description": "A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable.", "additionalItems": false, "items": { "type": "string", "enum": [ "can_not_fix", "will_not_fix", "update", "rollback", "workaround_available" ] } }, "detail": { "type": "string", "title": "Detail", "description": "Detailed description of the impact including methods used during assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability." } } }, "affects": { "type": "array", "uniqueItems": true, "additionalItems": false, "items": { "required": [ "ref" ], "additionalProperties": false, "properties": { "ref": { "$ref": "#/definitions/refType", "title": "Reference", "description": "References a component or service by the objects bom-ref" }, "versions": { "type": "array", "title": "Versions", "description": "Zero or more individual versions or range of versions.", "additionalItems": false, "items": { "oneOf": [ { "required": ["version"] }, { "required": ["range"] } ], "additionalProperties": false, "properties": { "version": { "description": "A single version of a component or service.", "$ref": "#/definitions/version" }, "range": { "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst", "$ref": "#/definitions/range" }, "status": { "description": "The vulnerability status for the version or range of versions.", "$ref": "#/definitions/affectedStatus", "default": "affected" } } } } } }, "title": "Affects", "description": "The components or services that are affected by the vulnerability." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "additionalItems": false, "items": { "$ref": "#/definitions/property" } } } }, "affectedStatus": { "description": "The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.", "type": "string", "enum": [ "affected", "unaffected", "unknown" ] }, "version": { "description": "A single version of a component or service.", "type": "string", "minLength": 1, "maxLength": 1024 }, "range": { "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst", "type": "string", "minLength": 1, "maxLength": 1024 }, "signature": { "$ref": "jsf-0.82.SNAPSHOT.schema.json#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } } cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.4.SNAPSHOT.xsd000066400000000000000000004052401476011761300250220ustar00rootroot00000000000000 CycloneDX Software Bill of Materials Standard https://cyclonedx.org/ Apache License, Version 2.0 Identifier-DataType for interlinked elements. The date and time (timestamp) when the BOM was created. The tool(s) used in the creation of the BOM. The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors. The component that the BOM describes. The organization that manufactured the component that the BOM describes. The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager. Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The name of the organization The URL of the organization. Multiple URLs are allowed. A contact person at the organization. Multiple contacts are allowed. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Information about the automated or manual tool used The name of the vendor who created the tool The name of the tool The version of the tool Provides the ability to document external references related to the tool. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The name of the contact The email address of the contact. The phone number of the contact. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager. The person(s) or organization(s) that authored the component The person(s) or organization(s) that published the component The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org. The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery The component version. The version should ideally comply with semantic versioning but is not enforced. Specifies a description for the component Specifies the scope of the component. If scope is not specified, 'required' scope SHOULD be assumed by the consumer of the BOM. A copyright notice informing users of the underlying claims to copyright ownership in a published work. Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See https://nvd.nist.gov/products/cpe Specifies the package-url (purl). The purl, if specified, MUST be valid and conform to the specification defined at: https://github.com/package-url/purl-spec Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating if the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original. Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Provides the ability to document external references related to the component or to the project the component describes. Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. Allows any undeclared elements as long as the elements are placed in a different namespace. Provides the ability to document evidence collected through various forms of extraction or analysis. Specifies optional release notes. Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component. The OPTIONAL mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type. An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. A valid SPDX license ID If SPDX does not define the license used, this field may be used to provide the license name Specifies the optional full text of the attachment The URL to the attachment file. If the attachment is a license or BOM, an externalReference should also be specified for completeness. Allows any undeclared elements as long as the elements are placed in a different namespace. The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text. Specifies the content type of the text. Defaults to text/plain if not specified. Specifies the optional encoding the text is represented in Specifies the file hash of the component Specifies the algorithm used to create the hash The component is required for runtime The component is optional at runtime. Optional components are components that are not capable of being called due to them not be installed or otherwise accessible by any means. Components that are installed but due to configuration or other restrictions are prohibited from being called must be scoped as 'required'. Components that are excluded provide the ability to document component usage for test and other non-runtime purposes. Excluded components are not reachable within a call graph at runtime. A software application. Refer to https://en.wikipedia.org/wiki/Application_software for information about applications. A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework for information on how frameworks vary slightly from libraries. A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended. A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to https://en.wikipedia.org/wiki/Operating_system A hardware device such as a processor, or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device. See also the list of known device properties: https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md A special type of software that provides low-level control over a devices hardware. Refer to https://en.wikipedia.org/wiki/Firmware A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file for information about files. Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. Refer to https://nvd.nist.gov/products/cpe for official specification. Specifies the full content of the SWID tag. The URL to the SWID file. Allows any undeclared elements as long as the elements are placed in a different namespace. Maps to the tagId of a SoftwareIdentity. Maps to the name of a SoftwareIdentity. Maps to the version of a SoftwareIdentity. Maps to the tagVersion of a SoftwareIdentity. Maps to the patch of a SoftwareIdentity. Defines a string representation of a UUID conforming to RFC 4122. Version Control System Issue or defect tracking system, or an Application Lifecycle Management (ALM) system Website Security advisories Bill-of-material document (CycloneDX, SPDX, SWID, etc) Mailing list or discussion group Social media account Real-time chat platform Documentation, guides, or how-to instructions Community or commercial support Direct or repository download location The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) URL to an automated build system URL to release notes Use this if no other types accurately describe the purpose of the external reference External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM. Zero or more external references can be defined The URL to the external reference An optional comment describing the external reference Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the "other" type. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Zero or more commits can be specified. Specifies an individual commit. Allows any undeclared elements as long as the elements are placed in a different namespace. A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes. The URL to the commit. This URL will typically point to a commit in a version control system. The author who created the changes in the commit The person who committed or pushed the commit The text description of the contents of the commit Allows any undeclared elements as long as the elements are placed in a different namespace. Zero or more patches can be specified. Specifies an individual patch. Allows any undeclared elements as long as the elements are placed in a different namespace. The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality A patch which is not developed by the creators or maintainers of the software being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch A patch which dynamically modifies runtime behavior. Refer to https://en.wikipedia.org/wiki/Monkey_patch A patch which takes code from a newer version of software and applies it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting A patch created by selectively applying commits from other versions or branches of the same software. A fault, flaw, or bug in software A new feature or behavior in software A special type of defect which impacts security Specifies the optional text of the diff Specifies the URL to the diff Allows any undeclared elements as long as the elements are placed in a different namespace. An individual issue that has been resolved. The identifier of the issue assigned by the source of the issue The name of the issue A description of the issue The source of the issue where it is documented. The name of the source. For example "National Vulnerability Database", "NVD", and "Apache" The url of the issue documentation as provided by the source Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the type of issue The timestamp in which the action occurred The name of the individual who performed the action The email address of the individual who performed the action Allows any undeclared elements as long as the elements are placed in a different namespace. Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known. Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from. Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component. Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor. A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant. A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits. Notes, observations, and other non-structured commentary describing the components pedigree. Allows any undeclared elements as long as the elements are placed in a different namespace. References a component or service by the its bom-ref attribute User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The organization that provides the service. The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided. The name of the service. This will often be a shortened, single name of the service. The service version. Specifies a description for the service. A service endpoint URI. A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication. A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed. Specifies the data classification. Provides the ability to document external references related to the service. Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. A list of services included or deployed behind the parent service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies. Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies optional release notes. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the service elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies the data classification. Specifies the flow direction of the data. Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known. A valid SPDX license expression. Refer to https://spdx.org/specifications for syntax requirements Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies an aggregate type that describe how complete a relationship is. The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only. Allows any undeclared elements as long as the elements are placed in a different namespace. The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only. Allows any undeclared elements as long as the elements are placed in a different namespace. The relationship is complete. No further relationships including constituent components, services, or dependencies exist. The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. The relationship completeness is not specified. Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code MUST be lower case. If the country code is specified, the country code MUST be upper case. The language code and country code MUST be separated by a minus sign. Examples: en, en-US, fr, fr-CA The software versioning type. It is RECOMMENDED that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged. * major = A major release may contain significant changes or may introduce breaking changes. * minor = A minor release, also known as an update, may contain a smaller number of changes than major releases. * patch = Patch releases are typically unplanned and may resolve defects or important security issues. * pre-release = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability. * internal = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it. The title of the release. The URL to an image that may be prominently displayed with the release note. The URL to an image that may be used in messaging on social media platforms. A short description of the release. The date and time (timestamp) when the release note was created. One or more alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names). One or more tags that may aid in search or retrieval of the release note. A collection of issues that have been resolved. Zero or more release notes containing the locale and content. Multiple note elements may be specified to support release notes in a wide variety of languages. The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. Examples include: "en", "en-US", "fr" and "fr-CA". Specifies the full content of the release note. Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. References a component or service by the its bom-ref attribute User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies an individual property with a name and value. The name of the property. Duplicate names are allowed, each potentially having a different value. Defines a weakness in an component or service that could be exploited or triggered by a threat source. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The identifier that uniquely identifies the vulnerability. For example: CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. The source that published the vulnerability. Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence. A pointer to a vulnerability that is the equivalent of the vulnerability specified. The identifier that uniquely identifies the vulnerability. For example: CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. The source that published the vulnerability. Allows any undeclared elements as long as the elements are placed in a different namespace. List of vulnerability ratings. List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. For example 399 (of https://cwe.mitre.org/data/definitions/399.html) A description of the vulnerability as provided by the source. If available, an in-depth description of the vulnerability as provided by the source organization. Details often include examples, proof-of-concepts, and other information useful in understanding root cause. Recommendations of how the vulnerability can be remediated or mitigated. Published advisories of the vulnerability if provided. The date and time (timestamp) when the vulnerability record was created in the vulnerability database. The date and time (timestamp) when the vulnerability record was first published. The date and time (timestamp) when the vulnerability record was last updated. Individuals or organizations credited with the discovery of the vulnerability. The organizations credited with vulnerability discovery. The individuals, not associated with organizations, that are credited with vulnerability discovery. The tool(s) used to identify, confirm, or score the vulnerability. An assessment of the impact and exploitability of the vulnerability. Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. The rationale of why the impact analysis state was asserted. A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable. Detailed description of the impact including methods used during assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability. The components or services that are affected by the vulnerability. References a component or service by the objects bom-ref. Zero or more individual versions or range of versions. A single version of a component or service. A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst The vulnerability status for the version or range of versions. Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. The name of the source. For example: NVD, National Vulnerability Database, OSS Index, VulnDB, and GitHub Advisories The url of the vulnerability documentation as provided by the source. For example: https://nvd.nist.gov/vuln/detail/CVE-2021-39182 The source that calculated the severity or risk rating of the vulnerability. The numerical score of the rating. Textual representation of the severity that corresponds to the numerical score of the rating. The risk scoring methodology/standard used. Textual representation of the metric values used to score the vulnerability. An optional reason for rating the vulnerability as it was. An optional name of the advisory. Location where the advisory can be obtained. Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately. Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. The vulnerability has been remediated. The vulnerability has been remediated and evidence of the changes are provided in the affected components pedigree containing verifiable commit history and/or diff(s). The vulnerability may be directly or indirectly exploitable. The vulnerability is being investigated. The vulnerability is not specific to the component or service and was falsely identified or associated. The component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases. The rationale of why the impact analysis state was asserted. The code has been removed or tree-shaked. The vulnerable code is not invoked at runtime. Exploitability requires a configurable option to be set/unset. Exploitability requires a dependency that is not present. Exploitability requires a certain environment which is not present. Exploitability requires a compiler flag to be set/unset. Exploits are prevented at runtime. Attacks are blocked at physical, logical, or network perimeter. Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability. Specifies the severity or risk scoring methodology or standard used. The rating is based on CVSS v2 standard https://www.first.org/cvss/v2/ The rating is based on CVSS v3.0 standard https://www.first.org/cvss/v3-0/ The rating is based on CVSS v3.1 standard https://www.first.org/cvss/v3-1/ The rating is based on OWASP Risk Rating https://owasp.org/www-community/OWASP_Risk_Rating_Methodology Use this if the risk scoring methodology is not based on any of the options above The rationale of why the impact analysis state was asserted. The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status. Provides additional information about a BOM. A list of software and hardware components. A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services. Provides the ability to document external references related to the BOM or to the project the BOM describes. Provides the ability to document dependency relationships. Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Vulnerabilities identified in components or services. Allows any undeclared elements as long as the elements are placed in a different namespace. Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. The default version is '1'. Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. Use of serial numbers are RECOMMENDED. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.5.SNAPSHOT.schema.json000066400000000000000000005015211476011761300264340ustar00rootroot00000000000000{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/bom-1.5.schema.json", "type": "object", "title": "CycloneDX Software Bill of Materials Standard", "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", "required": [ "bomFormat", "specVersion" ], "additionalProperties": false, "properties": { "$schema": { "type": "string" }, "bomFormat": { "type": "string", "title": "BOM Format", "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces. This value MUST be \"CycloneDX\".", "enum": [ "CycloneDX" ] }, "specVersion": { "type": "string", "title": "CycloneDX Specification Version", "description": "The version of the CycloneDX specification a BOM conforms to (starting at version 1.2).", "examples": ["1.5"] }, "serialNumber": { "type": "string", "title": "BOM Serial Number", "description": "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. Use of serial numbers are RECOMMENDED.", "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" }, "version": { "type": "integer", "title": "BOM Version", "description": "Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. The default version is '1'.", "minimum": 1, "default": 1, "examples": [1] }, "metadata": { "$ref": "#/definitions/metadata", "title": "BOM Metadata", "description": "Provides additional information about a BOM." }, "components": { "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components." }, "services": { "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services." }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "dependencies": { "type": "array", "items": {"$ref": "#/definitions/dependency"}, "uniqueItems": true, "title": "Dependencies", "description": "Provides the ability to document dependency relationships." }, "compositions": { "type": "array", "items": {"$ref": "#/definitions/compositions"}, "uniqueItems": true, "title": "Compositions", "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described." }, "vulnerabilities": { "type": "array", "items": {"$ref": "#/definitions/vulnerability"}, "uniqueItems": true, "title": "Vulnerabilities", "description": "Vulnerabilities identified in components or services." }, "annotations": { "type": "array", "items": {"$ref": "#/definitions/annotations"}, "uniqueItems": true, "title": "Annotations", "description": "Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinion or commentary from various stakeholders. Annotations may be inline (with inventory) or externalized via BOM-Link, and may optionally be signed." }, "formulation": { "type": "array", "items": {"$ref": "#/definitions/formula"}, "uniqueItems": true, "title": "Formulation", "description": "Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "items": { "$ref": "#/definitions/property" } }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } }, "definitions": { "refType": { "description": "Identifier for referable and therefore interlink-able elements.", "type": "string", "minLength": 1, "$comment": "value SHOULD not start with the BOM-Link intro 'urn:cdx:'" }, "refLinkType": { "description": "Descriptor for an element identified by the attribute 'bom-ref' in the same BOM document.\nIn contrast to `bomLinkElementType`.", "allOf": [{"$ref": "#/definitions/refType"}] }, "bomLinkDocumentType": { "title": "BOM-Link Document", "description": "Descriptor for another BOM document. See https://cyclonedx.org/capabilities/bomlink/", "type": "string", "format": "iri-reference", "pattern": "^urn:cdx:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/[1-9][0-9]*$", "$comment": "part of the pattern is based on `bom.serialNumber`'s pattern" }, "bomLinkElementType": { "title": "BOM-Link Element", "description": "Descriptor for an element in a BOM document. See https://cyclonedx.org/capabilities/bomlink/", "type": "string", "format": "iri-reference", "pattern": "^urn:cdx:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/[1-9][0-9]*#.+$", "$comment": "part of the pattern is based on `bom.serialNumber`'s pattern" }, "bomLink": { "anyOf": [ { "title": "BOM-Link Document", "$ref": "#/definitions/bomLinkDocumentType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "metadata": { "type": "object", "title": "BOM Metadata Object", "additionalProperties": false, "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The date and time (timestamp) when the BOM was created." }, "lifecycles": { "type": "array", "title": "Lifecycles", "description": "", "items": { "type": "object", "title": "Lifecycle", "description": "The product lifecycle(s) that this BOM represents.", "oneOf": [ { "required": ["phase"], "additionalProperties": false, "properties": { "phase": { "type": "string", "title": "Phase", "description": "A pre-defined phase in the product lifecycle.\n\n* __design__ = BOM produced early in the development lifecycle containing inventory of components and services that are proposed or planned to be used. The inventory may need to be procured, retrieved, or resourced prior to use.\n* __pre-build__ = BOM consisting of information obtained prior to a build process and may contain source files and development artifacts and manifests. The inventory may need to be resolved and retrieved prior to use.\n* __build__ = BOM consisting of information obtained during a build process where component inventory is available for use. The precise versions of resolved components are usually available at this time as well as the provenance of where the components were retrieved from.\n* __post-build__ = BOM consisting of information obtained after a build process has completed and the resulting components(s) are available for further analysis. Built components may exist as the result of a CI/CD process, may have been installed or deployed to a system or device, and may need to be retrieved or extracted from the system or device.\n* __operations__ = BOM produced that represents inventory that is running and operational. This may include staging or production environments and will generally encompass multiple SBOMs describing the applications and operating system, along with HBOMs describing the hardware that makes up the system. Operations Bill of Materials (OBOM) can provide full-stack inventory of runtime environments, configurations, and additional dependencies.\n* __discovery__ = BOM consisting of information observed through network discovery providing point-in-time enumeration of embedded, on-premise, and cloud-native services such as server applications, connected devices, microservices, and serverless functions.\n* __decommission__ = BOM containing inventory that will be, or has been retired from operations.", "enum": [ "design", "pre-build", "build", "post-build", "operations", "discovery", "decommission" ] } } }, { "required": ["name"], "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the lifecycle phase" }, "description": { "type": "string", "title": "Description", "description": "The description of the lifecycle phase" } } } ] } }, "tools": { "oneOf": [ { "type": "object", "title": "Creation Tools", "description": "The tool(s) used in the creation of the BOM.", "additionalProperties": false, "properties": { "components": { "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components used as tools" }, "services": { "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services used as tools. This may include microservices, function-as-a-service, and other types of network or intra-process services." } } }, { "type": "array", "title": "Creation Tools (legacy)", "description": "[Deprecated] The tool(s) used in the creation of the BOM.", "items": {"$ref": "#/definitions/tool"} } ] }, "authors" :{ "type": "array", "title": "Authors", "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", "items": {"$ref": "#/definitions/organizationalContact"} }, "component": { "title": "Component", "description": "The component that the BOM describes.", "$ref": "#/definitions/component" }, "manufacture": { "title": "Manufacture", "description": "The organization that manufactured the component that the BOM describes.", "$ref": "#/definitions/organizationalEntity" }, "supplier": { "title": "Supplier", "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" }, "licenses": { "title": "BOM License(s)", "$ref": "#/definitions/licenseChoice" }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "items": {"$ref": "#/definitions/property"} } } }, "tool": { "type": "object", "title": "Tool", "description": "[Deprecated] - DO NOT USE. This will be removed in a future version. This will be removed in a future version. Use component or service instead. Information about the automated or manual tool used", "additionalProperties": false, "properties": { "vendor": { "type": "string", "title": "Tool Vendor", "description": "The name of the vendor who created the tool" }, "name": { "type": "string", "title": "Tool Name", "description": "The name of the tool" }, "version": { "type": "string", "title": "Tool Version", "description": "The version of the tool" }, "hashes": { "type": "array", "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the tool (if applicable)." }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." } } }, "organizationalEntity": { "type": "object", "title": "Organizational Entity Object", "description": "", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "name": { "type": "string", "title": "Name", "description": "The name of the organization", "examples": [ "Example Inc." ] }, "url": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "URL", "description": "The URL of the organization. Multiple URLs are allowed.", "examples": ["https://example.com"] }, "contact": { "type": "array", "title": "Contact", "description": "A contact at the organization. Multiple contacts are allowed.", "items": {"$ref": "#/definitions/organizationalContact"} } } }, "organizationalContact": { "type": "object", "title": "Organizational Contact Object", "description": "", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "name": { "type": "string", "title": "Name", "description": "The name of a contact", "examples": ["Contact name"] }, "email": { "type": "string", "format": "idn-email", "title": "Email Address", "description": "The email address of the contact.", "examples": ["firstname.lastname@example.com"] }, "phone": { "type": "string", "title": "Phone", "description": "The phone number of the contact.", "examples": ["800-555-1212"] } } }, "component": { "type": "object", "title": "Component Object", "required": [ "type", "name" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "application", "framework", "library", "container", "platform", "operating-system", "device", "device-driver", "firmware", "file", "machine-learning-model", "data" ], "title": "Component Type", "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component. Types include:\n\n* __application__ = A software application. Refer to [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) for information about applications.\n* __framework__ = A software framework. Refer to [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) for information on how frameworks vary slightly from libraries.\n* __library__ = A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing))\n for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is RECOMMENDED.\n* __container__ = A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization)\n* __platform__ = A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms.\n* __operating-system__ = A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system)\n* __device__ = A hardware device such as a processor, or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device.\n See also the list of [known device properties](https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md).\n* __device-driver__ = A special type of software that operates or controls a particular type of device. Refer to [https://en.wikipedia.org/wiki/Device_driver](https://en.wikipedia.org/wiki/Device_driver)\n* __firmware__ = A special type of software that provides low-level control over a devices hardware. Refer to [https://en.wikipedia.org/wiki/Firmware](https://en.wikipedia.org/wiki/Firmware)\n* __file__ = A computer file. Refer to [https://en.wikipedia.org/wiki/Computer_file](https://en.wikipedia.org/wiki/Computer_file) for information about files.\n* __machine-learning-model__ = A model based on training data that can make predictions or decisions without being explicitly programmed to do so.\n* __data__ = A collection of discrete values that convey information.", "examples": ["library"] }, "mime-type": { "type": "string", "title": "Mime-Type", "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", "examples": ["image/jpeg"], "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" }, "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "supplier": { "title": "Component Supplier", "description": " The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" }, "author": { "type": "string", "title": "Component Author", "description": "The person(s) or organization(s) that authored the component", "examples": ["Acme Inc"] }, "publisher": { "type": "string", "title": "Component Publisher", "description": "The person(s) or organization(s) that published the component", "examples": ["Acme Inc"] }, "group": { "type": "string", "title": "Component Group", "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", "examples": ["com.acme"] }, "name": { "type": "string", "title": "Component Name", "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", "examples": ["tomcat-catalina"] }, "version": { "type": "string", "title": "Component Version", "description": "The component version. The version should ideally comply with semantic versioning but is not enforced.", "examples": ["9.0.14"] }, "description": { "type": "string", "title": "Component Description", "description": "Specifies a description for the component" }, "scope": { "type": "string", "enum": [ "required", "optional", "excluded" ], "title": "Component Scope", "description": "Specifies the scope of the component. If scope is not specified, 'required' scope SHOULD be assumed by the consumer of the BOM.", "default": "required" }, "hashes": { "type": "array", "title": "Component Hashes", "items": {"$ref": "#/definitions/hash"} }, "licenses": { "$ref": "#/definitions/licenseChoice", "title": "Component License(s)" }, "copyright": { "type": "string", "title": "Component Copyright", "description": "A copyright notice informing users of the underlying claims to copyright ownership in a published work.", "examples": ["Acme Inc"] }, "cpe": { "type": "string", "title": "Component Common Platform Enumeration (CPE)", "description": "Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See [https://nvd.nist.gov/products/cpe](https://nvd.nist.gov/products/cpe)", "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"] }, "purl": { "type": "string", "title": "Component Package URL (purl)", "description": "Specifies the package-url (purl). The purl, if specified, MUST be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec)", "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"] }, "swid": { "$ref": "#/definitions/swid", "title": "SWID Tag", "description": "Specifies metadata and content for [ISO-IEC 19770-2 Software Identification (SWID) Tags](https://www.iso.org/standard/65666.html)." }, "modified": { "type": "boolean", "title": "Component Modified From Original", "description": "[Deprecated] - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating if the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." }, "pedigree": { "type": "object", "title": "Component Pedigree", "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", "additionalProperties": false, "properties": { "ancestors": { "type": "array", "title": "Ancestors", "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", "items": {"$ref": "#/definitions/component"} }, "descendants": { "type": "array", "title": "Descendants", "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", "items": {"$ref": "#/definitions/component"} }, "variants": { "type": "array", "title": "Variants", "description": "Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", "items": {"$ref": "#/definitions/component"} }, "commits": { "type": "array", "title": "Commits", "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", "items": {"$ref": "#/definitions/commit"} }, "patches": { "type": "array", "title": "Patches", "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.", "items": {"$ref": "#/definitions/patch"} }, "notes": { "type": "string", "title": "Notes", "description": "Notes, observations, and other non-structured commentary describing the components pedigree." } } }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "components": { "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system → subsystem → parts assembly in physical supply chains." }, "evidence": { "$ref": "#/definitions/componentEvidence", "title": "Evidence", "description": "Provides the ability to document evidence collected through various forms of extraction or analysis." }, "releaseNotes": { "$ref": "#/definitions/releaseNotes", "title": "Release notes", "description": "Specifies optional release notes." }, "modelCard": { "$ref": "#/definitions/modelCard", "title": "Machine Learning Model Card" }, "data": { "type": "array", "items": {"$ref": "#/definitions/componentData"}, "title": "Data", "description": "This object SHOULD be specified for any component of type `data` and MUST NOT be specified for other component types." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "items": {"$ref": "#/definitions/property"} }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "swid": { "type": "object", "title": "SWID Tag", "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", "required": [ "tagId", "name" ], "additionalProperties": false, "properties": { "tagId": { "type": "string", "title": "Tag ID", "description": "Maps to the tagId of a SoftwareIdentity." }, "name": { "type": "string", "title": "Name", "description": "Maps to the name of a SoftwareIdentity." }, "version": { "type": "string", "title": "Version", "default": "0.0", "description": "Maps to the version of a SoftwareIdentity." }, "tagVersion": { "type": "integer", "title": "Tag Version", "default": 0, "description": "Maps to the tagVersion of a SoftwareIdentity." }, "patch": { "type": "boolean", "title": "Patch", "default": false, "description": "Maps to the patch of a SoftwareIdentity." }, "text": { "title": "Attachment text", "description": "Specifies the metadata and content of the SWID tag.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "description": "The URL to the SWID file.", "format": "iri-reference" } } }, "attachment": { "type": "object", "title": "Attachment", "description": "Specifies the metadata and content for an attachment.", "required": [ "content" ], "additionalProperties": false, "properties": { "contentType": { "type": "string", "title": "Content-Type", "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", "default": "text/plain" }, "encoding": { "type": "string", "title": "Encoding", "description": "Specifies the optional encoding the text is represented in.", "enum": [ "base64" ] }, "content": { "type": "string", "title": "Attachment Text", "description": "The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text." } } }, "hash": { "type": "object", "title": "Hash Objects", "required": [ "alg", "content" ], "additionalProperties": false, "properties": { "alg": { "$ref": "#/definitions/hash-alg" }, "content": { "$ref": "#/definitions/hash-content" } } }, "hash-alg": { "type": "string", "enum": [ "MD5", "SHA-1", "SHA-256", "SHA-384", "SHA-512", "SHA3-256", "SHA3-384", "SHA3-512", "BLAKE2b-256", "BLAKE2b-384", "BLAKE2b-512", "BLAKE3" ], "title": "Hash Algorithm" }, "hash-content": { "type": "string", "title": "Hash Content (value)", "examples": ["3942447fac867ae5cdb3229b658f4d48"], "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" }, "license": { "type": "object", "title": "License Object", "oneOf": [ { "required": ["id"] }, { "required": ["name"] } ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "id": { "$ref": "spdx.SNAPSHOT.schema.json", "title": "License ID (SPDX)", "description": "A valid SPDX license ID", "examples": ["Apache-2.0"] }, "name": { "type": "string", "title": "License Name", "description": "If SPDX does not define the license used, this field may be used to provide the license name", "examples": ["Acme Software License"] }, "text": { "title": "License text", "description": "An optional way to include the textual content of a license.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "License URL", "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], "format": "iri-reference" }, "licensing": { "type": "object", "title": "Licensing information", "description": "Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata", "additionalProperties": false, "properties": { "altIds": { "type": "array", "title": "Alternate License Identifiers", "description": "License identifiers that may be used to manage licenses and their lifecycle", "items": { "type": "string" } }, "licensor": { "title": "Licensor", "description": "The individual or organization that grants a license to another individual or organization", "type": "object", "additionalProperties": false, "properties": { "organization": { "title": "Licensor (Organization)", "description": "The organization that granted the license", "$ref": "#/definitions/organizationalEntity" }, "individual": { "title": "Licensor (Individual)", "description": "The individual, not associated with an organization, that granted the license", "$ref": "#/definitions/organizationalContact" } }, "oneOf":[ { "required": ["organization"] }, { "required": ["individual"] } ] }, "licensee": { "title": "Licensee", "description": "The individual or organization for which a license was granted to", "type": "object", "additionalProperties": false, "properties": { "organization": { "title": "Licensee (Organization)", "description": "The organization that was granted the license", "$ref": "#/definitions/organizationalEntity" }, "individual": { "title": "Licensee (Individual)", "description": "The individual, not associated with an organization, that was granted the license", "$ref": "#/definitions/organizationalContact" } }, "oneOf":[ { "required": ["organization"] }, { "required": ["individual"] } ] }, "purchaser": { "title": "Purchaser", "description": "The individual or organization that purchased the license", "type": "object", "additionalProperties": false, "properties": { "organization": { "title": "Purchaser (Organization)", "description": "The organization that purchased the license", "$ref": "#/definitions/organizationalEntity" }, "individual": { "title": "Purchaser (Individual)", "description": "The individual, not associated with an organization, that purchased the license", "$ref": "#/definitions/organizationalContact" } }, "oneOf":[ { "required": ["organization"] }, { "required": ["individual"] } ] }, "purchaseOrder": { "type": "string", "title": "Purchase Order", "description": "The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase" }, "licenseTypes": { "type": "array", "title": "License Type", "description": "The type of license(s) that was granted to the licensee\n\n* __academic__ = A license that grants use of software solely for the purpose of education or research.\n* __appliance__ = A license covering use of software embedded in a specific piece of hardware.\n* __client-access__ = A Client Access License (CAL) allows client computers to access services provided by server software.\n* __concurrent-user__ = A Concurrent User license (aka floating license) limits the number of licenses for a software application and licenses are shared among a larger number of users.\n* __core-points__ = A license where the core of a computer's processor is assigned a specific number of points.\n* __custom-metric__ = A license for which consumption is measured by non-standard metrics.\n* __device__ = A license that covers a defined number of installations on computers and other types of devices.\n* __evaluation__ = A license that grants permission to install and use software for trial purposes.\n* __named-user__ = A license that grants access to the software to one or more pre-defined users.\n* __node-locked__ = A license that grants access to the software on one or more pre-defined computers or devices.\n* __oem__ = An Original Equipment Manufacturer license that is delivered with hardware, cannot be transferred to other hardware, and is valid for the life of the hardware.\n* __perpetual__ = A license where the software is sold on a one-time basis and the licensee can use a copy of the software indefinitely.\n* __processor-points__ = A license where each installation consumes points per processor.\n* __subscription__ = A license where the licensee pays a fee to use the software or service.\n* __user__ = A license that grants access to the software or service by a specified number of users.\n* __other__ = Another license type.\n", "items": { "type": "string", "enum": [ "academic", "appliance", "client-access", "concurrent-user", "core-points", "custom-metric", "device", "evaluation", "named-user", "node-locked", "oem", "perpetual", "processor-points", "subscription", "user", "other" ] } }, "lastRenewal": { "type": "string", "format": "date-time", "title": "Last Renewal", "description": "The timestamp indicating when the license was last renewed. For new purchases, this is often the purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of when the license was last renewed." }, "expiration": { "type": "string", "format": "date-time", "title": "Expiration", "description": "The timestamp indicating when the current license expires (if applicable)." } } }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "items": {"$ref": "#/definitions/property"} } } }, "licenseChoice": { "title": "License Choice", "description": "EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)", "type": "array", "oneOf": [ { "title": "Multiple licenses", "description": "A list of SPDX licenses and/or named licenses.", "type": "array", "items": { "type": "object", "required": ["license"], "additionalProperties": false, "properties": { "license": {"$ref": "#/definitions/license"} } } }, { "title": "SPDX License Expression", "description": "A tuple of exactly one SPDX License Expression.", "type": "array", "additionalItems": false, "minItems": 1, "maxItems": 1, "items": [{ "type": "object", "additionalProperties": false, "required": ["expression"], "properties": { "expression": { "type": "string", "title": "SPDX License Expression", "examples": [ "Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0" ] }, "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." } } }] } ] }, "commit": { "type": "object", "title": "Commit", "description": "Specifies an individual commit", "additionalProperties": false, "properties": { "uid": { "type": "string", "title": "UID", "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes." }, "url": { "type": "string", "title": "URL", "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", "format": "iri-reference" }, "author": { "title": "Author", "description": "The author who created the changes in the commit", "$ref": "#/definitions/identifiableAction" }, "committer": { "title": "Committer", "description": "The person who committed or pushed the commit", "$ref": "#/definitions/identifiableAction" }, "message": { "type": "string", "title": "Message", "description": "The text description of the contents of the commit" } } }, "patch": { "type": "object", "title": "Patch", "description": "Specifies an individual patch", "required": [ "type" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "unofficial", "monkey", "backport", "cherry-pick" ], "title": "Type", "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality.\n\n* __unofficial__ = A patch which is not developed by the creators or maintainers of the software being patched. Refer to [https://en.wikipedia.org/wiki/Unofficial_patch](https://en.wikipedia.org/wiki/Unofficial_patch)\n* __monkey__ = A patch which dynamically modifies runtime behavior. Refer to [https://en.wikipedia.org/wiki/Monkey_patch](https://en.wikipedia.org/wiki/Monkey_patch)\n* __backport__ = A patch which takes code from a newer version of software and applies it to older versions of the same software. Refer to [https://en.wikipedia.org/wiki/Backporting](https://en.wikipedia.org/wiki/Backporting)\n* __cherry-pick__ = A patch created by selectively applying commits from other versions or branches of the same software." }, "diff": { "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to [https://en.wikipedia.org/wiki/Diff](https://en.wikipedia.org/wiki/Diff)", "$ref": "#/definitions/diff" }, "resolves": { "type": "array", "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues the patch resolves" } } }, "diff": { "type": "object", "title": "Diff", "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", "additionalProperties": false, "properties": { "text": { "title": "Diff text", "description": "Specifies the optional text of the diff", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "description": "Specifies the URL to the diff", "format": "iri-reference" } } }, "issue": { "type": "object", "title": "Diff", "description": "An individual issue that has been resolved.", "required": [ "type" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "defect", "enhancement", "security" ], "title": "Type", "description": "Specifies the type of issue" }, "id": { "type": "string", "title": "ID", "description": "The identifier of the issue assigned by the source of the issue" }, "name": { "type": "string", "title": "Name", "description": "The name of the issue" }, "description": { "type": "string", "title": "Description", "description": "A description of the issue" }, "source": { "type": "object", "title": "Source", "description": "The source of the issue where it is documented", "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache'" }, "url": { "type": "string", "title": "URL", "description": "The url of the issue documentation as provided by the source", "format": "iri-reference" } } }, "references": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "References", "description": "A collection of URL's for reference. Multiple URLs are allowed.", "examples": ["https://example.com"] } } }, "identifiableAction": { "type": "object", "title": "Identifiable Action", "description": "Specifies an individual commit", "additionalProperties": false, "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The timestamp in which the action occurred" }, "name": { "type": "string", "title": "Name", "description": "The name of the individual who performed the action" }, "email": { "type": "string", "format": "idn-email", "title": "E-mail", "description": "The email address of the individual who performed the action" } } }, "externalReference": { "type": "object", "title": "External Reference", "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM.", "required": [ "url", "type" ], "additionalProperties": false, "properties": { "url": { "anyOf": [ { "title": "URL", "type": "string", "format": "iri-reference" }, { "title": "BOM-Link", "$ref": "#/definitions/bomLink" } ], "title": "URL", "description": "The URI (URL or URN) to the external reference. External references are URIs and therefore can accept any URL scheme including https ([RFC-7230](https://www.ietf.org/rfc/rfc7230.txt)), mailto ([RFC-2368](https://www.ietf.org/rfc/rfc2368.txt)), tel ([RFC-3966](https://www.ietf.org/rfc/rfc3966.txt)), and dns ([RFC-4501](https://www.ietf.org/rfc/rfc4501.txt)). External references may also include formally registered URNs such as [CycloneDX BOM-Link](https://cyclonedx.org/capabilities/bomlink/) to reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external references into relationships that can be expressed in a BOM or across BOMs." }, "comment": { "type": "string", "title": "Comment", "description": "An optional comment describing the external reference" }, "type": { "type": "string", "title": "Type", "description": "Specifies the type of external reference.\n\n* __vcs__ = Version Control System\n* __issue-tracker__ = Issue or defect tracking system, or an Application Lifecycle Management (ALM) system\n* __website__ = Website\n* __advisories__ = Security advisories\n* __bom__ = Bill of Materials (SBOM, OBOM, HBOM, SaaSBOM, etc)\n* __mailing-list__ = Mailing list or discussion group\n* __social__ = Social media account\n* __chat__ = Real-time chat platform\n* __documentation__ = Documentation, guides, or how-to instructions\n* __support__ = Community or commercial support\n* __distribution__ = Direct or repository download location\n* __distribution-intake__ = The location where a component was published to. This is often the same as \"distribution\" but may also include specialized publishing processes that act as an intermediary\n* __license__ = The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness\n* __build-meta__ = Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc)\n* __build-system__ = URL to an automated build system\n* __release-notes__ = URL to release notes\n* __security-contact__ = Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501) that specifies the records containing DNS Security TXT\n* __model-card__ = A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency\n* __log__ = A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations\n* __configuration__ = Parameters or settings that may be used by other components or services\n* __evidence__ = Information used to substantiate a claim\n* __formulation__ = Describes how a component or service was manufactured or deployed\n* __attestation__ = Human or machine-readable statements containing facts, evidence, or testimony\n* __threat-model__ = An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format\n* __adversary-model__ = The defined assumptions, goals, and capabilities of an adversary.\n* __risk-assessment__ = Identifies and analyzes the potential of future events that may negatively impact individuals, assets, and/or the environment. Risk assessments may also include judgments on the tolerability of each risk.\n* __vulnerability-assertion__ = A Vulnerability Disclosure Report (VDR) which asserts the known and previously unknown vulnerabilities that affect a component, service, or product including the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on a component, service, or product.\n* __exploitability-statement__ = A Vulnerability Exploitability eXchange (VEX) which asserts the known vulnerabilities that do not affect a product, product family, or organization, and optionally the ones that do. The VEX should include the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on the product, product family, or organization.\n* __pentest-report__ = Results from an authorized simulated cyberattack on a component or service, otherwise known as a penetration test\n* __static-analysis-report__ = SARIF or proprietary machine or human-readable report for which static analysis has identified code quality, security, and other potential issues with the source code\n* __dynamic-analysis-report__ = Dynamic analysis report that has identified issues such as vulnerabilities and misconfigurations\n* __runtime-analysis-report__ = Report generated by analyzing the call stack of a running application\n* __component-analysis-report__ = Report generated by Software Composition Analysis (SCA), container analysis, or other forms of component analysis\n* __maturity-report__ = Report containing a formal assessment of an organization, business unit, or team against a maturity model\n* __certification-report__ = Industry, regulatory, or other certification from an accredited (if applicable) certification body\n* __quality-metrics__ = Report or system in which quality metrics can be obtained\n* __codified-infrastructure__ = Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC)\n* __poam__ = Plans of Action and Milestones (POAM) compliment an \"attestation\" external reference. POAM is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".\n* __other__ = Use this if no other types accurately describe the purpose of the external reference", "enum": [ "vcs", "issue-tracker", "website", "advisories", "bom", "mailing-list", "social", "chat", "documentation", "support", "distribution", "distribution-intake", "license", "build-meta", "build-system", "release-notes", "security-contact", "model-card", "log", "configuration", "evidence", "formulation", "attestation", "threat-model", "adversary-model", "risk-assessment", "vulnerability-assertion", "exploitability-statement", "pentest-report", "static-analysis-report", "dynamic-analysis-report", "runtime-analysis-report", "component-analysis-report", "maturity-report", "certification-report", "codified-infrastructure", "quality-metrics", "poam", "other" ] }, "hashes": { "type": "array", "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the external reference (if applicable)." } } }, "dependency": { "type": "object", "title": "Dependency", "description": "Defines the direct dependencies of a component or service. Components or services that do not have their own dependencies MUST be declared as empty elements within the graph. Components or services that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a object being dependency-free. It is RECOMMENDED to leverage compositions to indicate unknown dependency graphs.", "required": [ "ref" ], "additionalProperties": false, "properties": { "ref": { "$ref": "#/definitions/refLinkType", "title": "Reference", "description": "References a component or service by its bom-ref attribute" }, "dependsOn": { "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/refLinkType" }, "title": "Depends On", "description": "The bom-ref identifiers of the components or services that are dependencies of this dependency object." } } }, "service": { "type": "object", "title": "Service Object", "required": [ "name" ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "provider": { "title": "Provider", "description": "The organization that provides the service.", "$ref": "#/definitions/organizationalEntity" }, "group": { "type": "string", "title": "Service Group", "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", "examples": ["com.acme"] }, "name": { "type": "string", "title": "Service Name", "description": "The name of the service. This will often be a shortened, single name of the service.", "examples": ["ticker-service"] }, "version": { "type": "string", "title": "Service Version", "description": "The service version.", "examples": ["1.0.0"] }, "description": { "type": "string", "title": "Service Description", "description": "Specifies a description for the service" }, "endpoints": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "Endpoints", "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", "examples": ["https://example.com/api/v1/ticker"] }, "authenticated": { "type": "boolean", "title": "Authentication Required", "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." }, "x-trust-boundary": { "type": "boolean", "title": "Crosses Trust Boundary", "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." }, "trustZone": { "type": "string", "title": "Trust Zone", "description": "The name of the trust zone the service resides in." }, "data": { "type": "array", "items": {"$ref": "#/definitions/serviceData"}, "title": "Data", "description": "Specifies information about the data including the directional flow of data and the data classification." }, "licenses": { "$ref": "#/definitions/licenseChoice", "title": "Component License(s)" }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "services": { "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services included or deployed behind the parent service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies." }, "releaseNotes": { "$ref": "#/definitions/releaseNotes", "title": "Release notes", "description": "Specifies optional release notes." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "items": {"$ref": "#/definitions/property"} }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "serviceData": { "type": "object", "title": "Hash Objects", "required": [ "flow", "classification" ], "additionalProperties": false, "properties": { "flow": { "$ref": "#/definitions/dataFlowDirection", "title": "Directional Flow", "description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known." }, "classification": { "$ref": "#/definitions/dataClassification" }, "name": { "type": "string", "title": "Name", "description": "Name for the defined data", "examples": [ "Credit card reporting" ] }, "description": { "type": "string", "title": "Description", "description": "Short description of the data content and usage", "examples": [ "Credit card information being exchanged in between the web app and the database" ] }, "governance": { "type": "object", "title": "Data Governance", "$ref": "#/definitions/dataGovernance" }, "source": { "type": "array", "items": { "anyOf": [ { "title": "URL", "type": "string", "format": "iri-reference" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "title": "Source", "description": "The URI, URL, or BOM-Link of the components or services the data came in from" }, "destination": { "type": "array", "items": { "anyOf": [ { "title": "URL", "type": "string", "format": "iri-reference" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "title": "Destination", "description": "The URI, URL, or BOM-Link of the components or services the data is sent to" } } }, "dataFlowDirection": { "type": "string", "enum": [ "inbound", "outbound", "bi-directional", "unknown" ], "title": "Data flow direction", "description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known." }, "copyright": { "type": "object", "title": "Copyright", "required": [ "text" ], "additionalProperties": false, "properties": { "text": { "type": "string", "title": "Copyright Text" } } }, "componentEvidence": { "type": "object", "title": "Evidence", "description": "Provides the ability to document evidence collected through various forms of extraction or analysis.", "additionalProperties": false, "properties": { "identity": { "type": "object", "description": "Evidence that substantiates the identity of a component.", "required": [ "field" ], "additionalProperties": false, "properties": { "field": { "type": "string", "enum": [ "group", "name", "version", "purl", "cpe", "swid", "hash" ], "title": "Field", "description": "The identity field of the component which the evidence describes." }, "confidence": { "type": "number", "minimum": 0, "maximum": 1, "title": "Confidence", "description": "The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence." }, "methods": { "type": "array", "title": "Methods", "description": "The methods used to extract and/or analyze the evidence.", "items": { "type": "object", "required": [ "technique" , "confidence" ], "additionalProperties": false, "properties": { "technique": { "title": "Technique", "description": "The technique used in this method of analysis.", "type": "string", "enum": [ "source-code-analysis", "binary-analysis", "manifest-analysis", "ast-fingerprint", "hash-comparison", "instrumentation", "dynamic-analysis", "filename", "attestation", "other" ] }, "confidence": { "type": "number", "minimum": 0, "maximum": 1, "title": "Confidence", "description": "The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is specific to the technique used. Each technique of analysis can have independent confidence." }, "value": { "type": "string", "title": "Value", "description": "The value or contents of the evidence." } } } }, "tools": { "type": "array", "uniqueItems": true, "items": { "anyOf": [ { "title": "Ref", "$ref": "#/definitions/refLinkType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "title": "BOM References", "description": "The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs. Tools used for analysis should already be defined in the BOM, either in the metadata/tools, components, or formulation." } } }, "occurrences": { "type": "array", "title": "Occurrences", "description": "Evidence of individual instances of a component spread across multiple locations.", "items": { "type": "object", "required": [ "location" ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "location": { "type": "string", "title": "Location", "description": "The location or path to where the component was found." } } } }, "callstack": { "type": "object", "description": "Evidence of the components use through the callstack.", "additionalProperties": false, "properties": { "frames": { "type": "array", "title": "Methods", "items": { "type": "object", "required": [ "module" ], "additionalProperties": false, "properties": { "package": { "title": "Package", "description": "A package organizes modules into namespaces, providing a unique namespace for each type it contains.", "type": "string" }, "module": { "title": "Module", "description": "A module or class that encloses functions/methods and other code.", "type": "string" }, "function": { "title": "Function", "description": "A block of code designed to perform a particular task.", "type": "string" }, "parameters": { "title": "Parameters", "description": "Optional arguments that are passed to the module or function.", "type": "array", "items": { "type": "string" } }, "line": { "title": "Line", "description": "The line number the code that is called resides on.", "type": "integer" }, "column": { "title": "Column", "description": "The column the code that is called resides.", "type": "integer" }, "fullFilename": { "title": "Full Filename", "description": "The full path and filename of the module.", "type": "string" } } } } } }, "licenses": { "$ref": "#/definitions/licenseChoice", "title": "Component License(s)" }, "copyright": { "type": "array", "items": {"$ref": "#/definitions/copyright"}, "title": "Copyright" } } }, "compositions": { "type": "object", "title": "Compositions", "required": [ "aggregate" ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "aggregate": { "$ref": "#/definitions/aggregateType", "title": "Aggregate", "description": "Specifies an aggregate type that describe how complete a relationship is.\n\n* __complete__ = The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist.\n* __incomplete__ = The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies.\n* __incomplete_first_party_only__ = The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented.\n* __incomplete_first_party_proprietary_only__ = The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.\n* __incomplete_first_party_opensource_only__ = The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource.\n* __incomplete_third_party_only__ = The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented.\n* __incomplete_third_party_proprietary_only__ = The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.\n* __incomplete_third_party_opensource_only__ = The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource.\n* __unknown__ = The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive.\n* __not_specified__ = The relationship completeness is not specified.\n" }, "assemblies": { "type": "array", "uniqueItems": true, "items": { "anyOf": [ { "title": "Ref", "$ref": "#/definitions/refLinkType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "title": "BOM references", "description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only." }, "dependencies": { "type": "array", "uniqueItems": true, "items": { "type": "string" }, "title": "BOM references", "description": "The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only." }, "vulnerabilities": { "type": "array", "uniqueItems": true, "items": { "type": "string" }, "title": "BOM references", "description": "The bom-ref identifiers of the vulnerabilities being described." }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "aggregateType": { "type": "string", "default": "not_specified", "enum": [ "complete", "incomplete", "incomplete_first_party_only", "incomplete_first_party_proprietary_only", "incomplete_first_party_opensource_only", "incomplete_third_party_only", "incomplete_third_party_proprietary_only", "incomplete_third_party_opensource_only", "unknown", "not_specified" ] }, "property": { "type": "object", "title": "Lightweight name-value pair", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the property. Duplicate names are allowed, each potentially having a different value." }, "value": { "type": "string", "title": "Value", "description": "The value of the property." } } }, "localeType": { "type": "string", "pattern": "^([a-z]{2})(-[A-Z]{2})?$", "title": "Locale", "description": "Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code MUST be lower case. If the country code is specified, the country code MUST be upper case. The language code and country code MUST be separated by a minus sign. Examples: en, en-US, fr, fr-CA" }, "releaseType": { "type": "string", "examples": [ "major", "minor", "patch", "pre-release", "internal" ], "description": "The software versioning type. It is RECOMMENDED that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged.\n\n* __major__ = A major release may contain significant changes or may introduce breaking changes.\n* __minor__ = A minor release, also known as an update, may contain a smaller number of changes than major releases.\n* __patch__ = Patch releases are typically unplanned and may resolve defects or important security issues.\n* __pre-release__ = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability.\n* __internal__ = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it." }, "note": { "type": "object", "title": "Note", "description": "A note containing the locale and content.", "required": [ "text" ], "additionalProperties": false, "properties": { "locale": { "$ref": "#/definitions/localeType", "title": "Locale", "description": "The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. Examples include: \"en\", \"en-US\", \"fr\" and \"fr-CA\"" }, "text": { "title": "Release note content", "description": "Specifies the full content of the release note.", "$ref": "#/definitions/attachment" } } }, "releaseNotes": { "type": "object", "title": "Release notes", "required": [ "type" ], "additionalProperties": false, "properties": { "type": { "$ref": "#/definitions/releaseType", "title": "Type", "description": "The software versioning type the release note describes." }, "title": { "type": "string", "title": "Title", "description": "The title of the release." }, "featuredImage": { "type": "string", "format": "iri-reference", "title": "Featured image", "description": "The URL to an image that may be prominently displayed with the release note." }, "socialImage": { "type": "string", "format": "iri-reference", "title": "Social image", "description": "The URL to an image that may be used in messaging on social media platforms." }, "description": { "type": "string", "title": "Description", "description": "A short description of the release." }, "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The date and time (timestamp) when the release note was created." }, "aliases": { "type": "array", "items": { "type": "string" }, "title": "Aliases", "description": "One or more alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names)." }, "tags": { "type": "array", "items": { "type": "string" }, "title": "Tags", "description": "One or more tags that may aid in search or retrieval of the release note." }, "resolves": { "type": "array", "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues that have been resolved." }, "notes": { "type": "array", "items": {"$ref": "#/definitions/note"}, "title": "Notes", "description": "Zero or more release notes containing the locale and content. Multiple note objects may be specified to support release notes in a wide variety of languages." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "items": {"$ref": "#/definitions/property"} } } }, "advisory": { "type": "object", "title": "Advisory", "description": "Title and location where advisory information can be obtained. An advisory is a notification of a threat to a component, service, or system.", "required": ["url"], "additionalProperties": false, "properties": { "title": { "type": "string", "title": "Title", "description": "An optional name of the advisory." }, "url": { "type": "string", "title": "URL", "format": "iri-reference", "description": "Location where the advisory can be obtained." } } }, "cwe": { "type": "integer", "minimum": 1, "title": "CWE", "description": "Integer representation of a Common Weaknesses Enumerations (CWE). For example 399 (of https://cwe.mitre.org/data/definitions/399.html)" }, "severity": { "type": "string", "title": "Severity", "description": "Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately.", "enum": [ "critical", "high", "medium", "low", "info", "none", "unknown" ] }, "scoreMethod": { "type": "string", "title": "Method", "description": "Specifies the severity or risk scoring methodology or standard used.\n\n* CVSSv2 - [Common Vulnerability Scoring System v2](https://www.first.org/cvss/v2/)\n* CVSSv3 - [Common Vulnerability Scoring System v3](https://www.first.org/cvss/v3-0/)\n* CVSSv31 - [Common Vulnerability Scoring System v3.1](https://www.first.org/cvss/v3-1/)\n* CVSSv4 - [Common Vulnerability Scoring System v4](https://www.first.org/cvss/v4-0/)\n* OWASP - [OWASP Risk Rating Methodology](https://owasp.org/www-community/OWASP_Risk_Rating_Methodology)\n* SSVC - [Stakeholder Specific Vulnerability Categorization](https://github.com/CERTCC/SSVC) (all versions)", "enum": [ "CVSSv2", "CVSSv3", "CVSSv31", "CVSSv4", "OWASP", "SSVC", "other" ] }, "impactAnalysisState": { "type": "string", "title": "Impact Analysis State", "description": "Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. \n\n* __resolved__ = the vulnerability has been remediated. \n* __resolved\\_with\\_pedigree__ = the vulnerability has been remediated and evidence of the changes are provided in the affected components pedigree containing verifiable commit history and/or diff(s). \n* __exploitable__ = the vulnerability may be directly or indirectly exploitable. \n* __in\\_triage__ = the vulnerability is being investigated. \n* __false\\_positive__ = the vulnerability is not specific to the component or service and was falsely identified or associated. \n* __not\\_affected__ = the component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases.", "enum": [ "resolved", "resolved_with_pedigree", "exploitable", "in_triage", "false_positive", "not_affected" ] }, "impactAnalysisJustification": { "type": "string", "title": "Impact Analysis Justification", "description": "The rationale of why the impact analysis state was asserted. \n\n* __code\\_not\\_present__ = the code has been removed or tree-shaked. \n* __code\\_not\\_reachable__ = the vulnerable code is not invoked at runtime. \n* __requires\\_configuration__ = exploitability requires a configurable option to be set/unset. \n* __requires\\_dependency__ = exploitability requires a dependency that is not present. \n* __requires\\_environment__ = exploitability requires a certain environment which is not present. \n* __protected\\_by\\_compiler__ = exploitability requires a compiler flag to be set/unset. \n* __protected\\_at\\_runtime__ = exploits are prevented at runtime. \n* __protected\\_at\\_perimeter__ = attacks are blocked at physical, logical, or network perimeter. \n* __protected\\_by\\_mitigating\\_control__ = preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability.", "enum": [ "code_not_present", "code_not_reachable", "requires_configuration", "requires_dependency", "requires_environment", "protected_by_compiler", "protected_at_runtime", "protected_at_perimeter", "protected_by_mitigating_control" ] }, "rating": { "type": "object", "title": "Rating", "description": "Defines the severity or risk ratings of a vulnerability.", "additionalProperties": false, "properties": { "source": { "$ref": "#/definitions/vulnerabilitySource", "description": "The source that calculated the severity or risk rating of the vulnerability." }, "score": { "type": "number", "title": "Score", "description": "The numerical score of the rating." }, "severity": { "$ref": "#/definitions/severity", "description": "Textual representation of the severity that corresponds to the numerical score of the rating." }, "method": { "$ref": "#/definitions/scoreMethod" }, "vector": { "type": "string", "title": "Vector", "description": "Textual representation of the metric values used to score the vulnerability" }, "justification": { "type": "string", "title": "Justification", "description": "An optional reason for rating the vulnerability as it was" } } }, "vulnerabilitySource": { "type": "object", "title": "Source", "description": "The source of vulnerability information. This is often the organization that published the vulnerability.", "additionalProperties": false, "properties": { "url": { "type": "string", "title": "URL", "description": "The url of the vulnerability documentation as provided by the source.", "examples": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-39182" ] }, "name": { "type": "string", "title": "Name", "description": "The name of the source.", "examples": [ "NVD", "National Vulnerability Database", "OSS Index", "VulnDB", "GitHub Advisories" ] } } }, "vulnerability": { "type": "object", "title": "Vulnerability", "description": "Defines a weakness in a component or service that could be exploited or triggered by a threat source.", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "id": { "type": "string", "title": "ID", "description": "The identifier that uniquely identifies the vulnerability.", "examples": [ "CVE-2021-39182", "GHSA-35m5-8cvj-8783", "SNYK-PYTHON-ENROCRYPT-1912876" ] }, "source": { "$ref": "#/definitions/vulnerabilitySource", "description": "The source that published the vulnerability." }, "references": { "type": "array", "title": "References", "description": "Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence.", "items": { "type": "object", "required": [ "id", "source" ], "additionalProperties": false, "properties": { "id": { "type": "string", "title": "ID", "description": "An identifier that uniquely identifies the vulnerability.", "examples": [ "CVE-2021-39182", "GHSA-35m5-8cvj-8783", "SNYK-PYTHON-ENROCRYPT-1912876" ] }, "source": { "$ref": "#/definitions/vulnerabilitySource", "description": "The source that published the vulnerability." } } } }, "ratings": { "type": "array", "title": "Ratings", "description": "List of vulnerability ratings", "items": { "$ref": "#/definitions/rating" } }, "cwes": { "type": "array", "title": "CWEs", "description": "List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. For example 399 (of https://cwe.mitre.org/data/definitions/399.html)", "examples": [399], "items": { "$ref": "#/definitions/cwe" } }, "description": { "type": "string", "title": "Description", "description": "A description of the vulnerability as provided by the source." }, "detail": { "type": "string", "title": "Details", "description": "If available, an in-depth description of the vulnerability as provided by the source organization. Details often include information useful in understanding root cause." }, "recommendation": { "type": "string", "title": "Recommendation", "description": "Recommendations of how the vulnerability can be remediated or mitigated." }, "workaround": { "type": "string", "title": "Workarounds", "description": "A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or impact. Workarounds often involve changes to configuration or deployments." }, "proofOfConcept": { "type": "object", "title": "Proof of Concept", "description": "Evidence used to reproduce the vulnerability.", "properties": { "reproductionSteps": { "type": "string", "title": "Steps to Reproduce", "description": "Precise steps to reproduce the vulnerability." }, "environment": { "type": "string", "title": "Environment", "description": "A description of the environment in which reproduction was possible." }, "supportingMaterial": { "type": "array", "title": "Supporting Material", "description": "Supporting material that helps in reproducing or understanding how reproduction is possible. This may include screenshots, payloads, and PoC exploit code.", "items": { "$ref": "#/definitions/attachment" } } } }, "advisories": { "type": "array", "title": "Advisories", "description": "Published advisories of the vulnerability if provided.", "items": { "$ref": "#/definitions/advisory" } }, "created": { "type": "string", "format": "date-time", "title": "Created", "description": "The date and time (timestamp) when the vulnerability record was created in the vulnerability database." }, "published": { "type": "string", "format": "date-time", "title": "Published", "description": "The date and time (timestamp) when the vulnerability record was first published." }, "updated": { "type": "string", "format": "date-time", "title": "Updated", "description": "The date and time (timestamp) when the vulnerability record was last updated." }, "rejected": { "type": "string", "format": "date-time", "title": "Rejected", "description": "The date and time (timestamp) when the vulnerability record was rejected (if applicable)." }, "credits": { "type": "object", "title": "Credits", "description": "Individuals or organizations credited with the discovery of the vulnerability.", "additionalProperties": false, "properties": { "organizations": { "type": "array", "title": "Organizations", "description": "The organizations credited with vulnerability discovery.", "items": { "$ref": "#/definitions/organizationalEntity" } }, "individuals": { "type": "array", "title": "Individuals", "description": "The individuals, not associated with organizations, that are credited with vulnerability discovery.", "items": { "$ref": "#/definitions/organizationalContact" } } } }, "tools": { "oneOf": [ { "type": "object", "title": "Tools", "description": "The tool(s) used to identify, confirm, or score the vulnerability.", "additionalProperties": false, "properties": { "components": { "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components used as tools" }, "services": { "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services used as tools. This may include microservices, function-as-a-service, and other types of network or intra-process services." } } }, { "type": "array", "title": "Tools (legacy)", "description": "[Deprecated] The tool(s) used to identify, confirm, or score the vulnerability.", "items": {"$ref": "#/definitions/tool"} } ] }, "analysis": { "type": "object", "title": "Impact Analysis", "description": "An assessment of the impact and exploitability of the vulnerability.", "additionalProperties": false, "properties": { "state": { "$ref": "#/definitions/impactAnalysisState" }, "justification": { "$ref": "#/definitions/impactAnalysisJustification" }, "response": { "type": "array", "title": "Response", "description": "A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable.", "items": { "type": "string", "enum": [ "can_not_fix", "will_not_fix", "update", "rollback", "workaround_available" ] } }, "detail": { "type": "string", "title": "Detail", "description": "Detailed description of the impact including methods used during assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability." }, "firstIssued": { "type": "string", "format": "date-time", "title": "First Issued", "description": "The date and time (timestamp) when the analysis was first issued." }, "lastUpdated": { "type": "string", "format": "date-time", "title": "Last Updated", "description": "The date and time (timestamp) when the analysis was last updated." } } }, "affects": { "type": "array", "uniqueItems": true, "items": { "type": "object", "required": [ "ref" ], "additionalProperties": false, "properties": { "ref": { "anyOf": [ { "title": "Ref", "$ref": "#/definitions/refLinkType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ], "title": "Reference", "description": "References a component or service by the objects bom-ref" }, "versions": { "type": "array", "title": "Versions", "description": "Zero or more individual versions or range of versions.", "items": { "type": "object", "oneOf": [ { "required": ["version"] }, { "required": ["range"] } ], "additionalProperties": false, "properties": { "version": { "description": "A single version of a component or service.", "$ref": "#/definitions/version" }, "range": { "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst", "$ref": "#/definitions/range" }, "status": { "description": "The vulnerability status for the version or range of versions.", "$ref": "#/definitions/affectedStatus", "default": "affected" } } } } } }, "title": "Affects", "description": "The components or services that are affected by the vulnerability." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "items": { "$ref": "#/definitions/property" } } } }, "affectedStatus": { "description": "The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.", "type": "string", "enum": [ "affected", "unaffected", "unknown" ] }, "version": { "description": "A single version of a component or service.", "type": "string", "minLength": 1, "maxLength": 1024 }, "range": { "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst", "type": "string", "minLength": 1, "maxLength": 1024 }, "annotations": { "type": "object", "title": "Annotations", "description": "A comment, note, explanation, or similar textual content which provides additional context to the object(s) being annotated.", "required": [ "subjects", "annotator", "timestamp", "text" ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "subjects": { "type": "array", "uniqueItems": true, "items": { "anyOf": [ { "title": "Ref", "$ref": "#/definitions/refLinkType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "title": "BOM References", "description": "The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs." }, "annotator": { "type": "object", "title": "Annotator", "description": "The organization, person, component, or service which created the textual content of the annotation.", "oneOf": [ { "required": [ "organization" ] }, { "required": [ "individual" ] }, { "required": [ "component" ] }, { "required": [ "service" ] } ], "additionalProperties": false, "properties": { "organization": { "description": "The organization that created the annotation", "$ref": "#/definitions/organizationalEntity" }, "individual": { "description": "The person that created the annotation", "$ref": "#/definitions/organizationalContact" }, "component": { "description": "The tool or component that created the annotation", "$ref": "#/definitions/component" }, "service": { "description": "The service that created the annotation", "$ref": "#/definitions/service" } } }, "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The date and time (timestamp) when the annotation was created." }, "text": { "type": "string", "title": "Text", "description": "The textual content of the annotation." }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "modelCard": { "$comment": "Model card support in CycloneDX is derived from TensorFlow Model Card Toolkit released under the Apache 2.0 license and available from https://github.com/tensorflow/model-card-toolkit/blob/main/model_card_toolkit/schema/v0.0.2/model_card.schema.json. In addition, CycloneDX model card support includes portions of VerifyML, also released under the Apache 2.0 license and available from https://github.com/cylynx/verifyml/blob/main/verifyml/model_card_toolkit/schema/v0.0.4/model_card.schema.json.", "type": "object", "title": "Model Card", "description": "A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and MUST NOT be specified for other component types.", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "modelParameters": { "type": "object", "title": "Model Parameters", "description": "Hyper-parameters for construction of the model.", "additionalProperties": false, "properties": { "approach": { "type": "object", "title": "Approach", "description": "The overall approach to learning used by the model for problem solving.", "additionalProperties": false, "properties": { "type": { "type": "string", "title": "Learning Type", "description": "Learning types describing the learning problem or hybrid learning problem.", "enum": [ "supervised", "unsupervised", "reinforcement-learning", "semi-supervised", "self-supervised" ] } } }, "task": { "type": "string", "title": "Task", "description": "Directly influences the input and/or output. Examples include classification, regression, clustering, etc." }, "architectureFamily": { "type": "string", "title": "Architecture Family", "description": "The model architecture family such as transformer network, convolutional neural network, residual neural network, LSTM neural network, etc." }, "modelArchitecture": { "type": "string", "title": "Model Architecture", "description": "The specific architecture of the model such as GPT-1, ResNet-50, YOLOv3, etc." }, "datasets": { "type": "array", "title": "Datasets", "description": "The datasets used to train and evaluate the model.", "items" : { "oneOf" : [ { "title": "Inline Component Data", "$ref": "#/definitions/componentData" }, { "type": "object", "title": "Data Component Reference", "additionalProperties": false, "properties": { "ref": { "anyOf": [ { "title": "Ref", "$ref": "#/definitions/refLinkType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ], "title": "Reference", "description": "References a data component by the components bom-ref attribute" } } } ] } }, "inputs": { "type": "array", "title": "Inputs", "description": "The input format(s) of the model", "items": { "$ref": "#/definitions/inputOutputMLParameters" } }, "outputs": { "type": "array", "title": "Outputs", "description": "The output format(s) from the model", "items": { "$ref": "#/definitions/inputOutputMLParameters" } } } }, "quantitativeAnalysis": { "type": "object", "title": "Quantitative Analysis", "description": "A quantitative analysis of the model", "additionalProperties": false, "properties": { "performanceMetrics": { "type": "array", "title": "Performance Metrics", "description": "The model performance metrics being reported. Examples may include accuracy, F1 score, precision, top-3 error rates, MSC, etc.", "items": { "$ref": "#/definitions/performanceMetric" } }, "graphics": { "$ref": "#/definitions/graphicsCollection" } } }, "considerations": { "type": "object", "title": "Considerations", "description": "What considerations should be taken into account regarding the model's construction, training, and application?", "additionalProperties": false, "properties": { "users": { "type": "array", "title": "Users", "description": "Who are the intended users of the model?", "items": { "type": "string" } }, "useCases": { "type": "array", "title": "Use Cases", "description": "What are the intended use cases of the model?", "items": { "type": "string" } }, "technicalLimitations": { "type": "array", "title": "Technical Limitations", "description": "What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?", "items": { "type": "string" } }, "performanceTradeoffs": { "type": "array", "title": "Performance Tradeoffs", "description": "What are the known tradeoffs in accuracy/performance of the model?", "items": { "type": "string" } }, "ethicalConsiderations": { "type": "array", "title": "Ethical Considerations", "description": "What are the ethical (or environmental) risks involved in the application of this model?", "items": { "$ref": "#/definitions/risk" } }, "fairnessAssessments": { "type": "array", "title": "Fairness Assessments", "description": "How does the model affect groups at risk of being systematically disadvantaged? What are the harms and benefits to the various affected groups?", "items": { "$ref": "#/definitions/fairnessAssessment" } } } }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "items": {"$ref": "#/definitions/property"} } } }, "inputOutputMLParameters": { "type": "object", "title": "Input and Output Parameters", "additionalProperties": false, "properties": { "format": { "description": "The data format for input/output to the model. Example formats include string, image, time-series", "type": "string" } } }, "componentData": { "type": "object", "additionalProperties": false, "required": [ "type" ], "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." }, "type": { "type": "string", "title": "Type of Data", "description": "The general theme or subject matter of the data being specified.\n\n* __source-code__ = Any type of code, code snippet, or data-as-code.\n* __configuration__ = Parameters or settings that may be used by other components.\n* __dataset__ = A collection of data.\n* __definition__ = Data that can be used to create new instances of what the definition defines.\n* __other__ = Any other type of data that does not fit into existing definitions.", "enum": [ "source-code", "configuration", "dataset", "definition", "other" ] }, "name": { "description": "The name of the dataset.", "type": "string" }, "contents": { "type": "object", "title": "Data Contents", "description": "The contents or references to the contents of the data being described.", "additionalProperties": false, "properties": { "attachment": { "title": "Data Attachment", "description": "An optional way to include textual or encoded data.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "Data URL", "description": "The URL to where the data can be retrieved.", "format": "iri-reference" }, "properties": { "type": "array", "title": "Configuration Properties", "description": "Provides the ability to document name-value parameters used for configuration.", "items": { "$ref": "#/definitions/property" } } } }, "classification": { "$ref": "#/definitions/dataClassification" }, "sensitiveData": { "type": "array", "description": "A description of any sensitive data in a dataset.", "items": { "type": "string" } }, "graphics": { "$ref": "#/definitions/graphicsCollection" }, "description": { "description": "A description of the dataset. Can describe size of dataset, whether it's used for source code, training, testing, or validation, etc.", "type": "string" }, "governance": { "type": "object", "title": "Data Governance", "$ref": "#/definitions/dataGovernance" } } }, "dataGovernance": { "type": "object", "title": "Data Governance", "additionalProperties": false, "properties": { "custodians": { "type": "array", "title": "Data Custodians", "description": "Data custodians are responsible for the safe custody, transport, and storage of data.", "items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" } }, "stewards": { "type": "array", "title": "Data Stewards", "description": "Data stewards are responsible for data content, context, and associated business rules.", "items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" } }, "owners": { "type": "array", "title": "Data Owners", "description": "Data owners are concerned with risk and appropriate access to data.", "items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" } } } }, "dataGovernanceResponsibleParty": { "type": "object", "additionalProperties": false, "properties": { "organization": { "title": "Organization", "$ref": "#/definitions/organizationalEntity" }, "contact": { "title": "Individual", "$ref": "#/definitions/organizationalContact" } }, "oneOf":[ { "required": ["organization"] }, { "required": ["contact"] } ] }, "graphicsCollection": { "type": "object", "title": "Graphics Collection", "description": "A collection of graphics that represent various measurements.", "additionalProperties": false, "properties": { "description": { "description": "A description of this collection of graphics.", "type": "string" }, "collection": { "description": "A collection of graphics.", "type": "array", "items": { "$ref": "#/definitions/graphic" } } } }, "graphic": { "type": "object", "additionalProperties": false, "properties": { "name": { "description": "The name of the graphic.", "type": "string" }, "image": { "title": "Graphic Image", "description": "The graphic (vector or raster). Base64 encoding MUST be specified for binary images.", "$ref": "#/definitions/attachment" } } }, "performanceMetric": { "type": "object", "additionalProperties": false, "properties": { "type": { "description": "The type of performance metric.", "type": "string" }, "value": { "description": "The value of the performance metric.", "type": "string" }, "slice": { "description": "The name of the slice this metric was computed on. By default, assume this metric is not sliced.", "type": "string" }, "confidenceInterval": { "description": "The confidence interval of the metric.", "type": "object", "additionalProperties": false, "properties": { "lowerBound": { "description": "The lower bound of the confidence interval.", "type": "string" }, "upperBound": { "description": "The upper bound of the confidence interval.", "type": "string" } } } } }, "risk": { "type": "object", "additionalProperties": false, "properties": { "name": { "description": "The name of the risk.", "type": "string" }, "mitigationStrategy": { "description": "Strategy used to address this risk.", "type": "string" } } }, "fairnessAssessment": { "type": "object", "title": "Fairness Assessment", "description": "Information about the benefits and harms of the model to an identified at risk group.", "additionalProperties": false, "properties": { "groupAtRisk": { "type": "string", "description": "The groups or individuals at risk of being systematically disadvantaged by the model." }, "benefits": { "type": "string", "description": "Expected benefits to the identified groups." }, "harms": { "type": "string", "description": "Expected harms to the identified groups." }, "mitigationStrategy": { "type": "string", "description": "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented." } } }, "dataClassification": { "type": "string", "title": "Data Classification", "description": "Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed." }, "formula": { "title": "Formula", "description": "Describes workflows and resources that captures rules and other aspects of how the associated BOM component or service was formed.", "type": "object", "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", "description": "An optional identifier which can be used to reference the formula elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.", "$ref": "#/definitions/refType" }, "components": { "title": "Components", "description": "Transient components that are used in tasks that constitute one or more of this formula's workflows", "type": "array", "items": { "$ref": "#/definitions/component" }, "uniqueItems": true }, "services": { "title": "Services", "description": "Transient services that are used in tasks that constitute one or more of this formula's workflows", "type": "array", "items": { "$ref": "#/definitions/service" }, "uniqueItems": true }, "workflows": { "title": "Workflows", "description": "List of workflows that can be declared to accomplish specific orchestrated goals and independently triggered.", "$comment": "Different workflows can be designed to work together to perform end-to-end CI/CD builds and deployments.", "type": "array", "items": { "$ref": "#/definitions/workflow" }, "uniqueItems": true }, "properties": { "type": "array", "title": "Properties", "items": { "$ref": "#/definitions/property" } } } }, "workflow": { "title": "Workflow", "description": "A specialized orchestration task.", "$comment": "Workflow are as task themselves and can trigger other workflow tasks. These relationships can be modeled in the taskDependencies graph.", "type": "object", "required": [ "bom-ref", "uid", "taskTypes" ], "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", "description": "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.", "$ref": "#/definitions/refType" }, "uid": { "title": "Unique Identifier (UID)", "description": "The unique identifier for the resource instance within its deployment context.", "type": "string" }, "name": { "title": "Name", "description": "The name of the resource instance.", "type": "string" }, "description": { "title": "Description", "description": "A description of the resource instance.", "type": "string" }, "resourceReferences": { "title": "Resource references", "description": "References to component or service resources that are used to realize the resource instance.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/resourceReferenceChoice" } }, "tasks": { "title": "Tasks", "description": "The tasks that comprise the workflow.", "$comment": "Note that tasks can appear more than once as different instances (by name or UID).", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/task" } }, "taskDependencies": { "title": "Task dependency graph", "description": "The graph of dependencies between tasks within the workflow.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/dependency" } }, "taskTypes": { "title": "Task types", "description": "Indicates the types of activities performed by the set of workflow tasks.", "$comment": "Currently, these types reflect common CI/CD actions.", "type": "array", "items": { "$ref": "#/definitions/taskType" } }, "trigger": { "title": "Trigger", "description": "The trigger that initiated the task.", "$ref": "#/definitions/trigger" }, "steps": { "title": "Steps", "description": "The sequence of steps for the task.", "type": "array", "items": { "$ref": "#/definitions/step" }, "uniqueItems": true }, "inputs": { "title": "Inputs", "description": "Represents resources and data brought into a task at runtime by executor or task commands", "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], "type": "array", "items": { "$ref": "#/definitions/inputType" }, "uniqueItems": true }, "outputs": { "title": "Outputs", "description": "Represents resources and data output from a task at runtime by executor or task commands", "examples": ["a log file or metrics data produced by the task"], "type": "array", "items": { "$ref": "#/definitions/outputType" }, "uniqueItems": true }, "timeStart": { "title": "Time start", "description": "The date and time (timestamp) when the task started.", "type": "string", "format": "date-time" }, "timeEnd": { "title": "Time end", "description": "The date and time (timestamp) when the task ended.", "type": "string", "format": "date-time" }, "workspaces": { "title": "Workspaces", "description": "A set of named filesystem or data resource shareable by workflow tasks.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/workspace" } }, "runtimeTopology": { "title": "Runtime topology", "description": "A graph of the component runtime topology for workflow's instance.", "$comment": "A description of the runtime component and service topology. This can describe a partial or complete topology used to host and execute the task (e.g., hardware, operating systems, configurations, etc.),", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/dependency" } }, "properties": { "type": "array", "title": "Properties", "items": { "$ref": "#/definitions/property" } } } }, "task": { "title": "Task", "description": "Describes the inputs, sequence of steps and resources used to accomplish a task and its output.", "$comment": "Tasks are building blocks for constructing assemble CI/CD workflows or pipelines.", "type": "object", "required": [ "bom-ref", "uid", "taskTypes" ], "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", "description": "An optional identifier which can be used to reference the task elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.", "$ref": "#/definitions/refType" }, "uid": { "title": "Unique Identifier (UID)", "description": "The unique identifier for the resource instance within its deployment context.", "type": "string" }, "name": { "title": "Name", "description": "The name of the resource instance.", "type": "string" }, "description": { "title": "Description", "description": "A description of the resource instance.", "type": "string" }, "resourceReferences": { "title": "Resource references", "description": "References to component or service resources that are used to realize the resource instance.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/resourceReferenceChoice" } }, "taskTypes": { "title": "Task types", "description": "Indicates the types of activities performed by the set of workflow tasks.", "$comment": "Currently, these types reflect common CI/CD actions.", "type": "array", "items": { "$ref": "#/definitions/taskType" } }, "trigger": { "title": "Trigger", "description": "The trigger that initiated the task.", "$ref": "#/definitions/trigger" }, "steps": { "title": "Steps", "description": "The sequence of steps for the task.", "type": "array", "items": { "$ref": "#/definitions/step" }, "uniqueItems": true }, "inputs": { "title": "Inputs", "description": "Represents resources and data brought into a task at runtime by executor or task commands", "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], "type": "array", "items": { "$ref": "#/definitions/inputType" }, "uniqueItems": true }, "outputs": { "title": "Outputs", "description": "Represents resources and data output from a task at runtime by executor or task commands", "examples": ["a log file or metrics data produced by the task"], "type": "array", "items": { "$ref": "#/definitions/outputType" }, "uniqueItems": true }, "timeStart": { "title": "Time start", "description": "The date and time (timestamp) when the task started.", "type": "string", "format": "date-time" }, "timeEnd": { "title": "Time end", "description": "The date and time (timestamp) when the task ended.", "type": "string", "format": "date-time" }, "workspaces": { "title": "Workspaces", "description": "A set of named filesystem or data resource shareable by workflow tasks.", "type": "array", "items": { "$ref": "#/definitions/workspace" }, "uniqueItems": true }, "runtimeTopology": { "title": "Runtime topology", "description": "A graph of the component runtime topology for task's instance.", "$comment": "A description of the runtime component and service topology. This can describe a partial or complete topology used to host and execute the task (e.g., hardware, operating systems, configurations, etc.),", "type": "array", "items": { "$ref": "#/definitions/dependency" }, "uniqueItems": true }, "properties": { "type": "array", "title": "Properties", "items": { "$ref": "#/definitions/property" } } } }, "step": { "type": "object", "description": "Executes specific commands or tools in order to accomplish its owning task as part of a sequence.", "additionalProperties": false, "properties": { "name": { "title": "Name", "description": "A name for the step.", "type": "string" }, "description": { "title": "Description", "description": "A description of the step.", "type": "string" }, "commands": { "title": "Commands", "description": "Ordered list of commands or directives for the step", "type": "array", "items": { "$ref": "#/definitions/command" } }, "properties": { "type": "array", "title": "Properties", "items": { "$ref": "#/definitions/property" } } } }, "command": { "type": "object", "additionalProperties": false, "properties": { "executed": { "title": "Executed", "description": "A text representation of the executed command.", "type": "string" }, "properties": { "type": "array", "title": "Properties", "items": { "$ref": "#/definitions/property" } } } }, "workspace": { "title": "Workspace", "description": "A named filesystem or data resource shareable by workflow tasks.", "type": "object", "required": [ "bom-ref", "uid" ], "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", "description": "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.", "$ref": "#/definitions/refType" }, "uid": { "title": "Unique Identifier (UID)", "description": "The unique identifier for the resource instance within its deployment context.", "type": "string" }, "name": { "title": "Name", "description": "The name of the resource instance.", "type": "string" }, "aliases": { "title": "Aliases", "description": "The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping so other tasks can use their own local name in their steps.", "type": "array", "items": {"type": "string"} }, "description": { "title": "Description", "description": "A description of the resource instance.", "type": "string" }, "resourceReferences": { "title": "Resource references", "description": "References to component or service resources that are used to realize the resource instance.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/resourceReferenceChoice" } }, "accessMode": { "title": "Access mode", "description": "Describes the read-write access control for the workspace relative to the owning resource instance.", "type": "string", "enum": [ "read-only", "read-write", "read-write-once", "write-once", "write-only" ] }, "mountPath": { "title": "Mount path", "description": "A path to a location on disk where the workspace will be available to the associated task's steps.", "type": "string" }, "managedDataType": { "title": "Managed data type", "description": "The name of a domain-specific data type the workspace represents.", "$comment": "This property is for CI/CD frameworks that are able to provide access to structured, managed data at a more granular level than a filesystem.", "examples": ["ConfigMap","Secret"], "type": "string" }, "volumeRequest": { "title": "Volume request", "description": "Identifies the reference to the request for a specific volume type and parameters.", "examples": ["a kubernetes Persistent Volume Claim (PVC) name"], "type": "string" }, "volume": { "title": "Volume", "description": "Information about the actual volume instance allocated to the workspace.", "$comment": "The actual volume allocated may be different than the request.", "examples": ["see https://kubernetes.io/docs/concepts/storage/persistent-volumes/"], "$ref": "#/definitions/volume" }, "properties": { "type": "array", "title": "Properties", "items": { "$ref": "#/definitions/property" } } } }, "volume": { "title": "Volume", "description": "An identifiable, logical unit of data storage tied to a physical device.", "type": "object", "additionalProperties": false, "properties": { "uid": { "title": "Unique Identifier (UID)", "description": "The unique identifier for the volume instance within its deployment context.", "type": "string" }, "name": { "title": "Name", "description": "The name of the volume instance", "type": "string" }, "mode": { "title": "Mode", "description": "The mode for the volume instance.", "type": "string", "enum": [ "filesystem", "block" ], "default": "filesystem" }, "path": { "title": "Path", "description": "The underlying path created from the actual volume.", "type": "string" }, "sizeAllocated": { "title": "Size allocated", "description": "The allocated size of the volume accessible to the associated workspace. This should include the scalar size as well as IEC standard unit in either decimal or binary form.", "examples": ["10GB", "2Ti", "1Pi"], "type": "string" }, "persistent": { "title": "Persistent", "description": "Indicates if the volume persists beyond the life of the resource it is associated with.", "type": "boolean" }, "remote": { "title": "Remote", "description": "Indicates if the volume is remotely (i.e., network) attached.", "type": "boolean" }, "properties": { "type": "array", "title": "Properties", "items": { "$ref": "#/definitions/property" } } } }, "trigger": { "title": "Trigger", "description": "Represents a resource that can conditionally activate (or fire) tasks based upon associated events and their data.", "type": "object", "additionalProperties": false, "required": [ "type", "bom-ref", "uid" ], "properties": { "bom-ref": { "title": "BOM Reference", "description": "An optional identifier which can be used to reference the trigger elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.", "$ref": "#/definitions/refType" }, "uid": { "title": "Unique Identifier (UID)", "description": "The unique identifier for the resource instance within its deployment context.", "type": "string" }, "name": { "title": "Name", "description": "The name of the resource instance.", "type": "string" }, "description": { "title": "Description", "description": "A description of the resource instance.", "type": "string" }, "resourceReferences": { "title": "Resource references", "description": "References to component or service resources that are used to realize the resource instance.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/resourceReferenceChoice" } }, "type": { "title": "Type", "description": "The source type of event which caused the trigger to fire.", "type": "string", "enum": [ "manual", "api", "webhook", "scheduled" ] }, "event": { "title": "Event", "description": "The event data that caused the associated trigger to activate.", "$ref": "#/definitions/event" }, "conditions": { "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/condition" } }, "timeActivated": { "title": "Time activated", "description": "The date and time (timestamp) when the trigger was activated.", "type": "string", "format": "date-time" }, "inputs": { "title": "Inputs", "description": "Represents resources and data brought into a task at runtime by executor or task commands", "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], "type": "array", "items": { "$ref": "#/definitions/inputType" }, "uniqueItems": true }, "outputs": { "title": "Outputs", "description": "Represents resources and data output from a task at runtime by executor or task commands", "examples": ["a log file or metrics data produced by the task"], "type": "array", "items": { "$ref": "#/definitions/outputType" }, "uniqueItems": true }, "properties": { "type": "array", "title": "Properties", "items": { "$ref": "#/definitions/property" } } } }, "event": { "title": "Event", "description": "Represents something that happened that may trigger a response.", "type": "object", "additionalProperties": false, "properties": { "uid": { "title": "Unique Identifier (UID)", "description": "The unique identifier of the event.", "type": "string" }, "description": { "title": "Description", "description": "A description of the event.", "type": "string" }, "timeReceived": { "title": "Time Received", "description": "The date and time (timestamp) when the event was received.", "type": "string", "format": "date-time" }, "data": { "title": "Data", "description": "Encoding of the raw event data.", "$ref": "#/definitions/attachment" }, "source": { "title": "Source", "description": "References the component or service that was the source of the event", "$ref": "#/definitions/resourceReferenceChoice" }, "target": { "title": "Target", "description": "References the component or service that was the target of the event", "$ref": "#/definitions/resourceReferenceChoice" }, "properties": { "type": "array", "title": "Properties", "items": { "$ref": "#/definitions/property" } } } }, "inputType": { "title": "Input type", "description": "Type that represents various input data types and formats.", "type": "object", "oneOf": [ { "required": [ "resource" ] }, { "required": [ "parameters" ] }, { "required": [ "environmentVars" ] }, { "required": [ "data" ] } ], "additionalProperties": false, "properties": { "source": { "title": "Source", "description": "A references to the component or service that provided the input to the task (e.g., reference to a service with data flow value of `inbound`)", "examples": [ "source code repository", "database" ], "$ref": "#/definitions/resourceReferenceChoice" }, "target": { "title": "Target", "description": "A reference to the component or service that received or stored the input if not the task itself (e.g., a local, named storage workspace)", "examples": [ "workspace", "directory" ], "$ref": "#/definitions/resourceReferenceChoice" }, "resource": { "title": "Resource", "description": "A reference to an independent resource provided as an input to a task by the workflow runtime.", "examples": [ "reference to a configuration file in a repository (i.e., a bom-ref)", "reference to a scanning service used in a task (i.e., a bom-ref)" ], "$ref": "#/definitions/resourceReferenceChoice" }, "parameters": { "title": "Parameters", "description": "Inputs that have the form of parameters with names and values.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/parameter" } }, "environmentVars": { "title": "Environment variables", "description": "Inputs that have the form of parameters with names and values.", "type": "array", "uniqueItems": true, "items": { "oneOf": [ { "$ref": "#/definitions/property" }, { "type": "string" } ] } }, "data": { "title": "Data", "description": "Inputs that have the form of data.", "$ref": "#/definitions/attachment" }, "properties": { "type": "array", "title": "Properties", "items": { "$ref": "#/definitions/property" } } } }, "outputType": { "type": "object", "oneOf": [ { "required": [ "resource" ] }, { "required": [ "environmentVars" ] }, { "required": [ "data" ] } ], "additionalProperties": false, "properties": { "type": { "title": "Type", "description": "Describes the type of data output.", "type": "string", "enum": [ "artifact", "attestation", "log", "evidence", "metrics", "other" ] }, "source": { "title": "Source", "description": "Component or service that generated or provided the output from the task (e.g., a build tool)", "$ref": "#/definitions/resourceReferenceChoice" }, "target": { "title": "Target", "description": "Component or service that received the output from the task (e.g., reference to an artifactory service with data flow value of `outbound`)", "examples": ["a log file described as an `externalReference` within its target domain."], "$ref": "#/definitions/resourceReferenceChoice" }, "resource": { "title": "Resource", "description": "A reference to an independent resource generated as output by the task.", "examples": [ "configuration file", "source code", "scanning service" ], "$ref": "#/definitions/resourceReferenceChoice" }, "data": { "title": "Data", "description": "Outputs that have the form of data.", "$ref": "#/definitions/attachment" }, "environmentVars": { "title": "Environment variables", "description": "Outputs that have the form of environment variables.", "type": "array", "items": { "oneOf": [ { "$ref": "#/definitions/property" }, { "type": "string" } ] }, "uniqueItems": true }, "properties": { "type": "array", "title": "Properties", "items": { "$ref": "#/definitions/property" } } } }, "resourceReferenceChoice": { "title": "Resource reference choice", "description": "A reference to a locally defined resource (e.g., a bom-ref) or an externally accessible resource.", "$comment": "Enables reference to a resource that participates in a workflow; using either internal (bom-ref) or external (externalReference) types.", "type": "object", "additionalProperties": false, "properties": { "ref": { "title": "BOM Reference", "description": "References an object by its bom-ref attribute", "anyOf": [ { "title": "Ref", "$ref": "#/definitions/refLinkType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "externalReference": { "title": "External reference", "description": "Reference to an externally accessible resource.", "$ref": "#/definitions/externalReference" } }, "oneOf": [ { "required": [ "ref" ] }, { "required": [ "externalReference" ] } ] }, "condition": { "title": "Condition", "description": "A condition that was used to determine a trigger should be activated.", "type": "object", "additionalProperties": false, "properties": { "description": { "title": "Description", "description": "Describes the set of conditions which cause the trigger to activate.", "type": "string" }, "expression": { "title": "Expression", "description": "The logical expression that was evaluated that determined the trigger should be fired.", "type": "string" }, "properties": { "type": "array", "title": "Properties", "items": { "$ref": "#/definitions/property" } } } }, "taskType": { "type": "string", "enum": [ "copy", "clone", "lint", "scan", "merge", "build", "test", "deliver", "deploy", "release", "clean", "other" ] }, "parameter": { "title": "Parameter", "description": "A representation of a functional parameter.", "type": "object", "additionalProperties": false, "properties": { "name": { "title": "Name", "description": "The name of the parameter.", "type": "string" }, "value": { "title": "Value", "description": "The value of the parameter.", "type": "string" }, "dataType": { "title": "Data type", "description": "The data type of the parameter.", "type": "string" } } }, "signature": { "$ref": "jsf-0.82.SNAPSHOT.schema.json#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } } cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.5.SNAPSHOT.xsd000066400000000000000000011407751476011761300250350ustar00rootroot00000000000000 CycloneDX Software Bill of Materials Standard https://cyclonedx.org/ Apache License, Version 2.0 Identifier for referable and therefore interlink-able elements. Descriptor for an element identified by the attribute "bom-ref" in the same BOM document. In contrast to `bomLinkElementType`. Descriptor for another BOM document. See https://cyclonedx.org/capabilities/bomlink/ Descriptor for an element in another BOM document. See https://cyclonedx.org/capabilities/bomlink/ The date and time (timestamp) when the BOM was created. The product lifecycle(s) that this BOM represents. A pre-defined phase in the product lifecycle. The name of the lifecycle phase The description of the lifecycle phase The tool(s) used in the creation of the BOM. DEPRECATED. Use tools\components or tools\services instead. A list of software and hardware components used as tools. A list of services used as tools. The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors. The component that the BOM describes. The organization that manufactured the component that the BOM describes. The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. BOM produced early in the development lifecycle containing inventory of components and services that are proposed or planned to be used. The inventory may need to be procured, retrieved, or resourced prior to use. BOM consisting of information obtained prior to a build process and may contain source files and development artifacts and manifests. The inventory may need to be resolved and retrieved prior to use. BOM consisting of information obtained during a build process where component inventory is available for use. The precise versions of resolved components are usually available at this time as well as the provenance of where the components were retrieved from. BOM consisting of information obtained after a build process has completed and the resulting components(s) are available for further analysis. Built components may exist as the result of a CI/CD process, may have been installed or deployed to a system or device, and may need to be retrieved or extracted from the system or device. BOM produced that represents inventory that is running and operational. This may include staging or production environments and will generally encompass multiple SBOMs describing the applications and operating system, along with HBOMs describing the hardware that makes up the system. Operations Bill of Materials (OBOM) can provide full-stack inventory of runtime environments, configurations, and additional dependencies. BOM consisting of information observed through network discovery providing point-in-time enumeration of embedded, on-premise, and cloud-native services such as server applications, connected devices, microservices, and serverless functions. BOM containing inventory that will be, or has been retired from operations. The name of the organization The URL of the organization. Multiple URLs are allowed. A contact person at the organization. Multiple contacts are allowed. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the object elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Information about the automated or manual tool used The name of the vendor who created the tool The name of the tool The version of the tool Provides the ability to document external references related to the tool. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The name of the contact The email address of the contact. The phone number of the contact. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the object elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager. The person(s) or organization(s) that authored the component The person(s) or organization(s) that published the component The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org. The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery The component version. The version should ideally comply with semantic versioning but is not enforced. Specifies a description for the component Specifies the scope of the component. If scope is not specified, 'required' scope SHOULD be assumed by the consumer of the BOM. A copyright notice informing users of the underlying claims to copyright ownership in a published work. Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See https://nvd.nist.gov/products/cpe Specifies the package-url (purl). The purl, if specified, MUST be valid and conform to the specification defined at: https://github.com/package-url/purl-spec Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating if the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original. Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Provides the ability to document external references related to the component or to the project the component describes. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. Allows any undeclared elements as long as the elements are placed in a different namespace. Provides the ability to document evidence collected through various forms of extraction or analysis. Specifies optional release notes. A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and MUST NOT be specified for other component types. This object SHOULD be specified for any component of type `data` and MUST NOT be specified for other component types. Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component. The OPTIONAL mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type. An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. A valid SPDX license ID If SPDX does not define the license used, this field may be used to provide the license name Specifies the optional full text of the attachment The URL to the attachment file. If the attachment is a license or BOM, an externalReference should also be specified for completeness. Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata License identifiers that may be used to manage licenses and their lifecycle The individual or organization that grants a license to another individual or organization The organization that granted the license The individual, not associated with an organization, that granted the license The individual or organization for which a license was granted to The organization that was granted the license The individual, not associated with an organization, that was granted the license The individual or organization that purchased the license The organization that purchased the license The individual, not associated with an organization, that purchased the license The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase The type of license(s) that was granted to the licensee The timestamp indicating when the license was last renewed. For new purchases, this is often the purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of when the license was last renewed. The timestamp indicating when the current license expires (if applicable). Allows any undeclared elements as long as the elements are placed in a different namespace. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the license elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text. Specifies the content type of the text. Defaults to text/plain if not specified. Specifies the optional encoding the text is represented in Specifies the file hash of the component Specifies the algorithm used to create the hash The component is required for runtime The component is optional at runtime. Optional components are components that are not capable of being called due to them not be installed or otherwise accessible by any means. Components that are installed but due to configuration or other restrictions are prohibited from being called must be scoped as 'required'. Components that are excluded provide the ability to document component usage for test and other non-runtime purposes. Excluded components are not reachable within a call graph at runtime. A software application. Refer to https://en.wikipedia.org/wiki/Application_software for information about applications. A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework for information on how frameworks vary slightly from libraries. A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended. A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms. A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to https://en.wikipedia.org/wiki/Operating_system A hardware device such as a processor, or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device. See also the list of known device properties: https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md A special type of software that operates or controls a particular type of device. Refer to https://en.wikipedia.org/wiki/Device_driver A special type of software that provides low-level control over a devices hardware. Refer to https://en.wikipedia.org/wiki/Firmware A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file for information about files. A model based on training data that can make predictions or decisions without being explicitly programmed to do so. A collection of discrete values that convey information. A license that grants use of software solely for the purpose of education or research. A license covering use of software embedded in a specific piece of hardware. A Client Access License (CAL) allows client computers to access services provided by server software. A Concurrent User license (aka floating license) limits the number of licenses for a software application and licenses are shared among a larger number of users. A license where the core of a computer's processor is assigned a specific number of points. A license for which consumption is measured by non-standard metrics. A license that covers a defined number of installations on computers and other types of devices. A license that grants permission to install and use software for trial purposes. A license that grants access to the software to one or more pre-defined users. A license that grants access to the software on one or more pre-defined computers or devices. An Original Equipment Manufacturer license that is delivered with hardware, cannot be transferred to other hardware, and is valid for the life of the hardware. A license where the software is sold on a one-time basis and the licensee can use a copy of the software indefinitely. A license where each installation consumes points per processor. A license where the licensee pays a fee to use the software or service. A license that grants access to the software or service by a specified number of users. Another license type. Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. Refer to https://nvd.nist.gov/products/cpe for official specification. Specifies the full content of the SWID tag. The URL to the SWID file. Allows any undeclared elements as long as the elements are placed in a different namespace. Maps to the tagId of a SoftwareIdentity. Maps to the name of a SoftwareIdentity. Maps to the version of a SoftwareIdentity. Maps to the tagVersion of a SoftwareIdentity. Maps to the patch of a SoftwareIdentity. Defines a string representation of a UUID conforming to RFC 4122. Version Control System Issue or defect tracking system, or an Application Lifecycle Management (ALM) system Website Security advisories Bill-of-materials (SBOM, OBOM, HBOM, SaaSBOM, etc) Mailing list or discussion group Social media account Real-time chat platform Documentation, guides, or how-to instructions Community or commercial support Direct or repository download location The location where a component was published to. This is often the same as "distribution" but may also include specialized publishing processes that act as an intermediary The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) URL to an automated build system URL to release notes Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501]) that specifies the records containing DNS Security TXT. A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency. A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations. Parameters or settings that may be used by other components or services. Information used to substantiate a claim. Describes how a component or service was manufactured or deployed. Human or machine-readable statements containing facts, evidence, or testimony An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format The defined assumptions, goals, and capabilities of an adversary. Identifies and analyzes the potential of future events that may negatively impact individuals, assets, and/or the environment. Risk assessments may also include judgments on the tolerability of each risk. A Vulnerability Disclosure Report (VDR) which asserts the known and previously unknown vulnerabilities that affect a component, service, or product including the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on a component, service, or product. A Vulnerability Exploitability eXchange (VEX) which asserts the known vulnerabilities that do not affect a product, product family, or organization, and optionally the ones that do. The VEX should include the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on the product, product family, or organization. Results from an authorized simulated cyberattack on a component or service, otherwise known as a penetration test SARIF or proprietary machine or human-readable report for which static analysis has identified code quality, security, and other potential issues with the source code Dynamic analysis report that has identified issues such as vulnerabilities and misconfigurations Report generated by analyzing the call stack of a running application Report generated by Software Composition Analysis (SCA), container analysis, or other forms of component analysis Report containing a formal assessment of an organization, business unit, or team against a maturity model Industry, regulatory, or other certification from an accredited (if applicable) certification body Report or system in which quality metrics can be obtained Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC) Plans of Action and Milestones (POAM) compliment an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones". Use this if no other types accurately describe the purpose of the external reference External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM. Zero or more external references can be defined The URI (URL or URN) to the external reference. External references are URIs and therefore can accept any URL scheme including https, mailto, tel, and dns. External references may also include formally registered URNs such as CycloneDX BOM-Link to reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external references into relationships that can be expressed in a BOM or across BOMs. Refer to: https://cyclonedx.org/capabilities/bomlink/ An optional comment describing the external reference Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the "other" type. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Zero or more commits can be specified. Specifies an individual commit. Allows any undeclared elements as long as the elements are placed in a different namespace. A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes. The URL to the commit. This URL will typically point to a commit in a version control system. The author who created the changes in the commit The person who committed or pushed the commit The text description of the contents of the commit Allows any undeclared elements as long as the elements are placed in a different namespace. Zero or more patches can be specified. Specifies an individual patch. Allows any undeclared elements as long as the elements are placed in a different namespace. The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality A patch which is not developed by the creators or maintainers of the software being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch A patch which dynamically modifies runtime behavior. Refer to https://en.wikipedia.org/wiki/Monkey_patch A patch which takes code from a newer version of software and applies it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting A patch created by selectively applying commits from other versions or branches of the same software. A fault, flaw, or bug in software A new feature or behavior in software A special type of defect which impacts security Specifies the optional text of the diff Specifies the URL to the diff Allows any undeclared elements as long as the elements are placed in a different namespace. An individual issue that has been resolved. The identifier of the issue assigned by the source of the issue The name of the issue A description of the issue The source of the issue where it is documented. The name of the source. For example "National Vulnerability Database", "NVD", and "Apache" The url of the issue documentation as provided by the source Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the type of issue The timestamp in which the action occurred The name of the individual who performed the action The email address of the individual who performed the action Allows any undeclared elements as long as the elements are placed in a different namespace. Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known. Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from. Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component. Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor. A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant. A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits. Notes, observations, and other non-structured commentary describing the components pedigree. Allows any undeclared elements as long as the elements are placed in a different namespace. References a component or service by its bom-ref attribute User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Defines the direct dependencies of a component or service. Components or services that do not have their own dependencies MUST be declared as empty elements within the graph. Components or services that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a object being dependency-free. It is RECOMMENDED to leverage compositions to indicate unknown dependency graphs. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The organization that provides the service. The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided. The name of the service. This will often be a shortened, single name of the service. The service version. Specifies a description for the service. A service endpoint URI. A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication. A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed. The name of the trust zone the service resides in. DEPRECATED: Specifies the data classification. THIS FIELD IS DEPRECATED AS OF v1.5. Use dataflow\classification instead Specifies the data classification. Specifies the data classification. The URI, URL, or BOM-Link of the components or services the data came in from. The URI, URL, or BOM-Link of the components or services the data is sent to. Name for the defined data. Short description of the data content and usage. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Provides the ability to document external references related to the service. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. A list of services included or deployed behind the parent service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies. Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies optional release notes. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the service elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies the data classification. Specifies the flow direction of the data. Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known. A valid SPDX license expression. Refer to https://spdx.org/specifications for syntax requirements An optional identifier which can be used to reference the license elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. Evidence that substantiates the identity of a component. The identity field of the component which the evidence describes. The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence. The methods used to extract and/or analyze the evidence. The technique used in this method of analysis. The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is specific to the technique used. Each technique of analysis can have independent confidence. The value or contents of the evidence. The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs. Tools used for analysis should already be defined in the BOM, either in the metadata/tools, components, or formulation. Evidence of individual instances of a component spread across multiple locations. The location or path to where the component was found. An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. Evidence of the components use through the callstack. A package organizes modules into namespaces, providing a unique namespace for each type it contains. A module or class that encloses functions/methods and other code. A block of code designed to perform a particular task. Optional arguments that are passed to the module or function. The line number the code that is called resides on. The column the code that is called resides. The full path and filename of the module. The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs. Tools used for analysis should already be defined in the BOM, either in the metadata/tools, components, or formulation. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies an aggregate type that describe how complete a relationship is. The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only. Allows any undeclared elements as long as the elements are placed in a different namespace. The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only. Allows any undeclared elements as long as the elements are placed in a different namespace. The bom-ref identifiers of the vulnerabilities being described. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the composition elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist. The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. The relationship completeness is not specified. Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code MUST be lower case. If the country code is specified, the country code MUST be upper case. The language code and country code MUST be separated by a minus sign. Examples: en, en-US, fr, fr-CA The software versioning type. It is RECOMMENDED that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged. * major = A major release may contain significant changes or may introduce breaking changes. * minor = A minor release, also known as an update, may contain a smaller number of changes than major releases. * patch = Patch releases are typically unplanned and may resolve defects or important security issues. * pre-release = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability. * internal = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it. The title of the release. The URL to an image that may be prominently displayed with the release note. The URL to an image that may be used in messaging on social media platforms. A short description of the release. The date and time (timestamp) when the release note was created. One or more alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names). One or more tags that may aid in search or retrieval of the release note. A collection of issues that have been resolved. Zero or more release notes containing the locale and content. Multiple note elements may be specified to support release notes in a wide variety of languages. The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. Examples include: "en", "en-US", "fr" and "fr-CA". Specifies the full content of the release note. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and MUST NOT be specified for other component types. Hyper-parameters for construction of the model. The overall approach to learning used by the model for problem solving. Learning types describing the learning problem or hybrid learning problem. Directly influences the input and/or output. Examples include classification, regression, clustering, etc. The model architecture family such as transformer network, convolutional neural network, residual neural network, LSTM neural network, etc. The specific architecture of the model such as GPT-1, ResNet-50, YOLOv3, etc. The datasets used to train and evaluate the model. References a data component by the components bom-ref attribute The input format(s) of the model The data format for input to the model. Example formats include string, image, time-series The output format(s) from the model The data format for output from the model. Example formats include string, image, time-series A quantitative analysis of the model The type of performance metric. The value of the performance metric. The name of the slice this metric was computed on. By default, assume this metric is not sliced. The confidence interval of the metric. The lower bound of the confidence interval. The upper bound of the confidence interval. A collection of graphics that represent various measurements A description of this collection of graphics. A collection of graphics. The name of the graphic. The graphic (vector or raster). Base64 encoding MUST be specified for binary images. What considerations should be taken into account regarding the model's construction, training, and application? Who are the intended users of the model? What are the intended use cases of the model? What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance? What are the known tradeoffs in accuracy/performance of the model? What are the ethical (or environmental) risks involved in the application of this model? The name of the risk Strategy used to address this risk How does the model affect groups at risk of being systematically disadvantaged? What are the harms and benefits to the various affected groups? The groups or individuals at risk of being systematically disadvantaged by the model. Expected benefits to the identified groups. Expected harms to the identified groups. With respect to the benefits and harms outlined, please describe any mitigation strategy implemented. An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. TODO TODO TODO TODO TODO The general theme or subject matter of the data being specified. The name of the dataset. The contents or references to the contents of the data being described. An optional way to include textual or encoded data. The URL to where the data can be retrieved. Provides the ability to document name-value parameters used for configuration. Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed. A description of any sensitive data in a dataset. A collection of graphics that represent various measurements. A description of the dataset. Can describe size of dataset, whether it's used for source code, training, testing, or validation, etc. An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. Data custodians are responsible for the safe custody, transport, and storage of data. Data stewards are responsible for data content, context, and associated business rules. Data owners are concerned with risk and appropriate access to data. A collection of graphics that represent various measurements. A description of this collection of graphics. A collection of graphics. The name of the graphic. The graphic (vector or raster). Base64 encoding MUST be specified for binary images. Any type of code, code snippet, or data-as-code. Parameters or settings that may be used by other components. A collection of data. Data that can be used to create new instances of what the definition defines. Any other type of data that does not fit into existing definitions. References a component or service by its bom-ref attribute User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies an individual property with a name and value. The name of the property. Duplicate names are allowed, each potentially having a different value. Defines a weakness in a component or service that could be exploited or triggered by a threat source. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The identifier that uniquely identifies the vulnerability. For example: CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. The source that published the vulnerability. Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence. A pointer to a vulnerability that is the equivalent of the vulnerability specified. The identifier that uniquely identifies the vulnerability. For example: CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. The source that published the vulnerability. Allows any undeclared elements as long as the elements are placed in a different namespace. List of vulnerability ratings. List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. For example 399 (of https://cwe.mitre.org/data/definitions/399.html) A description of the vulnerability as provided by the source. If available, an in-depth description of the vulnerability as provided by the source organization. Details often include information useful in understanding root cause. Recommendations of how the vulnerability can be remediated or mitigated. A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or impact. Workarounds often involve changes to configuration or deployments. Evidence used to reproduce the vulnerability. Precise steps to reproduce the vulnerability. A description of the environment in which reproduction was possible. Supporting material that helps in reproducing or understanding how reproduction is possible. This may include screenshots, payloads, and PoC exploit code. Published advisories of the vulnerability if provided. The date and time (timestamp) when the vulnerability record was created in the vulnerability database. The date and time (timestamp) when the vulnerability record was first published. The date and time (timestamp) when the vulnerability record was last updated. The date and time (timestamp) when the vulnerability record was rejected (if applicable). Individuals or organizations credited with the discovery of the vulnerability. The organizations credited with vulnerability discovery. The individuals, not associated with organizations, that are credited with vulnerability discovery. The tool(s) used to identify, confirm, or score the vulnerability. DEPRECATED. Use tools\components or tools\services instead. A list of software and hardware components used as tools. A list of services used as tools. An assessment of the impact and exploitability of the vulnerability. Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. The rationale of why the impact analysis state was asserted. A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable. Detailed description of the impact including methods used during assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability. The date and time (timestamp) when the analysis was first issued. The date and time (timestamp) when the analysis was last updated. The components or services that are affected by the vulnerability. References a component or service by the objects bom-ref. Zero or more individual versions or range of versions. A single version of a component or service. A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst The vulnerability status for the version or range of versions. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. The name of the source. For example: NVD, National Vulnerability Database, OSS Index, VulnDB, and GitHub Advisories The url of the vulnerability documentation as provided by the source. For example: https://nvd.nist.gov/vuln/detail/CVE-2021-39182 The source that calculated the severity or risk rating of the vulnerability. The numerical score of the rating. Textual representation of the severity that corresponds to the numerical score of the rating. The risk scoring methodology/standard used. Textual representation of the metric values used to score the vulnerability. An optional reason for rating the vulnerability as it was. An optional name of the advisory. Location where the advisory can be obtained. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The organization that created the annotation The person that created the annotation The tool or component that created the annotation The service that created the annotation The objects in the BOM identified by their bom-ref's. This is often components or services, but may be any object type supporting bom-refs. Allows any undeclared elements as long as the elements are placed in a different namespace. The organization, individual, component, or service which created the textual content of the annotation. The date and time (timestamp) when the annotation was created. The textual content of the annotation. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the annotation elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately. Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. The vulnerability has been remediated. The vulnerability has been remediated and evidence of the changes are provided in the affected components pedigree containing verifiable commit history and/or diff(s). The vulnerability may be directly or indirectly exploitable. The vulnerability is being investigated. The vulnerability is not specific to the component or service and was falsely identified or associated. The component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases. The rationale of why the impact analysis state was asserted. The code has been removed or tree-shaked. The vulnerable code is not invoked at runtime. Exploitability requires a configurable option to be set/unset. Exploitability requires a dependency that is not present. Exploitability requires a certain environment which is not present. Exploitability requires a compiler flag to be set/unset. Exploits are prevented at runtime. Attacks are blocked at physical, logical, or network perimeter. Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability. Specifies the severity or risk scoring methodology or standard used. The rating is based on CVSS v2 standard https://www.first.org/cvss/v2/ The rating is based on CVSS v3.0 standard https://www.first.org/cvss/v3-0/ The rating is based on CVSS v3.1 standard https://www.first.org/cvss/v3-1/ The rating is based on CVSS v4.0 standard https://www.first.org/cvss/v4-0/ The rating is based on OWASP Risk Rating https://owasp.org/www-community/OWASP_Risk_Rating_Methodology The rating is based on Stakeholder Specific Vulnerability Categorization (all versions) https://github.com/CERTCC/SSVC Use this if the risk scoring methodology is not based on any of the options above The rationale of why the impact analysis state was asserted. The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status. Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Describes workflows and resources that captures rules and other aspects of how the associated BOM component or service was formed. Transient components that are used in tasks that constitute one or more of this formula's workflows Transient services that are used in tasks that constitute one or more of this formula's workflows List of workflows that can be declared to accomplish specific orchestrated goals and independently triggered. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. An optional identifier which can be used to reference the formula elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The unique identifier for the resource instance within its deployment context. The name of the resource instance. The description of the resource instance. References to component or service resources that are used to realize the resource instance. The tasks that comprise the workflow. The graph of dependencies between tasks within the workflow. Indicates the types of activities performed by the set of workflow tasks. The trigger that initiated the task. The sequence of steps for the task. Represents resources and data brought into a task at runtime by executor or task commands Represents resources and data output from a task at runtime by executor or task commands The date and time (timestamp) when the task started. The date and time (timestamp) when the task ended. A set of named filesystem or data resource shareable by workflow tasks. A graph of the component runtime topology for workflow's instance. A description of the runtime component and service topology. This can describe a partial or complete topology used to host and execute the task (e.g., hardware, operating systems, configurations, etc.) Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the workflow elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. References an object by its bom-ref attribute Reference to an externally accessible resource. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The unique identifier for the resource instance within its deployment context. The name of the resource instance. The description of the resource instance. References to component or service resources that are used to realize the resource instance. Indicates the types of activities performed by the set of workflow tasks. The trigger that initiated the task. The sequence of steps for the task. Represents resources and data brought into a task at runtime by executor or task commands. Represents resources and data output from a task at runtime by executor or task commands The date and time (timestamp) when the task started. The date and time (timestamp) when the task ended. A set of named filesystem or data resource shareable by workflow tasks. A graph of the component runtime topology for task's instance. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the task elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. A named filesystem or data resource shareable by workflow tasks. The unique identifier for the resource instance within its deployment context. The name of the resource instance. The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping so other tasks can use their own local name in their steps. The description of the resource instance. References to component or service resources that are used to realize the resource instance. Describes the read-write access control for the workspace relative to the owning resource instance. A path to a location on disk where the workspace will be available to the associated task's steps. The name of a domain-specific data type the workspace represents. This property is for CI/CD frameworks that are able to provide access to structured, managed data at a more granular level than a filesystem. Identifies the reference to the request for a specific volume type and parameters. Information about the actual volume instance allocated to the workspace. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the workflow elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. An identifiable, logical unit of data storage tied to a physical device. The unique identifier for the volume instance within its deployment context. The name of the volume instance The mode for the volume instance. The underlying path created from the actual volume. The allocated size of the volume accessible to the associated workspace. This should include the scalar size as well as IEC standard unit in either decimal or binary form. Indicates if the volume persists beyond the life of the resource it is associated with. Indicates if the volume is remotely (i.e., network) attached. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Executes specific commands or tools in order to accomplish its owning task as part of a sequence. A name for the step. A description of the step. Ordered list of commands or directives for the step A text representation of the executed command. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The unique identifier for the resource instance within its deployment context. The name of the resource instance. The description of the resource instance. References to component or service resources that are used to realize the resource instance. The source type of event which caused the trigger to fire. The event data that caused the associated trigger to activate. A condition that was used to determine a trigger should be activated. Describes the set of conditions which cause the trigger to activate. The logical expression that was evaluated that determined the trigger should be fired. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. The date and time (timestamp) when the trigger was activated. Represents resources and data brought into a task at runtime by executor or task commands Represents resources and data output from a task at runtime by executor or task commands Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the trigger elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The unique identifier of the event. A description of the event. The date and time (timestamp) when the event was received. Encoding of the raw event data. References the component or service that was the source of the event References the component or service that was the target of the event Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Type that represents various input data types and formats. A reference to an independent resource provided as an input to a task by the workflow runtime. Inputs that have the form of parameters with names and values. Inputs that have the form of parameters with names and values. Inputs that have the form of data. A references to the component or service that provided the input to the task (e.g., reference to a service with data flow value of inbound) A reference to the component or service that received or stored the input if not the task itself (e.g., a local, named storage workspace) Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Represents resources and data output from a task at runtime by executor or task commands A reference to an independent resource generated as output by the task. Outputs that have the form of environment variables. Outputs that have the form of data. Describes the type of data output. Component or service that generated or provided the output from the task (e.g., a build tool) Component or service that received the output from the task (e.g., reference to an artifactory service with data flow value of outbound) Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. A representation of a functional parameter. The name of the parameter. The value of the parameter. The data type of the parameter. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Provides additional information about a BOM. A list of software and hardware components. A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services. Provides the ability to document external references related to the BOM or to the project the BOM describes. Provides the ability to document dependency relationships. Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. Vulnerabilities identified in components or services. Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinion or commentary from various stakeholders. Annotations may be inline (with inventory) or externalized via BOM-Link, and may optionally be signed. Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process. Allows any undeclared elements as long as the elements are placed in a different namespace. Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. The default version is '1'. Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. Use of serial numbers are RECOMMENDED. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.schema.json000066400000000000000000010007401476011761300264330ustar00rootroot00000000000000{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/bom-1.6.schema.json", "type": "object", "title": "CycloneDX Bill of Materials Standard", "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", "required": [ "bomFormat", "specVersion" ], "additionalProperties": false, "properties": { "$schema": { "type": "string" }, "bomFormat": { "type": "string", "title": "BOM Format", "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention, nor does JSON schema support namespaces. This value must be \"CycloneDX\".", "enum": [ "CycloneDX" ] }, "specVersion": { "type": "string", "title": "CycloneDX Specification Version", "description": "The version of the CycloneDX specification the BOM conforms to.", "examples": ["1.6.1"] }, "serialNumber": { "type": "string", "title": "BOM Serial Number", "description": "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number must conform to [RFC 4122](https://www.ietf.org/rfc/rfc4122.html). Use of serial numbers is recommended.", "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" }, "version": { "type": "integer", "title": "BOM Version", "description": "Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. The default version is '1'.", "minimum": 1, "default": 1, "examples": [1] }, "metadata": { "$ref": "#/definitions/metadata", "title": "BOM Metadata", "description": "Provides additional information about a BOM." }, "components": { "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components." }, "services": { "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services." }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "dependencies": { "type": "array", "items": {"$ref": "#/definitions/dependency"}, "uniqueItems": true, "title": "Dependencies", "description": "Provides the ability to document dependency relationships including provided & implemented components." }, "compositions": { "type": "array", "items": {"$ref": "#/definitions/compositions"}, "uniqueItems": true, "title": "Compositions", "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described." }, "vulnerabilities": { "type": "array", "items": {"$ref": "#/definitions/vulnerability"}, "uniqueItems": true, "title": "Vulnerabilities", "description": "Vulnerabilities identified in components or services." }, "annotations": { "type": "array", "items": {"$ref": "#/definitions/annotations"}, "uniqueItems": true, "title": "Annotations", "description": "Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinions or commentary from various stakeholders. Annotations may be inline (with inventory) or externalized via BOM-Link and may optionally be signed." }, "formulation": { "type": "array", "items": {"$ref": "#/definitions/formula"}, "uniqueItems": true, "title": "Formulation", "description": "Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process." }, "declarations": { "type": "object", "title": "Declarations", "description": "The list of declarations which describe the conformance to standards. Each declaration may include attestations, claims, and evidence.", "additionalProperties": false, "properties": { "assessors": { "type": "array", "title": "Assessors", "description": "The list of assessors evaluating claims and determining conformance to requirements and confidence in that assessment.", "items": { "type": "object", "title": "Assessor", "description": "The assessor who evaluates claims and determines conformance to requirements and confidence in that assessment.", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "thirdParty": { "type": "boolean", "title": "Third Party", "description": "The boolean indicating if the assessor is outside the organization generating claims. A value of false indicates a self assessor." }, "organization": { "$ref": "#/definitions/organizationalEntity", "title": "Organization", "description": "The entity issuing the assessment." } } } }, "attestations": { "type": "array", "title": "Attestations", "description": "The list of attestations asserted by an assessor that maps requirements to claims.", "items": { "type": "object", "title": "Attestation", "additionalProperties": false, "properties": { "summary": { "type": "string", "title": "Summary", "description": "The short description explaining the main points of the attestation." }, "assessor": { "$ref": "#/definitions/refLinkType", "title": "Assessor", "description": "The `bom-ref` to the assessor asserting the attestation." }, "map": { "type": "array", "title": "Map", "description": "The grouping of requirements to claims and the attestors declared conformance and confidence thereof.", "items": { "type": "object", "title": "Map", "additionalProperties": false, "properties": { "requirement": { "$ref": "#/definitions/refLinkType", "title": "Requirement", "description": "The `bom-ref` to the requirement being attested to." }, "claims": { "type": "array", "title": "Claims", "description": "The list of `bom-ref` to the claims being attested to.", "items": { "$ref": "#/definitions/refLinkType" } }, "counterClaims": { "type": "array", "title": "Counter Claims", "description": "The list of `bom-ref` to the counter claims being attested to.", "items": { "$ref": "#/definitions/refLinkType" } }, "conformance": { "type": "object", "title": "Conformance", "description": "The conformance of the claim meeting a requirement.", "additionalProperties": false, "properties": { "score": { "type": "number", "minimum": 0, "maximum": 1, "title": "Score", "description": "The conformance of the claim between and inclusive of 0 and 1, where 1 is 100% conformance." }, "rationale": { "type": "string", "title": "Rationale", "description": "The rationale for the conformance score." }, "mitigationStrategies": { "type": "array", "title": "Mitigation Strategies", "description": "The list of `bom-ref` to the evidence provided describing the mitigation strategies.", "items": { "$ref": "#/definitions/refLinkType" } } } }, "confidence": { "type": "object", "title": "Confidence", "description": "The confidence of the claim meeting the requirement.", "additionalProperties": false, "properties": { "score": { "type": "number", "minimum": 0, "maximum": 1, "title": "Score", "description": "The confidence of the claim between and inclusive of 0 and 1, where 1 is 100% confidence." }, "rationale": { "type": "string", "title": "Rationale", "description": "The rationale for the confidence score." } } } } } }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } } }, "claims": { "type": "array", "title": "Claims", "description": "The list of claims.", "items": { "type": "object", "title": "Claim", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "target": { "$ref": "#/definitions/refLinkType", "title": "Target", "description": "The `bom-ref` to a target representing a specific system, application, API, module, team, person, process, business unit, company, etc... that this claim is being applied to." }, "predicate": { "type": "string", "title": "Predicate", "description": "The specific statement or assertion about the target." }, "mitigationStrategies": { "type": "array", "title": "Mitigation Strategies", "description": "The list of `bom-ref` to the evidence provided describing the mitigation strategies. Each mitigation strategy should include an explanation of how any weaknesses in the evidence will be mitigated.", "items": { "$ref": "#/definitions/refLinkType" } }, "reasoning": { "type": "string", "title": "Reasoning", "description": "The written explanation of why the evidence provided substantiates the claim." }, "evidence": { "type": "array", "title": "Evidence", "description": "The list of `bom-ref` to evidence that supports this claim.", "items": { "$ref": "#/definitions/refLinkType" } }, "counterEvidence": { "type": "array", "title": "Counter Evidence", "description": "The list of `bom-ref` to counterEvidence that supports this claim.", "items": { "$ref": "#/definitions/refLinkType" } }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } } }, "evidence": { "type": "array", "title": "Evidence", "description": "The list of evidence", "items": { "type": "object", "title": "Evidence", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "propertyName": { "type": "string", "title": "Property Name", "description": "The reference to the property name as defined in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy/)." }, "description": { "type": "string", "title": "Description", "description": "The written description of what this evidence is and how it was created." }, "data": { "type": "array", "title": "Data", "description": "The output or analysis that supports claims.", "items": { "type": "object", "title": "Data", "additionalProperties": false, "properties": { "name": { "title": "Data Name", "description": "The name of the data.", "type": "string" }, "contents": { "type": "object", "title": "Data Contents", "description": "The contents or references to the contents of the data being described.", "additionalProperties": false, "properties": { "attachment": { "title": "Data Attachment", "description": "An optional way to include textual or encoded data.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "Data URL", "description": "The URL to where the data can be retrieved.", "format": "iri-reference" } } }, "classification": { "$ref": "#/definitions/dataClassification" }, "sensitiveData": { "type": "array", "title": "Sensitive Data", "description": "A description of any sensitive data included.", "items": { "type": "string" } }, "governance": { "title": "Data Governance", "$ref": "#/definitions/dataGovernance" } } } }, "created": { "type": "string", "format": "date-time", "title": "Created", "description": "The date and time (timestamp) when the evidence was created." }, "expires": { "type": "string", "format": "date-time", "title": "Expires", "description": "The optional date and time (timestamp) when the evidence is no longer valid." }, "author": { "$ref": "#/definitions/organizationalContact", "title": "Author", "description": "The author of the evidence." }, "reviewer": { "$ref": "#/definitions/organizationalContact", "title": "Reviewer", "description": "The reviewer of the evidence." }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } } }, "targets": { "type": "object", "title": "Targets", "description": "The list of targets which claims are made against.", "additionalProperties": false, "properties": { "organizations": { "type": "array", "title": "Organizations", "description": "The list of organizations which claims are made against.", "items": {"$ref": "#/definitions/organizationalEntity"} }, "components": { "type": "array", "title": "Components", "description": "The list of components which claims are made against.", "items": {"$ref": "#/definitions/component"} }, "services": { "type": "array", "title": "Services", "description": "The list of services which claims are made against.", "items": {"$ref": "#/definitions/service"} } } }, "affirmation": { "type": "object", "title": "Affirmation", "description": "A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment. It includes a list of authorized signatories who assert the validity of the document on behalf of the organization.", "additionalProperties": false, "properties": { "statement": { "type": "string", "title": "Statement", "description": "The brief statement affirmed by an individual regarding all declarations.\n*- Notes This could be an affirmation of acceptance by a third-party auditor or receiving individual of a file.", "examples": [ "I certify, to the best of my knowledge, that all information is correct." ] }, "signatories": { "type": "array", "title": "Signatories", "description": "The list of signatories authorized on behalf of an organization to assert validity of this document.", "items": { "type": "object", "title": "Signatory", "additionalProperties": false, "oneOf": [ { "required": ["signature"] }, { "required": ["externalReference", "organization"] } ], "properties": { "name": { "type": "string", "title": "Name", "description": "The signatory's name." }, "role": { "type": "string", "title": "Role", "description": "The signatory's role within an organization." }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." }, "organization": { "$ref": "#/definitions/organizationalEntity", "title": "Organization", "description": "The signatory's organization." }, "externalReference": { "$ref": "#/definitions/externalReference", "title": "External Reference", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." } } } }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "definitions": { "type": "object", "title": "Definitions", "description": "A collection of reusable objects that are defined and may be used elsewhere in the BOM.", "additionalProperties": false, "properties": { "standards": { "type": "array", "title": "Standards", "description": "The list of standards which may consist of regulations, industry or organizational-specific standards, maturity models, best practices, or any other requirements which can be evaluated against or attested to.", "items": { "$ref": "#/definitions/standard" } } } }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } }, "definitions": { "refType": { "description": "Identifier for referable and therefore interlinkable elements.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "type": "string", "minLength": 1, "$comment": "TODO (breaking change): add a format constraint that prevents the value from staring with 'urn:cdx:'" }, "refLinkType": { "description": "Descriptor for an element identified by the attribute 'bom-ref' in the same BOM document.\nIn contrast to `bomLinkElementType`.", "$ref": "#/definitions/refType" }, "bomLinkDocumentType": { "title": "BOM-Link Document", "description": "Descriptor for another BOM document. See https://cyclonedx.org/capabilities/bomlink/", "type": "string", "format": "iri-reference", "pattern": "^urn:cdx:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/[1-9][0-9]*$", "$comment": "part of the pattern is based on `bom.serialNumber`'s pattern" }, "bomLinkElementType": { "title": "BOM-Link Element", "description": "Descriptor for an element in a BOM document. See https://cyclonedx.org/capabilities/bomlink/", "type": "string", "format": "iri-reference", "pattern": "^urn:cdx:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/[1-9][0-9]*#.+$", "$comment": "part of the pattern is based on `bom.serialNumber`'s pattern" }, "bomLink": { "title": "BOM-Link", "anyOf": [ { "title": "BOM-Link Document", "$ref": "#/definitions/bomLinkDocumentType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "metadata": { "type": "object", "title": "BOM Metadata", "additionalProperties": false, "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The date and time (timestamp) when the BOM was created." }, "lifecycles": { "type": "array", "title": "Lifecycles", "description": "Lifecycles communicate the stage(s) in which data in the BOM was captured. Different types of data may be available at various phases of a lifecycle, such as the Software Development Lifecycle (SDLC), IT Asset Management (ITAM), and Software Asset Management (SAM). Thus, a BOM may include data specific to or only obtainable in a given lifecycle.", "items": { "type": "object", "title": "Lifecycle", "description": "The product lifecycle(s) that this BOM represents.", "oneOf": [ { "title": "Pre-Defined Phase", "required": ["phase"], "additionalProperties": false, "properties": { "phase": { "type": "string", "title": "Phase", "description": "A pre-defined phase in the product lifecycle.", "enum": [ "design", "pre-build", "build", "post-build", "operations", "discovery", "decommission" ], "meta:enum": { "design": "BOM produced early in the development lifecycle containing an inventory of components and services that are proposed or planned to be used. The inventory may need to be procured, retrieved, or resourced prior to use.", "pre-build": "BOM consisting of information obtained prior to a build process and may contain source files and development artifacts and manifests. The inventory may need to be resolved and retrieved prior to use.", "build": "BOM consisting of information obtained during a build process where component inventory is available for use. The precise versions of resolved components are usually available at this time as well as the provenance of where the components were retrieved from.", "post-build": "BOM consisting of information obtained after a build process has completed and the resulting components(s) are available for further analysis. Built components may exist as the result of a CI/CD process, may have been installed or deployed to a system or device, and may need to be retrieved or extracted from the system or device.", "operations": "BOM produced that represents inventory that is running and operational. This may include staging or production environments and will generally encompass multiple SBOMs describing the applications and operating system, along with HBOMs describing the hardware that makes up the system. Operations Bill of Materials (OBOM) can provide full-stack inventory of runtime environments, configurations, and additional dependencies.", "discovery": "BOM consisting of information observed through network discovery providing point-in-time enumeration of embedded, on-premise, and cloud-native services such as server applications, connected devices, microservices, and serverless functions.", "decommission": "BOM containing inventory that will be, or has been retired from operations." } } } }, { "title": "Custom Phase", "required": ["name"], "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the lifecycle phase" }, "description": { "type": "string", "title": "Description", "description": "The description of the lifecycle phase" } } } ] } }, "tools": { "title": "Tools", "description": "The tool(s) used in the creation, enrichment, and validation of the BOM.", "oneOf": [ { "type": "object", "title": "Tools", "description": "The tool(s) used in the creation, enrichment, and validation of the BOM.", "additionalProperties": false, "properties": { "components": { "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components used as tools." }, "services": { "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services used as tools. This may include microservices, function-as-a-service, and other types of network or intra-process services." } } }, { "type": "array", "title": "Tools (legacy)", "description": "[Deprecated] The tool(s) used in the creation, enrichment, and validation of the BOM.", "items": {"$ref": "#/definitions/tool"} } ] }, "manufacturer": { "title": "BOM Manufacturer", "description": "The organization that created the BOM.\nManufacturer is common in BOMs created through automated processes. BOMs created through manual means may have `@.authors` instead.", "$ref": "#/definitions/organizationalEntity" }, "authors": { "type": "array", "title": "BOM Authors", "description": "The person(s) who created the BOM.\nAuthors are common in BOMs created through manual processes. BOMs created through automated means may have `@.manufacturer` instead.", "items": {"$ref": "#/definitions/organizationalContact"} }, "component": { "title": "Component", "description": "The component that the BOM describes.", "$ref": "#/definitions/component" }, "manufacture": { "deprecated": true, "title": "Component Manufacture (legacy)", "description": "[Deprecated] This will be removed in a future version. Use the `@.component.manufacturer` instead.\nThe organization that manufactured the component that the BOM describes.", "$ref": "#/definitions/organizationalEntity" }, "supplier": { "title": "Supplier", "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" }, "licenses": { "title": "BOM License(s)", "description": "The license information for the BOM document.\nThis may be different from the license(s) of the component(s) that the BOM describes.", "$ref": "#/definitions/licenseChoice" }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} } } }, "tool": { "type": "object", "title": "Tool", "description": "[Deprecated] This will be removed in a future version. Use component or service instead. Information about the automated or manual tool used", "additionalProperties": false, "properties": { "vendor": { "type": "string", "title": "Tool Vendor", "description": "The name of the vendor who created the tool" }, "name": { "type": "string", "title": "Tool Name", "description": "The name of the tool" }, "version": { "$ref": "#/definitions/version", "title": "Tool Version", "description": "The version of the tool" }, "hashes": { "type": "array", "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the tool (if applicable)." }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." } } }, "organizationalEntity": { "type": "object", "title": "Organizational Entity", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "name": { "type": "string", "title": "Organization Name", "description": "The name of the organization", "examples": [ "Example Inc." ] }, "address": { "$ref": "#/definitions/postalAddress", "title": "Organization Address", "description": "The physical address (location) of the organization" }, "url": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "Organization URL(s)", "description": "The URL of the organization. Multiple URLs are allowed.", "examples": ["https://example.com"] }, "contact": { "type": "array", "title": "Organizational Contact", "description": "A contact at the organization. Multiple contacts are allowed.", "items": {"$ref": "#/definitions/organizationalContact"} } } }, "organizationalContact": { "type": "object", "title": "Organizational Contact", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "name": { "type": "string", "title": "Name", "description": "The name of a contact", "examples": ["Contact name"] }, "email": { "type": "string", "format": "idn-email", "title": "Email Address", "description": "The email address of the contact.", "examples": ["firstname.lastname@example.com"] }, "phone": { "type": "string", "title": "Phone", "description": "The phone number of the contact.", "examples": ["800-555-1212"] } } }, "component": { "type": "object", "title": "Component", "required": [ "type", "name" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "application", "framework", "library", "container", "platform", "operating-system", "device", "device-driver", "firmware", "file", "machine-learning-model", "data", "cryptographic-asset" ], "meta:enum": { "application": "A software application. Refer to [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) for information about applications.", "framework": "A software framework. Refer to [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) for information on how frameworks vary slightly from libraries.", "library": "A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing)) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended.", "container": "A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization).", "platform": "A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms.", "operating-system": "A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system).", "device": "A hardware device such as a processor or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device. See also the list of [known device properties](https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md).", "device-driver": "A special type of software that operates or controls a particular type of device. Refer to [https://en.wikipedia.org/wiki/Device_driver](https://en.wikipedia.org/wiki/Device_driver).", "firmware": "A special type of software that provides low-level control over a device's hardware. Refer to [https://en.wikipedia.org/wiki/Firmware](https://en.wikipedia.org/wiki/Firmware).", "file": "A computer file. Refer to [https://en.wikipedia.org/wiki/Computer_file](https://en.wikipedia.org/wiki/Computer_file) for information about files.", "machine-learning-model": "A model based on training data that can make predictions or decisions without being explicitly programmed to do so.", "data": "A collection of discrete values that convey information.", "cryptographic-asset": "A cryptographic asset including algorithms, protocols, certificates, keys, tokens, and secrets." }, "title": "Component Type", "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component.", "examples": ["library"] }, "mime-type": { "type": "string", "title": "Mime-Type", "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented, such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", "examples": ["image/jpeg"], "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" }, "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "supplier": { "title": "Component Supplier", "description": " The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager.", "$ref": "#/definitions/organizationalEntity" }, "manufacturer": { "title": "Component Manufacturer", "description": "The organization that created the component.\nManufacturer is common in components created through automated processes. Components created through manual means may have `@.authors` instead.", "$ref": "#/definitions/organizationalEntity" }, "authors" :{ "type": "array", "title": "Component Authors", "description": "The person(s) who created the component.\nAuthors are common in components created through manual processes. Components created through automated means may have `@.manufacturer` instead.", "items": {"$ref": "#/definitions/organizationalContact"} }, "author": { "deprecated": true, "type": "string", "title": "Component Author (legacy)", "description": "[Deprecated] This will be removed in a future version. Use `@.authors` or `@.manufacturer` instead.\nThe person(s) or organization(s) that authored the component", "examples": ["Acme Inc"] }, "publisher": { "type": "string", "title": "Component Publisher", "description": "The person(s) or organization(s) that published the component", "examples": ["Acme Inc"] }, "group": { "type": "string", "title": "Component Group", "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", "examples": ["com.acme"] }, "name": { "type": "string", "title": "Component Name", "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", "examples": ["tomcat-catalina"] }, "version": { "$ref": "#/definitions/version", "title": "Component Version", "description": "The component version. The version should ideally comply with semantic versioning but is not enforced." }, "description": { "type": "string", "title": "Component Description", "description": "Specifies a description for the component" }, "scope": { "type": "string", "enum": [ "required", "optional", "excluded" ], "meta:enum": { "required": "The component is required for runtime", "optional": "The component is optional at runtime. Optional components are components that are not capable of being called due to them not being installed or otherwise accessible by any means. Components that are installed but due to configuration or other restrictions are prohibited from being called must be scoped as 'required'.", "excluded": "Components that are excluded provide the ability to document component usage for test and other non-runtime purposes. Excluded components are not reachable within a call graph at runtime." }, "title": "Component Scope", "description": "Specifies the scope of the component. If scope is not specified, 'required' scope SHOULD be assumed by the consumer of the BOM.", "default": "required" }, "hashes": { "type": "array", "title": "Component Hashes", "description": "The hashes of the component.", "items": {"$ref": "#/definitions/hash"} }, "licenses": { "$ref": "#/definitions/licenseChoice", "title": "Component License(s)" }, "copyright": { "type": "string", "title": "Component Copyright", "description": "A copyright notice informing users of the underlying claims to copyright ownership in a published work.", "examples": ["Acme Inc"] }, "cpe": { "type": "string", "title": "Common Platform Enumeration (CPE)", "description": "Asserts the identity of the component using CPE. The CPE must conform to the CPE 2.2 or 2.3 specification. See [https://nvd.nist.gov/products/cpe](https://nvd.nist.gov/products/cpe). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"] }, "purl": { "type": "string", "title": "Package URL (purl)", "description": "Asserts the identity of the component using package-url (purl). The purl, if specified, must be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"] }, "omniborId": { "type": "array", "title": "OmniBOR Artifact Identifier (gitoid)", "description": "Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if specified, must be valid and conform to the specification defined at: [https://www.iana.org/assignments/uri-schemes/prov/gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", "items": { "type": "string" }, "examples": [ "gitoid:blob:sha1:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3", "gitoid:blob:sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08" ] }, "swhid": { "type": "array", "title": "Software Heritage Identifier", "description": "Asserts the identity of the component using the Software Heritage persistent identifier (SWHID). The SWHID, if specified, must be valid and conform to the specification defined at: [https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html](https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", "items": { "type": "string" }, "examples": ["swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2"] }, "swid": { "$ref": "#/definitions/swid", "title": "SWID Tag", "description": "Asserts the identity of the component using [ISO-IEC 19770-2 Software Identification (SWID) Tags](https://www.iso.org/standard/65666.html). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity." }, "modified": { "type": "boolean", "title": "Component Modified From Original", "description": "[Deprecated] This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating if the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." }, "pedigree": { "type": "object", "title": "Component Pedigree", "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", "additionalProperties": false, "properties": { "ancestors": { "type": "array", "title": "Ancestors", "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", "items": {"$ref": "#/definitions/component"} }, "descendants": { "type": "array", "title": "Descendants", "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", "items": {"$ref": "#/definitions/component"} }, "variants": { "type": "array", "title": "Variants", "description": "Variants describe relations where the relationship between the components is not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", "items": {"$ref": "#/definitions/component"} }, "commits": { "type": "array", "title": "Commits", "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", "items": {"$ref": "#/definitions/commit"} }, "patches": { "type": "array", "title": "Patches", "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complementary to commits or may be used in place of commits.", "items": {"$ref": "#/definitions/patch"} }, "notes": { "type": "string", "title": "Notes", "description": "Notes, observations, and other non-structured commentary describing the components pedigree." } } }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "components": { "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system → subsystem → parts assembly in physical supply chains." }, "evidence": { "$ref": "#/definitions/componentEvidence", "title": "Evidence", "description": "Provides the ability to document evidence collected through various forms of extraction or analysis." }, "releaseNotes": { "$ref": "#/definitions/releaseNotes", "title": "Release notes", "description": "Specifies optional release notes." }, "modelCard": { "$ref": "#/definitions/modelCard", "title": "AI/ML Model Card" }, "data": { "type": "array", "items": {"$ref": "#/definitions/componentData"}, "title": "Data", "description": "This object SHOULD be specified for any component of type `data` and must not be specified for other component types." }, "cryptoProperties": { "$ref": "#/definitions/cryptoProperties", "title": "Cryptographic Properties" }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} }, "tags": { "$ref": "#/definitions/tags", "title": "Tags" }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "swid": { "type": "object", "title": "SWID Tag", "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", "required": [ "tagId", "name" ], "additionalProperties": false, "properties": { "tagId": { "type": "string", "title": "Tag ID", "description": "Maps to the tagId of a SoftwareIdentity." }, "name": { "type": "string", "title": "Name", "description": "Maps to the name of a SoftwareIdentity." }, "version": { "type": "string", "title": "Version", "default": "0.0", "description": "Maps to the version of a SoftwareIdentity." }, "tagVersion": { "type": "integer", "title": "Tag Version", "default": 0, "description": "Maps to the tagVersion of a SoftwareIdentity." }, "patch": { "type": "boolean", "title": "Patch", "default": false, "description": "Maps to the patch of a SoftwareIdentity." }, "text": { "title": "Attachment text", "description": "Specifies the metadata and content of the SWID tag.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "description": "The URL to the SWID file.", "format": "iri-reference" } } }, "attachment": { "type": "object", "title": "Attachment", "description": "Specifies the metadata and content for an attachment.", "required": [ "content" ], "additionalProperties": false, "properties": { "contentType": { "type": "string", "title": "Content-Type", "description": "Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plan text documents.\n [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml).", "default": "text/plain", "examples": [ "text/plain", "application/json", "image/png" ] }, "encoding": { "type": "string", "title": "Encoding", "description": "Specifies the optional encoding the text is represented in.", "enum": [ "base64" ], "meta:enum": { "base64": "Base64 is a binary-to-text encoding scheme that represents binary data in an ASCII string." } }, "content": { "type": "string", "title": "Attachment Text", "description": "The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text." } } }, "hash": { "type": "object", "title": "Hash", "required": [ "alg", "content" ], "additionalProperties": false, "properties": { "alg": { "$ref": "#/definitions/hash-alg" }, "content": { "$ref": "#/definitions/hash-content" } } }, "hash-alg": { "type": "string", "title": "Hash Algorithm", "description": "The algorithm that generated the hash value.", "enum": [ "MD5", "SHA-1", "SHA-256", "SHA-384", "SHA-512", "SHA3-256", "SHA3-384", "SHA3-512", "BLAKE2b-256", "BLAKE2b-384", "BLAKE2b-512", "BLAKE3" ] }, "hash-content": { "type": "string", "title": "Hash Value", "description": "The value of the hash.", "examples": ["3942447fac867ae5cdb3229b658f4d48"], "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" }, "license": { "type": "object", "title": "License", "description": "Specifies the details and attributes related to a software license. It can either include a valid SPDX license identifier or a named license, along with additional properties such as license acknowledgment, comprehensive commercial licensing information, and the full text of the license.", "oneOf": [ { "required": ["id"] }, { "required": ["name"] } ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "id": { "$ref": "spdx.SNAPSHOT.schema.json", "title": "License ID (SPDX)", "description": "A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX license identifiers defined in the spdx.SNAPSHOT.schema.json (or spdx.xml) subschema which is synchronized with the official SPDX license list.", "examples": ["Apache-2.0"] }, "name": { "type": "string", "title": "License Name", "description": "The name of the license. This may include the name of a commercial or proprietary license or an open source license that may not be defined by SPDX.", "examples": ["Acme Software License"] }, "acknowledgement": { "$ref": "#/definitions/licenseAcknowledgementEnumeration" }, "text": { "title": "License text", "description": "An optional way to include the textual content of a license.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "License URL", "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], "format": "iri-reference" }, "licensing": { "type": "object", "title": "Licensing information", "description": "Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata", "additionalProperties": false, "properties": { "altIds": { "type": "array", "title": "Alternate License Identifiers", "description": "License identifiers that may be used to manage licenses and their lifecycle", "items": { "type": "string" } }, "licensor": { "title": "Licensor", "description": "The individual or organization that grants a license to another individual or organization", "type": "object", "additionalProperties": false, "properties": { "organization": { "title": "Licensor (Organization)", "description": "The organization that granted the license", "$ref": "#/definitions/organizationalEntity" }, "individual": { "title": "Licensor (Individual)", "description": "The individual, not associated with an organization, that granted the license", "$ref": "#/definitions/organizationalContact" } }, "oneOf":[ { "required": ["organization"] }, { "required": ["individual"] } ] }, "licensee": { "title": "Licensee", "description": "The individual or organization for which a license was granted to", "type": "object", "additionalProperties": false, "properties": { "organization": { "title": "Licensee (Organization)", "description": "The organization that was granted the license", "$ref": "#/definitions/organizationalEntity" }, "individual": { "title": "Licensee (Individual)", "description": "The individual, not associated with an organization, that was granted the license", "$ref": "#/definitions/organizationalContact" } }, "oneOf":[ { "required": ["organization"] }, { "required": ["individual"] } ] }, "purchaser": { "title": "Purchaser", "description": "The individual or organization that purchased the license", "type": "object", "additionalProperties": false, "properties": { "organization": { "title": "Purchaser (Organization)", "description": "The organization that purchased the license", "$ref": "#/definitions/organizationalEntity" }, "individual": { "title": "Purchaser (Individual)", "description": "The individual, not associated with an organization, that purchased the license", "$ref": "#/definitions/organizationalContact" } }, "oneOf":[ { "required": ["organization"] }, { "required": ["individual"] } ] }, "purchaseOrder": { "type": "string", "title": "Purchase Order", "description": "The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase" }, "licenseTypes": { "type": "array", "title": "License Type", "description": "The type of license(s) that was granted to the licensee.", "items": { "type": "string", "enum": [ "academic", "appliance", "client-access", "concurrent-user", "core-points", "custom-metric", "device", "evaluation", "named-user", "node-locked", "oem", "perpetual", "processor-points", "subscription", "user", "other" ], "meta:enum": { "academic": "A license that grants use of software solely for the purpose of education or research.", "appliance": "A license covering use of software embedded in a specific piece of hardware.", "client-access": "A Client Access License (CAL) allows client computers to access services provided by server software.", "concurrent-user": "A Concurrent User license (aka floating license) limits the number of licenses for a software application and licenses are shared among a larger number of users.", "core-points": "A license where the core of a computer's processor is assigned a specific number of points.", "custom-metric": "A license for which consumption is measured by non-standard metrics.", "device": "A license that covers a defined number of installations on computers and other types of devices.", "evaluation": "A license that grants permission to install and use software for trial purposes.", "named-user": "A license that grants access to the software to one or more pre-defined users.", "node-locked": "A license that grants access to the software on one or more pre-defined computers or devices.", "oem": "An Original Equipment Manufacturer license that is delivered with hardware, cannot be transferred to other hardware, and is valid for the life of the hardware.", "perpetual": "A license where the software is sold on a one-time basis and the licensee can use a copy of the software indefinitely.", "processor-points": "A license where each installation consumes points per processor.", "subscription": "A license where the licensee pays a fee to use the software or service.", "user": "A license that grants access to the software or service by a specified number of users.", "other": "Another license type." } } }, "lastRenewal": { "type": "string", "format": "date-time", "title": "Last Renewal", "description": "The timestamp indicating when the license was last renewed. For new purchases, this is often the purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of when the license was last renewed." }, "expiration": { "type": "string", "format": "date-time", "title": "Expiration", "description": "The timestamp indicating when the current license expires (if applicable)." } } }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} } } }, "licenseAcknowledgementEnumeration": { "title": "License Acknowledgement", "description": "Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license.", "type": "string", "enum": [ "declared", "concluded" ], "meta:enum": { "declared": "Declared licenses represent the initial intentions of authors regarding the licensing terms of their code.", "concluded": "Concluded licenses are verified and confirmed." } }, "licenseChoice": { "title": "License Choice", "description": "EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)", "type": "array", "oneOf": [ { "title": "Multiple licenses", "description": "A list of SPDX licenses and/or named licenses.", "type": "array", "items": { "type": "object", "title": "License", "required": ["license"], "additionalProperties": false, "properties": { "license": {"$ref": "#/definitions/license"} } } }, { "title": "SPDX License Expression", "description": "A tuple of exactly one SPDX License Expression.", "type": "array", "additionalItems": false, "minItems": 1, "maxItems": 1, "items": [{ "type": "object", "additionalProperties": false, "required": ["expression"], "properties": { "expression": { "type": "string", "title": "SPDX License Expression", "description": "A valid SPDX license expression.\nRefer to https://spdx.org/specifications for syntax requirements", "examples": [ "Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0" ] }, "acknowledgement": { "$ref": "#/definitions/licenseAcknowledgementEnumeration" }, "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." } } }] } ] }, "commit": { "type": "object", "title": "Commit", "description": "Specifies an individual commit", "additionalProperties": false, "properties": { "uid": { "type": "string", "title": "UID", "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes." }, "url": { "type": "string", "title": "URL", "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", "format": "iri-reference" }, "author": { "title": "Author", "description": "The author who created the changes in the commit", "$ref": "#/definitions/identifiableAction" }, "committer": { "title": "Committer", "description": "The person who committed or pushed the commit", "$ref": "#/definitions/identifiableAction" }, "message": { "type": "string", "title": "Message", "description": "The text description of the contents of the commit" } } }, "patch": { "type": "object", "title": "Patch", "description": "Specifies an individual patch", "required": [ "type" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "unofficial", "monkey", "backport", "cherry-pick" ], "meta:enum": { "unofficial": "A patch which is not developed by the creators or maintainers of the software being patched. Refer to [https://en.wikipedia.org/wiki/Unofficial_patch](https://en.wikipedia.org/wiki/Unofficial_patch).", "monkey": "A patch which dynamically modifies runtime behavior. Refer to [https://en.wikipedia.org/wiki/Monkey_patch](https://en.wikipedia.org/wiki/Monkey_patch).", "backport": "A patch which takes code from a newer version of the software and applies it to older versions of the same software. Refer to [https://en.wikipedia.org/wiki/Backporting](https://en.wikipedia.org/wiki/Backporting).", "cherry-pick": "A patch created by selectively applying commits from other versions or branches of the same software." }, "title": "Patch Type", "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality." }, "diff": { "title": "Diff", "description": "The patch file (or diff) that shows changes. Refer to [https://en.wikipedia.org/wiki/Diff](https://en.wikipedia.org/wiki/Diff)", "$ref": "#/definitions/diff" }, "resolves": { "type": "array", "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues the patch resolves" } } }, "diff": { "type": "object", "title": "Diff", "description": "The patch file (or diff) that shows changes. Refer to https://en.wikipedia.org/wiki/Diff", "additionalProperties": false, "properties": { "text": { "title": "Diff text", "description": "Specifies the optional text of the diff", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "URL", "description": "Specifies the URL to the diff", "format": "iri-reference" } } }, "issue": { "type": "object", "title": "Issue", "description": "An individual issue that has been resolved.", "required": [ "type" ], "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "defect", "enhancement", "security" ], "meta:enum": { "defect": "A fault, flaw, or bug in software.", "enhancement": "A new feature or behavior in software.", "security": "A special type of defect which impacts security." }, "title": "Issue Type", "description": "Specifies the type of issue" }, "id": { "type": "string", "title": "Issue ID", "description": "The identifier of the issue assigned by the source of the issue" }, "name": { "type": "string", "title": "Issue Name", "description": "The name of the issue" }, "description": { "type": "string", "title": "Issue Description", "description": "A description of the issue" }, "source": { "type": "object", "title": "Source", "description": "The source of the issue where it is documented", "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the source.", "examples": [ "National Vulnerability Database", "NVD", "Apache" ] }, "url": { "type": "string", "title": "URL", "description": "The url of the issue documentation as provided by the source", "format": "iri-reference" } } }, "references": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "References", "description": "A collection of URL's for reference. Multiple URLs are allowed.", "examples": ["https://example.com"] } } }, "identifiableAction": { "type": "object", "title": "Identifiable Action", "description": "Specifies an individual commit", "additionalProperties": false, "properties": { "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The timestamp in which the action occurred" }, "name": { "type": "string", "title": "Name", "description": "The name of the individual who performed the action" }, "email": { "type": "string", "format": "idn-email", "title": "E-mail", "description": "The email address of the individual who performed the action" } } }, "externalReference": { "type": "object", "title": "External Reference", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM.", "required": [ "url", "type" ], "additionalProperties": false, "properties": { "url": { "anyOf": [ { "title": "URL", "type": "string", "format": "iri-reference" }, { "title": "BOM-Link", "$ref": "#/definitions/bomLink" } ], "title": "URL", "description": "The URI (URL or URN) to the external reference. External references are URIs and therefore can accept any URL scheme including https ([RFC-7230](https://www.ietf.org/rfc/rfc7230.txt)), mailto ([RFC-2368](https://www.ietf.org/rfc/rfc2368.txt)), tel ([RFC-3966](https://www.ietf.org/rfc/rfc3966.txt)), and dns ([RFC-4501](https://www.ietf.org/rfc/rfc4501.txt)). External references may also include formally registered URNs such as [CycloneDX BOM-Link](https://cyclonedx.org/capabilities/bomlink/) to reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external references into relationships that can be expressed in a BOM or across BOMs." }, "comment": { "type": "string", "title": "Comment", "description": "An optional comment describing the external reference" }, "type": { "type": "string", "title": "Type", "description": "Specifies the type of external reference.", "enum": [ "vcs", "issue-tracker", "website", "advisories", "bom", "mailing-list", "social", "chat", "documentation", "support", "source-distribution", "distribution", "distribution-intake", "license", "build-meta", "build-system", "release-notes", "security-contact", "model-card", "log", "configuration", "evidence", "formulation", "attestation", "threat-model", "adversary-model", "risk-assessment", "vulnerability-assertion", "exploitability-statement", "pentest-report", "static-analysis-report", "dynamic-analysis-report", "runtime-analysis-report", "component-analysis-report", "maturity-report", "certification-report", "codified-infrastructure", "quality-metrics", "poam", "electronic-signature", "digital-signature", "rfc-9116", "other" ], "meta:enum": { "vcs": "Version Control System", "issue-tracker": "Issue or defect tracking system, or an Application Lifecycle Management (ALM) system", "website": "Website", "advisories": "Security advisories", "bom": "Bill of Materials (SBOM, OBOM, HBOM, SaaSBOM, etc)", "mailing-list": "Mailing list or discussion group", "social": "Social media account", "chat": "Real-time chat platform", "documentation": "Documentation, guides, or how-to instructions", "support": "Community or commercial support", "source-distribution": "The location where the source code distributable can be obtained. This is often an archive format such as zip or tgz. The source-distribution type complements use of the version control (vcs) type.", "distribution": "Direct or repository download location", "distribution-intake": "The location where a component was published to. This is often the same as \"distribution\" but may also include specialized publishing processes that act as an intermediary.", "license": "The reference to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness.", "build-meta": "Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc)", "build-system": "Reference to an automated build system", "release-notes": "Reference to release notes", "security-contact": "Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501) that specifies the records containing DNS Security TXT.", "model-card": "A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency.", "log": "A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations.", "configuration": "Parameters or settings that may be used by other components or services.", "evidence": "Information used to substantiate a claim.", "formulation": "Describes how a component or service was manufactured or deployed.", "attestation": "Human or machine-readable statements containing facts, evidence, or testimony.", "threat-model": "An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format.", "adversary-model": "The defined assumptions, goals, and capabilities of an adversary.", "risk-assessment": "Identifies and analyzes the potential of future events that may negatively impact individuals, assets, and/or the environment. Risk assessments may also include judgments on the tolerability of each risk.", "vulnerability-assertion": "A Vulnerability Disclosure Report (VDR) which asserts the known and previously unknown vulnerabilities that affect a component, service, or product including the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on a component, service, or product.", "exploitability-statement": "A Vulnerability Exploitability eXchange (VEX) which asserts the known vulnerabilities that do not affect a product, product family, or organization, and optionally the ones that do. The VEX should include the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on the product, product family, or organization.", "pentest-report": "Results from an authorized simulated cyberattack on a component or service, otherwise known as a penetration test.", "static-analysis-report": "SARIF or proprietary machine or human-readable report for which static analysis has identified code quality, security, and other potential issues with the source code.", "dynamic-analysis-report": "Dynamic analysis report that has identified issues such as vulnerabilities and misconfigurations.", "runtime-analysis-report": "Report generated by analyzing the call stack of a running application.", "component-analysis-report": "Report generated by Software Composition Analysis (SCA), container analysis, or other forms of component analysis.", "maturity-report": "Report containing a formal assessment of an organization, business unit, or team against a maturity model.", "certification-report": "Industry, regulatory, or other certification from an accredited (if applicable) certification body.", "codified-infrastructure": "Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC).", "quality-metrics": "Report or system in which quality metrics can be obtained.", "poam": "Plans of Action and Milestones (POA&M) complement an \"attestation\" external reference. POA&M is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".", "electronic-signature": "An e-signature is commonly a scanned representation of a written signature or a stylized script of the person's name.", "digital-signature": "A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification.", "rfc-9116": "Document that complies with [RFC 9116](https://www.ietf.org/rfc/rfc9116.html) (A File Format to Aid in Security Vulnerability Disclosure)", "other": "Use this if no other types accurately describe the purpose of the external reference." } }, "hashes": { "type": "array", "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the external reference (if applicable)." } } }, "dependency": { "type": "object", "title": "Dependency", "description": "Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies must be declared as empty elements within the graph. Components or services that are not represented in the dependency graph may have unknown dependencies. It is recommended that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is recommended to leverage compositions to indicate unknown dependency graphs.", "required": [ "ref" ], "additionalProperties": false, "properties": { "ref": { "$ref": "#/definitions/refLinkType", "title": "Reference", "description": "References a component or service by its bom-ref attribute" }, "dependsOn": { "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/refLinkType" }, "title": "Depends On", "description": "The bom-ref identifiers of the components or services that are dependencies of this dependency object." }, "provides": { "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/refLinkType" }, "title": "Provides", "description": "The bom-ref identifiers of the components or services that define a given specification or standard, which are provided or implemented by this dependency object.\nFor example, a cryptographic library which implements a cryptographic algorithm. A component which implements another component does not imply that the implementation is in use." } } }, "service": { "type": "object", "title": "Service", "required": [ "name" ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "provider": { "title": "Provider", "description": "The organization that provides the service.", "$ref": "#/definitions/organizationalEntity" }, "group": { "type": "string", "title": "Service Group", "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", "examples": ["com.acme"] }, "name": { "type": "string", "title": "Service Name", "description": "The name of the service. This will often be a shortened, single name of the service.", "examples": ["ticker-service"] }, "version": { "$ref": "#/definitions/version", "title": "Service Version", "description": "The service version." }, "description": { "type": "string", "title": "Service Description", "description": "Specifies a description for the service" }, "endpoints": { "type": "array", "items": { "type": "string", "format": "iri-reference" }, "title": "Endpoints", "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", "examples": ["https://example.com/api/v1/ticker"] }, "authenticated": { "type": "boolean", "title": "Authentication Required", "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." }, "x-trust-boundary": { "type": "boolean", "title": "Crosses Trust Boundary", "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." }, "trustZone": { "type": "string", "title": "Trust Zone", "description": "The name of the trust zone the service resides in." }, "data": { "type": "array", "items": {"$ref": "#/definitions/serviceData"}, "title": "Data", "description": "Specifies information about the data including the directional flow of data and the data classification." }, "licenses": { "$ref": "#/definitions/licenseChoice", "title": "Service License(s)" }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "services": { "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services included or deployed behind the parent service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies." }, "releaseNotes": { "$ref": "#/definitions/releaseNotes", "title": "Release notes", "description": "Specifies optional release notes." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} }, "tags": { "$ref": "#/definitions/tags", "title": "Tags" }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "serviceData": { "type": "object", "title": "Hash Objects", "required": [ "flow", "classification" ], "additionalProperties": false, "properties": { "flow": { "$ref": "#/definitions/dataFlowDirection", "title": "Directional Flow", "description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways and unknown states that the direction is not known." }, "classification": { "$ref": "#/definitions/dataClassification" }, "name": { "type": "string", "title": "Name", "description": "Name for the defined data", "examples": [ "Credit card reporting" ] }, "description": { "type": "string", "title": "Description", "description": "Short description of the data content and usage", "examples": [ "Credit card information being exchanged in between the web app and the database" ] }, "governance": { "title": "Data Governance", "$ref": "#/definitions/dataGovernance" }, "source": { "type": "array", "items": { "anyOf": [ { "title": "URL", "type": "string", "format": "iri-reference" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "title": "Source", "description": "The URI, URL, or BOM-Link of the components or services the data came in from" }, "destination": { "type": "array", "items": { "anyOf": [ { "title": "URL", "type": "string", "format": "iri-reference" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "title": "Destination", "description": "The URI, URL, or BOM-Link of the components or services the data is sent to" } } }, "dataFlowDirection": { "type": "string", "enum": [ "inbound", "outbound", "bi-directional", "unknown" ], "meta:enum": { "inbound": "Data that enters a service.", "outbound": "Data that exits a service.", "bi-directional": "Data flows in and out of the service.", "unknown": "The directional flow of data is not known." }, "title": "Data flow direction", "description": "Specifies the flow direction of the data. Direction is relative to the service." }, "copyright": { "type": "object", "title": "Copyright", "description": "A copyright notice informing users of the underlying claims to copyright ownership in a published work.", "required": [ "text" ], "additionalProperties": false, "properties": { "text": { "type": "string", "title": "Copyright Text", "description": "The textual content of the copyright." } } }, "componentEvidence": { "type": "object", "title": "Evidence", "description": "Provides the ability to document evidence collected through various forms of extraction or analysis.", "additionalProperties": false, "properties": { "identity": { "title": "Identity Evidence", "description": "Evidence that substantiates the identity of a component. The identity may be an object or an array of identity objects. Support for specifying identity as a single object was introduced in CycloneDX v1.5. Arrays were introduced in v1.6. It is recommended that all implementations use arrays, even if only one identity object is specified.", "oneOf" : [ { "type": "array", "title": "Array of Identity Objects", "items": { "$ref": "#/definitions/componentIdentityEvidence" } }, { "title": "A Single Identity Object", "description": "[Deprecated]", "$ref": "#/definitions/componentIdentityEvidence", "deprecated": true } ] }, "occurrences": { "type": "array", "title": "Occurrences", "description": "Evidence of individual instances of a component spread across multiple locations.", "items": { "type": "object", "required": [ "location" ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "location": { "type": "string", "title": "Location", "description": "The location or path to where the component was found." }, "line": { "type": "integer", "minimum": 0, "title": "Line Number", "description": "The line number where the component was found." }, "offset": { "type": "integer", "minimum": 0, "title": "Offset", "description": "The offset where the component was found." }, "symbol": { "type": "string", "title": "Symbol", "description": "The symbol name that was found associated with the component." }, "additionalContext": { "type": "string", "title": "Additional Context", "description": "Any additional context of the detected component (e.g. a code snippet)." } } } }, "callstack": { "type": "object", "title": "Call Stack", "description": "Evidence of the components use through the callstack.", "additionalProperties": false, "properties": { "frames": { "type": "array", "title": "Frames", "description": "Within a call stack, a frame is a discrete unit that encapsulates an execution context, including local variables, parameters, and the return address. As function calls are made, frames are pushed onto the stack, forming an array-like structure that orchestrates the flow of program execution and manages the sequence of function invocations.", "items": { "type": "object", "required": [ "module" ], "additionalProperties": false, "properties": { "package": { "title": "Package", "description": "A package organizes modules into namespaces, providing a unique namespace for each type it contains.", "type": "string" }, "module": { "title": "Module", "description": "A module or class that encloses functions/methods and other code.", "type": "string" }, "function": { "title": "Function", "description": "A block of code designed to perform a particular task.", "type": "string" }, "parameters": { "title": "Parameters", "description": "Optional arguments that are passed to the module or function.", "type": "array", "items": { "type": "string" } }, "line": { "title": "Line", "description": "The line number the code that is called resides on.", "type": "integer" }, "column": { "title": "Column", "description": "The column the code that is called resides.", "type": "integer" }, "fullFilename": { "title": "Full Filename", "description": "The full path and filename of the module.", "type": "string" } } } } } }, "licenses": { "$ref": "#/definitions/licenseChoice", "title": "License Evidence" }, "copyright": { "type": "array", "items": {"$ref": "#/definitions/copyright"}, "title": "Copyright Evidence", "description": "Copyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection." } } }, "compositions": { "type": "object", "title": "Compositions", "required": [ "aggregate" ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "aggregate": { "$ref": "#/definitions/aggregateType", "title": "Aggregate", "description": "Specifies an aggregate type that describe how complete a relationship is." }, "assemblies": { "type": "array", "uniqueItems": true, "items": { "anyOf": [ { "title": "Ref", "$ref": "#/definitions/refLinkType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "title": "BOM references", "description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only." }, "dependencies": { "type": "array", "uniqueItems": true, "items": { "type": "string" }, "title": "BOM references", "description": "The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only." }, "vulnerabilities": { "type": "array", "uniqueItems": true, "items": { "type": "string" }, "title": "BOM references", "description": "The bom-ref identifiers of the vulnerabilities being described." }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "aggregateType": { "type": "string", "default": "not_specified", "enum": [ "complete", "incomplete", "incomplete_first_party_only", "incomplete_first_party_proprietary_only", "incomplete_first_party_opensource_only", "incomplete_third_party_only", "incomplete_third_party_proprietary_only", "incomplete_third_party_opensource_only", "unknown", "not_specified" ], "meta:enum": { "complete": "The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist.", "incomplete": "The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies.", "incomplete_first_party_only": "The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented.", "incomplete_first_party_proprietary_only": "The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.", "incomplete_first_party_opensource_only": "The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource.", "incomplete_third_party_only": "The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented.", "incomplete_third_party_proprietary_only": "The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.", "incomplete_third_party_opensource_only": "The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource.", "unknown": "The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive.", "not_specified": "The relationship completeness is not specified." } }, "property": { "type": "object", "title": "Lightweight name-value pair", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "required": [ "name" ], "properties": { "name": { "type": "string", "title": "Name", "description": "The name of the property. Duplicate names are allowed, each potentially having a different value." }, "value": { "type": "string", "title": "Value", "description": "The value of the property." } }, "additionalProperties": false }, "localeType": { "type": "string", "pattern": "^([a-z]{2})(-[A-Z]{2})?$", "title": "Locale", "description": "Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code must be lower case. If the country code is specified, the country code must be upper case. The language code and country code must be separated by a minus sign. Examples: en, en-US, fr, fr-CA" }, "releaseType": { "type": "string", "examples": [ "major", "minor", "patch", "pre-release", "internal" ], "description": "The software versioning type. It is recommended that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged.\n\n* __major__ = A major release may contain significant changes or may introduce breaking changes.\n* __minor__ = A minor release, also known as an update, may contain a smaller number of changes than major releases.\n* __patch__ = Patch releases are typically unplanned and may resolve defects or important security issues.\n* __pre-release__ = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability.\n* __internal__ = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it." }, "note": { "type": "object", "title": "Note", "description": "A note containing the locale and content.", "required": [ "text" ], "additionalProperties": false, "properties": { "locale": { "$ref": "#/definitions/localeType", "title": "Locale", "description": "The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. Examples include: \"en\", \"en-US\", \"fr\" and \"fr-CA\"" }, "text": { "title": "Release note content", "description": "Specifies the full content of the release note.", "$ref": "#/definitions/attachment" } } }, "releaseNotes": { "type": "object", "title": "Release notes", "required": [ "type" ], "additionalProperties": false, "properties": { "type": { "$ref": "#/definitions/releaseType", "title": "Type", "description": "The software versioning type the release note describes." }, "title": { "type": "string", "title": "Title", "description": "The title of the release." }, "featuredImage": { "type": "string", "format": "iri-reference", "title": "Featured image", "description": "The URL to an image that may be prominently displayed with the release note." }, "socialImage": { "type": "string", "format": "iri-reference", "title": "Social image", "description": "The URL to an image that may be used in messaging on social media platforms." }, "description": { "type": "string", "title": "Description", "description": "A short description of the release." }, "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The date and time (timestamp) when the release note was created." }, "aliases": { "type": "array", "items": { "type": "string" }, "title": "Aliases", "description": "One or more alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names)." }, "tags": { "$ref": "#/definitions/tags", "title": "Tags" }, "resolves": { "type": "array", "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues that have been resolved." }, "notes": { "type": "array", "items": {"$ref": "#/definitions/note"}, "title": "Notes", "description": "Zero or more release notes containing the locale and content. Multiple note objects may be specified to support release notes in a wide variety of languages." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} } } }, "advisory": { "type": "object", "title": "Advisory", "description": "Title and location where advisory information can be obtained. An advisory is a notification of a threat to a component, service, or system.", "required": ["url"], "additionalProperties": false, "properties": { "title": { "type": "string", "title": "Title", "description": "An optional name of the advisory." }, "url": { "type": "string", "title": "URL", "format": "iri-reference", "description": "Location where the advisory can be obtained." } } }, "cwe": { "type": "integer", "minimum": 1, "title": "CWE", "description": "Integer representation of a Common Weaknesses Enumerations (CWE). For example 399 (of https://cwe.mitre.org/data/definitions/399.html)" }, "severity": { "type": "string", "title": "Severity", "description": "Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately.", "enum": [ "critical", "high", "medium", "low", "info", "none", "unknown" ], "meta:enum": { "critical": "Critical severity", "high": "High severity", "medium": "Medium severity", "low": "Low severity", "info": "Informational warning.", "none": "None", "unknown": "The severity is not known" } }, "scoreMethod": { "type": "string", "title": "Method", "description": "Specifies the severity or risk scoring methodology or standard used.", "enum": [ "CVSSv2", "CVSSv3", "CVSSv31", "CVSSv4", "OWASP", "SSVC", "other" ], "meta:enum": { "CVSSv2": "Common Vulnerability Scoring System v2.0", "CVSSv3": "Common Vulnerability Scoring System v3.0", "CVSSv31": "Common Vulnerability Scoring System v3.1", "CVSSv4": "Common Vulnerability Scoring System v4.0", "OWASP": "OWASP Risk Rating Methodology", "SSVC": "Stakeholder Specific Vulnerability Categorization", "other": "Another severity or risk scoring methodology" } }, "impactAnalysisState": { "type": "string", "title": "Impact Analysis State", "description": "Declares the current state of an occurrence of a vulnerability, after automated or manual analysis.", "enum": [ "resolved", "resolved_with_pedigree", "exploitable", "in_triage", "false_positive", "not_affected" ], "meta:enum": { "resolved": "The vulnerability has been remediated.", "resolved_with_pedigree": "The vulnerability has been remediated and evidence of the changes are provided in the affected components pedigree containing verifiable commit history and/or diff(s).", "exploitable": "The vulnerability may be directly or indirectly exploitable.", "in_triage": "The vulnerability is being investigated.", "false_positive": "The vulnerability is not specific to the component or service and was falsely identified or associated.", "not_affected": "The component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases." } }, "impactAnalysisJustification": { "type": "string", "title": "Impact Analysis Justification", "description": "The rationale of why the impact analysis state was asserted.", "enum": [ "code_not_present", "code_not_reachable", "requires_configuration", "requires_dependency", "requires_environment", "protected_by_compiler", "protected_at_runtime", "protected_at_perimeter", "protected_by_mitigating_control" ], "meta:enum": { "code_not_present": "The code has been removed or tree-shaked.", "code_not_reachable": "The vulnerable code is not invoked at runtime.", "requires_configuration": "Exploitability requires a configurable option to be set/unset.", "requires_dependency": "Exploitability requires a dependency that is not present.", "requires_environment": "Exploitability requires a certain environment which is not present.", "protected_by_compiler": "Exploitability requires a compiler flag to be set/unset.", "protected_at_runtime": "Exploits are prevented at runtime.", "protected_at_perimeter": "Attacks are blocked at physical, logical, or network perimeter.", "protected_by_mitigating_control": "Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability." } }, "rating": { "type": "object", "title": "Rating", "description": "Defines the severity or risk ratings of a vulnerability.", "additionalProperties": false, "properties": { "source": { "$ref": "#/definitions/vulnerabilitySource", "description": "The source that calculated the severity or risk rating of the vulnerability." }, "score": { "type": "number", "title": "Score", "description": "The numerical score of the rating." }, "severity": { "$ref": "#/definitions/severity", "description": "Textual representation of the severity that corresponds to the numerical score of the rating." }, "method": { "$ref": "#/definitions/scoreMethod" }, "vector": { "type": "string", "title": "Vector", "description": "Textual representation of the metric values used to score the vulnerability" }, "justification": { "type": "string", "title": "Justification", "description": "An optional reason for rating the vulnerability as it was" } } }, "vulnerabilitySource": { "type": "object", "title": "Source", "description": "The source of vulnerability information. This is often the organization that published the vulnerability.", "additionalProperties": false, "properties": { "url": { "type": "string", "title": "URL", "description": "The url of the vulnerability documentation as provided by the source.", "examples": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-39182" ] }, "name": { "type": "string", "title": "Name", "description": "The name of the source.", "examples": [ "NVD", "National Vulnerability Database", "OSS Index", "VulnDB", "GitHub Advisories" ] } } }, "vulnerability": { "type": "object", "title": "Vulnerability", "description": "Defines a weakness in a component or service that could be exploited or triggered by a threat source.", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "id": { "type": "string", "title": "ID", "description": "The identifier that uniquely identifies the vulnerability.", "examples": [ "CVE-2021-39182", "GHSA-35m5-8cvj-8783", "SNYK-PYTHON-ENROCRYPT-1912876" ] }, "source": { "$ref": "#/definitions/vulnerabilitySource", "description": "The source that published the vulnerability." }, "references": { "type": "array", "title": "References", "description": "Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence.", "items": { "type": "object", "required": [ "id", "source" ], "additionalProperties": false, "properties": { "id": { "type": "string", "title": "ID", "description": "An identifier that uniquely identifies the vulnerability.", "examples": [ "CVE-2021-39182", "GHSA-35m5-8cvj-8783", "SNYK-PYTHON-ENROCRYPT-1912876" ] }, "source": { "$ref": "#/definitions/vulnerabilitySource", "description": "The source that published the vulnerability." } } } }, "ratings": { "type": "array", "title": "Ratings", "description": "List of vulnerability ratings", "items": { "$ref": "#/definitions/rating" } }, "cwes": { "type": "array", "title": "CWEs", "description": "List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability.", "examples": [399], "items": { "$ref": "#/definitions/cwe" } }, "description": { "type": "string", "title": "Description", "description": "A description of the vulnerability as provided by the source." }, "detail": { "type": "string", "title": "Details", "description": "If available, an in-depth description of the vulnerability as provided by the source organization. Details often include information useful in understanding root cause." }, "recommendation": { "type": "string", "title": "Recommendation", "description": "Recommendations of how the vulnerability can be remediated or mitigated." }, "workaround": { "type": "string", "title": "Workarounds", "description": "A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or impact. Workarounds often involve changes to configuration or deployments." }, "proofOfConcept": { "type": "object", "title": "Proof of Concept", "description": "Evidence used to reproduce the vulnerability.", "properties": { "reproductionSteps": { "type": "string", "title": "Steps to Reproduce", "description": "Precise steps to reproduce the vulnerability." }, "environment": { "type": "string", "title": "Environment", "description": "A description of the environment in which reproduction was possible." }, "supportingMaterial": { "type": "array", "title": "Supporting Material", "description": "Supporting material that helps in reproducing or understanding how reproduction is possible. This may include screenshots, payloads, and PoC exploit code.", "items": { "$ref": "#/definitions/attachment" } } } }, "advisories": { "type": "array", "title": "Advisories", "description": "Published advisories of the vulnerability if provided.", "items": { "$ref": "#/definitions/advisory" } }, "created": { "type": "string", "format": "date-time", "title": "Created", "description": "The date and time (timestamp) when the vulnerability record was created in the vulnerability database." }, "published": { "type": "string", "format": "date-time", "title": "Published", "description": "The date and time (timestamp) when the vulnerability record was first published." }, "updated": { "type": "string", "format": "date-time", "title": "Updated", "description": "The date and time (timestamp) when the vulnerability record was last updated." }, "rejected": { "type": "string", "format": "date-time", "title": "Rejected", "description": "The date and time (timestamp) when the vulnerability record was rejected (if applicable)." }, "credits": { "type": "object", "title": "Credits", "description": "Individuals or organizations credited with the discovery of the vulnerability.", "additionalProperties": false, "properties": { "organizations": { "type": "array", "title": "Organizations", "description": "The organizations credited with vulnerability discovery.", "items": { "$ref": "#/definitions/organizationalEntity" } }, "individuals": { "type": "array", "title": "Individuals", "description": "The individuals, not associated with organizations, that are credited with vulnerability discovery.", "items": { "$ref": "#/definitions/organizationalContact" } } } }, "tools": { "title": "Tools", "description": "The tool(s) used to identify, confirm, or score the vulnerability.", "oneOf": [ { "type": "object", "title": "Tools", "description": "The tool(s) used to identify, confirm, or score the vulnerability.", "additionalProperties": false, "properties": { "components": { "type": "array", "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components used as tools." }, "services": { "type": "array", "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services used as tools. This may include microservices, function-as-a-service, and other types of network or intra-process services." } } }, { "type": "array", "title": "Tools (legacy)", "description": "[Deprecated] The tool(s) used to identify, confirm, or score the vulnerability.", "items": {"$ref": "#/definitions/tool"} } ] }, "analysis": { "type": "object", "title": "Impact Analysis", "description": "An assessment of the impact and exploitability of the vulnerability.", "additionalProperties": false, "properties": { "state": { "$ref": "#/definitions/impactAnalysisState" }, "justification": { "$ref": "#/definitions/impactAnalysisJustification" }, "response": { "type": "array", "title": "Response", "description": "A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable.", "items": { "type": "string", "enum": [ "can_not_fix", "will_not_fix", "update", "rollback", "workaround_available" ], "meta:enum": { "can_not_fix": "Can not fix", "will_not_fix": "Will not fix", "update": "Update to a different revision or release", "rollback": "Revert to a previous revision or release", "workaround_available": "There is a workaround available" } } }, "detail": { "type": "string", "title": "Detail", "description": "Detailed description of the impact including methods used during assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability." }, "firstIssued": { "type": "string", "format": "date-time", "title": "First Issued", "description": "The date and time (timestamp) when the analysis was first issued." }, "lastUpdated": { "type": "string", "format": "date-time", "title": "Last Updated", "description": "The date and time (timestamp) when the analysis was last updated." } } }, "affects": { "type": "array", "uniqueItems": true, "items": { "type": "object", "required": [ "ref" ], "additionalProperties": false, "properties": { "ref": { "anyOf": [ { "title": "Ref", "$ref": "#/definitions/refLinkType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ], "title": "Reference", "description": "References a component or service by the objects bom-ref" }, "versions": { "type": "array", "title": "Versions", "description": "Zero or more individual versions or range of versions.", "items": { "type": "object", "oneOf": [ { "required": ["version"] }, { "required": ["range"] } ], "additionalProperties": false, "properties": { "version": { "title": "Version", "description": "A single version of a component or service.", "$ref": "#/definitions/version" }, "range": { "title": "Version Range", "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst", "$ref": "#/definitions/versionRange" }, "status": { "title": "Status", "description": "The vulnerability status for the version or range of versions.", "$ref": "#/definitions/affectedStatus", "default": "affected" } } } } } }, "title": "Affects", "description": "The components or services that are affected by the vulnerability." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "affectedStatus": { "description": "The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.", "type": "string", "enum": [ "affected", "unaffected", "unknown" ], "meta:enum": { "affected": "The version is affected by the vulnerability.", "unaffected": "The version is not affected by the vulnerability.", "unknown": "It is unknown (or unspecified) whether the given version is affected." } }, "version": { "description": "A single disjunctive version identifier, for a component or service.", "type": "string", "maxLength": 1024, "examples": [ "9.0.14", "v1.33.7", "7.0.0-M1", "2.0pre1", "1.0.0-beta1", "0.8.15" ] }, "versionRange": { "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst", "type": "string", "minLength": 1, "maxLength": 4096, "examples": [ "vers:cargo/9.0.14", "vers:npm/1.2.3|>=2.0.0|<5.0.0", "vers:pypi/0.0.0|0.0.1|0.0.2|0.0.3|1.0|2.0pre1", "vers:tomee/>=1.0.0-beta1|<=1.7.5|>=7.0.0-M1|<=7.0.7|>=7.1.0|<=7.1.2|>=8.0.0-M1|<=8.0.1", "vers:gem/>=2.2.0|!= 2.2.1|<2.3.0" ] }, "range": { "deprecated": true, "description": "Deprecated definition. use definition `versionRange` instead.", "$ref": "#/definitions/versionRange" }, "annotations": { "type": "object", "title": "Annotations", "description": "A comment, note, explanation, or similar textual content which provides additional context to the object(s) being annotated.", "required": [ "subjects", "annotator", "timestamp", "text" ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "subjects": { "type": "array", "uniqueItems": true, "items": { "anyOf": [ { "title": "Ref", "$ref": "#/definitions/refLinkType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "title": "Subjects", "description": "The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs." }, "annotator": { "type": "object", "title": "Annotator", "description": "The organization, person, component, or service which created the textual content of the annotation.", "oneOf": [ { "required": [ "organization" ] }, { "required": [ "individual" ] }, { "required": [ "component" ] }, { "required": [ "service" ] } ], "additionalProperties": false, "properties": { "organization": { "description": "The organization that created the annotation", "$ref": "#/definitions/organizationalEntity" }, "individual": { "description": "The person that created the annotation", "$ref": "#/definitions/organizationalContact" }, "component": { "description": "The tool or component that created the annotation", "$ref": "#/definitions/component" }, "service": { "description": "The service that created the annotation", "$ref": "#/definitions/service" } } }, "timestamp": { "type": "string", "format": "date-time", "title": "Timestamp", "description": "The date and time (timestamp) when the annotation was created." }, "text": { "type": "string", "title": "Text", "description": "The textual content of the annotation." }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "modelCard": { "$comment": "Model card support in CycloneDX is derived from TensorFlow Model Card Toolkit released under the Apache 2.0 license and available from https://github.com/tensorflow/model-card-toolkit/blob/main/model_card_toolkit/schema/v0.0.2/model_card.schema.json. In addition, CycloneDX model card support includes portions of VerifyML, also released under the Apache 2.0 license and available from https://github.com/cylynx/verifyml/blob/main/verifyml/model_card_toolkit/schema/v0.0.4/model_card.schema.json.", "type": "object", "title": "Model Card", "description": "A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and must not be specified for other component types.", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "modelParameters": { "type": "object", "title": "Model Parameters", "description": "Hyper-parameters for construction of the model.", "additionalProperties": false, "properties": { "approach": { "type": "object", "title": "Approach", "description": "The overall approach to learning used by the model for problem solving.", "additionalProperties": false, "properties": { "type": { "type": "string", "title": "Learning Type", "description": "Learning types describing the learning problem or hybrid learning problem.", "enum": [ "supervised", "unsupervised", "reinforcement-learning", "semi-supervised", "self-supervised" ], "meta:enum": { "supervised": "Supervised machine learning involves training an algorithm on labeled data to predict or classify new data based on the patterns learned from the labeled examples.", "unsupervised": "Unsupervised machine learning involves training algorithms on unlabeled data to discover patterns, structures, or relationships without explicit guidance, allowing the model to identify inherent structures or clusters within the data.", "reinforcement-learning": "Reinforcement learning is a type of machine learning where an agent learns to make decisions by interacting with an environment to maximize cumulative rewards, through trial and error.", "semi-supervised": "Semi-supervised machine learning utilizes a combination of labeled and unlabeled data during training to improve model performance, leveraging the benefits of both supervised and unsupervised learning techniques.", "self-supervised": "Self-supervised machine learning involves training models to predict parts of the input data from other parts of the same data, without requiring external labels, enabling learning from large amounts of unlabeled data." } } } }, "task": { "type": "string", "title": "Task", "description": "Directly influences the input and/or output. Examples include classification, regression, clustering, etc." }, "architectureFamily": { "type": "string", "title": "Architecture Family", "description": "The model architecture family such as transformer network, convolutional neural network, residual neural network, LSTM neural network, etc." }, "modelArchitecture": { "type": "string", "title": "Model Architecture", "description": "The specific architecture of the model such as GPT-1, ResNet-50, YOLOv3, etc." }, "datasets": { "type": "array", "title": "Datasets", "description": "The datasets used to train and evaluate the model.", "items" : { "oneOf" : [ { "title": "Inline Data Information", "$ref": "#/definitions/componentData" }, { "type": "object", "title": "Data Reference", "additionalProperties": false, "properties": { "ref": { "anyOf": [ { "title": "Ref", "$ref": "#/definitions/refLinkType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ], "title": "Reference", "type": "string", "description": "References a data component by the components bom-ref attribute" } } } ] } }, "inputs": { "type": "array", "title": "Inputs", "description": "The input format(s) of the model", "items": { "$ref": "#/definitions/inputOutputMLParameters" } }, "outputs": { "type": "array", "title": "Outputs", "description": "The output format(s) from the model", "items": { "$ref": "#/definitions/inputOutputMLParameters" } } } }, "quantitativeAnalysis": { "type": "object", "title": "Quantitative Analysis", "description": "A quantitative analysis of the model", "additionalProperties": false, "properties": { "performanceMetrics": { "type": "array", "title": "Performance Metrics", "description": "The model performance metrics being reported. Examples may include accuracy, F1 score, precision, top-3 error rates, MSC, etc.", "items": { "$ref": "#/definitions/performanceMetric" } }, "graphics": { "$ref": "#/definitions/graphicsCollection" } } }, "considerations": { "type": "object", "title": "Considerations", "description": "What considerations should be taken into account regarding the model's construction, training, and application?", "additionalProperties": false, "properties": { "users": { "type": "array", "title": "Users", "description": "Who are the intended users of the model?", "items": { "type": "string" } }, "useCases": { "type": "array", "title": "Use Cases", "description": "What are the intended use cases of the model?", "items": { "type": "string" } }, "technicalLimitations": { "type": "array", "title": "Technical Limitations", "description": "What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?", "items": { "type": "string" } }, "performanceTradeoffs": { "type": "array", "title": "Performance Tradeoffs", "description": "What are the known tradeoffs in accuracy/performance of the model?", "items": { "type": "string" } }, "ethicalConsiderations": { "type": "array", "title": "Ethical Considerations", "description": "What are the ethical risks involved in the application of this model?", "items": { "$ref": "#/definitions/risk" } }, "environmentalConsiderations":{ "$ref": "#/definitions/environmentalConsiderations", "title": "Environmental Considerations", "description": "What are the various environmental impacts the corresponding machine learning model has exhibited across its lifecycle?" }, "fairnessAssessments": { "type": "array", "title": "Fairness Assessments", "description": "How does the model affect groups at risk of being systematically disadvantaged? What are the harms and benefits to the various affected groups?", "items": { "$ref": "#/definitions/fairnessAssessment" } } } }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} } } }, "inputOutputMLParameters": { "type": "object", "title": "Input and Output Parameters", "additionalProperties": false, "properties": { "format": { "title": "Input/Output Format", "description": "The data format for input/output to the model.", "type": "string", "examples": [ "string", "image", "time-series"] } } }, "componentData": { "type": "object", "additionalProperties": false, "required": [ "type" ], "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "type": { "type": "string", "title": "Type of Data", "description": "The general theme or subject matter of the data being specified.", "enum": [ "source-code", "configuration", "dataset", "definition", "other" ], "meta:enum": { "source-code": "Any type of code, code snippet, or data-as-code.", "configuration": "Parameters or settings that may be used by other components.", "dataset": "A collection of data.", "definition": "Data that can be used to create new instances of what the definition defines.", "other": "Any other type of data that does not fit into existing definitions." } }, "name": { "title": "Dataset Name", "description": "The name of the dataset.", "type": "string" }, "contents": { "type": "object", "title": "Data Contents", "description": "The contents or references to the contents of the data being described.", "additionalProperties": false, "properties": { "attachment": { "title": "Data Attachment", "description": "An optional way to include textual or encoded data.", "$ref": "#/definitions/attachment" }, "url": { "type": "string", "title": "Data URL", "description": "The URL to where the data can be retrieved.", "format": "iri-reference" }, "properties": { "type": "array", "title": "Configuration Properties", "description": "Provides the ability to document name-value parameters used for configuration.", "items": { "$ref": "#/definitions/property" } } } }, "classification": { "$ref": "#/definitions/dataClassification" }, "sensitiveData": { "type": "array", "title": "Sensitive Data", "description": "A description of any sensitive data in a dataset.", "items": { "type": "string" } }, "graphics": { "$ref": "#/definitions/graphicsCollection" }, "description": { "title": "Dataset Description", "description": "A description of the dataset. Can describe size of dataset, whether it's used for source code, training, testing, or validation, etc.", "type": "string" }, "governance": { "title": "Data Governance", "$ref": "#/definitions/dataGovernance" } } }, "dataGovernance": { "type": "object", "title": "Data Governance", "description": "Data governance captures information regarding data ownership, stewardship, and custodianship, providing insights into the individuals or entities responsible for managing, overseeing, and safeguarding the data throughout its lifecycle.", "additionalProperties": false, "properties": { "custodians": { "type": "array", "title": "Data Custodians", "description": "Data custodians are responsible for the safe custody, transport, and storage of data.", "items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" } }, "stewards": { "type": "array", "title": "Data Stewards", "description": "Data stewards are responsible for data content, context, and associated business rules.", "items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" } }, "owners": { "type": "array", "title": "Data Owners", "description": "Data owners are concerned with risk and appropriate access to data.", "items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" } } } }, "dataGovernanceResponsibleParty": { "type": "object", "additionalProperties": false, "properties": { "organization": { "title": "Organization", "description": "The organization that is responsible for specific data governance role(s).", "$ref": "#/definitions/organizationalEntity" }, "contact": { "title": "Individual", "description": "The individual that is responsible for specific data governance role(s).", "$ref": "#/definitions/organizationalContact" } }, "oneOf":[ { "required": ["organization"] }, { "required": ["contact"] } ] }, "graphicsCollection": { "type": "object", "title": "Graphics Collection", "description": "A collection of graphics that represent various measurements.", "additionalProperties": false, "properties": { "description": { "title": "Description", "description": "A description of this collection of graphics.", "type": "string" }, "collection": { "title": "Collection", "description": "A collection of graphics.", "type": "array", "items": { "$ref": "#/definitions/graphic" } } } }, "graphic": { "type": "object", "title": "Graphic", "additionalProperties": false, "properties": { "name": { "title": "Name", "description": "The name of the graphic.", "type": "string" }, "image": { "title": "Graphic Image", "description": "The graphic (vector or raster). Base64 encoding must be specified for binary images.", "$ref": "#/definitions/attachment" } } }, "performanceMetric": { "type": "object", "title": "Performance Metric", "additionalProperties": false, "properties": { "type": { "title": "Type", "description": "The type of performance metric.", "type": "string" }, "value": { "title": "Value", "description": "The value of the performance metric.", "type": "string" }, "slice": { "title": "Slice", "description": "The name of the slice this metric was computed on. By default, assume this metric is not sliced.", "type": "string" }, "confidenceInterval": { "title": "Confidence Interval", "description": "The confidence interval of the metric.", "type": "object", "additionalProperties": false, "properties": { "lowerBound": { "title": "Lower Bound", "description": "The lower bound of the confidence interval.", "type": "string" }, "upperBound": { "title": "Upper Bound", "description": "The upper bound of the confidence interval.", "type": "string" } } } } }, "risk": { "type": "object", "title": "Risk", "additionalProperties": false, "properties": { "name": { "title": "Name", "description": "The name of the risk.", "type": "string" }, "mitigationStrategy": { "title": "Mitigation Strategy", "description": "Strategy used to address this risk.", "type": "string" } } }, "fairnessAssessment": { "type": "object", "title": "Fairness Assessment", "description": "Information about the benefits and harms of the model to an identified at risk group.", "additionalProperties": false, "properties": { "groupAtRisk": { "type": "string", "title": "Group at Risk", "description": "The groups or individuals at risk of being systematically disadvantaged by the model." }, "benefits": { "type": "string", "title": "Benefits", "description": "Expected benefits to the identified groups." }, "harms": { "type": "string", "title": "Harms", "description": "Expected harms to the identified groups." }, "mitigationStrategy": { "type": "string", "title": "Mitigation Strategy", "description": "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented." } } }, "dataClassification": { "type": "string", "title": "Data Classification", "description": "Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed." }, "environmentalConsiderations": { "type": "object", "title": "Environmental Considerations", "description": "Describes various environmental impact metrics.", "additionalProperties": false, "properties": { "energyConsumptions": { "title": "Energy Consumptions", "description": "Describes energy consumption information incurred for one or more component lifecycle activities.", "type": "array", "items": { "$ref": "#/definitions/energyConsumption" } }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "energyConsumption": { "title": "Energy consumption", "description": "Describes energy consumption information incurred for the specified lifecycle activity.", "type": "object", "required": [ "activity", "energyProviders", "activityEnergyCost" ], "additionalProperties": false, "properties": { "activity": { "type": "string", "title": "Activity", "description": "The type of activity that is part of a machine learning model development or operational lifecycle.", "enum": [ "design", "data-collection", "data-preparation", "training", "fine-tuning", "validation", "deployment", "inference", "other" ], "meta:enum": { "design": "A model design including problem framing, goal definition and algorithm selection.", "data-collection": "Model data acquisition including search, selection and transfer.", "data-preparation": "Model data preparation including data cleaning, labeling and conversion.", "training": "Model building, training and generalized tuning.", "fine-tuning": "Refining a trained model to produce desired outputs for a given problem space.", "validation": "Model validation including model output evaluation and testing.", "deployment": "Explicit model deployment to a target hosting infrastructure.", "inference": "Generating an output response from a hosted model from a set of inputs.", "other": "A lifecycle activity type whose description does not match currently defined values." } }, "energyProviders": { "title": "Energy Providers", "description": "The provider(s) of the energy consumed by the associated model development lifecycle activity.", "type": "array", "items": { "$ref": "#/definitions/energyProvider" } }, "activityEnergyCost": { "title": "Activity Energy Cost", "description": "The total energy cost associated with the model lifecycle activity.", "$ref": "#/definitions/energyMeasure" }, "co2CostEquivalent": { "title": "CO2 Equivalent Cost", "description": "The CO2 cost (debit) equivalent to the total energy cost.", "$ref": "#/definitions/co2Measure" }, "co2CostOffset": { "title": "CO2 Cost Offset", "description": "The CO2 offset (credit) for the CO2 equivalent cost.", "$ref": "#/definitions/co2Measure" }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "energyMeasure": { "type": "object", "title": "Energy Measure", "description": "A measure of energy.", "required": [ "value", "unit" ], "additionalProperties": false, "properties": { "value": { "type": "number", "title": "Value", "description": "Quantity of energy." }, "unit": { "type": "string", "enum": [ "kWh" ], "title": "Unit", "description": "Unit of energy.", "meta:enum": { "kWh": "Kilowatt-hour (kWh) is the energy delivered by one kilowatt (kW) of power for one hour (h)." } } } }, "co2Measure": { "type": "object", "title": "CO2 Measure", "description": "A measure of carbon dioxide (CO2).", "required": [ "value", "unit" ], "additionalProperties": false, "properties": { "value": { "type": "number", "title": "Value", "description": "Quantity of carbon dioxide (CO2)." }, "unit": { "type": "string", "enum": [ "tCO2eq" ], "title": "Unit", "description": "Unit of carbon dioxide (CO2).", "meta:enum": { "tCO2eq": "Tonnes (t) of carbon dioxide (CO2) equivalent (eq)." } } } }, "energyProvider": { "type": "object", "title": "Energy Provider", "description": "Describes the physical provider of energy used for model development or operations.", "required": [ "organization", "energySource", "energyProvided" ], "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", "description": "An optional identifier which can be used to reference the energy provider elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "description": { "type": "string", "title": "Description", "description": "A description of the energy provider." }, "organization": { "type": "object", "title": "Organization", "description": "The organization that provides energy.", "$ref": "#/definitions/organizationalEntity" }, "energySource": { "type": "string", "enum": [ "coal", "oil", "natural-gas", "nuclear", "wind", "solar", "geothermal", "hydropower", "biofuel", "unknown", "other" ], "meta:enum": { "coal": "Energy produced by types of coal.", "oil": "Petroleum products (primarily crude oil and its derivative fuel oils).", "natural-gas": "Hydrocarbon gas liquids (HGL) that occur as gases at atmospheric pressure and as liquids under higher pressures including Natural gas (C5H12 and heavier), Ethane (C2H6), Propane (C3H8), etc.", "nuclear": "Energy produced from the cores of atoms (i.e., through nuclear fission or fusion).", "wind": "Energy produced from moving air.", "solar": "Energy produced from the sun (i.e., solar radiation).", "geothermal": "Energy produced from heat within the earth.", "hydropower": "Energy produced from flowing water.", "biofuel": "Liquid fuels produced from biomass feedstocks (i.e., organic materials such as plants or animals).", "unknown": "The energy source is unknown.", "other": "An energy source that is not listed." }, "title": "Energy Source", "description": "The energy source for the energy provider." }, "energyProvided": { "$ref": "#/definitions/energyMeasure", "title": "Energy Provided", "description": "The energy provided by the energy source for an associated activity." }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." } } }, "postalAddress": { "type": "object", "title": "Postal address", "description": "An address used to identify a contactable location.", "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", "description": "An optional identifier which can be used to reference the address elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "country": { "type": "string", "title": "Country", "description": "The country name or the two-letter ISO 3166-1 country code." }, "region": { "type": "string", "title": "Region", "description": "The region or state in the country.", "examples": [ "Texas" ] }, "locality": { "type": "string", "title": "Locality", "description": "The locality or city within the country.", "examples": [ "Austin" ] }, "postOfficeBoxNumber": { "type": "string", "title": "Post Office Box Number", "description": "The post office box number.", "examples": [ "901" ] }, "postalCode": { "type": "string", "title": "Postal Code", "description": "The postal code.", "examples": [ "78758" ] }, "streetAddress": { "type": "string", "title": "Street Address", "description": "The street address.", "examples": [ "100 Main Street" ] } } }, "formula": { "title": "Formula", "description": "Describes workflows and resources that captures rules and other aspects of how the associated BOM component or service was formed.", "type": "object", "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", "description": "An optional identifier which can be used to reference the formula elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "components": { "title": "Components", "description": "Transient components that are used in tasks that constitute one or more of this formula's workflows", "type": "array", "items": { "$ref": "#/definitions/component" }, "uniqueItems": true }, "services": { "title": "Services", "description": "Transient services that are used in tasks that constitute one or more of this formula's workflows", "type": "array", "items": { "$ref": "#/definitions/service" }, "uniqueItems": true }, "workflows": { "title": "Workflows", "description": "List of workflows that can be declared to accomplish specific orchestrated goals and independently triggered.", "$comment": "Different workflows can be designed to work together to perform end-to-end CI/CD builds and deployments.", "type": "array", "items": { "$ref": "#/definitions/workflow" }, "uniqueItems": true }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "workflow": { "title": "Workflow", "description": "A specialized orchestration task.", "$comment": "Workflow are as task themselves and can trigger other workflow tasks. These relationships can be modeled in the taskDependencies graph.", "type": "object", "required": [ "bom-ref", "uid", "taskTypes" ], "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", "description": "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { "title": "Unique Identifier (UID)", "description": "The unique identifier for the resource instance within its deployment context.", "type": "string" }, "name": { "title": "Name", "description": "The name of the resource instance.", "type": "string" }, "description": { "title": "Description", "description": "A description of the resource instance.", "type": "string" }, "resourceReferences": { "title": "Resource references", "description": "References to component or service resources that are used to realize the resource instance.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/resourceReferenceChoice" } }, "tasks": { "title": "Tasks", "description": "The tasks that comprise the workflow.", "$comment": "Note that tasks can appear more than once as different instances (by name or UID).", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/task" } }, "taskDependencies": { "title": "Task dependency graph", "description": "The graph of dependencies between tasks within the workflow.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/dependency" } }, "taskTypes": { "title": "Task types", "description": "Indicates the types of activities performed by the set of workflow tasks.", "$comment": "Currently, these types reflect common CI/CD actions.", "type": "array", "items": { "$ref": "#/definitions/taskType" } }, "trigger": { "title": "Trigger", "description": "The trigger that initiated the task.", "$ref": "#/definitions/trigger" }, "steps": { "title": "Steps", "description": "The sequence of steps for the task.", "type": "array", "items": { "$ref": "#/definitions/step" }, "uniqueItems": true }, "inputs": { "title": "Inputs", "description": "Represents resources and data brought into a task at runtime by executor or task commands", "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], "type": "array", "items": { "$ref": "#/definitions/inputType" }, "uniqueItems": true }, "outputs": { "title": "Outputs", "description": "Represents resources and data output from a task at runtime by executor or task commands", "examples": ["a log file or metrics data produced by the task"], "type": "array", "items": { "$ref": "#/definitions/outputType" }, "uniqueItems": true }, "timeStart": { "title": "Time start", "description": "The date and time (timestamp) when the task started.", "type": "string", "format": "date-time" }, "timeEnd": { "title": "Time end", "description": "The date and time (timestamp) when the task ended.", "type": "string", "format": "date-time" }, "workspaces": { "title": "Workspaces", "description": "A set of named filesystem or data resource shareable by workflow tasks.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/workspace" } }, "runtimeTopology": { "title": "Runtime topology", "description": "A graph of the component runtime topology for workflow's instance.", "$comment": "A description of the runtime component and service topology. This can describe a partial or complete topology used to host and execute the task (e.g., hardware, operating systems, configurations, etc.),", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/dependency" } }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "task": { "title": "Task", "description": "Describes the inputs, sequence of steps and resources used to accomplish a task and its output.", "$comment": "Tasks are building blocks for constructing assemble CI/CD workflows or pipelines.", "type": "object", "required": [ "bom-ref", "uid", "taskTypes" ], "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", "description": "An optional identifier which can be used to reference the task elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { "title": "Unique Identifier (UID)", "description": "The unique identifier for the resource instance within its deployment context.", "type": "string" }, "name": { "title": "Name", "description": "The name of the resource instance.", "type": "string" }, "description": { "title": "Description", "description": "A description of the resource instance.", "type": "string" }, "resourceReferences": { "title": "Resource references", "description": "References to component or service resources that are used to realize the resource instance.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/resourceReferenceChoice" } }, "taskTypes": { "title": "Task types", "description": "Indicates the types of activities performed by the set of workflow tasks.", "$comment": "Currently, these types reflect common CI/CD actions.", "type": "array", "items": { "$ref": "#/definitions/taskType" } }, "trigger": { "title": "Trigger", "description": "The trigger that initiated the task.", "$ref": "#/definitions/trigger" }, "steps": { "title": "Steps", "description": "The sequence of steps for the task.", "type": "array", "items": { "$ref": "#/definitions/step" }, "uniqueItems": true }, "inputs": { "title": "Inputs", "description": "Represents resources and data brought into a task at runtime by executor or task commands", "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], "type": "array", "items": { "$ref": "#/definitions/inputType" }, "uniqueItems": true }, "outputs": { "title": "Outputs", "description": "Represents resources and data output from a task at runtime by executor or task commands", "examples": ["a log file or metrics data produced by the task"], "type": "array", "items": { "$ref": "#/definitions/outputType" }, "uniqueItems": true }, "timeStart": { "title": "Time start", "description": "The date and time (timestamp) when the task started.", "type": "string", "format": "date-time" }, "timeEnd": { "title": "Time end", "description": "The date and time (timestamp) when the task ended.", "type": "string", "format": "date-time" }, "workspaces": { "title": "Workspaces", "description": "A set of named filesystem or data resource shareable by workflow tasks.", "type": "array", "items": { "$ref": "#/definitions/workspace" }, "uniqueItems": true }, "runtimeTopology": { "title": "Runtime topology", "description": "A graph of the component runtime topology for task's instance.", "$comment": "A description of the runtime component and service topology. This can describe a partial or complete topology used to host and execute the task (e.g., hardware, operating systems, configurations, etc.),", "type": "array", "items": { "$ref": "#/definitions/dependency" }, "uniqueItems": true }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "step": { "type": "object", "description": "Executes specific commands or tools in order to accomplish its owning task as part of a sequence.", "additionalProperties": false, "properties": { "name": { "title": "Name", "description": "A name for the step.", "type": "string" }, "description": { "title": "Description", "description": "A description of the step.", "type": "string" }, "commands": { "title": "Commands", "description": "Ordered list of commands or directives for the step", "type": "array", "items": { "$ref": "#/definitions/command" } }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "command": { "type": "object", "additionalProperties": false, "properties": { "executed": { "title": "Executed", "description": "A text representation of the executed command.", "type": "string" }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "workspace": { "title": "Workspace", "description": "A named filesystem or data resource shareable by workflow tasks.", "type": "object", "required": [ "bom-ref", "uid" ], "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", "description": "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { "title": "Unique Identifier (UID)", "description": "The unique identifier for the resource instance within its deployment context.", "type": "string" }, "name": { "title": "Name", "description": "The name of the resource instance.", "type": "string" }, "aliases": { "title": "Aliases", "description": "The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping so other tasks can use their own local name in their steps.", "type": "array", "items": {"type": "string"} }, "description": { "title": "Description", "description": "A description of the resource instance.", "type": "string" }, "resourceReferences": { "title": "Resource references", "description": "References to component or service resources that are used to realize the resource instance.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/resourceReferenceChoice" } }, "accessMode": { "title": "Access mode", "description": "Describes the read-write access control for the workspace relative to the owning resource instance.", "type": "string", "enum": [ "read-only", "read-write", "read-write-once", "write-once", "write-only" ] }, "mountPath": { "title": "Mount path", "description": "A path to a location on disk where the workspace will be available to the associated task's steps.", "type": "string" }, "managedDataType": { "title": "Managed data type", "description": "The name of a domain-specific data type the workspace represents.", "$comment": "This property is for CI/CD frameworks that are able to provide access to structured, managed data at a more granular level than a filesystem.", "examples": ["ConfigMap","Secret"], "type": "string" }, "volumeRequest": { "title": "Volume request", "description": "Identifies the reference to the request for a specific volume type and parameters.", "examples": ["a kubernetes Persistent Volume Claim (PVC) name"], "type": "string" }, "volume": { "title": "Volume", "description": "Information about the actual volume instance allocated to the workspace.", "$comment": "The actual volume allocated may be different than the request.", "examples": ["see https://kubernetes.io/docs/concepts/storage/persistent-volumes/"], "$ref": "#/definitions/volume" }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "volume": { "title": "Volume", "description": "An identifiable, logical unit of data storage tied to a physical device.", "type": "object", "additionalProperties": false, "properties": { "uid": { "title": "Unique Identifier (UID)", "description": "The unique identifier for the volume instance within its deployment context.", "type": "string" }, "name": { "title": "Name", "description": "The name of the volume instance", "type": "string" }, "mode": { "title": "Mode", "description": "The mode for the volume instance.", "type": "string", "enum": [ "filesystem", "block" ], "default": "filesystem" }, "path": { "title": "Path", "description": "The underlying path created from the actual volume.", "type": "string" }, "sizeAllocated": { "title": "Size allocated", "description": "The allocated size of the volume accessible to the associated workspace. This should include the scalar size as well as IEC standard unit in either decimal or binary form.", "examples": ["10GB", "2Ti", "1Pi"], "type": "string" }, "persistent": { "title": "Persistent", "description": "Indicates if the volume persists beyond the life of the resource it is associated with.", "type": "boolean" }, "remote": { "title": "Remote", "description": "Indicates if the volume is remotely (i.e., network) attached.", "type": "boolean" }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "trigger": { "title": "Trigger", "description": "Represents a resource that can conditionally activate (or fire) tasks based upon associated events and their data.", "type": "object", "additionalProperties": false, "required": [ "type", "bom-ref", "uid" ], "properties": { "bom-ref": { "title": "BOM Reference", "description": "An optional identifier which can be used to reference the trigger elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { "title": "Unique Identifier (UID)", "description": "The unique identifier for the resource instance within its deployment context.", "type": "string" }, "name": { "title": "Name", "description": "The name of the resource instance.", "type": "string" }, "description": { "title": "Description", "description": "A description of the resource instance.", "type": "string" }, "resourceReferences": { "title": "Resource references", "description": "References to component or service resources that are used to realize the resource instance.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/resourceReferenceChoice" } }, "type": { "title": "Type", "description": "The source type of event which caused the trigger to fire.", "type": "string", "enum": [ "manual", "api", "webhook", "scheduled" ] }, "event": { "title": "Event", "description": "The event data that caused the associated trigger to activate.", "$ref": "#/definitions/event" }, "conditions": { "type": "array", "title": "Conditions", "description": "A list of conditions used to determine if a trigger should be activated.", "uniqueItems": true, "items": { "$ref": "#/definitions/condition" } }, "timeActivated": { "title": "Time activated", "description": "The date and time (timestamp) when the trigger was activated.", "type": "string", "format": "date-time" }, "inputs": { "title": "Inputs", "description": "Represents resources and data brought into a task at runtime by executor or task commands", "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], "type": "array", "items": { "$ref": "#/definitions/inputType" }, "uniqueItems": true }, "outputs": { "title": "Outputs", "description": "Represents resources and data output from a task at runtime by executor or task commands", "examples": ["a log file or metrics data produced by the task"], "type": "array", "items": { "$ref": "#/definitions/outputType" }, "uniqueItems": true }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "event": { "title": "Event", "description": "Represents something that happened that may trigger a response.", "type": "object", "additionalProperties": false, "properties": { "uid": { "title": "Unique Identifier (UID)", "description": "The unique identifier of the event.", "type": "string" }, "description": { "title": "Description", "description": "A description of the event.", "type": "string" }, "timeReceived": { "title": "Time Received", "description": "The date and time (timestamp) when the event was received.", "type": "string", "format": "date-time" }, "data": { "title": "Data", "description": "Encoding of the raw event data.", "$ref": "#/definitions/attachment" }, "source": { "title": "Source", "description": "References the component or service that was the source of the event", "$ref": "#/definitions/resourceReferenceChoice" }, "target": { "title": "Target", "description": "References the component or service that was the target of the event", "$ref": "#/definitions/resourceReferenceChoice" }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "inputType": { "title": "Input type", "description": "Type that represents various input data types and formats.", "type": "object", "oneOf": [ { "required": [ "resource" ] }, { "required": [ "parameters" ] }, { "required": [ "environmentVars" ] }, { "required": [ "data" ] } ], "additionalProperties": false, "properties": { "source": { "title": "Source", "description": "A reference to the component or service that provided the input to the task (e.g., reference to a service with data flow value of `inbound`)", "examples": [ "source code repository", "database" ], "$ref": "#/definitions/resourceReferenceChoice" }, "target": { "title": "Target", "description": "A reference to the component or service that received or stored the input if not the task itself (e.g., a local, named storage workspace)", "examples": [ "workspace", "directory" ], "$ref": "#/definitions/resourceReferenceChoice" }, "resource": { "title": "Resource", "description": "A reference to an independent resource provided as an input to a task by the workflow runtime.", "examples": [ "a reference to a configuration file in a repository (i.e., a bom-ref)", "a reference to a scanning service used in a task (i.e., a bom-ref)" ], "$ref": "#/definitions/resourceReferenceChoice" }, "parameters": { "title": "Parameters", "description": "Inputs that have the form of parameters with names and values.", "type": "array", "uniqueItems": true, "items": { "$ref": "#/definitions/parameter" } }, "environmentVars": { "title": "Environment variables", "description": "Inputs that have the form of parameters with names and values.", "type": "array", "uniqueItems": true, "items": { "oneOf": [ { "$ref": "#/definitions/property" }, { "type": "string" } ] } }, "data": { "title": "Data", "description": "Inputs that have the form of data.", "$ref": "#/definitions/attachment" }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "outputType": { "type": "object", "oneOf": [ { "required": [ "resource" ] }, { "required": [ "environmentVars" ] }, { "required": [ "data" ] } ], "additionalProperties": false, "properties": { "type": { "title": "Type", "description": "Describes the type of data output.", "type": "string", "enum": [ "artifact", "attestation", "log", "evidence", "metrics", "other" ] }, "source": { "title": "Source", "description": "Component or service that generated or provided the output from the task (e.g., a build tool)", "$ref": "#/definitions/resourceReferenceChoice" }, "target": { "title": "Target", "description": "Component or service that received the output from the task (e.g., reference to an artifactory service with data flow value of `outbound`)", "examples": ["a log file described as an `externalReference` within its target domain."], "$ref": "#/definitions/resourceReferenceChoice" }, "resource": { "title": "Resource", "description": "A reference to an independent resource generated as output by the task.", "examples": [ "configuration file", "source code", "scanning service" ], "$ref": "#/definitions/resourceReferenceChoice" }, "data": { "title": "Data", "description": "Outputs that have the form of data.", "$ref": "#/definitions/attachment" }, "environmentVars": { "title": "Environment variables", "description": "Outputs that have the form of environment variables.", "type": "array", "items": { "oneOf": [ { "$ref": "#/definitions/property" }, { "type": "string" } ] }, "uniqueItems": true }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "resourceReferenceChoice": { "title": "Resource reference choice", "description": "A reference to a locally defined resource (e.g., a bom-ref) or an externally accessible resource.", "$comment": "Enables reference to a resource that participates in a workflow; using either internal (bom-ref) or external (externalReference) types.", "type": "object", "additionalProperties": false, "properties": { "ref": { "title": "BOM Reference", "description": "References an object by its bom-ref attribute", "anyOf": [ { "title": "Ref", "$ref": "#/definitions/refLinkType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "externalReference": { "title": "External reference", "description": "Reference to an externally accessible resource.", "$ref": "#/definitions/externalReference" } }, "oneOf": [ { "required": [ "ref" ] }, { "required": [ "externalReference" ] } ] }, "condition": { "title": "Condition", "description": "A condition that was used to determine a trigger should be activated.", "type": "object", "additionalProperties": false, "properties": { "description": { "title": "Description", "description": "Describes the set of conditions which cause the trigger to activate.", "type": "string" }, "expression": { "title": "Expression", "description": "The logical expression that was evaluated that determined the trigger should be fired.", "type": "string" }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } } } }, "taskType": { "type": "string", "enum": [ "copy", "clone", "lint", "scan", "merge", "build", "test", "deliver", "deploy", "release", "clean", "other" ], "meta:enum": { "copy": "A task that copies software or data used to accomplish other tasks in the workflow.", "clone": "A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step.", "lint": "A task that checks source code for programmatic and stylistic errors.", "scan": "A task that performs a scan against source code, or built or deployed components and services. Scans are typically run to gather or test for security vulnerabilities or policy compliance.", "merge": "A task that merges changes or fixes into source code prior to a build step in the workflow.", "build": "A task that builds the source code, dependencies and/or data into an artifact that can be deployed to and executed on target systems.", "test": "A task that verifies the functionality of a component or service.", "deliver": "A task that delivers a built artifact to one or more target repositories or storage systems.", "deploy": "A task that deploys a built artifact for execution on one or more target systems.", "release": "A task that releases a built, versioned artifact to a target repository or distribution system.", "clean": "A task that cleans unnecessary tools, build artifacts and/or data from workflow storage.", "other": "A workflow task that does not match current task type definitions." } }, "parameter": { "title": "Parameter", "description": "A representation of a functional parameter.", "type": "object", "additionalProperties": false, "properties": { "name": { "title": "Name", "description": "The name of the parameter.", "type": "string" }, "value": { "title": "Value", "description": "The value of the parameter.", "type": "string" }, "dataType": { "title": "Data type", "description": "The data type of the parameter.", "type": "string" } } }, "componentIdentityEvidence": { "type": "object", "title": "Identity Evidence", "description": "Evidence that substantiates the identity of a component.", "required": [ "field" ], "additionalProperties": false, "properties": { "field": { "type": "string", "enum": [ "group", "name", "version", "purl", "cpe", "omniborId", "swhid", "swid", "hash" ], "title": "Field", "description": "The identity field of the component which the evidence describes." }, "confidence": { "type": "number", "minimum": 0, "maximum": 1, "title": "Confidence", "description": "The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence." }, "concludedValue": { "type": "string", "title": "Concluded Value", "description": "The value of the field (cpe, purl, etc) that has been concluded based on the aggregate of all methods (if available)." }, "methods": { "type": "array", "title": "Methods", "description": "The methods used to extract and/or analyze the evidence.", "items": { "type": "object", "required": [ "technique" , "confidence" ], "additionalProperties": false, "properties": { "technique": { "title": "Technique", "description": "The technique used in this method of analysis.", "type": "string", "enum": [ "source-code-analysis", "binary-analysis", "manifest-analysis", "ast-fingerprint", "hash-comparison", "instrumentation", "dynamic-analysis", "filename", "attestation", "other" ] }, "confidence": { "type": "number", "minimum": 0, "maximum": 1, "title": "Confidence", "description": "The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is specific to the technique used. Each technique of analysis can have independent confidence." }, "value": { "type": "string", "title": "Value", "description": "The value or contents of the evidence." } } } }, "tools": { "type": "array", "uniqueItems": true, "items": { "anyOf": [ { "title": "Ref", "$ref": "#/definitions/refLinkType" }, { "title": "BOM-Link Element", "$ref": "#/definitions/bomLinkElementType" } ] }, "title": "BOM References", "description": "The object in the BOM identified by its bom-ref. This is often a component or service but may be any object type supporting bom-refs. Tools used for analysis should already be defined in the BOM, either in the metadata/tools, components, or formulation." } } }, "standard": { "type": "object", "title": "Standard", "description": "A standard may consist of regulations, industry or organizational-specific standards, maturity models, best practices, or any other requirements which can be evaluated against or attested to.", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "name": { "type": "string", "title": "Name", "description": "The name of the standard. This will often be a shortened, single name of the standard." }, "version": { "type": "string", "title": "Version", "description": "The version of the standard." }, "description": { "type": "string", "title": "Description", "description": "The description of the standard." }, "owner": { "type": "string", "title": "Owner", "description": "The owner of the standard, often the entity responsible for its release." }, "requirements": { "type": "array", "title": "Requirements", "description": "The list of requirements comprising the standard.", "items": { "type": "object", "title": "Requirement", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "identifier": { "type": "string", "title": "Identifier", "description": "The unique identifier used in the standard to identify a specific requirement. This should match what is in the standard and should not be the requirements bom-ref." }, "title": { "type": "string", "title": "Title", "description": "The title of the requirement." }, "text": { "type": "string", "title": "Text", "description": "The textual content of the requirement." }, "descriptions": { "type": "array", "title": "Descriptions", "description": "The supplemental text that provides additional guidance or context to the requirement, but is not directly part of the requirement.", "items": { "type": "string" } }, "openCre": { "type": "array", "title": "OWASP OpenCRE Identifier(s)", "description": "The Common Requirements Enumeration (CRE) identifier(s). CRE is a structured and standardized framework for uniting security standards and guidelines. CRE links each section of a resource to a shared topic identifier (a Common Requirement). Through this shared topic link, all resources map to each other. Use of CRE promotes clear and unambiguous communication among stakeholders.", "items": { "type": "string", "pattern": "^CRE:[0-9]+-[0-9]+$", "examples": [ "CRE:764-507" ] } }, "parent": { "$ref": "#/definitions/refLinkType", "title": "Parent BOM Reference", "description": "The optional `bom-ref` to a parent requirement. This establishes a hierarchy of requirements. Top-level requirements must not define a parent. Only child requirements should define parents." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." } } } }, "levels": { "type": "array", "title": "Levels", "description": "The list of levels associated with the standard. Some standards have different levels of compliance.", "items": { "type": "object", "title": "Level", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "identifier": { "type": "string", "title": "Identifier", "description": "The identifier used in the standard to identify a specific level." }, "title": { "type": "string", "title": "Title", "description": "The title of the level." }, "description": { "type": "string", "title": "Description", "description": "The description of the level." }, "requirements": { "type": "array", "title": "Requirements", "description": "The list of requirement `bom-ref`s that comprise the level.", "items": { "$ref": "#/definitions/refLinkType" } } } } }, "externalReferences": { "type": "array", "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } }, "signature": { "$ref": "jsf-0.82.SNAPSHOT.schema.json#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." }, "cryptoProperties": { "type": "object", "title": "Cryptographic Properties", "description": "Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) are only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference.", "additionalProperties": false, "required": [ "assetType" ], "properties": { "assetType": { "type": "string", "title": "Asset Type", "description": "Cryptographic assets occur in several forms. Algorithms and protocols are most commonly implemented in specialized cryptographic libraries. They may, however, also be 'hardcoded' in software components. Certificates and related cryptographic material like keys, tokens, secrets or passwords are other cryptographic assets to be modelled.", "enum": [ "algorithm", "certificate", "protocol", "related-crypto-material" ], "meta:enum": { "algorithm": "Mathematical function commonly used for data encryption, authentication, and digital signatures.", "certificate": "An electronic document that is used to provide the identity or validate a public key.", "protocol": "A set of rules and guidelines that govern the behavior and communication with each other.", "related-crypto-material": "Other cryptographic assets related to algorithms, certificates, and protocols such as keys and tokens." } }, "algorithmProperties": { "type": "object", "title": "Algorithm Properties", "description": "Additional properties specific to a cryptographic algorithm.", "additionalProperties": false, "properties": { "primitive": { "type": "string", "title": "primitive", "description": "Cryptographic building blocks used in higher-level cryptographic systems and protocols. Primitives represent different cryptographic routines: deterministic random bit generators (drbg, e.g. CTR_DRBG from NIST SP800-90A-r1), message authentication codes (mac, e.g. HMAC-SHA-256), blockciphers (e.g. AES), streamciphers (e.g. Salsa20), signatures (e.g. ECDSA), hash functions (e.g. SHA-256), public-key encryption schemes (pke, e.g. RSA), extended output functions (xof, e.g. SHAKE256), key derivation functions (e.g. pbkdf2), key agreement algorithms (e.g. ECDH), key encapsulation mechanisms (e.g. ML-KEM), authenticated encryption (ae, e.g. AES-GCM) and the combination of multiple algorithms (combiner, e.g. SP800-56Cr2).", "enum": [ "drbg", "mac", "block-cipher", "stream-cipher", "signature", "hash", "pke", "xof", "kdf", "key-agree", "kem", "ae", "combiner", "other", "unknown" ], "meta:enum": { "drbg": "Deterministic Random Bit Generator (DRBG) is a type of pseudorandom number generator designed to produce a sequence of bits from an initial seed value. DRBGs are commonly used in cryptographic applications where reproducibility of random values is important.", "mac": "In cryptography, a Message Authentication Code (MAC) is information used for authenticating and integrity-checking a message.", "block-cipher": "A block cipher is a symmetric key algorithm that operates on fixed-size blocks of data. It encrypts or decrypts the data in block units, providing confidentiality. Block ciphers are widely used in various cryptographic modes and protocols for secure data transmission.", "stream-cipher": "A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream).", "signature": "In cryptography, a signature is a digital representation of a message or data that proves its origin, identity, and integrity. Digital signatures are generated using cryptographic algorithms and are widely used for authentication and verification in secure communication.", "hash": "A hash function is a mathematical algorithm that takes an input (or 'message') and produces a fixed-size string of characters, which is typically a hash value. Hash functions are commonly used in various cryptographic applications, including data integrity verification and password hashing.", "pke": "Public Key Encryption (PKE) is a type of encryption that uses a pair of public and private keys for secure communication. The public key is used for encryption, while the private key is used for decryption. PKE is a fundamental component of public-key cryptography.", "xof": "An XOF is an extendable output function that can take arbitrary input and creates a stream of output, up to a limit determined by the size of the internal state of the hash function that underlies the XOF.", "kdf": "A Key Derivation Function (KDF) derives key material from another source of entropy while preserving the entropy of the input.", "key-agree": "In cryptography, a key-agreement is a protocol whereby two or more parties agree on a cryptographic key in such a way that both influence the outcome.", "kem": "A Key Encapsulation Mechanism (KEM) algorithm is a mechanism for transporting random keying material to a recipient using the recipient's public key.", "ae": "Authenticated Encryption (AE) is a cryptographic process that provides both confidentiality and data integrity. It ensures that the encrypted data has not been tampered with and comes from a legitimate source. AE is commonly used in secure communication protocols.", "combiner": "A combiner aggregates many candidates for a cryptographic primitive and generates a new candidate for the same primitive.", "other": "Another primitive type.", "unknown": "The primitive is not known." } }, "parameterSetIdentifier": { "type": "string", "title": "Parameter Set Identifier", "description": "An identifier for the parameter set of the cryptographic algorithm. Examples: in AES128, '128' identifies the key length in bits, in SHA256, '256' identifies the digest length, '128' in SHAKE128 identifies its maximum security level in bits, and 'SHA2-128s' identifies a parameter set used in SLH-DSA (FIPS205)." }, "curve": { "type": "string", "title": "Elliptic Curve", "description": "The specific underlying Elliptic Curve (EC) definition employed which is an indicator of the level of security strength, performance and complexity. Absent an authoritative source of curve names, CycloneDX recommends using curve names as defined at [https://neuromancer.sk/std/](https://neuromancer.sk/std/), the source of which can be found at [https://github.com/J08nY/std-curves](https://github.com/J08nY/std-curves)." }, "executionEnvironment": { "type": "string", "title": "Execution Environment", "description": "The target and execution environment in which the algorithm is implemented in.", "enum": [ "software-plain-ram", "software-encrypted-ram", "software-tee", "hardware", "other", "unknown" ], "meta:enum": { "software-plain-ram": "A software implementation running in plain unencrypted RAM.", "software-encrypted-ram": "A software implementation running in encrypted RAM.", "software-tee": "A software implementation running in a trusted execution environment.", "hardware": "A hardware implementation.", "other": "Another implementation environment.", "unknown": "The execution environment is not known." } }, "implementationPlatform": { "type": "string", "title": "Implementation platform", "description": "The target platform for which the algorithm is implemented. The implementation can be 'generic', running on any platform or for a specific platform.", "enum": [ "generic", "x86_32", "x86_64", "armv7-a", "armv7-m", "armv8-a", "armv8-m", "armv9-a", "armv9-m", "s390x", "ppc64", "ppc64le", "other", "unknown" ] }, "certificationLevel": { "type": "array", "title": "Certification Level", "description": "The certification that the implementation of the cryptographic algorithm has received, if any. Certifications include revisions and levels of FIPS 140 or Common Criteria of different Extended Assurance Levels (CC-EAL).", "items": { "type": "string", "enum": [ "none", "fips140-1-l1", "fips140-1-l2", "fips140-1-l3", "fips140-1-l4", "fips140-2-l1", "fips140-2-l2", "fips140-2-l3", "fips140-2-l4", "fips140-3-l1", "fips140-3-l2", "fips140-3-l3", "fips140-3-l4", "cc-eal1", "cc-eal1+", "cc-eal2", "cc-eal2+", "cc-eal3", "cc-eal3+", "cc-eal4", "cc-eal4+", "cc-eal5", "cc-eal5+", "cc-eal6", "cc-eal6+", "cc-eal7", "cc-eal7+", "other", "unknown" ], "meta:enum": { "none": "No certification obtained", "fips140-1-l1": "FIPS 140-1 Level 1", "fips140-1-l2": "FIPS 140-1 Level 2", "fips140-1-l3": "FIPS 140-1 Level 3", "fips140-1-l4": "FIPS 140-1 Level 4", "fips140-2-l1": "FIPS 140-2 Level 1", "fips140-2-l2": "FIPS 140-2 Level 2", "fips140-2-l3": "FIPS 140-2 Level 3", "fips140-2-l4": "FIPS 140-2 Level 4", "fips140-3-l1": "FIPS 140-3 Level 1", "fips140-3-l2": "FIPS 140-3 Level 2", "fips140-3-l3": "FIPS 140-3 Level 3", "fips140-3-l4": "FIPS 140-3 Level 4", "cc-eal1": "Common Criteria - Evaluation Assurance Level 1", "cc-eal1+": "Common Criteria - Evaluation Assurance Level 1 (Augmented)", "cc-eal2": "Common Criteria - Evaluation Assurance Level 2", "cc-eal2+": "Common Criteria - Evaluation Assurance Level 2 (Augmented)", "cc-eal3": "Common Criteria - Evaluation Assurance Level 3", "cc-eal3+": "Common Criteria - Evaluation Assurance Level 3 (Augmented)", "cc-eal4": "Common Criteria - Evaluation Assurance Level 4", "cc-eal4+": "Common Criteria - Evaluation Assurance Level 4 (Augmented)", "cc-eal5": "Common Criteria - Evaluation Assurance Level 5", "cc-eal5+": "Common Criteria - Evaluation Assurance Level 5 (Augmented)", "cc-eal6": "Common Criteria - Evaluation Assurance Level 6", "cc-eal6+": "Common Criteria - Evaluation Assurance Level 6 (Augmented)", "cc-eal7": "Common Criteria - Evaluation Assurance Level 7", "cc-eal7+": "Common Criteria - Evaluation Assurance Level 7 (Augmented)", "other": "Another certification", "unknown": "The certification level is not known" } } }, "mode": { "type": "string", "title": "Mode", "description": "The mode of operation in which the cryptographic algorithm (block cipher) is used.", "enum": [ "cbc", "ecb", "ccm", "gcm", "cfb", "ofb", "ctr", "other", "unknown" ], "meta:enum": { "cbc": "Cipher block chaining", "ecb": "Electronic codebook", "ccm": "Counter with cipher block chaining message authentication code", "gcm": "Galois/counter", "cfb": "Cipher feedback", "ofb": "Output feedback", "ctr": "Counter", "other": "Another mode of operation", "unknown": "The mode of operation is not known" } }, "padding": { "type": "string", "title": "Padding", "description": "The padding scheme that is used for the cryptographic algorithm.", "enum": [ "pkcs5", "pkcs7", "pkcs1v15", "oaep", "raw", "other", "unknown" ], "meta:enum": { "pkcs5": "Public Key Cryptography Standard: Password-Based Cryptography", "pkcs7": "Public Key Cryptography Standard: Cryptographic Message Syntax", "pkcs1v15": "Public Key Cryptography Standard: RSA Cryptography v1.5", "oaep": "Optimal asymmetric encryption padding", "raw": "Raw", "other": "Another padding scheme", "unknown": "The padding scheme is not known" } }, "cryptoFunctions": { "type": "array", "title": "Cryptographic functions", "description": "The cryptographic functions implemented by the cryptographic algorithm.", "items": { "type": "string", "enum": [ "generate", "keygen", "encrypt", "decrypt", "digest", "tag", "keyderive", "sign", "verify", "encapsulate", "decapsulate", "other", "unknown" ] } }, "classicalSecurityLevel": { "type": "integer", "title": "classical security level", "description": "The classical security level that a cryptographic algorithm provides (in bits).", "minimum": 0 }, "nistQuantumSecurityLevel": { "type": "integer", "title": "NIST security strength category", "description": "The NIST security strength category as defined in https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria). A value of 0 indicates that none of the categories are met.", "minimum": 0, "maximum": 6 } } }, "certificateProperties": { "type": "object", "title": "Certificate Properties", "description": "Properties for cryptographic assets of asset type 'certificate'", "additionalProperties": false, "properties": { "subjectName": { "type": "string", "title": "Subject Name", "description": "The subject name for the certificate" }, "issuerName": { "type": "string", "title": "Issuer Name", "description": "The issuer name for the certificate" }, "notValidBefore": { "type": "string", "format": "date-time", "title": "Not Valid Before", "description": "The date and time according to ISO-8601 standard from which the certificate is valid" }, "notValidAfter": { "type": "string", "format": "date-time", "title": "Not Valid After", "description": "The date and time according to ISO-8601 standard from which the certificate is not valid anymore" }, "signatureAlgorithmRef": { "$ref": "#/definitions/refType", "title": "Algorithm Reference", "description": "The bom-ref to signature algorithm used by the certificate" }, "subjectPublicKeyRef": { "$ref": "#/definitions/refType", "title": "Key reference", "description": "The bom-ref to the public key of the subject" }, "certificateFormat": { "type": "string", "title": "Certificate Format", "description": "The format of the certificate", "examples": [ "X.509", "PEM", "DER", "CVC" ] }, "certificateExtension": { "type": "string", "title": "Certificate File Extension", "description": "The file extension of the certificate", "examples": [ "crt", "pem", "cer", "der", "p12" ] } } }, "relatedCryptoMaterialProperties": { "type": "object", "title": "Related Cryptographic Material Properties", "description": "Properties for cryptographic assets of asset type: `related-crypto-material`", "additionalProperties": false, "properties": { "type": { "type": "string", "title": "relatedCryptoMaterialType", "description": "The type for the related cryptographic material", "enum": [ "private-key", "public-key", "secret-key", "key", "ciphertext", "signature", "digest", "initialization-vector", "nonce", "seed", "salt", "shared-secret", "tag", "additional-data", "password", "credential", "token", "other", "unknown" ], "meta:enum": { "private-key": "The confidential key of a key pair used in asymmetric cryptography.", "public-key": "The non-confidential key of a key pair used in asymmetric cryptography.", "secret-key": "A key used to encrypt and decrypt messages in symmetric cryptography.", "key": "A piece of information, usually an octet string, which, when processed through a cryptographic algorithm, processes cryptographic data.", "ciphertext": "The result of encryption performed on plaintext using an algorithm (or cipher).", "signature": "A cryptographic value that is calculated from the data and a key known only by the signer.", "digest": "The output of the hash function.", "initialization-vector": "A fixed-size random or pseudo-random value used as an input parameter for cryptographic algorithms.", "nonce": "A random or pseudo-random number that can only be used once in a cryptographic communication.", "seed": "The input to a pseudo-random number generator. Different seeds generate different pseudo-random sequences.", "salt": "A value used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an attacker.", "shared-secret": "A piece of data known only to the parties involved, in a secure communication.", "tag": "A message authentication code (MAC), sometimes known as an authentication tag, is a short piece of information used for authenticating and integrity-checking a message.", "additional-data": "An unspecified collection of data with relevance to cryptographic activity.", "password": "A secret word, phrase, or sequence of characters used during authentication or authorization.", "credential": "Establishes the identity of a party to communication, usually in the form of cryptographic keys or passwords.", "token": "An object encapsulating a security identity.", "other": "Another type of cryptographic asset.", "unknown": "The type of cryptographic asset is not known." } }, "id": { "type": "string", "title": "ID", "description": "The optional unique identifier for the related cryptographic material." }, "state": { "type": "string", "title": "State", "description": "The key state as defined by NIST SP 800-57.", "enum": [ "pre-activation", "active", "suspended", "deactivated", "compromised", "destroyed" ] }, "algorithmRef": { "$ref": "#/definitions/refType", "title": "Algorithm Reference", "description": "The bom-ref to the algorithm used to generate the related cryptographic material." }, "creationDate": { "type": "string", "format": "date-time", "title": "Creation Date", "description": "The date and time (timestamp) when the related cryptographic material was created." }, "activationDate": { "type": "string", "format": "date-time", "title": "Activation Date", "description": "The date and time (timestamp) when the related cryptographic material was activated." }, "updateDate": { "type": "string", "format": "date-time", "title": "Update Date", "description": "The date and time (timestamp) when the related cryptographic material was updated." }, "expirationDate": { "type": "string", "format": "date-time", "title": "Expiration Date", "description": "The date and time (timestamp) when the related cryptographic material expires." }, "value": { "type": "string", "title": "Value", "description": "The associated value of the cryptographic material." }, "size": { "type": "integer", "title": "Size", "description": "The size of the cryptographic asset (in bits)." }, "format": { "type": "string", "title": "Format", "description": "The format of the related cryptographic material (e.g. P8, PEM, DER)." }, "securedBy": { "$ref": "#/definitions/securedBy", "title": "Secured By", "description": "The mechanism by which the cryptographic asset is secured by." } } }, "protocolProperties": { "type": "object", "title": "Protocol Properties", "description": "Properties specific to cryptographic assets of type: `protocol`.", "additionalProperties": false, "properties": { "type": { "type": "string", "title": "Type", "description": "The concrete protocol type.", "enum": [ "tls", "ssh", "ipsec", "ike", "sstp", "wpa", "other", "unknown" ], "meta:enum": { "tls": "Transport Layer Security", "ssh": "Secure Shell", "ipsec": "Internet Protocol Security", "ike": "Internet Key Exchange", "sstp": "Secure Socket Tunneling Protocol", "wpa": "Wi-Fi Protected Access", "other": "Another protocol type", "unknown": "The protocol type is not known" } }, "version": { "type": "string", "title": "Protocol Version", "description": "The version of the protocol.", "examples": [ "1.0", "1.2", "1.99" ] }, "cipherSuites": { "type": "array", "title": "Cipher Suites", "description": "A list of cipher suites related to the protocol.", "items": { "$ref": "#/definitions/cipherSuite", "title": "Cipher Suite" } }, "ikev2TransformTypes": { "type": "object", "title": "IKEv2 Transform Types", "description": "The IKEv2 transform types supported (types 1-4), defined in [RFC 7296 section 3.3.2](https://www.ietf.org/rfc/rfc7296.html#section-3.3.2), and additional properties.", "additionalProperties": false, "properties": { "encr": { "$ref": "#/definitions/cryptoRefArray", "title": "Encryption Algorithm (ENCR)", "description": "Transform Type 1: encryption algorithms" }, "prf": { "$ref": "#/definitions/cryptoRefArray", "title": "Pseudorandom Function (PRF)", "description": "Transform Type 2: pseudorandom functions" }, "integ": { "$ref": "#/definitions/cryptoRefArray", "title": "Integrity Algorithm (INTEG)", "description": "Transform Type 3: integrity algorithms" }, "ke": { "$ref": "#/definitions/cryptoRefArray", "title": "Key Exchange Method (KE)", "description": "Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H)." }, "esn": { "type": "boolean", "title": "Extended Sequence Numbers (ESN)", "description": "Specifies if an Extended Sequence Number (ESN) is used." }, "auth": { "$ref": "#/definitions/cryptoRefArray", "title": "IKEv2 Authentication method", "description": "IKEv2 Authentication method" } } }, "cryptoRefArray": { "$ref": "#/definitions/cryptoRefArray", "title": "Cryptographic References", "description": "A list of protocol-related cryptographic assets" } } }, "oid": { "type": "string", "title": "OID", "description": "The object identifier (OID) of the cryptographic asset." } } }, "cipherSuite": { "type": "object", "title": "Cipher Suite", "description": "Object representing a cipher suite", "additionalProperties": false, "properties": { "name": { "type": "string", "title": "Common Name", "description": "A common name for the cipher suite.", "examples": [ "TLS_DHE_RSA_WITH_AES_128_CCM" ] }, "algorithms": { "type": "array", "title": "Related Algorithms", "description": "A list of algorithms related to the cipher suite.", "items": { "$ref": "#/definitions/refType", "title": "Algorithm reference", "description": "The bom-ref to algorithm cryptographic asset." } }, "identifiers": { "type": "array", "title": "Cipher Suite Identifiers", "description": "A list of common identifiers for the cipher suite.", "items": { "type": "string", "title": "identifier", "description": "Cipher suite identifier", "examples": [ "0xC0", "0x9E" ] } } } }, "cryptoRefArray" : { "type": "array", "items": { "$ref": "#/definitions/refType" } }, "securedBy": { "type": "object", "title": "Secured By", "description": "Specifies the mechanism by which the cryptographic asset is secured by", "additionalProperties": false, "properties": { "mechanism": { "type": "string", "title": "Mechanism", "description": "Specifies the mechanism by which the cryptographic asset is secured by.", "examples": [ "HSM", "TPM", "SGX", "Software", "None" ] }, "algorithmRef": { "$ref": "#/definitions/refType", "title": "Algorithm Reference", "description": "The bom-ref to the algorithm." } } }, "tags": { "type": "array", "items": { "type": "string" }, "title": "Tags", "description": "Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes.", "examples": [ "json-parser", "object-persistence", "text-to-image", "translation", "object-detection" ] } } } cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd000066400000000000000000017226101476011761300250300ustar00rootroot00000000000000 CycloneDX Bill of Materials Standard https://cyclonedx.org/ Apache License, Version 2.0 Identifier for referable and therefore interlink-able elements. Descriptor for an element identified by the attribute "bom-ref" in the same BOM document. In contrast to `bomLinkElementType`. =2.0.0|<5.0.0" - "vers:pypi/0.0.0|0.0.1|0.0.2|0.0.3|1.0|2.0pre1" - "vers:tomee/>=1.0.0-beta1|<=1.7.5|>=7.0.0-M1|<=7.0.7|>=7.1.0|<=7.1.2|>=8.0.0-M1|<=8.0.1" - "vers:gem/>=2.2.0|!= 2.2.1|<2.3.0" ]]> Descriptor for another BOM document. See https://cyclonedx.org/capabilities/bomlink/ Descriptor for an element in another BOM document. See https://cyclonedx.org/capabilities/bomlink/ The date and time (timestamp) when the BOM was created. Lifecycles communicate the stage(s) in which data in the BOM was captured. Different types of data may be available at various phases of a lifecycle, such as the Software Development Lifecycle (SDLC), IT Asset Management (ITAM), and Software Asset Management (SAM). Thus, a BOM may include data specific to or only obtainable in a given lifecycle. A pre-defined phase in the product lifecycle. The name of the lifecycle phase The description of the lifecycle phase The tool(s) used in the creation of the BOM. DEPRECATED. Use tools\components or tools\services instead. A list of software and hardware components used as tools. A list of services used as tools. The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may have './manufacturer' instead. The component that the BOM describes. The organization that created the BOM. Manufacturer is common in BOMs created through automated processes. BOMs created through manual means may have './authors' instead. DEPRECATED - DO NOT USE. This will be removed in a future version. Use the `./component/manufacturer` instead. The organization that manufactured the component that the BOM describes. The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager. The license information for the BOM document. This may be different from the license(s) of the component(s) that the BOM describes. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. BOM produced early in the development lifecycle containing inventory of components and services that are proposed or planned to be used. The inventory may need to be procured, retrieved, or resourced prior to use. BOM consisting of information obtained prior to a build process and may contain source files and development artifacts and manifests. The inventory may need to be resolved and retrieved prior to use. BOM consisting of information obtained during a build process where component inventory is available for use. The precise versions of resolved components are usually available at this time as well as the provenance of where the components were retrieved from. BOM consisting of information obtained after a build process has completed and the resulting components(s) are available for further analysis. Built components may exist as the result of a CI/CD process, may have been installed or deployed to a system or device, and may need to be retrieved or extracted from the system or device. BOM produced that represents inventory that is running and operational. This may include staging or production environments and will generally encompass multiple SBOMs describing the applications and operating system, along with HBOMs describing the hardware that makes up the system. Operations Bill of Materials (OBOM) can provide full-stack inventory of runtime environments, configurations, and additional dependencies. BOM consisting of information observed through network discovery providing point-in-time enumeration of embedded, on-premise, and cloud-native services such as server applications, connected devices, microservices, and serverless functions. BOM containing inventory that will be, or has been retired from operations. The name of the organization The physical address (location) of the organization. The URL of the organization. Multiple URLs are allowed. Example: https://example.com A contact person at the organization. Multiple contacts are allowed. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the object elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Information about the automated or manual tool used The name of the vendor who created the tool The name of the tool The version of the tool Provides the ability to document external references related to the tool. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The name of the contact The email address of the contact. The phone number of the contact. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the object elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager. The organization that created the component. Manufacturer is common in components created through automated processes. Components created through manual means may have './authors' instead. The person(s) who created the component. Authors are common in components created through manual processes. Components created through automated means may have `./manufacturer` instead. DEPRECATED - DO NOT USE. This will be removed in a future version. Use `./authors` or `./manufacturer` instead. The person(s) or organization(s) that authored the component. The person(s) or organization(s) that published the component The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org. The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery The component version. The version should ideally comply with semantic versioning but is not enforced. Specifies a description for the component Specifies the scope of the component. If scope is not specified, 'required' scope SHOULD be assumed by the consumer of the BOM. The hashes of the component. A copyright notice informing users of the underlying claims to copyright ownership in a published work. Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See https://nvd.nist.gov/products/cpe Specifies the package-url (purl). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec Specifies the OmniBOR Artifact ID. The OmniBOR, if specified, must be valid and conform to the specification defined at: https://www.iana.org/assignments/uri-schemes/prov/gitoid Specifies the Software Heritage persistent identifier (SWHID). The SWHID, if specified, must be valid and conform to the specification defined at: https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating if the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original. Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Provides the ability to document external references related to the component or to the project the component describes. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. Allows any undeclared elements as long as the elements are placed in a different namespace. Provides the ability to document evidence collected through various forms of extraction or analysis. Specifies optional release notes. A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and must not be specified for other component types. This object SHOULD be specified for any component of type `data` and must not be specified for other component types. Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) is only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference. Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component. The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type. An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies the details and attributes related to a software license. It can either include a valid SPDX license identifier or a named license, along with additional properties such as license acknowledgment, comprehensive commercial licensing information, and the full text of the license. A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX license identifiers defined in the spdx.schema.json (or spdx.xml) subschema which is synchronized with the official SPDX license list. The name of the license. This may include the name of a commercial or proprietary license or an open source license that may not be defined by SPDX. Specifies the optional full text of the attachment The URL to the attachment file. If the attachment is a license or BOM, an externalReference should also be specified for completeness. Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata License identifiers that may be used to manage licenses and their lifecycle The individual or organization that grants a license to another individual or organization The organization that granted the license The individual, not associated with an organization, that granted the license The individual or organization for which a license was granted to The organization that was granted the license The individual, not associated with an organization, that was granted the license The individual or organization that purchased the license The organization that purchased the license The individual, not associated with an organization, that purchased the license The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase The type of license(s) that was granted to the licensee The timestamp indicating when the license was last renewed. For new purchases, this is often the purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of when the license was last renewed. The timestamp indicating when the current license expires (if applicable). Allows any undeclared elements as long as the elements are placed in a different namespace. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the license elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license. The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text. Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plan text documents. RFC 2045 section 5.1 outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the IANA media types registry at https://www.iana.org/assignments/media-types/media-types.xhtml. Specifies the optional encoding the text is represented in Specifies the file hash of the component Specifies the algorithm used to create the hash The component is required for runtime The component is optional at runtime. Optional components are components that are not capable of being called due to them not be installed or otherwise accessible by any means. Components that are installed but due to configuration or other restrictions are prohibited from being called must be scoped as 'required'. Components that are excluded provide the ability to document component usage for test and other non-runtime purposes. Excluded components are not reachable within a call graph at runtime. A software application. Refer to https://en.wikipedia.org/wiki/Application_software for information about applications. A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework for information on how frameworks vary slightly from libraries. A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended. A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms. A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to https://en.wikipedia.org/wiki/Operating_system A hardware device such as a processor, or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device. See also the list of known device properties: https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md A special type of software that operates or controls a particular type of device. Refer to https://en.wikipedia.org/wiki/Device_driver A special type of software that provides low-level control over a devices hardware. Refer to https://en.wikipedia.org/wiki/Firmware A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file for information about files. A model based on training data that can make predictions or decisions without being explicitly programmed to do so. A collection of discrete values that convey information. A cryptographic asset including algorithms, protocols, certificates, keys, tokens, and secrets. A license that grants use of software solely for the purpose of education or research. A license covering use of software embedded in a specific piece of hardware. A Client Access License (CAL) allows client computers to access services provided by server software. A Concurrent User license (aka floating license) limits the number of licenses for a software application and licenses are shared among a larger number of users. A license where the core of a computer's processor is assigned a specific number of points. A license for which consumption is measured by non-standard metrics. A license that covers a defined number of installations on computers and other types of devices. A license that grants permission to install and use software for trial purposes. A license that grants access to the software to one or more pre-defined users. A license that grants access to the software on one or more pre-defined computers or devices. An Original Equipment Manufacturer license that is delivered with hardware, cannot be transferred to other hardware, and is valid for the life of the hardware. A license where the software is sold on a one-time basis and the licensee can use a copy of the software indefinitely. A license where each installation consumes points per processor. A license where the licensee pays a fee to use the software or service. A license that grants access to the software or service by a specified number of users. Another license type. Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. Refer to https://nvd.nist.gov/products/cpe for official specification. Specifies the full content of the SWID tag. The URL to the SWID file. Allows any undeclared elements as long as the elements are placed in a different namespace. Maps to the tagId of a SoftwareIdentity. Maps to the name of a SoftwareIdentity. Maps to the version of a SoftwareIdentity. Maps to the tagVersion of a SoftwareIdentity. Maps to the patch of a SoftwareIdentity. Defines a string representation of a UUID conforming to RFC 4122. Version Control System Issue or defect tracking system, or an Application Lifecycle Management (ALM) system Website Security advisories Bill-of-materials (SBOM, OBOM, HBOM, SaaSBOM, etc) Mailing list or discussion group Social media account Real-time chat platform Documentation, guides, or how-to instructions Community or commercial support The location where the source code distributable can be obtained. This is often an archive format such as zip or tgz. The source-distribution type complements use of the version control (vcs) type. Direct or repository download location The location where a component was published to. This is often the same as "distribution" but may also include specialized publishing processes that act as an intermediary The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness. Example: https://www.apache.org/licenses/LICENSE-2.0.txt Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) URL to an automated build system URL to release notes Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501) that specifies the records containing DNS Security TXT. A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency. A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations. Parameters or settings that may be used by other components or services. Information used to substantiate a claim. Describes how a component or service was manufactured or deployed. Human or machine-readable statements containing facts, evidence, or testimony An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format The defined assumptions, goals, and capabilities of an adversary. Identifies and analyzes the potential of future events that may negatively impact individuals, assets, and/or the environment. Risk assessments may also include judgments on the tolerability of each risk. A Vulnerability Disclosure Report (VDR) which asserts the known and previously unknown vulnerabilities that affect a component, service, or product including the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on a component, service, or product. A Vulnerability Exploitability eXchange (VEX) which asserts the known vulnerabilities that do not affect a product, product family, or organization, and optionally the ones that do. The VEX should include the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on the product, product family, or organization. Results from an authorized simulated cyberattack on a component or service, otherwise known as a penetration test SARIF or proprietary machine or human-readable report for which static analysis has identified code quality, security, and other potential issues with the source code Dynamic analysis report that has identified issues such as vulnerabilities and misconfigurations Report generated by analyzing the call stack of a running application Report generated by Software Composition Analysis (SCA), container analysis, or other forms of component analysis Report containing a formal assessment of an organization, business unit, or team against a maturity model Industry, regulatory, or other certification from an accredited (if applicable) certification body Report or system in which quality metrics can be obtained Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC) Plans of Action and Milestones (POA&M) complement an "attestation" external reference. POA&M is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones". An e-signature is commonly a scanned representation of a written signature or a stylized script of the persons name. A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification. Document that complies with RFC-9116 (A File Format to Aid in Security Vulnerability Disclosure) Use this if no other types accurately describe the purpose of the external reference External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM. Zero or more external references can be defined The URI (URL or URN) to the external reference. External references are URIs and therefore can accept any URL scheme including https, mailto, tel, and dns. External references may also include formally registered URNs such as CycloneDX BOM-Link to reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external references into relationships that can be expressed in a BOM or across BOMs. Refer to: https://cyclonedx.org/capabilities/bomlink/ An optional comment describing the external reference Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the "other" type. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Zero or more commits can be specified. Specifies an individual commit. Allows any undeclared elements as long as the elements are placed in a different namespace. A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes. The URL to the commit. This URL will typically point to a commit in a version control system. The author who created the changes in the commit The person who committed or pushed the commit The text description of the contents of the commit Allows any undeclared elements as long as the elements are placed in a different namespace. Zero or more patches can be specified. Specifies an individual patch. Allows any undeclared elements as long as the elements are placed in a different namespace. The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality A patch which is not developed by the creators or maintainers of the software being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch A patch which dynamically modifies runtime behavior. Refer to https://en.wikipedia.org/wiki/Monkey_patch A patch which takes code from a newer version of software and applies it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting A patch created by selectively applying commits from other versions or branches of the same software. A fault, flaw, or bug in software A new feature or behavior in software A special type of defect which impacts security Specifies the optional text of the diff Specifies the URL to the diff Allows any undeclared elements as long as the elements are placed in a different namespace. An individual issue that has been resolved. The identifier of the issue assigned by the source of the issue The name of the issue A description of the issue The source of the issue where it is documented. The name of the source. For example "National Vulnerability Database", "NVD", and "Apache" The url of the issue documentation as provided by the source A collection of URL's for reference. Multiple URLs are allowed. Example: "https://example.com" Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies the type of issue The timestamp in which the action occurred The name of the individual who performed the action The email address of the individual who performed the action Allows any undeclared elements as long as the elements are placed in a different namespace. Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known. Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from. Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component. Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor. A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant. A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complementary to commits or may be used in place of commits. Notes, observations, and other non-structured commentary describing the components pedigree. Allows any undeclared elements as long as the elements are placed in a different namespace. The component or service that is a dependency of this dependency object. The component or service that define a given specification or standard, which is provided or implemented by this dependency object. For example, a cryptographic library which implements a cryptographic algorithm. A component which implements another component does not imply that the implementation is in use. References a component or service by its bom-ref attribute References a component or service by its bom-ref attribute User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Defines the direct dependencies of a component or service. Components or services that do not have their own dependencies must be declared as empty elements within the graph. Components or services that are not represented in the dependency graph may have unknown dependencies. It is recommended that implementations assume this to be opaque and not an indicator of a object being dependency-free. It is recommended to leverage compositions to indicate unknown dependency graphs. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The organization that provides the service. The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided. The name of the service. This will often be a shortened, single name of the service. The service version. Specifies a description for the service. The endpoint URIs of the service. Multiple endpoints are allowed. Example: "https://example.com/api/v1/ticker" A service endpoint URI. A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication. A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed. The name of the trust zone the service resides in. Specifies information about the data including the directional flow of data and the data classification. DEPRECATED: Specifies the data classification. THIS FIELD IS DEPRECATED AS OF v1.5. Use dataflow\classification instead Specifies the data classification. Specifies the data classification. The URI, URL, or BOM-Link of the components or services the data came in from. The URI, URL, or BOM-Link of the components or services the data is sent to. Name for the defined data. Short description of the data content and usage. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Provides the ability to document external references related to the service. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. A list of services included or deployed behind the parent service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies. Allows any undeclared elements as long as the elements are placed in a different namespace. Specifies optional release notes. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the service elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies the data classification. Specifies the flow direction of the data. Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known. Data that enters a service. Data that exits a service. Data flows in and out of the service. The directional flow of data is not known. A valid SPDX license expression. Refer to https://spdx.org/specifications for syntax requirements Example values: - Apache-2.0 AND (MIT OR GPL-2.0-only) - GPL-3.0-only WITH Classpath-exception-2.0 An optional identifier which can be used to reference the license elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license. Declared licenses represent the initial intentions of authors regarding the licensing terms of their code. Concluded licenses are verified and confirmed. Examines the source code without executing it. Examines a compiled binary through reverse engineering, typically via disassembly or bytecode reversal. Examines a package management system such as those used for building software or installing software. Examines the Abstract Syntax Tree (AST) of source code or a compiled binary. Evaluates the cryptographic hash of a component against a set of pre-computed hashes of identified software. Examines the call stack of running applications by intercepting and monitoring application logic without the need to modify the application. Evaluates a running application. Evaluates file name of a component against a set of known file names of identified software. A testimony to the accuracy of the identify of a component made by an individual or entity. Any other technique. Evidence that substantiates the identity of a component. The identify may be an object or an array of identity objects. Support for specifying identity as a single object was introduced in CycloneDX v1.5. "unbounded" was introduced in v1.6. It is recommended that all implementations are aware of "unbounded". The identity field of the component which the evidence describes. The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence. The value of the field (cpe, purl, etc) that has been concluded based on the aggregate of all methods (if available). The methods used to extract and/or analyze the evidence. The technique used in this method of analysis. The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is specific to the technique used. Each technique of analysis can have independent confidence. The value or contents of the evidence. The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs. Tools used for analysis should already be defined in the BOM, either in the metadata/tools, components, or formulation. Evidence of individual instances of a component spread across multiple locations. The location or path to where the component was found. The line number where the component was found. The offset where the component was found. The symbol name that was found associated with the component. Any additional context of the detected component (e.g. a code snippet). An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref must be unique within the BOM. Evidence of the components use through the callstack. Within a call stack, a frame is a discrete unit that encapsulates an execution context, including local variables, parameters, and the return address. As function calls are made, frames are pushed onto the stack, forming an array-like structure that orchestrates the flow of program execution and manages the sequence of function invocations. A package organizes modules into namespaces, providing a unique namespace for each type it contains. A module or class that encloses functions/methods and other code. A block of code designed to perform a particular task. Optional arguments that are passed to the module or function. The line number the code that is called resides on. The column the code that is called resides. The full path and filename of the module. The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs. Tools used for analysis should already be defined in the BOM, either in the metadata/tools, components, or formulation. opyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies an aggregate type that describe how complete a relationship is. The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only. Allows any undeclared elements as long as the elements are placed in a different namespace. The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only. Allows any undeclared elements as long as the elements are placed in a different namespace. The bom-ref identifiers of the vulnerabilities being described. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the composition elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist. The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. The relationship completeness is not specified. Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code must be lower case. If the country code is specified, the country code must be upper case. The language code and country code must be separated by a minus sign. Examples: en, en-US, fr, fr-CA The software versioning type. It is recommended that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged. * major = A major release may contain significant changes or may introduce breaking changes. * minor = A minor release, also known as an update, may contain a smaller number of changes than major releases. * patch = Patch releases are typically unplanned and may resolve defects or important security issues. * pre-release = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability. * internal = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it. The title of the release. The URL to an image that may be prominently displayed with the release note. The URL to an image that may be used in messaging on social media platforms. A short description of the release. The date and time (timestamp) when the release note was created. One or more alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names). A collection of issues that have been resolved. Zero or more release notes containing the locale and content. Multiple note elements may be specified to support release notes in a wide variety of languages. The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. Examples include: "en", "en-US", "fr" and "fr-CA". Specifies the full content of the release note. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and must not be specified for other component types. Hyper-parameters for construction of the model. The overall approach to learning used by the model for problem solving. Learning types describing the learning problem or hybrid learning problem. Directly influences the input and/or output. Examples include classification, regression, clustering, etc. The model architecture family such as transformer network, convolutional neural network, residual neural network, LSTM neural network, etc. The specific architecture of the model such as GPT-1, ResNet-50, YOLOv3, etc. The datasets used to train and evaluate the model. References a data component by the components bom-ref attribute Inline Data Information The input format(s) of the model The data format for input to the model. Example formats include string, image, time-series The output format(s) from the model The data format for output from the model. Example formats include string, image, time-series A quantitative analysis of the model The type of performance metric. The value of the performance metric. The name of the slice this metric was computed on. By default, assume this metric is not sliced. The confidence interval of the metric. The lower bound of the confidence interval. The upper bound of the confidence interval. A collection of graphics that represent various measurements A description of this collection of graphics. A collection of graphics. The name of the graphic. The graphic (vector or raster). Base64 encoding must be specified for binary images. What considerations should be taken into account regarding the model's construction, training, and application? Who are the intended users of the model? What are the intended use cases of the model? What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance? What are the known tradeoffs in accuracy/performance of the model? What are the ethical risks involved in the application of this model? The name of the risk Strategy used to address this risk What are the various environmental impacts the corresponding machine learning model has exhibited across its lifecycle? How does the model affect groups at risk of being systematically disadvantaged? What are the harms and benefits to the various affected groups? The groups or individuals at risk of being systematically disadvantaged by the model. Expected benefits to the identified groups. Expected harms to the identified groups. With respect to the benefits and harms outlined, please describe any mitigation strategy implemented. An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref must be unique within the BOM. Describes various environmental impact metrics. Describes energy consumption information incurred for one or more component lifecycle activities. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Describes energy consumption information incurred for the specified lifecycle activity. The type of activity that is part of a machine learning model development or operational lifecycle. model design including problem framing, goal definition and algorithm selection. model data acquisition including search, selection and transfer. model data preparation including data cleaning, labeling and conversion. model building, training and generalized tuning. refining a trained model to produce desired outputs for a given problem space. model validation including model output evaluation and testing. explicit model deployment to a target hosting infrastructure. generating an output response from a hosted model from a set of inputs. a lifecycle activity type whose description does not match currently defined values. The provider(s) of the energy consumed by the associated model development lifecycle activity. The total energy cost associated with the model lifecycle activity. The CO2 cost (debit) equivalent to the total energy cost. The CO2 offset (credit) for the CO2 equivalent cost. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. A measure of energy. Quantity of energy. Unit of energy. kilowatt-hour (kWh) is the energy delivered by one kilowatt (kW) of power for one hour (h). A measure of carbon dioxide (CO2). Quantity of carbon dioxide (CO2). Unit of carbon dioxide (CO2). Tonnes (t) of carbon dioxide (CO2) equivalent (eq). Describes the physical provider of energy used for model development or operations. A description of the energy provider. The organization of the energy provider. The energy source for the energy provider. Energy produced by types of coal. Petroleum products (primarily crude oil and its derivative fuel oils). Hydrocarbon gas liquids (HGL) that occur as gases at atmospheric pressure and as liquids under higher pressures including Natural gas (C5H12 and heavier), Ethane (C2H6), Propane (C3H8), etc. Energy produced from the cores of atoms (i.e., through nuclear fission or fusion). Energy produced from moving air. Energy produced from the sun (i.e., solar radiation). Energy produced from heat within the earth. Energy produced from flowing water. Liquid fuels produced from biomass feedstocks (i.e., organic materials such as plants or animals). The energy source is unknown. An energy source that is not listed. The energy provided by the energy source for an associated activity. External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM. An optional identifier which can be used to reference the energy provider elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. An address used to identify a contactable location. The country name or the two-letter ISO 3166-1 country code. The region or state in the country. For example, Texas. The locality or city within the country. For example, Austin. The post office box number. For example, 901. The postal code. For example, 78758. The street address. For example, 100 Main Street. An optional identifier which can be used to reference the address elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. Supervised machine learning involves training an algorithm on labeled data to predict or classify new data based on the patterns learned from the labeled examples. Unsupervised machine learning involves training algorithms on unlabeled data to discover patterns, structures, or relationships without explicit guidance, allowing the model to identify inherent structures or clusters within the data. Reinforcement learning is a type of machine learning where an agent learns to make decisions by interacting with an environment to maximize cumulative rewards, through trial and error. Semi-supervised machine learning utilizes a combination of labeled and unlabeled data during training to improve model performance, leveraging the benefits of both supervised and unsupervised learning techniques. Self-supervised machine learning involves training models to predict parts of the input data from other parts of the same data, without requiring external labels, enabling learning from large amounts of unlabeled data. The general theme or subject matter of the data being specified. The name of the dataset. The contents or references to the contents of the data being described. An optional way to include textual or encoded data. The URL to where the data can be retrieved. Provides the ability to document name-value parameters used for configuration. Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed. A description of any sensitive data in a dataset. A collection of graphics that represent various measurements. A description of the dataset. Can describe size of dataset, whether it's used for source code, training, testing, or validation, etc. An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref must be unique within the BOM. Data custodians are responsible for the safe custody, transport, and storage of data. Data stewards are responsible for data content, context, and associated business rules. Data owners are concerned with risk and appropriate access to data. A collection of graphics that represent various measurements. A description of this collection of graphics. A collection of graphics. The name of the graphic. The graphic (vector or raster). Base64 encoding must be specified for binary images. Any type of code, code snippet, or data-as-code. Parameters or settings that may be used by other components. A collection of data. Data that can be used to create new instances of what the definition defines. Any other type of data that does not fit into existing definitions. References a component or service by its bom-ref attribute User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Specifies an individual property with a name and value. The name of the property. Duplicate names are allowed, each potentially having a different value. Defines a weakness in a component or service that could be exploited or triggered by a threat source. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The identifier that uniquely identifies the vulnerability. For example: CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. The source that published the vulnerability. Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence. A pointer to a vulnerability that is the equivalent of the vulnerability specified. The identifier that uniquely identifies the vulnerability. For example: CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. The source that published the vulnerability. Allows any undeclared elements as long as the elements are placed in a different namespace. List of vulnerability ratings. List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. For example 399 (of https://cwe.mitre.org/data/definitions/399.html) A description of the vulnerability as provided by the source. If available, an in-depth description of the vulnerability as provided by the source organization. Details often include information useful in understanding root cause. Recommendations of how the vulnerability can be remediated or mitigated. A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or impact. Workarounds often involve changes to configuration or deployments. Evidence used to reproduce the vulnerability. Precise steps to reproduce the vulnerability. A description of the environment in which reproduction was possible. Supporting material that helps in reproducing or understanding how reproduction is possible. This may include screenshots, payloads, and PoC exploit code. Published advisories of the vulnerability if provided. The date and time (timestamp) when the vulnerability record was created in the vulnerability database. The date and time (timestamp) when the vulnerability record was first published. The date and time (timestamp) when the vulnerability record was last updated. The date and time (timestamp) when the vulnerability record was rejected (if applicable). Individuals or organizations credited with the discovery of the vulnerability. The organizations credited with vulnerability discovery. The individuals, not associated with organizations, that are credited with vulnerability discovery. The tool(s) used to identify, confirm, or score the vulnerability. DEPRECATED. Use tools\components or tools\services instead. A list of software and hardware components used as tools. A list of services used as tools. An assessment of the impact and exploitability of the vulnerability. Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. The rationale of why the impact analysis state was asserted. A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable. Detailed description of the impact including methods used during assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability. The date and time (timestamp) when the analysis was first issued. The date and time (timestamp) when the analysis was last updated. The components or services that are affected by the vulnerability. References a component or service by the objects bom-ref. Zero or more individual versions or range of versions. A single version of a component or service. A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst The vulnerability status for the version or range of versions. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. The name of the source. For example: NVD, National Vulnerability Database, OSS Index, VulnDB, and GitHub Advisories The url of the vulnerability documentation as provided by the source. For example: https://nvd.nist.gov/vuln/detail/CVE-2021-39182 The source that calculated the severity or risk rating of the vulnerability. The numerical score of the rating. Textual representation of the severity that corresponds to the numerical score of the rating. The risk scoring methodology/standard used. Textual representation of the metric values used to score the vulnerability. An optional reason for rating the vulnerability as it was. An optional name of the advisory. Location where the advisory can be obtained. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The organization that created the annotation The person that created the annotation The tool or component that created the annotation The service that created the annotation The objects in the BOM identified by their bom-ref's. This is often components or services, but may be any object type supporting bom-refs. Allows any undeclared elements as long as the elements are placed in a different namespace. The organization, individual, component, or service which created the textual content of the annotation. The date and time (timestamp) when the annotation was created. The textual content of the annotation. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the annotation elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately. Critical severity High severity Medium severity Low severity Informational warning. None The severity is not known Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. The vulnerability has been remediated. The vulnerability has been remediated and evidence of the changes are provided in the affected components pedigree containing verifiable commit history and/or diff(s). The vulnerability may be directly or indirectly exploitable. The vulnerability is being investigated. The vulnerability is not specific to the component or service and was falsely identified or associated. The component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases. The rationale of why the impact analysis state was asserted. The code has been removed or tree-shaked. The vulnerable code is not invoked at runtime. Exploitability requires a configurable option to be set/unset. Exploitability requires a dependency that is not present. Exploitability requires a certain environment which is not present. Exploitability requires a compiler flag to be set/unset. Exploits are prevented at runtime. Attacks are blocked at physical, logical, or network perimeter. Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability. Specifies the severity or risk scoring methodology or standard used. Common Vulnerability Scoring System v2.0 standard as defined at https://www.first.org/cvss/v2/ Common Vulnerability Scoring System v3.0 standard as defined at https://www.first.org/cvss/v3-0/ Common Vulnerability Scoring System v3.1 standard as defined at https://www.first.org/cvss/v3-1/ Common Vulnerability Scoring System v4.0 standard as defined at https://www.first.org/cvss/v4-0/ OWASP Risk Rating as defined at https://owasp.org/www-community/OWASP_Risk_Rating_Methodology Stakeholder Specific Vulnerability Categorization as defined at https://github.com/CERTCC/SSVC Another severity or risk scoring methodology The rationale of why the impact analysis state was asserted. Can not fix Will not fix Update to a different revision or release Revert to a previous revision or release There is a workaround available The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status. The version is affected by the vulnerability. The version is not affected by the vulnerability. It is unknown (or unspecified) whether the given version is affected. Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Describes workflows and resources that captures rules and other aspects of how the associated BOM component or service was formed. Transient components that are used in tasks that constitute one or more of this formula's workflows Transient services that are used in tasks that constitute one or more of this formula's workflows List of workflows that can be declared to accomplish specific orchestrated goals and independently triggered. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. An optional identifier which can be used to reference the formula elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The unique identifier for the resource instance within its deployment context. The name of the resource instance. The description of the resource instance. References to component or service resources that are used to realize the resource instance. The tasks that comprise the workflow. The graph of dependencies between tasks within the workflow. Indicates the types of activities performed by the set of workflow tasks. The trigger that initiated the task. The sequence of steps for the task. Represents resources and data brought into a task at runtime by executor or task commands Represents resources and data output from a task at runtime by executor or task commands The date and time (timestamp) when the task started. The date and time (timestamp) when the task ended. A set of named filesystem or data resource shareable by workflow tasks. A graph of the component runtime topology for workflow's instance. A description of the runtime component and service topology. This can describe a partial or complete topology used to host and execute the task (e.g., hardware, operating systems, configurations, etc.) Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the workflow elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. References an object by its bom-ref attribute Reference to an externally accessible resource. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The unique identifier for the resource instance within its deployment context. The name of the resource instance. The description of the resource instance. References to component or service resources that are used to realize the resource instance. Indicates the types of activities performed by the set of workflow tasks. The trigger that initiated the task. The sequence of steps for the task. Represents resources and data brought into a task at runtime by executor or task commands. Represents resources and data output from a task at runtime by executor or task commands The date and time (timestamp) when the task started. The date and time (timestamp) when the task ended. A set of named filesystem or data resource shareable by workflow tasks. A graph of the component runtime topology for task's instance. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the task elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. A task that copies software or data used to accomplish other tasks in the workflow. A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step. A task that checks source code for programmatic and stylistic errors. A task that performs a scan against source code, or built or deployed components and services. Scans are typically run to gather or test for security vulnerabilities or policy compliance. A task that merges changes or fixes into source code prior to a build step in the workflow. A task that builds the source code, dependencies and/or data into an artifact that can be deployed to and executed on target systems. A task that verifies the functionality of a component or service. A task that delivers a built artifact to one or more target repositories or storage systems. A task that deploys a built artifact for execution on one or more target systems. A task that releases a built, versioned artifact to a target repository or distribution system. A task that cleans unnecessary tools, build artifacts and/or data from workflow storage. A workflow task that does not match current task type definitions. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. A named filesystem or data resource shareable by workflow tasks. The unique identifier for the resource instance within its deployment context. The name of the resource instance. The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping so other tasks can use their own local name in their steps. The description of the resource instance. References to component or service resources that are used to realize the resource instance. Describes the read-write access control for the workspace relative to the owning resource instance. A path to a location on disk where the workspace will be available to the associated task's steps. The name of a domain-specific data type the workspace represents. This property is for CI/CD frameworks that are able to provide access to structured, managed data at a more granular level than a filesystem. Identifies the reference to the request for a specific volume type and parameters. Information about the actual volume instance allocated to the workspace. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the workflow elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. An identifiable, logical unit of data storage tied to a physical device. The unique identifier for the volume instance within its deployment context. The name of the volume instance The mode for the volume instance. The underlying path created from the actual volume. The allocated size of the volume accessible to the associated workspace. This should include the scalar size as well as IEC standard unit in either decimal or binary form. Indicates if the volume persists beyond the life of the resource it is associated with. Indicates if the volume is remotely (i.e., network) attached. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Executes specific commands or tools in order to accomplish its owning task as part of a sequence. A name for the step. A description of the step. Ordered list of commands or directives for the step A text representation of the executed command. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The unique identifier for the resource instance within its deployment context. The name of the resource instance. The description of the resource instance. References to component or service resources that are used to realize the resource instance. The source type of event which caused the trigger to fire. The event data that caused the associated trigger to activate. A list of conditions used to determine if a trigger should be activated. A condition that was used to determine a trigger should be activated. Describes the set of conditions which cause the trigger to activate. The logical expression that was evaluated that determined the trigger should be fired. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. The date and time (timestamp) when the trigger was activated. Represents resources and data brought into a task at runtime by executor or task commands Represents resources and data output from a task at runtime by executor or task commands Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the trigger elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The unique identifier of the event. A description of the event. The date and time (timestamp) when the event was received. Encoding of the raw event data. References the component or service that was the source of the event References the component or service that was the target of the event Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Type that represents various input data types and formats. A reference to an independent resource provided as an input to a task by the workflow runtime. Inputs that have the form of parameters with names and values. Inputs that have the form of parameters with names and values. Inputs that have the form of data. A references to the component or service that provided the input to the task (e.g., reference to a service with data flow value of inbound) A reference to the component or service that received or stored the input if not the task itself (e.g., a local, named storage workspace) Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Represents resources and data output from a task at runtime by executor or task commands A reference to an independent resource generated as output by the task. Outputs that have the form of environment variables. Outputs that have the form of data. Describes the type of data output. Component or service that generated or provided the output from the task (e.g., a build tool) Component or service that received the output from the task (e.g., reference to an artifactory service with data flow value of outbound) Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. A representation of a functional parameter. The name of the parameter. The value of the parameter. The data type of the parameter. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) is only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference. Cryptographic assets occur in several forms. Algorithms and protocols are most commonly implemented in specialized cryptographic libraries. They may however also be 'hardcoded' in software components. Certificates and related cryptographic material like keys, tokens, secrets or passwords are other cryptographic assets to be modelled. Mathematical function commonly used for data encryption, authentication, and digital signatures. An electronic document that is used to provide the identity or validate a public key. A set of rules and guidelines that govern the behavior and communication with each other. Other cryptographic assets that are related to algorithms, certificate, and protocols such as keys and tokens. Additional properties specific to a cryptographic algorithm. Cryptographic building blocks used in higher-level cryptographic systems and protocols. Primitives represent different cryptographic routines: deterministic random bit generators (drbg, e.g. CTR_DRBG from NIST SP800-90A-r1), message authentication codes (mac, e.g. HMAC-SHA-256), blockciphers (e.g. AES), streamciphers (e.g. Salsa20), signatures (e.g. ECDSA), hash functions (e.g. SHA-256), public-key encryption schemes (pke, e.g. RSA), extended output functions (xof, e.g. SHAKE256), key derivation functions (e.g. pbkdf2), key agreement algorithms (e.g. ECDH), key encapsulation mechanisms (e.g. ML-KEM), authenticated encryption (ae, e.g. AES-GCM) and the combination of multiple algorithms (combiner, e.g. SP800-56Cr2). Deterministic Random Bit Generator (DRBG) is a type of pseudorandom number generator designed to produce a sequence of bits from an initial seed value. DRBGs are commonly used in cryptographic applications where reproducibility of random values is important. In cryptography, a Message Authentication Code (MAC) is information used for authenticating and integrity-checking a message. A block cipher is a symmetric key algorithm that operates on fixed-size blocks of data. It encrypts or decrypts the data in block units, providing confidentiality. Block ciphers are widely used in various cryptographic modes and protocols for secure data transmission. A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In cryptography, a signature is a digital representation of a message or data that proves its origin, identity, and integrity. Digital signatures are generated using cryptographic algorithms and are widely used for authentication and verification in secure communication. A hash function is a mathematical algorithm that takes an input (or 'message') and produces a fixed-size string of characters, which is typically a hash value. Hash functions are commonly used in various cryptographic applications, including data integrity verification and password hashing. Public Key Encryption (PKE) is a type of encryption that uses a pair of public and private keys for secure communication. The public key is used for encryption, while the private key is used for decryption. PKE is a fundamental component of public-key cryptography. An XOF is an extendable output function that can take arbitrary input and creates a stream of output, up to a limit determined by the size of the internal state of the hash function that underlies the XOF. A Key Derivation Function (KDF) derives key material from another source of entropy while preserving the entropy of the input. In cryptography, a key-agreement is a protocol whereby two or more parties agree on a cryptographic key in such a way that both influence the outcome. A Key Encapsulation Mechanism (KEM) algorithm is a mechanism for transporting random keying material to a recipient using the recipient's public key. Authenticated Encryption (AE) is a cryptographic process that provides both confidentiality and data integrity. It ensures that the encrypted data has not been tampered with and comes from a legitimate source. AE is commonly used in secure communication protocols. A combiner aggregates many candidates for a cryptographic primitive and generates a new candidate for the same primitive. Another primitive type. The primitive is not known. An identifier for the parameter set of the cryptographic algorithm. Examples: in AES128, '128' identifies the key length in bits, in SHA256, '256' identifies the digest length, '128' in SHAKE128 identifies its maximum security level in bits, and 'SHA2-128s' identifies a parameter set used in SLH-DSA (FIPS205). The specific underlying Elliptic Curve (EC) definition employed which is an indicator of the level of security strength, performance and complexity. Absent an authoritative source of curve names, CycloneDX recommends use of curve names as defined at https://neuromancer.sk/std/, the source from which can be found at https://github.com/J08nY/std-curves. The target and execution environment in which the algorithm is implemented in. A software implementation running in plain unencrypted RAM. A software implementation running in encrypted RAM. A software implementation running in a trusted execution environment. A hardware implementation. Another implementation environment. The execution environment is not known. The target platform for which the algorithm is implemented. The implementation can be 'generic', running on any platform or for a specific platform. The certification that the implementation of the cryptographic algorithm has received, if any. Certifications include revisions and levels of FIPS 140 or Common Criteria of different Extended Assurance Levels (CC-EAL). No certification obtained FIPS 140-1 Level 1 FIPS 140-1 Level 2 FIPS 140-1 Level 3 FIPS 140-1 Level 4 FIPS 140-2 Level 1 FIPS 140-2 Level 2 FIPS 140-2 Level 3 FIPS 140-2 Level 4 FIPS 140-3 Level 1 FIPS 140-3 Level 2 FIPS 140-3 Level 3 FIPS 140-3 Level 4 Common Criteria - Evaluation Assurance Level 1 Common Criteria - Evaluation Assurance Level 1 (Augmented) Common Criteria - Evaluation Assurance Level 2 Common Criteria - Evaluation Assurance Level 2 (Augmented) Common Criteria - Evaluation Assurance Level 3 Common Criteria - Evaluation Assurance Level 3 (Augmented) Common Criteria - Evaluation Assurance Level 4 Common Criteria - Evaluation Assurance Level 4 (Augmented) Common Criteria - Evaluation Assurance Level 5 Common Criteria - Evaluation Assurance Level 5 (Augmented) Common Criteria - Evaluation Assurance Level 6 Common Criteria - Evaluation Assurance Level 6 (Augmented) Common Criteria - Evaluation Assurance Level 7 Common Criteria - Evaluation Assurance Level 7 (Augmented) Another certification The certification level is not known The mode of operation in which the cryptographic algorithm (block cipher) is used. Cipher block chaining Electronic codebook Counter with cipher block chaining message authentication code Galois/counter Cipher feedback Output feedback Counter Another mode of operation The mode of operation is not known The padding scheme that is used for the cryptographic algorithm. Password-Based Cryptography Specification #5 Public Key Cryptography Standard: Cryptographic Message Syntax Public Key Cryptography Standard: RSA Cryptography v1.5 Optimal asymmetric encryption padding Raw Another padding scheme The padding scheme is not known The cryptographic functions implemented by the cryptographic algorithm. The classical security level that a cryptographic algorithm provides (in bits). The NIST security strength category as defined in https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria). A value of 0 indicates that none of the categories are met. Properties for cryptographic assets of asset type 'certificate' The subject name for the certificate The issuer name for the certificate The date and time according to ISO-8601 standard from which the certificate is valid The date and time according to ISO-8601 standard from which the certificate is not valid anymore The bom-ref to signature algorithm used by the certificate The bom-ref to the public key of the subject The format of the certificate. Examples include X.509, PEM, DER, and CVC The file extension of the certificate. Examples include crt, pem, cer, der, and p12. Properties for cryptographic assets of asset type 'relatedCryptoMaterial' The type for the related cryptographic material The optional unique identifier for the related cryptographic material. The key state as defined by NIST SP 800-57. The bom-ref to the algorithm used to generate the related cryptographic material. The date and time (timestamp) when the related cryptographic material was created. The date and time (timestamp) when the related cryptographic material was activated. The date and time (timestamp) when the related cryptographic material was updated. The date and time (timestamp) when the related cryptographic material expires. The associated value of the cryptographic material. The size of the cryptographic asset (in bits). The format of the related cryptographic material (e.g. P8, PEM, DER). The mechanism by which the cryptographic asset is secured by. Specifies the mechanism by which the cryptographic asset is secured by. Examples include HSM, TPM, XGX, Software, and None. The bom-ref to the algorithm. Properties specific to cryptographic assets of type: 'protocol'. The concrete protocol type. Transport Layer Security Secure Shell Internet Protocol Security Internet Key Exchange Secure Socket Tunneling Protocol Wi-Fi Protected Access Another protocol type The protocol type is not known The version of the protocol. Examples include 1.0, 1.2, and 1.99. A list of cipher suites related to the protocol. A common name for the cipher suite. For example: TLS_DHE_RSA_WITH_AES_128_CCM A list of algorithms related to the cipher suite. The bom-ref to algorithm cryptographic asset. A list of common identifiers for the cipher suite. Cipher suite identifier. Examples include 0xC0 and 0x9E. The IKEv2 transform types supported (types 1-4), defined in RFC7296 section 3.3.2, and additional properties. Transform Type 1: encryption algorithms Transform Type 2: pseudorandom functions Transform Type 3: integrity algorithms Transform Type 4: Key Exchange Method (KE) per RFC9370, formerly called Diffie-Hellman Group (D-H) Specifies if an Extended Sequence Number (ESN) is used. IKEv2 Authentication method A protocol-related cryptographic assets The object identifier (OID) of the cryptographic asset. The list of assessors evaluating claims and determining conformance to requirements and confidence in that assessment. The assessor who evaluates claims and determines conformance to requirements and confidence in that assessment. The boolean indicating if the assessor is outside the organization generating claims. A value of false indicates a self assessor. The entity issuing the assessment. An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The list of attestations asserted by an assessor that maps requirements to claims. An attestation asserted by an assessor that maps requirements to claims. The short description explaining the main points of the attestation. The `bom-ref` to the assessor asserting the attestation. The grouping of requirements to claims and the attestors declared conformance and confidence thereof. The `bom-ref` to the requirement being attested to. The list of `bom-ref` to the claims being attested to. The `bom-ref` to the claim being attested to. The list of `bom-ref` to the counter claims being attested to. The `bom-ref` to the counter claim being attested to. The conformance of the claim meeting a requirement. The conformance of the claim between and inclusive of 0 and 1, where 1 is 100% conformance. The rationale for the score of conformance. The list of `bom-ref` to the evidence provided describing the mitigation strategies. Each mitigation strategy should include an explanation of how any weaknesses in the evidence will be mitigated. The confidence of the claim meeting the requirement. The confidence of the claim between and inclusive of 0 and 1, where 1 is 100% confidence. The rationale for the confidence score. Allows any undeclared elements as long as the elements are placed in a different namespace. The list of claims. The `bom-ref` to a target representing a specific system, application, API, module, team, person, process, business unit, company, etc... that this claim is being applied to. The specific statement or assertion about the target. The list of `bom-ref` to the evidence provided describing the mitigation strategies. Each mitigation strategy should include an explanation of how any weaknesses in the evidence will be mitigated. The written explanation of why the evidence provided substantiates the claim. The list of `bom-ref` to evidence that supports this claim. The list of `bom-ref` to counterEvidence that supports this claim. Provides the ability to document external references related to the claim the BOM describes. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The list of evidence The list of evidence The reference to the property name as defined in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy/). The written description of what this evidence is and how it was created. The output or analysis that supports claims. The name of the data. The contents or references to the contents of the data being described. An optional way to include textual or encoded data. The URL to where the data can be retrieved. Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed. A description of any sensitive data. The date and time (timestamp) when the evidence was created. The optional date and time (timestamp) when the evidence is no longer valid. The author of the evidence. The reviewer of the evidence. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The list of targets which claims are made against. The list of organizations which claims are made against. The list of components which claims are made against. The list of services which claims are made against. A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment. It includes a list of authorized signatories who assert the validity of the document on behalf of the organization. The brief statement affirmed by an individual regarding all declarations. This could be an affirmation of acceptance by a third-party auditor or receiving individual of a file. For example: "I certify, to the best of my knowledge, that all information is correct." The list of signatories authorized on behalf of an organization to assert validity of this document. The signatory's name. The signatory's role within an organization. The signatory's organization. An External reference provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM. Allows any undeclared elements as long as the elements are placed in a different namespace. Allows any undeclared elements as long as the elements are placed in a different namespace. Allows any undeclared elements as long as the elements are placed in a different namespace. A collection of reusable objects that are defined and may be used elsewhere in the BOM. The list of standards which may consist of regulations, industry or organizational-specific standards, maturity models, best practices, or any other requirements which can be evaluated against or attested to. Allows any undeclared elements as long as the elements are placed in a different namespace. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. A standard may consist of regulations, industry or organizational-specific standards, maturity models, best practices, or any other requirements which can be evaluated against or attested to. The name of the standard. This will often be a shortened, single name of the standard. The version of the standard. The description of the standard. The owner of the standard, often the entity responsible for its release. The list of requirements comprising the standard. The unique identifier used in the standard to identify a specific requirement. This should match what is in the standard and should not be the requirements bom-ref. The title of the requirement. The textual content of the requirement. The supplemental text that provides additional guidance or context to the requirement, but is not directly part of the requirement. The Common Requirements Enumeration (CRE) identifier(s). CRE is a structured and standardized framework for uniting security standards and guidelines. CRE links each section of a resource to a shared topic identifier (a Common Requirement). Through this shared topic link, all resources map to each other. Use of CRE promotes clear and unambiguous communication among stakeholders. The optional `bom-ref` to a parent requirement. This establishes a hierarchy of requirements. Top-level requirements must not define a parent. Only child requirements should define parents. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Provides the ability to document external references related to the BOM or to the project the BOM describes. An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. The list of levels associated with the standard. Some standards have different levels of compliance. The identifier used in the standard to identify a specific level. The title of the level. The description of the level. The list of requirement `bom-ref`s that comprise the level. An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Provides the ability to document external references related to the BOM or to the project the BOM describes. Allows any undeclared elements as long as the elements are placed in a different namespace. An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include: "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection" Provides additional information about a BOM. A list of software and hardware components. A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services. Provides the ability to document external references related to the BOM or to the project the BOM describes. Provides the ability to document dependency relationships. Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described. Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is optional. Vulnerabilities identified in components or services. Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinion or commentary from various stakeholders. Annotations may be inline (with inventory) or externalized via BOM-Link, and may optionally be signed. Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process. The list of declarations which describe the conformance to standards. Each declaration may include attestations, claims, and evidence. A collection of reusable objects that are defined and may be used elsewhere in the BOM. Allows any undeclared elements as long as the elements are placed in a different namespace. Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. The default version is '1'. Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number must conform to RFC-4122. Use of serial numbers are recommended. User-defined attributes may be used on this element as long as they do not have the same name as an existing attribute used by the schema. cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/jsf-0.82.SNAPSHOT.schema.json000066400000000000000000000175721476011761300265350ustar00rootroot00000000000000{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/jsf-0.82.schema.json", "type": "object", "title": "JSON Signature Format (JSF) standard", "$comment" : "JSON Signature Format schema is published under the terms of the Apache License 2.0. JSF was developed by Anders Rundgren (anders.rundgren.net@gmail.com) as a part of the OpenKeyStore project. This schema supports the entirely of the JSF standard excluding 'extensions'.", "definitions": { "signature": { "type": "object", "title": "Signature", "oneOf": [ { "additionalProperties": false, "properties": { "signers": { "type": "array", "title": "Signature", "description": "Unique top level property for Multiple Signatures. (multisignature)", "items": {"$ref": "#/definitions/signer"} } } }, { "additionalProperties": false, "properties": { "chain": { "type": "array", "title": "Signature", "description": "Unique top level property for Signature Chains. (signaturechain)", "items": {"$ref": "#/definitions/signer"} } } }, { "title": "Signature", "description": "Unique top level property for simple signatures. (signaturecore)", "$ref": "#/definitions/signer" } ] }, "signer": { "type": "object", "title": "Signature", "required": [ "algorithm", "value" ], "additionalProperties": false, "properties": { "algorithm": { "oneOf": [ { "type": "string", "title": "Algorithm", "description": "Signature algorithm. The currently recognized JWA [RFC7518] and RFC8037 [RFC8037] asymmetric key algorithms. Note: Unlike RFC8037 [RFC8037] JSF requires explicit Ed* algorithm names instead of \"EdDSA\".", "enum": [ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512", "Ed25519", "Ed448", "HS256", "HS384", "HS512" ] }, { "type": "string", "title": "Algorithm", "description": "Signature algorithm. Note: If proprietary signature algorithms are added, they must be expressed as URIs.", "format": "uri" } ] }, "keyId": { "type": "string", "title": "Key ID", "description": "Optional. Application specific string identifying the signature key." }, "publicKey": { "title": "Public key", "description": "Optional. Public key object.", "$ref": "#/definitions/publicKey" }, "certificatePath": { "type": "array", "title": "Certificate path", "description": "Optional. Sorted array of X.509 [RFC5280] certificates, where the first element must contain the signature certificate. The certificate path must be contiguous but is not required to be complete.", "items": { "type": "string" } }, "excludes": { "type": "array", "title": "Excludes", "description": "Optional. Array holding the names of one or more application level properties that must be excluded from the signature process. Note that the \"excludes\" property itself, must also be excluded from the signature process. Since both the \"excludes\" property and the associated data it points to are unsigned, a conforming JSF implementation must provide options for specifying which properties to accept.", "items": { "type": "string" } }, "value": { "type": "string", "title": "Signature", "description": "The signature data. Note that the binary representation must follow the JWA [RFC7518] specifications." } } }, "keyType": { "type": "string", "title": "Key type", "description": "Key type indicator.", "enum": [ "EC", "OKP", "RSA" ] }, "publicKey": { "title": "Public key", "description": "Optional. Public key object.", "type": "object", "required": [ "kty" ], "additionalProperties": true, "properties": { "kty": { "$ref": "#/definitions/keyType" } }, "allOf": [ { "if": { "properties": { "kty": { "const": "EC" } } }, "then": { "required": [ "kty", "crv", "x", "y" ], "additionalProperties": false, "properties": { "kty": { "$ref": "#/definitions/keyType" }, "crv": { "type": "string", "title": "Curve name", "description": "EC curve name.", "enum": [ "P-256", "P-384", "P-521" ] }, "x": { "type": "string", "title": "Coordinate", "description": "EC curve point X. The length of this field must be the full size of a coordinate for the curve specified in the \"crv\" parameter. For example, if the value of \"crv\" is \"P-521\", the decoded argument must be 66 bytes." }, "y": { "type": "string", "title": "Coordinate", "description": "EC curve point Y. The length of this field must be the full size of a coordinate for the curve specified in the \"crv\" parameter. For example, if the value of \"crv\" is \"P-256\", the decoded argument must be 32 bytes." } } } }, { "if": { "properties": { "kty": { "const": "OKP" } } }, "then": { "required": [ "kty", "crv", "x" ], "additionalProperties": false, "properties": { "kty": { "$ref": "#/definitions/keyType" }, "crv": { "type": "string", "title": "Curve name", "description": "EdDSA curve name.", "enum": [ "Ed25519", "Ed448" ] }, "x": { "type": "string", "title": "Coordinate", "description": "EdDSA curve point X. The length of this field must be the full size of a coordinate for the curve specified in the \"crv\" parameter. For example, if the value of \"crv\" is \"Ed25519\", the decoded argument must be 32 bytes." } } } }, { "if": { "properties": { "kty": { "const": "RSA" } } }, "then": { "required": [ "kty", "n", "e" ], "additionalProperties": false, "properties": { "kty": { "$ref": "#/definitions/keyType" }, "n": { "type": "string", "title": "Modulus", "description": "RSA modulus." }, "e": { "type": "string", "title": "Exponent", "description": "RSA exponent." } } } } ] } } } cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/spdx.SNAPSHOT.schema.json000066400000000000000000000347561476011761300263470ustar00rootroot00000000000000{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/spdx.schema.json", "$comment": "v1.0-3.24.0", "type": "string", "enum": [ "0BSD", "3D-Slicer-1.0", "AAL", "Abstyles", "AdaCore-doc", "Adobe-2006", "Adobe-Display-PostScript", "Adobe-Glyph", "Adobe-Utopia", "ADSL", "AFL-1.1", "AFL-1.2", "AFL-2.0", "AFL-2.1", "AFL-3.0", "Afmparse", "AGPL-1.0", "AGPL-1.0-only", "AGPL-1.0-or-later", "AGPL-3.0", "AGPL-3.0-only", "AGPL-3.0-or-later", "Aladdin", "AMD-newlib", "AMDPLPA", "AML", "AML-glslang", "AMPAS", "ANTLR-PD", "ANTLR-PD-fallback", "any-OSI", "Apache-1.0", "Apache-1.1", "Apache-2.0", "APAFML", "APL-1.0", "App-s2p", "APSL-1.0", "APSL-1.1", "APSL-1.2", "APSL-2.0", "Arphic-1999", "Artistic-1.0", "Artistic-1.0-cl8", "Artistic-1.0-Perl", "Artistic-2.0", "ASWF-Digital-Assets-1.0", "ASWF-Digital-Assets-1.1", "Baekmuk", "Bahyph", "Barr", "bcrypt-Solar-Designer", "Beerware", "Bitstream-Charter", "Bitstream-Vera", "BitTorrent-1.0", "BitTorrent-1.1", "blessing", "BlueOak-1.0.0", "Boehm-GC", "Borceux", "Brian-Gladman-2-Clause", "Brian-Gladman-3-Clause", "BSD-1-Clause", "BSD-2-Clause", "BSD-2-Clause-Darwin", "BSD-2-Clause-first-lines", "BSD-2-Clause-FreeBSD", "BSD-2-Clause-NetBSD", "BSD-2-Clause-Patent", "BSD-2-Clause-Views", "BSD-3-Clause", "BSD-3-Clause-acpica", "BSD-3-Clause-Attribution", "BSD-3-Clause-Clear", "BSD-3-Clause-flex", "BSD-3-Clause-HP", "BSD-3-Clause-LBNL", "BSD-3-Clause-Modification", "BSD-3-Clause-No-Military-License", "BSD-3-Clause-No-Nuclear-License", "BSD-3-Clause-No-Nuclear-License-2014", "BSD-3-Clause-No-Nuclear-Warranty", "BSD-3-Clause-Open-MPI", "BSD-3-Clause-Sun", "BSD-4-Clause", "BSD-4-Clause-Shortened", "BSD-4-Clause-UC", "BSD-4.3RENO", "BSD-4.3TAHOE", "BSD-Advertising-Acknowledgement", "BSD-Attribution-HPND-disclaimer", "BSD-Inferno-Nettverk", "BSD-Protection", "BSD-Source-beginning-file", "BSD-Source-Code", "BSD-Systemics", "BSD-Systemics-W3Works", "BSL-1.0", "BUSL-1.1", "bzip2-1.0.5", "bzip2-1.0.6", "C-UDA-1.0", "CAL-1.0", "CAL-1.0-Combined-Work-Exception", "Caldera", "Caldera-no-preamble", "Catharon", "CATOSL-1.1", "CC-BY-1.0", "CC-BY-2.0", "CC-BY-2.5", "CC-BY-2.5-AU", "CC-BY-3.0", "CC-BY-3.0-AT", "CC-BY-3.0-AU", "CC-BY-3.0-DE", "CC-BY-3.0-IGO", "CC-BY-3.0-NL", "CC-BY-3.0-US", "CC-BY-4.0", "CC-BY-NC-1.0", "CC-BY-NC-2.0", "CC-BY-NC-2.5", "CC-BY-NC-3.0", "CC-BY-NC-3.0-DE", "CC-BY-NC-4.0", "CC-BY-NC-ND-1.0", "CC-BY-NC-ND-2.0", "CC-BY-NC-ND-2.5", "CC-BY-NC-ND-3.0", "CC-BY-NC-ND-3.0-DE", "CC-BY-NC-ND-3.0-IGO", "CC-BY-NC-ND-4.0", "CC-BY-NC-SA-1.0", "CC-BY-NC-SA-2.0", "CC-BY-NC-SA-2.0-DE", "CC-BY-NC-SA-2.0-FR", "CC-BY-NC-SA-2.0-UK", "CC-BY-NC-SA-2.5", "CC-BY-NC-SA-3.0", "CC-BY-NC-SA-3.0-DE", "CC-BY-NC-SA-3.0-IGO", "CC-BY-NC-SA-4.0", "CC-BY-ND-1.0", "CC-BY-ND-2.0", "CC-BY-ND-2.5", "CC-BY-ND-3.0", "CC-BY-ND-3.0-DE", "CC-BY-ND-4.0", "CC-BY-SA-1.0", "CC-BY-SA-2.0", "CC-BY-SA-2.0-UK", "CC-BY-SA-2.1-JP", "CC-BY-SA-2.5", "CC-BY-SA-3.0", "CC-BY-SA-3.0-AT", "CC-BY-SA-3.0-DE", "CC-BY-SA-3.0-IGO", "CC-BY-SA-4.0", "CC-PDDC", "CC0-1.0", "CDDL-1.0", "CDDL-1.1", "CDL-1.0", "CDLA-Permissive-1.0", "CDLA-Permissive-2.0", "CDLA-Sharing-1.0", "CECILL-1.0", "CECILL-1.1", "CECILL-2.0", "CECILL-2.1", "CECILL-B", "CECILL-C", "CERN-OHL-1.1", "CERN-OHL-1.2", "CERN-OHL-P-2.0", "CERN-OHL-S-2.0", "CERN-OHL-W-2.0", "CFITSIO", "check-cvs", "checkmk", "ClArtistic", "Clips", "CMU-Mach", "CMU-Mach-nodoc", "CNRI-Jython", "CNRI-Python", "CNRI-Python-GPL-Compatible", "COIL-1.0", "Community-Spec-1.0", "Condor-1.1", "copyleft-next-0.3.0", "copyleft-next-0.3.1", "Cornell-Lossless-JPEG", "CPAL-1.0", "CPL-1.0", "CPOL-1.02", "Cronyx", "Crossword", "CrystalStacker", "CUA-OPL-1.0", "Cube", "curl", "cve-tou", "D-FSL-1.0", "DEC-3-Clause", "diffmark", "DL-DE-BY-2.0", "DL-DE-ZERO-2.0", "DOC", "Dotseqn", "DRL-1.0", "DRL-1.1", "DSDP", "dtoa", "dvipdfm", "ECL-1.0", "ECL-2.0", "eCos-2.0", "EFL-1.0", "EFL-2.0", "eGenix", "Elastic-2.0", "Entessa", "EPICS", "EPL-1.0", "EPL-2.0", "ErlPL-1.1", "etalab-2.0", "EUDatagrid", "EUPL-1.0", "EUPL-1.1", "EUPL-1.2", "Eurosym", "Fair", "FBM", "FDK-AAC", "Ferguson-Twofish", "Frameworx-1.0", "FreeBSD-DOC", "FreeImage", "FSFAP", "FSFAP-no-warranty-disclaimer", "FSFUL", "FSFULLR", "FSFULLRWD", "FTL", "Furuseth", "fwlw", "GCR-docs", "GD", "GFDL-1.1", "GFDL-1.1-invariants-only", "GFDL-1.1-invariants-or-later", "GFDL-1.1-no-invariants-only", "GFDL-1.1-no-invariants-or-later", "GFDL-1.1-only", "GFDL-1.1-or-later", "GFDL-1.2", "GFDL-1.2-invariants-only", "GFDL-1.2-invariants-or-later", "GFDL-1.2-no-invariants-only", "GFDL-1.2-no-invariants-or-later", "GFDL-1.2-only", "GFDL-1.2-or-later", "GFDL-1.3", "GFDL-1.3-invariants-only", "GFDL-1.3-invariants-or-later", "GFDL-1.3-no-invariants-only", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-only", "GFDL-1.3-or-later", "Giftware", "GL2PS", "Glide", "Glulxe", "GLWTPL", "gnuplot", "GPL-1.0", "GPL-1.0+", "GPL-1.0-only", "GPL-1.0-or-later", "GPL-2.0", "GPL-2.0+", "GPL-2.0-only", "GPL-2.0-or-later", "GPL-2.0-with-autoconf-exception", "GPL-2.0-with-bison-exception", "GPL-2.0-with-classpath-exception", "GPL-2.0-with-font-exception", "GPL-2.0-with-GCC-exception", "GPL-3.0", "GPL-3.0+", "GPL-3.0-only", "GPL-3.0-or-later", "GPL-3.0-with-autoconf-exception", "GPL-3.0-with-GCC-exception", "Graphics-Gems", "gSOAP-1.3b", "gtkbook", "Gutmann", "HaskellReport", "hdparm", "Hippocratic-2.1", "HP-1986", "HP-1989", "HPND", "HPND-DEC", "HPND-doc", "HPND-doc-sell", "HPND-export-US", "HPND-export-US-acknowledgement", "HPND-export-US-modify", "HPND-export2-US", "HPND-Fenneberg-Livingston", "HPND-INRIA-IMAG", "HPND-Intel", "HPND-Kevlin-Henney", "HPND-Markus-Kuhn", "HPND-merchantability-variant", "HPND-MIT-disclaimer", "HPND-Pbmplus", "HPND-sell-MIT-disclaimer-xserver", "HPND-sell-regexpr", "HPND-sell-variant", "HPND-sell-variant-MIT-disclaimer", "HPND-sell-variant-MIT-disclaimer-rev", "HPND-UC", "HPND-UC-export-US", "HTMLTIDY", "IBM-pibs", "ICU", "IEC-Code-Components-EULA", "IJG", "IJG-short", "ImageMagick", "iMatix", "Imlib2", "Info-ZIP", "Inner-Net-2.0", "Intel", "Intel-ACPI", "Interbase-1.0", "IPA", "IPL-1.0", "ISC", "ISC-Veillard", "Jam", "JasPer-2.0", "JPL-image", "JPNIC", "JSON", "Kastrup", "Kazlib", "Knuth-CTAN", "LAL-1.2", "LAL-1.3", "Latex2e", "Latex2e-translated-notice", "Leptonica", "LGPL-2.0", "LGPL-2.0+", "LGPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1-only", "LGPL-2.1-or-later", "LGPL-3.0", "LGPL-3.0+", "LGPL-3.0-only", "LGPL-3.0-or-later", "LGPLLR", "Libpng", "libpng-2.0", "libselinux-1.0", "libtiff", "libutil-David-Nugent", "LiLiQ-P-1.1", "LiLiQ-R-1.1", "LiLiQ-Rplus-1.1", "Linux-man-pages-1-para", "Linux-man-pages-copyleft", "Linux-man-pages-copyleft-2-para", "Linux-man-pages-copyleft-var", "Linux-OpenIB", "LOOP", "LPD-document", "LPL-1.0", "LPL-1.02", "LPPL-1.0", "LPPL-1.1", "LPPL-1.2", "LPPL-1.3a", "LPPL-1.3c", "lsof", "Lucida-Bitmap-Fonts", "LZMA-SDK-9.11-to-9.20", "LZMA-SDK-9.22", "Mackerras-3-Clause", "Mackerras-3-Clause-acknowledgment", "magaz", "mailprio", "MakeIndex", "Martin-Birgmeier", "McPhee-slideshow", "metamail", "Minpack", "MirOS", "MIT", "MIT-0", "MIT-advertising", "MIT-CMU", "MIT-enna", "MIT-feh", "MIT-Festival", "MIT-Khronos-old", "MIT-Modern-Variant", "MIT-open-group", "MIT-testregex", "MIT-Wu", "MITNFA", "MMIXware", "Motosoto", "MPEG-SSG", "mpi-permissive", "mpich2", "MPL-1.0", "MPL-1.1", "MPL-2.0", "MPL-2.0-no-copyleft-exception", "mplus", "MS-LPL", "MS-PL", "MS-RL", "MTLL", "MulanPSL-1.0", "MulanPSL-2.0", "Multics", "Mup", "NAIST-2003", "NASA-1.3", "Naumen", "NBPL-1.0", "NCBI-PD", "NCGL-UK-2.0", "NCL", "NCSA", "Net-SNMP", "NetCDF", "Newsletr", "NGPL", "NICTA-1.0", "NIST-PD", "NIST-PD-fallback", "NIST-Software", "NLOD-1.0", "NLOD-2.0", "NLPL", "Nokia", "NOSL", "Noweb", "NPL-1.0", "NPL-1.1", "NPOSL-3.0", "NRL", "NTP", "NTP-0", "Nunit", "O-UDA-1.0", "OAR", "OCCT-PL", "OCLC-2.0", "ODbL-1.0", "ODC-By-1.0", "OFFIS", "OFL-1.0", "OFL-1.0-no-RFN", "OFL-1.0-RFN", "OFL-1.1", "OFL-1.1-no-RFN", "OFL-1.1-RFN", "OGC-1.0", "OGDL-Taiwan-1.0", "OGL-Canada-2.0", "OGL-UK-1.0", "OGL-UK-2.0", "OGL-UK-3.0", "OGTSL", "OLDAP-1.1", "OLDAP-1.2", "OLDAP-1.3", "OLDAP-1.4", "OLDAP-2.0", "OLDAP-2.0.1", "OLDAP-2.1", "OLDAP-2.2", "OLDAP-2.2.1", "OLDAP-2.2.2", "OLDAP-2.3", "OLDAP-2.4", "OLDAP-2.5", "OLDAP-2.6", "OLDAP-2.7", "OLDAP-2.8", "OLFL-1.3", "OML", "OpenPBS-2.3", "OpenSSL", "OpenSSL-standalone", "OpenVision", "OPL-1.0", "OPL-UK-3.0", "OPUBL-1.0", "OSET-PL-2.1", "OSL-1.0", "OSL-1.1", "OSL-2.0", "OSL-2.1", "OSL-3.0", "PADL", "Parity-6.0.0", "Parity-7.0.0", "PDDL-1.0", "PHP-3.0", "PHP-3.01", "Pixar", "pkgconf", "Plexus", "pnmstitch", "PolyForm-Noncommercial-1.0.0", "PolyForm-Small-Business-1.0.0", "PostgreSQL", "PPL", "PSF-2.0", "psfrag", "psutils", "Python-2.0", "Python-2.0.1", "python-ldap", "Qhull", "QPL-1.0", "QPL-1.0-INRIA-2004", "radvd", "Rdisc", "RHeCos-1.1", "RPL-1.1", "RPL-1.5", "RPSL-1.0", "RSA-MD", "RSCPL", "Ruby", "SAX-PD", "SAX-PD-2.0", "Saxpath", "SCEA", "SchemeReport", "Sendmail", "Sendmail-8.23", "SGI-B-1.0", "SGI-B-1.1", "SGI-B-2.0", "SGI-OpenGL", "SGP4", "SHL-0.5", "SHL-0.51", "SimPL-2.0", "SISSL", "SISSL-1.2", "SL", "Sleepycat", "SMLNJ", "SMPPL", "SNIA", "snprintf", "softSurfer", "Soundex", "Spencer-86", "Spencer-94", "Spencer-99", "SPL-1.0", "ssh-keyscan", "SSH-OpenSSH", "SSH-short", "SSLeay-standalone", "SSPL-1.0", "StandardML-NJ", "SugarCRM-1.1.3", "Sun-PPP", "Sun-PPP-2000", "SunPro", "SWL", "swrule", "Symlinks", "TAPR-OHL-1.0", "TCL", "TCP-wrappers", "TermReadKey", "TGPPL-1.0", "threeparttable", "TMate", "TORQUE-1.1", "TOSL", "TPDL", "TPL-1.0", "TTWL", "TTYP0", "TU-Berlin-1.0", "TU-Berlin-2.0", "UCAR", "UCL-1.0", "ulem", "UMich-Merit", "Unicode-3.0", "Unicode-DFS-2015", "Unicode-DFS-2016", "Unicode-TOU", "UnixCrypt", "Unlicense", "UPL-1.0", "URT-RLE", "Vim", "VOSTROM", "VSL-1.0", "W3C", "W3C-19980720", "W3C-20150513", "w3m", "Watcom-1.0", "Widget-Workshop", "Wsuipa", "WTFPL", "wxWindows", "X11", "X11-distribute-modifications-variant", "Xdebug-1.03", "Xerox", "Xfig", "XFree86-1.1", "xinetd", "xkeyboard-config-Zinoviev", "xlock", "Xnet", "xpp", "XSkat", "xzoom", "YPL-1.0", "YPL-1.1", "Zed", "Zeeff", "Zend-2.0", "Zimbra-1.3", "Zimbra-1.4", "Zlib", "zlib-acknowledgement", "ZPL-1.1", "ZPL-2.0", "ZPL-2.1", "389-exception", "Asterisk-exception", "Asterisk-linking-protocols-exception", "Autoconf-exception-2.0", "Autoconf-exception-3.0", "Autoconf-exception-generic", "Autoconf-exception-generic-3.0", "Autoconf-exception-macro", "Bison-exception-1.24", "Bison-exception-2.2", "Bootloader-exception", "Classpath-exception-2.0", "CLISP-exception-2.0", "cryptsetup-OpenSSL-exception", "DigiRule-FOSS-exception", "eCos-exception-2.0", "Fawkes-Runtime-exception", "FLTK-exception", "fmt-exception", "Font-exception-2.0", "freertos-exception-2.0", "GCC-exception-2.0", "GCC-exception-2.0-note", "GCC-exception-3.1", "Gmsh-exception", "GNAT-exception", "GNOME-examples-exception", "GNU-compiler-exception", "gnu-javamail-exception", "GPL-3.0-interface-exception", "GPL-3.0-linking-exception", "GPL-3.0-linking-source-exception", "GPL-CC-1.0", "GStreamer-exception-2005", "GStreamer-exception-2008", "i2p-gpl-java-exception", "KiCad-libraries-exception", "LGPL-3.0-linking-exception", "libpri-OpenH323-exception", "Libtool-exception", "Linux-syscall-note", "LLGPL", "LLVM-exception", "LZMA-exception", "mif-exception", "Nokia-Qt-exception-1.1", "OCaml-LGPL-linking-exception", "OCCT-exception-1.0", "OpenJDK-assembly-exception-1.0", "openvpn-openssl-exception", "PCRE2-exception", "PS-or-PDF-font-exception-20170817", "QPL-1.0-INRIA-2004-exception", "Qt-GPL-exception-1.0", "Qt-LGPL-exception-1.1", "Qwt-exception-1.0", "RRDtool-FLOSS-exception-2.0", "SANE-exception", "SHL-2.0", "SHL-2.1", "stunnel-exception", "SWI-exception", "Swift-exception", "Texinfo-exception", "u-boot-exception-2.0", "UBDL-exception", "Universal-FOSS-exception-1.0", "vsftpd-openssl-exception", "WxWindows-exception-3.1", "x11vnc-openssl-exception" ] } cyclonedx-python-lib-9.1.0/cyclonedx/schema/_res/spdx.SNAPSHOT.xsd000066400000000000000000005171701476011761300247310ustar00rootroot00000000000000 BSD Zero Clause License 3D Slicer License v1.0 Attribution Assurance License Abstyles License AdaCore Doc License Adobe Systems Incorporated Source Code License Agreement Adobe Display PostScript License Adobe Glyph List License Adobe Utopia Font License Amazon Digital Services License Academic Free License v1.1 Academic Free License v1.2 Academic Free License v2.0 Academic Free License v2.1 Academic Free License v3.0 Afmparse License Affero General Public License v1.0 Affero General Public License v1.0 only Affero General Public License v1.0 or later GNU Affero General Public License v3.0 GNU Affero General Public License v3.0 only GNU Affero General Public License v3.0 or later Aladdin Free Public License AMD newlib License AMD's plpa_map.c License Apple MIT License AML glslang variant License Academy of Motion Picture Arts and Sciences BSD ANTLR Software Rights Notice ANTLR Software Rights Notice with license fallback Any OSI License Apache License 1.0 Apache License 1.1 Apache License 2.0 Adobe Postscript AFM License Adaptive Public License 1.0 App::s2p License Apple Public Source License 1.0 Apple Public Source License 1.1 Apple Public Source License 1.2 Apple Public Source License 2.0 Arphic Public License Artistic License 1.0 Artistic License 1.0 w/clause 8 Artistic License 1.0 (Perl) Artistic License 2.0 ASWF Digital Assets License version 1.0 ASWF Digital Assets License 1.1 Baekmuk License Bahyph License Barr License bcrypt Solar Designer License Beerware License Bitstream Charter Font License Bitstream Vera Font License BitTorrent Open Source License v1.0 BitTorrent Open Source License v1.1 SQLite Blessing Blue Oak Model License 1.0.0 Boehm-Demers-Weiser GC License Borceux license Brian Gladman 2-Clause License Brian Gladman 3-Clause License BSD 1-Clause License BSD 2-Clause "Simplified" License BSD 2-Clause - Ian Darwin variant BSD 2-Clause - first lines requirement BSD 2-Clause FreeBSD License BSD 2-Clause NetBSD License BSD-2-Clause Plus Patent License BSD 2-Clause with views sentence BSD 3-Clause "New" or "Revised" License BSD 3-Clause acpica variant BSD with attribution BSD 3-Clause Clear License BSD 3-Clause Flex variant Hewlett-Packard BSD variant license Lawrence Berkeley National Labs BSD variant license BSD 3-Clause Modification BSD 3-Clause No Military License BSD 3-Clause No Nuclear License BSD 3-Clause No Nuclear License 2014 BSD 3-Clause No Nuclear Warranty BSD 3-Clause Open MPI variant BSD 3-Clause Sun Microsystems BSD 4-Clause "Original" or "Old" License BSD 4 Clause Shortened BSD-4-Clause (University of California-Specific) BSD 4.3 RENO License BSD 4.3 TAHOE License BSD Advertising Acknowledgement License BSD with Attribution and HPND disclaimer BSD-Inferno-Nettverk BSD Protection License BSD Source Code Attribution - beginning of file variant BSD Source Code Attribution Systemics BSD variant license Systemics W3Works BSD variant license Boost Software License 1.0 Business Source License 1.1 bzip2 and libbzip2 License v1.0.5 bzip2 and libbzip2 License v1.0.6 Computational Use of Data Agreement v1.0 Cryptographic Autonomy License 1.0 Cryptographic Autonomy License 1.0 (Combined Work Exception) Caldera License Caldera License (without preamble) Catharon License Computer Associates Trusted Open Source License 1.1 Creative Commons Attribution 1.0 Generic Creative Commons Attribution 2.0 Generic Creative Commons Attribution 2.5 Generic Creative Commons Attribution 2.5 Australia Creative Commons Attribution 3.0 Unported Creative Commons Attribution 3.0 Austria Creative Commons Attribution 3.0 Australia Creative Commons Attribution 3.0 Germany Creative Commons Attribution 3.0 IGO Creative Commons Attribution 3.0 Netherlands Creative Commons Attribution 3.0 United States Creative Commons Attribution 4.0 International Creative Commons Attribution Non Commercial 1.0 Generic Creative Commons Attribution Non Commercial 2.0 Generic Creative Commons Attribution Non Commercial 2.5 Generic Creative Commons Attribution Non Commercial 3.0 Unported Creative Commons Attribution Non Commercial 3.0 Germany Creative Commons Attribution Non Commercial 4.0 International Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported Creative Commons Attribution Non Commercial No Derivatives 3.0 Germany Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO Creative Commons Attribution Non Commercial No Derivatives 4.0 International Creative Commons Attribution Non Commercial Share Alike 1.0 Generic Creative Commons Attribution Non Commercial Share Alike 2.0 Generic Creative Commons Attribution Non Commercial Share Alike 2.0 Germany Creative Commons Attribution-NonCommercial-ShareAlike 2.0 France Creative Commons Attribution Non Commercial Share Alike 2.0 England and Wales Creative Commons Attribution Non Commercial Share Alike 2.5 Generic Creative Commons Attribution Non Commercial Share Alike 3.0 Unported Creative Commons Attribution Non Commercial Share Alike 3.0 Germany Creative Commons Attribution Non Commercial Share Alike 3.0 IGO Creative Commons Attribution Non Commercial Share Alike 4.0 International Creative Commons Attribution No Derivatives 1.0 Generic Creative Commons Attribution No Derivatives 2.0 Generic Creative Commons Attribution No Derivatives 2.5 Generic Creative Commons Attribution No Derivatives 3.0 Unported Creative Commons Attribution No Derivatives 3.0 Germany Creative Commons Attribution No Derivatives 4.0 International Creative Commons Attribution Share Alike 1.0 Generic Creative Commons Attribution Share Alike 2.0 Generic Creative Commons Attribution Share Alike 2.0 England and Wales Creative Commons Attribution Share Alike 2.1 Japan Creative Commons Attribution Share Alike 2.5 Generic Creative Commons Attribution Share Alike 3.0 Unported Creative Commons Attribution Share Alike 3.0 Austria Creative Commons Attribution Share Alike 3.0 Germany Creative Commons Attribution-ShareAlike 3.0 IGO Creative Commons Attribution Share Alike 4.0 International Creative Commons Public Domain Dedication and Certification Creative Commons Zero v1.0 Universal Common Development and Distribution License 1.0 Common Development and Distribution License 1.1 Common Documentation License 1.0 Community Data License Agreement Permissive 1.0 Community Data License Agreement Permissive 2.0 Community Data License Agreement Sharing 1.0 CeCILL Free Software License Agreement v1.0 CeCILL Free Software License Agreement v1.1 CeCILL Free Software License Agreement v2.0 CeCILL Free Software License Agreement v2.1 CeCILL-B Free Software License Agreement CeCILL-C Free Software License Agreement CERN Open Hardware Licence v1.1 CERN Open Hardware Licence v1.2 CERN Open Hardware Licence Version 2 - Permissive CERN Open Hardware Licence Version 2 - Strongly Reciprocal CERN Open Hardware Licence Version 2 - Weakly Reciprocal CFITSIO License check-cvs License Checkmk License Clarified Artistic License Clips License CMU Mach License CMU Mach - no notices-in-documentation variant CNRI Jython License CNRI Python License CNRI Python Open Source GPL Compatible License Agreement Copyfree Open Innovation License Community Specification License 1.0 Condor Public License v1.1 copyleft-next 0.3.0 copyleft-next 0.3.1 Cornell Lossless JPEG License Common Public Attribution License 1.0 Common Public License 1.0 Code Project Open License 1.02 Cronyx License Crossword License CrystalStacker License CUA Office Public License v1.0 Cube License curl License Common Vulnerability Enumeration ToU License Deutsche Freie Software Lizenz DEC 3-Clause License diffmark license Data licence Germany – attribution – version 2.0 Data licence Germany – zero – version 2.0 DOC License Dotseqn License Detection Rule License 1.0 Detection Rule License 1.1 DSDP License David M. Gay dtoa License dvipdfm License Educational Community License v1.0 Educational Community License v2.0 eCos license version 2.0 Eiffel Forum License v1.0 Eiffel Forum License v2.0 eGenix.com Public License 1.1.0 Elastic License 2.0 Entessa Public License v1.0 EPICS Open License Eclipse Public License 1.0 Eclipse Public License 2.0 Erlang Public License v1.1 Etalab Open License 2.0 EU DataGrid Software License European Union Public License 1.0 European Union Public License 1.1 European Union Public License 1.2 Eurosym License Fair License Fuzzy Bitmap License Fraunhofer FDK AAC Codec Library Ferguson Twofish License Frameworx Open License 1.0 FreeBSD Documentation License FreeImage Public License v1.0 FSF All Permissive License FSF All Permissive License (without Warranty) FSF Unlimited License FSF Unlimited License (with License Retention) FSF Unlimited License (With License Retention and Warranty Disclaimer) Freetype Project License Furuseth License fwlw License Gnome GCR Documentation License GD License GNU Free Documentation License v1.1 GNU Free Documentation License v1.1 only - invariants GNU Free Documentation License v1.1 or later - invariants GNU Free Documentation License v1.1 only - no invariants GNU Free Documentation License v1.1 or later - no invariants GNU Free Documentation License v1.1 only GNU Free Documentation License v1.1 or later GNU Free Documentation License v1.2 GNU Free Documentation License v1.2 only - invariants GNU Free Documentation License v1.2 or later - invariants GNU Free Documentation License v1.2 only - no invariants GNU Free Documentation License v1.2 or later - no invariants GNU Free Documentation License v1.2 only GNU Free Documentation License v1.2 or later GNU Free Documentation License v1.3 GNU Free Documentation License v1.3 only - invariants GNU Free Documentation License v1.3 or later - invariants GNU Free Documentation License v1.3 only - no invariants GNU Free Documentation License v1.3 or later - no invariants GNU Free Documentation License v1.3 only GNU Free Documentation License v1.3 or later Giftware License GL2PS License 3dfx Glide License Glulxe License Good Luck With That Public License gnuplot License GNU General Public License v1.0 only GNU General Public License v1.0 or later GNU General Public License v1.0 only GNU General Public License v1.0 or later GNU General Public License v2.0 only GNU General Public License v2.0 or later GNU General Public License v2.0 only GNU General Public License v2.0 or later GNU General Public License v2.0 w/Autoconf exception GNU General Public License v2.0 w/Bison exception GNU General Public License v2.0 w/Classpath exception GNU General Public License v2.0 w/Font exception GNU General Public License v2.0 w/GCC Runtime Library exception GNU General Public License v3.0 only GNU General Public License v3.0 or later GNU General Public License v3.0 only GNU General Public License v3.0 or later GNU General Public License v3.0 w/Autoconf exception GNU General Public License v3.0 w/GCC Runtime Library exception Graphics Gems License gSOAP Public License v1.3b gtkbook License Gutmann License Haskell Language Report License hdparm License Hippocratic License 2.1 Hewlett-Packard 1986 License Hewlett-Packard 1989 License Historical Permission Notice and Disclaimer Historical Permission Notice and Disclaimer - DEC variant Historical Permission Notice and Disclaimer - documentation variant Historical Permission Notice and Disclaimer - documentation sell variant HPND with US Government export control warning HPND with US Government export control warning and acknowledgment HPND with US Government export control warning and modification rqmt HPND with US Government export control and 2 disclaimers Historical Permission Notice and Disclaimer - Fenneberg-Livingston variant Historical Permission Notice and Disclaimer - INRIA-IMAG variant Historical Permission Notice and Disclaimer - Intel variant Historical Permission Notice and Disclaimer - Kevlin Henney variant Historical Permission Notice and Disclaimer - Markus Kuhn variant Historical Permission Notice and Disclaimer - merchantability variant Historical Permission Notice and Disclaimer with MIT disclaimer Historical Permission Notice and Disclaimer - Pbmplus variant Historical Permission Notice and Disclaimer - sell xserver variant with MIT disclaimer Historical Permission Notice and Disclaimer - sell regexpr variant Historical Permission Notice and Disclaimer - sell variant HPND sell variant with MIT disclaimer HPND sell variant with MIT disclaimer - reverse Historical Permission Notice and Disclaimer - University of California variant Historical Permission Notice and Disclaimer - University of California, US export warning HTML Tidy License IBM PowerPC Initialization and Boot Software ICU License IEC Code Components End-user licence agreement Independent JPEG Group License Independent JPEG Group License - short ImageMagick License iMatix Standard Function Library Agreement Imlib2 License Info-ZIP License Inner Net License v2.0 Intel Open Source License Intel ACPI Software License Agreement Interbase Public License v1.0 IPA Font License IBM Public License v1.0 ISC License ISC Veillard variant Jam License JasPer License JPL Image Use Policy Japan Network Information Center License JSON License Kastrup License Kazlib License Knuth CTAN License Licence Art Libre 1.2 Licence Art Libre 1.3 Latex2e License Latex2e with translated notice permission Leptonica License GNU Library General Public License v2 only GNU Library General Public License v2 or later GNU Library General Public License v2 only GNU Library General Public License v2 or later GNU Lesser General Public License v2.1 only GNU Lesser General Public License v2.1 or later GNU Lesser General Public License v2.1 only GNU Lesser General Public License v2.1 or later GNU Lesser General Public License v3.0 only GNU Lesser General Public License v3.0 or later GNU Lesser General Public License v3.0 only GNU Lesser General Public License v3.0 or later Lesser General Public License For Linguistic Resources libpng License PNG Reference Library version 2 libselinux public domain notice libtiff License libutil David Nugent License Licence Libre du Québec – Permissive version 1.1 Licence Libre du Québec – Réciprocité version 1.1 Licence Libre du Québec – Réciprocité forte version 1.1 Linux man-pages - 1 paragraph Linux man-pages Copyleft Linux man-pages Copyleft - 2 paragraphs Linux man-pages Copyleft Variant Linux Kernel Variant of OpenIB.org license Common Lisp LOOP License LPD Documentation License Lucent Public License Version 1.0 Lucent Public License v1.02 LaTeX Project Public License v1.0 LaTeX Project Public License v1.1 LaTeX Project Public License v1.2 LaTeX Project Public License v1.3a LaTeX Project Public License v1.3c lsof License Lucida Bitmap Fonts License LZMA SDK License (versions 9.11 to 9.20) LZMA SDK License (versions 9.22 and beyond) Mackerras 3-Clause License Mackerras 3-Clause - acknowledgment variant magaz License mailprio License MakeIndex License Martin Birgmeier License McPhee Slideshow License metamail License Minpack License The MirOS Licence MIT License MIT No Attribution Enlightenment License (e16) CMU License enna License feh License MIT Festival Variant MIT Khronos - old variant MIT License Modern Variant MIT Open Group variant MIT testregex Variant MIT Tom Wu Variant MIT +no-false-attribs license MMIXware License Motosoto License MPEG Software Simulation mpi Permissive License mpich2 License Mozilla Public License 1.0 Mozilla Public License 1.1 Mozilla Public License 2.0 Mozilla Public License 2.0 (no copyleft exception) mplus Font License Microsoft Limited Public License Microsoft Public License Microsoft Reciprocal License Matrix Template Library License Mulan Permissive Software License, Version 1 Mulan Permissive Software License, Version 2 Multics License Mup License Nara Institute of Science and Technology License (2003) NASA Open Source Agreement 1.3 Naumen Public License Net Boolean Public License v1 NCBI Public Domain Notice Non-Commercial Government Licence NCL Source Code License University of Illinois/NCSA Open Source License Net-SNMP License NetCDF license Newsletr License Nethack General Public License NICTA Public Software License, Version 1.0 NIST Public Domain Notice NIST Public Domain Notice with license fallback NIST Software License Norwegian Licence for Open Government Data (NLOD) 1.0 Norwegian Licence for Open Government Data (NLOD) 2.0 No Limit Public License Nokia Open Source License Netizen Open Source License Noweb License Netscape Public License v1.0 Netscape Public License v1.1 Non-Profit Open Software License 3.0 NRL License NTP License NTP No Attribution Nunit License Open Use of Data Agreement v1.0 OAR License Open CASCADE Technology Public License OCLC Research Public License 2.0 Open Data Commons Open Database License v1.0 Open Data Commons Attribution License v1.0 OFFIS License SIL Open Font License 1.0 SIL Open Font License 1.0 with no Reserved Font Name SIL Open Font License 1.0 with Reserved Font Name SIL Open Font License 1.1 SIL Open Font License 1.1 with no Reserved Font Name SIL Open Font License 1.1 with Reserved Font Name OGC Software License, Version 1.0 Taiwan Open Government Data License, version 1.0 Open Government Licence - Canada Open Government Licence v1.0 Open Government Licence v2.0 Open Government Licence v3.0 Open Group Test Suite License Open LDAP Public License v1.1 Open LDAP Public License v1.2 Open LDAP Public License v1.3 Open LDAP Public License v1.4 Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B) Open LDAP Public License v2.0.1 Open LDAP Public License v2.1 Open LDAP Public License v2.2 Open LDAP Public License v2.2.1 Open LDAP Public License 2.2.2 Open LDAP Public License v2.3 Open LDAP Public License v2.4 Open LDAP Public License v2.5 Open LDAP Public License v2.6 Open LDAP Public License v2.7 Open LDAP Public License v2.8 Open Logistics Foundation License Version 1.3 Open Market License OpenPBS v2.3 Software License OpenSSL License OpenSSL License - standalone OpenVision License Open Public License v1.0 United Kingdom Open Parliament Licence v3.0 Open Publication License v1.0 OSET Public License version 2.1 Open Software License 1.0 Open Software License 1.1 Open Software License 2.0 Open Software License 2.1 Open Software License 3.0 PADL License The Parity Public License 6.0.0 The Parity Public License 7.0.0 Open Data Commons Public Domain Dedication & License 1.0 PHP License v3.0 PHP License v3.01 Pixar License pkgconf License Plexus Classworlds License pnmstitch License PolyForm Noncommercial License 1.0.0 PolyForm Small Business License 1.0.0 PostgreSQL License Peer Production License Python Software Foundation License 2.0 psfrag License psutils License Python License 2.0 Python License 2.0.1 Python ldap License Qhull License Q Public License 1.0 Q Public License 1.0 - INRIA 2004 variant radvd License Rdisc License Red Hat eCos Public License v1.1 Reciprocal Public License 1.1 Reciprocal Public License 1.5 RealNetworks Public Source License v1.0 RSA Message-Digest License Ricoh Source Code Public License Ruby License Sax Public Domain Notice Sax Public Domain Notice 2.0 Saxpath License SCEA Shared Source License Scheme Language Report License Sendmail License Sendmail License 8.23 SGI Free Software License B v1.0 SGI Free Software License B v1.1 SGI Free Software License B v2.0 SGI OpenGL License SGP4 Permission Notice Solderpad Hardware License v0.5 Solderpad Hardware License, Version 0.51 Simple Public License 2.0 Sun Industry Standards Source License v1.1 Sun Industry Standards Source License v1.2 SL License Sleepycat License Standard ML of New Jersey License Secure Messaging Protocol Public License SNIA Public License 1.1 snprintf License softSurfer License Soundex License Spencer License 86 Spencer License 94 Spencer License 99 Sun Public License v1.0 ssh-keyscan License SSH OpenSSH license SSH short notice SSLeay License - standalone Server Side Public License, v 1 Standard ML of New Jersey License SugarCRM Public License v1.1.3 Sun PPP License Sun PPP License (2000) SunPro License Scheme Widget Library (SWL) Software License Agreement swrule License Symlinks License TAPR Open Hardware License v1.0 TCL/TK License TCP Wrappers License TermReadKey License Transitive Grace Period Public Licence 1.0 threeparttable License TMate Open Source License TORQUE v2.5+ Software License v1.1 Trusster Open Source License Time::ParseDate License THOR Public License 1.0 Text-Tabs+Wrap License TTYP0 License Technische Universitaet Berlin License 1.0 Technische Universitaet Berlin License 2.0 UCAR License Upstream Compatibility License v1.0 ulem License Michigan/Merit Networks License Unicode License v3 Unicode License Agreement - Data Files and Software (2015) Unicode License Agreement - Data Files and Software (2016) Unicode Terms of Use UnixCrypt License The Unlicense Universal Permissive License v1.0 Utah Raster Toolkit Run Length Encoded License Vim License VOSTROM Public License for Open Source Vovida Software License v1.0 W3C Software Notice and License (2002-12-31) W3C Software Notice and License (1998-07-20) W3C Software Notice and Document License (2015-05-13) w3m License Sybase Open Watcom Public License 1.0 Widget Workshop License Wsuipa License Do What The F*ck You Want To Public License wxWindows Library License X11 License X11 License Distribution Modification Variant Xdebug License v 1.03 Xerox License Xfig License XFree86 License 1.1 xinetd License xkeyboard-config Zinoviev License xlock License X.Net License XPP License XSkat License xzoom License Yahoo! Public License v1.0 Yahoo! Public License v1.1 Zed License Zeeff License Zend License v2.0 Zimbra Public License v1.3 Zimbra Public License v1.4 zlib License zlib/libpng License with Acknowledgement Zope Public License 1.1 Zope Public License 2.0 Zope Public License 2.1 389 Directory Server Exception Asterisk exception Asterisk linking protocols exception Autoconf exception 2.0 Autoconf exception 3.0 Autoconf generic exception Autoconf generic exception for GPL-3.0 Autoconf macro exception Bison exception 1.24 Bison exception 2.2 Bootloader Distribution Exception Classpath exception 2.0 CLISP exception 2.0 cryptsetup OpenSSL exception DigiRule FOSS License Exception eCos exception 2.0 Fawkes Runtime Exception FLTK exception fmt exception Font exception 2.0 FreeRTOS Exception 2.0 GCC Runtime Library exception 2.0 GCC Runtime Library exception 2.0 - note variant GCC Runtime Library exception 3.1 Gmsh exception> GNAT exception GNOME examples exception GNU Compiler Exception GNU JavaMail exception GPL-3.0 Interface Exception GPL-3.0 Linking Exception GPL-3.0 Linking Exception (with Corresponding Source) GPL Cooperation Commitment 1.0 GStreamer Exception (2005) GStreamer Exception (2008) i2p GPL+Java Exception KiCad Libraries Exception LGPL-3.0 Linking Exception libpri OpenH323 exception Libtool Exception Linux Syscall Note LLGPL Preamble LLVM Exception LZMA exception Macros and Inline Functions Exception Nokia Qt LGPL exception 1.1 OCaml LGPL Linking Exception Open CASCADE Exception 1.0 OpenJDK Assembly exception 1.0 OpenVPN OpenSSL Exception PCRE2 exception PS/PDF font exception (2017-08-17) INRIA QPL 1.0 2004 variant exception Qt GPL exception 1.0 Qt LGPL exception 1.1 Qwt exception 1.0 RRDtool FLOSS exception 2.0 SANE Exception Solderpad Hardware License v2.0 Solderpad Hardware License v2.1 stunnel Exception SWI exception Swift Exception Texinfo exception U-Boot exception 2.0 Unmodified Binary Distribution exception Universal FOSS Exception, Version 1.0 vsftpd OpenSSL exception WxWindows Library Exception 3.1 x11vnc OpenSSL Exception cyclonedx-python-lib-9.1.0/cyclonedx/schema/schema.py000066400000000000000000000050501476011761300226440ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from abc import ABC, abstractmethod from typing import Dict, Literal, Type from py_serializable import ViewType from . import SchemaVersion class BaseSchemaVersion(ABC, ViewType): @property @abstractmethod def schema_version_enum(self) -> SchemaVersion: ... # pragma: no cover def get_schema_version(self) -> str: return self.schema_version_enum.to_version() class SchemaVersion1Dot6(BaseSchemaVersion): @property def schema_version_enum(self) -> Literal[SchemaVersion.V1_6]: return SchemaVersion.V1_6 class SchemaVersion1Dot5(BaseSchemaVersion): @property def schema_version_enum(self) -> Literal[SchemaVersion.V1_5]: return SchemaVersion.V1_5 class SchemaVersion1Dot4(BaseSchemaVersion): @property def schema_version_enum(self) -> Literal[SchemaVersion.V1_4]: return SchemaVersion.V1_4 class SchemaVersion1Dot3(BaseSchemaVersion): @property def schema_version_enum(self) -> Literal[SchemaVersion.V1_3]: return SchemaVersion.V1_3 class SchemaVersion1Dot2(BaseSchemaVersion): @property def schema_version_enum(self) -> Literal[SchemaVersion.V1_2]: return SchemaVersion.V1_2 class SchemaVersion1Dot1(BaseSchemaVersion): @property def schema_version_enum(self) -> Literal[SchemaVersion.V1_1]: return SchemaVersion.V1_1 class SchemaVersion1Dot0(BaseSchemaVersion): @property def schema_version_enum(self) -> Literal[SchemaVersion.V1_0]: return SchemaVersion.V1_0 SCHEMA_VERSIONS: Dict[SchemaVersion, Type[BaseSchemaVersion]] = { SchemaVersion.V1_6: SchemaVersion1Dot6, SchemaVersion.V1_5: SchemaVersion1Dot5, SchemaVersion.V1_4: SchemaVersion1Dot4, SchemaVersion.V1_3: SchemaVersion1Dot3, SchemaVersion.V1_2: SchemaVersion1Dot2, SchemaVersion.V1_1: SchemaVersion1Dot1, SchemaVersion.V1_0: SchemaVersion1Dot0, } cyclonedx-python-lib-9.1.0/cyclonedx/serialization/000077500000000000000000000000001476011761300224475ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/cyclonedx/serialization/__init__.py000066400000000000000000000056041476011761300245650ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. """ Set of helper classes for use with ``serializable`` when conducting (de-)serialization. """ from typing import Any, Optional from uuid import UUID # See https://github.com/package-url/packageurl-python/issues/65 from packageurl import PackageURL from py_serializable.helpers import BaseHelper from ..exception.serialization import CycloneDxDeserializationException, SerializationOfUnexpectedValueException from ..model.bom_ref import BomRef from ..model.license import _LicenseRepositorySerializationHelper class BomRefHelper(BaseHelper): """**DEPRECATED** in favour of :class:`BomRef`. .. deprecated:: 8.6 Use :class:`BomRef` instead. """ # TODO: remove, no longer needed @classmethod def serialize(cls, o: Any) -> Optional[str]: return BomRef.serialize(o) @classmethod def deserialize(cls, o: Any) -> BomRef: return BomRef.deserialize(o) class PackageUrl(BaseHelper): @classmethod def serialize(cls, o: Any, ) -> str: if isinstance(o, PackageURL): return str(o.to_string()) raise SerializationOfUnexpectedValueException( f'Attempt to serialize a non-PackageURL: {o!r}') @classmethod def deserialize(cls, o: Any) -> PackageURL: try: return PackageURL.from_string(purl=str(o)) except ValueError as err: raise CycloneDxDeserializationException( f'PURL string supplied does not parse: {o!r}' ) from err class UrnUuidHelper(BaseHelper): @classmethod def serialize(cls, o: Any) -> str: if isinstance(o, UUID): return o.urn raise SerializationOfUnexpectedValueException( f'Attempt to serialize a non-UUID: {o!r}') @classmethod def deserialize(cls, o: Any) -> UUID: try: return UUID(str(o)) except ValueError as err: raise CycloneDxDeserializationException( f'UUID string supplied does not parse: {o!r}' ) from err class LicenseRepositoryHelper(_LicenseRepositorySerializationHelper): """**DEPRECATED** .. deprecated:: 8.6 No public API planned for replacing this, """ # TODO: remove, no longer needed pass cyclonedx-python-lib-9.1.0/cyclonedx/spdx.py000066400000000000000000000047611476011761300211320ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. __all__ = [ 'is_supported_id', 'fixup_id', 'is_expression' ] from json import load as json_load from typing import TYPE_CHECKING, Dict, Optional, Set from license_expression import get_spdx_licensing # type:ignore[import-untyped] from .schema._res import SPDX_JSON as __SPDX_JSON_SCHEMA if TYPE_CHECKING: # pragma: no cover from license_expression import Licensing # region init # python's internal module loader will assure that this init-part runs only once. # !!! this requires to ship the actual schema data with the package. with open(__SPDX_JSON_SCHEMA) as schema: __IDS: Set[str] = set(json_load(schema).get('enum', [])) assert len(__IDS) > 0, 'known SPDX-IDs should be non-empty set' __IDS_LOWER_MAP: Dict[str, str] = dict((id_.lower(), id_) for id_ in __IDS) __SPDX_EXPRESSION_LICENSING: 'Licensing' = get_spdx_licensing() # endregion def is_supported_id(value: str) -> bool: """Validate SPDX-ID according to current spec.""" return value in __IDS def fixup_id(value: str) -> Optional[str]: """Fixup SPDX-ID. :returns: repaired value string, or `None` if fixup was unable to help. """ return __IDS_LOWER_MAP.get(value.lower()) def is_expression(value: str) -> bool: """Validate SPDX license expression. .. note:: Utilizes `license-expression library`_ to validate SPDX compound expression according to `SPDX license expression spec`_. .. _SPDX license expression spec: https://spdx.github.io/spdx-spec/v3.0.1/annexes/spdx-license-expressions/ .. _license-expression library: https://github.com/nexB/license-expression """ try: res = __SPDX_EXPRESSION_LICENSING.validate(value) except Exception: # the throw happens when internals crash due to unexpected input characters. return False return 0 == len(res.errors) cyclonedx-python-lib-9.1.0/cyclonedx/validation/000077500000000000000000000000001476011761300217245ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/cyclonedx/validation/__init__.py000066400000000000000000000074411476011761300240430ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from abc import ABC, abstractmethod from typing import TYPE_CHECKING, Any, Literal, Optional, Protocol, Union, overload from ..schema import OutputFormat if TYPE_CHECKING: # pragma: no cover from ..schema import SchemaVersion from .json import JsonValidator from .xml import XmlValidator class ValidationError: """Validation failed with this specific error. Use :attr:`~data` to access the content. """ data: Any def __init__(self, data: Any) -> None: self.data = data def __repr__(self) -> str: return repr(self.data) def __str__(self) -> str: return str(self.data) class SchemabasedValidator(Protocol): """Schema-based Validator protocol""" def validate_str(self, data: str) -> Optional[ValidationError]: """Validate a string :param data: the data string to validate :return: validation error :retval None: if ``data`` is valid :retval ValidationError: if ``data`` is invalid """ ... # pragma: no cover class BaseSchemabasedValidator(ABC, SchemabasedValidator): """Base Schema-based Validator""" def __init__(self, schema_version: 'SchemaVersion') -> None: self.__schema_version = schema_version if not self._schema_file: raise ValueError(f'Unsupported schema_version: {schema_version!r}') @property def schema_version(self) -> 'SchemaVersion': """Get the schema version.""" return self.__schema_version @property @abstractmethod def output_format(self) -> OutputFormat: """Get the format.""" ... # pragma: no cover @property @abstractmethod def _schema_file(self) -> Optional[str]: """Get the schema file according to schema version.""" ... # pragma: no cover @overload def make_schemabased_validator(output_format: Literal[OutputFormat.JSON], schema_version: 'SchemaVersion' ) -> 'JsonValidator': ... # pragma: no cover @overload def make_schemabased_validator(output_format: Literal[OutputFormat.XML], schema_version: 'SchemaVersion' ) -> 'XmlValidator': ... # pragma: no cover @overload def make_schemabased_validator(output_format: OutputFormat, schema_version: 'SchemaVersion' ) -> Union['JsonValidator', 'XmlValidator']: ... # pragma: no cover def make_schemabased_validator(output_format: OutputFormat, schema_version: 'SchemaVersion' ) -> 'BaseSchemabasedValidator': """Get the default Schema-based Validator for a certain :class:`OutputFormat`. Raises error when no instance could be made. """ if TYPE_CHECKING: # pragma: no cover from typing import Type Validator: Type[BaseSchemabasedValidator] # noqa:N806 if OutputFormat.JSON is output_format: from .json import JsonValidator as Validator elif OutputFormat.XML is output_format: from .xml import XmlValidator as Validator else: raise ValueError(f'Unexpected output_format: {output_format!r}') return Validator(schema_version) cyclonedx-python-lib-9.1.0/cyclonedx/validation/json.py000066400000000000000000000114031476011761300232460ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. __all__ = ['JsonValidator', 'JsonStrictValidator'] from abc import ABC from json import loads as json_loads from typing import TYPE_CHECKING, Any, Literal, Optional, Tuple from ..schema import OutputFormat if TYPE_CHECKING: # pragma: no cover from ..schema import SchemaVersion from ..exception import MissingOptionalDependencyException from ..schema._res import BOM_JSON as _S_BOM, BOM_JSON_STRICT as _S_BOM_STRICT, JSF as _S_JSF, SPDX_JSON as _S_SPDX from . import BaseSchemabasedValidator, SchemabasedValidator, ValidationError _missing_deps_error: Optional[Tuple[MissingOptionalDependencyException, ImportError]] = None try: from jsonschema.exceptions import ValidationError as JsonValidationError # type:ignore[import-untyped] from jsonschema.validators import Draft7Validator # type:ignore[import-untyped] from referencing import Registry from referencing.jsonschema import DRAFT7 if TYPE_CHECKING: # pragma: no cover from jsonschema.protocols import Validator as JsonSchemaValidator # type:ignore[import-untyped] except ImportError as err: _missing_deps_error = MissingOptionalDependencyException( 'This functionality requires optional dependencies.\n' 'Please install `cyclonedx-python-lib` with the extra "json-validation".\n' ), err class _BaseJsonValidator(BaseSchemabasedValidator, ABC): @property def output_format(self) -> Literal[OutputFormat.JSON]: return OutputFormat.JSON def __init__(self, schema_version: 'SchemaVersion') -> None: # this is the def that is used for generating the documentation super().__init__(schema_version) if _missing_deps_error: # noqa:C901 __MDERROR = _missing_deps_error def validate_str(self, data: str) -> Optional[ValidationError]: raise self.__MDERROR[0] from self.__MDERROR[1] else: def validate_str(self, data: str) -> Optional[ValidationError]: return self._validata_data( json_loads(data)) def _validata_data(self, data: Any) -> Optional[ValidationError]: validator = self._validator # may throw on error that MUST NOT be caught try: validator.validate(data) except JsonValidationError as error: return ValidationError(error) return None __validator: Optional['JsonSchemaValidator'] = None @property def _validator(self) -> 'JsonSchemaValidator': if not self.__validator: schema_file = self._schema_file if schema_file is None: raise NotImplementedError('missing schema file') with open(schema_file) as sf: self.__validator = Draft7Validator( json_loads(sf.read()), registry=self.__make_validator_registry(), format_checker=Draft7Validator.FORMAT_CHECKER) return self.__validator @staticmethod def __make_validator_registry() -> Registry[Any]: schema_prefix = 'http://cyclonedx.org/schema/' with open(_S_SPDX) as spdx, open(_S_JSF) as jsf: return Registry().with_resources([ (f'{schema_prefix}spdx.SNAPSHOT.schema.json', DRAFT7.create_resource(json_loads(spdx.read()))), (f'{schema_prefix}jsf-0.82.SNAPSHOT.schema.json', DRAFT7.create_resource(json_loads(jsf.read()))), ]) class JsonValidator(_BaseJsonValidator, BaseSchemabasedValidator, SchemabasedValidator): """Validator for CycloneDX documents in JSON format.""" @property def _schema_file(self) -> Optional[str]: return _S_BOM.get(self.schema_version) class JsonStrictValidator(_BaseJsonValidator, BaseSchemabasedValidator, SchemabasedValidator): """Strict validator for CycloneDX documents in JSON format. In contrast to :class:`~JsonValidator`, the document must not have additional or unknown JSON properties. """ @property def _schema_file(self) -> Optional[str]: return _S_BOM_STRICT.get(self.schema_version) cyclonedx-python-lib-9.1.0/cyclonedx/validation/model.py000066400000000000000000000016071476011761300234020ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. # nothing here, yet. # in the future this could be the place where model validation is done. # like the current `model.bom.Bom.validate()` # see also: https://github.com/CycloneDX/cyclonedx-python-lib/issues/455 cyclonedx-python-lib-9.1.0/cyclonedx/validation/xml.py000066400000000000000000000072121476011761300231000ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. __all__ = ['XmlValidator'] from abc import ABC from typing import TYPE_CHECKING, Any, Literal, Optional, Tuple from ..exception import MissingOptionalDependencyException from ..schema import OutputFormat from ..schema._res import BOM_XML as _S_BOM from . import BaseSchemabasedValidator, SchemabasedValidator, ValidationError if TYPE_CHECKING: # pragma: no cover from ..schema import SchemaVersion _missing_deps_error: Optional[Tuple[MissingOptionalDependencyException, ImportError]] = None try: from lxml.etree import ( # type:ignore[import-untyped] # nosec B410 XMLParser, XMLSchema, fromstring as xml_fromstring, ) except ImportError as err: _missing_deps_error = MissingOptionalDependencyException( 'This functionality requires optional dependencies.\n' 'Please install `cyclonedx-python-lib` with the extra "xml-validation".\n' ), err class _BaseXmlValidator(BaseSchemabasedValidator, ABC): @property def output_format(self) -> Literal[OutputFormat.XML]: return OutputFormat.XML def __init__(self, schema_version: 'SchemaVersion') -> None: # this is the def that is used for generating the documentation super().__init__(schema_version) if _missing_deps_error: __MDERROR = _missing_deps_error def validate_str(self, data: str) -> Optional[ValidationError]: raise self.__MDERROR[0] from self.__MDERROR[1] else: def validate_str(self, data: str) -> Optional[ValidationError]: return self._validata_data( xml_fromstring( # nosec B320 bytes(data, encoding='utf8'), parser=self.__xml_parser)) def _validata_data(self, data: Any) -> Optional[ValidationError]: validator = self._validator # may throw on error that MUST NOT be caught if not validator.validate(data): return ValidationError(validator.error_log.last_error) return None __validator: Optional['XMLSchema'] = None @property def __xml_parser(self) -> XMLParser: return XMLParser( attribute_defaults=False, dtd_validation=False, load_dtd=False, no_network=True, resolve_entities=False, huge_tree=True, compact=True, recover=False ) @property def _validator(self) -> 'XMLSchema': if not self.__validator: schema_file = self._schema_file if schema_file is None: raise NotImplementedError('missing schema file') self.__validator = XMLSchema(file=schema_file) return self.__validator class XmlValidator(_BaseXmlValidator, BaseSchemabasedValidator, SchemabasedValidator): """Validator for CycloneDX documents in XML format.""" @property def _schema_file(self) -> Optional[str]: return _S_BOM.get(self.schema_version) cyclonedx-python-lib-9.1.0/docs/000077500000000000000000000000001476011761300165325ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/docs/Makefile000066400000000000000000000011721476011761300201730ustar00rootroot00000000000000# Minimal makefile for Sphinx documentation # # You can set these variables from the command line, and also # from the environment for the first two. SPHINXOPTS ?= SPHINXBUILD ?= sphinx-build SOURCEDIR = . BUILDDIR = _build # Put it first so that "make" without argument is like "make help". help: @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) .PHONY: help Makefile # Catch-all target: route all unknown targets to Sphinx using the new # "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). %: Makefile @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) cyclonedx-python-lib-9.1.0/docs/architecture.rst000066400000000000000000000027641476011761300217570ustar00rootroot00000000000000.. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 Architecture ============ This library broadly is separated into three key functional areas: 1. **Model**: Internal models used to unify data. **Note:** As of version 4.0.0 of this library we support deserialization from JSON and XML as well as serialization to JSON and XML. 2. **Output**: Choose and configure an output which allows you to define output format as well as the CycloneDX schema version When wishing to generate a BOM, the process is as follows: 1. Generate a Model by either: 1. Programmatically using this library 2. By deserializing from an existing CycloneDX BOM document 2. Output the Model using an :py:mod:`cyclonedx.output` instance that reflects the schema version and format you require .. toctree:: :maxdepth: 2 :caption: Contents: modelling schema-support outputting .. _cyclonedx-python: https://pypi.org/project/cyclonedx-bom/ cyclonedx-python-lib-9.1.0/docs/changelog.rst000066400000000000000000000012561476011761300212170ustar00rootroot00000000000000.. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 ========= Changelog ========= .. mdinclude:: ../CHANGELOG.md cyclonedx-python-lib-9.1.0/docs/conf.py000066400000000000000000000052271476011761300200370ustar00rootroot00000000000000# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # -- Project information ----------------------------------------------------- from datetime import date project = 'CycloneDX Python Library' copyright = f'{date.today().strftime("%Y")}, Copyright (c) OWASP Foundation' author = 'Paul Horton, Jan Kowalleck, Steve Springett, Patrick Dwyer' # The full version, including alpha/beta/rc tags # !! version is managed by semantic_release release = '9.1.0' # -- General configuration --------------------------------------------------- # Add any Sphinx extension module names here, as strings. They can be # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom # ones. extensions = [ "sphinx.ext.autodoc", # "sphinx.ext.viewcode", "autoapi.extension", "sphinx_rtd_theme", "m2r2" ] # Document Python Code autoapi_type = 'python' autoapi_dirs = ['../cyclonedx'] # see https://sphinx-autoapi.readthedocs.io/en/latest/reference/config.html#confval-autoapi_options autoapi_options = ['show-module-summary', 'members', 'undoc-members', 'inherited-members', 'show-inheritance'] source_suffix = ['.rst', '.md'] # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] # List of patterns, relative to source directory, that match files and # directories to ignore when looking for source files. # This pattern also affects html_static_path and html_extra_path. # see https://www.sphinx-doc.org/en/master/usage/configuration.html#confval-exclude_patterns exclude_patterns = [ 'processes', # internal docs '_build', # build target '.*', '**/.*', # dotfiles and folders 'Thumbs.db', '**/Thumbs.db', ] # -- Options for HTML output ------------------------------------------------- # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. # html_theme = 'sphinx_rtd_theme' # Add any paths that contain custom static files (such as style sheets) here, # relative to this directory. They are copied after the builtin static files, # so a file named "default.css" will overwrite the builtin "default.css". html_static_path = ['_static'] cyclonedx-python-lib-9.1.0/docs/contributing.rst000066400000000000000000000000421476011761300217670ustar00rootroot00000000000000.. mdinclude:: ../CONTRIBUTING.md cyclonedx-python-lib-9.1.0/docs/examples.rst000066400000000000000000000015771476011761300211140ustar00rootroot00000000000000.. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 Examples ======== Complex Serialize ----------------- .. literalinclude:: ../examples/complex_serialize.py :language: python :linenos: Complex Deserialize ------------------- .. literalinclude:: ../examples/complex_deserialize.py :language: python :linenos: cyclonedx-python-lib-9.1.0/docs/index.rst000066400000000000000000000035571476011761300204050ustar00rootroot00000000000000.. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 CycloneDX’s Python Library documentation ==================================================== OWASP `CycloneDX`_ is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. This Python package provides data models, validators and more, to help you create/render/read CycloneDX documents. **This package is not designed for standalone use. It is a software library.** As of version ``3.0.0`` of this library, the internal data model was adjusted to allow CycloneDX VEX documents to be produced as per `official examples`_ linking VEX to a separate CycloneDX document. If you're looking for a CycloneDX tool to run to generate (SBOM) software bill-of-materials documents, why not checkout `CycloneDX Python`_ or `Jake`_. .. _CycloneDX: https://cyclonedx.org/ .. _official examples: https://cyclonedx.org/capabilities/bomlink/#linking-external-vex-to-bom-inventory .. _CycloneDX Python: https://pypi.org/project/cyclonedx-bom/ .. _Jake: https://pypi.org/project/jake .. _CycloneDX Tool Center: https://cyclonedx.org/tool-center/ .. toctree:: :maxdepth: 2 :caption: Contents: responsibilities_capabilities install architecture examples contributing support changelog upgrading cyclonedx-python-lib-9.1.0/docs/install.rst000066400000000000000000000030751476011761300207370ustar00rootroot00000000000000.. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 Installation ============ Install from `pypi.org`_ as you would any other Python module using your preferred package manager: .. code-block:: sh pip install cyclonedx-python-lib *CycloneDX-python-lib* is also available from `conda-forge`_. .. _pypi.org: https://pypi.org/project/cyclonedx-python-lib/ .. _conda-forge: https://anaconda.org/conda-forge/cyclonedx-python-lib Some dependencies might be optional - they are referenced via the *extras*. .. _install extras: Extras ------ The following extras are available when installing this package: `json-validation` Install the optional dependencies needed for JSON validation. `xml-validation` Install the optional dependencies needed for XML validation. `validation` Install the optional dependencies needed for all supported validations. They can be used when installing in order to include additional dependencies, e.g.: .. code-block:: sh pip install 'cyclonedx-python-lib[validation]' cyclonedx-python-lib-9.1.0/docs/make.bat000066400000000000000000000014401476011761300201360ustar00rootroot00000000000000@ECHO OFF pushd %~dp0 REM Command file for Sphinx documentation if "%SPHINXBUILD%" == "" ( set SPHINXBUILD=sphinx-build ) set SOURCEDIR=. set BUILDDIR=_build if "%1" == "" goto help %SPHINXBUILD% >NUL 2>NUL if errorlevel 9009 ( echo. echo.The 'sphinx-build' command was not found. Make sure you have Sphinx echo.installed, then set the SPHINXBUILD environment variable to point echo.to the full path of the 'sphinx-build' executable. Alternatively you echo.may add the Sphinx directory to PATH. echo. echo.If you don't have Sphinx installed, grab it from echo.https://www.sphinx-doc.org/ exit /b 1 ) %SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% goto end :help %SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% :end popd cyclonedx-python-lib-9.1.0/docs/modelling.rst000066400000000000000000000063131476011761300212410ustar00rootroot00000000000000.. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 Modelling ========= You can create a BOM Model from either manually using the methods available directly on the :py:class:`cyclonedx.model.bom.Bom` class, or deserialize a JSON/XML via :py:meth:`cyclonedx.model.bom.Bom.from_json`/:py:meth:`cyclonedx.model.bom.Bom.from_xml` Vulnerabilities are supported by the Model as of version 0.3.0. **Note:** Known vulnerabilities associated with Components can be sourced from various data sources, but this library will not source them for you. Perhaps look at `Jake`_ if you're interested in this. Example BOM created programmatically ------------------------------------ .. note:: It is recommended that you have a good understanding of the `CycloneDX Schema`_ before attempting to create a BOM programmatically with this library. For the most up-to-date in-depth examples, look at our `Unit Tests`_. Example BOM created from existing CycloneDX BOM ------------------------------------ .. note:: Supported from version 4.0.0 of this library. Deserializing from a CycloneDX JSON BOM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Each model class in this library that is serializable provides a magic ``from_json()`` method. See the example below to read and deserialize a JSON CycloneDX document. Note that reading the file and loading as JSON is the programmers responsibility. .. code-block:: python import json from cyclonedx.model.bom import Bom with open('/path/to/my/cyclonedx.json') as input_json: deserialized_bom = Bom.from_json(data=json.loads(input_json.read())) Deserializing from a CycloneDX XML BOM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Each model class in this library that is serializable provides a magic ``from_xml()`` method. See the example below to read and deserialize a XML CycloneDX document. Note that reading the file and loading as XML is the programmers responsibility. Be careful to avoid XML vulnerabilities as documented `here`_. It is recommended that you use a library such as `defusedxml` instead of the native `xml.etree.ElementTree`. .. code-block:: python from xml.etree import ElementTree from cyclonedx.model.bom import Bom with open('/path/to/my/cyclonedx.xml') as input_xml: deserialized_bom = cast(Bom, Bom.from_xml(data=ElementTree.fromstring(input_xml.read()))) .. _CycloneDX Python: https://github.com/CycloneDX/cyclonedx-python .. _Jake: https://pypi.org/project/jake .. _CycloneDX Schema: https://cyclonedx.org/docs/latest .. _Unit Tests: https://github.com/CycloneDX/cyclonedx-python-lib/tree/main/tests .. _here: https://docs.python.org/3/library/xml.html#xml-vulnerabilities cyclonedx-python-lib-9.1.0/docs/outputting.rst000066400000000000000000000056221476011761300215130ustar00rootroot00000000000000.. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 Outputting ========== Once you have an instance of a :py:mod:`cyclonedx.model.bom.Bom` you can produce output in either **JSON** or **XML** against any of the supported CycloneDX schema versions. We provide two helper methods: * Output to string (for you to do with as you require) * Output directly to a filename you provide By default output will be in XML at latest supported schema version - see :py:mod:`cyclonedx.output.LATEST_SUPPORTED_SCHEMA_VERSION`. Supported CycloneDX Schema Versions ----------------------------------- This library supports the following schema versions: * 1.0 (XML) - `(note, 1.1 schema version has no support for JSON)` * 1.1 (XML) - `(note, 1.1 schema version has no support for JSON)` * 1.2 (XML, JSON) * 1.3 (XML, JSON) * 1.4 (XML, JSON) - the latest supported schema version Outputting to JSON ------------------ The below example relies on the latest schema version, but sets the output format to JSON. Output is returned as a ``str``. .. code-block:: python from cyclonedx.output import make_outputter, BaseOutput, OutputFormat, SchemaVersion outputter: BaseOutput = make_outputter(bom=bom, output_format=OutputFormat.JSON, schema_version=SchemaVersion.V1_6) bom_json: str = outputter.output_as_string() Alternatively, if the output format and schema version are constants, you can use the predefined format+schema combined outputs: .. code-block:: python from cyclonedx.output.json import JsonV1Dot6 outputter = JsonV1Dot6(bom=bom) bom_json: str = outputter.output_as_string() Outputting to XML ------------------ The below example relies on the default output format being XML, but overrides the schema version to 1.2. Output is written to the supplied filename. .. code-block:: python from cyclonedx.output import make_outputter, BaseOutput, OutputFormat, SchemaVersion outputter: BaseOutput = make_outputter(bom=bom, output_format=OutputFormat.XML, schema_version=SchemaVersion.V1_2) outputter.output_to_file(filename='/tmp/sbom-v1.2.xml') Alternatively, if the output format and schema version are constants, you can use the predefined format+schema combined outputs: .. code-block:: python from cyclonedx.output.xml import XmlV1Dot2 outputter = XmlV1Dot2(bom=bom) outputter.output_to_file(filename='/tmp/sbom-v1.2.xml') cyclonedx-python-lib-9.1.0/docs/processes/000077500000000000000000000000001476011761300205405ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/docs/processes/release/000077500000000000000000000000001476011761300221605ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/docs/processes/release/conda-forge.md000066400000000000000000000037411476011761300246730ustar00rootroot00000000000000# Coda-forge releases Releases of [_CycloneDX-python-lib_ for Anaconda][CDXlib-conda-forge] are managed in a [separate conda-forge feedstock-repository][CDXlib-conda-forge-feedstock-repo] as [announced][first-conda-forge-release] by [@bollwyvl]. ## Current build status
All platforms:
## Current release info | Name | Downloads | Version | Platforms | | --- | --- | --- | --- | | [![Conda Recipe](https://img.shields.io/badge/recipe-cyclonedx--python--lib-green.svg)](https://anaconda.org/conda-forge/cyclonedx-python-lib) | [![Conda Downloads](https://img.shields.io/conda/dn/conda-forge/cyclonedx-python-lib.svg)](https://anaconda.org/conda-forge/cyclonedx-python-lib) | [![Conda Version](https://img.shields.io/conda/vn/conda-forge/cyclonedx-python-lib.svg)](https://anaconda.org/conda-forge/cyclonedx-python-lib) | [![Conda Platforms](https://img.shields.io/conda/pn/conda-forge/cyclonedx-python-lib.svg)](https://anaconda.org/conda-forge/cyclonedx-python-lib) | ## Licensing The [_CycloneDX-python-lib_ conda-forge feedstock repository][CDXlib-conda-forge-feedstock-repo] is or may be licensed under a different form than the _CycloneDX-python-lib_ project itself. The License of _CycloneDX-python-lib_ stays [as stated in it's repository][license_file]. [CDXlib-conda-forge]: https://anaconda.org/conda-forge/cyclonedx-python-lib [CDXlib-conda-forge-feedstock-repo]: https://github.com/conda-forge/cyclonedx-python-lib-feedstock [@bollwyvl]: https://github.com/bollwyvl [first-conda-forge-release]: https://github.com/CycloneDX/cyclonedx-python-lib/issues/44#issuecomment-989912153 [license_file]: https://github.com/CycloneDX/cyclonedx-python-lib/blob/master/LICENSE cyclonedx-python-lib-9.1.0/docs/requirements.txt000066400000000000000000000001211476011761300220100ustar00rootroot00000000000000m2r2>=0.3.2 sphinx>=7.2.6,<9 sphinx-autoapi>=3.0.0,<4 sphinx-rtd-theme>=2.0.0,<3 cyclonedx-python-lib-9.1.0/docs/responsibilities_capabilities.rst000066400000000000000000000067531476011761300253770ustar00rootroot00000000000000.. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 Responsibilities ================ * Provide a general purpose Python-implementation of `CycloneDX`_. * Provide type hints for said implementation, so developers and dev-tools can rely on it. * Provide data models to work with `CycloneDX`_. * Provide data model-validators according to `CycloneDX Specification`_. * Provide JSON- and XML-serializers, that... * support all shipped data models. * respect any supported `CycloneDX Specification`_ and generates valid output accordingly. * generate reproducible/deterministic results. * Provide formal JSON- and XML-validators according to `CycloneDX Specification`_. * Provide mechanisms for JSON- and XML-deserialization of all shipped data models. * Pre-populate `bom-ref`, so linkage is possible. (affects only some data models) Capabilities ============ * Enums and Data models for the following use cases: * :mod:`Bom and Metadata ` * :mod:`BomRef ` * :mod:`Component, Evidence, Patch, Pedigree, and more ` * :mod:`Organizational Contact and Entity ` * :mod:`Cryptographic properties and more ` * :mod:`Definition and Standard ` * :mod:`Dependency ` * :mod:`Impact and related Analysis ` * :mod:`Issue ` * :mod:`License Named, SPDX, Expression, and more ` * :mod:`Lifecycle ` * :mod:`Release Notes ` * :mod:`Service ` * :mod:`Tool ` * :mod:`Vulnerability and related Analysis ` * :mod:`Attachment Copyright, DataFlow, ExternalReference, Hash, Property, and more ` * Factories for the following use cases: * Create data models from any license descriptor string * Builders for the following use cases: * Build a :class:`Component ` data model that represents this library * Build a :class:`Tool ` data model that represents this library * Implementation of the `CycloneDX Specification`_ for the following versions: * ``1.6`` * ``1.5`` * ``1.4`` * ``1.3`` * ``1.2`` * ``1.1`` * ``1.0`` * Serializer that converts :class:`Bom ` data models to XML string * Serializer that converts :class:`Bom ` data models to JSON string * Formal validators for JSON string and XML string. Requires optional dependencies as described in :ref:`install instructions `. * Shipped data model are serializable to and deserializable from both, JSON and XML. .. _CycloneDX: https://cyclonedx.org/ .. _CycloneDX Specification: https://github.com/CycloneDX/specification/#readme cyclonedx-python-lib-9.1.0/docs/schema-support.rst000066400000000000000000000176351476011761300222520ustar00rootroot00000000000000.. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 Schema Support ============== This library has partial support for the CycloneDX specification (we continue to grow support). The following sub-sections aim to explain what support this library provides and any known gaps in support. We do this by calling out support for data as defined in the latest CycloneDX standard specification, regardless of whether it is supported in prior versions of the CycloneDX schema. Root Level Schema Support ------------------------- +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | Data Path | Supported? | Notes | +============================+===============+===================================================================================================+ | ``bom[@version]`` | Yes | | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom[@serialNumber]`` | Yes | | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom.metadata`` | Yes | Not supported: ``lifecycles`` | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom.components`` | Yes | Not supported: ``modified`` (as it is deprecated), ``modelCard``, ``data``, ``signature``. | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom.services`` | Yes | Not supported: ``signature``. | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom.externalReferences`` | Yes | | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom.dependencies`` | Yes | Since ``2.3.0`` | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom.compositions`` | No | | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom.properties`` | Yes | Supported when outputting to Schema Version >= 1.5. See `schema specification bug 130`_ | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom.vulnerabilities`` | Yes | Note: Prior to CycloneDX 1.4, these were present under ``bom.components`` via a schema extension. | | | | Note: As of ``cyclonedx-python-lib`` ``>3.0.0``, Vulnerability are modelled differently | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom.annotations`` | No | | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom.formulation`` | No | | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom.declarations`` | No | | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom.definitions`` | No | | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ | ``bom.signature`` | No | | +----------------------------+---------------+---------------------------------------------------------------------------------------------------+ Internal Model Schema Support ----------------------------- +----------------------------+---------------+----------------------------------------------------------------------------------------------+ | Internal Model | Supported? | Notes | +============================+===============+==============================================================================================+ | ``ComponentEvidence`` |Yes | Not currently supported: ``callstack``, ``identity``, ``occurrences``. | +----------------------------+---------------+----------------------------------------------------------------------------------------------+ | ``DisjunctiveLicense`` |Yes | Not currently supported: ``@bom-ref``, ``licensing``, ``properties``. | +----------------------------+---------------+----------------------------------------------------------------------------------------------+ | ``LicenseExpression`` |Yes | Not currently supported: ``@bom-ref`` | +----------------------------+---------------+----------------------------------------------------------------------------------------------+ | ``OrganizationalContact`` |Yes | Not currently supported: ``@bom-ref`` | +----------------------------+---------------+----------------------------------------------------------------------------------------------+ | ``OrganizationalEntity`` |Yes | Not currently supported: ``@bom-ref`` | +----------------------------+---------------+----------------------------------------------------------------------------------------------+ .. _schema specification bug 130: https://github.com/CycloneDX/specification/issues/130 cyclonedx-python-lib-9.1.0/docs/support.rst000066400000000000000000000024611476011761300210030ustar00rootroot00000000000000.. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 Support ======= If you run into issues utilising this library, please raise a `GitHub Issue`_. When raising an issue please include as much detail as possible including: * Version ``cyclonedx-python-lib`` you have installed * Input(s) * Expected Output(s) * Actual Output(s) Python Version Support ---------------------- We endeavour to support all functionality for all `current actively supported Python versions`_. However, some features may not be possible/present in older Python versions due to their lack of support - which are noted below. .. _GitHub Issue: https://github.com/CycloneDX/cyclonedx-python/issues .. _current actively supported Python versions: https://www.python.org/downloads/cyclonedx-python-lib-9.1.0/docs/upgrading.rst000066400000000000000000000037471476011761300212570ustar00rootroot00000000000000Upgrading to v8 =============== Version 8 is not backwards compatible. Some behaviours and integrations changed. This document covers all breaking changes and should give guidance how to migrate from previous versions. This document is not a full :doc:`change log `, but a migration path. Add this library to Metadata Tools ---------------------------------- This library no longer adds itself to the metadata. Downstream users SHOULD add the following to their BOM build processes, to keep track of the used library. .. code-block:: python from cyclonedx.builder.this import this_component as cdx_lib_component from cyclonedx.model.bom import Bom bom = Bom() bom.metadata.tools.components.add(cdx_lib_component()) Import model Tool ----------------- Class `cyclonedx.model.Tool` was moved to :class:`cyclonedx.model.tool.Tool`. Therefore, the imports need to be migrated. Old: ``from cyclonedx.model import Tool`` New: ``from cyclonedx.model.tool import Tool`` Alter Metadata Tools -------------------- Property :attr:`cyclonedx.model.bom.BomMetaData.tools` is an instance of :class:`cyclonedx.model.tool.ToolRepository`, now. Therefore, the process of adding new tools needs to be migrated. Old: ``my_bom.metadata.tools.add(my_tool)`` New: ``my_bom.metadata.tools.tools.add(my_tool)`` Alter Vulnerability Tools ------------------------- Property :attr:`cyclonedx.model.vulnerability.Vulnerability.tools` is an instance of :class:`cyclonedx.model.tool.ToolRepository`, now. Therefore, the process of adding new tools needs to be migrated. Old: ``my_vulnerability.tools.add(my_tool)`` New: ``my_vulnerability.tools.tools.add(my_tool)`` Set LicenseExpression Acknowledgement ------------------------------------- :class:`cyclonedx.model.license.LicenseExpression()` no longer accepts optional arguments in a positional way, but in a key-word way. Old: ``LicenseExpression(my_exp, my_acknowledgement)`` New: ``LicenseExpression(my_exp, acknowledgement=my_acknowledgement)`` cyclonedx-python-lib-9.1.0/examples/000077500000000000000000000000001476011761300174205ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/examples/README.md000066400000000000000000000004351476011761300207010ustar00rootroot00000000000000# Examples ## Usage * [Build & Serialize](complex_serialize.py) * [Deserialize](complex_deserialize.py) ## Data models The [`models` test data](../tests/_data/models.py) holds also examples for complete structures with all possible use cases, all nesting, and advanced complexity. cyclonedx-python-lib-9.1.0/examples/complex_deserialize.py000066400000000000000000000177501476011761300240330ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import sys from json import loads as json_loads from typing import TYPE_CHECKING from defusedxml import ElementTree as SafeElementTree # type:ignore[import-untyped] from cyclonedx.exception import MissingOptionalDependencyException from cyclonedx.model.bom import Bom from cyclonedx.schema import OutputFormat, SchemaVersion from cyclonedx.validation import make_schemabased_validator from cyclonedx.validation.json import JsonStrictValidator if TYPE_CHECKING: from cyclonedx.validation.xml import XmlValidator # region JSON json_data = """{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:88fabcfa-7529-4ba2-8256-29bec0c03900", "version": 1, "metadata": { "timestamp": "2024-02-10T21:38:53.313120+00:00", "tools": [ { "vendor": "CycloneDX", "name": "cyclonedx-python-lib", "version": "6.4.1", "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ] } ], "component": { "bom-ref": "myApp", "name": "myApp", "type": "application", "licenses": [ { "license": { "id": "MIT" } } ] } }, "components": [ { "bom-ref": "myComponent@1.33.7-beta.1", "type": "library", "group": "acme", "name": "some-component", "version": "1.33.7-beta.1", "purl": "pkg:generic/acme/some-component@1.33.7-beta.1", "licenses": [ { "license": { "name": "(c) 2021 Acme inc." } } ], "supplier": { "name": "Acme Inc", "url": [ "https://www.acme.org" ] } }, { "bom-ref": "some-lib", "type": "library", "name": "some-library", "licenses": [ { "expression": "GPL-3.0-only WITH Classpath-exception-2.0" } ] } ], "dependencies": [ { "ref": "some-lib" }, { "dependsOn": [ "myComponent@1.33.7-beta.1" ], "ref": "myApp" }, { "dependsOn": [ "some-lib" ], "ref": "myComponent@1.33.7-beta.1" } ] }""" my_json_validator = JsonStrictValidator(SchemaVersion.V1_6) try: validation_errors = my_json_validator.validate_str(json_data) if validation_errors: print('JSON invalid', 'ValidationError:', repr(validation_errors), sep='\n', file=sys.stderr) sys.exit(2) print('JSON valid') except MissingOptionalDependencyException as error: print('JSON-validation was skipped due to', error) bom_from_json = Bom.from_json( # type: ignore[attr-defined] json_loads(json_data)) print('bom_from_json', repr(bom_from_json)) # endregion JSON print('', '=' * 30, '', sep='\n') # endregion XML xml_data = """ 2024-02-10T21:38:53.313120+00:00 CycloneDX cyclonedx-python-lib 6.4.1 https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme myApp MIT Acme Inc https://www.acme.org acme some-component 1.33.7-beta.1 (c) 2021 Acme inc. pkg:generic/acme/some-component@1.33.7-beta.1 some-library GPL-3.0-only WITH Classpath-exception-2.0 """ my_xml_validator: 'XmlValidator' = make_schemabased_validator(OutputFormat.XML, SchemaVersion.V1_6) try: validation_errors = my_xml_validator.validate_str(xml_data) if validation_errors: print('XML invalid', 'ValidationError:', repr(validation_errors), sep='\n', file=sys.stderr) sys.exit(2) print('XML valid') except MissingOptionalDependencyException as error: print('XML-validation was skipped due to', error) bom_from_xml = Bom.from_xml( # type: ignore[attr-defined] SafeElementTree.fromstring(xml_data)) print('bom_from_xml', repr(bom_from_xml)) # endregion XML print('', '=' * 30, '', sep='\n') print('assert bom_from_json equals bom_from_xml') assert bom_from_json == bom_from_xml, 'expected to have equal BOMs from JSON and XML' cyclonedx-python-lib-9.1.0/examples/complex_serialize.py000066400000000000000000000103521476011761300235110ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import sys from typing import TYPE_CHECKING from packageurl import PackageURL from cyclonedx.builder.this import this_component as cdx_lib_component from cyclonedx.exception import MissingOptionalDependencyException from cyclonedx.factory.license import LicenseFactory from cyclonedx.model import XsUri from cyclonedx.model.bom import Bom from cyclonedx.model.component import Component, ComponentType from cyclonedx.model.contact import OrganizationalEntity from cyclonedx.output import make_outputter from cyclonedx.output.json import JsonV1Dot5 from cyclonedx.schema import OutputFormat, SchemaVersion from cyclonedx.validation import make_schemabased_validator from cyclonedx.validation.json import JsonStrictValidator if TYPE_CHECKING: from cyclonedx.output.json import Json as JsonOutputter from cyclonedx.output.xml import Xml as XmlOutputter from cyclonedx.validation.xml import XmlValidator lc_factory = LicenseFactory() # region build the BOM bom = Bom() bom.metadata.tools.components.add(cdx_lib_component()) bom.metadata.tools.components.add(Component( name='my-own-SBOM-generator', type=ComponentType.APPLICATION, )) bom.metadata.component = root_component = Component( name='myApp', type=ComponentType.APPLICATION, licenses=[lc_factory.make_from_string('MIT')], bom_ref='myApp', ) component1 = Component( type=ComponentType.LIBRARY, name='some-component', group='acme', version='1.33.7-beta.1', licenses=[lc_factory.make_from_string('(c) 2021 Acme inc.')], supplier=OrganizationalEntity( name='Acme Inc', urls=[XsUri('https://www.acme.org')] ), bom_ref='myComponent@1.33.7-beta.1', purl=PackageURL('generic', 'acme', 'some-component', '1.33.7-beta.1') ) bom.components.add(component1) bom.register_dependency(root_component, [component1]) component2 = Component( type=ComponentType.LIBRARY, name='some-library', licenses=[lc_factory.make_from_string('GPL-3.0-only WITH Classpath-exception-2.0')] ) bom.components.add(component2) bom.register_dependency(component1, [component2]) # endregion build the BOM # region JSON """demo with explicit instructions for SchemaVersion, outputter and validator""" my_json_outputter: 'JsonOutputter' = JsonV1Dot5(bom) serialized_json = my_json_outputter.output_as_string(indent=2) print(serialized_json) my_json_validator = JsonStrictValidator(SchemaVersion.V1_6) try: validation_errors = my_json_validator.validate_str(serialized_json) if validation_errors: print('JSON invalid', 'ValidationError:', repr(validation_errors), sep='\n', file=sys.stderr) sys.exit(2) print('JSON valid') except MissingOptionalDependencyException as error: print('JSON-validation was skipped due to', error) # endregion JSON print('', '=' * 30, '', sep='\n') # region XML """demo with implicit instructions for SchemaVersion, outputter and validator. TypeCheckers will catch errors.""" my_xml_outputter: 'XmlOutputter' = make_outputter(bom, OutputFormat.XML, SchemaVersion.V1_6) serialized_xml = my_xml_outputter.output_as_string(indent=2) print(serialized_xml) my_xml_validator: 'XmlValidator' = make_schemabased_validator( my_xml_outputter.output_format, my_xml_outputter.schema_version) try: validation_errors = my_xml_validator.validate_str(serialized_xml) if validation_errors: print('XML invalid', 'ValidationError:', repr(validation_errors), sep='\n', file=sys.stderr) sys.exit(2) print('XML valid') except MissingOptionalDependencyException as error: print('XML-validation was skipped due to', error) # endregion XML cyclonedx-python-lib-9.1.0/pyproject.toml000066400000000000000000000107121476011761300205170ustar00rootroot00000000000000[build-system] requires = ["poetry-core>=1.0.0"] build-backend = "poetry.core.masonry.api" [tool.poetry] name = "cyclonedx-python-lib" # !! version is managed by semantic_release version = "9.1.0" description = "Python library for CycloneDX" authors = [ "Paul Horton ", "Jan Kowalleck ", ] maintainers = [ "Jan Kowalleck ", ] license = "Apache-2.0" readme = "README.md" homepage = "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" repository = "https://github.com/CycloneDX/cyclonedx-python-lib" documentation = "https://cyclonedx-python-library.readthedocs.io/" packages = [ { include = "cyclonedx" } ] include = [ # all is an object -> prevent parse issue with dependabot { path="README.md", format =["sdist"] }, { path="CHANGELOG.md", format=["sdist"] }, { path="docs", format=["sdist"] }, { path="examples", format=["sdist"] }, { path="tests", format=["sdist"] }, ] exclude = [ # exclude dotfiles and dotfolders "**/.*", "docs/_build", "docs/processes", ] classifiers = [ # Trove classifiers - https://packaging.python.org/specifications/core-metadata/#metadata-classifier # Full list: https://pypi.python.org/pypi?%3Aaction=list_classifiers 'Development Status :: 5 - Production/Stable', 'Intended Audience :: Developers', 'Intended Audience :: Information Technology', 'Intended Audience :: Legal Industry', 'Intended Audience :: System Administrators', 'Topic :: Security', 'Topic :: Software Development', 'Topic :: System :: Software Distribution', 'License :: OSI Approved :: Apache Software License', 'Programming Language :: Python :: 3.8', 'Programming Language :: Python :: 3.9', 'Programming Language :: Python :: 3.10', 'Programming Language :: Python :: 3.11', 'Programming Language :: Python :: 3.12', 'Programming Language :: Python :: 3.13', 'Typing :: Typed', ] keywords = [ "CycloneDX", "library", "OWASP", "SCA", "Software Bill of Materials", "Bill of Materials", "BOM", "SBOM", "VEX", "VDR", "OBOM", "MBOM", "SaaSBOM", "SPDX", "PackageURL", "PURL", ] [tool.poetry.urls] "Bug Tracker" = "https://github.com/CycloneDX/cyclonedx-python-lib/issues" "Funding" = "https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX" [tool.poetry.dependencies] python = "^3.8" packageurl-python = ">=0.11, <2" py-serializable = "^2.0.0" sortedcontainers = "^2.4.0" license-expression = "^30" jsonschema = { version = "^4.18", extras=['format'], optional=true } lxml = { version=">=4,<6", optional=true } [tool.poetry.extras] validation = ["jsonschema", "lxml"] json-validation = ["jsonschema"] xml-validation = ["lxml"] [tool.poetry.group.dev.dependencies] ddt = "1.7.2" coverage = "7.6.1" flake8 = { version="7.1.2", python=">=3.8.1" } flake8-annotations = { version="3.1.1", python=">=3.8.1" } flake8-bugbear = { version="24.12.12", python=">=3.8.1" } flake8-copyright-validator = "0.0.1" flake8-isort = "6.1.1" flake8-quotes = "3.4.0" flake8-use-fstring = "1.4" pep8-naming = "0.14.1" isort = "5.13.2" autopep8 = "2.3.1" mypy = "1.14.1" tomli = { version = "2.2.1", python = "<3.11" } tox = "4.24.1" xmldiff = "2.7.0" bandit = "1.7.10" [tool.semantic_release] # see https://python-semantic-release.readthedocs.io/en/latest/configuration.html commit_author = "semantic-release " commit_message = "chore(release): {version}\n\nAutomatically generated by python-semantic-release\n\nSigned-off-by: semantic-release " upload_to_vcs_release = true build_command = "pip install poetry && poetry build" version_toml = ["pyproject.toml:tool.poetry.version"] version_variables = [ "cyclonedx/__init__.py:__version__", "docs/conf.py:release", ] [tool.semantic_release.publish] dist_glob_patterns = ["dist/*"] upload_to_vcs_release = true [tool.semantic_release.changelog] changelog_file = "CHANGELOG.md" exclude_commit_patterns = [ '''chore(?:\([^)]*?\))?: .+''', '''ci(?:\([^)]*?\))?: .+''', '''refactor(?:\([^)]*?\))?: .+''', '''style(?:\([^)]*?\))?: .+''', '''tests?(?:\([^)]*?\))?: .+''', '''build\((?!deps\): .+)''', ] [tool.semantic_release.branches.main] match = "(main|master)" prerelease = false [tool.semantic_release.branches."step"] match = "(build|chore|ci|docs|feat|fix|perf|style|refactor|tests?)" prerelease = true prerelease_token = "alpha" [tool.semantic_release.branches."major-dev"] match = "(\\d+\\.0\\.0-(dev|rc)|dev/\\d+\\.0\\.0)" prerelease = true prerelease_token = "rc" cyclonedx-python-lib-9.1.0/tests/000077500000000000000000000000001476011761300167445ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/__init__.py000066400000000000000000000161221476011761300210570ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import re import sys from os import getenv, path from typing import TYPE_CHECKING, Any, Dict, Generator, Iterable, List, Optional, Tuple, TypeVar, Union from unittest import TestCase from uuid import UUID from sortedcontainers import SortedSet from cyclonedx.output import BomRefDiscriminator as _BomRefDiscriminator from cyclonedx.schema import OutputFormat, SchemaVersion if TYPE_CHECKING: from cyclonedx.model.bom import Bom from cyclonedx.model.dependency import Dependency _T = TypeVar('_T') _TESTDATA_DIRECTORY = path.join(path.dirname(__file__), '_data') SCHEMA_TESTDATA_DIRECTORY = path.join(_TESTDATA_DIRECTORY, 'schemaTestData') OWN_DATA_DIRECTORY = path.join(_TESTDATA_DIRECTORY, 'own') SNAPSHOTS_DIRECTORY = path.join(_TESTDATA_DIRECTORY, 'snapshots') RECREATE_SNAPSHOTS = '1' == getenv('CDX_TEST_RECREATE_SNAPSHOTS') if RECREATE_SNAPSHOTS: print('!!! WILL RECREATE ALL SNAPSHOTS !!!') class SnapshotMixin: @staticmethod def getSnapshotFile(snapshot_name: str) -> str: # noqa: N802 return path.join(SNAPSHOTS_DIRECTORY, f'{snapshot_name}.bin') @classmethod def writeSnapshot(cls, snapshot_name: str, data: str) -> None: # noqa: N802 with open(cls.getSnapshotFile(snapshot_name), 'w', newline='\n') as s: s.write(data) @classmethod def readSnapshot(cls, snapshot_name: str) -> str: # noqa: N802 with open(cls.getSnapshotFile(snapshot_name), 'r') as s: return s.read() def assertEqualSnapshot(self: Union[TestCase, 'SnapshotMixin'], # noqa: N802 actual: str, snapshot_name: str) -> None: if RECREATE_SNAPSHOTS: self.writeSnapshot(snapshot_name, actual) _omd = self.maxDiff _omd = self.maxDiff self.maxDiff = None try: self.assertEqual(actual, self.readSnapshot(snapshot_name)) finally: self.maxDiff = _omd class DeepCompareMixin: def assertDeepEqual(self: Union[TestCase, 'DeepCompareMixin'], # noqa: N802 first: Any, second: Any, msg: Optional[str] = None) -> None: """costly compare, but very verbose""" _omd = self.maxDiff self.maxDiff = None try: self.maxDiff = None dd1 = self.__deep_dict(first) dd2 = self.__deep_dict(second) self.assertDictEqual(dd1, dd2, msg) finally: self.maxDiff = _omd def __deep_dict(self, o: Any) -> Any: if isinstance(o, tuple): return tuple(self.__deep_dict(i) for i in o) if isinstance(o, list): return list(self.__deep_dict(i) for i in o) if isinstance(o, dict): return {k: self.__deep_dict(v) for k, v in o.items()} if isinstance(o, (set, SortedSet)): # this method returns dict. `dict` is not hashable, so use `tuple` instead. return tuple(self.__deep_dict(i) for i in sorted(o, key=hash)) + ('%conv:%set',) if hasattr(o, '__dict__'): d = {a: self.__deep_dict(v) for a, v in o.__dict__.items() if '__' not in a} d['%conv'] = str(type(o)) return d return o def assertBomDeepEqual(self: Union[TestCase, 'DeepCompareMixin'], # noqa: N802 expected: 'Bom', actual: 'Bom', msg: Optional[str] = None, *, fuzzy_deps: bool = True) -> None: # deps might have been upgraded on serialization, so they might differ edeps = expected.dependencies adeps = actual.dependencies if fuzzy_deps: expected.dependencies = [] actual.dependencies = [] try: self.assertDeepEqual(expected, actual, msg) if fuzzy_deps: self.assertDependenciesFuzzyEqual(edeps, adeps) finally: expected.dependencies = edeps actual.dependencies = adeps def assertDependenciesFuzzyEqual(self: TestCase, # noqa: N802 a: Iterable['Dependency'], b: Iterable['Dependency']) -> None: delta = set(a) ^ set(b) for d in delta: # only actual relevant dependencies shall be taken into account. self.assertEqual(0, len(d.dependencies), f'unexpected dependencies for {d.ref}') def reorder(items: List[_T], indexes: List[int]) -> List[_T]: """ Return list of items in the order indicated by indexes. """ reordered_items = [] for i in range(len(items)): reordered_items.append(items[indexes[i]]) return reordered_items def uuid_generator(offset: int = 0, version: int = 4) -> Generator[UUID, None, None]: v = offset while True: v += 1 yield UUID(int=v, version=version) class BomRefDiscriminator(_BomRefDiscriminator): __uiter = 0 def _make_unique(self) -> str: self.__uiter += 1 return f'TESTING_{self._prefix}{self.__uiter}' _SNAME_EXT = { OutputFormat.JSON: 'json', OutputFormat.XML: 'xml', } _LIMIT_GET_BOM_BY_VERSION_REGEX = re.compile(r'^get_bom_(?Pv(?P1)_(?P[0-6]))?(.*)$') def _get_purpose_as_str(purpose: Union[Any]) -> str: return purpose if isinstance(purpose, str) else purpose.__name__ def is_valid_for_schema_version(purpose: Union[Any], sv: SchemaVersion) -> bool: restrict_to_schema = _LIMIT_GET_BOM_BY_VERSION_REGEX.match(_get_purpose_as_str(purpose)) if restrict_to_schema: mg = restrict_to_schema.groupdict() if mg.get('sv') is not None: restricted_to_sv = SchemaVersion.from_version(f'{mg.get("major_version")}.{mg.get("minor_version")}') if sv >= restricted_to_sv: return True else: return False return True def mksname(purpose: Union[Any], sv: SchemaVersion, f: OutputFormat) -> str: return f'{_get_purpose_as_str(purpose)}-{sv.to_version()}.{_SNAME_EXT[f]}' class DpTuple(Tuple[SchemaVersion, str]): @property def __name__(self) -> str: schema_version, test_data_file = self return f'{schema_version.to_version()}-{path.splitext(path.basename(test_data_file))[0]}' def load_pyproject() -> Dict[str, Any]: if sys.version_info >= (3, 11): from tomllib import load as toml_load else: from tomli import load as toml_load with open(path.join(path.dirname(__file__), '..', 'pyproject.toml'), 'rb') as f: return toml_load(f) cyclonedx-python-lib-9.1.0/tests/_data/000077500000000000000000000000001476011761300200145ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/__init__.py000066400000000000000000000012611476011761300221250ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. cyclonedx-python-lib-9.1.0/tests/_data/models.py000066400000000000000000001601211476011761300216520ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import base64 import sys from datetime import datetime, timezone from decimal import Decimal from inspect import getmembers, isfunction from typing import Any, List, Optional, Tuple from uuid import UUID # See https://github.com/package-url/packageurl-python/issues/65 from packageurl import PackageURL from cyclonedx.builder.this import this_component, this_tool from cyclonedx.model import ( AttachedText, Copyright, DataClassification, DataFlow, Encoding, ExternalReference, ExternalReferenceType, HashType, Note, NoteText, Property, XsUri, ) from cyclonedx.model.bom import Bom, BomMetaData from cyclonedx.model.bom_ref import BomRef from cyclonedx.model.component import ( Commit, Component, ComponentEvidence, ComponentScope, ComponentType, Diff, OmniborId, Patch, PatchClassification, Pedigree, Swhid, Swid, ) from cyclonedx.model.contact import OrganizationalContact, OrganizationalEntity, PostalAddress from cyclonedx.model.crypto import ( AlgorithmProperties, CertificateProperties, CryptoAssetType, CryptoCertificationLevel, CryptoExecutionEnvironment, CryptoFunction, CryptoImplementationPlatform, CryptoMode, CryptoPadding, CryptoPrimitive, CryptoProperties, ProtocolProperties, ProtocolPropertiesCipherSuite, ProtocolPropertiesType, RelatedCryptoMaterialProperties, RelatedCryptoMaterialSecuredBy, RelatedCryptoMaterialState, RelatedCryptoMaterialType, ) from cyclonedx.model.definition import CreId, Definitions, Level, Requirement, Standard from cyclonedx.model.dependency import Dependency from cyclonedx.model.impact_analysis import ( ImpactAnalysisAffectedStatus, ImpactAnalysisJustification, ImpactAnalysisResponse, ImpactAnalysisState, ) from cyclonedx.model.issue import IssueClassification, IssueType, IssueTypeSource from cyclonedx.model.license import DisjunctiveLicense, License, LicenseAcknowledgement, LicenseExpression from cyclonedx.model.lifecycle import LifecyclePhase, NamedLifecycle, PredefinedLifecycle from cyclonedx.model.release_note import ReleaseNotes from cyclonedx.model.service import Service from cyclonedx.model.tool import Tool, ToolRepository from cyclonedx.model.vulnerability import ( BomTarget, BomTargetVersionRange, Vulnerability, VulnerabilityAdvisory, VulnerabilityAnalysis, VulnerabilityCredits, VulnerabilityRating, VulnerabilityReference, VulnerabilityScoreSource, VulnerabilitySeverity, VulnerabilitySource, ) MOCK_TIMESTAMP = datetime.fromisoformat('2023-08-15 01:23:45.678900+00:00') MOCK_UUID = ( 'be2c6502-7e9a-47db-9a66-e34f729810a3', '17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda', '0b049d09-64c0-4490-a0f5-c84d9aacf857', 'cd3e9c95-9d41-49e7-9924-8cf0465ae789', 'bb5911d6-1a1d-41c9-b6e0-46e848d16655', 'df70b5f1-8f53-47a4-be48-669ae78795e6', '6f266d1c-760f-4552-ae3b-41a9b74232fa', '77d15ab9-5602-4cca-8ed2-59ae579aafd3', '859ff614-35a7-4d37-803b-d89130cb2577', '0afa65bc-4acd-428b-9e17-8e97b1969745', '3e671687-395b-41f5-a30f-a58921a69b79', 'd0b24ba4-102b-497e-b31f-4fdc3f0a3005', 'd0e0a795-6177-478b-b293-b0d19e4469f4', '7b2a7a2c-66d5-4b30-8ee2-df966a41024e', '68f7b744-84c2-4f0d-ac8b-c14bd48c37ff', '1a2f9dfc-3c86-48c7-8ca7-1db488d5c2a0', 'a3f4096d-4211-4d68-9d2b-13973c86aca9', ) BOM_SERIAL_NUMBER = UUID('1441d33a-e0fc-45b5-af3b-61ee52a88bac') BOM_TIMESTAMP = datetime.fromisoformat('2023-01-07 13:44:32.312678+00:00') def _make_bom(**kwargs: Any) -> Bom: bom = Bom(**kwargs) bom.serial_number = BOM_SERIAL_NUMBER bom.metadata.timestamp = BOM_TIMESTAMP bom.properties = get_properties_1() return bom def get_bom_with_component_setuptools_basic() -> Bom: return _make_bom(components=[get_component_setuptools_simple()]) def get_bom_with_component_setuptools_with_cpe() -> Bom: component = get_component_setuptools_simple() component.cpe = 'cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*' return _make_bom(components=[component]) def get_crypto_properties_algorithm() -> CryptoProperties: return CryptoProperties( asset_type=CryptoAssetType.ALGORITHM, algorithm_properties=AlgorithmProperties( primitive=CryptoPrimitive.KEM, parameter_set_identifier='a-parameter-set-id', curve='9n8y2oxty3ao83n8qc2g2x3qcw4jt4wj', execution_environment=CryptoExecutionEnvironment.SOFTWARE_PLAIN_RAM, implementation_platform=CryptoImplementationPlatform.GENERIC, certification_levels=[ CryptoCertificationLevel.FIPS140_1_L1, CryptoCertificationLevel.FIPS140_2_L3, CryptoCertificationLevel.OTHER ], mode=CryptoMode.ECB, padding=CryptoPadding.PKCS7, crypto_functions=[ CryptoFunction.SIGN, CryptoFunction.UNKNOWN ], classical_security_level=2, nist_quantum_security_level=2 ), oid='an-oid-here' ) def get_crypto_properties_certificate() -> CryptoProperties: return CryptoProperties( asset_type=CryptoAssetType.CERTIFICATE, certificate_properties=CertificateProperties( subject_name='cyclonedx.org', issuer_name='Cloudflare Inc ECC CA-3', not_valid_before=datetime(year=2023, month=5, day=19, hour=1, minute=0, second=0, microsecond=0, tzinfo=timezone.utc), not_valid_after=datetime(year=2024, month=5, day=19, hour=0, minute=59, second=59, microsecond=999999, tzinfo=timezone.utc), signature_algorithm_ref=None, subject_public_key_ref=None, certificate_format='pem', certificate_extension='csr' ), oid='an-oid-here' ) def get_crypto_properties_protocol() -> CryptoProperties: return CryptoProperties( asset_type=CryptoAssetType.PROTOCOL, protocol_properties=ProtocolProperties( type=ProtocolPropertiesType.TLS, version='1.3', cipher_suites=[ ProtocolPropertiesCipherSuite( name='TLS_AES_128_GCM_SHA256', algorithms=None, identifiers=[ 'TLS_AES_128_GCM_SHA256' ] ), ProtocolPropertiesCipherSuite( name='TLS_AES_256_GCM_SHA384', algorithms=None, identifiers=[ 'TLS_AES_256_GCM_SHA384' ] ), ProtocolPropertiesCipherSuite( name='TLS_CHACHA20_POLY1305_SHA256', algorithms=None, identifiers=[ 'TLS_CHACHA20_POLY1305_SHA256' ] ), ProtocolPropertiesCipherSuite( name='TLS_AES_128_CCM_SHA256', algorithms=None, identifiers=[ 'TLS_AES_128_CCM_SHA256' ] ), ProtocolPropertiesCipherSuite( name='TLS_AES_128_CCM_8_SHA256', algorithms=None, identifiers=[ 'TLS_AES_128_CCM_8_SHA256' ] ) ], crypto_refs=[BomRef('for-test-2'), BomRef('for-test-1')], ), oid='an-oid-here' ) def get_crypto_properties_related_material() -> CryptoProperties: return CryptoProperties( asset_type=CryptoAssetType.RELATED_CRYPTO_MATERIAL, related_crypto_material_properties=RelatedCryptoMaterialProperties( type=RelatedCryptoMaterialType.DIGEST, id='some-identifier', state=RelatedCryptoMaterialState.ACTIVE, algorithm_ref=None, creation_date=datetime(year=2023, month=5, day=19, hour=1, minute=0, second=0, microsecond=0, tzinfo=timezone.utc), activation_date=datetime(year=2023, month=5, day=19, hour=1, minute=0, second=0, microsecond=0, tzinfo=timezone.utc), update_date=None, expiration_date=datetime(year=2024, month=5, day=19, hour=0, minute=59, second=59, microsecond=999999, tzinfo=timezone.utc), value='some-random-value', size=32, format='a-format', secured_by=RelatedCryptoMaterialSecuredBy( mechanism='hard-work', algorithm_ref=None ) ), oid='an-oid-here' ) def get_bom_with_component_setuptools_with_v16_fields() -> Bom: component = get_component_setuptools_simple() component.manufacturer = get_org_entity_1() component.authors = [get_org_contact_1(), get_org_contact_2()] component.omnibor_ids = [OmniborId('gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64')] component.swhids = [ Swhid('swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2'), Swhid('swh:1:rel:22ece559cc7cc2364edc5e5593d63ae8bd229f9f'), Swhid('swh:1:cnt:4d99d2d18326621ccdd70f5ea66c2e2ac236ad8b;' 'origin=https://gitorious.org/ocamlp3l/ocamlp3l_cvs.git;' 'visit=swh:1:snp:d7f1b9eb7ccb596c2622c4780febaa02549830f9;' 'anchor=swh:1:rev:2db189928c94d62a3b4757b3eec68f0a4d4113f0;' 'path=/Examples/SimpleFarm/simplefarm.ml;lines=9-15'), Swhid('swh:1:cnt:f10371aa7b8ccabca8479196d6cd640676fd4a04;origin=https://github.com/web-platform-tests/wpt;' 'visit=swh:1:snp:b37d435721bbd450624165f334724e3585346499;' 'anchor=swh:1:rev:259d0612af038d14f2cd889a14a3adb6c9e96d96;' 'path=/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/' 'support/x%3Burl=foo/') ] return _make_bom(components=[component]) def get_bom_with_component_setuptools_with_v16_fields_omnibor_id_invalid() -> Bom: component = get_component_setuptools_simple() component.manufacturer = get_org_entity_1() component.authors = [get_org_contact_1(), get_org_contact_2()] component.omnibor_ids = [OmniborId('gitoid:stuff:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64')] return _make_bom(components=[component]) def get_bom_with_component_setuptools_with_v16_fields_swhid_invalid() -> Bom: component = get_component_setuptools_simple() component.manufacturer = get_org_entity_1() component.authors = [get_org_contact_1(), get_org_contact_2()] component.omnibor_ids = [OmniborId('gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64')] component.swhids = [ Swhid('swh:1:cntp:94a9ed024d3859793618152ea559a168bbcbb5e2'), ] return _make_bom(components=[component]) def get_component_crypto_asset_algorithm( bom_ref: Optional[str] = '8182921e-0588-472e-b8f9-9c527c68f067' ) -> Component: return Component( name='My Algorithm', version='1.0', type=ComponentType.CRYPTOGRAPHIC_ASSET, bom_ref=bom_ref, crypto_properties=get_crypto_properties_algorithm(), tags=['algorithm'] ) def get_component_crypto_asset_certificate( bom_ref: Optional[str] = '1f4ed1e4-582a-4fa0-8c38-1b4facc16972' ) -> Component: return Component( name='My Certificate', version='1.0', type=ComponentType.CRYPTOGRAPHIC_ASSET, bom_ref=bom_ref, crypto_properties=get_crypto_properties_certificate(), tags=['certificate'] ) def get_component_crypto_asset_protocol_tls_v13( bom_ref: Optional[str] = '26b1ce0f-bec6-4bfe-9db1-03b75a4ed1ec' ) -> Component: return Component( name='TLS', version='v1.3', type=ComponentType.CRYPTOGRAPHIC_ASSET, bom_ref=bom_ref, crypto_properties=get_crypto_properties_protocol(), tags=['protocl', 'tls'] ) def get_component_crypto_asset_related_material( bom_ref: Optional[str] = '332b3cee-078c-4789-ab15-887565b6fac5' ) -> Component: return Component( name='My Encrypted Thing', version='1.0', type=ComponentType.CRYPTOGRAPHIC_ASSET, bom_ref=bom_ref, crypto_properties=get_crypto_properties_related_material(), tags=['encrypted', 'data'] ) def get_bom_v1_6_with_crypto_algorithm() -> Bom: c = get_component_crypto_asset_algorithm() b = _make_bom(components=[c]) b.register_dependency(c) return b def get_bom_v1_6_with_crypto_certificate() -> Bom: c = get_component_crypto_asset_certificate() b = _make_bom(components=[c]) b.register_dependency(c) return b def get_bom_v1_6_with_crypto_protocol() -> Bom: c = get_component_crypto_asset_protocol_tls_v13() b = _make_bom(components=[c]) b.register_dependency(c) return b def get_bom_v1_6_with_crypto_related_material() -> Bom: c = get_component_crypto_asset_related_material() b = _make_bom(components=[c]) b.register_dependency(c) return b def get_bom_with_component_setuptools_no_component_version() -> Bom: return _make_bom(components=[get_component_setuptools_simple_no_version()]) def get_bom_with_component_setuptools_with_release_notes() -> Bom: component = get_component_setuptools_simple() component.release_notes = get_release_notes() return _make_bom(components=[component]) def get_bom_with_dependencies_valid() -> Bom: c1 = get_component_setuptools_simple() c2 = get_component_toml_with_hashes_with_references() return _make_bom( components=[c1, c2], dependencies=[ Dependency(ref=c1.bom_ref, dependencies=[ Dependency(ref=c2.bom_ref) ]), Dependency(ref=c2.bom_ref) ] ) def get_bom_with_dependencies_hanging() -> Bom: """ A bom with a RootComponent and components, but no dependencies are connected to RootComponent. """ c1 = get_component_setuptools_simple('setuptools') c2 = get_component_toml_with_hashes_with_references('toml') bom = _make_bom( version=23, metadata=BomMetaData( component=Component(name='rootComponent', type=ComponentType.APPLICATION, bom_ref='root-component'), ), components=[c1, c2], dependencies=[ Dependency(c1.bom_ref, [ Dependency(c2.bom_ref) ]), Dependency(c2.bom_ref) ] ) return bom def get_bom_with_dependencies_unlinked_invalid() -> Bom: """generate a bom with an unlinked dependency. it is expected to throw on output. """ c1 = get_component_setuptools_simple() return _make_bom(components=[c1], dependencies=[Dependency(ref=BomRef('link-to-ref-not-in-document'))]) def get_bom_with_metadata_component_and_dependencies() -> Bom: cs = get_component_toml_with_hashes_with_references() bom = _make_bom(components=[cs]) bom.metadata.component = get_component_setuptools_simple() bom.dependencies.add( Dependency(ref=bom.metadata.component.bom_ref, dependencies=[ Dependency(ref=cs.bom_ref) ]) ) return bom def get_bom_with_component_setuptools_complete() -> Bom: return _make_bom(components=[get_component_setuptools_complete()]) def get_bom_with_component_setuptools_with_vulnerability() -> Bom: bom = _make_bom() component = get_component_setuptools_simple() if not component.purl: raise ValueError('purl is required here') bom.components.add(component) bom.vulnerabilities.add(Vulnerability( bom_ref='my-vuln-ref-1', id='CVE-2018-7489', source=get_vulnerability_source_nvd(), references=[ VulnerabilityReference(id='SOME-OTHER-ID', source=VulnerabilitySource( name='OSS Index', url=XsUri('https://ossindex.sonatype.org/component/pkg:pypi/setuptools') )) ], ratings=[ VulnerabilityRating( source=get_vulnerability_source_nvd(), score=Decimal('9.8'), severity=VulnerabilitySeverity.CRITICAL, method=VulnerabilityScoreSource.CVSS_V3, vector='AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', justification='Some justification' ), VulnerabilityRating( source=get_vulnerability_source_owasp(), score=Decimal('2.7'), severity=VulnerabilitySeverity.LOW, method=VulnerabilityScoreSource.CVSS_V3, vector='AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N', justification='Some other justification' ) ], cwes=[22, 33], description='A description here', detail='Some detail here', recommendation='Upgrade', workaround='Describe the workarounds here', advisories=[ VulnerabilityAdvisory(url=XsUri('https://nvd.nist.gov/vuln/detail/CVE-2018-7489')), VulnerabilityAdvisory(url=XsUri('http://www.securitytracker.com/id/1040693')) ], created=datetime(year=2021, month=9, day=1, hour=10, minute=50, second=42, microsecond=51979, tzinfo=timezone.utc), published=datetime(year=2021, month=9, day=2, hour=10, minute=50, second=42, microsecond=51979, tzinfo=timezone.utc), updated=datetime(year=2021, month=9, day=3, hour=10, minute=50, second=42, microsecond=51979, tzinfo=timezone.utc), credits=VulnerabilityCredits( organizations=[ get_org_entity_1() ], individuals=[get_org_contact_2()] ), tools=ToolRepository(tools=( Tool(vendor='CycloneDX', name='cyclonedx-python-lib'), )), analysis=VulnerabilityAnalysis( state=ImpactAnalysisState.EXPLOITABLE, justification=ImpactAnalysisJustification.REQUIRES_ENVIRONMENT, responses=[ImpactAnalysisResponse.CAN_NOT_FIX], detail='Some extra detail', first_issued=datetime(year=2018, month=9, day=1, hour=10, minute=50, second=42, microsecond=51979, tzinfo=timezone.utc), last_updated=datetime(year=2018, month=9, day=1, hour=10, minute=50, second=42, microsecond=51979, tzinfo=timezone.utc) ), affects=[ BomTarget( ref=component.purl.to_string(), versions=[BomTargetVersionRange( range='49.0.0 - 54.0.0', status=ImpactAnalysisAffectedStatus.AFFECTED )] ) ], properties=get_properties_1() )) return bom def get_bom_with_component_toml_1() -> Bom: return _make_bom(components=[get_component_toml_with_hashes_with_references()]) def get_bom_just_complete_metadata() -> Bom: bom = _make_bom() bom.metadata.authors = [get_org_contact_1(), get_org_contact_2()] bom.metadata.component = get_component_setuptools_complete() bom.metadata.component.manufacturer = get_org_entity_1() bom.metadata.manufacture = get_org_entity_1() # Deprecated from v1.6 onwards bom.metadata.supplier = get_org_entity_2() bom.metadata.licenses = [DisjunctiveLicense( id='Apache-2.0', url=XsUri('https://www.apache.org/licenses/LICENSE-2.0.txt'), text=AttachedText( encoding=Encoding.BASE_64, content='VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=' ) )] bom.metadata.lifecycles = [PredefinedLifecycle(LifecyclePhase.BUILD)] bom.metadata.properties = get_properties_1() return bom def get_bom_with_external_references() -> Bom: bom = _make_bom(external_references=[ get_external_reference_1(), get_external_reference_2() ]) return bom def get_bom_with_services_simple() -> Bom: bom = _make_bom(services=[ Service(name='my-first-service', bom_ref='my-specific-bom-ref-for-my-first-service'), Service(name='my-second-service', bom_ref='my-specific-bom-ref-for-my-second-service') ]) bom.metadata.component = Component( name='cyclonedx-python-lib', version='1.0.0', type=ComponentType.LIBRARY, bom_ref='my-specific-bom-ref-for-cpl' ) return bom def get_bom_with_services_complex() -> Bom: bom = _make_bom(services=[ Service( name='my-first-service', bom_ref='my-specific-bom-ref-for-my-first-service', provider=get_org_entity_1(), group='a-group', version='1.2.3', description='Description goes here', endpoints=[ XsUri('/api/thing/1'), XsUri('/api/thing/2') ], authenticated=False, x_trust_boundary=True, data=[ DataClassification(flow=DataFlow.OUTBOUND, classification='public') ], licenses=[DisjunctiveLicense(name='Commercial')], external_references=[ get_external_reference_1() ], properties=get_properties_1(), release_notes=get_release_notes() ), Service(name='my-second-service', bom_ref='my-specific-bom-ref-for-my-second-service') ]) bom.metadata.component = Component( name='cyclonedx-python-lib', version='1.0.0', type=ComponentType.LIBRARY, bom_ref='my-specific-bom-ref-for-cpl' ) return bom def get_bom_with_nested_services() -> Bom: bom = _make_bom(services=[ Service( name='my-first-service', bom_ref='my-specific-bom-ref-for-my-first-service', provider=get_org_entity_1(), group='a-group', version='1.2.3', description='Description goes here', endpoints=[ XsUri('/api/thing/1'), XsUri('/api/thing/2') ], authenticated=False, x_trust_boundary=True, data=[ DataClassification(flow=DataFlow.OUTBOUND, classification='public') ], licenses=[DisjunctiveLicense(name='Commercial')], external_references=[ get_external_reference_1() ], properties=get_properties_1(), services=[ Service( name='first-nested-service', bom_ref='my-specific-bom-ref-for-first-nested-service', ), Service( name='second-nested-service', bom_ref='my-specific-bom-ref-for-second-nested-service', provider=get_org_entity_1(), group='no-group', version='3.2.1', authenticated=True, x_trust_boundary=False, ) ], release_notes=get_release_notes() ), Service( name='my-second-service', bom_ref='my-specific-bom-ref-for-my-second-service', services=[ Service( name='yet-another-nested-service', bom_ref='yet-another-nested-service', provider=get_org_entity_1(), group='what-group', version='6.5.4' ), Service( name='another-nested-service', bom_ref='my-specific-bom-ref-for-another-nested-service', ) ], ) ]) bom.metadata.component = Component( name='cyclonedx-python-lib', version='1.0.0', type=ComponentType.LIBRARY, bom_ref='my-specific-bom-ref-for-cpl' ) return bom def get_bom_for_issue_275_components() -> Bom: """regression test for issue #275 see https://github.com/CycloneDX/cyclonedx-python-lib/issues/275 """ app = Component(bom_ref=MOCK_UUID[0], name='app', version='1.0.0') comp_a = Component(bom_ref=MOCK_UUID[1], name='comp_a', version='1.0.0') comp_b = Component(bom_ref=MOCK_UUID[2], name='comp_b', version='1.0.0') comp_c = Component(bom_ref=MOCK_UUID[3], name='comp_c', version='1.0.0') comp_b.components.add(comp_c) # comp_b.dependencies.add(comp_c.bom_ref) libs = [comp_a, comp_b] # app.dependencies.add(comp_a.bom_ref) # app.dependencies.add(comp_b.bom_ref) bom = _make_bom(components=libs) bom.metadata.component = app bom.register_dependency(target=app, depends_on=[comp_a, comp_b]) bom.register_dependency(target=comp_b, depends_on=[comp_c]) return bom # def get_bom_for_issue_275_services() -> Bom: # """regression test for issue #275 # see https://github.com/CycloneDX/cyclonedx-python-lib/issues/275 # """ # app = Component(name="app", version="1.0.0") # serv_a = Service(name='Service A') # serv_b = Service(name='Service B') # serv_c = Service(name='Service C') # # serv_b.services.add(serv_c) # serv_b.dependencies.add(serv_c.bom_ref) # # bom = _makeBom(services=[serv_a, serv_b]) # bom.metadata.component = app # return bom def get_bom_for_issue_328_components() -> Bom: """regression test for issue #328 see https://github.com/CycloneDX/cyclonedx-python-lib/issues/328 """ bom = _make_bom() comp_root = Component(type=ComponentType.APPLICATION, name='my-project', version='1', bom_ref='my-project') comp_a = Component(name='A', version='0.1', bom_ref='component-A') comp_b = Component(name='B', version='1.0', bom_ref='component-B') comp_c = Component(name='C', version='1.0', bom_ref='component-C') # Make a tree of components A -> B -> C comp_a.components = [comp_b] comp_b.components = [comp_c] bom.metadata.component = comp_root bom.register_dependency(comp_root, [comp_a]) bom.components = [comp_a] # Declare dependencies the same way: A -> B -> C bom.register_dependency(comp_a, [comp_b]) bom.register_dependency(comp_b, [comp_c]) return bom def get_component_setuptools_complete(include_pedigree: bool = True) -> Component: component = get_component_setuptools_simple(bom_ref='my-specific-bom-ref-for-dings') component.supplier = get_org_entity_1() component.publisher = 'CycloneDX' component.description = 'This component is awesome' component.scope = ComponentScope.REQUIRED component.copyright = 'Apache 2.0 baby!' component.cpe = 'cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*' component.swid = get_swid_1() if include_pedigree: component.pedigree = get_pedigree_1() component.external_references.add( get_external_reference_1() ) component.properties = get_properties_1() component.components.update([ get_component_setuptools_simple(), get_component_toml_with_hashes_with_references() ]) component.evidence = ComponentEvidence(copyright=[Copyright(text='Commercial'), Copyright(text='Commercial 2')]) component.release_notes = get_release_notes() return component def get_component_setuptools_simple( bom_ref: Optional[str] = 'pkg:pypi/setuptools@50.3.2?extension=tar.gz' ) -> Component: return Component( name='setuptools', version='50.3.2', bom_ref=bom_ref, purl=PackageURL( type='pypi', name='setuptools', version='50.3.2', qualifiers='extension=tar.gz' ), licenses=[DisjunctiveLicense(id='MIT')], author='Test Author' ) def get_component_setuptools_simple_no_version(bom_ref: Optional[str] = None) -> Component: return Component( name='setuptools', bom_ref=bom_ref or 'pkg:pypi/setuptools?extension=tar.gz', purl=PackageURL( type='pypi', name='setuptools', qualifiers='extension=tar.gz' ), licenses=[DisjunctiveLicense(id='MIT')], author='Test Author' ) def get_component_toml_with_hashes_with_references(bom_ref: Optional[str] = None) -> Component: return Component( name='toml', version='0.10.2', bom_ref=bom_ref or 'pkg:pypi/toml@0.10.2?extension=tar.gz', purl=PackageURL( type='pypi', name='toml', version='0.10.2', qualifiers='extension=tar.gz' ), hashes=[ HashType.from_composite_str('sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b') ], external_references=[ get_external_reference_1() ] ) def get_external_reference_1() -> ExternalReference: return ExternalReference( type=ExternalReferenceType.DISTRIBUTION, url=XsUri('https://cyclonedx.org'), comment='No comment', hashes=[ HashType.from_composite_str( 'sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b') ] ) def get_external_reference_2() -> ExternalReference: return ExternalReference( type=ExternalReferenceType.WEBSITE, url=XsUri('https://cyclonedx.org') ) def get_issue_1() -> IssueType: return IssueType( type=IssueClassification.SECURITY, id='CVE-2021-44228', name='Apache Log3Shell', description='Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...', source=IssueTypeSource(name='NVD', url=XsUri('https://nvd.nist.gov/vuln/detail/CVE-2021-44228')), references=[ XsUri('https://logging.apache.org/log4j/2.x/security.html'), XsUri('https://central.sonatype.org/news/20211213_log4shell_help') ] ) def get_issue_2() -> IssueType: return IssueType( type=IssueClassification.SECURITY, id='CVE-2021-44229', name='Apache Log4Shell', description='Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...', source=IssueTypeSource(name='NVD', url=XsUri('https://nvd.nist.gov/vuln/detail/CVE-2021-44228')), references=[ XsUri('https://logging.apache.org/log4j/2.x/security.html'), XsUri('https://central.sonatype.org/news/20211213_log4shell_help') ] ) def get_org_contact_1() -> OrganizationalContact: return OrganizationalContact(name='Paul Horton', email='paul.horton@owasp.org') def get_org_contact_2() -> OrganizationalContact: return OrganizationalContact(name='A N Other', email='someone@somewhere.tld', phone='+44 (0)1234 567890') def get_postal_address_1() -> PostalAddress: return PostalAddress(country='GB', region='England', locality='Cheshire', street_address='100 Main Street') def get_postal_address_2() -> PostalAddress: return PostalAddress(country='US', region='Texas', locality='Austin', street_address='100 Yee-Ha Street', postal_code='12345', post_office_box_number='105a') def get_org_entity_1() -> OrganizationalEntity: return OrganizationalEntity( name='CycloneDX', urls=[XsUri('https://cyclonedx.org'), XsUri('https://cyclonedx.org/docs')], contacts=[get_org_contact_1(), get_org_contact_2()], address=get_postal_address_1() ) def get_org_entity_2() -> OrganizationalEntity: return OrganizationalEntity( name='Cyclone DX', urls=[XsUri('https://cyclonedx.org/')], contacts=[get_org_contact_2()], address=get_postal_address_2() ) def get_pedigree_1() -> Pedigree: return Pedigree( ancestors=[ get_component_setuptools_simple(bom_ref='ccc8d7ee-4b9c-4750-aee0-a72585152291'), get_component_setuptools_simple_no_version(bom_ref='8a3893b3-9923-4adb-a1d3-47456636ba0a') ], descendants=[ get_component_setuptools_simple_no_version(bom_ref='28b2d8ce-def0-446f-a221-58dee0b44acc'), get_component_toml_with_hashes_with_references(bom_ref='555ca729-93c6-48f3-956e-bdaa4a2f0bfa') ], variants=[ get_component_toml_with_hashes_with_references(bom_ref='e7abdcca-5ba2-4f29-b2cf-b1e1ef788e66'), get_component_setuptools_simple(bom_ref='ded1d73e-1fca-4302-b520-f1bc53979958') ], commits=[Commit(uid='a-random-uid', message='A commit message')], patches=[Patch(type=PatchClassification.BACKPORT, diff=Diff( url=XsUri('https://acme.com/my-patch.diff'), text=AttachedText(encoding=Encoding.BASE_64, content_type='text/x-diff', content='LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMt' 'MDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitI' 'ZWxsbyB3b3JsZC4KIAo=') ))], notes='Some notes here please' ) def get_properties_1() -> List[Property]: return [ Property(name='key1', value='val1'), Property(name='key2', value='val2') ] def get_release_notes() -> ReleaseNotes: text_content: str = base64.b64encode( bytes('Some simple plain text', encoding='UTF-8') ).decode(encoding='UTF-8') return ReleaseNotes( type='major', title='Release Notes Title', featured_image=XsUri('https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png'), social_image=XsUri('https://cyclonedx.org/cyclonedx-icon.png'), description='This release is a test release', timestamp=MOCK_TIMESTAMP, aliases=[ 'First Test Release' ], tags=['test', 'alpha'], resolves=[get_issue_1()], notes=[ Note( text=NoteText( content=text_content, content_type='text/plain; charset=UTF-8', encoding=Encoding.BASE_64 ), locale='en-GB' ), Note( text=NoteText( content=text_content, content_type='text/plain; charset=UTF-8', encoding=Encoding.BASE_64 ), locale='en-US' ) ], properties=get_properties_1() ) def get_swid_1() -> Swid: return Swid( tag_id='swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1', name='Test Application', version='3.4.5', text=AttachedText( content='PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbm' 'FtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIg' 'CiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dH' 'A6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93' 'd3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy' '5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJh' 'dG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaW' 'Q9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==', content_type='text/xml', encoding=Encoding.BASE_64 ) ) def get_swid_2() -> Swid: return Swid( tag_id='swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1', name='Test Application', version='3.4.5', url=XsUri('https://cyclonedx.org') ) def get_vulnerability_source_nvd() -> VulnerabilitySource: return VulnerabilitySource(name='NVD', url=XsUri('https://nvd.nist.gov/vuln/detail/CVE-2018-7489')) def get_vulnerability_source_owasp() -> VulnerabilitySource: return VulnerabilitySource(name='OWASP', url=XsUri('https://owasp.org')) def get_bom_with_licenses() -> Bom: return _make_bom( metadata=BomMetaData( licenses=[DisjunctiveLicense(id='CC-BY-1.0')], component=Component(name='app', type=ComponentType.APPLICATION, bom_ref='my-app', licenses=[DisjunctiveLicense(name='proprietary')]) ), components=[ Component(name='c-with-expression', type=ComponentType.LIBRARY, bom_ref='C1', licenses=[LicenseExpression(value='Apache-2.0 OR MIT', acknowledgement=LicenseAcknowledgement.CONCLUDED)]), Component(name='c-with-SPDX', type=ComponentType.LIBRARY, bom_ref='C2', licenses=[DisjunctiveLicense(id='Apache-2.0', url=XsUri('https://www.apache.org/licenses/LICENSE-2.0.html'), acknowledgement=LicenseAcknowledgement.CONCLUDED)]), Component(name='c-with-name', type=ComponentType.LIBRARY, bom_ref='C3', licenses=[ DisjunctiveLicense(name='some commercial license', text=AttachedText(content='this is a license text')), DisjunctiveLicense(name='some additional', text=AttachedText(content='this is additional license text')), ]), ], services=[ Service(name='s-with-expression', bom_ref='S1', licenses=[LicenseExpression(value='Apache-2.0 OR MIT', acknowledgement=LicenseAcknowledgement.DECLARED)]), Service(name='s-with-SPDX', bom_ref='S2', licenses=[DisjunctiveLicense(id='Apache-2.0', url=XsUri('https://www.apache.org/licenses/LICENSE-2.0.html'), acknowledgement=LicenseAcknowledgement.DECLARED)]), Service(name='s-with-name', bom_ref='S3', licenses=[ DisjunctiveLicense(name='some commercial license', text=AttachedText(content='this is a license text')), DisjunctiveLicense(name='some additional', text=AttachedText(content='this is additional license text')), ]), ]) def get_bom_metadata_licenses_invalid() -> Bom: return Bom(metadata=BomMetaData(licenses=get_invalid_license_repository())) def get_invalid_license_repository() -> List[License]: """ license expression and a license -- this is an invalid constellation according to schema see https://github.com/CycloneDX/specification/pull/205 """ return [ LicenseExpression(value='Apache-2.0 OR MIT'), DisjunctiveLicense(id='GPL-2.0-only'), ] def get_component_licenses_invalid() -> Component: return Component(name='foo', type=ComponentType.LIBRARY, licenses=get_invalid_license_repository()) def get_bom_metadata_component_licenses_invalid() -> Bom: comp = get_component_licenses_invalid() return Bom(metadata=BomMetaData(component=comp), dependencies=[Dependency(comp.bom_ref)]) def get_bom_metadata_component_nested_licenses_invalid() -> Bom: comp = Component(name='bar', type=ComponentType.LIBRARY, components=[get_component_licenses_invalid()]) return Bom(metadata=BomMetaData(component=comp), dependencies=[Dependency(comp.bom_ref)]) def get_bom_component_licenses_invalid() -> Bom: return Bom(components=[get_component_licenses_invalid()]) def get_bom_component_nested_licenses_invalid() -> Bom: return Bom(components=[ Component(name='bar', type=ComponentType.LIBRARY, components=[get_component_licenses_invalid()]) ]) def get_bom_service_licenses_invalid() -> Bom: return Bom(services=[ Service(name='foo', licenses=get_invalid_license_repository()) ]) def get_bom_with_multiple_licenses() -> Bom: multi_licenses = ( DisjunctiveLicense(id='MIT'), DisjunctiveLicense(name='foo license'), ) return _make_bom( metadata=BomMetaData( licenses=multi_licenses, component=Component(name='app', type=ComponentType.APPLICATION, bom_ref='my-app', licenses=multi_licenses) ), components=[Component(name='comp', type=ComponentType.LIBRARY, bom_ref='my-compo', licenses=multi_licenses)], services=[Service(name='serv', bom_ref='my-serv', licenses=multi_licenses)] ) def get_bom_with_tools() -> Bom: return _make_bom( metadata=BomMetaData( tools=( this_tool(), Tool(name='test-tool-b'), Tool(vendor='example', name='test-tool-a', version='1.33.7', hashes=[HashType.from_composite_str( 'sha256:adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6')], external_references=[get_external_reference_1()], ), ) ) ) def get_bom_with_tools_with_component_migrate() -> Bom: return _make_bom( metadata=BomMetaData( tools=ToolRepository( components=( this_component(), Component(name='test-component', bom_ref='test-component'), Component(type=ComponentType.APPLICATION, bom_ref='other-component', group='acme', name='other-component', hashes=[HashType.from_composite_str( 'sha256:49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca')], external_references=[get_external_reference_1()], ), ) ) ) ) def get_bom_with_tools_with_service_migrate() -> Bom: return _make_bom( metadata=BomMetaData( tools=ToolRepository( services=( Service(name='test-service', bom_ref='test-service'), Service(group='acme', name='other-service', bom_ref='other-service', external_references=[get_external_reference_1()], ), ) ) ) ) def get_bom_with_tools_with_component_and_service_migrate() -> Bom: return _make_bom( metadata=BomMetaData( tools=ToolRepository( components=( this_component(), Component(name='test-component', bom_ref='test-component'), Component(type=ComponentType.APPLICATION, bom_ref='other-component', group='acme', name='other-component', hashes=[HashType.from_composite_str( 'sha256:49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca')], external_references=[get_external_reference_1()], ), ), services=( Service(name='test-service', bom_ref='test-service'), Service(group='acme', name='other-service', bom_ref='other-service', external_references=[get_external_reference_1()], ), ) ) ) ) def get_bom_with_tools_with_component_and_service_and_tools_irreversible_migrate() -> Bom: tools = ToolRepository() tcomp = tools.components tserv = tools.services ttools = tools.tools tcomp.update(( this_component(), Component(name='test-component', bom_ref='test-component'), Component(type=ComponentType.APPLICATION, bom_ref='other-component', group='acme', name='other-component', hashes=[HashType.from_composite_str( 'sha256:49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca')], external_references=[get_external_reference_1()], ), )) tserv.update(( Service(name='test-service', bom_ref='test-service'), Service(group='acme', name='other-service', bom_ref='other-service', external_references=[get_external_reference_1()], ), )) ttools.update(( this_tool(), Tool(name='test-tool-b'), Tool(vendor='example', name='test-tool-a', version='1.33.7', hashes=[HashType.from_composite_str( 'sha256:adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6')], external_references=[get_external_reference_1()], ), )) return _make_bom(metadata=BomMetaData(tools=tools)) def get_bom_with_tools_with_component_and_service_and_duplicated_tools_irreversible_migrate() -> Bom: """on serialization, it is expected that only tools are emitted, and that they are deduplicated""" tools = ToolRepository() tcomp = tools.components tserv = tools.services ttools = tools.tools tcomp.update(( this_component(), Component(name='test-component'), Component(type=ComponentType.APPLICATION, group='acme', name='other-component'), )) tserv.update(( Service(name='test-service'), Service(group='acme', name='other-service'), )) ttools.clear() # duplicate components and services as tools ttools.update(map(Tool.from_component, tcomp)) ttools.update(map(Tool.from_service, tserv)) return _make_bom(metadata=BomMetaData(tools=tools)) def get_bom_for_issue_497_urls() -> Bom: """regression test for issue #497 see https://github.com/CycloneDX/cyclonedx-python-lib/issues/497 """ return _make_bom(components=[ Component(name='dummy', bom_ref='dummy', external_references=[ ExternalReference( type=ExternalReferenceType.OTHER, comment='nothing special', url=XsUri('https://acme.org') ), ExternalReference( type=ExternalReferenceType.OTHER, comment='control characters', url=XsUri('https://acme.org/?' 'foo=sp ace&' 'bar[23]=42&' 'lt=1<2&' 'gt=3>2&' 'cb={lol}&' 'quote="test"is\'test\'' ) ), ExternalReference( type=ExternalReferenceType.OTHER, comment='pre-encoded', url=XsUri('https://acme.org/?bar%5b23%5D=42') ), ]) ]) def get_bom_for_issue_598_multiple_components_with_purl_qualifiers() -> Bom: """regression test for issue #598 see https://github.com/CycloneDX/cyclonedx-python-lib/issues/598 """ return _make_bom(components=[ Component( name='dummy', version='2.3.5', bom_ref='dummy-a', purl=PackageURL( type='pypi', namespace=None, name='pathlib2', version='2.3.5', subpath=None, qualifiers={} ) ), Component( name='dummy', version='2.3.5', bom_ref='dummy-b', purl=PackageURL( type='pypi', namespace=None, name='pathlib2', version='2.3.5', subpath=None, qualifiers={ 'vcs_url': 'git+https://github.com/jazzband/pathlib2.git@5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6' } ) ) ]) def bom_all_same_bomref() -> Tuple[Bom, int]: bom = Bom() bom.metadata.component = Component(name='root', bom_ref='foo', components=[ Component(name='root.sub', bom_ref='foo')]) bom.components.add(Component(name='comp', bom_ref='foo', components=[ Component(name='comp.sub', bom_ref='foo')])) bom.services.add(Service(name='serv', bom_ref='foo')) bom.vulnerabilities.add(Vulnerability(id='vuln', bom_ref='foo')) nr_bomrefs = 6 # number of bom-refs used return bom, nr_bomrefs def get_bom_for_issue_630_empty_property() -> Bom: """regression test for issue #630 see https://github.com/CycloneDX/cyclonedx-python-lib/issues/630 """ return _make_bom(components={ Component( bom_ref='example@15.8.0', type=ComponentType.LIBRARY, name='example', version='15.8.0', properties=[Property(name='cdx:npm:package:path')] ) }) def get_bom_with_lifecycles() -> Bom: return _make_bom( metadata=BomMetaData( lifecycles=[ PredefinedLifecycle(LifecyclePhase.BUILD), PredefinedLifecycle(LifecyclePhase.POST_BUILD), NamedLifecycle(name='platform-integration-testing', description='Integration testing specific to the runtime platform'), ], component=Component(name='app', type=ComponentType.APPLICATION, bom_ref='my-app'), ) ) def get_bom_with_definitions_standards() -> Bom: """ Returns a BOM with definitions and standards only. """ return _make_bom( definitions=Definitions(standards=[ Standard( bom_ref='some-standard', name='Some Standard', version='1.2.3', description='Some description', owner='Some Owner', external_references=[get_external_reference_2()] ) ]) ) def get_bom_with_definitions_and_detailed_standards() -> Bom: """ Returns a BOM with definitions and multiple detailed standards including requirements and levels. """ return _make_bom( definitions=Definitions(standards=[ Standard( bom_ref='some-standard', name='Some Standard', version='1.2.3', description='Some description', owner='Some Owner', requirements=[ req1 := Requirement( bom_ref='req-1', identifier='REQ-1', title='Requirement 1', text='some requirement text', descriptions=['Requirement 1 described here', 'and here'], open_cre=[CreId('CRE:1-2')], properties=[ Property(name='key1', value='val1a'), Property(name='key1', value='val1b'), ], external_references=[get_external_reference_2()], ), req2 := Requirement( bom_ref='req-2', identifier='REQ-2', title='Requirement 2', text='some requirement text', descriptions=['Requirement 2 described here'], open_cre=[CreId('CRE:1-2'), CreId('CRE:3-4')], parent=req1.bom_ref, properties=[Property(name='key2', value='val2')], ), ], levels=[ Level( bom_ref='lvl-1', identifier='LVL-1', title='Level 1', description='Level 1 description', # no requirements! ), Level( bom_ref='lvl-2', identifier='LVL-2', title='Level 2', description='Level 2 description', requirements=[req1.bom_ref, req2.bom_ref], ), ], external_references=[get_external_reference_1()], ), Standard( bom_ref='other-standard', name='Other Standard', version='1.0.0', description='Other description', owner='Other Owner', requirements=[ req3 := Requirement( bom_ref='req-3', identifier='REQ-3', title='Requirement 3', text='some requirement text', descriptions=['Requirement 3 described here', 'and here'], open_cre=[CreId('CRE:5-6'), CreId('CRE:7-8')], properties=[Property(name='key3', value='val3')] ), ], levels=[ Level( bom_ref='lvl-3', identifier='LVL-3', title='Level 3', description='Level 3 description', requirements=[req3.bom_ref] ), ], external_references=[get_external_reference_2()], ) ])) def get_bom_for_issue540_duplicate_components() -> Bom: # tests https://github.com/CycloneDX/cyclonedx-python-lib/issues/540 bom = _make_bom() bom.metadata.component = root_component = Component( name='myApp', type=ComponentType.APPLICATION, bom_ref='myApp' ) component1 = Component( type=ComponentType.LIBRARY, name='some-component', bom_ref='some-component' ) bom.components.add(component1) bom.register_dependency(root_component, [component1]) component2 = Component( type=ComponentType.LIBRARY, name='some-library', bom_ref='some-library1' ) bom.components.add(component2) bom.register_dependency(component1, [component2]) component3 = Component( type=ComponentType.LIBRARY, name='some-library', bom_ref='some-library2' ) bom.components.add(component3) bom.register_dependency(component1, [component3]) return bom # --- all_get_bom_funct_valid = tuple( (n, f) for n, f in getmembers(sys.modules[__name__], isfunction) if n.startswith('get_bom_') and not n.endswith('_invalid') ) all_get_bom_funct_valid_immut = tuple( (n, f) for n, f in getmembers(sys.modules[__name__], isfunction) if n.startswith('get_bom_') and not n.endswith('_invalid') and not n.endswith('_migrate') ) all_get_bom_funct_valid_reversible_migrate = tuple( (n, f) for n, f in getmembers(sys.modules[__name__], isfunction) if n.startswith('get_bom_') and n.endswith('_migrate') and not n.endswith('_irreversible_migrate') ) all_get_bom_funct_invalid = tuple( (n, f) for n, f in getmembers(sys.modules[__name__], isfunction) if n.startswith('get_bom_') and n.endswith('_invalid') ) all_get_bom_funct_with_incomplete_deps = { # List of functions that return BOM with an incomplete dependency graph. # It is expected that some process auto-fixes this before actual serialization takes place. get_bom_just_complete_metadata, get_bom_with_component_setuptools_basic, get_bom_with_component_setuptools_complete, get_bom_with_component_setuptools_no_component_version, get_bom_with_component_setuptools_with_cpe, get_bom_with_component_setuptools_with_release_notes, get_bom_with_component_setuptools_with_vulnerability, get_bom_with_component_toml_1, get_bom_with_dependencies_hanging, get_bom_with_metadata_component_and_dependencies, get_bom_with_nested_services, get_bom_with_services_complex, get_bom_with_services_simple, get_bom_with_licenses, get_bom_with_multiple_licenses, get_bom_for_issue_497_urls, get_bom_for_issue_598_multiple_components_with_purl_qualifiers, get_bom_with_component_setuptools_with_v16_fields, get_bom_for_issue_630_empty_property, get_bom_with_lifecycles, get_bom_with_definitions_standards, get_bom_with_definitions_and_detailed_standards, } cyclonedx-python-lib-9.1.0/tests/_data/own/000077500000000000000000000000001476011761300206175ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/own/.gitattributes000066400000000000000000000001061476011761300235070ustar00rootroot00000000000000xml/*/*.xml linguist-generated json/*/*.json linguist-generated cyclonedx-python-lib-9.1.0/tests/_data/own/README.md000066400000000000000000000000201476011761300220660ustar00rootroot00000000000000# TEST FIXTURES cyclonedx-python-lib-9.1.0/tests/_data/own/json/000077500000000000000000000000001476011761300215705ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.2/000077500000000000000000000000001476011761300220705ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.2/bom_with_mixed_licenses.json000066400000000000000000000022751476011761300276540ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.2.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2", "metadata": { "component": { "description": "before CDX 1.5 it was allowed to mix `expression` and `license`", "licenses": [ {"expression": "MIT OR Apache-2.0"}, {"license": {"id": "MIT"}}, {"license": {"name": "foo license"}} ], "name": "app", "type": "application", "version": "1.2" } }, "components": [ { "description": "before CDX 1.5 it was allowed to mix `expression` and `license`", "licenses": [ {"license": {"id": "MIT"}}, {"license": {"name": "foo license"}}, {"expression": "MIT OR Apache-2.0"} ], "name": "comp", "type": "library", "version": "1337" } ], "services": [ { "description": "before CDX 1.5 it was allowed to mix `expression` and `license`", "licenses": [ {"license": {"name": "foo license"}}, {"expression": "MIT OR Apache-2.0"}, {"license": {"id": "MIT"}} ], "name": "serv" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1337 } cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.3/000077500000000000000000000000001476011761300220715ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.3/bom_with_mixed_licenses.json000066400000000000000000000025161476011761300276530ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.3.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3", "metadata": { "component": { "description": "before CDX 1.5 it was allowed to mix `expression` and `license`", "licenses": [ {"expression": "MIT OR Apache-2.0"}, {"license": {"id": "MIT"}}, {"license": {"name": "foo license"}} ], "name": "app", "type": "application", "version": "1.3" }, "licenses": [ {"license": {"name": "foo license"}}, {"license": {"id": "MIT"}}, {"expression": "MIT OR Apache-2.0"} ] }, "components": [ { "description": "before CDX 1.5 it was allowed to mix `expression` and `license`", "licenses": [ {"license": {"id": "MIT"}}, {"license": {"name": "foo license"}}, {"expression": "MIT OR Apache-2.0"} ], "name": "comp", "type": "library", "version": "1337" } ], "services": [ { "description": "before CDX 1.5 it was allowed to mix `expression` and `license`", "licenses": [ {"license": {"name": "foo license"}}, {"expression": "MIT OR Apache-2.0"}, {"license": {"id": "MIT"}} ], "name": "serv" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1337 } cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.4/000077500000000000000000000000001476011761300220725ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.4/bom_with_mixed_licenses.json000066400000000000000000000024351476011761300276540ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", "metadata": { "component": { "description": "before CDX 1.5 it was allowed to mix `expression` and `license`", "licenses": [ {"expression": "MIT OR Apache-2.0"}, {"license": {"id": "MIT"}}, {"license": {"name": "foo license"}} ], "name": "app", "type": "application" }, "licenses": [ {"license": {"name": "foo license"}}, {"license": {"id": "MIT"}}, {"expression": "MIT OR Apache-2.0"} ] }, "components": [ { "description": "before CDX 1.5 it was allowed to mix `expression` and `license`", "licenses": [ {"license": {"id": "MIT"}}, {"license": {"name": "foo license"}}, {"expression": "MIT OR Apache-2.0"} ], "name": "comp", "type": "library" } ], "services": [ { "description": "before CDX 1.5 it was allowed to mix `expression` and `license`", "licenses": [ {"license": {"name": "foo license"}}, {"expression": "MIT OR Apache-2.0"}, {"license": {"id": "MIT"}} ], "name": "serv" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1337 } cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.4/empty_supplier.json000066400000000000000000000010671476011761300260520ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:fa1bcbf6-686e-44d7-b9e0-df9baeef5715", "version": 1337, "metadata": { "supplier": { "name": "" }, "component": { "type": "file", "name": "regression issue #600", "supplier": { "name": "" }, "externalReferences": [ { "type": "other", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues/600" } ] } } } cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.5/000077500000000000000000000000001476011761300220735ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.5/issue677.json000066400000000000000000000016301476011761300243620ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:66fa5692-2e9d-45c5-830a-ec8ccaf7dcc9", "version": 1, "metadata": { "component": { "description": "see issue #677 - https://github.com/CycloneDX/cyclonedx-python-lib/issues/677", "type": "application", "name": "test" } }, "components": [ { "type": "operating-system", "bom-ref": "test12", "name": "alpine" }, { "type": "container", "bom-ref": "test11", "name": "alpine" }, { "type": "operating-system", "bom-ref": "test22", "name": "alpine" }, { "type": "container", "bom-ref": "test21", "name": "alpine" } ], "dependencies": [ { "ref": "test11", "dependsOn": [ "test12" ] }, { "ref": "test21", "dependsOn": [ "test22" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.5/issue753.json000066400000000000000000000014411476011761300243550ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5", "version": 1, "metadata": { "component": { "type": "application", "name": "example", "version": "1.2.3", "bom-ref": "topref" } }, "components": [ { "type": "library", "name": "styled-engine", "version": "5.16.6", "bom-ref": "@mui/styled-engine@npm:5.16.6 [296f2]" }, { "type": "library", "name": "styled-engine", "version": "5.16.6", "bom-ref": "@mui/styled-engine@npm:5.16.6 [3135b]" } ], "dependencies": [ { "ref": "topref", "dependsOn": [ "@mui/styled-engine@npm:5.16.6 [296f2]", "@mui/styled-engine@npm:5.16.6 [3135b]" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.6/000077500000000000000000000000001476011761300220745ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.6/issue690.json000066400000000000000000000057561476011761300243730ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e8c355aa-2142-4084-a8c7-6d42c8610ba2", "version": 1, "metadata": { "timestamp": "2024-01-09T12:00:00Z", "component": { "type": "application", "name": "my application", "version": "1.0" } }, "components": [ { "name": "google.com", "type": "cryptographic-asset", "bom-ref": "crypto/certificate/google.com@sha256:1e15e0fbd3ce95bde5945633ae96add551341b11e5bae7bba12e98ad84a5beb4", "cryptoProperties": { "assetType": "certificate", "certificateProperties": { "subjectName": "CN = www.google.com", "issuerName": "C = US, O = Google Trust Services LLC, CN = GTS CA 1C3", "notValidBefore": "2016-11-21T08:00:00Z", "notValidAfter": "2017-11-22T07:59:59Z", "signatureAlgorithmRef": "crypto/algorithm/sha-512-rsa@1.2.840.113549.1.1.13", "subjectPublicKeyRef": "crypto/key/rsa-2048@1.2.840.113549.1.1.1", "certificateFormat": "X.509", "certificateExtension": "crt" } } }, { "name": "SHA512withRSA", "type": "cryptographic-asset", "bom-ref": "crypto/algorithm/sha-512-rsa@1.2.840.113549.1.1.13", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "parameterSetIdentifier": "512", "executionEnvironment": "software-plain-ram", "implementationPlatform": "x86_64", "certificationLevel": [ "none" ], "cryptoFunctions": [ "digest" ], "nistQuantumSecurityLevel": 0 }, "oid": "1.2.840.113549.1.1.13" } }, { "name": "RSA-2048", "type": "cryptographic-asset", "bom-ref": "crypto/key/rsa-2048@1.2.840.113549.1.1.1", "cryptoProperties": { "assetType": "related-crypto-material", "relatedCryptoMaterialProperties": { "type": "public-key", "id": "2e9ef09e-dfac-4526-96b4-d02f31af1b22", "state": "active", "size": 2048, "algorithmRef": "crypto/algorithm/rsa-2048@1.2.840.113549.1.1.1", "securedBy": { "mechanism": "None" }, "creationDate": "2016-11-21T08:00:00Z", "activationDate": "2016-11-21T08:20:00Z" }, "oid": "1.2.840.113549.1.1.1" } }, { "name": "RSA-2048", "type": "cryptographic-asset", "bom-ref": "crypto/algorithm/rsa-2048@1.2.840.113549.1.1.1", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "parameterSetIdentifier": "2048", "executionEnvironment": "software-plain-ram", "implementationPlatform": "x86_64", "certificationLevel": [ "none" ], "cryptoFunctions": [ "encapsulate", "decapsulate" ] }, "oid": "1.2.840.113549.1.1.1" } } ] } cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.6/issue764.json000066400000000000000000000010411476011761300243540ustar00rootroot00000000000000{ "bomFormat" : "CycloneDX", "specVersion" : "1.6", "version" : 1, "metadata" : { "timestamp" : "2025-01-25T19:11:26Z", "component" : { "type" : "application", "bom-ref" : "pkg:maven/foo/bar@1.2.3", "name" : "foo-bar", "version" : "1.2.3", "purl" : "pkg:maven/foo/bar@1.2.3", "modified" : false }, "manufacture" : { }, "licenses" : [ ] }, "components" : [ { "type" : "library", "name": "some-lib", "manufacturer" : { } } ], "dependencies" : [ ] } cyclonedx-python-lib-9.1.0/tests/_data/own/json/1.6/issue771.json000066400000000000000000000006261476011761300243620ustar00rootroot00000000000000{ "bomFormat" : "CycloneDX", "specVersion" : "1.6", "version" : 1, "metadata" : { "timestamp" : "2025-01-25T19:11:26Z", "component" : { "type" : "application", "bom-ref" : "pkg:maven/foo/bar@1.2.3", "name" : "foo-bar", "supplier": { "name": "foo", "contact": [ {} ] } } }, "components" : [ ], "dependencies" : [ ] } cyclonedx-python-lib-9.1.0/tests/_data/own/xml/000077500000000000000000000000001476011761300214175ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/own/xml/1.4/000077500000000000000000000000001476011761300217215ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/own/xml/1.4/bom_setuptools.xml000066400000000000000000000046351476011761300255310ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx.github.io/cyclonedx-python-lib/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://cyclonedx.org Test Author setuptools 50.3.2 MIT License pkg:pypi/setuptools@50.3.2?extension=tar.gz cyclonedx-python-lib-9.1.0/tests/_data/own/xml/1.4/webgoat-6.1.xml000066400000000000000000003003141476011761300243760ustar00rootroot00000000000000 2022-10-17T17:26:52Z OWASP Foundation CycloneDX Maven plugin 2.7.2 f4f0e5aa6c0d5f709b304511547647a6 13a77f9af6a286c9bfc8c00e5d75ff6e9920d4ce d565f805cfd5e57af6a345e537e78b42ffd56fad094c74443e2a197a4e097538 92ff49fbb954b0341c38daddb30965fd9e8bb909e7e8a66dc65da5d6a958d021c6fe611c0b12314ae02f849de95101efe5b93470050dfb8090a459481ffa736a e15a47303e035e6612c37f08ebc105674f84cafd779ab52398ce263e67ce93d9d5e4c7c2ddda2f73584b6071a9f1a9da 8c54133eb43f71bcdc52986159725cd32efef65047f8635a48d160a2d5f274f71c76e61cecbf3d47e3ca7929c3dbe736 7be4af15b7a685431c5252752c34b509c0d43a146db6844da9afbed2e4baa908 0025064deb5d9eb463a142bc4129c41f3387b18bd7aa54e5c923ed2c2f488616d198a65e952f7f2a1dea371387235f135c29643fb00f95366f7f6007d6327a31 WebGoat WebGoat 6.0.1 pkg:maven/WebGoat/WebGoat@6.0.1?type=war com.h2database h2 1.4.187 optional 42f0183908cb80996a5e145d04ddb608 f6b109788d196430458309ea28ce9a77830b3ed8 6204d0c206443681911fb9e04a3af5198b253b5627d16d8d8d79180d13319212 e7510fa72995ecf93e8927163d6bd864a8e9b4b1dc413f824de97a4e99bd682b278be6c2409e7a20a001fa0e10f5933332e720d003dff4f6395550a14c69d2dc a8f885316d4ac5c56d159f6673a26102593b3df13acc6245b9067820c625bd8dea622b7af7138d2e0529405b9087148b c4af674cffc629048338d4aa3abfa19a9323547a0d6078c60e365d3c9ba73d2a56ea8acaae797225818ecfc52211b822 48cd3d1053040efd9b1d67e2475cff7229a4ce065ccb1771838721baa78636d8 89d198a3f9976bf774d35ea25a284e3849bbbc711dc010ecd29cbef6dfe548f81081a8381fcbc447121e4ca8830ec186d59cb8808c195ae3c6e7cdc546c6818f pkg:maven/com.h2database/h2@1.4.187?type=jar javax.activation activation 1.1 JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s). optional 8ae38e87cd4f86059c0294a8fe3e0b18 e6cb541461c2834bdea3eb920f1884d1eb508b50 2881c79c9d6ef01c58e62beea13e9d1ac8b8baa16f2fc198ad6e6776defdcdd3 c0ff5bf3ace7acc1b31fcc109cee48d9eb8f025ae15a31dc91eca760933bdb97c93f05d61e95af1e317859d72e5f179f897f5bf3df0e3810f4212d43bacee4bd c4ee54d80a2e67e819700051d6cfa01a17631c89f942b8690afb601e491f02d7497fe57bd5c70edfb9b444ae8222b846 de0777d2d1d7aad105defb12aed17ef38abfe89db2449c5243fa3c69304ea24dd8df0881330351d0733313e8f7252814 5fb94d2742cc3d44abad42c5d61b9c7464a2ef33bc58b4b5b121d49799123460 c5e37fe3d9c420a9035f1160eb1d396e94f01851c01c6e2f19f19a221bfc484e63f9660c7377f58aa65246b95a9eb799ac4e6798c0b20f658edf00a4435e1efa CDDL-1.0 pkg:maven/javax.activation/activation@1.1?type=jar https://maven-repository.dev.java.net/nonav/repository/javax.activation/jars/activation-1.1.jar axis axis 1.2 optional 8be4d95595f893b44d7b0431ab3976eb 892c772f7c486b3c09d20f7259fb4219bfff9edf 0dcb9346e17dafe62c52261641c6969c320b43086bec88039930ece90f16acf4 3157807ea0950fb895be4bf32df234b69fef8f1430cb526ac2e70c8823112c474d2be2ddef8811b6052f1c0dea3856d56aa68b4476d344ad48be4f234624ddb2 8445a9beb4fe8d441aeb90311c1d52dd880446b630d3e79775dc917d39e077d5d34c0f30b1c01a591a31a7a4ff8f77e8 04da3013a180fd53244cfc291b8f7cd6b6ce3c3d00285ddd9830d8b96586ab2de5d8fb4b2bf45a3168d411a37a6f2eda 8f89b6c49d6022ae6993c63002625b7111a18daf888a4b0838cc5a279fa7fdd6 9228a173468173088ef999fa8adb16298649443ec82d0531cfff25ea2c691e33729332b3a3eec2601390c7143c6f38b98ef35e37269e308ace68aa283dcef224 pkg:maven/axis/axis@1.2?type=jar axis axis-saaj 1.2 optional 4d89989419d289b2cc7ae4b1e8b9149b e5681df2b55d3e6f4795e988b632e38985677f5a 52dedcddcba9d1d48fca6d9a2f95dbb2164d2e8acd15a7af5b895743961ac47a ee8f4b4359f0dfd4cbd9ffe84aa9cae2fd1fe19afca3534c510e3c8d6acf3b4a7970b5ab25a795841b71c95f91f19a167fcdc354b3cf23a337619f31f3faf95c 5af565e8292ab0a7a7bdb45149ce60ef41c386e489fb76da2f6a703b8d56b043d7b76d04c61b748e0519f1350efc2e06 14c91830a69f95665fbed22edf81e47f2780a7c39e4920f2306f6ce4d7ca9848be14ad3a54760fa3b23cbff263d4eb19 2b5156637465246e1911c1455f5344b3694d395ddeb43231c64ffca44a29ef98 ac1e437c6d7562ad92292ac6e034644fa7f98b3b06c537f5ce77e2ff9c8594031d3738880df8102599d7a9c38329848078bf474d8cf6ec4ed6ddb998bb98587e pkg:maven/axis/axis-saaj@1.2?type=jar axis axis-jaxrpc 1.2 optional 9e0ebb5885cc0a0da4423dc67c66bef7 56b85e05daa39a9bb4101c8c6e425d5f1db2d724 96287de4c6a4d2e72e54e4256778f3afd22ea9a846e872e1c99c6a0b920398f2 0192a2028d5d06cb4370106014c1485433a06006741b572c6254b13932c2947dee9cb4a2d680ac8cf528a87e76c753c3fda1754178ba4973cc1eb5ab11d9f407 e32f55f40fbf27974890039d4f83e4bf8798350ae5b49e2ea3e8f158784bffda0ae75cca4e0d522acc0ef4eef1823a95 289ff44e43490f70a82c93e5c868fc71ca2e09d21f35c87ad83b29d6beb13fa55ce7f59b8e2cc950a258acbf13eb40fc 0bd5c87f74d3e546db0f5029af3f68937ee59eef6b4b1c212adb99608a9c3161 23cabe5f1bb301de9417a0f0abd9bc9612c5eeb412ddb9436f7183f08d08b7f242a1dd00134230300bc2806b918680651b590a482c569ba0d0d12792629fa177 pkg:maven/axis/axis-jaxrpc@1.2?type=jar axis axis-ant 1.2 optional 03f709e12302cd50ee095a5412d481ed f07ed3d1d32434426a42043196d7cd7b7a783b1f db4b8abc94363aef55ec1e1b66106836b0a10ebfb534aed2997310d0439c7351 b31e077a9aa501cd93e4cd9049cb2b509c552feab3a231e7a36505f92b3701cc4c4c2fe78766b0091f82b1e4d06828d674d1ce914ee7b7428602e7303fdf8be0 7dd3910a16900625e0681ba976e80fdf8f2b0af9600c5a8acc80f784ababbfaf6b20c259bf8f6e3804737e34b4580d58 5ce58aa2161d0622ff88c9dc5b62f413e400c4242d8415da5590471026aa6b8212503d62a6172f71982db2f73cceb4ff c80a1366e0c0e70799097fb24d05cfa4fe8cff94fcc9c174dda6a6b1f67ce9c3 f44a499acdc7e72eb0760a2ea9914b1fc9e754e710d56767c88546c722e5cbd64d646c5fdbd546c249c4e8db8e79e7c9beb35c280ae9d35ad81f91e88f486700 pkg:maven/axis/axis-ant@1.2?type=jar The Apache Software Foundation org.apache.commons commons-lang3 3.3.2 Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. optional 3128bf75a2549ebe38663401191bacab 90a3822c38ec8c996e84c16a3477ef632cbc87a3 6b81d10754dadf184d386011486e6509c2cc0c3d33565ced4fb4402b9413d47d 3e6eb74b61c42d22de48c29e7e52057dd25d9f93857dc7bffc7052a56449f62153c487877d6a019adabbaee90e32085b104acc591ea9731839f8148dc4059e10 06bc46540d0b297f595c9625ff0b272a38faf9ebcaf822b687a4fc8bd7d01e4954cad866d54c4ae17cd787d61f852797 b91600411b010ecde5ba763c1930f1858044904e01aa7088c42e95dcdbce010a73a79baed47284c1d8dc6918fb73571c d78a4436d103be34ae2bd23c8cb78f504c77960559c57fc09b970d2b48a73e2b 2716f57d20fb5bcd5ac6b0642575de79055d9e38b0836bdc3780eeee4bb5bb69538acd4f61adf82424f806fd4bd3629104880501314450047a9365b44622c3be Apache-2.0 pkg:maven/org.apache.commons/commons-lang3@3.3.2?type=jar http://issues.apache.org/jira/browse/LANGhttp://svn.apache.org/viewvc/commons/proper/lang/trunkhttp://vmbuild.apache.org/continuum/http://mail-archives.apache.org/mod_mbox/commons-user/http://www.apache.org/https://repository.apache.org/service/local/staging/deploy/maven2 Apache Software Foundation commons-collections commons-collections 3.1 Types that extend and augment the Java Collections Framework. optional d1dcb0fbee884bb855bb327b8190af36 40fb048097caeacdb11dbb33b5755854d89efdeb c1547d185ba6880bcc2da261c5f7533512b6ffdbbc1898db5b793c0cb830fcf0 19bcfc52f095adbc8bd6b1b020b8392e8c91e41e05aa0099275f7b391fab51348f32052a1c556c814840a4ed4b6701f26012b05b3d9a243300a2616e8ece1e0a 76549ee57b9dea4043f239af847fdff70e7251d741c0755a05fec715ed5baec5f757cf128cbafe2f98e1db6c8f52ddaa f794ea96bf2c1a9a60b8ed4ae1bbb32e2c78db3851efa9ab21675fa625c87c1d35fcd64ee828a49e713ae26bbe3c12a7 7f487b838a66f077a703ac812c2d3179180b8202c026698933cabf5c0263a171 d3008636448f980d8f762922cdf1c14f6adbce9a61437867eb1d3f0df274ba7babb8a818f69921bb33cc888c67bf20b4bf46aa8df364b65d1a1981415694624d pkg:maven/commons-collections/commons-collections@3.1?type=jar http://www.apache.org commons-digester commons-digester 1.4.1 The Digester package lets you configure an XML->Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized. optional 1f2a01f28ec53df6401f7dbcc6fcd884 51031e9c43ae47693c99b2f4ffe34ed01ef2ba91 3b35d6b867cf9c8d5dd8093c0a4e570261235d6cd9db99f2d75e53ac60fa3dcd 58b187888e070ebbc47884df1e5f696c05e3bc762dc83d06d413413100cf29f703fee7b6afc5482c4e3e0a49807dd4af81a5cbe672ff8b892b54800463c25b7c 1f23215470cebd166634e825e0200959968ac1b30777f86e255c71eae802564adf4d01dff541b00828abcb20da1bff7c b364b4f22aa03279d07136bc118b06e4d06c3f6c4cef5083af7f26796355515bfcee91a222636bf1651938727ce31329 25cb177af667daef84bba6826d898e1901b90a9e679f8d35bd7c6b7bb33776d3 95d77217f6b00e8940ad75b1d248136a793d6445efebdb93aa88eeef21a3d58d16518eb904eff0d9261ead1c6d8c59786a115bbe3719b4442b522e8e4b6af6b4 pkg:maven/commons-digester/commons-digester@1.4.1?type=jar commons-beanutils commons-beanutils 1.6 Java Bean Utililities 31a453fcfed4339bbd08e5dd85116b36 ed3c2b07d1b16ec11440b6656fdbd4845ea6b8be 77d8fe257bd9b186cce1261bea2364384ae861b1999815d549121710b0f89407 7719a94b20c8bf8a5bbd3c0fb276a0256efbbf610eea989cf1d89ddf7a83ff1e107f64813adea7a051d4f56db289b6b2ef7096cf197d1d81b351c9a8f85899cf 57247cf1e4fbf01ae090adf23f711c9b507851b5736b53d01fa562cd845f5a7a2d4cf67193581699944e1e1255b4440e 05d5c63679f741d205cf136200650241bf22323b48f835a458f1254f7ffd98af2d665694d89044591118339136de2ee4 0d3d642711035c8e7f19778563e0e923233dddc92f051375c0dba69da0c0bb79 468cc219294b38746bf295f8109e5afc965e8891fa12eee75e4c2f144a9c4f44dc1e9b477dfb3780bf365b74e0d575008fa61205867dfbf9980e09f2a59189db pkg:maven/commons-beanutils/commons-beanutils@1.6?type=jar The Apache Software Foundation commons-logging commons-logging 1.1.3 Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. optional 92eb5aabc1b47287de53d45c086a435c f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f 70903f6fc82e9908c8da9f20443f61d90f0870a312642991fe8462a0b9391784 e5d1fc8ec4544e1fa0f7c4aae8dbcca466c4987bc92fbbc430b054b10d646b745add4a754b1be9d50edd64330c798c53173a97289db57a966312e16f934e9d1f 00dc41783f4081585e20adcfe83fd4dbb6b5a27236ee633d7e53dedcbca83ba5e5f0ca68d31f95e9c724b365e4c67499 6915e597821aa2fed7f4b05f4de3476364074ab5cee7e13b4eb5b94a9d297b58cb391c6b730e6ea0d4e81e323a90d002 c49c80e2576bf037fc871e70df8708f5e35c0977a907e966c0334e9fac17b297 b74b6e6d771005014614774d059a4e1ceab929c0678839846d143e56e4724455242ffa3d5d411c6554a41e1f66fe1f94c51472d80c07d44c02a2f9a6715d8c7d Apache-2.0 pkg:maven/commons-logging/commons-logging@1.1.3?type=jar http://issues.apache.org/jira/browse/LOGGINGhttp://svn.apache.org/repos/asf/commons/proper/logging/trunkhttp://vmbuild.apache.org/continuum/http://mail-archives.apache.org/mod_mbox/commons-user/http://www.apache.org/https://repository.apache.org/service/local/staging/deploy/maven2 QOS.ch org.slf4j jcl-over-slf4j 1.7.7 JCL 1.1.1 implemented over SLF4J optional 32ad130f946ef0460af416397b7fc7b7 56003dcd0a31deea6391b9e2ef2f2dc90b205a92 c6472b5950e1c23202e567c6334e4832d1db46fad604b7a0d7af71d4a014bce2 6d1185bc6d5165a32331cbd5adff723309a253a15cacf4882e3bbdac60e2b3f41c990af5a561f89b8910af2029ba1fa0924147afb38a02acb0c02dcdbfb9b055 666b90ff0bd725f97e0ee12bf1d949ed4f8d56c12be85b8abfa713da60b4c0afeefe797ee464123ff59b57769b2caad6 b4838a052ccf30848cc31fab117148ec65b7ad4c1808f115f346fe224f1c1f81c244b74dc16272cdd753d5f028c9137e dac73cfc3b0dc158b94d4ec65b390568a17b261b380f38b45d88b48db8cd2c29 5fb7512776fd48ce146a650dbff500152174bd81535ab20c91d146a117217276ca7592e7b952fb41be1ffeb0dcebc1f46f65b19a5e527ac91feb8e3278a3343a MIT https://opensource.org/licenses/MIT pkg:maven/org.slf4j/jcl-over-slf4j@1.7.7?type=jar http://www.qos.chhttps://oss.sonatype.org/service/local/staging/deploy/maven2/https://github.com/ceki/slf4j commons-discovery commons-discovery 0.2 Commons Discovery optional 9a2fb56e6a79169b2fb6c8a0dc79abb0 7773ac7a7248f08ed2b8d297c6e2ef28260640ea ae9995ec412cec2a3489a0787857791b9cc784f153b4c9d0ae93e38c5f2174fa 897c045cb20f136b57f70aedb081956fb298c672e13d4d32eebcb2f109dc5c164d3516445b71c75a1ddaf4451375a6bfa258b0b3657b06f4123a78ce457859c1 e892f27bc4a87b63ce2f09e296ddc965a5c0cf51fd680c0feef39f5aa7f1f0e694dfb4d4c5f42007cc1061fefaf9b1ef 72fca4913fb5881a254f5f01af8ebc01eb58db97c8ae0210661e952921a41490ea8d422053a9ccada0d64ec882cc4ede 6fa9e7946f657a74f806252fb1de6de82463dd86897cb1dbe8e58585226575a8 25897077ec613970071871eb123a315f8c3abcfb836b6e612c7492d9a8f6af455b52446c57d75a3a42a7591c52c34510eb0304993fe9159e93703dcefdb995c0 pkg:maven/commons-discovery/commons-discovery@0.2?type=jar Sun Microsystems, Inc. javax.mail mail 1.4.2 ${project.name} optional 81e2cd97e84fb814dfd0018bb8782c81 6a1d836b6a4c77ec11ac46d2ea8557ca574cd428 be03dd1caa2f93d7f75d06637ea11e4c1b1ea322a7afd057cbf8b08f87932987 56cbe3a80d50b33aec83dc8235386533977fb0b4af7e8c635e0f0e3c3dde9aaa3130ab0a4898a9079ebd6b08d84a5568bcaceaffc29258cff797cc255dd8b6cd 02ab2f3a6580cdb69da748390ea5f7d631206ae83d5cf1d7f15c1137a7e6eb44dbda43fd75bc6c20ff17499c0c1459d9 66a8f804b20295f30e43eb8d1ac61677c34941dcaa7571f7179dfef1aee10731f051e71896751e6ba9790b776a6cef12 39ddf43b0929871a28131639780a8b164df83cb471e4f34885195d431c6271d2 bca1a899dfee569be5d3190975a4d219b6e8a05d15852e58967effe71f5bd94a53f65674db6a28a1359bec55766db304f2557923fff0e2496f097ee45be10ee2 CDDL http://www.sun.com/cddl GPL-2.0-with-classpath-exception pkg:maven/javax.mail/mail@1.4.2?type=jar http://www.sun.com Sun Microsystems, Inc. javax.mail mailapi 1.4.2 ${project.name} optional 6d316a9c89f0c2a5531a6fb91edc17c7 f5149f0aaf01daf4bb2f878c2803ce634dd32569 9bb2026c96650d113f3917af93da24436145b1ac808ffe0583f525eac5699ade 1cfe829951fd2e75b2dfb765af647d247b983d707fdfc966e9a57cd461eb89096ba60691c618d2861daa6ea1399846f6553ae1f87a9408fb1c7d75eb879f1795 145a86b9f4653530acf3c47d912ecbca058815ae78eb6d5ee792cd61dcb38bd1811162a5f5de9f287b5d42a9984e9150 0fda8fa3284e4d444b824f8c61076c4937c25325a8e27a68018c604a68f36c919e805fd0c34d786c308d2ed4d18f56da 42fdf922751c8a9f1eaddf66dcd0dd504986cc49e5059fa94a4b51896e61eb5f b296d405e74532e900cf462ee693bb65e30e9afbc996aff128b5db27f29e43f48acb9e2034b073e0914db736f5a2176fdf2154915c2aa014731b5d8dbe5730c7 CDDL http://www.sun.com/cddl GPL-2.0-with-classpath-exception pkg:maven/javax.mail/mailapi@1.4.2?type=jar http://www.sun.com hsqldb hsqldb 1.8.0.7 Lightweight 100% Java SQL Database Engine optional ed0ff8ff5ba782cd6c508d3599039e13 20554954120b3cc9f08804524ec90113a73f3015 c57059259f92c34932a2a8285af239792e0011492f43ac16cdd74b713d86635f 5e5dfb932081893f26cbfd8e1841c263e464c8e2431c2aad0cb98eb52a5da952cf2ae6a780ed6ce30cf31210d16e1f64751b2f7dd87eff1a0d2559e0098d1db4 4193a273b4ca5b4aa4a20224558c793c57d539d2efabb6342c8c27798bc292e4bf9cd6ec97eb6d5a93796362288366e9 10f434b8851999e762b960191688b130bd4b7828c122360aa3060b4a279e0c6e7f3fe167bed03dccb59168cf9d6d73bb 2e295b04b235b5cdcdd70bec559bf5e20ef4c78740cf5b7c0dcd3d53c07a2789 72c14214a319791e290008dd8d4f6247191c56300b9a5516bfa4781f0bea91cf15a2555772b4e4a5f9199dc32bc4d35ce6dff77f4f0c1e6e727880e2e71fb377 HSQLDB License http://hsqldb.org/web/hsqlLicense.html pkg:maven/hsqldb/hsqldb@1.8.0.7?type=jar http://sourceforge.net/cvs/?group_id=23316 wsdl4j wsdl4j 1.5.1 Java stub generator for WSDL optional e76bf26b6955a7fa73d85d096be6e1a6 bd804633b9c2cf06258641febc31a8ff3b0906bc 7729134d666f27a18ac3c674c16014624376445ec8686bfa60ac648f48b1ece8 f1301a9282defe37213116b8a9f36d0a5b66a4e99799d2caa37d1ac364a9480c7b0d89e93052691c5defdd69f7fdee3500466fe94ff0770c102f54da236bfc3f e7fe4daedf0bcec37b32de1d715d2d8a0474b889fa5b66f9f7e89c0c31002a24e7d9f262868a8b8a0f8351f0f291376e a0cb39f45247e95b106b9866cbcc98d023ff1884dfbeb319a791e33bb675e3e5ba373db55daa6b903636f281b3537fdb ad5e5ee7371a7ea816a6f89323fd2b3be35a23091136c6c714b07041d19e2c0b 207a5536c739700fc70513e1aa207516ae2d8a14953856e88b7dbf182f08ddfa687de0c872b3b5005528d8a6a196f824bb56838ef6b6b45ee02c25da6fc3c645 pkg:maven/wsdl4j/wsdl4j@1.5.1?type=jar java2html j2h 1.3.1 The Java2HTML Tool optional 00542e91fb1de915744d45967e5d6a28 18d393ad345b03b49c624069e2c7fde336372c3a 1691231bbdf3d6671bdb0b236619e033e10664be423b2312f93c35dce742f9ad d8b17879e17a5a772227ff6104492785786a2be4e92cc08d971f3aeaca64e369bd118ce4d2dd7e23ad2e6110ce99766cd81e01b95ad67fedc5fe17075e160880 95a3a9cc79d39fefa1707f199dd0265ae8896ef92dd905747ff8a3917ef2b19c5615f1a0d348fe55b8d2ff6d2e525eeb 4c8a6f8ce03062f08ab155eb0435c89586040b490b257ce1f796e2a2a8024489555d5492df595071c978c4073bb6b765 f9ffd74b6e2b4659f79f277a608e6b39f8f6a0bc257a83fa3fa7ad896d77255e 7aa4b321d6710782bc04a9fe0e3b41d3f0f7104854b256072852f929847b110c0f3003ffe6260b4b4084c36988742c4f8c8af9aff396d5a536a58297de516f3e pkg:maven/java2html/j2h@1.3.1?type=jar ecs ecs 1.4.2 optional 62d53be190ca9cbfe01bec9fc3396934 f9bc5fdde56d60876c1785087ce2a301b4e4a676 b7140e42af61601390a44bd80da35fd847e2363bfeaeccdd568ef9f2cd40f91c 9082dfb73aee125a456be7ff676ee34767dc6a007a315f9c8c927cd94909fe107bca88d431d3ec61e91d8c1f61f9e46ff2d7b7cb94ed9b0ce1a21cdede612cdb f554c0abbebbff5e00fd7e1cd8da05fc09c91ea52a8759c820dced8a4256b20335ef56e2de4d5eff2ba0c798481a9c79 978c710212174c5411a09728ea636245803e68873b5a86c57cfedaa35044a9d278969158a35534a22ccd0d5d188b2ccf 033a45b4edf30bc6eb076e3dc4926df1c88617ebd105ea6893b6889f83e269bd 38b87875d3f4b5682e173f7063cf619da48b51a318bc9d4717874eb702798bec54e125cc94bafcb5e554b2a2f0c3f8a873e77544dbcf35537432767cc9f2df23 pkg:maven/ecs/ecs@1.4.2?type=jar GlassFish Community javax.transaction javax.transaction-api 1.2 Project GlassFish Java Transaction API optional 2dfee184286530e726ad155816e15b4c d81aff979d603edd90dcd8db2abc1f4ce6479e3e 9528449583c34d9d63aa1d8d15069790f925ae1f27b33784773b8099eff4c9ff 3b99e73bb47a5cc5b6cec3ea40b9215f2cd35d48757e00f8dcf733dd7e1cf3c8f48dd8ee24993535675fe963ecce3f537261a273bbfdaab1be51cc1749ac60da 766f33dc68259303d6e3b76d7fad84f32b39c81d9ab6d9342bfae614f56c37061ce116fbf4a38a93cabbfb889b0e2326 2f0183148a8895b4984b132d0f80fce29ac32a1f3ee638ed3c12ec5180566fc236ce51b346a98006c138aa1d8b5f43df e7dedf2891cac473afa2cc4f4181b79cc77ec9cac092c9b58e2812e025dc6547 44772869812245f52d30faaa139cf033c3012d674061a6b62712ddccaaacee8b85871424935804b1cd78fa16e557fbdec0e4054b762a206b3a48d7f37a0a2f72 pkg:maven/javax.transaction/javax.transaction-api@1.2?type=jar https://glassfish.java.nethttp://java.net/jira/browse/JTA_SPEChttp://java.net/projects/glassfish/sources/svn/show/tags/javax.transaction-api-1.2https://maven.java.net/service/local/staging/deploy/maven2/ net.sourceforge.jtds jtds 1.2.2 TDS is an open source 100% pure Java (type 4) JDBC 3.0 driver for Microsoft SQL Server (6.5, 7, 2000 and 2005) and Sybase (10, 11, 12, 15). jTDS is based on FreeTDS and is currently the fastest production-ready JDBC driver for SQL Server and Sybase. jTDS is 100% JDBC 3.0 compatible, supporting forward-only and scrollable/updateable ResultSets, concurrent (completely independent) Statements and implementing all the DatabaseMetaData and ResultSetMetaData methods. optional a8f0d9493455a962d0a6413977e8d80a fcee1795fd535cd7a8a8824df9e099417e8700a4 2b0ed4ebc84c8bf777571b33154772ff6bcd1d17a55fc9e099751fbb386fa90c f9aae7bf14909b6921b5c9ee1830ec1cac66c95ff9afb107011ab19c73ac039772d395b769b6766ad719e566f2ca98fb828fd28c7726e0086d70e3220d8e9103 661ae6f40d9aa2daae8741959e3fdb86f9dc115ed513bdb2bb75ce1602bb335ab3d6cb97f15cfe0c3e3ed222b586770a b5a232f17c72687e26ad80093798151c7feec2b9158baeba0e7b6a0192391e0c6aacef8ff7fc1c7caf54eb06a6f6bbeb 574b55cfc8c6a9ef2d7b0a8028c83547cb4f6bed49e0365dd35b99422e593fb7 f791fc8bc57e2fee17f49646cf85fc490d1aefc295705061820e3d3bd8ca55e35ff25f6bf603b72540d22a818d9302634cc0dde79b7ff59f0d65677b19132519 LGPL http://www.gnu.org/copyleft/lesser.html pkg:maven/net.sourceforge.jtds/jtds@1.2.2?type=jar http://cvs.sourceforge.net/viewcvs.py/jtds/ org.apache.tomcat tomcat-catalina 7.0.27 Tomcat Servlet Engine Core Classes and Standard implementations optional e6a1c40d390f6a23e87d9cd82535dd59 5636afa26acab10c72bb4e2ec49532a6937a44eb 596da4a1c7acae65e7048921dfa805f3fa9da38a17c42488a43b8f53e2267f2b 08685fd3ed529b2ee355c0e3e3e5d75d03ab1ff2d1ebf3df83cf424853b2be5ddbee5ea734687e3a3d90a81e04fce908f35167bda68d54e2856841c0affaf7aa f4566cce827e30d40d82e66d31063a0f042a1a5ad0a48205887f2d01e459c86d2299f4f81d488362f5abf1e07b085d52 ef18fd34f824218b6b76f2f90693b4b2a479307700af020f8259c5c3bba47d2616fa39138b0114a1e552de7289eaab8e 374c1f459c27a90f9670e22cd541e29941e88f8b7698648c747299eb614bf681 d4553efd65372e0ae50611688578e63ecc0ff241d0effb44ec06464560f831f09023f0f5c295066723b16a3d0618a6d76adafcccc5596e61498b24734032e8b9 pkg:maven/org.apache.tomcat/tomcat-catalina@7.0.27?type=jar org.apache.tomcat tomcat-servlet-api 7.0.27 javax.servlet package 3deb28f230117828757dad33489a94b3 a7159bb6b332fb3b67f8c2c4dfc2a1430892353e 105230d2be60b437e2106018e5da8a03bad59de0498075266fd9e1caed39c496 5443f6fae0a0ad8bf73d0b88601c9fab2d57fcac60a2668083caeadca03cd26694dab35fd9d130653f3f73fa8581beda0a3c251f9653944caae427041605f54e c3782c3770238666ea71f1487cd6b277a1aa55d097bf5a7bdba54a39479d98f77ecfdfaaa49953429b1b2c3a8c5db2a8 9a1450984a1a874977e1e7970551c3427a4e0361466df7319ad562de58c4ec8058377c044e475b6ee8caa76248eb3ac3 6fcf4c2704f390ad1e730f524290cd4ae0f924684fb30f1a888db40dba8e2484 57dc1852f784cf809b853cf776f84cc6caa7ff4d56838572f6275b23ea715988f2fa81ccb67d6231df2fb56174479b93b1433136f4a3a6b0b3f5eaa5cfb456ea pkg:maven/org.apache.tomcat/tomcat-servlet-api@7.0.27?type=jar org.apache.tomcat tomcat-juli 7.0.27 Tomcat Core Logging Package 624c93006fdf73a1401ac52d8f1038c3 20ce78c872139424b73ed24d242a84b5bbee7125 257e3ab8ce00dd7d1d8490bf1658798d976ed8df119a8b543660b9702e4a5e00 3f5a3d9bb04f4e7467654b6e1878098ef64378642ae3385f41437236b6a3ebaf5013a2583666140c397c5f7034ba3b39d4b233b9d1f09d52fe73e1b8715bc2ab 8ce397109a08bbfc078a8ba23f8b4108fbd60372ba4b72ace701447293958a3908eac3c1c801dcbd1b25d673fc024688 bf5f49ad35cba7f3017c5e1937afae24515c55029bca4de2636191cf90d5bb3ed5e61226c60382736347f773d5a83b91 684059e2aac35c07dd5513e86b258fbb97c4a8859ab874a824049c794a83d2de 6969a87f4d2dbc20fd95726569887741145b542a845ee2481777ccd22131d6c703ce020af0b92045e25a08e906a69d31b84e692286521022941fd8b3559904e8 pkg:maven/org.apache.tomcat/tomcat-juli@7.0.27?type=jar org.apache.tomcat tomcat-annotations-api 7.0.27 Annotations Package b702578fc1b0fa3cc4bc045fde56a0af 43de2bcd1b031daba05d8aebbaf8cce4bed0d34e 5dac4014a20e6f17d4bdfeaca346b5ff356abc0b8e8f383045585b2e9dfc7f4e 6c1287561aac944bea6f5a17aea75946c48a773a27a5b9781121cad1a83711b82dbda0454f0923736bf11f07787430e815e8ecfb0f562408acd1ad67d31a90aa e0509803b4e55d79782d23aa92a30e735ef6ae4f8c91a90dbe91dc37f39604e77d78eb1cc3212899daf3590ae2de3786 ad234cd7a56672771b5ba5bcb081ca96b2c73cfa55ea9765bb7d43377f0d7cd9fac8b8a93f252c637a80c3c40a8bb83a 07191a9cb7b4b46c99b93bf8863ceed6e10289ec02c179c045603d728dc2bc35 2b745251ebaed7245c51c894c7fd88e4d234766f43a37472ed6d303532657587d61f05b8101a23c3df0d713075ba26d3b8d09e4ca76ce12f5d32fc6b9abadecd pkg:maven/org.apache.tomcat/tomcat-annotations-api@7.0.27?type=jar org.apache.tomcat tomcat-api 7.0.27 Definition of interfaces shared by Catalina and Jasper b608785beed29ece882ef782695e3b69 a39075408b5725cc8dde84cfd2816099df885711 785aaffb22de90cac8af21fc11981d45ed47b2ff6197204b7ba5a6552b63d68e f82f8aa416913783c625521d77684eb61ec369c9b7c32e77317ff80d4847748dd0be9b16630da2dc047c822dbde0d67831b10d9f2567eb9a3fb86b559b1ff602 9d67b395d04f0da94b70de975d267a55ec257c888789dcee84af209dbef9f443d0d5cf251f950f955a82806af029ff0a dbfa656f886e12fc6f87b7c3f34c848c4a8f7a9e4845215f8a3775ab8b87473719a8ce0d08c8a74a5ab5aa24d0879880 0b981ae04f1f8c1c852f39f2a73f1775cd7ee09d1692ed6f178e67970078b870 e6836cd951b36e950eaf184265e9842087a8190b9d161034f69e9c4d0470608791c9c3f1943ef2cf30a91ce2317a522f1b5de1e5c706b060dd01a2052b88b0f7 pkg:maven/org.apache.tomcat/tomcat-api@7.0.27?type=jar org.apache.tomcat tomcat-util 7.0.27 Common code shared by Catalina and Jasper 3bc2ae683f8da61739bf3ade540327e4 249a9c7584ba34ede9de3eb7a4ff191990b61f38 f0e1f5edbab32dd83bf80b472a48efb670664287f7606277afb874a1041af79f 63bd797d3115a590e9bf2f59716fa4d87d7915249261b4a37664f1143bb166da46284634102ad1cc9fccaffeac647dca3f817a943c42937a378f17deb0e49dc2 5e00d38b3e9049cd1e728abf215c3b60698820df3d29e5e6261cd84102916797403eb97c567129cb63b0ac68ef5a9272 96ed3fb8c7e52c9a9e4c2612fddd7583407f2272fcd8f827dd0421955374605e0af1f07322b4e8c67305ecfd8b68e0be b47f35e7513b43f37017470867b3c1646124478274ee03d49d7601a9f0a980a0 9aba9d5f4d4d38545fc4da2c3c2980aef582a2a92eb0ab1b8b909c7fc4afd18c80385f07843dbb59f85a7755de6108524e25f34e306d59d4095b0159a6d00ecf pkg:maven/org.apache.tomcat/tomcat-util@7.0.27?type=jar GlassFish Community javax javaee-api 6.0 Java(TM) EE 6 Specification APIs optional 9322de56b69e3f85f4ea39722c497c08 d6f416983ea13c334d5c599a9045414ecaf5d66d a045eac0ff80c5c0fd29b680599f27598abff16b1e6c9df46ce962a4e0b1390e 3f69f0a8827cd58cb53e9a1e25fb816760b91d441286f0534a0cb2f7a07f83d8ec1a50f8bdf6fe3b489bf66bdb8ac363d9f5c6fecb6fae8ff704f1a42b0aeab6 1b0fcc84f84e2bba179ef3e9561948b83c13ad7153b3a0e5f75f93934ccd2c509b27d9c006b88012db5d9f148e86a244 40ad101fdd32a6eb83015bc8d93189598e6b01a851a9f1f3be08f48c308e9507c34519a55023c1bac0f0e01e2433e1e8 0f4728439e813b9d712713a6433453a2804563e17795b7d66c5f845ef5ca911f 9364c3781acd0b07aceef20d368ee33525274fb85ddbc47ca621d74324864158f0441442783e7d0a7147122dd28c5fc045940071dabc01b3dafdcf91156463e5 (CDDL-1.0 OR GPL-2.0-with-classpath-exception) pkg:maven/javax/javaee-api@6.0?type=jar https://glassfish.dev.java.nethttps://glassfish.dev.java.net/servlets/ProjectIssueshttps://svn.dev.java.net/svn/glassfish-svn/tags/3.0/javaee-api/javax.javaee SpringSource org.springframework spring-core 3.2.4.RELEASE Spring Core optional 4ea7fb151a045dcbf89786d85c9176f3 d36bed1dbca3f725bb5a4405c6115adc8c99d1a9 f0c462cf982bdc64e0c0b4c885e0581873addde91b0352d18da8522b714b1226 48427350e45754dab4f9932551b8e2bf99c91f2854839967abfd48fba1fab2f3586aede7bfac62374f44f2d70f7671a852ad8dba79bed91537b910c97553be60 2a94a1c1641a99436f56887c0ef9f3626898a7f45ea19404fd8ee6b06ce779ab283b0594c90ae51bd97f33298510ddee 7e1178230418d9da483e06fb933e6ec2a1364cc49dca68fae7ebc6729aadfb462b2d2a191f4a1672ac535225825258ca 4c1f0bf6310b32ccdda8b9e0defd0fa8ada706e3f2438dc4236062550787c338 47789728de456b0e5d602f092d88523af9fac08f853acb17f3d369d2426fc67e48dcd8abc73c743fb722cca0743fda60f9639787b2fd70dc8c350bab3536083c Apache-2.0 pkg:maven/org.springframework/spring-core@3.2.4.RELEASE?type=jar http://springsource.org/spring-frameworkhttps://github.com/SpringSource/spring-framework fasterxml.com com.fasterxml.jackson.core jackson-core 2.0.4 Core Jackson abstractions, basic JSON streaming API implementation optional 83342eaf63b2967115f52028a8c158cc fda2057c7eafd65915deb349c32bbb11a241d6c1 a56260c670ec41b4db655c8c0ac75cf7693059ec5922821ba583d1ebbf6fc2bb 9b3f48638b481fe704e2806dc77d9087381d1eced0f2f40c604c76d48a4c35cc5de6e17214dfe9e8f45d7727e9630fb65b805da4ae80a8957a323b5a13adbf82 e2305dbedddf8a55aa1ac8783568ea3457e786ab8c20536494d3002d06294722d1acd2c1bf27769518683a62711e7909 f1a3fb45b74d09961964c1844d689b6bb2d20e54fa2917be520600201881c5f21976bc4682784bb371c8687a70768d37 dd9801113046a5114424ad07d245ab78aa118d79da76f973f7ec7968d50f2be1 8e4de277343afaa4acffece3329f83334858b15296e0ba5f4ec3c5ccb16aa96ae779ee7a5015364fc272b2649107c311ae75ab98bc8c637987842e05931ee79a Apache-2.0 pkg:maven/com.fasterxml.jackson.core/jackson-core@2.0.4?type=jar http://fasterxml.comhttp://github.com/FasterXML/jackson-corehttps://oss.sonatype.org/service/local/staging/deploy/maven2/ fasterxml.com com.fasterxml.jackson.core jackson-databind 2.0.4 General data-binding functionality for Jackson: works on core streaming API optional f31b6bf90afbfc33fd7ab3f18485bec6 cf05e1449bccc5dae87bd64d3e7b7be686a19af8 6c84fb848a6b3bbf28cb056a75bae6ca8c6cde277c83dcec4b9a6cae7035595f 044263f3e15114a1fedfeef0e211e8613e9e8d9210e63d2d2cb358a3389abfab4af6ffade7443cb6962960072e0a4640b955cfa8bae5e3717a481e7a2bc5313f 6ced5a11cf83a0a74fcb250cdee26e568428f5a77bae92f1623d1c8f06498ca255b24c79b408a73b7e0c298ec5d99b79 2937c6b5825843ba2cdc01f14a610a706edb386aa7345c1dbe264d95984268ad1fa994232702d6129bab39229473e190 e8fafd546e8edc9c41d84bfdce8bb22cd3345e6c360f4dbb77f6dcf30da74508 04d5e4b09a142084b7c66910e65fe1e02b67223c036bc8b4d741a22e908a932602bf89436d99cacbab8e27901a542cf73667da4b3070c1644ef6ad3a6da18fe9 Apache-2.0 Lesser Gnu Public License (LGPL), Version 2.1 http://www.gnu.org/licenses/lgpl-2.1.html pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.0.4?type=jar http://fasterxml.comhttp://github.com/FasterXML/jackson-databindhttps://oss.sonatype.org/service/local/staging/deploy/maven2/ FasterXML com.fasterxml.jackson.core jackson-annotations 2.0.4 Core annotations used for value types, used by Jackson databinding package. 80615627d10d83a6904e46cff2c1637f bf8ae811948b74ada97f643477d209bb336574eb ae853ba5aaa2e3ead43185e40514ec64de4effa9b2d7e1684f0f70a878965959 bbe2d74e1bb59e61b8a45d1d6b0172ef718b9ec000ae61e32cdd342def844a33475dd03b102df2e7ad3c56ce982c202c26cba5a5ad415d61fb482949d3794664 96cae9f3cad3e7a436f285fcedd93b833b898fcf97476039fa0ff17286e6136074986d8555653e49be7cba8a70033764 a127cc0b35850fa0c981c6f6ec2b55149b7c8b2f20ba2f19b19c153f3bb698d83c6e558bfbc06a073f09de52546feaa2 8148df59effc0b1b1410aa91e76639cf00cae888918a39a05952334f2bbb5b82 6d0c94696930896b56872744d8c99d299db78ae89eec6a71f314e7fca5c73dbfeb6dda313cf61d16d3cae272cb35a74e24e9877e41115c4ed29885ce3e82ca3a Apache-2.0 pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.0.4?type=jar http://github.com/FasterXML/jackson-annotationshttp://fasterxml.com/https://oss.sonatype.org/service/local/staging/deploy/maven2/ SpringSource org.springframework spring-webmvc 3.2.4.RELEASE Spring Web MVC optional 38173f7b7ca0f7137d5a66b5995fcc65 99c0303b36c421b3c43dfc2ae55e46fc81dbaefc c27719d84c336f5874152aabf5d38d585e9bd2ba3a60e9188f55b4bfee2b9551 8626d3fbf345a313d434dc07f8efa5914c0ffc926f1f4883cd91c263ff1fd340f79839c7e46e83129a969cd21aab05f334fee94ca6e182d6de810e15a027882a af314ece7a80b56222d3fe6f7778da7a2a043d68d37c76b5b212dd25a01b05945f70dc14476415dbe079388cfac08173 a838b2457c4e6e3ea0246d96453ea5adc87057eca4f21cfceae7bc8f45b6c79cbaa4955ab9a5ba9be51dac5f32ebac29 9a62d21ba73c4815fe7859c391edb4c64503a654ad31d5dd6872265e5f7ead41 ae24281458d7cd8fd3007708bafc3663108b83e5ce2ba47d392ba4fbf211000b2051137e6e3d5c8d7e5c54319a2132e8a27d3613b82c3b1692c7772d7c838b44 Apache-2.0 pkg:maven/org.springframework/spring-webmvc@3.2.4.RELEASE?type=jar http://springsource.org/spring-frameworkhttps://github.com/SpringSource/spring-framework SpringSource org.springframework spring-beans 3.2.4.RELEASE Spring Beans 50110a98f45c966e662bd9fbcf38031a 47b156296a5e9875faa7421b6e25b419a530f52d 387025a34350812978f39c5cd89484379702d617712f23f567f0dd61952aa573 aaef84ea406e6b0ecd4cdd501fddb469cfa3216409dc838711842f3f2f995d2cc1eef4502e4f2f569710cd9c1b27051b4d6bf8d798c53bb5ad408a6ba1df39df 25c51bd252101f18938884520e2ed0d4d1cb31bd11186ccc2a0f2539dc86013feb194b0926fe8cb226966c9b3995aea2 be27cfc46d30a479c9480587a7e954e13c5c09eff6cea54d0d20717fe093b7bf32a95d8f93bdb3a05583a6348e192260 568b9781ff2663aa1e2946fae12dbcd8d9bc86c1c6fd0ab137cd6c4d4d80b4a9 6494d7db8cd1f373eb1aae5b91da1978dece34f960fab5f1872110299e426cba3668e672da53a6541e984e9d63d5d5533af1d196299764ed71698a6bc5a5ad9b Apache-2.0 pkg:maven/org.springframework/spring-beans@3.2.4.RELEASE?type=jar http://springsource.org/spring-frameworkhttps://github.com/SpringSource/spring-framework SpringSource org.springframework spring-context 3.2.4.RELEASE Spring Context 3b10ff4c60c2646afde5aabf4986402d 4e6d5edcaeeed6cb332b90fbe3713f003d28188c 5d51d11f02d2458ee690ef619daa6795f5e72d0e3e83b11962df69e76ff6b837 460253e0a50fef316ad9493bc86241601bb68a4da55b401b858aa4fc20e15ad9dfab885af61a172c7b006a75c3ea28ad171ad469b5c3eb5feeddb8fab31e69d4 13d90eb3ccd8253e6998fdd9400bc15e293d9e0625a1ffbd45377350e77d257bbb2cd66d286756bbc5041c9de31df97d 4f4e94cc7179263fa51c37eee3bf93d9c391639305d4025542faa646e65118afcc48104706b4fab11f114c3bf1afa042 0a2f99f040c1d3196f7e4e1a4c556b6d72071fe73e1d40c3bf1cd4387d165ed8 7b8464ef081fc51ff9da025b6bee63b6097c24c4ae503a5e2f13dfd30627e01a0d268e0cfdff070333f9f69ed41a19571b8c97706ed398a4328435bdaf3d0358 Apache-2.0 pkg:maven/org.springframework/spring-context@3.2.4.RELEASE?type=jar http://springsource.org/spring-frameworkhttps://github.com/SpringSource/spring-framework SpringSource org.springframework spring-expression 3.2.4.RELEASE Spring Expression Language (SpEL) 63cc4c17140fc24fb070dad669693ee7 edde2efe828f5890f57aa153f55c5c994cf04489 25cdba8a2e2a9289305e33868a026fcb7b88ff56adb92c0bce1b0d3f2e53d2f4 a0510cac0c49996e9a16354f0c0d4784010848f9a87548e200b6df698436c26a02a79351d15fd61fe02b15f6f5fe1881a6974b3e78f6b7758480e364cee18a00 94bff47eee3d8b044c74146272616ddc2a8ac43e4ec02369d466a7e43bd46edfd2a8cbebf73c95bfa491d5ebed22cb17 f292c2a58a00fc2361dba4b02f9916e9de10b619ec36bedd068eaa1a7c765dc9244efc8668a3a43a38bff702fce49801 9e4f28123532a858579c2d23e2e00a1890a7e8486455a73a76b390daaaa84f15 4b7ba617d05340cc2729644ab627c8f5e5d7ef3989fc7d85366bff8b0bc1b0f191bc8622b255a1f8021e8e0a5bee1e105950645cfe4d51cee97a9f76abdff505 Apache-2.0 pkg:maven/org.springframework/spring-expression@3.2.4.RELEASE?type=jar http://springsource.org/spring-frameworkhttps://github.com/SpringSource/spring-framework SpringSource org.springframework spring-web 3.2.4.RELEASE Spring Web f7734bda63661ded55e82d6a9c975618 8daf0bd1172cb253d93611adadfa0462935d760d 48da368bc3b457e6e7e08c71c36bddb208f5fcdd028848c85c4867ec4927abf5 dc398850c77342f5920c38be5277fc3a73545de04fd1fa90eb4987128b29c45a02c34c87ed214d9b23cba66b2c8c39377d0a77f85fe9d04ccae90b71434d9dd3 7bb75e593d8dcac837599f488c701d447ccb0759c9f7947e7d1a7849f900555bc5543aa8dc4d4f2e709d0cb60001f80a c5309a83550a7714317f0c2283f735001c2f5f1a37ecba9dbf73224a7cca68805169145f9a887cf34b8549d38eae236e 2e767880f56d2f85c303ff93a4f9a4110e9c65486641fb3bcfd75fc1cdb312fa 888922c2986a039d0661d02a3d645c27f59813293f9b076c1d13056f974ec6602182cc32a6c027058e2a6c8b6c6841e17a316ab040b56406d69d7c8a8c489603 Apache-2.0 pkg:maven/org.springframework/spring-web@3.2.4.RELEASE?type=jar http://springsource.org/spring-frameworkhttps://github.com/SpringSource/spring-framework spring.io org.springframework.security spring-security-core 3.2.4.RELEASE spring-security-core optional bbd11acd0c2699527e3e5a0bc3620105 493bc57396a821e8ffa7d99fac77cc79c15e9b7f 57c2dbbc7599c19e6635dc716dd9795150c0baf53dc24d045e78cce495eccc2e 6af7b04cff39031c9fac27680467100cc538bc3628b61d8ad5f9624257fc7de0519209c6684c900706f3bd7ae4ccd45f5b2def6df6667ef8a098c5dfdc52662f 4d6024fab9fb591ea233608061198a79004b7f21ade82d9f495d70ea839171e81c80435c415ac67d0f3bd604dbcc44d9 533b444295bc60e3ccb1022602bebaa4dc7108e63b8f6ab6f5002ae760c5792d388c7e536de1ece7d6c889f7bb78484a 849609a713515f4108b8ccce72819e0f3447c586650fbfbc8012c642bcfad2ac 01dee4835576886190268effa159727e6350f4810d7b51b001b6657948d96699cefa9eddde900b02e0088ee2a90ccb088fe92e79d6a2f8b5419d12590eab35fd Apache-2.0 pkg:maven/org.springframework.security/spring-security-core@3.2.4.RELEASE?type=jar http://spring.io/https://github.com/spring-projects/spring-security aopalliance aopalliance 1.0 AOP Alliance 04177054e180d09e3998808efa0401c7 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8 0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08 3f44a932d8c00cfeee2eb057bcd7c301a2d029063e0a916e1e20b3aec4877d19d67a2fd8aaf58fa2d5a00133d1602128a7f50912ffb6cabc7b0fdc7fbda3f8a1 4dddf44338b5aff9580da2532b81c0ac3e1d09e1f28c6db871a55cad442b705dd7791eb07f9d4577d49d0be3673ba783 2bd64cbaf769c6e4e85e34f7a6119d89e16fbf55af3fc5d6cbd52eb214c367dec1ac7b9062ee0fb35a2e0acfc7c477e1 d4a726b2bf8aa58197021a7d8fca674b4b2790d4c48de43a92f728866a91c2f0 830bc3f8328be76897990e9b9fc42eef02623115e456af96ad09b20900ad615519c8c8de60155ac04fb332eaa9510110d52edd13911af76271c71d91cbd789cc Public Domain pkg:maven/aopalliance/aopalliance@1.0?type=jar SpringSource org.springframework spring-aop 3.2.8.RELEASE Spring AOP 72d52ace5d2545edf632944eaeeed333 90e7924ef58621a4c07c81279e013d9a11d41789 21f22387da593222c20a0bb93a74ee8fb674a1535b868d92342352ed8b596b4e f503ce8df655f97038258eb008c0435300e25fd4167edc315073d6da5da8297c36e9582ce75df6ae3c885cdfeeff2ce3555c8f21f4dcefde79468c27b9a5f65e c5d78720e343bcdf97dbb49624d86151e138672284a35f56579d9f1e152c14ac50fc0f324f4f8967a5c7a0bf846316b3 9dacc8f39c83b099b6c3f4a2969599d9a1c9c0a5fadc3dfc2070458822f1e4aa7a52a49d1e6bbceb9bcda09adc9cd4b8 f0e267ec5ad32f2dd6758a7e60cbdb2f28ba5e284e5cdbfd9da611bd3b3625db 2fb8ab5b5ee13966296fda95bcba8e3481d75ba07381c5cc3a2d806bff44d1269bd19d70655d2c9b0c30d41421005a1e982ed4d1bbdb4b5189d05650bdba1a4c Apache-2.0 pkg:maven/org.springframework/spring-aop@3.2.8.RELEASE?type=jar http://springsource.org/spring-frameworkhttps://github.com/SpringSource/spring-framework spring.io org.springframework.security spring-security-config 3.2.4.RELEASE spring-security-config optional 52b085fea0df311ee1f62e00bb800469 952da051fc959b215c8e5882a7ab1ca5137af036 076c794187d49218dbc5d1475f70945b68545e10beda12e3b3e1402c71d1d590 68833ab3a940878e13eef43f654829de249d0f818378e9b2a928036075c52468001d818487bedcaac8617bb5aaccc3d27fe071d0fe469a8d5bebddff3d521870 c057aca448348d5a91ffee1508e9fd00765a00bc42ff98e8701453cf52b718771620545d8af3abca844ce344ac50a10a 0542c953e6b75ac5f826c77cfae6a1d477ff7ce62b705e2766242b3db7d99b9068800d7cb8d74406aaaf225ec3fd69e6 05d1c6a1931da3bc5d24ad20768f873b52873b2932eeae6ad39332030e3c9369 ca78eebb6a50c3d50adb3308e9ccf0787ee2651730d0e520e834c78f8cc4880909b15eac47ba750b7158285a51aca243d959aa6be89cd5a73f0121a0ec6c6c76 Apache-2.0 pkg:maven/org.springframework.security/spring-security-config@3.2.4.RELEASE?type=jar http://spring.io/https://github.com/spring-projects/spring-security spring.io org.springframework.security spring-security-web 3.2.4.RELEASE spring-security-web optional a5d9f8db768872e17b25d0970e574b0e 197d803ab63dd3523d9df186505fc1cc93044334 e7cdcb4f3778696e81f26894f08e29823d6da8f151c70db425f8bd71307ed906 a7f64df946343a0c44d50500743b3cf6db60576cf2ee5ffccdb10caa7882d9046326e9462b65a4871345abc276a306dbc4795fb06bfcce5c00446899a3056afc 162f74b5e1ebb8662fc913c65cf082b52566089ab31bc3e5f2a18ed38e3b92166761d936a49ce766e68ac85876ba08b4 5a8f819078338088978a22cdab0e7d80abd04c152865ecfa137cb5d125ccac0ef0de99a1c85f4b2d8f3fc2e96b8bb8ab 7a03f627cda522cfaf45f4ad1cb1ca9d599281f0357b4d6e30d1c56c26a07e65 5ce88cff601b3329efcf3588d57c14670ef81b0c8c49e8a3377fdfbe7cc97cc6948a7d352dc6cbfb50c4e782e37814f52184650da5ba17c31d8af56463835743 Apache-2.0 pkg:maven/org.springframework.security/spring-security-web@3.2.4.RELEASE?type=jar http://spring.io/https://github.com/spring-projects/spring-security The Apache Software Foundation commons-fileupload commons-fileupload 1.3.1 The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. optional ed8eec445e21ec7e49b86bf3cbcffcbc c621b54583719ac0310404463d6d99db27e1052c f4ae31866d62f91054fb3dfd0696efd08705e5e8ccd657b01b460a80044be532 712c0b25a9070d8c3a22d2a819c3c855d9f19bbe055663f70818071ed599ae56528a50121b41b9a29e7321ebd84ee37199add723df36da92d71394eaadfa9b24 50a70932d8a98771a63e26ce76865ddd41ec4e559dce71a128272f9ab216d6ee24fe556bf9d1f879e18dea929cae48d4 fc0c4311a4c3b3c5caf9838c6da232d3e8f0dbcec7b0cb9e640d3ba688ac9cc006a499fcc3ed1344b37dd61eb141ced2 462a9f5904cd990297675f246b9cefc4d4034bbe3ca4a334bd36c3ac319d8637 49e9330b77ee2826ef513d1f10a18d7f61d66bf586d7aae35ad8c83d70901ae170147f40b10a4bdd4ebdc7c2eb482935e30fdc3bbf1f8efd91ef94ff12cf4bee Apache-2.0 pkg:maven/commons-fileupload/commons-fileupload@1.3.1?type=jar http://issues.apache.org/jira/browse/FILEUPLOADhttp://svn.apache.org/viewvc/commons/proper/fileupload/trunkhttp://vmbuild.apache.org/continuum/http://mail-archives.apache.org/mod_mbox/commons-user/http://www.apache.org/https://repository.apache.org/service/local/staging/deploy/maven2 The Apache Software Foundation commons-io commons-io 1.3.2 Commons-IO contains utility classes, stream implementations, file filters, and endian classes. optional 903c04d1fb5d4dc81d95e4be93ff7ecd b6dde38349ba9bb5e6ea6320531eae969985dae5 551c13e49dab32aebdb7a70ec9c2767372e58864ae115ef389582e548cffee38 75c9f64c2db652f346ef98a54c5a6e9e93abd579d27e4a2d85d7a1f79ac2a033c4cf1f5d41ca86e0d9fd93fcb4e7a76465e5d4cc2e84cb9e17012b87c322b534 71904209b7f8e48756e00f5a535af951cd1abacec9b6b026e0eddb4110379779c5624c62b0ab03e6ad57a1ebb5816a15 15e139f6aae4ba4b9db2c7474111eeb890cf5c91c08ce68fa112c31c292e948d43efdbd1897467676ea7bd4689c23673 cac05241b5bd2eeb3ba3bc64a48026c6537fec3759ee02eab77e8c0d74148b41 f9b3a7e42aafe5888f34f068d231cf65de0e023b42edc4af5614f922e164b30dfe6d61b69b55247a98543dd3da5a9c0cd1af86c3b8f7e5516c070bfd77f6f74b Apache-2.0 pkg:maven/commons-io/commons-io@1.3.2?type=jar http://issues.apache.org/jira/browse/IOhttp://svn.apache.org/viewvc/jakarta/commons/proper/io/trunkhttp://mail-archives.apache.org/mod_mbox/jakarta-commons-devhttp://www.apache.org/ javax.servlet jstl 1.2 optional 51e15f798e69358cb893e38c50596b9b 74aca283cd4f4b4f3e425f5820cda58f44409547 c6273119354a41522877e663582041012b22f8204fe72bba337ed84c7e649b0a fb6fe33922631bba21b606cb5d53c4457071e695ec5632205185281e7db3e2d63d95248b43b9c7fb2cb5042d14a267b87d2c5da742c989174c3526dccf23aeec 750771b79ef083a19d20a7b384c166893c9045ebbb9428b641d0bafd8101615652d50b095e3647d2d849fb79b822b109 98a520ca2dfd326e210fee9dac631e6fc21315ae6f8eb93c1a29bf4cd7b7a5fe880aaeafb73d14d5e6638ea72ead222c 6f412b6fb48e4eafde516fc2803e0f40b09e2b6b090a798094430c0a126da654 d67e63b347426c3e547e5fa6d6d8285dc5b2f9ba212355d1d909ffae336f1475b18133e30ee0bf84acaac9f8007c52f1c94fb2cda1e1e339ba5db5715f981927 pkg:maven/javax.servlet/jstl@1.2?type=jar taglibs standard 1.1.2 optional 65351d0487ad57edda9171bb3b46b98c a17e8a4d9a1f7fcc5eed606721c9ed6b7f18acf7 2c0048ab3ce75a202f692b159d6aa0a68edce3e4e4c5123a3359a38b29faa6b1 5accad926fd4337dc2f7c01ddca751d515f03da14947223512b6f0af5314c40b8af6863e44604caa8f24e45c0cc8b00b5ddb446873663d131bcb0ff808ec412c b8d742ea4048f2493fa2b63ce5009582bc52ae299c743fa22945d628556cda19fd236303790b0412cf8df1e47c3a89ed f237a616183aaf675f43736ef513247d5e4d46cea0e43447de848b0793ecca6221ce4b4ab9b833e02fe120d634b8e38b 886ee024747b0b3ad4c7615bf395c0b5f440a4a93b58dc05dfdd21482b732e66 007a47aced0cc89df32220819df1923d502c8af0eeb3975a06b6fb24e2debbf6769db96ac1be730efab725691c5ca2b27d40a71f2d8a82e9396e0f32e99be213 pkg:maven/taglibs/standard@1.1.2?type=jar Apache Software Foundation log4j log4j 1.2.17 Apache Log4j 1.2 optional 04a41f0a068986f0f73485cf507c0f40 5af35056b4d257e4b64b9e8069c0746e8b08629f 1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9 3f12937a69ba60d0f5e86265168d6a0d069ce20d95b99a3ace463987655e7c63053f4d7e36e32f2b53f86992b888ca477bf81253ad04c721896b397f94ee57fc 80b79d5872dec949dff23d221636b5faf312f08fbea2b5e2a8db84a5f5955e13864aff4a288935cb53d4da3d61defbe1 0be025582340080ea191c4e2559395fe9957c8d0aeea040239dea8504ce035bd24150162898d18c863092697ef52501b f7f31abcf8b57cf6fd18380b5d1a13f999e3d3d1d89bd25a4a3885fc832f4a29 0e4a21cb87a6b8626aa8f580b307039d2b060a6abc53d35feac9ecb8ffc2e80b627a12a869b5b5bf30a6e9348cd4c5c3edca937859141614f3c1b14bd8d4ef93 Apache-2.0 pkg:maven/log4j/log4j@1.2.17?type=jar http://www.apache.orghttp://vmgump.apache.org/gump/public/logging-log4j-12/logging-log4j-12/index.htmlhttps://issues.apache.org/bugzilla/describecomponents.cgi?product=Log4jhttp://mail-archives.apache.org/mod_mbox/logging-log4j-user/http://svn.apache.org/viewvc/logging/log4j/tags/v1_2_17_rc3 JUnit junit junit 4.8.1 JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java. optional fb44723f35c2f1af5c51eb729b502f0d f2975548f836416306ef1dee748d956f04733915 efd8cf93b57d01e8f5fbefbe1f17ae39e6e22553615926e00a6eefc307da21e6 c6bbb069fd60e60b3156bdc8efc012f2b04964114d71036f780b7e6c3177facff63610a7fd617bc5ba93a6fd912ffb06be380b0b9db51ca191b9fc058356801f 097637a223312afe78d71512768fdd48746f155a3649b97d83d168e831295007017a970b653bf62d499ffb37bd551fe2 826817db877217f37b1ca4ead2b8ff16b7da570300519d4cacdd1295ba95ca64099f19269379957012bae82c89a7b1a7 d2ecb1212b290245f198d4cda14d1645a451af23a38c475ca17c1514e298c869 d093b73da6422a824391e3edc09363e907bcf07794d4e403ab70cdbf943582a704a8ed7d02d87bba41ccc48497ae8f3e610904598fb152914364f37b66f4ae3a Common Public License Version 1.0 http://www.opensource.org/licenses/cpl1.0.txt pkg:maven/junit/junit@4.8.1?type=jar http://www.junit.orghttp://github.com/KentBeck/junit/tree/master Apache Software Foundation org.apache.tiles tiles-core 2.2.2 Tiles Core Library, including basic implementation of the APIs. optional bdbd270083adc95c505cc2af5ecbd1c8 01db730fbe26c148e3d085edadafb179e9674ece bf885b7b53f5bca0fb603e66bb374750f3f7d21a4daae1ccef74938a82586814 3352991a992c56c84885c4b32be9082937e3fd72e7e18581fd3125d2fc719a58152e8c5468c32d2b3bfdf2894bfbea296bb3f1e5cb51c21f5951f1f941b782ba d370be34858c67455bad71d75b98f6d98285e4d36f0a2b38e1b0c12901fa3e91651851013b478f4ab2c286ffd80b066b 09dcd5b61ea3414bd9c61798822cefefde46898aee660f0c630ca2e13d136745ebe4d8e0bcb43e97076384577d0f69f5 7e5056f1917b37db91f1457dc582a533fb47cf008e379d2f7b324b3c939791de 17c4a05123e0d365894e769f9ef8125f83e4bf82f8dd6e895aeffe3c2524ccc490e524d4646179a3550710065b018ed74b6fe1f4a884ac26c5e93aca1265febd Apache-2.0 pkg:maven/org.apache.tiles/tiles-core@2.2.2?type=jar http://svn.eu.apache.org/viewvc/tiles/framework/tags/tiles-2.2.2http://www.apache.orghttps://issues.apache.org/jira/browse/TILEShttp://mail-archives.apache.org/mod_mbox/tiles-users/https://repository.apache.org/service/local/staging/deploy/maven2 Apache Software Foundation org.apache.tiles tiles-api 2.2.2 Tiles APIs, containing interfaces and classes to interact with Tiles. c17a57e8f31177f85087bd519034c0a4 7c4a643772ad37664ae053915f073bc5a9a06b45 c4c73247a4c719bf369382457a0b31dce131816aa175498f05c3dbce3c5a590b 820b26b62da879bd5673d516e282290262975fad5428a0c09905acc9dc242cd8e69eefff169ff21a6138b722ac633981d056130aca167933f810274424c84efc a3d72bb7664ce312e634002f4a6aae1349ad886da13af0a2ccccec604af2783c8a05af5360064bdc9886a87580c6b3fb 81ab8c63b43fa814d468018705f6dbbf284fa717aacbb3af781c672888b721237a6cbd34051101181f597fac5a5240f4 a7272e1df6513ffae34ddea83345228c774fb5866927c641666dc044030c5fff 4fe0ad2e9d738742a41ce5ee93163f01e86642d59c36398a04bee681b66d220d97acdab932b9060e5f6acdd2e561e6ee99051533eb2be6a7b33e36bbba0b6f35 Apache-2.0 pkg:maven/org.apache.tiles/tiles-api@2.2.2?type=jar http://svn.eu.apache.org/viewvc/tiles/framework/tags/tiles-2.2.2http://www.apache.orghttps://issues.apache.org/jira/browse/TILEShttp://mail-archives.apache.org/mod_mbox/tiles-users/https://repository.apache.org/service/local/staging/deploy/maven2 QOS.ch org.slf4j slf4j-api 1.7.7 The slf4j API optional ca4280bf93d64367723ae5c8d42dd0b9 2b8019b6249bb05d81d3a3094e468753e2b21311 69980c038ca1b131926561591617d9c25fabfc7b29828af91597ca8570cf35fe c47d0d78388022e38bd60fd6e613ab4ceb9cad6b2567a3d36153aefc832864a99de1f6cdcd52959f73231e5b933fd9172353434e5fd83777703f41cb40fc97a7 1b59a922a63fa73baff42db7e9eeab1525c71cd8f9d3b7ea208f310792aa7f334fe7d45c8dbbe4bf8bd664dd49ed39d2 a520c091af8ee6d2613a36f58e35d443476ec4f0e7cec437a6100470863b8e06fd8bc76c23f1d3e49a5aeb3efb610b79 2624d4637fa5d3e7b56c66a29393ca61059565d54bbfc255d6494aa2ff7c3f20 173bb385f03d4ee926ec9f35fe11ca009ae5f4a5f490d6cdd310b5e4e7553a0607032d32b8ac63f638b3c1b2273252f1a333b22955e8700c50113f06ae0c244d MIT https://opensource.org/licenses/MIT pkg:maven/org.slf4j/slf4j-api@1.7.7?type=jar http://www.qos.chhttps://oss.sonatype.org/service/local/staging/deploy/maven2/https://github.com/ceki/slf4j QOS.ch org.slf4j slf4j-log4j12 1.7.7 SLF4J LOG4J-12 Binding optional 4d2be9dc9aa3d08dba9daa09ed917526 58f588119ffd1702c77ccab6acb54bfb41bed8bd dba4c3c10321c86a48d689354fbfd9772a65e51e780d1e5378a5ece2e426a8f8 f8e4aebe88589d0175079db03cc199543a85ce490949326653e659be9d1daab3b0368a69f93b2c7f0040c02336459253d3b48feda49cd29fc1bcdd090f966f4c 83edae0c46e22b6d8223ddc68b175d2e9c3b37d5407ce604917d73256db60faf0b7227f3408746c951a54dde8e79ec71 04da2428ca3b9451be521b5489e186cacfbbc53725814bd2b0f4a88954f091638884ee8c06dde9678bc54871f8d561a3 b0a91926b904c397196dc1b9956d4b9df93e53c6d4ef2c223b5230bcc8235475 e2315316f4e64e78645216d836c1dbf258b5acb40bfc6ed0d5a6e06c6bb3556a332aecf52e447cf3ecb75632581e2c80ba82d95f3f0804b5a269428d88869476 MIT https://opensource.org/licenses/MIT pkg:maven/org.slf4j/slf4j-log4j12@1.7.7?type=jar http://www.qos.chhttps://oss.sonatype.org/service/local/staging/deploy/maven2/https://github.com/ceki/slf4j cyclonedx-python-lib-9.1.0/tests/_data/own/xml/1.6/000077500000000000000000000000001476011761300217235ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/own/xml/1.6/regression_issue630.xml000066400000000000000000000005671476011761300262760ustar00rootroot00000000000000 example 15.8.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/000077500000000000000000000000001476011761300227065ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/.gitattributes000066400000000000000000000001421476011761300255760ustar00rootroot00000000000000* binary */*.json linguist-vendored diff=json */*.xml linguist-vendored diff=xml cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.0/000077500000000000000000000000001476011761300232045ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.0/valid-bom-1.0.xml000066400000000000000000000072131476011761300260770ustar00rootroot00000000000000 org.example myapplication 1.0.0 An example application 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef Apache-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false twitter bootstrap 3.3.7 The most popular front-end framework for developing responsive, mobile first projects on the web. 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 MIT pkg:npm/bootstrap@3.3.7 false com.example myframework 1.0.0 Example Inc, enterprise framework cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Apache-2.0 pkg:maven/com.example/myframework@1.0.0?packaging=war false cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.0/valid-component-hashes-1.0.xml000066400000000000000000000022531476011761300305740ustar00rootroot00000000000000 acme-example 1.0.0 641b6e166f8b33c5e959e2adcc18b1c7 9188560f22e0b73070d2efce670c74af2bdf30af d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964 d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad 74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6 7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa 7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20 false cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/000077500000000000000000000000001476011761300232055ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-component-ref-1.1.xml000066400000000000000000000010571476011761300304270ustar00rootroot00000000000000 acme-library 1.0.0 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-component-type-1.1.xml000066400000000000000000000004711476011761300306330ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-empty-component-1.1.xml000066400000000000000000000003661476011761300310130ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-hash-alg-1.1.xml000066400000000000000000000014761476011761300273440ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-hash-md5-1.1.xml000066400000000000000000000014411476011761300272560ustar00rootroot00000000000000 acme-library 1.0.0 required foo e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-hash-sha1-1.1.xml000066400000000000000000000014311476011761300274240ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 foo f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-hash-sha256-1.1.xml000066400000000000000000000014011476011761300275750ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a foo e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-hash-sha512-1.1.xml000066400000000000000000000013011476011761300275670ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-license-choice-1.1.xml000066400000000000000000000024271476011761300305270ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-license-encoding-1.1.xml000066400000000000000000000402031476011761300310550ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-license-id-1.1.xml000066400000000000000000000402011476011761300276610ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-license-id-count-1.1.xml000066400000000000000000000024601476011761300310140ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 MIT MIT pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-license-name-count-1.1.xml000066400000000000000000000025261476011761300313430ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache License 2.0 Apache License 2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-missing-component-type-1.1.xml000066400000000000000000000004561476011761300323050ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-namespace-1.1.xml000066400000000000000000000510561476011761300276130ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-scope-1.1.xml000066400000000000000000000005341476011761300267630ustar00rootroot00000000000000 acme-library 1.0.0 foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/invalid-serialnumber-1.1.xml000066400000000000000000000510421476011761300303420ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/valid-bom-1.1.xml000066400000000000000000000510571476011761300261060ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/valid-component-hashes-1.1.xml000066400000000000000000000023011476011761300305700ustar00rootroot00000000000000 acme-example 1.0.0 641b6e166f8b33c5e959e2adcc18b1c7 9188560f22e0b73070d2efce670c74af2bdf30af d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964 d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad 74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6 7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa 7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/valid-component-ref-1.1.xml000066400000000000000000000013001476011761300300670ustar00rootroot00000000000000 acme-library 1.0.0 acme-library 1.0.0 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/valid-component-types-1.1.xml000066400000000000000000000017051476011761300304700ustar00rootroot00000000000000 application-a 1.0 library-a 1.0 framework-a 1.0 operating-system-a 1.0 device-a 1.0 file-a 1.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/valid-empty-components-1.1.xml000066400000000000000000000002721476011761300306430ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/valid-external-elements-1.1.xml000066400000000000000000000535031476011761300307630ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt Banana Banana pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 Banana Banana pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar Banana Banana Banana Banana foo 1.0 Banana Banana bar 1.0 Banana Banana 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com Banana Banana 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Banana Banana Initial commit Banana Banana Banana Banana Commentary here Banana Banana Banana Banana Banana Banana Banana Banana cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/valid-license-expression-1.1.xml000066400000000000000000000022721476011761300311430ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/valid-license-id-1.1.xml000066400000000000000000000022761476011761300273440ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/valid-license-name-1.1.xml000066400000000000000000000023121476011761300276570ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache License 2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/valid-minimal-viable-1.1.xml000066400000000000000000000004751476011761300302150ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/valid-random-attributes-1.1.xml000066400000000000000000000512011476011761300307640ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.1/valid-xml-signature-1.1.xml000066400000000000000000000235001476011761300301200ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe jdoe@example.com 2018-11-07T22:01:45Z John Doe jdoe@example.com Initial commit org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef Apache-2.0 blah fdaf Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Apache-2.0 pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security PrB8/rofGs34XwIX5OIdYSjV2aKSe5VaztJKBvsgjIk= ePGNg30Zl9CW7RZdcRn8gFCp1AlWncjudA9pQDXyqZOvyj9RC2YtkI688WdfDOdVRZs6mflJFXr7 IKA9wY6jVrEqZmlef55Qp/8iGwOjOjWbwYsm2AhrdkUi9gaFSWEd8uITYHOpWbiPFSsnimiK9+ft 56dkg/oJMLdXzlaukzq9iGkRcafRkW433OQcZIXwD2K8lg4cdD0pNNNqBa+PgIvzbxA5H84TyQDB HBcQiw/j1edRBJgPOwlqzZDUawOJaFhAPUQ+GGKMetIJH2FqqrHXGuV1NIwnbWTCg40RdOcBdCrl PDtDVjFh34uZ4dYBpJBIlM4daD2N4B6WPB5iHRyuZTczF2q03ObabuTgkpK6EeadFVqFNsEOOPPt MDDyda+Lwff5KjvUHvRRtUDIOm2rNIQKzaseulwYcA9UWQHAFcupJmWcLLM4zzY7F/uOdZuSurzh U6h5kdb76Juepof6ee4Q5YpwNOGNL5JfB4C3sc/Dbbv8dZ8OuXFYSZN7reUGZzCNksByqERPEbAe n1ldJu1HnRXRQpwaon8Asy9CuNmPfFCfDwOs2B4p4tb+tLNIKFHdRlpd19Zr9vCMCbltXeqq0Cpq OejSyLYGqSWzzzUh449dJrg6KTevrTNEln5GAlLBFSdjM5JA7KV2u/GyDVFwSEW7UKooGN4CtgU= CN=bomsigner,OU=development,O=cyclonedx MIIE+DCCAuCgAwIBAgIEXGzayTANBgkqhkiG9w0BAQsFADA+MRIwEAYDVQQKDAljeWNsb25lZHgx FDASBgNVBAsMC2RldmVsb3BtZW50MRIwEAYDVQQDDAlib21zaWduZXIwHhcNMTkwMjIwMDQ0MjQ5 WhcNNDkwMjIwMDQ0MjQ5WjA+MRIwEAYDVQQKDAljeWNsb25lZHgxFDASBgNVBAsMC2RldmVsb3Bt ZW50MRIwEAYDVQQDDAlib21zaWduZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCo 5JZsM4ZLfWW/dpRlU6CpnItWspddF+bEVDETKVwVj9tGpqR5jURgKS/BOQP2TGUsR3/ZJJBhYRll ONhrUQrVKV/I6wp3Z40qPEa1RJLE+QlG9iL8qBV52CnXkLmnUSax3dspSzmSct5vDiTnvpHG9jr0 AKFeTjy7U9rv8GJybz0ijwlpBoO9JRdYPX2PrrzoSeJLoxKq+GwuyCZ5LhXRN0p1a+NAirTAmY+c G1ZTLkMmfeCUy1t6H/bG4RnYOSSPOvk7Rb68lQpUqb+pbbNuB2o/b9cDwtLLCtGVlu+5Wj8mrytY 3FGFQM20j3yVeRInmGqTTDBelQa/CO4JKqBlmaeYEIvNYbFs9+AlqadivwDO51RpdPo9fPSpsBpy ZMv6S2bXNuUML+Rk99WyKJTPM0PTZhRLZ64ZXEhlz3kQWVoSlrcwwim6sj6LRUb5IRqA3lxRFUI6 NXKyiQLamQp+t3/9OGW9L1rLCcw7yFo0s8LhMTPMiv4ol9/hQViT+8ICzDsr0OM9ZiF4/UagFRlt IClV70cjh1DpsZjzQIRVGaj8uQ/JdtfRz4E43Ki7U0a2Vpho/t6poLVndv46tkX5nYGtMW4WfMoD ZflQ9pajvvKtr2jB1wob6nsU+VTmAcWZy4BCPH+XyfDw/0SFBdUceJJJtPWIeYFDUY7onptf+wID AQABMA0GCSqGSIb3DQEBCwUAA4ICAQCOVariNgK+9OF/5T9ZaSvZbkk45RTmzgQNXtFc5xfRvqwP s+pu/DFXm1R+ltjyS5j3w6NBZUFUI5MqLQr6JEEDrbu8BvfBO57wJNAEATj1JIHEfDfh7BxnBF8f oYFOwbrh4jOt0wz0FW2obsSVmF4GSvS7tTlWqTcsxjdZVmwP40RWu18B9jzv7M61adrWD3ksDA5O amSOsZi3Nt0aacDkyGRdCIEFi0fplxQInXMtD1z3RhXu2JSTAIr54Cei49Bh71kAXSWHMCog/f8a lSrZyqZBty/ACfU9DqlPIM+giHePKm4z2bcdpUdKZk6wcKDn4CvuBOqsMBMg7L05UEyyqTPD/4dk 2GwJ8Nv0E5gsYHCIXF2cZ3OUVsw0mB/ozleEJVDE02uZZN/1wW1Xq028LsMdgN0Wk1WvWyF5MEdh nPWuhqp6tNaDI/kK6XQF+LjYJUzua3AQFOHfYNLKhO6d+bJ4rr0833v4v3cLW34kbXkKb6U3Yv8X SK3jBGCACiPgnc0N6awkh1kDlrZQ7GMsl14c+2+vpl9Lf0sL0mRUIyICfSC8MjlsP/BZH3emyfsk iWivPALomycKqP+PSkt1WaWApGENZWk1wNN99FYSYlt6LViW2p6T97fRx4jPRlHu+wecfD2k9RP4 bt5W2HWfOP0zNAS7SnAVLEl2QZxXKw== qOSWbDOGS31lv3aUZVOgqZyLVrKXXRfmxFQxEylcFY/bRqakeY1EYCkvwTkD9kxlLEd/2SSQYWEZ ZTjYa1EK1SlfyOsKd2eNKjxGtUSSxPkJRvYi/KgVedgp15C5p1Emsd3bKUs5knLebw4k576RxvY6 9AChXk48u1Pa7/Bicm89Io8JaQaDvSUXWD19j6686EniS6MSqvhsLsgmeS4V0TdKdWvjQIq0wJmP nBtWUy5DJn3glMtbeh/2xuEZ2Dkkjzr5O0W+vJUKVKm/qW2zbgdqP2/XA8LSywrRlZbvuVo/Jq8r WNxRhUDNtI98lXkSJ5hqk0wwXpUGvwjuCSqgZZmnmBCLzWGxbPfgJamnYr8AzudUaXT6PXz0qbAa cmTL+ktm1zblDC/kZPfVsiiUzzND02YUS2euGVxIZc95EFlaEpa3MMIpurI+i0VG+SEagN5cURVC OjVysokC2pkKfrd//ThlvS9aywnMO8haNLPC4TEzzIr+KJff4UFYk/vCAsw7K9DjPWYheP1GoBUZ bSApVe9HI4dQ6bGY80CEVRmo/LkPyXbX0c+BONyou1NGtlaYaP7eqaC1Z3b+OrZF+Z2BrTFuFnzK A2X5UPaWo77yra9owdcKG+p7FPlU5gHFmcuAQjx/l8nw8P9EhQXVHHiSSbT1iHmBQ1GO6J6bX/s= AQAB cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/000077500000000000000000000000001476011761300232065ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-bomformat-1.2.json000066400000000000000000000002451476011761300300120ustar00rootroot00000000000000{ "bomFormat": "AnotherFormat", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-component-ref-1.2.json000066400000000000000000000006121476011761300305760ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0" }, { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-component-ref-1.2.xml000066400000000000000000000010601476011761300304230ustar00rootroot00000000000000 acme-library 1.0.0 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-component-swid-1.2.json000066400000000000000000000006011476011761300307660ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "name": "Acme Application", "version": "9.1.1" } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-component-swid-1.2.xml000066400000000000000000000006611476011761300306230ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-component-type-1.2.json000066400000000000000000000003711476011761300310050ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "foo", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-component-type-1.2.xml000066400000000000000000000004721476011761300306360ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-dependency-1.2.json000066400000000000000000000012331476011761300301400ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "library-a", "type": "library", "name": "library-a", "version": "1.0.0" }, { "bom-ref": "library-b", "type": "library", "name": "library-b", "version": "1.0.0" }, { "bom-ref": "library-c", "type": "library", "name": "library-c", "version": "1.0.0" } ], "dependencies": [ { "dependsOn": [] }, { "ref": "library-b", "dependsOn": [ "library-c" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-dependency-1.2.xml000066400000000000000000000014511476011761300277710ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 1.0.0 acme-library-b 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-empty-component-1.2.xml000066400000000000000000000003671476011761300310160ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-hash-alg-1.2.json000066400000000000000000000015301476011761300275060ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "FOO", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-hash-alg-1.2.xml000066400000000000000000000014771476011761300273470ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-hash-md5-1.2.json000066400000000000000000000014731476011761300274360ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "foo" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-hash-md5-1.2.xml000066400000000000000000000014421476011761300272610ustar00rootroot00000000000000 acme-library 1.0.0 required foo e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-hash-sha1-1.2.json000066400000000000000000000014631476011761300276040ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "foo" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-hash-sha1-1.2.xml000066400000000000000000000014321476011761300274270ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 foo f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-hash-sha256-1.2.json000066400000000000000000000014331476011761300277550ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "foo" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-hash-sha256-1.2.xml000066400000000000000000000014021476011761300276000ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a foo e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-hash-sha512-1.2.json000066400000000000000000000013331476011761300277470ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "foo" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-hash-sha512-1.2.xml000066400000000000000000000013021476011761300275720ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-issue-type-1.2.json000066400000000000000000000022401476011761300301300ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "unofficial", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "foo", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-issue-type-1.2.xml000066400000000000000000000030221476011761300277560ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-license-choice-1.2.json000066400000000000000000000010031476011761300306670ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", "license": { "name": "Apache License 2.0" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-license-choice-1.2.xml000066400000000000000000000024301476011761300305230ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-license-encoding-1.2.json000066400000000000000000000366541476011761300312470ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2.0", "text": { "contentType": "text/plain", "encoding": "base85", "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-license-encoding-1.2.xml000066400000000000000000000402041476011761300310600ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-license-id-1.2.json000066400000000000000000000006541476011761300300440ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-license-id-1.2.xml000066400000000000000000000402021476011761300276640ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-license-id-count-1.2.xml000066400000000000000000000024611476011761300310170ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 MIT MIT pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-license-name-count-1.2.xml000066400000000000000000000025271476011761300313460ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache License 2.0 Apache License 2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-metadata-timestamp-1.2.json000066400000000000000000000003211476011761300316000ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13" }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-metadata-timestamp-1.2.xml000066400000000000000000000003641476011761300314360ustar00rootroot00000000000000 2020-04-07 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-missing-component-type-1.2.xml000066400000000000000000000004571476011761300323100ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-namespace-1.2.xml000066400000000000000000000510571476011761300276160ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-patch-type-1.2.json000066400000000000000000000022411476011761300301000ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "foo", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-patch-type-1.2.xml000066400000000000000000000030231476011761300277260ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-scope-1.2.json000066400000000000000000000004231476011761300271330ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "foo" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-scope-1.2.xml000066400000000000000000000005351476011761300267660ustar00rootroot00000000000000 acme-library 1.0.0 foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-serialnumber-1.2.json000066400000000000000000000002241476011761300305110ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-serialnumber-1.2.xml000066400000000000000000000510431476011761300303450ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-service-data-1.2.json000066400000000000000000000006561476011761300304010ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "name": "Stock ticker service", "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "foo", "flow": "bar" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/invalid-service-data-1.2.xml000066400000000000000000000006401476011761300302210ustar00rootroot00000000000000 Stock ticker service bar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/skip_invalid-empty-component-1.2.json000066400000000000000000000005531476011761300322120ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "$comment": "expected to fail, since `name` and `version` are missing. But in fact `name` and `version` are optional as they have a default value in CDX-v1.2" } ] } skip_invalid-missing-component-type-1.2.json000066400000000000000000000005511476011761300334230ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "name": "acme-library", "version": "1.0.0", "$comment": "expected to fail, since `type` is missing. But in fact `type` is optional as it has a default value in CDX-v1.2" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-assembly-1.2.json000066400000000000000000000010441476011761300273120ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library-a", "version": "1.0.0", "components": [ { "type": "library", "name": "acme-library-b", "version": "2.0.0" } ] } ], "services": [ { "name": "acme-service-a", "services": [ { "name": "acme-service-b" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-assembly-1.2.xml000066400000000000000000000014301476011761300271400ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 2.0.0 acme-service-a acme-service-b cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-bom-1.2.json000066400000000000000000000476461476011761300262720ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13T20:20:39+00:00", "tools": [ { "vendor": "Awesome Vendor", "name": "Awesome Tool", "version": "9.1.2", "hashes": [ { "alg": "SHA-1", "content": "25ed8e31b995bb927966616df2a42b979a2717f0" }, { "alg": "SHA-256", "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } ] } ], "authors": [ { "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" } ], "component": { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1", "text": { "contentType": "text/xml", "encoding": "base64", "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" } } }, "manufacture": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Professional Services", "email": "professional.services@example.com" } ] }, "supplier": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Distribution", "email": "distribution@example.com" } ] } }, "components": [ { "bom-ref": "pkg:npm/acme/component@1.0.0", "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ], "licenses": [ { "license": { "id": "Apache-2.0", "text": { "contentType": "text/plain", "encoding": "base64", "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ], "purl": "pkg:npm/acme/component@1.0.0", "pedigree": { "ancestors": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14" }, { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14" } ], "commits": [ { "uid": "7638417db6d59f3c431d3e1f261cc637155684cd", "url": "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd", "author": { "timestamp": "2018-11-13T20:20:39+00:00", "name": "me", "email": "me@acme.org" } } ] } }, { "type": "library", "supplier": { "name": "Example, Inc.", "url": [ "https://example.com", "https://example.net" ], "contact": [ { "name": "Example Support AMER Distribution", "email": "support@example.com", "phone": "800-555-1212" }, { "name": "Example Support APAC", "email": "support@apac.example.com" } ] }, "author": "Example Super Heros", "group": "org.example", "name": "mylibrary", "version": "1.0.0" } ], "dependencies": [ { "ref": "pkg:npm/acme/component@1.0.0", "dependsOn": [ "pkg:npm/acme/component@1.0.0" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-bom-1.2.xml000066400000000000000000000573261476011761300261150ustar00rootroot00000000000000 2020-04-07T07:01:00Z Awesome Vendor Awesome Tool 9.1.2 25ed8e31b995bb927966616df2a42b979a2717f0 a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df Samantha Wright samantha.wright@example.com 800-555-1212 Acme Super Heros Acme Application 9.1.1 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Acme, Inc. https://example.com Acme Professional Services professional.services@example.com Acme, Inc. https://example.com Acme Distribution distribution@example.com Acme Super Heros Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache Super Heros Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here Example Inc. https://example.com https://example.net Example Support AMER support@example.com 800-555-1212 Example Support APAC support@apac.example.com Example Super Heros org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0-with-classpath-exception Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security Example Super Heros com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-component-hashes-1.2.json000066400000000000000000000041631476011761300307530ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-example", "version": "1.0.0", "hashes": [ { "alg": "MD5", "content": "641b6e166f8b33c5e959e2adcc18b1c7" }, { "alg": "SHA-1", "content": "9188560f22e0b73070d2efce670c74af2bdf30af" }, { "alg": "SHA-256", "content": "d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964" }, { "alg": "SHA-384", "content": "d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad" }, { "alg": "SHA-512", "content": "74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6" }, { "alg": "SHA3-256", "content": "7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa" }, { "alg": "SHA3-384", "content": "a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5" }, { "alg": "SHA3-512", "content": "7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20" }, { "alg": "BLAKE2b-256", "content": "d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237" }, { "alg": "BLAKE2b-384", "content": "e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a" }, { "alg": "BLAKE2b-512", "content": "f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d" }, { "alg": "BLAKE3", "content": "26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-component-hashes-1.2.xml000066400000000000000000000035511476011761300306020ustar00rootroot00000000000000 acme-example 1.0.0 641b6e166f8b33c5e959e2adcc18b1c7 9188560f22e0b73070d2efce670c74af2bdf30af d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964 d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad 74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6 7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5 7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20 d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237 e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d 26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-component-ref-1.2.json000066400000000000000000000006121476011761300302470ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0" }, { "type": "library", "bom-ref": "456", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-component-ref-1.2.xml000066400000000000000000000013011476011761300300720ustar00rootroot00000000000000 acme-library 1.0.0 acme-library 1.0.0 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-component-swid-1.2.json000066400000000000000000000007101476011761300304400ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1" } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-component-swid-1.2.xml000066400000000000000000000007541476011761300302770ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-component-swid-full-1.2.json000066400000000000000000000024761476011761300314130ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1", "text": { "contentType": "text/xml", "encoding": "base64", "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" } } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-component-swid-full-1.2.xml000066400000000000000000000025021476011761300312300ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-component-types-1.2.json000066400000000000000000000015741476011761300306470ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "name": "application-a", "version": "1.0" }, { "type": "library", "name": "library-a", "version": "1.0" }, { "type": "framework", "name": "framework-a", "version": "1.0" }, { "type": "container", "name": "container-a", "version": "1.0" }, { "type": "operating-system", "name": "operating-system-a", "version": "1.0" }, { "type": "firmware", "name": "firmware-a", "version": "1.0" }, { "type": "device", "name": "device-a", "version": "1.0" }, { "type": "file", "name": "file-a", "version": "1.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-component-types-1.2.xml000066400000000000000000000023071476011761300304710ustar00rootroot00000000000000 application-a 1.0 library-a 1.0 framework-a 1.0 container-a 1.0 operating-system-a 1.0 firmware-a 1.0 device-a 1.0 file-a 1.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-dependency-1.2.json000066400000000000000000000012651476011761300276160ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "library-a", "type": "library", "name": "library-a", "version": "1.0.0" }, { "bom-ref": "library-b", "type": "library", "name": "library-b", "version": "1.0.0" }, { "bom-ref": "library-c", "type": "library", "name": "library-c", "version": "1.0.0" } ], "dependencies": [ { "ref": "library-a", "dependsOn": [] }, { "ref": "library-b", "dependsOn": [ "library-c" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-dependency-1.2.xml000066400000000000000000000014701476011761300274430ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 1.0.0 acme-library-b 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-empty-components-1.2.json000066400000000000000000000002411476011761300310120ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-empty-components-1.2.xml000066400000000000000000000002731476011761300306460ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-external-elements-1.2.xml000066400000000000000000000535041476011761300307660ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt Banana Banana pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 Banana Banana pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar Banana Banana Banana Banana foo 1.0 Banana Banana bar 1.0 Banana Banana 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com Banana Banana 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Banana Banana Initial commit Banana Banana Banana Banana Commentary here Banana Banana Banana Banana Banana Banana Banana Banana cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-license-expression-1.2.json000066400000000000000000000006661476011761300313230ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-license-expression-1.2.xml000066400000000000000000000022731476011761300311460ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-license-id-1.2.json000066400000000000000000000006561476011761300275170ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2.0" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-license-id-1.2.xml000066400000000000000000000022771476011761300273470ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-license-name-1.2.json000066400000000000000000000006701476011761300300370ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "name": "Apache License 2.0" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-license-name-1.2.xml000066400000000000000000000023131476011761300276620ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache License 2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-metadata-author-1.2.json000066400000000000000000000005151476011761300305550ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "authors": [ { "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-metadata-author-1.2.xml000066400000000000000000000006561476011761300304120ustar00rootroot00000000000000 Samantha Wright samantha.wright@example.com 800-555-1212 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-metadata-manufacture-1.2.json000066400000000000000000000006661476011761300315740ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "manufacture": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Professional Services", "email": "professional.services@example.com" } ] } }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-metadata-manufacture-1.2.xml000066400000000000000000000007541476011761300314210ustar00rootroot00000000000000 Acme, Inc. https://example.com Acme Professional Services professional.services@example.com cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-metadata-supplier-1.2.json000066400000000000000000000006411476011761300311160ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "supplier": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Distribution", "email": "distribution@example.com" } ] } }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-metadata-supplier-1.2.xml000066400000000000000000000007241476011761300307470ustar00rootroot00000000000000 Acme, Inc. https://example.com Acme Distribution distribution@example.com cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-metadata-timestamp-1.2.json000066400000000000000000000003401476011761300312520ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13T20:20:39+00:00" }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-metadata-timestamp-1.2.xml000066400000000000000000000003761476011761300311120ustar00rootroot00000000000000 2020-04-07T07:01:00Z cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-metadata-tool-1.2.json000066400000000000000000000011351476011761300302270ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "tools": [ { "vendor": "Awesome Vendor", "name": "Awesome Tool", "version": "9.1.2", "hashes": [ { "alg": "SHA-1", "content": "25ed8e31b995bb927966616df2a42b979a2717f0" }, { "alg": "SHA-256", "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } ] } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-metadata-tool-1.2.xml000066400000000000000000000012161476011761300300560ustar00rootroot00000000000000 Awesome Vendor Awesome Tool 9.1.2 25ed8e31b995bb927966616df2a42b979a2717f0 a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-minimal-viable-1.2.json000066400000000000000000000003751476011761300303670ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-minimal-viable-1.2.xml000066400000000000000000000004761476011761300302200ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-patch-1.2.json000066400000000000000000000046411476011761300266000ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "unofficial", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] }, { "type": "backport", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", "description": "blah blah", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] }, { "type": "defect", "id": "JIRA-874319", "description": "Enable to do something", "source": { "name": "Example Org", "url": "https://issues.example.org/874319" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-patch-1.2.xml000066400000000000000000000064111476011761300264240ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 blah uri/to/changes.diff CVE-2019-9997 CVE-2019-9997 blah blah NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 http://some/other/site-1 http://some/other/site-2 JIRA-874319 Enable to do something Example Org https://issues.example.org/874319 http://some/other/site-1 http://some/other/site-2 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-random-attributes-1.2.xml000066400000000000000000000512021476011761300307670ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-service-1.2.json000066400000000000000000000044041476011761300271360ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "pkg:maven/com.acme/stock-java-client@1.0.12", "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "stock-java-client", "version": "1.0.12", "hashes": [ { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" } ], "licenses": [ { "license": { "id": "Apache-2.0" } } ], "purl": "pkg:maven/com.acme/stock-java-client@1.0.12" } ], "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "name": "Partner Org", "url": [ "https://partner.org" ], "contact": [ { "name": "Support", "email": "support@partner", "phone": "800-555-1212" } ] }, "group": "org.partner", "name": "Stock ticker service", "version": "2020-Q2", "description": "Provides real-time stock information", "endpoints": [ "https://partner.org/api/v1/lookup", "https://partner.org/api/v1/stock" ], "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "PII", "flow": "inbound" }, { "classification": "PIFI", "flow": "outbound" }, { "classification": "pubic", "flow": "bi-directional" }, { "classification": "partner-data", "flow": "unknown" } ], "licenses": [ { "license": { "name": "Partner license" } } ], "externalReferences": [ { "type": "website", "url": "http://partner.org" }, { "type": "documentation", "url": "http://api.partner.org/swagger" } ] } ], "dependencies": [ { "ref": "pkg:maven/com.acme/stock-java-client@1.0.12", "dependsOn": [ "b2a46a4b-8367-4bae-9820-95557cfe03a8" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-service-1.2.xml000066400000000000000000000052051476011761300267650ustar00rootroot00000000000000 com.acme stock-java-client 1.0.12 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a Apache-2.0 pkg:maven/com.acme/stock-java-client@1.0.12 Partner Org https://partner.org Support support@partner 800-555-1212 org.partner Stock ticker service 2020-Q2 Provides real-time stock information https://partner.org/api/v1/lookup https://partner.org/api/v1/stock true true PII PIFI pubic partner-data Partner license http://partner.org http://api.partner.org/swagger cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-service-empty-objects-1.2.json000066400000000000000000000006431476011761300317220ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.2", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "contact": [ ] }, "name": "Stock ticker service", "endpoints": [ ], "data": [ ], "externalReferences": [ ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-service-empty-objects-1.2.xml000066400000000000000000000007571476011761300315570ustar00rootroot00000000000000 Stock ticker service cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.2/valid-xml-signature-1.2.xml000066400000000000000000000256551476011761300301370ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe jdoe@example.com 2018-11-07T22:01:45Z John Doe jdoe@example.com Initial commit org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef Apache-2.0 blah fdaf Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Apache-2.0 pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security PrB8/rofGs34XwIX5OIdYSjV2aKSe5VaztJKBvsgjIk= ePGNg30Zl9CW7RZdcRn8gFCp1AlWncjudA9pQDXyqZOvyj9RC2YtkI688WdfDOdVRZs6mflJFXr7 IKA9wY6jVrEqZmlef55Qp/8iGwOjOjWbwYsm2AhrdkUi9gaFSWEd8uITYHOpWbiPFSsnimiK9+ft 56dkg/oJMLdXzlaukzq9iGkRcafRkW433OQcZIXwD2K8lg4cdD0pNNNqBa+PgIvzbxA5H84TyQDB HBcQiw/j1edRBJgPOwlqzZDUawOJaFhAPUQ+GGKMetIJH2FqqrHXGuV1NIwnbWTCg40RdOcBdCrl PDtDVjFh34uZ4dYBpJBIlM4daD2N4B6WPB5iHRyuZTczF2q03ObabuTgkpK6EeadFVqFNsEOOPPt MDDyda+Lwff5KjvUHvRRtUDIOm2rNIQKzaseulwYcA9UWQHAFcupJmWcLLM4zzY7F/uOdZuSurzh U6h5kdb76Juepof6ee4Q5YpwNOGNL5JfB4C3sc/Dbbv8dZ8OuXFYSZN7reUGZzCNksByqERPEbAe n1ldJu1HnRXRQpwaon8Asy9CuNmPfFCfDwOs2B4p4tb+tLNIKFHdRlpd19Zr9vCMCbltXeqq0Cpq OejSyLYGqSWzzzUh449dJrg6KTevrTNEln5GAlLBFSdjM5JA7KV2u/GyDVFwSEW7UKooGN4CtgU= CN=bomsigner,OU=development,O=cyclonedx MIIE+DCCAuCgAwIBAgIEXGzayTANBgkqhkiG9w0BAQsFADA+MRIwEAYDVQQKDAljeWNsb25lZHgx FDASBgNVBAsMC2RldmVsb3BtZW50MRIwEAYDVQQDDAlib21zaWduZXIwHhcNMTkwMjIwMDQ0MjQ5 WhcNNDkwMjIwMDQ0MjQ5WjA+MRIwEAYDVQQKDAljeWNsb25lZHgxFDASBgNVBAsMC2RldmVsb3Bt ZW50MRIwEAYDVQQDDAlib21zaWduZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCo 5JZsM4ZLfWW/dpRlU6CpnItWspddF+bEVDETKVwVj9tGpqR5jURgKS/BOQP2TGUsR3/ZJJBhYRll ONhrUQrVKV/I6wp3Z40qPEa1RJLE+QlG9iL8qBV52CnXkLmnUSax3dspSzmSct5vDiTnvpHG9jr0 AKFeTjy7U9rv8GJybz0ijwlpBoO9JRdYPX2PrrzoSeJLoxKq+GwuyCZ5LhXRN0p1a+NAirTAmY+c G1ZTLkMmfeCUy1t6H/bG4RnYOSSPOvk7Rb68lQpUqb+pbbNuB2o/b9cDwtLLCtGVlu+5Wj8mrytY 3FGFQM20j3yVeRInmGqTTDBelQa/CO4JKqBlmaeYEIvNYbFs9+AlqadivwDO51RpdPo9fPSpsBpy ZMv6S2bXNuUML+Rk99WyKJTPM0PTZhRLZ64ZXEhlz3kQWVoSlrcwwim6sj6LRUb5IRqA3lxRFUI6 NXKyiQLamQp+t3/9OGW9L1rLCcw7yFo0s8LhMTPMiv4ol9/hQViT+8ICzDsr0OM9ZiF4/UagFRlt IClV70cjh1DpsZjzQIRVGaj8uQ/JdtfRz4E43Ki7U0a2Vpho/t6poLVndv46tkX5nYGtMW4WfMoD ZflQ9pajvvKtr2jB1wob6nsU+VTmAcWZy4BCPH+XyfDw/0SFBdUceJJJtPWIeYFDUY7onptf+wID AQABMA0GCSqGSIb3DQEBCwUAA4ICAQCOVariNgK+9OF/5T9ZaSvZbkk45RTmzgQNXtFc5xfRvqwP s+pu/DFXm1R+ltjyS5j3w6NBZUFUI5MqLQr6JEEDrbu8BvfBO57wJNAEATj1JIHEfDfh7BxnBF8f oYFOwbrh4jOt0wz0FW2obsSVmF4GSvS7tTlWqTcsxjdZVmwP40RWu18B9jzv7M61adrWD3ksDA5O amSOsZi3Nt0aacDkyGRdCIEFi0fplxQInXMtD1z3RhXu2JSTAIr54Cei49Bh71kAXSWHMCog/f8a lSrZyqZBty/ACfU9DqlPIM+giHePKm4z2bcdpUdKZk6wcKDn4CvuBOqsMBMg7L05UEyyqTPD/4dk 2GwJ8Nv0E5gsYHCIXF2cZ3OUVsw0mB/ozleEJVDE02uZZN/1wW1Xq028LsMdgN0Wk1WvWyF5MEdh nPWuhqp6tNaDI/kK6XQF+LjYJUzua3AQFOHfYNLKhO6d+bJ4rr0833v4v3cLW34kbXkKb6U3Yv8X SK3jBGCACiPgnc0N6awkh1kDlrZQ7GMsl14c+2+vpl9Lf0sL0mRUIyICfSC8MjlsP/BZH3emyfsk iWivPALomycKqP+PSkt1WaWApGENZWk1wNN99FYSYlt6LViW2p6T97fRx4jPRlHu+wecfD2k9RP4 bt5W2HWfOP0zNAS7SnAVLEl2QZxXKw== qOSWbDOGS31lv3aUZVOgqZyLVrKXXRfmxFQxEylcFY/bRqakeY1EYCkvwTkD9kxlLEd/2SSQYWEZ ZTjYa1EK1SlfyOsKd2eNKjxGtUSSxPkJRvYi/KgVedgp15C5p1Emsd3bKUs5knLebw4k576RxvY6 9AChXk48u1Pa7/Bicm89Io8JaQaDvSUXWD19j6686EniS6MSqvhsLsgmeS4V0TdKdWvjQIq0wJmP nBtWUy5DJn3glMtbeh/2xuEZ2Dkkjzr5O0W+vJUKVKm/qW2zbgdqP2/XA8LSywrRlZbvuVo/Jq8r WNxRhUDNtI98lXkSJ5hqk0wwXpUGvwjuCSqgZZmnmBCLzWGxbPfgJamnYr8AzudUaXT6PXz0qbAa cmTL+ktm1zblDC/kZPfVsiiUzzND02YUS2euGVxIZc95EFlaEpa3MMIpurI+i0VG+SEagN5cURVC OjVysokC2pkKfrd//ThlvS9aywnMO8haNLPC4TEzzIr+KJff4UFYk/vCAsw7K9DjPWYheP1GoBUZ bSApVe9HI4dQ6bGY80CEVRmo/LkPyXbX0c+BONyou1NGtlaYaP7eqaC1Z3b+OrZF+Z2BrTFuFnzK A2X5UPaWo77yra9owdcKG+p7FPlU5gHFmcuAQjx/l8nw8P9EhQXVHHiSSbT1iHmBQ1GO6J6bX/s= AQAB cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/000077500000000000000000000000001476011761300232075ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-bomformat-1.3.json000066400000000000000000000002451476011761300300140ustar00rootroot00000000000000{ "bomFormat": "AnotherFormat", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-component-ref-1.3.json000066400000000000000000000006121476011761300306000ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0" }, { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-component-ref-1.3.xml000066400000000000000000000010601476011761300304250ustar00rootroot00000000000000 acme-library 1.0.0 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-component-swid-1.3.json000066400000000000000000000006011476011761300307700ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "name": "Acme Application", "version": "9.1.1" } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-component-swid-1.3.xml000066400000000000000000000006611476011761300306250ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-component-type-1.3.json000066400000000000000000000003711476011761300310070ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "foo", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-component-type-1.3.xml000066400000000000000000000004721476011761300306400ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-dependency-1.3.json000066400000000000000000000012331476011761300301420ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "library-a", "type": "library", "name": "library-a", "version": "1.0.0" }, { "bom-ref": "library-b", "type": "library", "name": "library-b", "version": "1.0.0" }, { "bom-ref": "library-c", "type": "library", "name": "library-c", "version": "1.0.0" } ], "dependencies": [ { "dependsOn": [] }, { "ref": "library-b", "dependsOn": [ "library-c" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-dependency-1.3.xml000066400000000000000000000014511476011761300277730ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 1.0.0 acme-library-b 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-empty-component-1.3.json000066400000000000000000000003051476011761300311610ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-empty-component-1.3.xml000066400000000000000000000003671476011761300310200ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-hash-alg-1.3.json000066400000000000000000000015301476011761300275100ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "FOO", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-hash-alg-1.3.xml000066400000000000000000000014771476011761300273510ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-hash-md5-1.3.json000066400000000000000000000014731476011761300274400ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "foo" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-hash-md5-1.3.xml000066400000000000000000000014421476011761300272630ustar00rootroot00000000000000 acme-library 1.0.0 required foo e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-hash-sha1-1.3.json000066400000000000000000000014631476011761300276060ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "foo" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-hash-sha1-1.3.xml000066400000000000000000000014321476011761300274310ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 foo f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-hash-sha256-1.3.json000066400000000000000000000014331476011761300277570ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "foo" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-hash-sha256-1.3.xml000066400000000000000000000014021476011761300276020ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a foo e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-hash-sha512-1.3.json000066400000000000000000000013331476011761300277510ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "foo" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-hash-sha512-1.3.xml000066400000000000000000000013021476011761300275740ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-issue-type-1.3.json000066400000000000000000000022401476011761300301320ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "unofficial", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "foo", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-issue-type-1.3.xml000066400000000000000000000030221476011761300277600ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-license-choice-1.3.json000066400000000000000000000010031476011761300306710ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", "license": { "name": "Apache License 2.0" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-license-choice-1.3.xml000066400000000000000000000024301476011761300305250ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-license-encoding-1.3.json000066400000000000000000000366541476011761300312510ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2.0", "text": { "contentType": "text/plain", "encoding": "base85", "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-license-encoding-1.3.xml000066400000000000000000000402041476011761300310620ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-license-id-1.3.json000066400000000000000000000006541476011761300300460ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-license-id-1.3.xml000066400000000000000000000402021476011761300276660ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-license-id-count-1.3.xml000066400000000000000000000024611476011761300310210ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 MIT MIT pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-license-name-count-1.3.xml000066400000000000000000000025271476011761300313500ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache License 2.0 Apache License 2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-metadata-license-1.3.json000066400000000000000000000004251476011761300312260ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "licenses": [ { "license": { "id": "Apache-2" } } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-metadata-license-1.3.xml000066400000000000000000000004771476011761300310640ustar00rootroot00000000000000 Apache-2 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-metadata-timestamp-1.3.json000066400000000000000000000003211476011761300316020ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13" }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-metadata-timestamp-1.3.xml000066400000000000000000000003641476011761300314400ustar00rootroot00000000000000 2020-04-07 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-missing-component-type-1.3.json000066400000000000000000000003441476011761300324560ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-missing-component-type-1.3.xml000066400000000000000000000004571476011761300323120ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-namespace-1.3.xml000066400000000000000000000510571476011761300276200ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-patch-type-1.3.json000066400000000000000000000022411476011761300301020ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "foo", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-patch-type-1.3.xml000066400000000000000000000030231476011761300277300ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-scope-1.3.json000066400000000000000000000004231476011761300271350ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "foo" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-scope-1.3.xml000066400000000000000000000005351476011761300267700ustar00rootroot00000000000000 acme-library 1.0.0 foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-serialnumber-1.3.json000066400000000000000000000002241476011761300305130ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-serialnumber-1.3.xml000066400000000000000000000510431476011761300303470ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-service-data-1.3.json000066400000000000000000000006561476011761300304030ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "name": "Stock ticker service", "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "foo", "flow": "bar" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/invalid-service-data-1.3.xml000066400000000000000000000006401476011761300302230ustar00rootroot00000000000000 Stock ticker service bar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-assembly-1.3.json000066400000000000000000000010441476011761300273140ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library-a", "version": "1.0.0", "components": [ { "type": "library", "name": "acme-library-b", "version": "2.0.0" } ] } ], "services": [ { "name": "acme-service-a", "services": [ { "name": "acme-service-b" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-assembly-1.3.xml000066400000000000000000000014301476011761300271420ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 2.0.0 acme-service-a acme-service-b cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-bom-1.3.json000066400000000000000000000476461476011761300262740ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13T20:20:39+00:00", "tools": [ { "vendor": "Awesome Vendor", "name": "Awesome Tool", "version": "9.1.2", "hashes": [ { "alg": "SHA-1", "content": "25ed8e31b995bb927966616df2a42b979a2717f0" }, { "alg": "SHA-256", "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } ] } ], "authors": [ { "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" } ], "component": { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1", "text": { "contentType": "text/xml", "encoding": "base64", "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" } } }, "manufacture": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Professional Services", "email": "professional.services@example.com" } ] }, "supplier": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Distribution", "email": "distribution@example.com" } ] } }, "components": [ { "bom-ref": "pkg:npm/acme/component@1.0.0", "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ], "licenses": [ { "license": { "id": "Apache-2.0", "text": { "contentType": "text/plain", "encoding": "base64", "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ], "purl": "pkg:npm/acme/component@1.0.0", "pedigree": { "ancestors": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14" }, { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14" } ], "commits": [ { "uid": "7638417db6d59f3c431d3e1f261cc637155684cd", "url": "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd", "author": { "timestamp": "2018-11-13T20:20:39+00:00", "name": "me", "email": "me@acme.org" } } ] } }, { "type": "library", "supplier": { "name": "Example, Inc.", "url": [ "https://example.com", "https://example.net" ], "contact": [ { "name": "Example Support AMER Distribution", "email": "support@example.com", "phone": "800-555-1212" }, { "name": "Example Support APAC", "email": "support@apac.example.com" } ] }, "author": "Example Super Heros", "group": "org.example", "name": "mylibrary", "version": "1.0.0" } ], "dependencies": [ { "ref": "pkg:npm/acme/component@1.0.0", "dependsOn": [ "pkg:npm/acme/component@1.0.0" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-bom-1.3.xml000066400000000000000000000573261476011761300261170ustar00rootroot00000000000000 2020-04-07T07:01:00Z Awesome Vendor Awesome Tool 9.1.2 25ed8e31b995bb927966616df2a42b979a2717f0 a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df Samantha Wright samantha.wright@example.com 800-555-1212 Acme Super Heros Acme Application 9.1.1 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Acme, Inc. https://example.com Acme Professional Services professional.services@example.com Acme, Inc. https://example.com Acme Distribution distribution@example.com Acme Super Heros Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache Super Heros Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here Example Inc. https://example.com https://example.net Example Support AMER support@example.com 800-555-1212 Example Support APAC support@apac.example.com Example Super Heros org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0-with-classpath-exception Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security Example Super Heros com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-component-hashes-1.3.json000066400000000000000000000041631476011761300307550ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-example", "version": "1.0.0", "hashes": [ { "alg": "MD5", "content": "641b6e166f8b33c5e959e2adcc18b1c7" }, { "alg": "SHA-1", "content": "9188560f22e0b73070d2efce670c74af2bdf30af" }, { "alg": "SHA-256", "content": "d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964" }, { "alg": "SHA-384", "content": "d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad" }, { "alg": "SHA-512", "content": "74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6" }, { "alg": "SHA3-256", "content": "7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa" }, { "alg": "SHA3-384", "content": "a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5" }, { "alg": "SHA3-512", "content": "7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20" }, { "alg": "BLAKE2b-256", "content": "d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237" }, { "alg": "BLAKE2b-384", "content": "e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a" }, { "alg": "BLAKE2b-512", "content": "f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d" }, { "alg": "BLAKE3", "content": "26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-component-hashes-1.3.xml000066400000000000000000000035511476011761300306040ustar00rootroot00000000000000 acme-example 1.0.0 641b6e166f8b33c5e959e2adcc18b1c7 9188560f22e0b73070d2efce670c74af2bdf30af d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964 d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad 74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6 7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5 7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20 d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237 e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d 26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-component-ref-1.3.json000066400000000000000000000006121476011761300302510ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0" }, { "type": "library", "bom-ref": "456", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-component-ref-1.3.xml000066400000000000000000000013011476011761300300740ustar00rootroot00000000000000 acme-library 1.0.0 acme-library 1.0.0 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-component-swid-1.3.json000066400000000000000000000007101476011761300304420ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1" } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-component-swid-1.3.xml000066400000000000000000000007541476011761300303010ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-component-swid-full-1.3.json000066400000000000000000000024761476011761300314150ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1", "text": { "contentType": "text/xml", "encoding": "base64", "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" } } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-component-swid-full-1.3.xml000066400000000000000000000025021476011761300312320ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-component-types-1.3.json000066400000000000000000000015741476011761300306510ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "name": "application-a", "version": "1.0" }, { "type": "library", "name": "library-a", "version": "1.0" }, { "type": "framework", "name": "framework-a", "version": "1.0" }, { "type": "container", "name": "container-a", "version": "1.0" }, { "type": "operating-system", "name": "operating-system-a", "version": "1.0" }, { "type": "firmware", "name": "firmware-a", "version": "1.0" }, { "type": "device", "name": "device-a", "version": "1.0" }, { "type": "file", "name": "file-a", "version": "1.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-component-types-1.3.xml000066400000000000000000000023071476011761300304730ustar00rootroot00000000000000 application-a 1.0 library-a 1.0 framework-a 1.0 container-a 1.0 operating-system-a 1.0 firmware-a 1.0 device-a 1.0 file-a 1.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-compositions-1.3.json000066400000000000000000000027311476011761300302270ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "component": { "bom-ref": "acme-application-1.0", "type": "application", "name": "Acme Application", "version": "1.0" } }, "components": [ { "bom-ref": "pkg:maven/partner/shaded-library@1.0", "type": "library", "name": "Partner Shaded Library", "version": "1.0", "purl": "pkg:maven/partner/shaded-library@1.0", "components": [ { "bom-ref": "pkg:maven/ossproject/library@2.0", "type": "library", "name": "Some Opensource Library", "version": "2.0", "purl": "pkg:maven/ossproject/library@2.0" } ] }, { "bom-ref": "pkg:maven/acme/library@3.0", "type": "library", "name": "Acme Library", "version": "3.0", "purl": "pkg:maven/acme/library@3.0" } ], "dependencies": [ { "ref": "acme-application-1.0", "dependsOn": [ "pkg:maven/partner/shaded-library@1.0", "pkg:maven/acme/library@3.0" ] } ], "compositions": [ { "aggregate": "complete", "assemblies": [ "pkg:maven/partner/shaded-library@1.0" ], "dependencies": [ "acme-application-1.0" ] }, { "aggregate": "unknown", "assemblies": [ "pkg:maven/acme/library@3.0" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-compositions-1.3.xml000066400000000000000000000036771476011761300300700ustar00rootroot00000000000000 Acme Application 1.0 Partner Shaded Library 1.0 pkg:maven/partner/shaded-library@1.0 Some Opensource Library 2.0 pkg:maven/ossproject/library@2.0 Acme Library 2.0 pkg:maven/acme/library@3.0 complete unknown cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-dependency-1.3.json000066400000000000000000000012651476011761300276200ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "library-a", "type": "library", "name": "library-a", "version": "1.0.0" }, { "bom-ref": "library-b", "type": "library", "name": "library-b", "version": "1.0.0" }, { "bom-ref": "library-c", "type": "library", "name": "library-c", "version": "1.0.0" } ], "dependencies": [ { "ref": "library-a", "dependsOn": [] }, { "ref": "library-b", "dependsOn": [ "library-c" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-dependency-1.3.xml000066400000000000000000000014701476011761300274450ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 1.0.0 acme-library-b 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-empty-components-1.3.json000066400000000000000000000002411476011761300310140ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-empty-components-1.3.xml000066400000000000000000000002731476011761300306500ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-evidence-1.3.json000066400000000000000000000025501476011761300272620ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "group": "com.google.code.findbugs", "name": "findbugs-project", "version": "3.0.0", "licenses": [ { "license": { "id": "LGPL-3.0-or-later", "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html" } } ], "purl": "pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0", "evidence": { "licenses": [ { "license": { "id": "Apache-2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0" } }, { "license": { "id": "LGPL-2.1-only", "url": "https://opensource.org/licenses/LGPL-2.1" } } ], "copyright": [ { "text": "Copyright 2012 Google Inc. All Rights Reserved." }, { "text": "Copyright (C) 2004,2005 Dave Brosius " }, { "text": "Copyright (C) 2005 William Pugh" }, { "text": "Copyright (C) 2004,2005 University of Maryland" } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-evidence-1.3.xml000066400000000000000000000030741476011761300271130ustar00rootroot00000000000000 com.google.code.findbugs findbugs-project 3.0.0 LGPL-3.0-or-later https://www.gnu.org/licenses/lgpl-3.0-standalone.html pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0 Apache-2.0 http://www.apache.org/licenses/LICENSE-2.0 LGPL-2.1-only https://opensource.org/licenses/LGPL-2.1 ]]> cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-external-elements-1.3.xml000066400000000000000000000535041476011761300307700ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt Banana Banana pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 Banana Banana pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar Banana Banana Banana Banana foo 1.0 Banana Banana bar 1.0 Banana Banana 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com Banana Banana 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Banana Banana Initial commit Banana Banana Banana Banana Commentary here Banana Banana Banana Banana Banana Banana Banana Banana cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-external-reference-1.3.json000066400000000000000000000021351476011761300312550ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "org.example", "name": "mylibrary", "version": "1.0.0", "externalReferences": [ { "type": "advisories", "url": "https://example.org/security/feed/csaf", "comment": "Security advisories from the vendor" }, { "type": "bom", "url": "https://example.org/support/sbom/portal-server/1.0.0", "comment": "An external SBOM that describes what this component includes", "hashes": [ { "alg": "SHA-256", "content": "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" } ] }, { "type": "documentation", "url": "https://example.org/support/documentation/portal-server/1.0.0", "comment": "Vendor provided documentation for the product" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-external-reference-1.3.xml000066400000000000000000000024541476011761300311100ustar00rootroot00000000000000 org.example mylibrary 1.0.0 https://example.org/security/feed/csaf Security advisories from the vendor https://example.org/support/sbom/portal-server/1.0.0 An external SBOM that describes what this component includes f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b https://example.org/support/documentation/portal-server/1.0.0 Vendor provided documentation for the product cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-license-expression-1.3.json000066400000000000000000000006661476011761300313250ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-license-expression-1.3.xml000066400000000000000000000022731476011761300311500ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-license-id-1.3.json000066400000000000000000000006561476011761300275210ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2.0" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-license-id-1.3.xml000066400000000000000000000022771476011761300273510ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-license-name-1.3.json000066400000000000000000000006701476011761300300410ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "name": "Apache License 2.0" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-license-name-1.3.xml000066400000000000000000000023131476011761300276640ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache License 2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-metadata-author-1.3.json000066400000000000000000000005151476011761300305570ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "authors": [ { "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-metadata-author-1.3.xml000066400000000000000000000006561476011761300304140ustar00rootroot00000000000000 Samantha Wright samantha.wright@example.com 800-555-1212 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-metadata-license-1.3.json000066400000000000000000000004271476011761300307010ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "licenses": [ { "license": { "id": "Apache-2.0" } } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-metadata-license-1.3.xml000066400000000000000000000005011476011761300305210ustar00rootroot00000000000000 Apache-2.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-metadata-manufacture-1.3.json000066400000000000000000000006661476011761300315760ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "manufacture": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Professional Services", "email": "professional.services@example.com" } ] } }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-metadata-manufacture-1.3.xml000066400000000000000000000007541476011761300314230ustar00rootroot00000000000000 Acme, Inc. https://example.com Acme Professional Services professional.services@example.com cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-metadata-supplier-1.3.json000066400000000000000000000006411476011761300311200ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "supplier": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Distribution", "email": "distribution@example.com" } ] } }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-metadata-supplier-1.3.xml000066400000000000000000000007241476011761300307510ustar00rootroot00000000000000 Acme, Inc. https://example.com Acme Distribution distribution@example.com cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-metadata-timestamp-1.3.json000066400000000000000000000003401476011761300312540ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13T20:20:39+00:00" }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-metadata-timestamp-1.3.xml000066400000000000000000000003761476011761300311140ustar00rootroot00000000000000 2020-04-07T07:01:00Z cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-metadata-tool-1.3.json000066400000000000000000000011351476011761300302310ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "tools": [ { "vendor": "Awesome Vendor", "name": "Awesome Tool", "version": "9.1.2", "hashes": [ { "alg": "SHA-1", "content": "25ed8e31b995bb927966616df2a42b979a2717f0" }, { "alg": "SHA-256", "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } ] } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-metadata-tool-1.3.xml000066400000000000000000000012161476011761300300600ustar00rootroot00000000000000 Awesome Vendor Awesome Tool 9.1.2 25ed8e31b995bb927966616df2a42b979a2717f0 a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-minimal-viable-1.3.json000066400000000000000000000003751476011761300303710ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-minimal-viable-1.3.xml000066400000000000000000000004761476011761300302220ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-patch-1.3.json000066400000000000000000000046411476011761300266020ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "unofficial", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] }, { "type": "backport", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", "description": "blah blah", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] }, { "type": "defect", "id": "JIRA-874319", "description": "Enable to do something", "source": { "name": "Example Org", "url": "https://issues.example.org/874319" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-patch-1.3.xml000066400000000000000000000064111476011761300264260ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 blah uri/to/changes.diff CVE-2019-9997 CVE-2019-9997 blah blah NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 http://some/other/site-1 http://some/other/site-2 JIRA-874319 Enable to do something Example Org https://issues.example.org/874319 http://some/other/site-1 http://some/other/site-2 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-properties-1.3.json000066400000000000000000000017271476011761300277010ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "properties": [ { "name": "Foo", "value": "Bar" }, { "name": "Foo", "value": "You" }, { "name": "Foo", "value": "Two" }, { "name": "Bar", "value": "Foo" } ] }, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "properties": [ { "name": "Foo", "value": "Bar" } ] } ], "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "group": "org.partner", "name": "Stock ticker service", "endpoints": [ "https://partner.org/api/v1/stock" ], "properties": [ { "name": "Foo", "value": "Bar" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-properties-1.3.xml000066400000000000000000000022751476011761300275270ustar00rootroot00000000000000 Bar You Two Foo acme-library 1.0.0 Bar Foo org.partner Stock ticker service https://partner.org/api/v1/stock Bar Foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-random-attributes-1.3.xml000066400000000000000000000512021476011761300307710ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-service-1.3.json000066400000000000000000000044041476011761300271400ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "pkg:maven/com.acme/stock-java-client@1.0.12", "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "stock-java-client", "version": "1.0.12", "hashes": [ { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" } ], "licenses": [ { "license": { "id": "Apache-2.0" } } ], "purl": "pkg:maven/com.acme/stock-java-client@1.0.12" } ], "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "name": "Partner Org", "url": [ "https://partner.org" ], "contact": [ { "name": "Support", "email": "support@partner", "phone": "800-555-1212" } ] }, "group": "org.partner", "name": "Stock ticker service", "version": "2020-Q2", "description": "Provides real-time stock information", "endpoints": [ "https://partner.org/api/v1/lookup", "https://partner.org/api/v1/stock" ], "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "PII", "flow": "inbound" }, { "classification": "PIFI", "flow": "outbound" }, { "classification": "pubic", "flow": "bi-directional" }, { "classification": "partner-data", "flow": "unknown" } ], "licenses": [ { "license": { "name": "Partner license" } } ], "externalReferences": [ { "type": "website", "url": "http://partner.org" }, { "type": "documentation", "url": "http://api.partner.org/swagger" } ] } ], "dependencies": [ { "ref": "pkg:maven/com.acme/stock-java-client@1.0.12", "dependsOn": [ "b2a46a4b-8367-4bae-9820-95557cfe03a8" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-service-1.3.xml000066400000000000000000000052051476011761300267670ustar00rootroot00000000000000 com.acme stock-java-client 1.0.12 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a Apache-2.0 pkg:maven/com.acme/stock-java-client@1.0.12 Partner Org https://partner.org Support support@partner 800-555-1212 org.partner Stock ticker service 2020-Q2 Provides real-time stock information https://partner.org/api/v1/lookup https://partner.org/api/v1/stock true true PII PIFI pubic partner-data Partner license http://partner.org http://api.partner.org/swagger cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-service-empty-objects-1.3.json000066400000000000000000000006431476011761300317240ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "contact": [ ] }, "name": "Stock ticker service", "endpoints": [ ], "data": [ ], "externalReferences": [ ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-service-empty-objects-1.3.xml000066400000000000000000000007571476011761300315610ustar00rootroot00000000000000 Stock ticker service cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.3/valid-xml-signature-1.3.xml000066400000000000000000000256551476011761300301410ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe jdoe@example.com 2018-11-07T22:01:45Z John Doe jdoe@example.com Initial commit org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef Apache-2.0 blah fdaf Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Apache-2.0 pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security PrB8/rofGs34XwIX5OIdYSjV2aKSe5VaztJKBvsgjIk= ePGNg30Zl9CW7RZdcRn8gFCp1AlWncjudA9pQDXyqZOvyj9RC2YtkI688WdfDOdVRZs6mflJFXr7 IKA9wY6jVrEqZmlef55Qp/8iGwOjOjWbwYsm2AhrdkUi9gaFSWEd8uITYHOpWbiPFSsnimiK9+ft 56dkg/oJMLdXzlaukzq9iGkRcafRkW433OQcZIXwD2K8lg4cdD0pNNNqBa+PgIvzbxA5H84TyQDB HBcQiw/j1edRBJgPOwlqzZDUawOJaFhAPUQ+GGKMetIJH2FqqrHXGuV1NIwnbWTCg40RdOcBdCrl PDtDVjFh34uZ4dYBpJBIlM4daD2N4B6WPB5iHRyuZTczF2q03ObabuTgkpK6EeadFVqFNsEOOPPt MDDyda+Lwff5KjvUHvRRtUDIOm2rNIQKzaseulwYcA9UWQHAFcupJmWcLLM4zzY7F/uOdZuSurzh U6h5kdb76Juepof6ee4Q5YpwNOGNL5JfB4C3sc/Dbbv8dZ8OuXFYSZN7reUGZzCNksByqERPEbAe n1ldJu1HnRXRQpwaon8Asy9CuNmPfFCfDwOs2B4p4tb+tLNIKFHdRlpd19Zr9vCMCbltXeqq0Cpq OejSyLYGqSWzzzUh449dJrg6KTevrTNEln5GAlLBFSdjM5JA7KV2u/GyDVFwSEW7UKooGN4CtgU= CN=bomsigner,OU=development,O=cyclonedx MIIE+DCCAuCgAwIBAgIEXGzayTANBgkqhkiG9w0BAQsFADA+MRIwEAYDVQQKDAljeWNsb25lZHgx FDASBgNVBAsMC2RldmVsb3BtZW50MRIwEAYDVQQDDAlib21zaWduZXIwHhcNMTkwMjIwMDQ0MjQ5 WhcNNDkwMjIwMDQ0MjQ5WjA+MRIwEAYDVQQKDAljeWNsb25lZHgxFDASBgNVBAsMC2RldmVsb3Bt ZW50MRIwEAYDVQQDDAlib21zaWduZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCo 5JZsM4ZLfWW/dpRlU6CpnItWspddF+bEVDETKVwVj9tGpqR5jURgKS/BOQP2TGUsR3/ZJJBhYRll ONhrUQrVKV/I6wp3Z40qPEa1RJLE+QlG9iL8qBV52CnXkLmnUSax3dspSzmSct5vDiTnvpHG9jr0 AKFeTjy7U9rv8GJybz0ijwlpBoO9JRdYPX2PrrzoSeJLoxKq+GwuyCZ5LhXRN0p1a+NAirTAmY+c G1ZTLkMmfeCUy1t6H/bG4RnYOSSPOvk7Rb68lQpUqb+pbbNuB2o/b9cDwtLLCtGVlu+5Wj8mrytY 3FGFQM20j3yVeRInmGqTTDBelQa/CO4JKqBlmaeYEIvNYbFs9+AlqadivwDO51RpdPo9fPSpsBpy ZMv6S2bXNuUML+Rk99WyKJTPM0PTZhRLZ64ZXEhlz3kQWVoSlrcwwim6sj6LRUb5IRqA3lxRFUI6 NXKyiQLamQp+t3/9OGW9L1rLCcw7yFo0s8LhMTPMiv4ol9/hQViT+8ICzDsr0OM9ZiF4/UagFRlt IClV70cjh1DpsZjzQIRVGaj8uQ/JdtfRz4E43Ki7U0a2Vpho/t6poLVndv46tkX5nYGtMW4WfMoD ZflQ9pajvvKtr2jB1wob6nsU+VTmAcWZy4BCPH+XyfDw/0SFBdUceJJJtPWIeYFDUY7onptf+wID AQABMA0GCSqGSIb3DQEBCwUAA4ICAQCOVariNgK+9OF/5T9ZaSvZbkk45RTmzgQNXtFc5xfRvqwP s+pu/DFXm1R+ltjyS5j3w6NBZUFUI5MqLQr6JEEDrbu8BvfBO57wJNAEATj1JIHEfDfh7BxnBF8f oYFOwbrh4jOt0wz0FW2obsSVmF4GSvS7tTlWqTcsxjdZVmwP40RWu18B9jzv7M61adrWD3ksDA5O amSOsZi3Nt0aacDkyGRdCIEFi0fplxQInXMtD1z3RhXu2JSTAIr54Cei49Bh71kAXSWHMCog/f8a lSrZyqZBty/ACfU9DqlPIM+giHePKm4z2bcdpUdKZk6wcKDn4CvuBOqsMBMg7L05UEyyqTPD/4dk 2GwJ8Nv0E5gsYHCIXF2cZ3OUVsw0mB/ozleEJVDE02uZZN/1wW1Xq028LsMdgN0Wk1WvWyF5MEdh nPWuhqp6tNaDI/kK6XQF+LjYJUzua3AQFOHfYNLKhO6d+bJ4rr0833v4v3cLW34kbXkKb6U3Yv8X SK3jBGCACiPgnc0N6awkh1kDlrZQ7GMsl14c+2+vpl9Lf0sL0mRUIyICfSC8MjlsP/BZH3emyfsk iWivPALomycKqP+PSkt1WaWApGENZWk1wNN99FYSYlt6LViW2p6T97fRx4jPRlHu+wecfD2k9RP4 bt5W2HWfOP0zNAS7SnAVLEl2QZxXKw== qOSWbDOGS31lv3aUZVOgqZyLVrKXXRfmxFQxEylcFY/bRqakeY1EYCkvwTkD9kxlLEd/2SSQYWEZ ZTjYa1EK1SlfyOsKd2eNKjxGtUSSxPkJRvYi/KgVedgp15C5p1Emsd3bKUs5knLebw4k576RxvY6 9AChXk48u1Pa7/Bicm89Io8JaQaDvSUXWD19j6686EniS6MSqvhsLsgmeS4V0TdKdWvjQIq0wJmP nBtWUy5DJn3glMtbeh/2xuEZ2Dkkjzr5O0W+vJUKVKm/qW2zbgdqP2/XA8LSywrRlZbvuVo/Jq8r WNxRhUDNtI98lXkSJ5hqk0wwXpUGvwjuCSqgZZmnmBCLzWGxbPfgJamnYr8AzudUaXT6PXz0qbAa cmTL+ktm1zblDC/kZPfVsiiUzzND02YUS2euGVxIZc95EFlaEpa3MMIpurI+i0VG+SEagN5cURVC OjVysokC2pkKfrd//ThlvS9aywnMO8haNLPC4TEzzIr+KJff4UFYk/vCAsw7K9DjPWYheP1GoBUZ bSApVe9HI4dQ6bGY80CEVRmo/LkPyXbX0c+BONyou1NGtlaYaP7eqaC1Z3b+OrZF+Z2BrTFuFnzK A2X5UPaWo77yra9owdcKG+p7FPlU5gHFmcuAQjx/l8nw8P9EhQXVHHiSSbT1iHmBQ1GO6J6bX/s= AQAB cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/000077500000000000000000000000001476011761300232105ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-bomformat-1.4.json000066400000000000000000000002451476011761300300160ustar00rootroot00000000000000{ "bomFormat": "AnotherFormat", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-component-ref-1.4.json000066400000000000000000000006121476011761300306020ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0" }, { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-component-ref-1.4.xml000066400000000000000000000010601476011761300304270ustar00rootroot00000000000000 acme-library 1.0.0 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-component-swid-1.4.json000066400000000000000000000006011476011761300307720ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "name": "Acme Application", "version": "9.1.1" } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-component-swid-1.4.xml000066400000000000000000000006611476011761300306270ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-component-type-1.4.json000066400000000000000000000003711476011761300310110ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "foo", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-component-type-1.4.xml000066400000000000000000000004721476011761300306420ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-dependency-1.4.json000066400000000000000000000012331476011761300301440ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "library-a", "type": "library", "name": "library-a", "version": "1.0.0" }, { "bom-ref": "library-b", "type": "library", "name": "library-b", "version": "1.0.0" }, { "bom-ref": "library-c", "type": "library", "name": "library-c", "version": "1.0.0" } ], "dependencies": [ { "dependsOn": [] }, { "ref": "library-b", "dependsOn": [ "library-c" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-dependency-1.4.xml000066400000000000000000000014511476011761300277750ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 1.0.0 acme-library-b 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-empty-component-1.4.json000066400000000000000000000003051476011761300311630ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-empty-component-1.4.xml000066400000000000000000000003671476011761300310220ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-hash-alg-1.4.json000066400000000000000000000015301476011761300275120ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "FOO", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-hash-alg-1.4.xml000066400000000000000000000014771476011761300273530ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-hash-md5-1.4.json000066400000000000000000000014731476011761300274420ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "foo" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-hash-md5-1.4.xml000066400000000000000000000014421476011761300272650ustar00rootroot00000000000000 acme-library 1.0.0 required foo e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-hash-sha1-1.4.json000066400000000000000000000014631476011761300276100ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "foo" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-hash-sha1-1.4.xml000066400000000000000000000014321476011761300274330ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 foo f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-hash-sha256-1.4.json000066400000000000000000000014331476011761300277610ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "foo" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-hash-sha256-1.4.xml000066400000000000000000000014021476011761300276040ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a foo e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-hash-sha512-1.4.json000066400000000000000000000013331476011761300277530ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "foo" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-hash-sha512-1.4.xml000066400000000000000000000013021476011761300275760ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-issue-type-1.4.json000066400000000000000000000022401476011761300301340ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "unofficial", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "foo", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-issue-type-1.4.xml000066400000000000000000000030221476011761300277620ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-license-choice-1.4.json000066400000000000000000000010031476011761300306730ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", "license": { "name": "Apache License 2.0" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-license-choice-1.4.xml000066400000000000000000000024301476011761300305270ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-license-encoding-1.4.json000066400000000000000000000366541476011761300312530ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2.0", "text": { "contentType": "text/plain", "encoding": "base85", "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-license-encoding-1.4.xml000066400000000000000000000402041476011761300310640ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-license-id-1.4.json000066400000000000000000000006541476011761300300500ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-license-id-1.4.xml000066400000000000000000000402021476011761300276700ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-license-id-count-1.4.xml000066400000000000000000000024611476011761300310230ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 MIT MIT pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-license-name-count-1.4.xml000066400000000000000000000025271476011761300313520ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache License 2.0 Apache License 2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-metadata-license-1.4.json000066400000000000000000000004251476011761300312300ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "licenses": [ { "license": { "id": "Apache-2" } } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-metadata-license-1.4.xml000066400000000000000000000004771476011761300310660ustar00rootroot00000000000000 Apache-2 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-metadata-timestamp-1.4.json000066400000000000000000000003211476011761300316040ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13" }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-metadata-timestamp-1.4.xml000066400000000000000000000003641476011761300314420ustar00rootroot00000000000000 2020-04-07 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-missing-component-type-1.4.json000066400000000000000000000003441476011761300324600ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-missing-component-type-1.4.xml000066400000000000000000000004571476011761300323140ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-namespace-1.4.xml000066400000000000000000000510571476011761300276220ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-patch-type-1.4.json000066400000000000000000000022411476011761300301040ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "foo", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-patch-type-1.4.xml000066400000000000000000000030231476011761300277320ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-scope-1.4.json000066400000000000000000000004231476011761300271370ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "foo" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-scope-1.4.xml000066400000000000000000000005351476011761300267720ustar00rootroot00000000000000 acme-library 1.0.0 foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-serialnumber-1.4.json000066400000000000000000000002241476011761300305150ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-serialnumber-1.4.xml000066400000000000000000000510431476011761300303510ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-service-data-1.4.json000066400000000000000000000006561476011761300304050ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "name": "Stock ticker service", "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "foo", "flow": "bar" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/invalid-service-data-1.4.xml000066400000000000000000000006401476011761300302250ustar00rootroot00000000000000 Stock ticker service bar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-assembly-1.4.json000066400000000000000000000010441476011761300273160ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library-a", "version": "1.0.0", "components": [ { "type": "library", "name": "acme-library-b", "version": "2.0.0" } ] } ], "services": [ { "name": "acme-service-a", "services": [ { "name": "acme-service-b" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-assembly-1.4.xml000066400000000000000000000014301476011761300271440ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 2.0.0 acme-service-a acme-service-b cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-bom-1.4.json000066400000000000000000000476461476011761300262760ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13T20:20:39+00:00", "tools": [ { "vendor": "Awesome Vendor", "name": "Awesome Tool", "version": "9.1.2", "hashes": [ { "alg": "SHA-1", "content": "25ed8e31b995bb927966616df2a42b979a2717f0" }, { "alg": "SHA-256", "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } ] } ], "authors": [ { "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" } ], "component": { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1", "text": { "contentType": "text/xml", "encoding": "base64", "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" } } }, "manufacture": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Professional Services", "email": "professional.services@example.com" } ] }, "supplier": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Distribution", "email": "distribution@example.com" } ] } }, "components": [ { "bom-ref": "pkg:npm/acme/component@1.0.0", "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ], "licenses": [ { "license": { "id": "Apache-2.0", "text": { "contentType": "text/plain", "encoding": "base64", "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ], "purl": "pkg:npm/acme/component@1.0.0", "pedigree": { "ancestors": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14" }, { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14" } ], "commits": [ { "uid": "7638417db6d59f3c431d3e1f261cc637155684cd", "url": "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd", "author": { "timestamp": "2018-11-13T20:20:39+00:00", "name": "me", "email": "me@acme.org" } } ] } }, { "type": "library", "supplier": { "name": "Example, Inc.", "url": [ "https://example.com", "https://example.net" ], "contact": [ { "name": "Example Support AMER Distribution", "email": "support@example.com", "phone": "800-555-1212" }, { "name": "Example Support APAC", "email": "support@apac.example.com" } ] }, "author": "Example Super Heros", "group": "org.example", "name": "mylibrary", "version": "1.0.0" } ], "dependencies": [ { "ref": "pkg:npm/acme/component@1.0.0", "dependsOn": [ "pkg:npm/acme/component@1.0.0" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-bom-1.4.xml000066400000000000000000000573261476011761300261210ustar00rootroot00000000000000 2020-04-07T07:01:00Z Awesome Vendor Awesome Tool 9.1.2 25ed8e31b995bb927966616df2a42b979a2717f0 a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df Samantha Wright samantha.wright@example.com 800-555-1212 Acme Super Heros Acme Application 9.1.1 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Acme, Inc. https://example.com Acme Professional Services professional.services@example.com Acme, Inc. https://example.com Acme Distribution distribution@example.com Acme Super Heros Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache Super Heros Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here Example Inc. https://example.com https://example.net Example Support AMER support@example.com 800-555-1212 Example Support APAC support@apac.example.com Example Super Heros org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0-with-classpath-exception Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security Example Super Heros com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-component-hashes-1.4.json000066400000000000000000000041631476011761300307570ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-example", "version": "1.0.0", "hashes": [ { "alg": "MD5", "content": "641b6e166f8b33c5e959e2adcc18b1c7" }, { "alg": "SHA-1", "content": "9188560f22e0b73070d2efce670c74af2bdf30af" }, { "alg": "SHA-256", "content": "d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964" }, { "alg": "SHA-384", "content": "d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad" }, { "alg": "SHA-512", "content": "74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6" }, { "alg": "SHA3-256", "content": "7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa" }, { "alg": "SHA3-384", "content": "a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5" }, { "alg": "SHA3-512", "content": "7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20" }, { "alg": "BLAKE2b-256", "content": "d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237" }, { "alg": "BLAKE2b-384", "content": "e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a" }, { "alg": "BLAKE2b-512", "content": "f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d" }, { "alg": "BLAKE3", "content": "26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-component-hashes-1.4.xml000066400000000000000000000035511476011761300306060ustar00rootroot00000000000000 acme-example 1.0.0 641b6e166f8b33c5e959e2adcc18b1c7 9188560f22e0b73070d2efce670c74af2bdf30af d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964 d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad 74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6 7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5 7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20 d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237 e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d 26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-component-ref-1.4.json000066400000000000000000000006121476011761300302530ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0" }, { "type": "library", "bom-ref": "456", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-component-ref-1.4.xml000066400000000000000000000013011476011761300300760ustar00rootroot00000000000000 acme-library 1.0.0 acme-library 1.0.0 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-component-swid-1.4.json000066400000000000000000000007101476011761300304440ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1" } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-component-swid-1.4.xml000066400000000000000000000007541476011761300303030ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-component-swid-full-1.4.json000066400000000000000000000024761476011761300314170ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1", "text": { "contentType": "text/xml", "encoding": "base64", "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" } } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-component-swid-full-1.4.xml000066400000000000000000000025021476011761300312340ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-component-types-1.4.json000066400000000000000000000015741476011761300306530ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "name": "application-a", "version": "1.0" }, { "type": "library", "name": "library-a", "version": "1.0" }, { "type": "framework", "name": "framework-a", "version": "1.0" }, { "type": "container", "name": "container-a", "version": "1.0" }, { "type": "operating-system", "name": "operating-system-a", "version": "1.0" }, { "type": "firmware", "name": "firmware-a", "version": "1.0" }, { "type": "device", "name": "device-a", "version": "1.0" }, { "type": "file", "name": "file-a", "version": "1.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-component-types-1.4.xml000066400000000000000000000023071476011761300304750ustar00rootroot00000000000000 application-a 1.0 library-a 1.0 framework-a 1.0 container-a 1.0 operating-system-a 1.0 firmware-a 1.0 device-a 1.0 file-a 1.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-compositions-1.4.json000066400000000000000000000027311476011761300302310ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "component": { "bom-ref": "acme-application-1.0", "type": "application", "name": "Acme Application", "version": "1.0" } }, "components": [ { "bom-ref": "pkg:maven/partner/shaded-library@1.0", "type": "library", "name": "Partner Shaded Library", "version": "1.0", "purl": "pkg:maven/partner/shaded-library@1.0", "components": [ { "bom-ref": "pkg:maven/ossproject/library@2.0", "type": "library", "name": "Some Opensource Library", "version": "2.0", "purl": "pkg:maven/ossproject/library@2.0" } ] }, { "bom-ref": "pkg:maven/acme/library@3.0", "type": "library", "name": "Acme Library", "version": "3.0", "purl": "pkg:maven/acme/library@3.0" } ], "dependencies": [ { "ref": "acme-application-1.0", "dependsOn": [ "pkg:maven/partner/shaded-library@1.0", "pkg:maven/acme/library@3.0" ] } ], "compositions": [ { "aggregate": "complete", "assemblies": [ "pkg:maven/partner/shaded-library@1.0" ], "dependencies": [ "acme-application-1.0" ] }, { "aggregate": "unknown", "assemblies": [ "pkg:maven/acme/library@3.0" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-compositions-1.4.xml000066400000000000000000000036771476011761300300720ustar00rootroot00000000000000 Acme Application 1.0 Partner Shaded Library 1.0 pkg:maven/partner/shaded-library@1.0 Some Opensource Library 2.0 pkg:maven/ossproject/library@2.0 Acme Library 2.0 pkg:maven/acme/library@3.0 complete unknown cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-dependency-1.4.json000066400000000000000000000012651476011761300276220ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "library-a", "type": "library", "name": "library-a", "version": "1.0.0" }, { "bom-ref": "library-b", "type": "library", "name": "library-b", "version": "1.0.0" }, { "bom-ref": "library-c", "type": "library", "name": "library-c", "version": "1.0.0" } ], "dependencies": [ { "ref": "library-a", "dependsOn": [] }, { "ref": "library-b", "dependsOn": [ "library-c" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-dependency-1.4.xml000066400000000000000000000014701476011761300274470ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 1.0.0 acme-library-b 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-empty-components-1.4.json000066400000000000000000000002411476011761300310160ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-empty-components-1.4.xml000066400000000000000000000002731476011761300306520ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-evidence-1.4.json000066400000000000000000000025501476011761300272640ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "group": "com.google.code.findbugs", "name": "findbugs-project", "version": "3.0.0", "licenses": [ { "license": { "id": "LGPL-3.0-or-later", "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html" } } ], "purl": "pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0", "evidence": { "licenses": [ { "license": { "id": "Apache-2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0" } }, { "license": { "id": "LGPL-2.1-only", "url": "https://opensource.org/licenses/LGPL-2.1" } } ], "copyright": [ { "text": "Copyright 2012 Google Inc. All Rights Reserved." }, { "text": "Copyright (C) 2004,2005 Dave Brosius " }, { "text": "Copyright (C) 2005 William Pugh" }, { "text": "Copyright (C) 2004,2005 University of Maryland" } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-evidence-1.4.xml000066400000000000000000000030741476011761300271150ustar00rootroot00000000000000 com.google.code.findbugs findbugs-project 3.0.0 LGPL-3.0-or-later https://www.gnu.org/licenses/lgpl-3.0-standalone.html pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0 Apache-2.0 http://www.apache.org/licenses/LICENSE-2.0 LGPL-2.1-only https://opensource.org/licenses/LGPL-2.1 ]]> cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-external-elements-1.4.xml000066400000000000000000000535041476011761300307720ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt Banana Banana pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 Banana Banana pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar Banana Banana Banana Banana foo 1.0 Banana Banana bar 1.0 Banana Banana 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com Banana Banana 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Banana Banana Initial commit Banana Banana Banana Banana Commentary here Banana Banana Banana Banana Banana Banana Banana Banana cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-external-reference-1.4.json000066400000000000000000000021351476011761300312570ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "org.example", "name": "mylibrary", "version": "1.0.0", "externalReferences": [ { "type": "advisories", "url": "https://example.org/security/feed/csaf", "comment": "Security advisories from the vendor" }, { "type": "bom", "url": "https://example.org/support/sbom/portal-server/1.0.0", "comment": "An external SBOM that describes what this component includes", "hashes": [ { "alg": "SHA-256", "content": "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" } ] }, { "type": "documentation", "url": "https://example.org/support/documentation/portal-server/1.0.0", "comment": "Vendor provided documentation for the product" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-external-reference-1.4.xml000066400000000000000000000024541476011761300311120ustar00rootroot00000000000000 org.example mylibrary 1.0.0 https://example.org/security/feed/csaf Security advisories from the vendor https://example.org/support/sbom/portal-server/1.0.0 An external SBOM that describes what this component includes f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b https://example.org/support/documentation/portal-server/1.0.0 Vendor provided documentation for the product cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-license-expression-1.4.json000066400000000000000000000006661476011761300313270ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-license-expression-1.4.xml000066400000000000000000000022731476011761300311520ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-license-id-1.4.json000066400000000000000000000006561476011761300275230ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2.0" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-license-id-1.4.xml000066400000000000000000000022771476011761300273530ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-license-name-1.4.json000066400000000000000000000006701476011761300300430ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "name": "Apache License 2.0" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-license-name-1.4.xml000066400000000000000000000023131476011761300276660ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache License 2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-metadata-author-1.4.json000066400000000000000000000005151476011761300305610ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "authors": [ { "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-metadata-author-1.4.xml000066400000000000000000000006561476011761300304160ustar00rootroot00000000000000 Samantha Wright samantha.wright@example.com 800-555-1212 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-metadata-license-1.4.json000066400000000000000000000004271476011761300307030ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "licenses": [ { "license": { "id": "Apache-2.0" } } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-metadata-license-1.4.xml000066400000000000000000000005011476011761300305230ustar00rootroot00000000000000 Apache-2.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-metadata-manufacture-1.4.json000066400000000000000000000006661476011761300316000ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "manufacture": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Professional Services", "email": "professional.services@example.com" } ] } }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-metadata-manufacture-1.4.xml000066400000000000000000000007541476011761300314250ustar00rootroot00000000000000 Acme, Inc. https://example.com Acme Professional Services professional.services@example.com cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-metadata-supplier-1.4.json000066400000000000000000000006411476011761300311220ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "supplier": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Distribution", "email": "distribution@example.com" } ] } }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-metadata-supplier-1.4.xml000066400000000000000000000007241476011761300307530ustar00rootroot00000000000000 Acme, Inc. https://example.com Acme Distribution distribution@example.com cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-metadata-timestamp-1.4.json000066400000000000000000000003401476011761300312560ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13T20:20:39+00:00" }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-metadata-timestamp-1.4.xml000066400000000000000000000003761476011761300311160ustar00rootroot00000000000000 2020-04-07T07:01:00Z cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-metadata-tool-1.4.json000066400000000000000000000011351476011761300302330ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "tools": [ { "vendor": "Awesome Vendor", "name": "Awesome Tool", "version": "9.1.2", "hashes": [ { "alg": "SHA-1", "content": "25ed8e31b995bb927966616df2a42b979a2717f0" }, { "alg": "SHA-256", "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } ] } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-metadata-tool-1.4.xml000066400000000000000000000012161476011761300300620ustar00rootroot00000000000000 Awesome Vendor Awesome Tool 9.1.2 25ed8e31b995bb927966616df2a42b979a2717f0 a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-minimal-viable-1.4.json000066400000000000000000000003431476011761300303660ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-minimal-viable-1.4.xml000066400000000000000000000004311476011761300302130ustar00rootroot00000000000000 acme-library cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-patch-1.4.json000066400000000000000000000046411476011761300266040ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "unofficial", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] }, { "type": "backport", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", "description": "blah blah", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] }, { "type": "defect", "id": "JIRA-874319", "description": "Enable to do something", "source": { "name": "Example Org", "url": "https://issues.example.org/874319" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-patch-1.4.xml000066400000000000000000000064111476011761300264300ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 blah uri/to/changes.diff CVE-2019-9997 CVE-2019-9997 blah blah NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 http://some/other/site-1 http://some/other/site-2 JIRA-874319 Enable to do something Example Org https://issues.example.org/874319 http://some/other/site-1 http://some/other/site-2 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-properties-1.4.json000066400000000000000000000017271476011761300277030ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "properties": [ { "name": "Foo", "value": "Bar" }, { "name": "Foo", "value": "You" }, { "name": "Foo", "value": "Two" }, { "name": "Bar", "value": "Foo" } ] }, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "properties": [ { "name": "Foo", "value": "Bar" } ] } ], "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "group": "org.partner", "name": "Stock ticker service", "endpoints": [ "https://partner.org/api/v1/stock" ], "properties": [ { "name": "Foo", "value": "Bar" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-properties-1.4.xml000066400000000000000000000022751476011761300275310ustar00rootroot00000000000000 Bar You Two Foo acme-library 1.0.0 Bar Foo org.partner Stock ticker service https://partner.org/api/v1/stock Bar Foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-random-attributes-1.4.xml000066400000000000000000000512021476011761300307730ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-release-notes-1.4.json000066400000000000000000000123321476011761300302470ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-example", "version": "1.0.0", "releaseNotes": { "type": "major", "title": "My new release", "featuredImage": "https://example.com/featured_image.png", "socialImage": "https://example.com/social_image.png", "description": "The main description of your release", "timestamp": "2021-09-17T00:51:18+00:00", "aliases": [ "Project Orion" ], "tags": [ "CMS", "SEO", "wysiwyg" ], "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.example.com/17240" } }, { "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", "description": "Great new feature that does something", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] } ], "notes": [ { "locale": "en-US", "text": { "contentType": "text/html", "encoding": "base64", "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+" } }, { "locale": "es", "text": { "contentType": "text/html", "encoding": "base64", "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4=" } } ] } } ], "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "name": "Partner Org", "url": [ "https://partner.org" ], "contact": [ { "name": "Support", "email": "support@partner.org", "phone": "800-555-1212" } ] }, "group": "org.partner", "name": "Stock ticker service", "version": "2020-Q2", "description": "Provides real-time stock information", "endpoints": [ "https://partner.org/api/v1/lookup", "https://partner.org/api/v1/stock" ], "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "PII", "flow": "inbound" }, { "classification": "PIFI", "flow": "outbound" }, { "classification": "pubic", "flow": "bi-directional" }, { "classification": "partner-data", "flow": "unknown" } ], "licenses": [ { "license": { "name": "Partner license" } } ], "externalReferences": [ { "type": "website", "url": "http://partner.org" }, { "type": "documentation", "url": "http://api.partner.org/swagger" } ], "releaseNotes": { "type": "major", "title": "My new release", "featuredImage": "https://example.com/featured_image.png", "socialImage": "https://example.com/social_image.png", "description": "The main description of your release", "timestamp": "2021-09-17T00:51:18+00:00", "aliases": [ "Project Orion" ], "tags": [ "CMS", "SEO", "wysiwyg" ], "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.example.com/17240" } }, { "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", "description": "Great new feature that does something", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] } ], "notes": [ { "locale": "en-US", "text": { "contentType": "text/html", "encoding": "base64", "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+" } }, { "locale": "es", "text": { "contentType": "text/html", "encoding": "base64", "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4=" } } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-release-notes-1.4.xml000066400000000000000000000152541476011761300301040ustar00rootroot00000000000000 acme-example 1.0.0 major My new release https://example.com/featured_image.png https://example.com/social_image.png The main description of your release 2021-09-17T00:51:18+00:00 Project Orion CMS SEO wysiwyg JIRA-17240 Great new feature that does something Acme Org https://issues.example.com/17240 CVE-2019-9997 CVE-2019-9997 A security issue was fixed that did something bad NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 http://some/other/site-1 http://some/other/site-2 en-US PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+ es PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4= Partner Org https://partner.org Support support@partner 800-555-1212 org.partner Stock ticker service 2020-Q2 Provides real-time stock information https://partner.org/api/v1/lookup https://partner.org/api/v1/stock true true PII PIFI pubic partner-data Partner license http://partner.org http://api.partner.org/swagger major My new release https://example.com/featured_image.png https://example.com/social_image.png The main description of your release 2021-09-17T00:51:18+00:00 Project Orion CMS SEO wysiwyg JIRA-17240 Great new feature that does something Acme Org https://issues.example.com/17240 CVE-2019-9997 CVE-2019-9997 A security issue was fixed that did something bad NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 http://some/other/site-1 http://some/other/site-2 en-US PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+ es PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4= cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-service-1.4.json000066400000000000000000000044101476011761300271370ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "pkg:maven/com.acme/stock-java-client@1.0.12", "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "stock-java-client", "version": "1.0.12", "hashes": [ { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" } ], "licenses": [ { "license": { "id": "Apache-2.0" } } ], "purl": "pkg:maven/com.acme/stock-java-client@1.0.12" } ], "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "name": "Partner Org", "url": [ "https://partner.org" ], "contact": [ { "name": "Support", "email": "support@partner.org", "phone": "800-555-1212" } ] }, "group": "org.partner", "name": "Stock ticker service", "version": "2020-Q2", "description": "Provides real-time stock information", "endpoints": [ "https://partner.org/api/v1/lookup", "https://partner.org/api/v1/stock" ], "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "PII", "flow": "inbound" }, { "classification": "PIFI", "flow": "outbound" }, { "classification": "pubic", "flow": "bi-directional" }, { "classification": "partner-data", "flow": "unknown" } ], "licenses": [ { "license": { "name": "Partner license" } } ], "externalReferences": [ { "type": "website", "url": "http://partner.org" }, { "type": "documentation", "url": "http://api.partner.org/swagger" } ] } ], "dependencies": [ { "ref": "pkg:maven/com.acme/stock-java-client@1.0.12", "dependsOn": [ "b2a46a4b-8367-4bae-9820-95557cfe03a8" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-service-1.4.xml000066400000000000000000000052051476011761300267710ustar00rootroot00000000000000 com.acme stock-java-client 1.0.12 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a Apache-2.0 pkg:maven/com.acme/stock-java-client@1.0.12 Partner Org https://partner.org Support support@partner 800-555-1212 org.partner Stock ticker service 2020-Q2 Provides real-time stock information https://partner.org/api/v1/lookup https://partner.org/api/v1/stock true true PII PIFI pubic partner-data Partner license http://partner.org http://api.partner.org/swagger cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-service-empty-objects-1.4.json000066400000000000000000000006431476011761300317260ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "contact": [ ] }, "name": "Stock ticker service", "endpoints": [ ], "data": [ ], "externalReferences": [ ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-service-empty-objects-1.4.xml000066400000000000000000000007571476011761300315630ustar00rootroot00000000000000 Stock ticker service cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-signatures-1.4.json000066400000000000000000000230051476011761300276640ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "5366293e-0740-4dcf-b1d0-0c1fc26e4981", "type": "application", "name": "amce app", "version": "1.0", "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" ], "value": "tqITqIm0gUMWXIjqDgwqzqPw1CwTUKRewZQ5YpX3VwFMWV68NJgX4npU91cSwSC-MRlx1QfOYwSQkeU26VpXSg" } } ], "services": [ { "bom-ref": "ee10d0a2-baba-4656-a5ac-d49e172a0d3d", "group": "org.partner", "name": "Stock ticker service", "version": "2020-Q2", "endpoints": [ "https://partner.org/api/v1/lookup", "https://partner.org/api/v1/stock" ], "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "PII", "flow": "inbound" } ], "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" ], "value": "6A77T3RBTAuVpZOgFFFfOvGOQ1hqMbfSQ91VucRM1RIP6QqX9kEF1Pi1_vCl37qpVzK51kIyppgUF_i9s999XA" } } ], "compositions": [ { "aggregate": "complete", "assemblies": [ "5366293e-0740-4dcf-b1d0-0c1fc26e4981", "ee10d0a2-baba-4656-a5ac-d49e172a0d3d" ], "dependencies": [ "5366293e-0740-4dcf-b1d0-0c1fc26e4981" ], "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" ], "value": "lm6wx-elyBTbNMKNF8riooZhvrm6f5j8JpvgP9JtVv50dd7sXQLH7PqJcn9fmKV8eoF8cszPllEsQQhEQOM4hA" } } ], "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" ], "value": "m4pMbQQVV61TlP4Og7a75SeY8lh00LkkUDXZ4PIhXsR512MPRgZmusFYorJlYq9wM3P9n9gM3T8BTg9XdFdQkQ" } } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-vulnerability-1.4.json000066400000000000000000000102621476011761300303720ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", "type": "library", "group": "com.fasterxml.jackson.core", "name": "jackson-databind", "version": "2.9.4", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" } ], "vulnerabilities": [ { "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", "source": { "name": "Snyk", "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" }, "references": [ { "id": "CVE-2018-7489", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" } } ], "ratings": [ { "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" }, "score": 9.8, "severity": "critical", "method": "CVSSv3", "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "justification": "An optional reason for rating the vulnerability as it was" } ], "cwes": [ 184, 502 ], "description": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", "detail": "", "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", "advisories": [ { "title": "GitHub Commit", "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" }, { "title": "GitHub Issue", "url": "https://github.com/FasterXML/jackson-databind/issues/1931" } ], "created": "2021-01-01T00:00:00.000Z", "published": "2021-01-01T00:00:00.000Z", "updated": "2021-01-01T00:00:00.000Z", "credits": { "organizations": [ { "name": "Acme, Inc.", "url": [ "https://example.com" ] } ], "individuals": [ { "name": "Jane Doe", "email": "jane.doe@example.com" } ] }, "tools": [ { "vendor": "Snyk", "name": "Snyk CLI (Linux)", "version": "1.729.0", "hashes": [ { "alg": "SHA-256", "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" } ] } ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": ["will_not_fix", "update"], "detail": "An optional explanation of why the application is not affected by the vulnerable component." }, "affects": [ { "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", "versions": [ { "range": "vers:semver/<2.6.7.5", "status": "affected" }, { "range": "vers:semver/2.7.0|<2.8.11.1", "status": "affected" }, { "range": "vers:semver/2.9.0|<2.9.5", "status": "affected" } ] } ], "properties": [ { "name": "Foo", "value": "Bar" }, { "name": "Foo", "value": "You" }, { "name": "Foo", "value": "Two" }, { "name": "Bar", "value": "Foo" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-vulnerability-1.4.xml000066400000000000000000000135431476011761300302260ustar00rootroot00000000000000 com.fasterxml.jackson.core jackson-databind 2.9.4 pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 Snyk https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 CVE-2018-7489 NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 CVE-2018-7489 NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 NVD https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0 9.8 critical CVSSv3 AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H An optional reason for rating the vulnerability as it was 184 502 FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher. GitHub Commit https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2 GitHub Issue https://github.com/FasterXML/jackson-databind/issues/1931 2021-01-01T00:00:00.000Z 2021-01-01T00:00:00.000Z 2021-01-01T00:00:00.000Z Acme, Inc. https://example.com Jane Doe jane.doe@example.com Snyk Snyk CLI (Linux) 1.729.0 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d not_affected code_not_reachable will_not_fix update An optional explanation of why the application is not affected by the vulnerable component. pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 vers:semver/<2.6.7.5 affected vers:semver/2.7.0|<2.8.11.1 affected vers:semver/2.9.0|<2.9.5 affected Bar You Two Foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.4/valid-xml-signature-1.4.xml000066400000000000000000000256551476011761300301430ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe jdoe@example.com 2018-11-07T22:01:45Z John Doe jdoe@example.com Initial commit org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef Apache-2.0 blah fdaf Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Apache-2.0 pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security PrB8/rofGs34XwIX5OIdYSjV2aKSe5VaztJKBvsgjIk= ePGNg30Zl9CW7RZdcRn8gFCp1AlWncjudA9pQDXyqZOvyj9RC2YtkI688WdfDOdVRZs6mflJFXr7 IKA9wY6jVrEqZmlef55Qp/8iGwOjOjWbwYsm2AhrdkUi9gaFSWEd8uITYHOpWbiPFSsnimiK9+ft 56dkg/oJMLdXzlaukzq9iGkRcafRkW433OQcZIXwD2K8lg4cdD0pNNNqBa+PgIvzbxA5H84TyQDB HBcQiw/j1edRBJgPOwlqzZDUawOJaFhAPUQ+GGKMetIJH2FqqrHXGuV1NIwnbWTCg40RdOcBdCrl PDtDVjFh34uZ4dYBpJBIlM4daD2N4B6WPB5iHRyuZTczF2q03ObabuTgkpK6EeadFVqFNsEOOPPt MDDyda+Lwff5KjvUHvRRtUDIOm2rNIQKzaseulwYcA9UWQHAFcupJmWcLLM4zzY7F/uOdZuSurzh U6h5kdb76Juepof6ee4Q5YpwNOGNL5JfB4C3sc/Dbbv8dZ8OuXFYSZN7reUGZzCNksByqERPEbAe n1ldJu1HnRXRQpwaon8Asy9CuNmPfFCfDwOs2B4p4tb+tLNIKFHdRlpd19Zr9vCMCbltXeqq0Cpq OejSyLYGqSWzzzUh449dJrg6KTevrTNEln5GAlLBFSdjM5JA7KV2u/GyDVFwSEW7UKooGN4CtgU= CN=bomsigner,OU=development,O=cyclonedx MIIE+DCCAuCgAwIBAgIEXGzayTANBgkqhkiG9w0BAQsFADA+MRIwEAYDVQQKDAljeWNsb25lZHgx FDASBgNVBAsMC2RldmVsb3BtZW50MRIwEAYDVQQDDAlib21zaWduZXIwHhcNMTkwMjIwMDQ0MjQ5 WhcNNDkwMjIwMDQ0MjQ5WjA+MRIwEAYDVQQKDAljeWNsb25lZHgxFDASBgNVBAsMC2RldmVsb3Bt ZW50MRIwEAYDVQQDDAlib21zaWduZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCo 5JZsM4ZLfWW/dpRlU6CpnItWspddF+bEVDETKVwVj9tGpqR5jURgKS/BOQP2TGUsR3/ZJJBhYRll ONhrUQrVKV/I6wp3Z40qPEa1RJLE+QlG9iL8qBV52CnXkLmnUSax3dspSzmSct5vDiTnvpHG9jr0 AKFeTjy7U9rv8GJybz0ijwlpBoO9JRdYPX2PrrzoSeJLoxKq+GwuyCZ5LhXRN0p1a+NAirTAmY+c G1ZTLkMmfeCUy1t6H/bG4RnYOSSPOvk7Rb68lQpUqb+pbbNuB2o/b9cDwtLLCtGVlu+5Wj8mrytY 3FGFQM20j3yVeRInmGqTTDBelQa/CO4JKqBlmaeYEIvNYbFs9+AlqadivwDO51RpdPo9fPSpsBpy ZMv6S2bXNuUML+Rk99WyKJTPM0PTZhRLZ64ZXEhlz3kQWVoSlrcwwim6sj6LRUb5IRqA3lxRFUI6 NXKyiQLamQp+t3/9OGW9L1rLCcw7yFo0s8LhMTPMiv4ol9/hQViT+8ICzDsr0OM9ZiF4/UagFRlt IClV70cjh1DpsZjzQIRVGaj8uQ/JdtfRz4E43Ki7U0a2Vpho/t6poLVndv46tkX5nYGtMW4WfMoD ZflQ9pajvvKtr2jB1wob6nsU+VTmAcWZy4BCPH+XyfDw/0SFBdUceJJJtPWIeYFDUY7onptf+wID AQABMA0GCSqGSIb3DQEBCwUAA4ICAQCOVariNgK+9OF/5T9ZaSvZbkk45RTmzgQNXtFc5xfRvqwP s+pu/DFXm1R+ltjyS5j3w6NBZUFUI5MqLQr6JEEDrbu8BvfBO57wJNAEATj1JIHEfDfh7BxnBF8f oYFOwbrh4jOt0wz0FW2obsSVmF4GSvS7tTlWqTcsxjdZVmwP40RWu18B9jzv7M61adrWD3ksDA5O amSOsZi3Nt0aacDkyGRdCIEFi0fplxQInXMtD1z3RhXu2JSTAIr54Cei49Bh71kAXSWHMCog/f8a lSrZyqZBty/ACfU9DqlPIM+giHePKm4z2bcdpUdKZk6wcKDn4CvuBOqsMBMg7L05UEyyqTPD/4dk 2GwJ8Nv0E5gsYHCIXF2cZ3OUVsw0mB/ozleEJVDE02uZZN/1wW1Xq028LsMdgN0Wk1WvWyF5MEdh nPWuhqp6tNaDI/kK6XQF+LjYJUzua3AQFOHfYNLKhO6d+bJ4rr0833v4v3cLW34kbXkKb6U3Yv8X SK3jBGCACiPgnc0N6awkh1kDlrZQ7GMsl14c+2+vpl9Lf0sL0mRUIyICfSC8MjlsP/BZH3emyfsk iWivPALomycKqP+PSkt1WaWApGENZWk1wNN99FYSYlt6LViW2p6T97fRx4jPRlHu+wecfD2k9RP4 bt5W2HWfOP0zNAS7SnAVLEl2QZxXKw== qOSWbDOGS31lv3aUZVOgqZyLVrKXXRfmxFQxEylcFY/bRqakeY1EYCkvwTkD9kxlLEd/2SSQYWEZ ZTjYa1EK1SlfyOsKd2eNKjxGtUSSxPkJRvYi/KgVedgp15C5p1Emsd3bKUs5knLebw4k576RxvY6 9AChXk48u1Pa7/Bicm89Io8JaQaDvSUXWD19j6686EniS6MSqvhsLsgmeS4V0TdKdWvjQIq0wJmP nBtWUy5DJn3glMtbeh/2xuEZ2Dkkjzr5O0W+vJUKVKm/qW2zbgdqP2/XA8LSywrRlZbvuVo/Jq8r WNxRhUDNtI98lXkSJ5hqk0wwXpUGvwjuCSqgZZmnmBCLzWGxbPfgJamnYr8AzudUaXT6PXz0qbAa cmTL+ktm1zblDC/kZPfVsiiUzzND02YUS2euGVxIZc95EFlaEpa3MMIpurI+i0VG+SEagN5cURVC OjVysokC2pkKfrd//ThlvS9aywnMO8haNLPC4TEzzIr+KJff4UFYk/vCAsw7K9DjPWYheP1GoBUZ bSApVe9HI4dQ6bGY80CEVRmo/LkPyXbX0c+BONyou1NGtlaYaP7eqaC1Z3b+OrZF+Z2BrTFuFnzK A2X5UPaWo77yra9owdcKG+p7FPlU5gHFmcuAQjx/l8nw8P9EhQXVHHiSSbT1iHmBQ1GO6J6bX/s= AQAB cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/000077500000000000000000000000001476011761300232115ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-bomformat-1.5.json000066400000000000000000000002451476011761300300200ustar00rootroot00000000000000{ "bomFormat": "AnotherFormat", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-component-ref-1.5.json000066400000000000000000000007741476011761300306150ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0" }, { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0" }, { "type": "library", "bom-ref": "", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-component-ref-1.5.xml000066400000000000000000000015421476011761300304360ustar00rootroot00000000000000 acme-library 1.0.0 acme-library 1.0.0 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-component-swid-1.5.json000066400000000000000000000006011476011761300307740ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "name": "Acme Application", "version": "9.1.1" } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-component-swid-1.5.xml000066400000000000000000000006611476011761300306310ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-component-type-1.5.json000066400000000000000000000003711476011761300310130ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "foo", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-component-type-1.5.xml000066400000000000000000000004721476011761300306440ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-dependency-1.5.json000066400000000000000000000013521476011761300301500ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "library-a", "type": "library", "name": "library-a", "version": "1.0.0" }, { "bom-ref": "library-b", "type": "library", "name": "library-b", "version": "1.0.0" }, { "bom-ref": "library-c", "type": "library", "name": "library-c", "version": "1.0.0" } ], "dependencies": [ { "dependsOn": [] }, { "ref": "", "dependsOn": [ "library-a" ] }, { "ref": "library-b", "dependsOn": [ "library-c" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-dependency-1.5.xml000066400000000000000000000020761476011761300300030ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 1.0.0 acme-library-b 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-empty-component-1.5.json000066400000000000000000000003051476011761300311650ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-empty-component-1.5.xml000066400000000000000000000003671476011761300310240ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-hash-alg-1.5.json000066400000000000000000000015301476011761300275140ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "FOO", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-hash-alg-1.5.xml000066400000000000000000000014771476011761300273550ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-hash-md5-1.5.json000066400000000000000000000014731476011761300274440ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "foo" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-hash-md5-1.5.xml000066400000000000000000000014421476011761300272670ustar00rootroot00000000000000 acme-library 1.0.0 required foo e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-hash-sha1-1.5.json000066400000000000000000000014631476011761300276120ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "foo" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-hash-sha1-1.5.xml000066400000000000000000000014321476011761300274350ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 foo f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-hash-sha256-1.5.json000066400000000000000000000014331476011761300277630ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "foo" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-hash-sha256-1.5.xml000066400000000000000000000014021476011761300276060ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a foo e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-hash-sha512-1.5.json000066400000000000000000000013331476011761300277550ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "foo" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-hash-sha512-1.5.xml000066400000000000000000000013021476011761300276000ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-issue-type-1.5.json000066400000000000000000000022401476011761300301360ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "unofficial", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "foo", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-issue-type-1.5.xml000066400000000000000000000030221476011761300277640ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-license-choice-1.5.json000066400000000000000000000010031476011761300306750ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", "license": { "name": "Apache License 2.0" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-license-choice-1.5.xml000066400000000000000000000024301476011761300305310ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-license-encoding-1.5.json000066400000000000000000000366541476011761300312550ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2.0", "text": { "contentType": "text/plain", "encoding": "base85", "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-license-encoding-1.5.xml000066400000000000000000000402041476011761300310660ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-license-id-1.5.json000066400000000000000000000006541476011761300300520ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-license-id-1.5.xml000066400000000000000000000402021476011761300276720ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-license-id-count-1.5.xml000066400000000000000000000024611476011761300310250ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 MIT MIT pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-license-name-count-1.5.xml000066400000000000000000000025271476011761300313540ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache License 2.0 Apache License 2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-metadata-license-1.5.json000066400000000000000000000004251476011761300312320ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "licenses": [ { "license": { "id": "Apache-2" } } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-metadata-license-1.5.xml000066400000000000000000000004771476011761300310700ustar00rootroot00000000000000 Apache-2 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-metadata-timestamp-1.5.json000066400000000000000000000003211476011761300316060ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13" }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-metadata-timestamp-1.5.xml000066400000000000000000000003641476011761300314440ustar00rootroot00000000000000 2020-04-07 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-missing-component-type-1.5.json000066400000000000000000000003441476011761300324620ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-missing-component-type-1.5.xml000066400000000000000000000004571476011761300323160ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-namespace-1.5.xml000066400000000000000000000510571476011761300276240ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-patch-type-1.5.json000066400000000000000000000022411476011761300301060ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "foo", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-patch-type-1.5.xml000066400000000000000000000030231476011761300277340ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-scope-1.5.json000066400000000000000000000004231476011761300271410ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "foo" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-scope-1.5.xml000066400000000000000000000005351476011761300267740ustar00rootroot00000000000000 acme-library 1.0.0 foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-serialnumber-1.5.json000066400000000000000000000002241476011761300305170ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-serialnumber-1.5.xml000066400000000000000000000510431476011761300303530ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-service-data-1.5.json000066400000000000000000000006561476011761300304070ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "name": "Stock ticker service", "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "foo", "flow": "bar" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/invalid-service-data-1.5.xml000066400000000000000000000006401476011761300302270ustar00rootroot00000000000000 Stock ticker service bar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-annotation-1.5.json000066400000000000000000000047371476011761300276670ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "component-a", "type": "library", "name": "Component A", "version": "1.0.0" } ], "annotations": [ { "bom-ref": "annotation-1", "subjects": [ "component-a" ], "annotator": { "organization": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Professional Services", "email": "professional.services@example.com" } ] } }, "timestamp": "2022-01-01T00:00:00Z", "text": "This is a sample annotation made by an organization" }, { "bom-ref": "annotation-2", "subjects": [ "component-a" ], "annotator": { "individual": { "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" } }, "timestamp": "2022-01-01T00:00:00Z", "text": "This is a sample annotation made by a person" }, { "bom-ref": "annotation-3", "subjects": [ "component-a" ], "annotator": { "component": { "type": "application", "name": "Awesome Tool", "version": "9.1.2" } }, "timestamp": "2022-01-01T00:00:00Z", "text": "This is a sample annotation made by a component" }, { "bom-ref": "annotation-4", "subjects": [ "component-a" ], "annotator": { "service": { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "name": "Partner Org", "url": [ "https://partner.org" ] }, "group": "org.partner", "name": "BOM Annotation Service", "version": "2020-Q2", "endpoints": [ "https://partner.org/api/v1/inspect", "https://partner.org/api/v1/annotate" ], "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "public", "flow": "bi-directional" } ] } }, "timestamp": "2022-01-01T00:00:00Z", "text": "This is a sample annotation made by a service" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-annotation-1.5.xml000066400000000000000000000070141476011761300275050ustar00rootroot00000000000000 Component A 1.0.0 Acme, Inc. https://example.com Acme Professional Services professional.services@example.com 2020-04-07T07:01:00Z This is a sample annotation made by an organization Samantha Wright samantha.wright@example.com 800-555-1212 2020-04-07T07:01:00Z This is a sample annotation made by an person Awesome Tool 9.1.2 2020-04-07T07:01:00Z This is a sample annotation made by a component Partner Org https://partner.org Support support@partner 800-555-1212 org.partner BOM Annotation Service 2020-Q2 https://partner.org/api/v1/inspect https://partner.org/api/v1/annotate true true pubic 2020-04-07T07:01:00Z This is a sample annotation made by a service cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-assembly-1.5.json000066400000000000000000000010441476011761300273200ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library-a", "version": "1.0.0", "components": [ { "type": "library", "name": "acme-library-b", "version": "2.0.0" } ] } ], "services": [ { "name": "acme-service-a", "services": [ { "name": "acme-service-b" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-assembly-1.5.xml000066400000000000000000000014301476011761300271460ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 2.0.0 acme-service-a acme-service-b cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-bom-1.5.json000066400000000000000000000476461476011761300263000ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13T20:20:39+00:00", "tools": [ { "vendor": "Awesome Vendor", "name": "Awesome Tool", "version": "9.1.2", "hashes": [ { "alg": "SHA-1", "content": "25ed8e31b995bb927966616df2a42b979a2717f0" }, { "alg": "SHA-256", "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } ] } ], "authors": [ { "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" } ], "component": { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1", "text": { "contentType": "text/xml", "encoding": "base64", "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" } } }, "manufacture": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Professional Services", "email": "professional.services@example.com" } ] }, "supplier": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Distribution", "email": "distribution@example.com" } ] } }, "components": [ { "bom-ref": "pkg:npm/acme/component@1.0.0", "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ], "licenses": [ { "license": { "id": "Apache-2.0", "text": { "contentType": "text/plain", "encoding": "base64", "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ], "purl": "pkg:npm/acme/component@1.0.0", "pedigree": { "ancestors": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14" }, { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14" } ], "commits": [ { "uid": "7638417db6d59f3c431d3e1f261cc637155684cd", "url": "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd", "author": { "timestamp": "2018-11-13T20:20:39+00:00", "name": "me", "email": "me@acme.org" } } ] } }, { "type": "library", "supplier": { "name": "Example, Inc.", "url": [ "https://example.com", "https://example.net" ], "contact": [ { "name": "Example Support AMER Distribution", "email": "support@example.com", "phone": "800-555-1212" }, { "name": "Example Support APAC", "email": "support@apac.example.com" } ] }, "author": "Example Super Heros", "group": "org.example", "name": "mylibrary", "version": "1.0.0" } ], "dependencies": [ { "ref": "pkg:npm/acme/component@1.0.0", "dependsOn": [ "pkg:npm/acme/component@1.0.0" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-bom-1.5.xml000066400000000000000000000573261476011761300261230ustar00rootroot00000000000000 2020-04-07T07:01:00Z Awesome Vendor Awesome Tool 9.1.2 25ed8e31b995bb927966616df2a42b979a2717f0 a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df Samantha Wright samantha.wright@example.com 800-555-1212 Acme Super Heros Acme Application 9.1.1 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Acme, Inc. https://example.com Acme Professional Services professional.services@example.com Acme, Inc. https://example.com Acme Distribution distribution@example.com Acme Super Heros Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache Super Heros Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here Example Inc. https://example.com https://example.net Example Support AMER support@example.com 800-555-1212 Example Support APAC support@apac.example.com Example Super Heros org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0-with-classpath-exception Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security Example Super Heros com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-component-hashes-1.5.json000066400000000000000000000041631476011761300307610ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-example", "version": "1.0.0", "hashes": [ { "alg": "MD5", "content": "641b6e166f8b33c5e959e2adcc18b1c7" }, { "alg": "SHA-1", "content": "9188560f22e0b73070d2efce670c74af2bdf30af" }, { "alg": "SHA-256", "content": "d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964" }, { "alg": "SHA-384", "content": "d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad" }, { "alg": "SHA-512", "content": "74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6" }, { "alg": "SHA3-256", "content": "7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa" }, { "alg": "SHA3-384", "content": "a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5" }, { "alg": "SHA3-512", "content": "7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20" }, { "alg": "BLAKE2b-256", "content": "d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237" }, { "alg": "BLAKE2b-384", "content": "e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a" }, { "alg": "BLAKE2b-512", "content": "f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d" }, { "alg": "BLAKE3", "content": "26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-component-hashes-1.5.xml000066400000000000000000000035511476011761300306100ustar00rootroot00000000000000 acme-example 1.0.0 641b6e166f8b33c5e959e2adcc18b1c7 9188560f22e0b73070d2efce670c74af2bdf30af d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964 d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad 74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6 7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5 7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20 d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237 e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d 26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-component-ref-1.5.json000066400000000000000000000006121476011761300302550ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0" }, { "type": "library", "bom-ref": "456", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-component-ref-1.5.xml000066400000000000000000000013011476011761300301000ustar00rootroot00000000000000 acme-library 1.0.0 acme-library 1.0.0 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-component-swid-1.5.json000066400000000000000000000007101476011761300304460ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1" } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-component-swid-1.5.xml000066400000000000000000000007541476011761300303050ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-component-swid-full-1.5.json000066400000000000000000000024761476011761300314210ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1", "text": { "contentType": "text/xml", "encoding": "base64", "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" } } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-component-swid-full-1.5.xml000066400000000000000000000025021476011761300312360ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-component-types-1.5.json000066400000000000000000000015741476011761300306550ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "name": "application-a", "version": "1.0" }, { "type": "library", "name": "library-a", "version": "1.0" }, { "type": "framework", "name": "framework-a", "version": "1.0" }, { "type": "container", "name": "container-a", "version": "1.0" }, { "type": "operating-system", "name": "operating-system-a", "version": "1.0" }, { "type": "firmware", "name": "firmware-a", "version": "1.0" }, { "type": "device", "name": "device-a", "version": "1.0" }, { "type": "file", "name": "file-a", "version": "1.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-component-types-1.5.xml000066400000000000000000000023071476011761300304770ustar00rootroot00000000000000 application-a 1.0 library-a 1.0 framework-a 1.0 container-a 1.0 operating-system-a 1.0 firmware-a 1.0 device-a 1.0 file-a 1.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-compositions-1.5.json000066400000000000000000000034221476011761300302310ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "component": { "bom-ref": "acme-application-1.0", "type": "application", "name": "Acme Application", "version": "1.0" } }, "components": [ { "bom-ref": "pkg:maven/partner/shaded-library@1.0", "type": "library", "name": "Partner Shaded Library", "version": "1.0", "purl": "pkg:maven/partner/shaded-library@1.0", "components": [ { "bom-ref": "pkg:maven/ossproject/library@2.0", "type": "library", "name": "Some Opensource Library", "version": "2.0", "purl": "pkg:maven/ossproject/library@2.0" } ] }, { "bom-ref": "pkg:maven/acme/library@3.0", "type": "library", "name": "Acme Library", "version": "3.0", "purl": "pkg:maven/acme/library@3.0" } ], "dependencies": [ { "ref": "acme-application-1.0", "dependsOn": [ "pkg:maven/partner/shaded-library@1.0", "pkg:maven/acme/library@3.0" ] } ], "vulnerabilities": [ { "bom-ref": "vulnerability-1", "id": "ACME-12345", "source": { "name": "Acme Inc" } } ], "compositions": [ { "bom-ref": "composition-1", "aggregate": "complete", "assemblies": [ "pkg:maven/partner/shaded-library@1.0" ], "dependencies": [ "acme-application-1.0" ] }, { "aggregate": "unknown", "assemblies": [ "pkg:maven/acme/library@3.0" ] }, { "aggregate": "incomplete_first_party_only", "vulnerabilities": [ "vulnerability-1" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-compositions-1.5.xml000066400000000000000000000046211476011761300300620ustar00rootroot00000000000000 Acme Application 1.0 Partner Shaded Library 1.0 pkg:maven/partner/shaded-library@1.0 Some Opensource Library 2.0 pkg:maven/ossproject/library@2.0 Acme Library 2.0 pkg:maven/acme/library@3.0 complete unknown incomplete_first_party_only ACME-12345 Acme Inc cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-dependency-1.5.json000066400000000000000000000012651476011761300276240ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "library-a", "type": "library", "name": "library-a", "version": "1.0.0" }, { "bom-ref": "library-b", "type": "library", "name": "library-b", "version": "1.0.0" }, { "bom-ref": "library-c", "type": "library", "name": "library-c", "version": "1.0.0" } ], "dependencies": [ { "ref": "library-a", "dependsOn": [] }, { "ref": "library-b", "dependsOn": [ "library-c" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-dependency-1.5.xml000066400000000000000000000014701476011761300274510ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 1.0.0 acme-library-b 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-empty-components-1.5.json000066400000000000000000000002411476011761300310200ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-empty-components-1.5.xml000066400000000000000000000002731476011761300306540ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-evidence-1.5.json000066400000000000000000000061651476011761300272740ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "group": "com.google.code.findbugs", "name": "findbugs-project", "version": "3.0.0", "licenses": [ { "license": { "id": "LGPL-3.0-or-later", "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html" } } ], "purl": "pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0", "evidence": { "identity": { "field": "purl", "confidence": 1, "methods": [ { "technique": "filename", "confidence": 0.1, "value": "findbugs-project-3.0.0.jar" }, { "technique": "ast-fingerprint", "confidence": 0.9, "value": "61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab" }, { "technique": "hash-comparison", "confidence": 0.7, "value": "7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf" } ], "tools": [ "bom-ref-of-tool-that-performed-analysis" ] }, "occurrences": [ { "bom-ref": "d6bf237e-4e11-4713-9f62-56d18d5e2079", "location": "/path/to/component" }, { "bom-ref": "b574d5d1-e3cf-4dcd-9ba5-f3507eb1b175", "location": "/another/path/to/component" } ], "callstack": { "frames": [ { "package": "com.apache.logging.log4j.core", "module": "Logger.class", "function": "logMessage", "parameters": [ "com.acme.HelloWorld", "Level.INFO", "null", "Hello World" ], "line": 150, "column": 17, "fullFilename": "/path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class" }, { "module": "HelloWorld.class", "function": "main", "line": 20, "column": 12, "fullFilename": "/path/to/HelloWorld.class" } ] }, "licenses": [ { "license": { "id": "Apache-2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0" } }, { "license": { "id": "LGPL-2.1-only", "url": "https://opensource.org/licenses/LGPL-2.1" } } ], "copyright": [ { "text": "Copyright 2012 Google Inc. All Rights Reserved." }, { "text": "Copyright (C) 2004,2005 Dave Brosius " }, { "text": "Copyright (C) 2005 William Pugh" }, { "text": "Copyright (C) 2004,2005 University of Maryland" } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-evidence-1.5.xml000066400000000000000000000106471476011761300271230ustar00rootroot00000000000000 com.google.code.findbugs findbugs-project 3.0.0 LGPL-3.0-or-later https://www.gnu.org/licenses/lgpl-3.0-standalone.html pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0 purl 1 filename 0.1 findbugs-project-3.0.0.jar ast-fingerprint 0.9 61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab hash-comparison 0.7 7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf /path/to/component /another/path/to/component com.apache.logging.log4j.core Logger.class logMessage com.acme.HelloWorld Level.INFO null Hello World 150 17 /path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class HelloWorld.class main 20 12 /path/to/HelloWorld.class Apache-2.0 http://www.apache.org/licenses/LICENSE-2.0 LGPL-2.1-only https://opensource.org/licenses/LGPL-2.1 ]]> cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-external-elements-1.5.xml000066400000000000000000000535041476011761300307740ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt Banana Banana pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 Banana Banana pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar Banana Banana Banana Banana foo 1.0 Banana Banana bar 1.0 Banana Banana 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com Banana Banana 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Banana Banana Initial commit Banana Banana Banana Banana Commentary here Banana Banana Banana Banana Banana Banana Banana Banana cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-external-reference-1.5.json000066400000000000000000000021351476011761300312610ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "org.example", "name": "mylibrary", "version": "1.0.0", "externalReferences": [ { "type": "advisories", "url": "https://example.org/security/feed/csaf", "comment": "Security advisories from the vendor" }, { "type": "bom", "url": "https://example.org/support/sbom/portal-server/1.0.0", "comment": "An external SBOM that describes what this component includes", "hashes": [ { "alg": "SHA-256", "content": "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" } ] }, { "type": "documentation", "url": "https://example.org/support/documentation/portal-server/1.0.0", "comment": "Vendor provided documentation for the product" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-external-reference-1.5.xml000066400000000000000000000024541476011761300311140ustar00rootroot00000000000000 org.example mylibrary 1.0.0 https://example.org/security/feed/csaf Security advisories from the vendor https://example.org/support/sbom/portal-server/1.0.0 An external SBOM that describes what this component includes f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b https://example.org/support/documentation/portal-server/1.0.0 Vendor provided documentation for the product cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-formulation-1.5.json000066400000000000000000000170271476011761300300500ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "org.example", "name": "mylibrary", "version": "1.0.0" } ], "formulation": [ { "bom-ref": "formula-1", "components": [ { "bom-ref": "component-1", "type": "platform", "name": "Pipeline controller image", "version": "v0.47.0" } ], "workflows": [ { "bom-ref": "workflow-1", "uid": "8edb2b08-e2c7-11ed-b5ea-0242ac120002", "name": "My workflow", "description": "Workflow description here", "resourceReferences": [ { "ref": "component-a" } ], "tasks": [ { "bom-ref": "task-1", "uid": "task-uid-1", "name": "fetch-repository", "description": "Description here", "resourceReferences": [ { "ref": "component-a" } ], "taskTypes": [ "clone", "build" ], "trigger": { "bom-ref": "trigger-1", "uid": "trigger-1", "type": "api" }, "steps": [ { "name": "My step" } ], "inputs": [ { "resource": { "ref": "component-a" } } ], "outputs": [ { "resource": { "ref": "component-b" } } ], "timeStart": "2023-01-01T00:00:00+00:00", "timeEnd": "2023-01-01T00:00:00+00:00", "workspaces": [ { "bom-ref": "workspace-1", "uid": "workspace-uid-1", "name": "workspace" } ], "runtimeTopology": [ { "ref": "task-1", "dependsOn": [ "task-2" ] } ] } ], "taskDependencies": [ { "ref": "task-1", "dependsOn": ["task-2"] } ], "taskTypes": [ "clone", "build" ], "trigger": { "bom-ref": "trigger-2", "uid": "trigger-uid-2", "name": "My trigger", "description": "Description here", "resourceReferences": [ { "ref": "component-a" } ], "type": "api", "event": { "uid": "event-1", "description": "Description here", "timeReceived": "2023-01-01T00:00:00+00:00", "data": { "contentType": "text/plain", "content": "Foo/Bar" }, "source": { "ref": "component-g" }, "target": { "ref": "component-h" }, "properties": [ { "name": "Foo", "value": "Bar" } ] }, "conditions": [ { "description": "Description here", "expression": "1 == 1", "properties": [ { "name": "Foo", "value": "Bar" } ] } ], "timeActivated": "2023-01-01T00:00:00+00:00", "inputs": [ { "resource": { "ref": "component-10" }, "source": { "ref": "component-11" }, "target": { "ref": "component-12" } } ], "outputs": [ { "resource": { "ref": "component-14" }, "type": "artifact", "source": { "ref": "component-15" }, "target": { "ref": "component-16" } } ], "properties": [ { "name": "Foo", "value": "Bar" } ] }, "steps": [ { "name": "My step", "description": "Description here", "commands": [ { "executed": "ls -las", "properties": [ { "name": "Foo", "value": "Bar" } ] } ], "properties": [ { "name": "Foo", "value": "Bar" } ] } ], "inputs": [ { "environmentVars": [ { "name": "Foo", "value": "Bar" } ] }, { "environmentVars": [ "FooBar" ] }, { "environmentVars": [ { "name": "Foo", "value": "Bar" }, "FooBar" ] } ], "outputs": [ { "environmentVars": [ { "name": "Foo", "value": "Bar" } ] }, { "environmentVars": [ "FooBar" ] }, { "environmentVars": [ { "name": "Foo", "value": "Bar" }, "FooBar" ] } ], "timeStart": "2023-01-01T00:00:00+00:00", "timeEnd": "2023-01-01T00:00:00+10:00", "workspaces": [ { "bom-ref": "workspace-1", "uid": "workspace-1", "name": "My workspace", "aliases": [ "default-workspace" ], "description": "Description here", "resourceReferences": [ { "ref": "component-t" } ], "accessMode": "read-write", "mountPath": "/tmp/workspace", "managedDataType": "ConfigMap", "volumeRequest": "requestedVolumeClaim", "volume": { "uid": "volume-1", "name": "My volume", "mode": "filesystem", "path": "/", "sizeAllocated": "10GB", "persistent": true, "remote": false } } ], "runtimeTopology": [ { "ref": "component-s", "dependsOn": [ "component-r" ] } ], "properties": [ { "name": "Foo", "value": "Bar" } ] } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-formulation-1.5.xml000066400000000000000000000267551476011761300277070ustar00rootroot00000000000000 Acme Inc org.example mylibrary 1.0.0 Pipeline controller image v0.47.0 8edb2b08-e2c7-11ed-b5ea-0242ac120002 My workflow Workflow description here component-a task-uid-1 fetch-repository Description here component-a clone build trigger-1 api My step component-a component-b 2023-01-01T00:00:00+00:00 2023-01-01T00:00:00+00:00 workspace-uid-1 workspace clean build trigger-uid-1 My trigger Description here component-a api event-1 Description here 2023-01-01T00:00:00+00:00 FooBar component-g component-h Bar Description here 1 == 1 Bar 2023-01-01T00:00:00+00:00 component-10 component-11 component-12 component-14 artifact component-15 component-16 Bar My step Description here ls -las Bar Bar Bar FooBar Bar FooBar Bar FooBar Bar FooBar 2023-01-01T00:00:00+00:00 2023-01-01T00:00:00+00:00 workspace-1 My workspace default-workspace Description here component-t read-write /tmp/workspace ConfigMap requestedVolumeClaim volume-1 My volume filesystem / 10GB true false Bar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-license-expression-1.5.json000066400000000000000000000007311476011761300313220ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", "bom-ref": "my-license" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-license-expression-1.5.xml000066400000000000000000000023661476011761300311570ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-license-id-1.5.json000066400000000000000000000007231476011761300275200ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2.0", "bom-ref": "my-license" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-license-id-1.5.xml000066400000000000000000000023241476011761300273460ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-license-licensing-1.5.json000066400000000000000000000030031476011761300310710ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "cryptographic-provider", "version": "2.2.0", "licenses": [ { "license": { "bom-ref": "acme-license-1", "name": "Acme Commercial License", "licensing": { "altIds": [ "acme", "acme-license" ], "licensor": { "organization": { "name": "Acme Inc", "contact": [ { "name": "Acme Licensing Fulfillment", "email": "licensing@example.com" } ] } }, "licensee": { "organization": { "name": "Example Co." } }, "purchaser": { "individual": { "name": "Samantha Wright", "email": "samantha.wright@gmail.com", "phone": "800-555-1212" } }, "purchaseOrder": "PO-12345", "licenseTypes": ["appliance"], "lastRenewal": "2022-04-13T20:20:39+00:00", "expiration": "2023-04-13T20:20:39+00:00" } } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-license-licensing-1.5.xml000066400000000000000000000042251476011761300307270ustar00rootroot00000000000000 Acme Inc com.acme cryptographic-provider 2.2.0 Acme Commercial License acme acme-license Acme Inc Acme Licensing Fulfillment licensing@example.com Example Co. Samantha Wright samantha.wright@gmail.com 800-555-1212 PO-12345 appliance 2022-04-13T20:20:39+00:00 2023-04-13T20:20:39+00:00 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-license-name-1.5.json000066400000000000000000000007351476011761300300470ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "name": "Apache License 2.0", "bom-ref": "my-license" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-license-name-1.5.xml000066400000000000000000000023401476011761300276700ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache License 2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-machine-learning-1.5.json000066400000000000000000003003641476011761300307110ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "component-a", "type": "machine-learning-model", "group": "CompVis", "name": "stable-diffusion", "version": "1.4", "description": "Stable Diffusion is a latent text-to-image diffusion model capable of generating photo-realistic images given any text input. For more information about how Stable Diffusion functions, please have a look at \uD83E\uDD17's Stable Diffusion with \uD83E\uDDE8Diffusers blog.", "modelCard": { "modelParameters": { "approach": { "type": "supervised" }, "task": "task goes here", "architectureFamily": "the architecture family goes here", "modelArchitecture": "The architecture of the model.", "datasets": [ { "type": "dataset", "name": "Training Data", "contents": { "url": "https://example.com/path/to/dataset" }, "classification": "public" } ], "inputs": [ { "format": "string" } ], "outputs": [ { "format": "byte[]" } ] }, "quantitativeAnalysis": { "performanceMetrics": [ { "type": "The type of performance metric", "value": "The value of the performance metric", "slice": "The name of the slice this metric was computed on. By default, assume this metric is not sliced", "confidenceInterval": { "lowerBound": "The lower bound of the confidence interval", "upperBound": "The upper bound of the confidence interval" } } ], "graphics": { "description": "Performance images", "collection": [ { "name": "FID vs CLIP Scores on 512x512 samples for different v1-versions", "image": { "contentType": "image/jpeg", "encoding": "base64", "content": "/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAMEBgUGBgYFBgYGBwkIBgcJBwYGCAsICQoKCgoKBggLDAsKDAkKCgr/2wBDAQICAgICAgUDAwUKBwYHCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgr/wAARCAH4AxgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPDv2yv+CkH7G3/AAT/ALrwpYftYfFe68N3PjiW8i8K2tl4S1XV5dQe1WJrgKmnWs7LsWeI/OFyG4ztbGN+y9/wVb/YY/bK+Jp+D/7PHxO8Qav4gXTZb82mpfDPxDpMfkRlA7efqFhBDkF1+XfuOeAcHHyZ/wAFx/ird/BH/gpn+wN8U7D4UeLfHE2j+KfHUieFPAmnRXerahu0qyj2W8U0sSOw37yGkX5UY5JGD9i/smftw69+1R4r1Twvq37DPx4+FKaZp4uk1T4teE7HT7S9JkCeTA9tfXDNKM7iCqjaCc9qANj4f/t7fsnfFH4O/Ef4/eBPit9u8JfCTWNa0v4hat/YV/F/ZV3pMIm1CPypIFln8qMht0KSK/RC54rwnSf+DiL/AII+6xY22sJ+1feWenXao1vq+r/DHxLY2LK33W+03GnJCFOR8xcDnrXyt+wD/wAodv8Ago7/ANlg+NH/AKaEr7a/4IwWNlqf/BIL9njTdSs4ri2uPg3osdxbzxh0lRrNAysp4YEEgg8EGgD6G+F3xW+GPxu8B6d8Ufg58QtF8VeG9Xh83S9e8P6lFeWl0mSCUliZlbBBBweCCDgit+vzQ/4Je+GNH/ZN/wCC1X7Xn7C/wZtE0z4YXGjeHfH2h+FLQbLPQNSvLeNb1LeMfLCkzyBtigKqQxKoAQV9Zf8ABUXVP2qfDP7A/wATPHX7FPjt/D/xL8MeHX1zw5crpFrf/avsbLcT2fkXUUiOZ4I5oVwAweRSGBFAHvtFfB37Zv8AwVc1Sw/4I0eH/wBt39lSaMeP/jNpOiaJ8JdOjiiuHj8TauywJbqkqtHLLav9pYo6sjNaFWDAkHgv2/v2yv2sP2eP2i/gZ+w744/4KA+GvgRo+v8Awqk1Txd+0j4s8Eafdp4j8RWskVvLptulysenWLuC10xdAoWRFUL8quAfpdRXhH7BugftAaX4C1PWPjJ+3l4f/aD0nVLmKbwl4x0Pwhp+lGKEKwlikOnSvb3PzbSsiBMcgg9a8O/4ORPj78R/2dv+CPvxT8U/CjXZ9J1nWxpvh5dXtpSj2Vvf30NvcuGHKloHljDAgqZAQcgUAdj8TP8Aguz/AMEnfhN451P4d+KP2w9KvNT0SYxayfC/h/VNbtrBwSGWe6061ngiKkEMGcbSCDgg16F4w/4KZ/sI+CP2Qbn9vbVP2ktEvPhFZywRXXjTQIbjVIIpZbiO2SIxWUcswk86WNGTZuQt84UAkdh+yh+y58G/2Mv2fvDP7N/wI8IWWj+HfDOlxWsEdpbrG11IqASXUxUZkmlYF3kbLMzEkmvhf/g5o+Fvw2+FP/BC3426b8MvAek+H7bVfEug6nqNro1hHbRXF5Lr2nebcMkYCmR9oLNjLHJOSSSAfpbXnfgb9q74BfEn9ofx1+yn4K8e/bfH3w1s9NuvGug/2XdR/wBnQ38PnWjefJEsM3mR/NiJ3K9GCnivRK/PD9hr/lYa/bm/7E/4b/8ApnoA7zUf+Dhr/gkNpGo6pp2o/tS6jENF1SfTtWvT8LfE5s7S5hkMcqPdDTfJXawILb9vfOOa+svhR8Wvhj8dvh1pHxd+DXjzSvE/hjXrQXOj67ol6lxbXcRJG5HQkHDAqR1VlKkAgivx4/4Iz/8ABVf9ib9kL9lL4q/BL44ah4u1TxRJ8dfGV0nhDw18Lta1l9ShmugqQpLb2j2jPJtZdjzLjPzbQc19af8ABuV+zf8AG39mz/gnjcaX8b/hlf8AgWXxb8Sdd8UeGfAWqxmO58N6PdyR/ZrKSI8wsPLeTyyAyiYbgrblAB9c/tH/ALT37Pv7IXwtu/jV+0z8XNF8F+F7KVYpdX1u7EaPK2dsMajLzSsFYiOMM5CnAODXi3wH/wCC0/8AwTL/AGlfilo3wU+Ef7TsNz4q8RSFNA0bWfCmr6RLqTBSxFub+0hWY4BPyE5A4ry//gtj+yx+1P8AFXxd+z5+1l+y78F9M+K118BPiFc+INa+Eep6vFZf8JDBNBGizQSTgxC5tzGWj3AkNJuUOV2NF8Dv+C437PPxa/aC8Ifsr/tmfsffFL4CfEXxDqiJ4Hs/jB4NWPTtT1HIVI7C/BKvMWbYrlIwWdUVizhSAffNFfBPxj/aW/bl/bK/4KM+Pv8Agn3+wx8bdF+D/hv4J+HtHvvir8T7vwhBr2qXGparC1xZabY2t0fsyJ9nVneaQOQykADbhus+N3x4/ac/4JOf8E8/i9+1B+2D+0XY/HS88G2iXfhK+XwTb+HZ5ZJ3htLazu0tHaJgbuaPM0aoQjn5MqMgH2VRX5gfGnX/APgul+yR+xhP/wAFI/Hn7aXg7xrqPhnQIfFXjz9n5/hXY2OkQ6ZtWW8s7TVInN6JreEuRLIzhzEflPAboP8Agob/AMFC/wBsC68d/sQyf8E7/GOlaZaftJ3F7Nc2PirRYLq0msrjSbS6tbi5+UzKtqty9yY7eWJpTF5ZfDZAB+j9Ffmz+3B+19+2B/wS4+GXgv4M/Ev9vbwb43+JPx1+IZ0vwp8Sfin4S0zwx4f8BaVBbI+oXk6WsiJcLFuQxJNJuZ51VncKEfz3SP8AgqB8Sf2Rf2j/AIQaXr//AAWa+C/7XHgz4o/EKw8F+KPDnhqz8PWGu+F7i/LJbarapo9w5ls0mCpMJlYqrqAxZwVAP1oor8uvjt+3V+0d8Sv+ClvxW/ZD13/gqT4N/ZE0f4frpEfgLStf8D6TeXvjuK7tBNJqC3WtMIGjWUtEsVv8/wApDYZCW/Qb9mDw98Z/C3wQ0XRPj/8AHPS/iV4njE73PjjRvDselQatA8zvbSi1ikkjjbyGiVtjFWZSwwGwADv6K+P/APgrB+2p8f8A9n2/+Dv7LH7H9tokXxZ+P/jl/D/hrXvEtqbix8PWNvEJtQ1N4Aw+0PDEyFIidpLEndt2N5R46+Of/BRr/gl7+058ENI/az/a4034+fCf43fEG18AX2qXnw5sPDuq+FtfvEY2EkP2AiO4tpXSQOsilkVCdxOMgH6L0V+b/jP49/8ABTb49/8ABZH4y/sE/s7ftMaN4B+H/hf4deHdc/4SPUPA9lq11oEk8f7yOyidU8+e5kbJe6klihjgk2xFnXHoH/BN/wDaX/bB0r9tn42/8E2/21fi3pfxK1r4b6RoviTwf8SrDwxBo1xq+lagjh4ru0tv3EcsMqqoaMAMCxPYUAfbGrarYaHpVzreqz+Va2du89zLtLbI0UsxwAScAHgDNfFuif8ABxP/AMEifE2lw654c/aO8S6hZXAJt7yx+Cvi+WKUAkEq66SQ3II4PUV9h/EDSb7X/Aet6FpkQe5vdIuYLdCwUM7xMqjJ4HJHNflZ+zFr/wDwWR/4Inf8E4vCmifF39jb4U/ED4ZfCbQLm48XW/gf4jXf/CUWenG4mu7q88ue0W0l8hJXYxxyMSsR+YDLAA/TL43ftJ/Ar9m34OXn7QXx5+Jum+FPBthFBJea/rLtFDEJnVIgQRu3O7ooXG4lgMZrhf2KP+Ckv7FP/BRSx8S6p+xp8bY/Glt4QvILXxDPDoOoWSW0syyNEAby3i80MI3O6PcvHJGRntvh34x+CP7Y/wAAPC/xX0bSNO8UeCvGuiafr+ixa1psc0csEqJcW7vDKGCyLlTgjKOvYivi7/gkVaWtj/wU4/4KA2VjbRwwxfFPwykUMSBVRRpEgAAHAA9KAPpf9rP/AIKZ/sLfsN+JdM8EftQftC6b4b1/WbL7ZpXhyDT7vUdSurfe6CZLSyhmnMZaORQ+zBMbAHINbX7JH7eP7In7dvhnUfFn7J/xz0nxhb6NdLb61a2yTW17psrZ2rc2lykdxb7trbfMjXdsbGdpx6Nc+FfAmneJrj4oXfhzSYNZGlLZ3XiKSziW5FjG7yrC9wRv8lXkkcIW2guzYBJNfnP/AME8b/Sf20v+C1/xq/4KWfs3aCLP4L6b8MIPhpF4rt4fKtviF4gg1CO4uNTgwMXEVtHF9lFxyGCx7GILAAH6XVy/xr+M3w1/Z1+EfiP47fGPxJ/Y/hXwlo8+qeIdV+xzXH2S0hQvJJ5UCPJJhQTtRWY9ga/P79pz/gqN+0d/wSK/aK8eeB/217bXvix4E+IdrNq/7M2uaF4bt4r2XV8pGfBl0tjAil/MkjaC5dGdoixZpX+SP0jX/wBmb/gor+0B/wAEa/ij8GP2qPiHp/in44fFfwPrHk6FBZ2OnaZ4ZlvoSLbRYZII08yO3DKjTzPLIz7z5jrtoA6H4df8F4/+CXXxY8U6F4N8AfHXxNf33iXULWy0Qf8ACnPFkUNzNcOqQ/vpNLWJEZnX947KgByWAya9y/at/bO/Zc/Yd+HcHxX/AGsfjRpHgjQLq/FlaX+rM5+03JjeQQxJGrPI+yN22qpOFJr4XH7av/BSv/gkF+zv8Pb/APb6/ZL+Gur/AAQ8I6TofhbxL44+Efji9vNT8MQKkFjDf3lpeWkQuEaTywywHgyDBJwG/RzXvB3w7+JVppuoeJ/Cmja/BaTrfaRNqFhFdLBIUIWeEurbG2OQHXBwx5waAOD/AGOv23P2YP2/fhG/x2/ZI+Jw8W+FI9Xn0t9VGjXtji7hVGkj8u8hikOBIh3bdp3cE4OOE/aY/wCCvH/BOf8AZA+J1z8Ffj5+0zYab4vsreOfUPDGk6HqOsX9nE8ayI88GnW87who3RwXC5Vw3Qg14N/wbfgL+yx8Z1UYA/ap8c4A/wCvmGvuDxTd/Bj4GaP4q+Oni1fDvhazFp/afjTxVcww2okitoAgnu58AuI4Y1QM5O1EVRwAKAMj9mb9q39nP9sn4XwfGf8AZf8AjBovjTw1PO0H9p6NcFvJnUAtDNGwEkEoDKTHIquAykjBBPoNfnJ/wQp8Nav8Vfjx+1N/wUh8GfD+68H/AAm+P3jrSrj4V6Dd2RtW1G1022nt7jXvIIHlLfyy+cCQGYhycjYx+zf21PjF8Rf2ev2RPiX8dPhF8Pz4q8UeEfBGpatoHh4RO4vrqC3eSOMpH87ruUEonzMAQvJFAHp1FfmT/wAE6fjP+1h+2Na+AvjD4L/4L9/Dfx3qGof2fq/jX4M6Z8KtBj+y2zGOW80xRHMmpWrpGZIlnl3HcocpjIr1X/gq3+0ZrvwF8b6FJrH/AAWT8C/sweHbvQw0Oj3vw+0/Xdd1i7E0okuI1vHfZbKnlJ8lu3zh8uMgUAfcNFfnp/wRN/4KheKv2yvip8Yv2W/HH7R3hX40N8MG0q/8L/GLwl4cbR4/EumX0cm5bmy+5Bc280Rjby8I4cYHylm8p/4J3/ET/gtr/wAFK/2U/E3xi0L/AIKDeH/hxN4e8eeIdG8Jzn4T6Vqdx4ka1u3Ef21nRIbW1T5LZRBCZj5csryMSqUAfrDRX5YfsiftE/8ABYr/AIKufsEWf7a/wl/af8JfAm6stKu7XRvCumfDq11tPFep6fuiurm8nvmY2NvNdRSwpDApeJULmWQkIHftP/8ABXr9pnX/APg3P8K/8FQ/gTeW/hX4ja2+hx3iafptvcwm5/ttNOv4oYryOZFjlaOYJuVmRZBhiy7qAP1Nrz/x3+1J8Cfhn8fPAX7MHjfx19i8c/E631SfwPof9mXUn9pR6dAs94fOjiaGHy4mVsSuhbOE3Hivg39s34nf8Fkv+CdXwCH/AAUh+KH7WfhH4g6D4au7C9+KXwDsPhtZ2FhY6bc3EUNxHpeqLI15JLbGYBZJ3ZZApkKjHlN0n7YniXR/Gf8AwXJ/4J9eMPD1z51hq3hH4l3ljNtx5kMugWzo2O2VYGgD9DqK/LX48/8ABUjxv8ff25fip+zH4B/4KmfB79kvwR8GdRt9Fu/EPjQaJeeIPF+stHvuhbW+sTpDBZ25/dGQI7M4ODhsR7P7H3/BW347eJPhf+1V8JZfiL4A/aK+IX7Ovg//AISLwL4++GBhbTfiDZ3Gnz3FskkFjLLHHdRTwGGeKBsEuFQbhuYA/TGivy//AOCdPxy/a3/bV0fwJ8Y/Bv8AwX5+G3izW9USw1fxj8EtO+FOgoLGFtkt3pYVZk1OBo0MkQnkydyBymOK/UCgD59/au/4KnfsG/sSeP7D4UftIfHhdI8Ualpn9o2vhzSfDWp6zf8A2PeUFw8Gm21xJFGWVlDuFBKnBODXvtjeW+o2UOoWjlop4lkiZkKkqwyDggEcHoea/H/4C/sxftveIP8Agvj+0To2gf8ABTLXtI1jRvAvhS91TxAnws8P3Emq6XO8ksOlGKWAx28cKjYJogJZM7nJYZr3Hwt8dv8Agon/AMFNv2tfjh4I/ZI/ay034C/Cr4FeNpPAya1afDyw8Rat4o8Q26A35kF+TFbW0LsiqqLvcMDuBJ2gH6KUV+ef7N3/AAUO/ay139m79r/4G/tE6lokXx1/ZY0fUkm8ZeG9LSKy1qCbSLm+0fVhaS+YkUrrAXeAhowVHGGKCf8A4JK6l/wVU/bC/Z++DH7bX7Sn7b+maToes6Db3mo/DLQvhlprf8JFaeS8a3d7qDAPBPcPi52WkcMcSlI9rfMSAfoLWX448Z+Gvhx4L1j4h+M9S+xaPoOl3Go6teeS8nkW0EbSyybIwzttRWO1QWOMAE8VyP7Wn7Q/hv8AZJ/Zh+IH7Tvi3Tpb3T/AXhC/1y4sIHCvd/ZoHkWBWIIVpGVUBPALAmvzm8Rr/wAFqfij/wAEvPFP7ffj79rzwdfL4x+EWoeJrj9nmL4ZWsGmWug3enSTfZINWWT7aL1bOTzFeQyJ5wEbIy5egD7v1z/gop+xx4b/AGZPCP7Y+tfGHyfhv47vNNtfCniP/hH9Rb7dNfyeVaL9nW3M8XmOcZkjUL1YqOa1P2t/25P2U/2FPB+m+Ov2qvjBZ+FLHWtRFhosbWNze3Wo3O3cYre1tIpZ5iBydiNtyM4yM/nHpP7S3xp/ZV/4NyP2UfiL8CPF0Wi6xfan4E0a6u5tItL0PZXd4Ip4vLuopEBZCRvCh16qynmtD/grN8B/2p/G/wDwXM/Y2svh/wDtz6v4STxcfiA/gFYPAGj3y+BpLLw1atePCLmJhqBvOQftW/yN2YdpoA+1viD/AMFa/wDgn18KfgL4O/aV+I3x+Oj+FPiDc3EHgtr3wpqy6lq8kEjRzLDpn2X7cdjL8xMAADIejoT7L8FfjN8O/wBob4V6L8afhNq9zf8AhzxDafatJvLzSbqwlli3Fctb3ccc0Ryp+WRFPfGCK/J39s39lr9uiX/gtb+yh4Guf+CoOvy+I9Q8A+LX8M+MX+FHh7zPD0ltpNrHfyR2v2fyJzfMrO/mqfJ37YtqgCvV/wBsv/go18Xvh9+1n4W/4Jg6H/wUZ+GPwX1Hwp8LLDXviz+0R8VbPSIbrV759sMVrpunXUsNkLmfa11KMNHGkoCKNm1wD9NKK/OP/gnX/wAFJvHepf8ABQK+/wCCeXxK/bw+GP7Tek638P5fFfgb4t/DwaZDdW01vcLFdaRqdvpcslssgRhNHIgTKKcglgE47/gm/wDFD/gsD/wUh0D4l+Lb39vXTPht4X8BfHHxD4b0O/sfhVpOqapr0NrdAiCXzUSC3tYYmjhUrE1xI5mZ5RtQUAfqbRX5KTf8FU/H37afxz+KH/CJ/wDBZX4Jfsj+A/h746vvCfhTRfEUHh7UPEXimSyISfVbmPWblBb2bykiFYkDMqsGYFdzdR8Kv+CuXx5+LP8AwSn/AGsPHdl8XfBWrfFv9nK01rTrL4ofDhbW+0PxCIrM3Gna1bRv50H7xd2+E+ZGHibgBtigH6h1z/jv4s/Cv4Wz6Ha/E34l+H/DkvibXIdF8Nx69rMFm2ralMGMNlbCV1M9w4VtsSbnbacA4NfmP42+J/8AwW80D/gmLpv/AAVVb9uHwhY6honwtsfG+o/BU/Cmxl03VNNSzjuZlu9RyLpbuW33Tv8AZxDEkjGKNFUCSsP/AILTXvxi/ay8NfsB/tF/CT9ovUvAekfEX45eBZ9B0KHwxp9//YurajaT3dtrIluIy00tvG5jFs/+jvncyE4oA/XSivNP2VvhP8ffg58OLjwr+0b+1ZqPxh16XV5bmDxTqfhDTdFkhtWjiVLQQadHHEyqySP5hG8+aQThVx4F+3h+1V8fP2PP2/P2a/EF948x8Cfiprt38PvGuiTaXa7NP8R3UZl0a+W5MXnqZZFkgZDKIgqbthY5oA+yK+W/2kv+C1X/AAS9/ZH+Mb/s+fH79rbR9G8axXsFpc+G7TR9Q1G5tpplR4kmWyt5fJLLIjDeVGHB71znx0/aq+PfjP8A4LCfCP8AYK/Z28ef2R4c8O+BtT8ffHiSHS7W5N1pzMLTS9OEk8Tm3eS63SP5ZSUxEEMAMnyb/g5b8A+BNB/4Jwap4w0PwVpNlq+rfFjwe2q6paabFHc3rLqluoMsqqGkIVVUbicBQOwoA/SCiqHijxV4Y8EeH7rxZ408R2GkaVYxebfanql4lvb26dNzySEKg5HJIFfLn/BRP9pjx94p/YH+KfxH/wCCZX7Tvha9+JXgDQV8RWv/AAjl1pmuCW3tXE9xaSwMJgPPtoriNCAr79u1gQaAPrKivhH9u3/gqZrmmf8ABIrwr+1x+xzexr8QvjrD4f0H4M2jQw3Lx+INZZESIpKrRvLbL9pYo6Mpe22spBIrk/8Agob/AMFFfi7+zh8bfg7/AME1tC/bT+G3wv8AGfiH4eDxF8TP2hPizHp0FtZWUB+yCSzspnt7Sa+vLuKdhEdscaI5WMjlAD9GqK/Mn9j3/gpf4+8Cf8FFfAX7DXjn/gpb8Kv2sPC/xf0LV5vDXjbwNHo1tq/hfVtNt/tT2moQaPM9ubae3EhikKo7SRsvIQ5pfsv/ABa/4K3/ALfP7Tv7Unwf8Eftv6Z8L/A/wl+OGpaF4a8UQ/DHS9Y1V4gAIdMijnRIFggRfMeaZZp5WuUUOoQkgH6h15/+1H+1H8Cf2LvgTrv7S/7S/jn/AIRrwT4a+y/23rf9mXV59m+0XUVrD+5tYpZn3TTxJ8qHG7JwoJH54fFv9t/9qDx5/wAFFPiX+xt42/4KveDf2UrL4cWmiW/g2DxB4A0e4vviH9psVmn1RZ9YYW4j8/fGsFr8wwVJBQlvTP8Agqx8dP20P2Fv+CEvj744W/7UGjeLfiv4ZGkPY/E3TfA1hDa38F14ksoEl/s6YXNqGNlceW3DqWzIm07doB+gdFfFX/BSH9r39qWw/aw+Dn/BNf8AYd8SaJ4V8efFi01TWvEXxG1/RV1KPwnoNggLzwWbsqXNzLJujQSEoCmGHz74+R8E/tE/t5/sHf8ABRT4U/sZftpftF6Z8bPAfx80/V4fBHj5vBFnoGq6FrenW4uJLO5hscQTW8sTKEcIr73A4CMWAP0Dor8y/hL8ZP8Agqz+2n/wUC/ar/Zg+FX7Y2lfDPwB8J/Gul22ieKG+HOm6xqlqLiwEi6daxTIkJj3LJNLPc+fJzEkYQFmHXfsc/t8/tq6b8Fv2uPhD8erHTPin8Yv2WLi+XRtV0DQ/wCz18bwvpUl/pnmWcBIhuJTGUdIePnVVBYFmAP0Gor8tf8AgnT8fv2vf24vDfgf4yeEP+C+3w11zxNrENlq3i34Gaf8J9CA0xW2S3Wk7POTU4mjXzIhcOSSyb9pHB/UqgAooooAKKKKACiiigAooooAKKKKAPjP9v39lH4+/Gz/AIKU/sZfH/4Y+Av7T8I/CfxJ4uuvH+rf2paw/wBlQ3umW8Fs3lSyrLPvkRlxCjlcZYKCDX2ZRRQB+b/7IH7BP7WPwu/4JsftrfAHx38KfsPi34t/Ej4nap8PdJ/t2wl/tW01bTlh0+TzY52ig82QFdszxsnVwg5qp+xB8Vv+Cx/7LH7Fnw1/ZOsf+CMNxda14F8E2Gg/8JHr3x/8N2+nTSwQrH9oZLWS4nCZG7YqliOMjqP0rooA+Qf+CYf/AAT++Mv7N3jv4r/tiftj/EHQ/E/xz+OesWl54xm8LRSrpGh2FnEYbHSrEzASPHFGdpkcAvtjBBMe9/r10SRSjqGVhggjIIpaKAPyK/Y8/wCCSP7avw3/AOCiPhb4NfFbwFaQfsm/s/8AxM8WfEL4LamuvWco1G81QQNp2nNaJM1xF/Z8s97MkjxIpcS8kMm77W/bq8b/ALYWm+K4PAvw4/4JkeF/2iPhnqehRPqltqHj/S9Nu7XUhNOHje01WM29xAYvIKuJFYM0gIIxXb+P/j1+0X/w0XrPwF+BHwL8Fa+nh/wVouv6nq/i74k3ejEnUbvVbeOCKG30e+3hP7KdmdnTPnKAvykl3/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5w/4I2/sH/HX9lz4w/Hv9oH4ifArwx8EvC3xc1rR7nwj8A/B/iCPUrPwybO2khuLt5LdEtUmumZXKW42KFAJIVAPpv9uv8AY9+HH7fX7JPjj9kT4rXM9to3jXSPsrX9qgaWxuY5EntrpFPDNFPFFKFPDbMHgmqf/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfNPwb+NH/Bcb9ln4caZ+z/8AFH/gnT4f+PN/4ZsY9O034reDPjPpmiQa5bxKEhnvbPU0We3uCiqZWjEqs5YquMZwf+Co/wCzH/wU0/b2/wCCKfxH+B3jb4N+Dbj4y+LfEWmXeieA/A/iWP7JYadBq9jOtu99qDQRy3CQwyvJJlUZsiMY2ivrT/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegDwW1/b8/4LEy3McVz/AMECNbijaQCSU/tLeE22KTy2A+TjritT9lP9lH4+/Db/AILKftW/tWeNfAX2LwD8SvDfgm18Fa9/alrJ/aM1hpvk3a+RHK00PlyfLmVEDdVLDmvZv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDxn/gh3+yj8ff2Pv2W/Gvw5/aL8Bf8I7rOr/GzxPr+n2f9qWt35unXdwj282+1lkRd6gnYxDr/Eor7Mrxn/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegCt+2T8Sf27/ha3hjxL+xj+zR4S+KtiJbtPGnhnW/G39g6iVIh+zSWNzLG9ucHz/MSUDP7vaw+avj39pL4Cf8FLP+CtXxa+DHgz4/8A7EOjfs/fDT4V/FnTPHuu69rXxM0/xBrerzWAkEdjYxaaGS3WTzWDySOP4WAzHsk+y/8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APm74x/s1/tzfsZ/8ABRrx9/wUD/YZ+B+jfGHw18bfD2j2PxU+GN14wt9B1S21PSoWtrLUrG6ux9meP7OzI8MjIxZiQTuyvW/HD4DftN/8FY/+Cefxd/Zf/bA/Z1sfgXeeMrRLTwlYr42t/EU8UkDw3dteXb2iLEoF3DHmKNnJRD8+WGPZP+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD4n+NWg/8F0f2uP2MLj/gm747/Yq8H+CtR8TeH4fCvjz9oCT4q2N/o82m7VivL200uJBema4hDgRSKgQyn5hwV9V/aD/YA+KOk/tO/sFQ/ADwRLqnw+/Z1m1fTvE2rT6pawvpmnDQIdPsnaOWRJJy7RBSIUcg8kAc19B/8Jx/wUL/AOjX/gz/AOH41b/5l6P+E4/4KF/9Gv8AwZ/8Pxq3/wAy9AHkP/BXH/gn58Qf2wrH4WfHP4EaP4O1n4i/BHxfLrfh/wAK/EK283RPEtlcQiG+0u5Ox/KMsaRmOUqwR4xkDdvThfgjoX7UXiz4s+FtO1//AIN8/hF8LNPg1y1l1/xxqvj7w3fnTrdJVaSaxg060aeacAZiL+SAwBbGK+mP+E4/4KF/9Gv/AAZ/8Pxq3/zL0f8ACcf8FC/+jX/gz/4fjVv/AJl6APBP2zNa/bM+IXjPxF8KPHf/AAQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV1//BFf9iz41/sFfsMad8B/jxrGmnWH8T6rrFr4c0PUZryw8L2d3cGWHSbaeYBpY4QSS2Mb5HwWADt6Z/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AHkv/BV/9iz4/ftBah8Hf2qP2QLjRJfix8APHL+IPDWg+JLs29j4hsbiIQ6hpjzhT9neaJUCSkFVKkHbu3r5R47+Bv8AwUZ/4Kh/tN/BDVv2sv2RtN+Afwn+CPxBtfH99pd58RrDxFqvinX7NWFhFD/Z4MdvbRO8hdpGDOrkBQcY+sf+E4/4KF/9Gv8AwZ/8Pxq3/wAy9H/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6APJfgB+y38dvBP/BZn9oL9q/xP4F+y+APHHw38KaX4X1/+07V/tt3ZpILmPyElM8ewsPmkRVbPyk0fBn9lv47eFP+C1fxo/a31/wL9n+Hviz4P+HNE8P+IP7TtX+1X9rM7Tw+QspnTaCDueNVPYmvWv8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APSfijqHxB0n4Z+ItV+Evh6w1fxXbaFdy+GdJ1S8Nva3uoLC5toJpQCYo3lCKzgHarE9q+Cf2mfin/AMFuP2w/gF4n/ZN8Kf8ABLbw78KLvx/oV14f1r4k+KvjnpWr6Zo9ldxNBczw21jH9qnk8p32ZjXaxUkNjbX1b/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AGT4J+F3xA/4J6f8E8vC/wAFv2YPg/efF/xB8MvBmlaLofhgeILTRZvEDw+TBNMbm7byLYlTLcEMcfKUXkrXw7+wcP8AgsH+zz+2x8dfjr44/wCCOOpJov7QHj/RNTuZF+PPhdj4Xtre3NrK7hJ2a7wrmXCKjELtAJINffH/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AfJX/BcXwD/wAFSP2kvF/hH9lf9mP9lnXvFfwB1SwjvvjNqvg34j6LoeseIB50ynw/HJqF1E9tbskcTzTIj+alx5YICSK/u/7AfxK/aZtG039njxj/AMEmb/8AZ8+HfhjwwYvDt+PiX4e1a0iaJ4kisUttNneVSyNI/msNuY23Hc4z33/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6P+E4/4KF/9Gv/AAZ/8Pxq3/zL0AfHPxR/4JRfGP8A4K1fGz4mfGv/AIKU6NrHw/0PRbK58M/s0+CtK8SW8934WXdHKfFk0ljPJCb+aaOIpF5hEccZjcNhGr3b9nL4g/8ABVrwX+wXqOm/Gv8AZn0TxR8efAeox6RpwufG1laaX8RrKG6iT+1ormFpWsJJrQyuUuIkYTpkxqr7V9Q/4Tj/AIKF/wDRr/wZ/wDD8at/8y9H/Ccf8FC/+jX/AIM/+H41b/5l6APjP9tXwR/wV0/4K0/BWb9hXxl+wVo/7PPgLxfqNiPiN8QvEfxY0zxDdLptvdxXLwadaacCWmdoUAebYuMqQu7ev2p+0x4/+P37N/wS0ib9kT9kG7+Mmr2d7a6Yng+18c6foL21gsEgN0brUCI3CGOJPLHzt5u4cK1V/wDhOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA+JP+CLHh7/gqj+yHNrXwA+P3/BLG/0Pwz4++Mmv+LtV+IA+M3h26j0C31FhKsTWVtPJNclGjVCUwTvztABqn/wVh+EX/BUH9rj9tbS/hXqf/BPzW/iV+yd4Kaz1I+GfC/xV8P6MfiJqwihnX+0/tt3HMljbTM8YtfLAleDzCzB49n3P/wAJx/wUL/6Nf+DP/h+NW/8AmXo/4Tj/AIKF/wDRr/wZ/wDD8at/8y9AFP8AYw+NX7UHxRtNW8P/ALQP/BPbUfgPp+g2lnD4ahu/HuiazFqKESK8USaXK4tlhWOIYcKCJQF+6cekfG/WPi94f+E2va38A/Bmk+IvGNrYNL4f0LXNUaytL+4BBEMk6qxhDDI37SAcEgiuD/4Tj/goX/0a/wDBn/w/Grf/ADL0f8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXoA/Pz9qn9i79tn/AIKL+P8AwHLF/wAEhvA37N/jLQfiJpXiHVf2hB8TNF1DVLCC1nEs0dp/ZUS3V3JKMhRceXHkDcFJDp6x8e/2av22v2dP+CtXij/gof8AAb9jPQv2g9B8ffDrS/D0OnzeN9P0TWPBVxZsd5t31EeU1tPkO4jYOXJJA2DzPqv/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5f/AOCbn7Ln/BQfwr/wVI/aC/bU/bV+GehaDYfFLwX4ch8PReG/EUF/aacbUOn9mBtyzyyQRCPzZ3hijkleQx5TBr0b/gh/+y38dv2QP2IpvhB+0V4F/wCEd8RN8SPE2qLp39p2t3m0u9Slmt5PMtZZI/njZW27ty5wwB4r1r/hOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA8Z/4Iifso/H39kL/glV4V/Zt/aJ8Bf8I9410288SPe6L/alrd+Wt1q99cQHzraWSI7opo24c43YbBBA+DP2u/2VPjz+yl/waUeFf2Vv2gfDLeEfHeh+KNKttWsF1C2vTYSXHjJp4XEtrLJFJ+7mif5JDjOCQQQP1Z/4Tj/goX/0a/8ABn/w/Grf/MvXn/7TXwU/aV/bG+E1x8Df2jv2Jfgz4j8LXeoWd9caX/w0X4gs989rOlxA/mWvhuOQbZY0bAbBxgggkUAfOf7Z3wz/AOCyX/BRb4A/8O3vid+yV4S+HuheJruwsvij8fLH4lWd/YXum21xFNcS6XpaxreRy3JhBWOdFWMOYyxz5q+x/tE/sbfF/Wf+Cpv7G/xv+FHw88/4bfBvwx430zxVq39q2yf2St5o8Fpp6eTJKs0+94ymYkfbjL7RzXtP/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfG3xN/YB/aB/ZI/bW+K/7RnwK/4J9fDf9pzwB8a9ag8Qan4X8Q6rpemeIPCmtCIR3T29xqkTW9zaTkCTZvR1c4AAXMnuv7MNn+1x4d+GHxK+Iejf8EtPhN8FfFi6Vbr8P/CGm+MbGefX7hBM0iald6daJDbR7vJEewzYLSM3QA+qf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB+fH7YX7GP7cH/BSXX/CWmL/AMEgPAv7O3jnTPHel65fftFn4naLqGpaRHa3KzTfYzpcS3l1JIAQon8tM4LBTh0/W2vGf+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDyX4Afst/HbwT/wAFmf2gv2r/ABP4F+y+APHHw38KaX4X1/8AtO1f7bd2aSC5j8hJTPHsLD5pEVWz8pNeV+FvgV/wUT/4Jk/tafHDxt+yT+yZpvx7+FXx18bSeOY9GtPiJYeHdW8L+IbhAL8SnUAIrm2mdUZWjbegUDaSDu+rv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD5Z/Zu/4J4/tY6F+zf+1/8c/2iNL0ST46ftT6PqTy+DfDeqJLZaLBDpFzY6PpIu5fLSWVFnKPOSsZLDnClz9Kf8Evfgz8Sv2df+CdfwV+BPxj8N/2P4q8JfDfStL8Q6V9shuPsl3DbokkfmwO8cmGBG5GZT2JrS/4Tj/goX/0a/8ABn/w/Grf/MvR/wAJx/wUL/6Nf+DP/h+NW/8AmXoA6P8Aa1/Z48Oftb/swfED9mHxZqUllp/j3whf6HcX8MYd7T7TA8azqpIDNGzK4BOCVANfn3pXhD/gubbf8E8NR/4Jg3n7Fvg9dW0z4bXHgey+PUPxTsX0zUdLjsmtI7iDTCq3YvZLYLEqzeVEJmEryIuVH3D/AMJx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB8RfFT/gnX+2P4k/4IW/s6fscaL8HvO+JHgTxJ4KuvFfhz/hINOX7DDYXolu2+0NcCCXy0GcRyMW6KGPFfQn7Zf7Lnx2+K//AAVi/Yv/AGl/AHgb7f4J+E3/AAsX/hYGt/2naxf2V/amhQWtj+5klWafzZkZP3KSbMZfauDXrP8AwnH/AAUL/wCjX/gz/wCH41b/AOZej/hOP+Chf/Rr/wAGf/D8at/8y9AHkv7TP7Lfx2+IP/BYf9mP9qfwh4F+1+A/h54P8aWPjDXf7TtY/wCz57+zijtE8h5RNLvdWGY0cLjLFRzXnP7dH/BP742+G/2+h/wUg/Zs/ZX+Hnx4i8ReBYPC3xF+EXj27tLK4lNtN5lrqmmXl5FJBHOqHyZI5dqsijBJbKfUH/Ccf8FC/wDo1/4M/wDh+NW/+Zej/hOP+Chf/Rr/AMGf/D8at/8AMvQB5T+wtoHx11P403Pij4k/8Eg/hr+zvoNn4fnWz1yw8VaNqevXl88sIWFV0q3EcNv5Xnl2M7MWEYC4yaj/AOCLn7Lfx2/ZM/Z6+Ifgb9oHwL/YGqa78ePFniLSrX+07W78/Tb27WS2n3W0sirvUE7GIdf4lBr1r/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD4b8N/sBftIf8ABPj4wfErRPhV/wAEvPhj+1F8MvH/AI+1Dxd4Y1C91zRdJ8ReFpb5lkn0y4OrRGO6tUkBMLxybwrNuBJ2r618R/2dv2nPjr/wSp/aF+Elv/wT7+H/AMHfHXj7wlqul+EPh34G8SadcPfh7ERwG9vI4bW1WdpnlUDcURNuZOTX0V/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AeY/F79mX43+KP8Agh5rP7H2heCfP+It1+zGfCdv4d/tK2XdrH9gi0+zfaGkEA/f/J5hk8vvu28147+1P+wb+134o/4JvfsdaR8I/hlp2sfFD9mnxR8PfFmsfD7UfEdvZjVpNH0z7NeabHe5e3SXe5CyljHiNiC2Vz9Yf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQBufsr/Fj4+fGP4cXHir9o39lPUfg9r0WrS20PhbU/F2m61JNbLHGy3QuNOkeIKzPIgQkOPKJIAZc+df8Fav2NtU/bv8A2APiF+z94O/d+LptMXVvAF2s6wvba/YyLdWLJKxAh3TRLE0mRtSV+2a6n/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD5+/4Ix/sr/tf+B9W+Mf7bP/BRfwBZ+HPjb8Z/FVmuo6LZ6raX0el6HplnHbWFuktrLLENxM8jBG5zGWAYEDzP/gvD4O/4KcfthfDvV/2N/wBmT/gmje+KvDFr4q8Pa3pvxPHxc8P2MV/9klgu5oRYXc0c8REgeDcxwSm8AqRX2b/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AZv7PXir41ftjfB7xP4T/b//AOCd9n8NrK6uhYt4H8V+LtH8W2mvWRRXaSUWgeEJv+XypASSucYxXZfBT9jz9kj9muTVJv2c/wBlr4c+AH1yGOHWn8FeCLDSjqEabtiTm1hTzVXe+A2QN7Y6muf/AOE4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD88v2GP8Agkr+2z8Lv+CgnhL4TfG3wLaw/ss/s3+NvGHi/wCA+pjX7Oc6pcatJCbCzltUmaeM2PnXkqyyRoPMDYyGXP0J/wAFK/8Agn58X/Gv7YfgH/go9+zb8DPAPxa8ReFfBl14O8Z/CX4jSwQW/iHRJLk3UL2V1cRSw2t7BcPIwaVdrJIRuXBD/RP/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AeJfsd6F+0Hr3x80jW/G3/AARP+GHwC0HTba5lu/GB8YaDqWsiZoWSOOzi0m2IQMzEPI8y/u2YBcnFaf8AwSy/Zb+O37OPxY/ar8TfGfwL/Y1j8Sf2kNX8U+Cp/wC07W4/tHSZoLdIrnEErmHcyMPLlCSDHKjIr1r/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegDwT9szWv2zPiF4z8RfCjx3/wQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV83/EL/gkT+3D4b/4Nt/iL/wTw0Dw7pviX4neKPE9vrHhrwFofiWMWGgWb+JbDUP7JtrzUJIkaO3ghmkLOyguzqpclS/6F/8ACcf8FC/+jX/gz/4fjVv/AJl66T9l/wCMvif48fCT/hPPGngew8OavbeKPEGhanpGl64+pW0U+laze6W7xXMlvbNKkjWZkG6GMgSbSDjJAPmz/gpB+yF+1LfftYfBv/gpT+w94a0XxV48+E9pqmi+Ivhzr+tLpkfizQb9AHggvHVktrmKTdIhkAQl8sfk2Scj4J/Z2/by/bx/4KKfCn9s39tH9nPTfgl4E+Aen6vN4J8At43s9f1bXtb1GBbeS8uZrHMENvFEqlEDs+9AeQ7Bf0DooA+P/wDgnn+y38dvgZ+27+198X/in4F/svw78UfiRo+qeBdR/tO1n/tO0g03yZZPLhleSHbJ8u2VUY9QCOa5z9mf9m39sX9n39rf9uX9ojQPg/plxN8StY0DUvg9HrXiK3jtPEM1lozwOkzQPJLZp5+2MtLGpwdyqwGa+46KAPyP/bZ/Y0/bo/4KYroXhX/hz14E/Z98fweMdM1af9pBvihouoajoK210k8stk2mwre3UjqhVVmEaZYE4IDr+uFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRX5wf8Fev2Rv2N/ht8MdZ8TfCH4TXMv7U3xb8RSwfBbXND1y7Pid/EssomF1b3LTGS0sLQHz5wClrFBGUKgMikA/R+ivib/gpD+zT+z5P4NtvjT8aP8AgmL4i/aU8ey+GPsF5f8AgyK1+0ae1vDkSRm4vYZbQPI7lXsYpZwQTsJC59R/4JLatrOt/wDBNb4L6l4i+O8XxMv38CWi3vjaKWd/7RlUFWDNcok7PEQYWaZElLQsZFV9wAB0Xgf/AJSF/FD/ALIz4D/9O3i+vZq+ePgF8TvDfxR/b9+L+oeGtN8Q20enfCvwPY3C+IvCOo6O7ypqvi4lokv4IWni+YYmjDRMchXJU4+h6ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAor5w/bY/bY8Vfs2eKtJ8D+B/Cmn3l7eaeL66utVWRoliMjxqiLG6HdmNiSTgDHBzx6/8A/itH8b/AIQ6J8UY9JaxOq27tLaM27y5EkeJwD3XchIPoRXzeB4tyLMeIMRktCo3iKCvNcrS6XtLZtc0b22ut9bfRY3hXO8vyHD5zXppYeu7QfMm+trx3V+WVu9ntpfsKKKK+kPnQooooAKKKKACiiigAooooAK8Z/YP/wCSIa5/2Wb4j/8Aqa63Xs1eM/sH/wDJENc/7LN8R/8A1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr4lm/wCCbn7cWjfto+Pf20vBX7fXgGfXfFYOneHF8a/AO41abwloCuXi0eylj8QW0aRZw8siwo9xKN8mcKq/bVFAHz98WvgN/wAFBvFniSa8+E3/AAUD8PeEtIvdMt4LrTrr4KQalPZ3Kwqk1xZTtqEYi8yQNKEuI7kIW25ZQBXc/sh/sv8AgD9jD9m/wp+zJ8ML/UrzR/Cti8MV/rFwJbu9mlmkuLi5mZVVTJLPLLK21VUFyAAABXpFFAHjPgf/AJSF/FD/ALIz4D/9O3i+vZq8Z8D/APKQv4of9kZ8B/8Ap28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFc58Vvi38N/gd4FvfiX8WPF1roeh6eoN1f3ZOAScKqqoLOxPAVQWPYGrhTnVmoQTbeiS1bfkiKlSnSg5zaSWrb0SXds6OiuJ+BH7RvwT/aa8IP47+BnxAtfEGmRXBgnmgikikhkAztkilVJIzggjcoyORkV21OrSq0Kjp1YuMlumrNeqYqNajiKSqUpKUXqmmmn6NaBRRRWZofP37XHw+8G/FD48fCHwH4v0GK8t9SvtWN2hZkeSCG2SUpvQhgu7BwDXu2haFo3hjRrbw94e0yGzsbOFYrW1t4wqRIBgKAK8j+I3/Ez/AG3PhxY9f7L8M6xeY9PMVYc/pXs9fI8PYbDPO81xigueVZQ5rLmahRpaXte3NJu199dz6vP8TiFk2WYRzfJGi58t3ZOdarra9r8qSvbbTYKKKK+uPlAooooAKKKKACiiigAooooAK8Z/YP8A+SIa5/2Wb4j/APqa63Xs1eM/sH/8kQ1z/ss3xH/9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP8A8pC/ih/2RnwH/wCnbxfXs1eM+B/+UhfxQ/7Iz4D/APTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK+cf+Cp/j74+fDf9ky+8R/s+S39vqA1WCPWtR0tT9psdOKSmSaNl+ZCJBCpccqrscjGR5j/AMEVP2gvjb8avAHjXQ/i/wCO7vxBFoF/Zf2Re6tfG4vR56zGVJHcmRkHlxlS2eWcA4GB49TOaNPOYZc4S5pR5lL7Ozdu/Tfo9DwKvEGHo8QwymVOXPOPMpacuzdu70Tu1onZH25RRRXsHvhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8m/8Fq/h1ofjv8AYN1zWda16WxfwtrFjq1gsabhdXBc2iwMPRhdN06MFPQGvrKvl/8A4KR/8V/rvwV/Zph+f/hN/irZ3OqQdfN0zTlNzdLj8YzntivZ4flOnnVCpF25JczflFSlL8E18zxOI4wqZHXpSV+ePKl5ycYx/wDJmn8il/wSo/YF8WfsP/DvxBd/EPxXa3+v+MJbOa9stOLm3sY4Fl8tAzqrNITO+87QOFAzjJ+raKK48wx+JzTGTxWId5y30t5Ky8krHbluXYXKsDDCYdWhBWV3d922+7bbCiiiuI7jxc/8TT/goEB1TS/hTn6SSah/8TXtFeMfDz/iZ/tu/EW+6/2X4X0izz6eYGmx+lez18xwt79HF1f58TXf3TjD/wBsPpeJ/drYSl/LhqC++Mp/+3hRRRX0580FFFFABRRRQAUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzv4x/4Kt/sC/D74iah8MvGnx5Om3mka+dE1jV7rwrqq6Lp2oiXyTa3GrfZfsFvIJDsKyTrhuDzX0RXxV/wU68e3/wC1pa61/wAEhP2bLK11Txj8QtCWP4p6/JAJbD4d+GLlsTX112a/uE8xLO1yHdz57FI49zAHrvx3/wCCmH7Fn7Nfj7Ufhn8X/ivfWWr6JaRXWvx6Z4M1jU4NHgkj8xJb24srSaGyQoQ+6d0G05zjmvaPCfizwv488Lab448EeIrLV9G1iwivdJ1XTbpZ7e8tpUDxzRSISro6MGVgSCCCK+dP21v2nZP2b/BWgfsifs0+EofGnxq8faQ+mfDvwdeSeZFBbxxLBLrerPg+Tp1su1pZGGZmCwxhnf5fSP2IP2Y9O/Yv/ZD+HP7Kml+JZtZj8B+ErPSH1adNrXksUYEkoXJ2KzliqZO1SFycZoAzPA//ACkL+KH/AGRnwH/6dvF9ezV88fALUvivqf7fvxfk+LPgvw9olzH8K/A6aZF4d8Tz6olxZjVfF2yaV5rK0MMpO4GJVkVQARI2SB9D0AFFFeR/teftrfBH9ifwbY+MPjFdahK2q3LQaVpOjWyTXd4yAGQoruiBUDLuZmAG5RySBW+Gw2IxleNGhFynLZLdmGJxWHwVCVevNRhHVt6JHrlFcD+zV+0r8K/2sfhXa/F/4QapPPpk87288F5CI7izuEALwSoCQrgMp4JBDKQSCDXfVNajVw9WVKrFxlF2ae6fYqhXo4mjGrSkpRkrprVNPqgooorI1CiiigAooooAKKKKACiiigAooooAKKKKACiiigAr5i/bB8L+IP2cPinp37fnws0ma5i0+BNN+K2iWi86noxIAuwvea3ODn+4oyQqNn6dqK/sLHVbGfS9Ts4ri2uYWiuLeZAySowIZWB4IIJBB6g1yY3CrF0ORO0lrF/yyWz/AEa6ptdThzDBLHYZwT5ZJqUZdYyWqf6NdYuSe5V8K+KfD/jfwzp/jHwnq0N/pmqWcd1p97btlJoZFDI4PoQQav18sfs5399+xf8AtB3H7Fvi68lPgrxTJPqvwg1O5clYCW33OkMx/iRmLpnkhuSTIqj6npYHFPFUbzVpxdpLtJb/ACe8X1TXmTluNeNw95rlqRfLOP8ALJb/ACekovrFp9wooorsPQCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvl/Uv+Lrf8FaNNs/9ZYfCj4VzXW7r5Op6nP5W32zajOfavqCvl/8A4J8f8XE+LXx+/aTl+dfEnxNbQ9NnPPm2Okwi3hdf9lt7fitevln7rDYrEdocq9aklH/0lSPGzT99isLh/wCapzP0pxcv/SnA+oKKKK8g9kKKKy/G/im18DeC9X8a3trJPDo+l3F9NDD9+RYo2kKr7kLgVnVq06FKVWo7Rim2+ySbb+STfyNKVKpXqxpwV5SaSXdtpJfNtL5nln7Pf/Ex/aR+NPiHr5ms6VZhv+uFmVx/49Xs9fFv7CP7V2oeLP2gPEHgzWPCsMY8eavdarFcW8jFrSVIWfymzwyeXGQDgHd7Hj7Sr4jw5znLs84ceIwk+Ze1rc2jVpSqzqde8Zwfz7po+08Qcnx+S8Qqhi48r9lR5dU7qNKEOn96El8uzQUUUV92fDhRRRQAUUUUAFFFFABRRRQAV4z+wf8A8kQ1z/ss3xH/APU11uvZq8Z/YP8A+SIa5/2Wb4j/APqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzFq3/AAR5/YM1X4keLfi3b+C/H2k6/wCO9fm1vxbd+Gfjn4v0mPUr+U5ed4bLVYogcYUBUCqoCqAoAH07RQB83fEX/gkt+w58Uvi/d/H3xR4L8bQeMb/QrLRr/wAQaB8Z/FWkz3NjaRiO3hk+w6nCHChcksCWcs7FnZmPuPws+GXhT4N/D/S/hj4HOqHSdHgMNkda8QXmq3W0sW/eXd7LLcTHLH5pJGOMDOAAOgooA8Z8D/8AKQv4of8AZGfAf/p28X17NXjPgf8A5SF/FD/sjPgP/wBO3i+vZqACvn3/AIKB/wDBPzwb+3t4N0TRtZ8a3PhzWPDlzNJo+sQWQukRJhGJo3hLpvDeVGQQ6kFB2JB+gqK6sHjMTl+JjiMPLlnHZ/h102OXG4LC5jhZYbEx5oS3X49Ndz45/wCCVOkaV+zC3jT9gjxrYix8aeHNdm1xbsuRF4k064EccWoQBidoVY4o3QE7CFyS28D7Gr5//bs/Z68aeOdJ0b9or9n9Fg+Kfw1ma/8ADbKP+Qta4/0jTJcY3pKm4KD0Y4BUOxr0L9mb9obwV+1F8GdI+MXgdmjhv4il/p8zfvtOvE4mtZRwQ6NkdBuBVhwwr0s2bzGP9px1c3aov5alt/8ADNK8ezUo9EeXlCWWy/suWigr03/NTvt/ig3yy7pxl1Z31FFFeGe8FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB5j+1t+znYftL/AAiuPB9vqJ0zxBp1wmp+ENejJWTTNTh+aGZWHIGflbHO1iRyARn/ALGn7Rl9+0B8M5rXxzpw0zx14TvW0fx3ojAK1tfx5UyKv/POUAupHH3lBO0mvXq+X/2uPDuufswfF+w/b5+GmlTT6fHDHpfxc0WzTJv9KJCx36qOs1udvPUoACVUOT5ONTwVdY2Hw7VF3j0l6wvr3g2uiPDzFPL8Ssxgvdso1V3h0n60769XByX2UfUFFUvDfiLQ/F/h+x8V+GNUhvtN1K0jurC8t33RzwyKGR1PcFSD+NXa9VNSV1se3GSkk07phRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBynx1+I1v8H/AIK+LfircsoXw54bvdRAbozQwO6r7ksoAHcmvNf+CaPw5uPhj+w58PNH1BW+26lov9s30kn33lvpGuyX77gJlXn+7iue/wCCr2sahcfsqJ8INCuTFqfxL8Y6P4U09k+9uuLpXcAd8xwup9mr6N0XSNP8P6PaaDpNuIbWxto7e2iXokaKFVfwAAr15fuMiiutWo38qcVFf+TTf3HjQ/f5/J9KVNL51JOT/wDJYL7yzRRRXkHshXP/ABX8V2fgb4Y+IfGN/HG8WmaLc3LRSqCsmyJiEIPXcQBjvmugrxn9ua9ub74PWXwx02Zku/G/ifT9EhKfeVZJg7t9NsZBPo1eNxFjp5ZkOJxUNZRhLlXeTXLBfOc4I9jh/AwzLPMNhp6RlOPM+0U+ab+UIyZV/Yl/Z0+H/wAMfhR4f8fxeFIU8Uazokc+o6nIztIVm/ehAGJWPCsikIFzt5ya9wqKys7bTrOHT7KERwwRLHDGvRVUYAH0AqWryLJ8HkOU0cDhoKMYRSdkleSSUpO27k0229XfVkZ3m+LzzNauNxM3KU5N6tuybbjFX2UU0kloraIKKKK9Y8oKKKKACiiigAooooAKKKKACvGf2D/+SIa5/wBlm+I//qa63Xs1eM/sH/8AJENc/wCyzfEf/wBTXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/ykL+KH/ZGfAf8A6dvF9ezV4z4H/wCUhfxQ/wCyM+A//Tt4vr2agAooooAK+Q/ipFL/AME8v2oD+0RpEbRfCL4o6nFa/Ea0jH7rw/rLnbDqwA+5FKTtlPqSTkmNR9eVi/EX4e+EPix4E1b4bePtGi1DRtbsZLTUbOUcSRuMHB6qw6hhypAIwQK9DLsZHCVmqq5qc1yzXePdf3ov3ovo12bPOzLBSxlFOk+WrB80Jdpdn/dkrxkuqfdI2IZoriJZ4JVdHUMjo2QwPIII6inV8t/sSfELxf8AAr4h6l/wTy+Oesy3eqeGrQ3nw08Q3ZwfEHh/JCJnoZ7cAoyj+FDgERlj9SVnjsHLA4h02+aLs4yW0ovVSXqt10aaeqNMvxscfhlUS5ZK6lF7xktJRfo9n1TTWjCiiiuM7QooooAKKKKACiiigAooooAKKKKACiiigAooooAKg1TS9N1zTLnRdYsYrq0vIHguraeMMk0bqVZGU8EEEgg9QanopNJqzE0mrM+Wf2ZdU1L9jv49XX7D3ja/lfwnrpn1b4O6tdyE/udxe40lnPV4mJZM8lSSfvoo+pq8s/a9/Zyg/aS+E0nh3SdT/svxRo10mq+C9fjO2TTtTh+aJww5CsRtbrw2cZUVB+xz+0bP+0R8LWuPFmmf2V408N3j6R450Jxtey1GL5XIXtHJjep5HJXJKmvJwbeBxH1KXwu7pvy6w9YX07wa/lPDwDeW4r+z5/A7ypP+79qn6wvePem1/IetUUUV657oUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5Gf8ABWn4aftXfFX/AIKLr4Q+Glnr3iOS30HTtT8H6b4e8yVtGtztikmfy+LY/a45GMrFQA8eW+7j9UfhDp3jnSPhP4X0n4n6kl54ltfDtlD4ivI2BWe+WBFnkBGMhpA5z718/fsHf8Xh+P3xx/a3uP3ltrHi9fC3heU8r/Z2loI2kjP9yWRtx/2kNfUdfU8RZlOrh8PlrhFewjFNpauTinJP0ur95Xb1PkuGssp0sRiczjOT+sSk0m7pRUmotebs7do2S0Ciiivlj60K8V+Jv/Fd/tmfD/wOp32/hXRL7xFfRjoWkxbQE+6uCR9a9qrxX9n3/it/2ifiv8VW+eC11S28N6a/ZBaR5nUH3kZTXy/Ev+01cDgP+ftaLf8Agop1pfK8aa+Z9Nw5/s9LG47/AJ9UZJf46zVGPztKo/ke1UUUV9QfMhRRRQAUUUUAFFFFABRRRQAUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFYnxMl+I0Hw38QT/B+z0e48Wpod23ha38RTSx6fLqIhf7Mt08IMiwGXYHKAsELFQTgUAbdFfA2rf8Edfjx+1JcP4i/4KH/8FS/jB4k1KdRLJ4I+D+rr4P8AC9grZIiW2hWSe6CEMqzzS+YwBLDOQILf/gh9f/s6qvi39h//AIKkftA/C3WIpo0tbTxT4vj8UeHZ5XcIi3GmX6BZizMqLiRW+bA5IoA/QCvk79pr9vn9rL9lrRfGfxu8df8ABPiSf4Q+A7m5m1zxTZ/FGzbW5dJgciXVbfSRbmN4RGGm8uS7jm2D/Vhvlr3n9nCL9oq3+C+i2v7WF14SuPH8AuItfu/AyXCaXdbbiVYJ4Uuf3kZktxC7xksEkd1VmVQx/O/9uf8A4KRfsZ/tkftO+I/+CdnxZ/bA8DfDT4NfD7WUtvjhe+JPFUGnal431CCUMfDVlHI6yR2KOgF7dYBlwbeI4MklAH01+2x/wUT+M/7KWt+CfEvgr9jg+Nvhj4r1zw1pl58SZPiHaabHZTazqUdjEsViYZrm4aMTQynKxIVkAD5DY+rq/On/AILuftn/ALIPw6/Zz+H3ws8R/H/wjpWsaj8TPh74p0fRZdTjSSfQYPElnK9/Eg62yRW8zbxwFib0r7u+DPxq+E37RPwz0v4y/Az4g6X4q8K60kraTr+i3QmtbsRyvC5Rxw22SN0PupHagDgfA/8AykL+KH/ZGfAf/p28X17NXzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPoegAooooAKKKKAPEv24f2Z9b+PPgGw8YfCrUV0r4leBb3+1/AOtAhStyuC9rITwYZ1UIwPy52kggEHc/ZD/AGmNE/an+Ddr4/t9ObS9bs5307xb4emBE2kapD8s9u6nkAH5lzyVZc4OQPUa+Sf2mNJ1T9hz9oWP9ufwHp80ngbxRJBpvxp0WzjLCEFtlvrSIOrxs22THJDdMyMw9vBNZlhvqM/jV3Sfm9ZU/SW8e01b7Z4WOTyzFf2hD+HKyqryWkanrDaXeDv9g+tqKr6Rq2l6/pVrruiahDd2V7bpPZ3dvIHjmidQyOrDhlIIII6g1YrxWmnZnuJpq6CiiikMKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvlz9q3QtY/ZR+NVl+3l8PNNmm0S5SHSvjBo1nGWNzYFgsOpKg6ywHAJ6lMD5RvNfUdVta0bSfEej3fh/XtOhvLG+tnt7y0uIw0c0TqVdGB4KlSQR6GuTG4X63Q5U7STvF9pLZ+nRrqm0cGY4L69h+WL5ZxalCX8sls/TpJdYtoboWuaP4n0Sz8SeHtShvLDULWO5sru3cNHPE6hkdSOoKkEH3q3Xy5+yzrOrfskfG+8/YS8fajNL4e1BZtV+DusXkhYzWe4vPpbOessBJZR1K5PAKLX1HSwWK+t0OaStJO0l2kt16dU+qaYZdjfr2H5pLlnFuM4/yyW69OsX1i0+4UUUV2HeFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFeZftmfGhf2ev2WvHPxejuRFdaToE39mOT/wAvsuIbYf8Af6SOvTa+XP8AgoH/AMXd+L3wT/ZCtv3kPinxt/b/AImhXkHStLTz3jk9FkcgA/3o8V6OUUKeIzGnGp8CfNL/AAwTlL71G3zPMzjEVMNltSVP42uWP+KbUI/c5X+R6b+w98F2/Z9/ZN8C/Cu5tjFe2OgxTasjDkXs+Z7gH1xLK457AV6tRRXJia9TFYidafxSbb9W2/1OzDYenhMNChT+GCUV6JJfoFFFFYm5neLvEdl4P8Kan4t1I4t9L0+a7n5x8kaF2/RTXm37EPhy90T9nLRdX1cZ1DxDJPrV/JjHmPcytIrfjH5dcF/wU2+LvjP4e/CnT/BvhizC2nit7i11XUDHnyokVD5I7AyBm567UbHqOv8A2Cfih4o+Kn7O+n6j4q0mO2k0m5bS7SWGHYlzBDHGEkC9BjcUOOMxnp0r87XEOXYzxOWVe97Shh5Ne6+XmqShKWvlTUUns22k7pn6A8gx+D8Nnmnu+zr14p+8ublhGcY6edRybW6STas0e0UUUV+iH5+FFFFABRRRQAUUUUAFFFfCX7d//BWv4hfsv/tIzfBH4efDLRr+00OK1fXbrWjN5l0ZoY59luY3URgRyKN7B/mz8uBz5+ZZng8pw6rYl2i2lom9X5I8vN85y/I8KsRjJNRbUdE27vyXo36H3bRWH8MvHNl8T/ht4e+JWmWU1tbeIdDtNTt7a4x5kSTwpKqNj+IBwD7ityu6EozgpR2eq9Hr+p6UJxqQU4u6aTXo0mvwaCvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11uqKPZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACmyyxQRNPPIqIilnd2wFA6knsKdWD8VPhn4F+NPww8SfBz4oaEuqeGfFug3mjeItMeeSIXdjdQPBcQl42V0Dxu67lZWGcgg4NAHyR/wUO0b48/s/8Axi0r/gp3+x/rs/i698L+GYtB+Lnwah1JGTxh4WguLi6WawQnCarZvdXUsXeZJHizyEk8y+A/jv4k/wDBbX9oDwn+1Hq+p6x4B/Za+G3iqz1r4XeFbqf7Fq3xN8QWU6y2+r30YbdFpttcRq0Fuf8AXSRiR8gBV+Rvij4F/wCDSPwT491T4cfC/wDYa8a/F3UNDu2tdZn+EFt4q1qztZlPzJ9qW/SGXH96J3Xnr1r2H/gm78Af+DYX49ftMaBp/wCzF+zXe+CvjR4N1S28R+HfCXj688SaVq8NxZyrcxXMMF5dmG6MbxeYY1MmFjYumwE0Afr1RRRQAUUUUAeM+B/+UhfxQ/7Iz4D/APTt4vr2avGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABVLxJ4c0Lxh4evvCfijSYL/TdTtJLXULK5TdHPDIpV0YHqCpIP1q7RTTcWmt0JpSTTV0z5O/ZK8R69+x78cLn/gn58UdVnuNAvUm1P4K6/fSEm6sMlptKdz1mtySVHUpn7oMa19Y15L+2X+zHbftP/CQ6Do+rf2P4t0K8TVvA3iSI7ZdL1OE7onDAZCMRtcc8HOMquK37FH7Tlz+0j8MJ4/GukjR/HnhO9bR/H/h5wFey1CPKs6rn/VS7S6EZH3lBOwmvaxyWY4b6/Be+rKqv7z2n6T69pp/zI8PASeW4n+zpv3Hd0n/AHVvT9YX93vTa/kZ7HRRRXiHuhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeUfth/s5N+0Z8Kv7N8N6n/ZXjDw/eJq3gjXkO17DUofmjO7sj42N1GCGwSop37H37Ry/tH/ChdZ17TP7K8WaFdvpPjbQJBtk0/UoflkXaeQjEb168HbklTXqtfLf7UOkap+yH8dLT9ujwJYTSeGtWEGk/GLSLSMtvtdwS31VUHWSEkK3cqQONztXkYxPA4j67H4dFUX93pP1hfXvBv8AlPCzBPLcUsxh8DtGqv7v2anrC/vd6bf8qPqSiq+kavpev6Ta67omoQ3dle26T2l1byBo5onUMrqw4KkEEEdQasV6yaauj3E01dBRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8ufAH/i+P/BRv4tfHGX97pnw70ez8B+HpTypuCftV+R2DpLhCeu1se1fQXxb+Iuj/CD4W+I/ip4gI+xeHNEutRuVLY3rDE0m0e524HqSK8e/4Jh/DrWPA37H+geJfFoLeIPHVzc+LfEE7LgzXF/IZlcjqD5Pkg57ivYwf+z5ZiMR1lamv+3ven/5LFL/ALePFxv+05rhsP0jzVZf9u+7D/yeTf8A26fQVFFFeOe0FFFFAHh/7R2m6d8Tf2gvhf8ABrVtPgvdOW6vdd1qzuYhJE8cEJSEOjAhlZ2dSCMc17RpWk6VoWnQ6PoemW9naW6BLe1tIVjjiUdFVVACj2FeO/Df/iuP20vH3jJvng8KeH7Dw/Zydi0pNzMB7qw2n617VXynDVOnicTjsyaXNVrTinZX5KPLSir2vbmjUdr2u726n1HEdSph8PgsuTfLTowk1d256vNVbte1+WVNXte2l+gUUUV9WfLhRRRQAUUUUAFFFFABXx5qnwC+D37X/wDwUk8eX/xT8C2utaR8NfCOjaYlvI8kccuozs92sknlsvnFIy0ZR9y4IBXgY+wmZUUu7AADJJPAFfNv/BNBW8Y/D/x1+0RcAs3xI+JWq6pYzEcmwjl+z26e4Xy5APrXkZlTp4rFYfDTScXJzaaurQjp/wCTSX3HhZtRpY3GYXCVIqUXKU5Jq6tTjpdP+/OP3H0hbW1vZ28dnZ26RRRIEiijQKqKBgKAOAAOMU+iivXPd2CvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACvPP2uvhx44+MX7KHxP+EXwx1gad4l8VfDzWtH8Pag0xjFrfXNhNDBLuHK7ZHRs9sZr0OoNU1TTND0y41rWtRgs7Ozgee7u7qZY4oIkUszuzEBVABJJOAASaAPzA/YO/wCC3P8AwTC/Yr/Zf8D/ALGv7ULap+zp4/8Ah34Xs9G8T/DzxZ4C1GDZewRLHcXUU1tbyQ3Ec8qvMJt++XzN7AliaqfGj9uH9mj/AILE/ta/s8eAv+Ccfh3WvH2pfCv41aX4w8Y/GSDwjeafpfhbRLNZGvdPN7dxRPJJeqyQi3QFJPvEnyxj9BfE3xp/Y48aW8dr4x+LPwz1aKJt0Uep69p86ofUB3IFeVftUf8ABRz4JfsrWvwj8N/CFvB/jCT4jfG3w18PxpGg+K7aI6TBqtw0LX6xwLJ5ghIB8vCBiwG9aAPqGiiigAooooA8Z8D/APKQv4of9kZ8B/8Ap28X17NXjPgf/lIX8UP+yM+A/wD07eL69moAKKKKACiiigAooooAK+VP2yfB3ib9l/4uWf8AwUP+DujTXUFnbx6f8YfD1kvOraMCAL5V7z23B3d0UZKqr5+q6ivbKz1Kzm07UbSOe3uImjngmQMkiMMMrKeCCCQQeua7cBjHgsRztc0WmpR6Si91+qfSSTWxw5hgljsPyJ8sk1KMusZLZ/o11i2nuUfBvjHwz8QvCem+OvBesw6jpOr2Ud3p19btlJ4ZFDKw+oPQ8joa06+RvgJe3v7A37SZ/Y+8VXcn/Cs/Ht3Pf/CDU7mQlNMvGbfcaK7HoCzb4snksBlmkO365qswwawdZcj5qclzQl3i+/mneMl0kn0aJy3GvG0H7RctSD5Zx7SXbvFq0ovrFrqnYooorgPQCiiigAooooAKKKKACiiigAorxn9vHwl8WfGn7P11ovwgju5rz7fE+p2dgx866swrh40A5Y7zGSo5IUjnofM/+CY9/wCNfCv/AAlfwh+JE2oadeWi2l7pfh3WIJIZ4Yn8wSyokgBCEmLOOAef4ufisXxhPB8aUMhqYWfJVjdVtoc1pNQWlm/da+JS5rWi1dn2WE4ShjODq2eQxUOelKzo7z5bxTm9bpe8n8Lja95J2R9ZUUUV9qfGhRRRQAVU8QaBovirQr3wx4j0yG90/UbWS2vrO4TdHPC6lXRgeoKkgj3q3RSaUlZiaUk09mfL37Juv61+yv8AGW+/YK+I+pzT6TJHLqvwg1q8fJvNNLFpdOZj1ltzkgdSmThV2A/UNeR/tk/s5XX7Qvwwj/4Q3UhpfjfwveLq/gXXEIV7PUIvmVC3/POTARgcjlWIO0Crf7Iv7Rtr+0p8JIfFGoaadL8S6VcvpfjLQZAVk03U4TtmjKnkKT8y5/hYA8g48rBN4Ku8FP4d6b/u9Y+sL6d4Nfys8TL28uxLy6fw2cqT7x6w9ad9O8HF/ZZ6jRRRXrHuBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfMf8AwVI1O/8AFfwl8Kfsu+Hrp49R+LnjrT9BkMJw8Ngsqz3c/wDuqsaBvZzX0rpemWGi6Zb6NpVqkFraQJDbQRjCxxqoVVHsAAK+VNE8U+GP2mv+CqCXfh3xHYarofwU8BSiGSyu0mRda1GTy5dpUkHbbrsbHKum04PFfWVezmUZYbB4fCtWai5y9aj0+6EY/eeJlco4rG4nFp3TkqcX/dpqz++cpfcFFFFeMe2FNmmit4XuJ5AiIpZ3Y4CgckmnV57+1f41Pw//AGcvGHiWOXZKNFktrZweRLPiBCPcNID+FcWZY2nluXVsZU+GnCU36Ri5fpb5nZl2CqZjmFHCU/iqTjBespKP63+RzP7DkMus/DDWfivdxsJvG/i/UdXBcfMIjMYo1+gEZx9a9orl/gn4LHw6+EPhrwOYtkmmaJbQTjGMyiMeYfxfcfxrqK4eGsFUy7h/C4er8ahFy/xyXPP/AMnnI7uI8bTzDPsTiKfwOcuX/BH3If8AkkIhRRRXtnihRRRQAUUUUAFFFFAHmP7aPxK/4VD+yj4/+IEdx5U9n4YuY7KTONtzMvkQn/v7IlWf2Rvhr/wqD9mLwJ8OZLfyp9N8MWi3qYxi5eMST/8AkV3NeY/8FI/+K30H4a/s5w/P/wALB+Jum2upQf3tOtmNxctjvt2RHFfSdeXS/fZvVn0hGMfnJub/AAUTxqH7/Pa0+lOEIL1k3Ul+Cggooor1D2Qrxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK4D9q74Nf8NF/st/Er9nz7QsX/Cd+ANZ8O+azFQn22xmttxI6Y83Oa7+sP4m+G/E/jL4b+IfCHgnx5c+Fda1XQ7uz0jxPZ2cVxNpF1LC6RXiRTAxyvE7LIEcFWKAMCCaAPz7/AGJP+Dc//gnj4f8A2Svh94e/bC/YR8DXnxO07wzb2njW/stVvJ47y+iXy3uA6TKrGQKJDhQNzkYFWfj/AP8ABvR+x7oXjf4K/FT9gv8AZr8D+BPFHw/+PvhXxZ4j1ebUb5Hn0HT7z7ReW0OTMHmfbEUVgoJXl177+r/tO/8ABdH9kqQ+Gfiz+wD4P/aS0i3Oy1+IPwf8axeH76eIcK93pGoByJ2xlhbyGJSeOOKZpn7cP/Bbf9o6QeGPgL/wSW0T4RpMdr+O/jt8S4Z7Wz9T/Zmmp9qmbHIwyrnAJAyaAPvuvhv/AIKN65+3T+xv8CPiX+3Pof8AwUFtvsvhCSXVPDPwr1H4aaWui6jAbhVtdGlnCtqEt1PuS3WeK4jzLIpEQHy19Wfs3+BPjF8Nfgvovg74/wDxr/4WJ4xtxcSa74vGgw6Yl7LLcSzBY7WElIYokkWBFyzbIVLMzFmPxD8ZtM/b2+Lv7fV38UP2g/8Agmn4+8c/C34Va7v+BvhTwt498IJpl/fx7l/4SjUUvtYgllusE/ZYHiVbVWL4MzFlAPQdZ+Kv7Zf7Z/7X3xC/Z9+AX7Q0/wADtG+EHgzw7Prc9r4Q07Wb/VfEWsWst6ttP9vjkjSztrdIA6RLHLI87YlQKK9i/wCCbX7UPi79sT9jLwh8c/iPodjpvim4fUdI8W2Wmbvs0eraZqFzpt40IYlliee0kkRSSQjqCSRk+QeIvBf7ZX7Ln7ZHxH/as+AX7I1z8T9F+OXhDw9JrXhi38baVpWoeF/EWl20tqone7mWGa0lt5IFeSB5ZEe2bbHIrAn17/gmz+y94v8A2O/2MfCHwM+I+t2Oo+KYH1HV/Ft7pm77M+ranqFzqV4sJYBmiSe7kjRiASiKSATgAF7wP/ykL+KH/ZGfAf8A6dvF9ezV88fAL4R/Cj4Qft+/F/TfhN8MfD3he21T4V+B9Q1O38O6LBZJeXkmq+Lg9xKsKKJJWCqDI2WIUZPAr6HoAKKKKACiiigAooooAKKKKAPN/wBq39m7wt+1T8GNR+FfiK5eyumZbvQNagyJtK1GLJguoyCCCrcHBBKsy5Gc1yP7DH7SPin4u+E9V+EnxttksPil8O7tdK8baecD7SQP3OoRdN0U6AOCABuzgBSufdq+Yv25vhb41+GXi7Sf2/P2f9Ha58VeCbUweMtDt/l/4STw8TunhYDrLEAZEPJG3oxRFr2cvnDGUXl9V2u702/sz7N9Iz0T6KXLLueJmVOeCrrMaKvZWqJfah3S6yp6yXVx5o9j6dornvhP8UvBPxs+G+jfFf4dawl9ouu2KXVjcL12nqjD+F1YFWU8qykHkV0NeROE6U3Cas07NPdNbo9inUhVgpwd01dNbNPVMKKKKksKKKKACiiigAooooAK8r/aV+D/AIi8Uw6f8XPhO62/jrwkxn0iToNQg582yl/vI4Jxnox6jcTXqlFefmmW4bN8DPC172lazWkoyTvGcX0lGSUovo11TafflmY4nKcbDE0bXV7p6xlFq0oyXWMotxkuz6NJrkvgl8YPDvxv+H9p450BGgdyYdR0+b/W2N0nEkDjggqfUDIIPeutrwX4t6ZqP7MHxQk/aR8H2MsvhXXJUh+IukWyE+SxOE1KNR/EpOHA65J6sWX3PS9U07W9Mt9Z0i9iubS7gWa2uIXDJLGwBVlI6gggg152RZlia/tMBjrLE0bKVtFOL+CrFfyzS1X2KinB7Rv6Gd5dhqHJjsFd4atdxvq4SXx0pP8Amg3o/twcJreVp6KKK+hPACiiigAr5Z/aU03UP2Nvj9bftt+DLGVvB/iJoNK+MOlWsZIRCwS21dUHV42YI+OSDgDLsw+pqo+JvDWg+M/Dl/4R8U6VDfabqdpJa39ncLuSeGRSrow9CCRXHjsK8VRtF2nF3i+0lt8ns11i2uxwZjgnjcPaD5akXzQl/LJbP0esZLrFtdixpupafrGnW+r6TexXNrdQpNbXMEgZJY2AZXVhwQQQQR1BqavmD9kPxLr37M/xa1D9gT4n6rNcWltBJqfwl1u7bJ1HSCSXsmY9Zrc5GOpQEgBVXP0/TwWKWLoczVpLSS/lkt1+qfVNPqPLsasdhudrlmm4yj/LJbr9U+sXF9QooorrO4KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK5X466LN4k+CHjLw7beKv7Ckv/AArqNtHrmSP7OZ7aRRcZXkeXnfxz8tdVXzz/AMFQfiBrXhP9krVPAvg98+IfiLqVp4P8PwhsGWe/k8t145/1Am6d8V25bQnicwpUoOzco69tU2/RJNvyWpw5nXp4XLq1WaulGWnfRpJebbSVtbvTU+Kf+CLP7D/7ROm/Gnw/+15rkA0XwSdJvGs3e/RpNcWWOW3VPKRi6IsmJcyhcmJCoOQR+rlYXwv+H+i/Cj4baB8MPDibbDw9o1tp1p8uCY4YljBPuQuT7k1u13cQ51Wz3MpYmaSS92Nlb3U3a/d66/5Hn8OZHR4fyuOFpttv3pNu/vNK9uyutPvd2wooorxD3grxX9sT/iqrz4d/BuP5v+Em8cW0l7F132VqDNMMf98H8K9qrxW//wCK6/bvsLbG+18C+B5bjd/zzvLyTy8e2YRn8K+X4u/fZXDBLfEVaVL/ALdlNSn/AOU6cr+T8z6bhT9zmc8Y/wDmHp1an/byg4w/8nqRt6eR7VRRRX1B8yFFFFABRRRQAUUUUAFFFVNf13R/C2hXvibxDqMVnp+nWkl1fXc7YSCGNS7ux7AKCT7Ck2krsTaim3sj538Xf8XR/wCConhPQB+8s/hh8OL3WHbqsd9qEotQh/2vJAcewr6Tr4f/AOCff7XHwV+Nn7afxf1i21q5TXPG17aDwpFeWxRbnS9Pt2jAQ5+WQrmVkIBwM8kMB9wV4+SV6OLoVMRTkpc9Sb08mopf+AxT9GeBw7icPjsNWxVKal7SrN6O+zUYr/wGKfpJBRRRXsn0AV4z+wf/AMkQ1z/ss3xH/wDU11uvZq8Z/YP/AOSIa5/2Wb4j/wDqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFfA37cvhn4jftw/wDBTnw1/wAE2dT/AGjPG3w3+GWl/A+X4ieJovhzrZ0vVPFl2+rnTYrF7xQXjtYFTzZET75nQN/CyfPn7Mnxy+LvhH/glD/wTm+KGjfGLxOniDxB8evD3h/XIR4guT/wkem6jc6nbXkF5HvxdokWJx5gbyzbBhgigD9fKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9ezV4z4H/5SF/FD/sjPgP/ANO3i+vZqACiiigAooooAKKKKACiiigApGVWUqwBBGCD3paKAPkLwgx/4J0ftTj4Z3beR8GPi7q7S+F5mOIfC/iF+Xss9I4LjGUHADAAABZGP17XFftDfAfwL+0t8H9a+DPxEtC+n6xbFFnjA820nX5oriMno6OAw7HGDkEg+V/sJfHjx1qg1v8AZM/aIux/ws34bFLe9unJxr+lnAttTiJ5cMpUOeSGILYL7R7mJ/4VMH9bX8Wmkqn96O0anrtGfnyye7Z4OF/4Scb9Tf8ACqNun/dlq5U/TeVPy5or4Uj6Jooorwz3gooooAKKKKACiiigAooooAh1LTrDWNPn0nVbOK4tbqForm3mQMkqMCGVgeCCCQRXhXwq1G//AGWvinH+zt4rvJJPB/iCeSb4earcOT9mkJy+myMe4JyhPXIHJbC+91ynxq+EXhv43fD+88B+I90Xm4lsb6IfvbK5XmOeM9Qyn3GQSOhNfPZ7lmJxHs8dgbLE0buF9FOL+OlJ/wAs0tHryTUJraV/fyTMsPQ58FjbvDVrKVtXCS+CrFfzQb1X24OcHvG3V0V5T+zV8XvEniIaj8Gvi3th8c+EyItS7LqVtwIr6P8AvK4I3Y6MRkDcAPVq9HK8zw2b4GGKoXSd009JRknaUJLpKMk4yXddU035+Z5biMpxssNWtdWaa1jKLV4yi+sZRacX2fRppFFFFegcAUUUUAeP/tnfs56l8fPhtb6l4A1EaZ498IXo1jwJrSkK0F9Hg+SzH/llKFCMD8v3WIO3B0/2S/2i9N/aY+EFt42bTjpuu2M76d4s0KQFZNL1OH5ZoWU8gZ+Zc87WGecgem18r/tDWV5+xX+0PB+2V4VtJP8AhBvFssGl/F3TbZCVtXLbLbV1Ud1ZgkmByG6FpCR5GLX1DEfXI/A7KovLaM/+3b2l/cf908LHp5Zi/wC0I/A7Rqry2jU9YXtLvB3+wfVFFRWV7Z6lZQ6jp13HPb3ESyQTwuGSRGGVZSOCCCCCOualr19z3U01dBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXy38Yv+L7f8FMfhv8ACWM+dpHwq8NXfjHW0HKNf3BFtZRt6On+uX2Y19RsyqpZmAAGSSelfLv/AATdB+LGu/Fn9su7HmD4jeOpbXw9Oed+i6aDa2rA9skSggcZQda9jK/3FDEYv+WPLH/FU938I87PFzX/AGjEYfBr7c+aX+Gn734y5EfUdFFFeOe0FFFFABXiv7KP/FXePvip8YnG4ax4yOmWch/jtrCMRIw9juP5V1P7TXx60f8AZ0+Fdz4+1OykuZ5ZxZ6Xax8ebdOjsgYn7qgIzE88L0JNecf8E1/if4X8Y/Ar/hB9Ktp4tT8OXLHWGnO7z3uZZZVmDd84ZcHkbO/Br4XM84yytx3gMplVXtYQq1eXq5OChBbWvyurNK+ybPt8tynMqPBGOzSNJ+znKlS5uiipuc3ve3MqUHpu0j6Iooor7o+ICiiigAooooAKKKKACvLv22fGnhvwB+yP8RvEfi2FZbE+Eb20e3Zyone4iNvHFkcjfJKi5HPzV6jXzR+3b/xd74r/AAh/ZFtv3kHiXxX/AG94oiHI/srTV85o5PRZZCFB/vR15+aVZUsBU5fikuVesvdX/pV/RM8vOq8qGWVeTWUlyR85T9xfjK78kzgP+Cd//BK7Sf2dvE/h/wDaR8d+O7nUvEZ0FJrTRF04W8ek3FzbbJld/MYzsqyPGDhByTgnGPtaiiqy7LcJleGVDDxtHd+b0u362/yKynKcDkuDWGwkOWO73u3ZXbv1dv0WgUUUV3HpBXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfDP7dXwS+E37b37f8A4b/Zcj13x78Lvit4E+EsvjrwL8dPh74iSyvra2uNSOnXWk+UyMLqAlIpJUf5QJYwCvmMWqf8E+/+CD/ww/Yq8VeCfGnxI/ah+IXxfuPhbZXNr8KdE8W3EUGi+ERcBhNcWljECv2lld1852YgNwAVVgn/AAVr/wCCfvhf44/FTwp+2n8Q/wDgqd4l/Zw074daL/Z2k6ppmpWGmW9pcTSzNPN9uuHjdTcI0MTwb/LkW1iyrEVxH7En7Pmq/Gr4o6N47+Bv/ByJ40+NOn+ENdsdS8ReENI1fRL6K9tYrhHe1u1tyZYoZgpiLYBIc4OaAP0pooooAKKKKAPGfA//ACkL+KH/AGRnwH/6dvF9ezV4z4H/AOUhfxQ/7Iz4D/8ATt4vr2agAooooAKKKKACiiigAooooAKKKKACvnX9u74E+Or46J+1x+ztZ5+Jnw23z2tpGDjxBpRybnTJQvL7lLNGOSGLBcM4YfRVFdWCxdTA4mNaGtt09mno4vyaun9+6RyY7B0sfhpUZ6X1TW8WtYyXnF2a+7Zs4v8AZ7+O3gX9pT4QaL8Zvh3eGTTtYtQ5hkI820mHyy28gHR0cFT24yMggntK+QfFIP8AwTn/AGqD8QrUGD4L/F7WFj8RxLxB4X8RPwl5jpHb3GMOeApBJICIp+vgQwDKcg9CK6MxwlOhONWhrSqK8X1XeL/vQej7q0tpHPlmMq4iEqVfStTdppbPtJf3ZrVdnzR3iFFFFeaemFFFFABRRRQAUUUUAFFFFAHk/wC0t8JPE2tnTvjX8IVWLxx4TzJYLj5dUteTLYyY+8GGdvoxOCN24dd8GPi54a+Nvw/svHvhksiTgx3llKf3tncLxJBIOzKfzBBHBFdVXgfxRsL79lb4qyftBeF7OR/BniO4SH4g6XboSLOYnampRqPc4kA65zyWyvx+ZRlw5mEs2pr/AGepb6xFfZeijiEv7qtGtbeHLU3pu/1uXNcQ4COV1H+/p39hJ/aWrlQb/vO8qN9p80Nqit75RUOn6hY6rYQappl3HcW1zEstvPC4ZJEYZVlI4IIIINTV9fGSkk07pnybTi2mrNBRRRTEFZ3i7wn4d8d+F9Q8F+LtJhv9L1WzktdQsp1yk0LqVZT9QT71o0UpRUotNXTFKMZxcZK6Z8x/sdeLPEX7O/xO1H9gL4r6tNc/2VbtqHws1u7bnVdEJJ+zFu81vypUfwqcAKgJ+nK8b/bS/Z11n44/D6z8TfDS+GnfELwVe/2v4F1YEApdJgtbOTwYplUIwPy52k5CkHc/ZT/aJ0X9pv4PWXxCtLE6fqsEr2PibRJQRLpepRYWe3dTyMN8y55KspODkDysDJ4Os8DN6JXpvvHrH1ht5xcX0Z4mXSlgMQ8uqPRK9JvrDrG/endLu4OL6M9Iooor1j3AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPFf+Ch/wAYLz4J/seeNfFGiO/9r3+m/wBj6FHD/rXvbxhbRlB3ZfMMgH/TM12P7M3wfs/gD+z94P8Ag3aIgPh7QLe1uXj6SXAQGeT/AIFKXb/gVeK/tcf8Xu/bY+CP7MEP72w0O8n+IHiqHqFiswYrHcO6tcM6kHjkda+o69jFf7NlNCh1m3Ufp8EPwUn8zxcJ/tOcV6/Smo0l6/HP8XBfIKKKK8c9oKKKKAPCv25NMsviPpXgv4ALAr3vi/xZDiQKDJa2tupe5nTIOGVGx9Gau4+AX7OPw2/Zw8PXPh/4ewXbm+mEt9fahMsk9wVBChiqquFBOAFA5PcmuP8AA/8Axdb9svxP44b95pvgDR4tC0w/wm9n/e3Lr/tKP3R9iK9tr4nI8twGZ55is/qUoupzulSm1qqdJezk0/79T2mu9opJpaP7PO8xx2W5Lhsip1ZKnyKrVino6lV+0imv7kPZ6bXk203qiiiivtj4wKKKKACiiigAooooAK+aP2bv+L2/tx/Fv9oaX97pvhFIPAXhmXqA0JE9/jtkTlcEdmr2X9ob4sWPwL+Bvir4u35TGgaJPdQxydJZwpEMf/A5Ci/8CrjP2APhNffB/wDZO8J6Jr4dta1WzbWtflmH7yS8vGNw+/1ZQ6xn/rnXl4n/AGjMqNHpC9R/L3Yfi5P5Hi4z/as3w+H6QTqy9V7kP/JpSl/26ey0UUV6h7QUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5qf8FB/D37J3xH/AOC1/wAJvh5/wUpm0Gb4VRfBC9vvhVo/j+5SPw5qPjP+1xHeJMsxEE9wtj9l2RTZU+YcAsUB5f8AbR+GP/BOT4L/ALdX7Kus/wDBO3w98OPDPx21D436XY6jo3wfjs7WW+8GSRT/ANtvqNrYYjNutsCwllXduQBCQr4+sv2nbr9lf9sD9rG1/wCCX37Rv7L2j/EGzPwwf4hahqHiGKKS30mL+0P7Ot1hBXzVuJX+0YkjZCqROMndg8UP2e/+Cdn/AARn8W/DjxF+zr+xB4f0KX4tfE7Tfh9deKtIYvf6XLqIl+zM01yZJmt3nhjjaNJFG6SNiG28AH2tX59f8FtP2UvgJqeq/B39rrUvAz3HxC079ob4a6Rp+uz6vdutrZnxLbbkitjL9njZhI4aRYw7A4LEAY/QWvlX/go3+wp+1L+25feGNF+F/wC2P4a+HnhTw14h0LxJHoupfCRtcup9b0vUTewXBuhqtqFgYpbo0HlE/u3PmfPhQDxr/gpRP+zLd/8ABSX4e6B/wU71vSLT9nqf4QanJ4Si8c6gbbwvceNF1GLzheszLA1yun7TbLcHHM5j/eV0P/BAX45p8Xf2fPi74L8MaxrWoeBvhv8AtCeIvDXwqu9fe4e4HhcR2l7p0W+5/fPGkV7tiMhLCDyR2AHuPjz4Fft7+J/hr4W8O+Hv23fBOneI7C2uY/GOs3nwOF5Za1I8qtBNb2baqrWTxINozNOrE7ivAA6z9kT9lnwt+yN8KJvh7ovinU/Eeraxr994h8ZeLtbEYvfEGtXsplu76ZYlWNCzYVY0UJHHHHGowgoA4n4BfE7w38Uf2/fi/qHhrTfENtHp3wr8D2NwviLwjqOju8qar4uJaJL+CFp4vmGJow0THIVyVOPoevGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBzvxb+FXgn43/DbWfhP8RtIW+0XXbF7W+t24O08h1P8LqwDKw5VlBHSvBv2Gfip42+HHivVv2Bv2gtXa48WeB7VZvCOuXHH/CS+HidsFwpP3pYgBHIMkjaOWKu1fTdeEftz/s3+Kvi14W0n4wfBC4Sw+KXw6u21TwXf4x9rwP32ny8jdFOgK4JA3YyQpbPr5bXpVISwWIdoTd039ieyl6P4Z/3WnvE8fM6FalUjj8Or1IKzivtw3cf8S+KH95NbSPd6K85/ZU/aQ8K/tUfBfTfit4bt3s7iQta67o0+RNpWoRYE9rICAQVbkZAJVlbAzXo1ebXoVcNWlSqq0otprs1/X69T0sPXo4qhGtSd4ySafdP+vzW6CiiisjYKKKKACiiigAooooAKr6tpOm69pdzoms2MV1Z3kDw3VtOgZJY2BDKwPUEEirFFTKMZxcZK6ejXdMcZShJSi7Napng3wf1bUv2Zfien7NPjO+ll8MazJJP8OdYuXJ2c5fTZGP8AEpOUz1BA/iVR7zXI/G/4PeH/AI4fD+68E65I9vKWE+l6lDxLYXacxzoRggg9cEZBIzzXNfs1fGHxB4uttQ+FPxVjW28deE3FvrUPQX0X/LO9i6bkkGCcdCegDKK+SyuUuHcwjlFV/uJ3eHk+ltZUG+8FeVK796neGrpa/WZnGPEGAlm1Jfv4WWIiut9I10u03aNW3w1LS0VTT1Oiiivrz5IKKKKACvlb4721z+xD+0fF+1v4dt3X4e+ObiDTPixYwISmn3RbZbauFHTltkhHXcThmkBH1TWX418GeGfiJ4R1LwJ4z0iK/wBK1eyktNQs5h8ssTqVYe3B4I5BwRyK4sdhXiqK5HacXzRfaS/R6qS6pvsjz8ywUsZQXs3y1IPmhLtJd/7rV4yXWLfVI0bW6tr22jvLO4SaGZA8UsThldSMhgRwQRzmn18zfsZeMvE3wI+Iep/sB/F7V5bm68P2xvvhrrd0cHWdBJO2LPQzW+ChUfwqcDbHk/TNXgsUsXQU7Wa0kusZLdfJ7Pqmn1Ly/Gxx+GVS3LJNqUesZLSUX6PZ9U01owooorqO0KKKKACiiigAooooAKKKKACiiigAooooAKKK8B/4KUfteap+xf8Asz3HxL8N6Et/rOq6pHo2ieaxEVtczQzSCeTHJVFhc7RjLbRkAk104PCV8fi4Yairzm0l6v8Ap/ccuNxlDL8HUxNd2hBNv0X9JfM5n9iX/i9P7Unxx/axuP3tm3iGPwV4UlPRbLTlH2h4z3SWdlfPqpr6kr4f/wCCFP7Qtj8Tv2atS+DCeEvsF34AvUNzqCSFl1IX0tzMJWLc+aGSQNyRjZjHQfcFenxJRq4bOatCatycsUv7sYpRfzXvesmeVwxWpYrJKWIg7+05pt/3pSk5L5P3fSKCiiivDPfCsb4ieNNN+HPgPWPHmrkfZ9I02a7kUnG/YhYKPckAD3IrZrxT9sqebxla+EP2d9OlYTeOvEkUeoKjYYabbET3LDHphPrzXjcQ5jUyvJa2IpK9RK0F3qTahTXznOPyTPXyDL6eZ5xRw9V2pt3m+0Ipzm/lCMvm0a/7GngvUvCnwI07WfEIJ1jxRcS6/rEjDBee6bzAT6ER+WCPUGvVKbBBDawJbW8SpHGgWNEGAqgYAA7CnV05Tl1PKcro4Km7qnGMb92lq35yk5SfnJmGa5hUzXM62MmrOpJyt2TeiXlGKjFeUUFFFFegeeFFFFABRRRQAUUUUAfNH/BQZj8VfEvws/Y/syZF8feMkvfEUK850bTgLm4VvTcwj2k8EoRzX0sqqqhVUAAYAA6V+XvwT/4KSz/F3/gpzovxD8QfDkf2ZrUCeDPDdqJW8/TIbi7UpcsD8rSM7fvMAYRiATt+b9Q6+fyPHYXNKuIxNGV/eUfSMV7v33lI+X4czLBZzXxeMoS5vfUNmrRhH3d/5m5y+avqFFFFfQH1AUUUUAFeM/sH/wDJENc/7LN8R/8A1Ndbr2avGf2D/wDkiGuf9lm+I/8A6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFeW/tyfE7xJ8Ev2KfjB8Z/BkjprHhH4W+INa0po1ywubXTbieIgdzvjWgDwT9vv8AZe/bY8PftVeE/wDgo3/wTph8J69470TwTP4L8b/DjxxfPaWfinQHu/tkK290vFtdwXJkdWfCsJSCcApJ574c+Cv/AAVb/wCCif7Q/wAL/F37f3wI8DfA74U/CLxva+NbbwVoHjJNf1nxNr9mr/YGluYAIYbSGRzKV+8zKAQ2Q8eX+2V+1/8AHL9j/wD4N4PCXxe+H3xZ1XxF8WfGfw88KaP4c8XajeG4vb/W9aS2827SR8kyKk1zNF12mOMdFrzm7/4J+ePf+CNHxT/Zv/aF+FH7aPxa8bar49+MmgfD7416J458WvqGl+JV1oSQPfxwOoMUsFyFkjJZ2CdXOH3gH600UUUAFFFFAHjPgf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB8i/Hazu/2A/2lh+134XtZB8MPiBeQ2Hxc023QlNKvmbZb60qjoCzbJcDksT8zSLt+trO8tNRtItQ0+6jngnjWSCeFwySIwyGUjgggggjrVDxr4M8MfETwjqXgPxro0Oo6RrFlJaajY3C5SaGRSrKfwPUcjqOa+Z/2MvGfif9mT4s3v8AwTu+MmszXUen2z6h8IPEN43Or6ICSbNm6Ge2wRtH8CnACopb3J/8KuB5/wDl9RWvedNaJ+cqeifeFn9lngw/4SMf7P8A5c1np2hUerj5RqatdFO6+2j6rooorwz3gooooAKKKKACiiigAooooAK8k/aV+FHie9udP+PPwdhC+NvCiloYAPl1ey6y2UgH3sjJT0YkDBII9borzs1yzD5vgZYatdXs1JaShJO8ZxfSUZJNP1TunJP0MrzLEZTjY4mlZ2unF6xlFq0oSXWMo3TXo1ZpNcx8H/iv4X+NXw/sfiB4UmPkXabZ7aQ/vLWdeJIZB2ZTx7jBHBBrp68C+Itnd/smfFeT45eHraRvAnim7SLx1p0CEjTbpjtTUUUdFJOJAOpPcldvvNneWmoWkV/YXMc0E8ayQzROGWRGGQwI4IIIINcGRZniMUqmDxtliaNlNLRST+CrBfyVEr215JqcHrFX7s7y3D4ZwxmCu8NWu4X1cWvipSf89Nu19OaDhNaSdpKKKK+gPBCiiigDxb9tf9nnxB8ZfAth46+FF0th8RvAl5/a/gjUhgFplAMlm5PWKdV2FScZ25+UEHpf2W/2hvD/AO038HdP+Jmj2rWV7ua01/R5ciXS9Riws9s4PIKtyMgEqynAzivRK+VPjRDN+wx+0vH+1FosTR/DX4h3kOn/ABQtIl/d6VqLHbb6uFH3VYnZKfViTuZ1x5GK/wCE/E/XF8ErKp5dIz/7d2l/daf2Twsb/wAJeM+vx/hytGqu3SNT/t2/LP8AuNN/AfVdFNhmhuYUuLeVZI5FDI6NkMDyCCOop1eue6FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfG/iLwh4f/wCCmP7WGq+H/F1i2pfBf4QyTadLbLcSRw+IfEkkZSYh42ViltG2AVIIcgglZDXpn7fnx98X/DP4faZ8Hfgq3m/Ev4m350PwbAjYa13AfaL9sfdSCNt27naxUkEBq9C/Zq+AfhD9mT4J6D8FvBa77bR7QLcXjriS9uWO6a4f/aeQs3sCAOAK9zCSlleCeMTtVqXjT7pbTmuz+xF93JrY8HGRjm2OWCavSp2lU7Se8Kb7r7c12UE9yT4Efs5fBP8AZl8IP4E+Bnw/tfD+mS3BnnhglklkmkIxukllZ5JDgADcxwOBgV21FFePVq1a9R1KsnKT3bd2/Vs9qjRo4ekqdKKjFaJJJJeiWgUUUVmaBXiXw9/4ur+2J4t+IL/vNN8C6XF4d0puqm7kPm3Tj0Zf9WfYivUfiX440/4a/D7WvH+qYMGkabNdMhON5RSVQe7HCj3NcV+xz4I1Dwb8BdKvdfy2r+IpJNc1mVhhpLi6bzMsPUIY1PutfLZt/wAKHEGCwC+GnzYif/bnuUk/WpOUv+4fkfT5X/sGQ4zHP4qlqEP+3/fqtelOEY/9v+Z6jRRRX1J8wFFFFABRRRQAUUUUAFcl8ePirpnwP+DHif4uavtMPh/RZ7xY3OBNIqHy4vq77UHuwrra+aP+Cgzv8V/EPww/Y5sXLj4geLkvPEkSnP8AxJdPxc3Ct/d3MI9pPBKEc1xZjiJ4bBTnD4to/wCKT5Y/i19zPOzbFTweX1KlP47Wj/ik1GP/AJNJP0TKP7AH7Cvwh+HPw48IfHzxt8PYLr4mappp1TU9cvJpWeGW7Zptqwl/KidEkWMsqBuDzya+paRESNBHGgVVGFUDAA9KWqwWCw+Aw0aNGKSVr2Vruyu33b3bLy7LsLleEjh6EUkkr2SV3ZJyfdvdt66hRRRXWdwUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFUvEvhvQfGXhzUPCHirSYL/S9VspbPUrG5TdHc28qFJI3B6qysQR3Bq7RQB+eHwo/4N5Phj4A+LfgHUvGv7aXxf8AHPwo+E3iaPxB8L/gn4r1lLjSNEvoSxtdz433EVuWIiQgFV+Usys6v9UftS/sc6X+1T8UPg5418WfEG+sdG+EfxAHjFPDVtZo0es6nDbSw2Tyyk7o1gaaWQBQdzEZxtBrw39qH/g4M/4Jm/sr/GDUvgBrnxP13xj4y0SZote0L4c+FbnWH0yRTh45pYlEIdTlXQOXRgVYKeK9I/YQ/wCCtH7CX/BR641TQf2X/jGL3xFoUXm634P1zTJ9N1ayj3BTI1vcKpkjDMqtJGXRWZVZgSBQB9I0UV4X8d/+ClX7E37M/wAc/Dv7Nfxp+NqaT438VXum2mi6FB4f1G9aSW/ufstmJZLW3kjt1lmyivMyLkckDmgD3SivLf2k/wBtH9mv9kh9Ds/jv8Q5NO1DxNLPH4d0LSdBvtX1PUzCoaZoLHT4J7mVI1ZS7rGVTeu4jcM7v7P/AO0Z8E/2pvhvB8W/gD8QrPxJoE91Nam8tUkje3uYXKTW88MqrLbzIww0UqK6nqozQBx3gf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV41+2x+zHd/tHfDK3uvAuqjR/H/hG9GsfD/xAhCtZ6hHgiNm/wCeUu0I4OR91iG2AV7LRW+FxNbB4iNak7Si7/8AAa6pq6a6ptHPisLRxuGlQqq8ZKz/AEafRp2ae6aTPJv2Nf2nLT9qD4Rr4j1XSTo/ivRLt9J8ceHJQVl0vVIflljKnkIxG5DzwcE7lYD1mvk79rHw7rn7HPxzt/8AgoD8MNKnn8O6gsOmfGvQLGMsbixyFh1ZEHWaAkBj1KY+6DI1fUnhzxFoXi7w/Y+KvDGqwX+m6laR3Vhe20gaOeGRQyOpHUFSCD7125lhqK5cVh1+6qXsv5ZL4oP0vePeDT6M4csxVaTlhMS71adrv+eL+Ga9bWkuk1JbNF2iiivLPWCiiigAooooAKKKKACiiigCrrei6T4k0e68P69p8V3ZXtu8F3bTLlJY2BDKR6EGvEvgtrerfs4fEpf2XvHeoSzaDqJef4b61dNnfFnL6fIx/wCWkefl9QQOMote71xvx1+DeifHDwDP4Q1O4e0u45FudG1WHiXT7xOY5kI5GDwQCMgkZHUfO57luKqunmGAS+s0b8qvZVIPWdKT7TteLfwVFGW3Pf6DJMxw1JTwGOf+zVrcz3dOa0hViu8b2kl8dNyjvy27KivMP2a/jJrnjrTr/wCHHxOt0svHPhSQWviC06C5X/lneR9N0cgwcjgE9ACufT69PLMywubYGGKw7fLLo1ZxadpRkukoyTjJPZrtZvzcyy7E5VjZ4Wuvej1WqkmrxlF9Yyi1KLW6fqkUUUV3nCFZHj3wL4W+JvgvVPh7430iO/0nWbKS01C0lHEkbjB56gjqCOQQCORWvRUyjGcXGSumTOEakHGSuno13T3Pmn9izx14q+DfjbVf2CPjLq0lzqvhS2+1+ANbuuDrnh8kiLB7ywY8tlHZcDIjLH6WrxL9tr9n3xN8VvB2m/E/4OzLZ/En4f3Z1XwZfAYM7AfvrF+m6OdBsKkgbtuTtLZ639mP9oLwx+018HdM+KnhyFrWWcNb6xpUp/e6bfR/LPbSA4IKt0yASpVsDdXl4GUsJVeBqPZXg31h29YbPvHlfc8bLZzwNd5dVd+VXpt/ah/LfrKnpF9XHkl3PQKKKK9Y9sKKKKACiiigAooooAKKKKACqmv69o3hbQr3xN4i1KGy0/TrSS5vry4fbHBDGpZ3YnooUEk+gq3Xyp+29r2s/tMfF3w//wAE7vh1qc0Nvq8aa18WdUtHIbT9CjcFbXcPuy3LhVA6hdpIKua7cvwf13EqDfLFXcpfyxWsn92iXVtLqcOY436jhXUiuabajGP80npFffq30ipPoH7EWg6z+0z8XvEH/BRD4iabNDbatHJonwl0u7TDafoUbkNd7T92W5cM2eoXcASjivquqmgaDo3hXQrLwx4c0yGy0/TrSO1sbO3TbHBDGoVEUdgFAAHoKt0ZhjPruJc0uWKtGMf5YrSK+7VvrJt9Qy7BfUcKqcnzTbcpS/mk9ZP79EukVFdAoooriO4KKKKAPE/2xZZPHD+DP2c7F2L+NvEcZ1RUPI021xPcHjp0THrg17VFFHBEsMMaoiKFRVGAAOgFeKfDP/i6n7XvjP4lSfvNO8FWEXhnR26qblj5t2w9GVv3ZPowr22vluHf9uxmNzR7VKns4f8AXuhemreUqntZeejPp+IP9iwmDyxb04e0n/18rWm7+cafso+WoUUUV9SfMBRRRQAUUUUAFFFFABXzP+z/AP8AF9P28vij8fJT52k+A7SHwJ4ZkPK+eh8/UGHYMspVMjkq+K9l/aJ+Len/AAH+Bnir4v6iUK6Bos91BHIeJZwuIY/+BylE/wCBVxv7Afwk1D4O/sp+FtG8Qh21zV7Ztb8QzTD95Je3jGd9/qyh1jP/AFzry8T/ALRmNGh0heo/l7sP/JnJ/I8XGf7Vm1DD9IXqy+XuU1/4E5S/7dPZaKKK9Q9oKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK8r/bo+K+v/Af9iT4x/HHwpceVqngz4V+Idd02UDOy4tNNuLiNvwaMGvVK4P9qX4ffC/4tfsx/Eb4VfG/xX/YPgvxN4D1fSfF+uf2jFZ/2dpdzZSw3Vz58wMcHlwvI/mSAom3cwIBoA8i/wCCQH7Lfwr/AGU/+CePwr8KfDjwxa2t9rngjS9c8XawsI+1a3q93ax3F1d3Mv35naWV9pcsVQKgO1QK8s/4Kx/DLwV8L/2mP2Vf25/BGg2umfEGx/aK8PeBtT16zhWOfVNA13ztPubK4ZQDOitJFJHv3eWVfbjeTXzRpX/BO/8A4I0aFpdtomif8HE3xZs7Kzt0gs7O1/bK0aOKCJFCpGiKgCqqgAADAAAFdH8I/wDgnb/wR5vPjv8ADnxFYf8ABcL4g/EnXfDPxD0XXfCPg7xL+1No+tW2o6zaXsU1lF9j8stOzTKqBI8SNvKqQWoA/WCvj3/gtP8A8kB+FP8A2dF8NP8A1JbOvsKvBf2sf+CZ37HX7b/i3TfG37S3gfxLrd7pFvaxadHpvxN8QaRawm2uJLiCYW2nX8EBnSWRnWcoZRhBvwiBQDwv9tS2+LnjL/grV8J/Cn7HPiPQPDPxZ0T4K+IdS13xJ49sZNQ0OXwtPqVhC1mLCF4p7i7N7FBIskVzbiKON95lEioN/wD4IvSX+leEPjx4B+IKxXHxK0T9ojXD8V9c025V9L1nW7i0sbgXVggjQ21v9kktI/sz7pInicPJKxMj+qeM/wDgmR+xZ8QvAfg74f8AjD4YatexeAI7mPwfrrePdbTXtMjuGLTomsJeDUGSQn5la4ZSFUEYRQPQ/wBnr9mz4G/sp/DpPhR+z78ObLw1oQvZr2a1tXkkkuruZt0tzcTSs8txO5A3Syu7tgZY4FAHmHwC1L4r6n+378X5Piz4L8PaJcx/CvwOmmReHfE8+qJcWY1XxdsmleaytDDKTuBiVZFUAESNkgfQ9eM+B/8AlIX8UP8AsjPgP/07eL69moAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigCtrGj6V4h0i60DXdOhvLG+tnt7y0uYw8c8TqVdGU8MpUkEHqDXyn+zHrGq/sQftBSfsKePtQmk8E+JHn1P4K63eSFhGm7fcaM7nq8bNujzyQ3XLoo+ta8t/a/8A2ZtG/an+Dlz4Ek1JtL12xuE1Lwh4hhJWbSNUh+aC4Rl5Az8rY5KscYOCPUy3E0Yc2GxD/dVLJv8AlkvhmvOLeq6xcl2PKzPC1p8uKwy/fU7tLbmi/ig/KSWj6TUX3PUqK8T/AGH/ANpnWfj58Pr7wr8UdNXSviT4Gvf7H8f6IwCmO7TIW6QDgwzqpdSPlzuAJCgn2yuPFYWtg8RKjVXvR+59mn1TVmn1TTOzCYqjjcNGvSfuyXzXRpro00010aaCiiiuc6QooooAKKKKACiiigAooooA8h/aU+F3ilNRsP2hvg3bD/hMvC8Z8yzXga1p+cy2bgfeOMlO4PTkqR3fwm+KPhb4y+ArD4heELkvaX0WWif/AFlvKOHicdmVsg/mMgg10deA+Oba4/ZF+LUnxe0WB/8AhX3i69RPGVjEpK6RfOdqX6KOiOTh8dz3JQD4/ME+GsxlmcP92qte3XSEtIxrpdto1v7vLV3hNn12Aa4jy+OWz/3mkn7B/wA8dXKg/PeVH+9zU9pxR79RTLa5t7y3ju7SdJYpUDxSxsGV1IyCCOCCO9Pr69NNXR8k007MKKKKYgr5U+K0cn7CX7TqftEaWjRfC/4mX8Vl8RbZB+60XVmOINUwOFSQkrKeBkljuZkA+q6xfiN8PvCXxX8Cat8N/HekpfaRrVi9rf2z/wASMMZB/hYHDKw5VgCORXFjsLLE0k6btUi+aL7Nd/KSvGS7PukedmWCnjKCdJ8tWD5oPtJdH/dkrxkuqfdI2Y5I5Y1licMrAFWU5BB7ilr5s/Ym+IXi34XeK9X/AGEPjXqr3HiDwZbC48Gazc8HXvD5O2CQeskPEbgdAAOdjNX0nV4PFRxlBVErPZp7xktGn6P71ZrRmmAxsMfhlVSs9VKL3jJaSi/NP71ZrRoKKKK6jtCiiigAooooAKKKKAOF/aU+PnhD9mT4Ka98afGrbrXR7Qtb2aNiS9uWO2G3T/aeQqvsCSeAa89/YD+Afi/4a/D/AFT4yfGpPN+JfxOvxrnjKZ0w1puH+j2C5+6kEZ27f4WZgCQFrhdS/wCM8f23U0Nf9J+FnwJ1MS33eDXPFePlj9HS0UnPo+QQVkFfW1e1if8AhOwCwq/iVLSn5R3hD/2+S7uCex4WF/4U8weLf8OleNPzltOf4ezi+ym1uFFFFeKe6FFFFABWB8U/Hdh8MPhxrfxB1LaYtI0yW52MceY6qdifVm2qPc1v18Z/8FRfjv4r0bU9P+A2jGGLTL7TYdS1Z9oZ7gidxHCc/dUNCHP97I7DB+T444lo8JcMYjMZ35kuWFlf95O6h8k9X5R8z6rgvhyrxVxJQy+FuVvmnd29yNnP5taLzfke/fsfeA7/AMCfATRzru5tW1zfrOsyuMO9xdHzTu/2gpRT/u16dXDfs1fETxB8V/gX4c+IHinR0sb/AFGyZri3jjKIdkjxh1U9FdVDgejiu5r0uHIYOnw/hI4Rt0vZQ5W1ZtOKd2nqm7uTv1k/V+bxDPF1M+xcsUkqntJ8yTuk1Jqya0aVklbol6Iooor2jxwooooAKKKKACiiigD5n/b5J+L3j74VfsdWhMkPjLxWNW8UxLyP7H04CeVH9BI+0KT/ABR4r6YAAGAMAdAK+Z/2bP8Ai+X7b3xY/aMm/faX4RWHwF4WlPK7oCJr9h2z55UBh1ViK+mK8vLf3062Kf25WX+GF4r73zs8XKf9oqV8a/8Al5K0f8FO8F98ueXzCiiivUPaCiiigAooooAK8Z/YP/5Ihrn/AGWb4j/+prrdezV4z+wf/wAkQ1z/ALLN8R//AFNdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK83/bJ8cfDT4ZfshfFX4k/GfwKPFHg7w98N9c1PxZ4ZMMcg1fTINPnlurPZIQj+bCjx7WIU78HjNekV5F/wUD+Ffjn46/sF/G74I/DDSF1DxL4y+EXiXQ/D1g9zHCLm+u9LubeCIySMqRhpJEXc7BRnJIAJoA+Wfif+xr/AMEMfgv+xzpn7bnxJ/4Js/Da08J6lp3h+6+zWnw8sp7uH+17mztbVCgABIlvYQ5DYADEZxz7x4I/4JFf8Ev/AIa+NNI+I3w//YJ+Feja9oGqW+paJq+neDrWK4sbuCRZYZ4nVMo6SKrKw5BUGvz3/aM0X/gv9+0L/wAE/NP/AGCrz/gkD4a0u00+w8LWw8SxfHvRZZHGi3+n3it5BkUDzTYBCN/yiUn5tuD9UfCL9sf/AILpeKPix4X8NfF3/gjb4X8L+E9R8RWVr4n8TW/x90q8k0jTpJ0S5u1t0+adooi8gjX5nKbRyaAPuuiiigAooooA8Z8D/wDKQv4of9kZ8B/+nbxfXs1eM+B/+UhfxQ/7Iz4D/wDTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD5a/bZ8AeLvgJ8RtO/wCCh3wO0WW71Dw7aCy+J3h60GDr/h/ILyY6Ge3ADqx/hQZO2Pafoz4efEDwj8VfA2lfEjwFrMWoaNrdjHd6deQniSJxkZHVSOhU8ggg4INa80MNxC9vcRLJHIpV0dchgeCCD1FfIvwmmm/4J6ftPj9m/WpWj+EfxP1KW7+Gt5I37rQNYc7ptJJP3Y5Sd0Q9SANzGRh7lP8A4VcD7J/xqS93vOmtXHzlDWUe8OaP2UeDU/4SMf7VfwazXN2hUeil5RnpGXafLL7TPryiiivDPeCiiigAooooAKKKKACiiigAqn4g8P6N4r0O78NeItOivLC/t3gu7WZcrLGwwyn8DVyipnCFSDhNXTVmnqmno011TTsyoTnTmpwdmndNaNNapp90zwr4G+INZ/Z9+Ig/ZW+IWoyz6Xcq8/w41u5b/j4tgctYu3TzYs/L6r6AoK91rivj18F9J+OHgOTwzc3bWOpWsq3eg6vDkS6feJzHKpHOM8EDqCehwRkfs2/GfV/iLo994H+Itoth438LTC08S6fwBIcfJdR+scg+YEcAnjgqT8llM55Bj1k1d3pSu8PJ9lrKg2/tU1rTu7ypaaypO/1WaQhnuBeb0VarGyxEV3eirJL7NR6VLaRq66RqK3plFFFfXnyYUUUUAeG/tu/ALxZ8R/DGlfGT4KsLb4l/Du6bU/Cdwo/4/VA/f6fJ03RzICu0kfNgZAZs9v8As1/H3wn+0v8AB7Sfiz4TVoReRmPUdOlP73T7xPlmtpBwQyNnqBlSrYwwru6+A/2qf2mNJ/4Jjfti6hrfgDw//bmkfEvQ11nxN4L+2G0S0vxM8S38MvluoMuyXem35mUkkfJjw8wr0snr/XZu1OVoz9dozS6v7MratWf2T5vNMTQyDEf2jUdqM2o1PJ7Qml1enJJLVx5Xryn35RXG/s/fG7wn+0d8HNC+NXgiK4j03XbVpIobpQJIXSR4pY2xwSskbrkcHbkcGuyr2aVSnWpxqQd4tJp909UfQUa1LEUY1abvGSTTXVNXT+4KKKKs0CiiigArwv8Ab1/aG8T/AAZ+F9l4D+EUX2r4kfEPUBoPgSyQ/MlxJgSXjddscCNvLEFQxTdwSa9t1XVNN0PS7nW9Zv4rWzs7d57u6nkCRwxIpZnZjwFABJJ6AV8sfsa6VqX7WPx313/goT43sJU0ZUm0D4OaddIVNtpUbss+obT92S4fcAeGC715Uqa9bK6NKLljK6vTpWdn9qb+CHo2ry/uxfc8jNa9WShgqDtUq3V19mC+Ofqk+WP9+S7M9s/Za/Z68MfsufA7Q/g54Zl+0HT4DJqmpOP3moXsh3T3Lk8ku5JGScKFXOFFehUUV51etVxNaVWo7yk22+7Z6VChSw1CNGkrRikkuyWiCiiisjUKKKKAML4mfEPw58KPAeqfEPxZc+XY6XatNLgjdIeixrnqzMQoHqwry39n34EWXjDQ7/4yftB+CtM1bxL4zukv5LLV7CO4TS7UDFtbIsqnYVQgngHJAPK5qp4p/wCMpP2ho/AEP73wP8OrtLnxAw5j1PV+fKtfRki5LD1ypHKmveq+Nw9KlxNm8sVWipYbDuUKaaTjOp8NWpZppqGtKndNX9rJdGfX16tXhvKY4WlJxxNdRnUabUoU/ip07pppz0qzs07eyi+qGwww20KW9vCsccahY40UBVUDAAA6CnUUV9kkkrI+Qbbd2FFFFABRRRQAUUUUAFfPP/BTf9pj4lfsq/syv8QPhRaw/wBsX+uW+lxX88AlXT1kjlc3GxgVYgxBAGBXMgJBxg/Q1fLHxSsbL9s39tfT/gfeWcWofD/4QRx6x4yt5oxJb6lrcyEWlm6nKuscZZ2ByDmRGHSvLzipWWCdKjLlqVPdi1um+vpFJtvt52PFz6rXWXSoYeTjVqtQg1upPd+kYqUm+iWmrRw//BDj4u+LfHfwQ8U+BNf8Polr4d1xZ7XXFRg2oS3hmlmWRjw8iFFJbrtlQEcAn7frL8H+CPBfw80OPwx4A8IaXoemxMzRado+nx20CEnJIjjUKCT14rUrTKsHVy/LqeGqT53FWvt1f5ba69zXJMBWyvKqWEq1OeUFbmta+r/K9tde+oUUUV6B6oUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRXy1+3D+3z8e/2PPip4I0jTf2LH8T/D3xV428N+GdQ+I8/xEtLBbC81fUksVWKwEM1xcNEZEkbcIkYNgSZBIAPqWivJf2hviF+2l4O8QWFn+zF+y94F8eaZNZl9SvvFfxbuPDsttPvIEaRRaPfCVduDvLocnG3jJ5n/AIJpftoeNf2+f2aD+0X4v+Clh4IguvFWraXodtpXi5tattVs7G5a0/tCG4eztG8qWaKcIDECURXz8+1QDa8D/wDKQv4of9kZ8B/+nbxfXqviG+vbZbSx02RY5r67ECTMm4RgI8jNjudqHHuRXlXgf/lIX8UP+yM+A/8A07eL69S8Qf8AIW0P/sKv/wCklxQAg8P6vjnxzqmfaG0/+MUv/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqVz3xa+Kfgf4G/C7xF8Z/ibqs1h4c8KaLc6tr1/b6fPdvbWdvE0s0oht0eWTaisxVEZsA4BoAu/8I/q3/Q86r/35tP8A4xR/wj+rf9Dzqv8A35tP/jFcve/tO/AbTv2aH/bEvPiRZp8NU8Gf8JYfFYilMJ0c2v2oXQQJ5hBhwwQJvOQoXccV8of8FLP26/8AgoD8HP2Xrv8Abg/YE8H/AAa1j4S6X8LIfGV3rnxRGuRarfCQPKsFtpsKQMgNubd83EsTBpGVkBTBAPtf/hH9W/6HnVf+/Np/8Yo/4R/Vv+h51X/vzaf/ABisr4G+N9W+JvwT8HfEjXre3hvvEPhbT9SvYrRGWJJZ7aOV1QMzEKGcgAknGMk9ap/tE6n+0DpHwb1m/wD2WfCvhfWvHqrAvh/TvGmqT2elyM08aytcTQRySKqQmVwEUlmRV43ZAB0P/CP6t/0POq/9+bT/AOMUh0DWQMx+ONSLDoJILUr+IEIP6ivlH/glh+2X+2H+0n8R/j58FP20dA+Gln4m+Dfjqy0GOb4X22oJY3Cz2K3TEvfSvJKRvChtkWcH5K+w6AKPhzUbnVNJS5vFUTJLLDNsGFLxyNGxA7AlSfxq9WX4P/5BM3/YVvv/AErlrUoAKKKKACuA/ab/AGePBf7UfwZ1b4PeNg0Ud9GJNO1KFf32nXicw3UR4IdG54I3KWU8Ma7+itaNarh60atN2lFpp9mjKvQpYmjKlVV4yTTT6pngH7Cn7Q/jPx9o2s/s9/H7bbfFP4bTrp/ieNj/AMhW3x/o+pxZxvSZNpJH8RyQodRXv9fnh/wXP0P4pfDW98C/tM/Aka3oOpQWt/o3ijxf4ZvZrW4itnMD2sEskLAiMt9oIJ4BwM8rWn/wTz/4KWzeDvgro/g79vfWfE+ialfXjnwp428U6FcJZavYFU8vdeFSHlVxMDI+FKBCXJzX1WL4eq4/LY5tgkmpvWnH4oyV+blV9Y3XMklzRjLZpJnyOE4jpZfmksnxzadNaVZaRlF25eZtaSs+Vyb5ZSjum2j78oqh4a8U+GfGmiQeJfB3iKx1bTbpN9rqGm3aTwTL6q6Eqw+hq/XyLjKLs1Zn2UZRkk07phRRRSGFFFFABRRRQAUUUUAFePftJfDTxVpmsWP7SXwas9/izw1CVv8ATo+Brmm5zLauB95gMsh5ORgAnbj2GivNzfK6GcYGWHqNxejjJfFCcXeM4vpKL1XRq8XeMmn6OVZnXynGxxFNKS1Uov4ZwkrShJdYyWj6p2krOKa5/wCFvxL8LfF/wJp/xC8HXnm2OoQ7lVsb4XHDxOOzq2QR7cZGDXQV4B4shl/Y++Lb/EnTImX4ceMr9U8T2sYymiai5wt6oH3YpDgPjof+ALXvsM0NxClxbyrJG6hkdGyGB5BBHUVxZFmlfGQnhcYlHE0Wo1Etnf4akP7lRLmW/LLng9Ya9md5ZQwk4YnCNyw1a7pt7q3xU5f36bdn/MuWa0lo6iiivfPCCvEf2tP+Cf8A8Af2yr/S9b+KUer2Wp6REYLfVNBvI4Z5ICxbyH8yORWQMWYfLkFmwRk59uorDE4XDYyi6VeClF9Hsc2MwWEzDDuhiYKcHumrrTY+Urj9lT42fsVSnxl+wvqs+u+GEAfXPhH4j1FnjucAb5rC4fJgnbGSp+ViT97Cx16/+zh+1p8KP2mNMuYvCV1c6Z4g0tvL8QeENbh+z6lpcoOGWWFuSoPG9cr2JByo9Orx39o/9jPwF8eNTtviLoGsXng34g6UM6J478Pny7uEgYEcwBAuYuxR/wCEkAqCc+f9Tr5f72C1h1pt6f8Abjfwv+6/cf8Ad3PK+oYnK/ey7WHWk3Zf9w278j/uu8H/AHHqexUV8z+A/wBsf4g/A7xZZ/BT9vjQ7XQb+6l8jQPiTpykaFrpHTzHwBaTkclWwvU/INufpaKWKeJZoZFdHUMjqchgehB7iu3C4yhi4vk0a3i9JRfZrp5PVPdNo9HBZhhsfFum2pR0lFq0ovtKL1Xk9U902h1FFeJfte/tdL8BINM+GXww8N/8JZ8UvFxMHg3whbtksxyDd3JBHlW0eCzMSN21gCAHdPSwuFr4yuqNJXk/kkurb2SS1beiRpi8XQwVB1qztFfNtvRJJatt6JLVv8PFv2x/2pvh3+1b8TNB/wCCc/wM+LFp9p8Va89p8R9ZtZSi2OnW6+bPZQysAs0820x4jLgbWRvvHH2N4U8LeH/A/hjTvBnhPSorHS9JsorPTrKBcJBBGgREUegUAfhX5vfsrf8ABDj4yfCb9pHwp8Xfib8XvDs+j+GtUtNYMOjPcNeXF5CySiEiSJUWPzVwX3kso+6pbj9Ma9/iJZVhoUMJl1b2lOKbk7bzb1b0V9Eklb3Vpd3bPnuGnm+JnXxmZ0PZVJNRir7QS0S1dlzNtu/vN3srJBRRRXzB9UFFFFABXmv7T3xd1f4aeCYNB8Cwi58X+KboaZ4WsxjPnvw059EiU7iTwDtB4NeiajqNhpGnz6tql3Hb21rC01xPK21I41BLMxPQAAkn2rxH9njTr/46fEvUf2sfFVpIlgVk0z4e2NwuDBYqxWS72no8zZ56hdw5BWvmuIcZiZKnleDly18Rdcy3p01b2lX1SfLDvUnH+Vn0eQYTDxdTM8ZHmo0LPle1So7+zp+ja5p9qcJfzI9F+BXwi0n4I/DSw8B6bMbiaIGbU79877y7fmWZieSS3TOSFCjtXX0UV7mDweGy/CU8Nh48sIJRil0SVl/wXu223q2eJjMXiMfip4nES5pzblJvq27v/htkkktEgooorpOcKKKKACiiigAooooA89/am+POk/s1/ArX/i3qMIuLiwtfL0iw5Jvb6Q7LeAAcndIVzjkKGPasH9iD4C6t8BvgZa2njeZrnxh4lu5de8bX8uDJPqdyd8isR12DbHxwShI+9Xn3jD/jLr9uzT/h7H+/8DfBBo9W17vFfeI5VP2WA9m8hMucdG3qw5FfUNeThv8AbMfPEP4YXhD1+3L77QXlGR4mE/4UMzni38FO9OHm/wDl5L70oJ9oy7hRRRXrHthRRRQAUUUUAFFFFABXjP7B/wDyRDXP+yzfEf8A9TXW69mrxn9g/wD5Ihrn/ZZviP8A+prrdAHs1FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfnp/wAF7v2xf2Wvg/4O+FvwZ+KHx58NaF4ri+OXw98VyaBqWpLHdLolv4khafUCh58hBbXBZ+g8l/Sv0LooA+P/APgox+25oF//AME0dQ+Jn7GvxD0zxPrfxkntvAnwd1jRLwSQ32s6vcnTopoZF4JgzcXBPQC0b0r6I/Zo+Angv9lr9nrwT+zh8O4NmieB/C9lounEoFaVLeFY/NfHV3Kl2PUsxJ613FFAHzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPc/EH/IW0P8A7Cr/APpJcV5b4H/5SF/FD/sjPgP/ANO3i+vUvEH/ACFtD/7Cr/8ApJcUAcN+0b+zP/w0V/Y3/GQPxO8C/wBj/aP+Sc+K/wCy/t3m+V/x8fu383Z5XydNvmSdd3HmP/Ds/wD6yBftN/8Ah1v/ALmr6bor0aGbZjhqSp0qlorpywf5wb/E83EZPluKrOrVp3k93zTXlsqkV+CPmT/h2f8A9ZAv2m//AA63/wBzUf8ADs//AKyBftN/+HW/+5q+m6K2/t3Nv+fv/ktP/wCVGH+r+T/8+v8Ayap/8tPmT/h2f/1kC/ab/wDDrf8A3NXT/Bz9hv8A4U98SNO+I3/DYPx08U/2d53/ABIfGXxB+3abdeZC8X76DyV37d+9eRh0Vu2K90oqKmdZnVpuE6l01Z+7DZ+lNP7mvU0p5HlVGopwp2ad171TdetRr70/QKra1o2k+I9Hu/D2vadDeWN/bSW97aXEYaOeJ1KujKeCpUkEdwas0V5Z6p+GGn634s1b4aaZ/wAGwt/qd9Jr1l+0g/h7Up3kb7RJ8I7cr4jS8aX+F3tmis1GcEDZk5wfvr/gvL8TPg78P/8Agk/8cPhZrPxB8NaJq2pfCq+i8P8Ahy61a3trm6QKEVbe3Zg0gGNoCKemO1fVEfwD+BUPxhk/aHi+C3hJfiBLpn9my+OV8OWo1h7Pj/Rje+X55i4H7vft4HHFYXxu/Yy/Y+/aZ1qz8SftIfso/DX4g6jp1qbbT7/xv4F0/Vp7WAsXMUb3ULsibiW2qQMknFAGF+w58Zvg/wCPf2TfBE/gT4q+G9bTQPAGjJrraPrlvdf2cwsI8rP5bt5R+R+Gwflb0Ndt4W/aF+A/jf4P2/7QnhL4zeF9Q8B3Vu1xb+MrbXYG0uSJZDE0gud/lbRIpTO7G4EdaofBn9k79lj9nHStW0L9nn9mn4f+A7HXtn9u2fgzwbY6XFqOxWVPPS2iQTbVdwN4OA7AdTVqL9mn9nKD4KH9mqH4AeCU+HJtTbHwAvhWzGieSZTKYvsPl+RsMhLldmNx3YzzQB8J/wDBJv8AaH+AFz/wUL/bUs7f45eDpJvFXxs0c+GIk8TWhbWB/Y8CZtQJM3Hz/L+73fNx1r9Iq8T8E/8ABNT/AIJzfDXxdpvxA+HP7AXwT0DXtGvI7vSNb0T4VaRaXdjcIdyTQzRW6vE6kAhlIIIyDXtlAGX4P/5BM3/YVvv/AErlrUrL8H/8gmb/ALCt9/6Vy1qUAFFFFABRRRQAVR8R+GfDfjHRbjw34u8P2WqaddJsurDUbRJ4Zl9GRwVYexFXqKabi7p2YnGMlZq6PmXxN/wTM8C+FdbuPHX7H3xW8SfBvX5n8yWPw3cm40i6ft5+nzExuOmFUqo/u1R/4aJ/b2/ZoP2f9pj9nSD4keHYPv8Ajb4TZe7RB/HPpsuHLY5YxlUXHevqiivWWcVqq5cZBVl/e+NelRWl9/MvI8eWS0KTc8FN0X/d+B+tN3h9yg/M8t+Af7aP7M/7S6fZ/hJ8VtPvNSUH7RoN4xtdRgZfvBraYLJ8pyCwBXI6mvUq8o+Pn7Ef7Mf7Sj/2j8UPhbZSawhDW/iPTM2epQuv3WFzCVdtp5AcsvtXlv8Awof/AIKC/szfvv2ePj/a/FTw5B93wd8VDt1FEH8MOpR4Lv0A83ai46Gn9VyvF/7vV9nL+Wpt8qkVb/wKMfUn63m2D/3mj7SP81Lf505O/wD4BKXofVNFfNHhP/gpr8M9E16DwF+1l8OfEfwa8RzNsjj8XWpfTLl+/kahGPKkQf32CLx1r6M0LX9C8UaRBr/hnWrTUbC6jD2t7YXKzQzKf4ldCVYe4NceLy/GYJr20Gk9nvF+kleL+TO7CZjgsen7Com1utpL1i7SXzXzLdFFFcZ2hRRRQAUUUUAUfE3hrQvGXh698K+JtNjvNP1C2aC7tpRlZEYYI9vqOQeRXjXwG8S658CvH5/ZR+JOpST2pief4d63cn/j+shybNm/56xDgDuo6AbM+51w/wAf/gtp/wAbvAraGt82n6xYTreeHdZiyJLC9TlJARztJ4YdwfUAj5zPcuxUpwzLAL/aaKdleyq03rOlJ/3rc1Nv4Kii9pTPockzDDRhPLsc/wDZ61rvd05rSNWK8r8s0vjpuS3jA7iivNv2b/jTqHxP0C88L+O7Ead408MTiy8UaYcDEo+7cIO8UgG4EcdQMjBPpNerluY4XNsDDF4d3hJddGmtHGS3UotOMovVSTXr5eY5ficrxs8LiFaUX01TT1UovZxkmpRa0aafoUUUV3HEFFFFAGP488AeCfih4UvPA3xD8L2Ws6Rfx7LvT7+ASRyDscHoQeQwwQQCCCM180y/Dj9pH9gKRtV+BcepfEv4SxMXuvAV3OZdY8PxdS2nytzcRL/zxbngAclpK+rq8b/a7/a40v8AZv0bTvCvhLw7J4p+IviuU2vgnwVZHM19OePOlx/q7dOrucDAIBHJXF5RLNcTGNC6q/ZkrJpbu99HBbyUvdtd6bnjZvh8EqX1upN05wWk4/Er7Rt9tN2XI07t6Weq4j4kf8FN/hDc/DPSLn9mc/8ACd+PvF87WPhPwRbgpdR3YHztexkhraKLO52bAYD5W25deo/ZB/ZFu/gtPqfxm+M/iNfFfxZ8XASeKvFEi5W3U4K2NoCB5VtHhQAAN+0EgAIq+S+C/wDgmd8V9AsG/aHtf2gbnSvj7qN9Nqmq69aQqdHkeYKW01rYLhrYbQu/G4nL7ThVHpnwU/bZuJPG8P7P37Wfg5fh98RG+WyWaXOleIBnAlsbgnadxx+6Y7gSFBZgQN55xLLaby6pZOTs60b8lXXSKbScF/cl8cveUpLlivHwVfEyxtOtnMeSWnsv+fabVrvV8tZ9pO0U+WnJvmb+gaKKKR9iFFFFABRRXKfGz4s6H8E/htqXxC1xfNFpHts7NT893ctxFCvfLNjpnAyegrnxeLw+Aws8TiJKMIJyk3skldv+t9EtWjowmFxGOxUMPQi5Tm1GKW7bdkv6829Ezzn9pHVtT+M3j7TP2SvB17JFFfRrqHjy/t2wbPTFYEQZHR5mwMehGQVY17TpGkaZoGk22haLZR21nZW6QWtvEuFijRQqqB2AAArzj9l34T654C8JXfjT4hsJvGXi+6/tLxLcMOY3Yfu7YeiRKdoHQEtjjFen14PD2ExFR1M1xkXGtiLWi96dJX9nT8nZ89TvUm19hHuZ/isPTVPK8JJSo0L3ktqlV29pU81dclP/AKdwT+2wooor6Y+bCiiigAooooAKKKKACvOP2sfj5Yfs1fAfXfipLbi5v7eAW2g6ftLNe6hKdlvCFHLZcgkDnarHtXo9fL2u5/a7/bxtfDC/v/AvwLZL7Uu8V/4mlU+TH6N9mQFuOVkDKRhq8/Ma9SlQUKX8Sb5Y+Te8vSKvJ+iXU8vNsTVoYZU6D/e1HyQ8m95ekI3k/RLqej/sU/AO/wD2fPgRY6B4ruDdeKtbuJda8aag7BnutUuTvmLMPvbfljB7iPPc161RRXVh6FPC0I0ae0VZf13erfm2dmFw1LB4aFCkvdikl8u/m9W31bbCiiitjoCiiigAooooAKKKKACvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9epeIP+Qtof/YVf/0kuK8t8D/8pC/ih/2RnwH/AOnbxfXqXiD/AJC2h/8AYVf/ANJLigDUorjPi7+0J8IPgP8A2f8A8LW8Xf2V/avm/YP+JfcT+b5Wzf8A6mN9uPMTrjOeM4NcX/w8I/ZB/wCiu/8AlA1D/wCR68LGcUcM5diZYfF42lTqRteMqkIyV1dXTaaunf0PbwfDPEeYYeOIwuDq1KctpRpylF2dnZpNOzVvU9norxj/AIeEfsg/9Fd/8oGof/I9H/Dwj9kH/orv/lA1D/5Hrl/124N/6GVD/wAG0/8A5I6v9TeL/wDoX1//AAVP/wCRPZ6K8Y/4eEfsg/8ARXf/ACgah/8AI9bXw9/bG/Zw+KvjCz8BeAviN9v1a/8AM+yWn9kXkW/ZG0jfNJCqjCIx5I6Y64Fa0OL+E8TWjRo4+jKcmkkqsG23okkndtvRIyrcJ8U4ajKrVwNaMIptt05pJLVttqySW7PTaKK5X46Xvxd034LeLdS+ANlo9z45tvDl7N4PtfEEEktjcaksDtbRXCxSxOYmlCK211IDEg8V9EfPnVUV8Oal/wAFgrRf+CI8H/BUTR/CtjN4svvBsUFj4QMMpifxlJcDTf7M8oOJmjXU8oUDCTykJyD8w8w/4Lm/sJ/Db46f8EwfHH7XX7XXhL+0vjF4J+BKqBoXiXVLXQtN1WJGmmmttPF20L4nmlCvP5z7FjBY7QaAP0yorz39kj/k1L4Y/wDZPdF/9IYaT9p39l/4V/te/DA/Bv40jW5fDc+ow3Wo6fofiO70tr9YskW801pJHK0LE5aMOA20A8cUAeh0V+Vmrfs1fAL9jj/gtL8AfgX/AMEr9CvPCmr3Wm6xqf7R3hDw5rV3NoqeF/soWzudTglleOK6a5YCBgBIzMpbKlCf1ToAy/B//IJm/wCwrff+lctalZfg/wD5BM3/AGFb7/0rlrUoAKKKKACiiigAooooAKKKKACiiigDN8WeDvCPj3QZ/C3jnwvp2s6ZdLtudO1WyS4glHoySAqfxFfOmu/8E0fD3gLV5/Gf7Fvxp8TfB/WJpDLLp+lXBvtEupPWawuCUPoNpCqOi19O0V24XMcbgk1Rm0nut4v1i7xfzXzOHF5bgcc060E5LaSupL0kmpL5O3kfK/8Aw1B+2/8As1/6L+1d+zMPGmgwcP48+EZa5ZUH8c+nSkSrxy7qQg5wDXr3wF/a/wD2bv2mLTzfg18WdL1W6VS0+kPIYL6DHXfbShZVAORu27eOCa9KryD49fsJfsv/ALRl5/b/AI++Glvba+jB7fxVoMhsNThkH3XE8OGcjsJN4HpXZ9ZyrGfx6TpS/mp6x+dOT/8ASJL0OP6rm+C/3eqqsf5amkvlUiv/AEuD9T1+ivlb/hT/APwUW/Zj/e/BD40af8ZPDUH3fC3xIYW2sJGP4IdRTCyuePmmwo7LWt4J/wCCm/wdg8Qw/D39prwf4g+DniiU7VsfHNmY7G4bu0F8o8mSMf322A9qmWTYipFzwklWj/c+JesHaa+SkvMcc7w1OShjIujJ/wA/wv0qK8H83F+R9J0VX0rVtK13TYdZ0PU7e8s7mMSW91aTLJHKh6MrKSGB9RVivJaadmewmmroKKKKQzxv9pD4c+KfDmv2f7TnwcsTJ4l8PQGPWdLj4GuaZ1kgYDrIoG5DyeMYJCgej/DT4jeFviz4H074geDb8XGn6lAJIicbo26NG47OrAqR6g1u18C/tEfG74ofsk/tJ+JfCfwSvX0bQ7+7ttTl0q4s45ra5mkhRpXiDoTGjMWUhCOUIyMAD834nzrC+HmIeb1FJ4XESUakIq7jVa92rFaL31Hlqq6u1CavLmUv0PhrJ8Vx9h1lVNpYmhFypzk7KVJP3qUnq/dcuam7OycoO0bNffVFeG6H+2s/9i2d54z/AGbfibp801rHJPNB4UaW13FQTscPkrnplQcYyKtD9vj9nS0OPEmq65ox7jVPDV2mPrtjavfhxtwnKClLGQhez9/mp766+0pw79/meHPgzimMnGOElO2nucs9u3JOf5fI9oory7Sv21P2WdYx9k+NOkpnp9q8yD/0ai4rnP2iv29fg98HPhwfEHw/1mx8c+I9QmFn4c8NeHdQjuJLq7fhPNaMnyIR1aR8ADgZJAPrYDOskzStGlhcXSnKTsrVaf61F9/RHk4/J85yyjKrisLVhGKu70qn6QfyXVmp+1z+1toX7NHh6w0bQ9Bl8T+PfE8xs/BHgqwObjUrk8b2xzHAhOXkPAHA5rE/ZE/ZJ134aazqP7Q/7Q+vQ+J/i74qiH9t6wBmDSLc8rp1kD/q4U4BIwXIyeMVR/Y1/ZmvfDmv3/7TX7QHjDT/ABb8W/E8AGo6haTrLa6DanldOsQCQkag4Zhy5zyRkt9E19VXxeGwuHeFwU1JS+Oovt/3Yv8A59p/ObV37vLE+Vw+DxOLxKxeOg48v8Om/sf3pLrUa+UE+Ve9zSCuR+NfwJ+FP7Q/gif4ffF3wfbavp0vzReaNsttJjAlhkHzROP7ykdwcgkHrqK8WpTp1qbhUScXunqmerVpUq9J06sVKL0aaumvNM+UF8T/ALS//BPpha/EB9W+KnwegOIfEcUfm6/4Zh7C6Qf8fcCj/loOVAJO0BUP0j8Nfif8P/jF4OtPiB8MfFtlrWj3ybre+sZdyk91YdUcdCjAMp4IBrdZVZSrAEEYIPevm74lfsYeMPhh4yu/jv8AsJ+JLXwl4iuX83XPBV4p/sHxFjkh4lwLaU84kTAyf4NzPXl+yxeW60b1KX8t7zj/AIW/iX92Tuvsyex4vscdlGtC9Wj/ACN3nBf3G376X8knzL7MnpE+kqK8W/Z1/bR8IfGPX5vhL8QvDl34E+JOnLjVPBOvMFlfAyZbWThbqIgEhl5wM424Y+016GHxNDF0vaUpXX5Pqmt011TSaPVwmMw2Oo+1oS5l+KfVNOzTXVNJrsFeC6Vj9qb9opvET/vvAvw0vTFpw6xaprYHzS+jJAMAH+9ggkMRXRftUfEvxHoujad8HfhjNnxj43nax0tkPNjb4/f3jY5UImcHrk5GdpFdt8KPhp4c+D/w90v4c+FYdtpplsIxIRhppDy8rf7TMSx9z6V8xjv+F/Oll61oYdxnW7SqfFSpeajpVqLypRe7R9pgf+EHJnj3pXrqUKXeNP4atXyctaVN+dWS2TOiooor64+UCiiigAooooAKKKKACiiqmv67o/hbQr3xN4h1GKz0/TrSS6vrudsJBDGpd3Y9gFBJ9hSbSV2JtRTb2R59+158foP2bPgNrPxJgt/tWrFFsfDWnBdzXupTnZbxKo5b5juIHO1GxVb9jH4A3H7OnwG0zwfr9z9q8SajLJq3jDUXfc93qlyd87s38W04jDd1jB6mvmnwB+1h8Hf+Cg37f3hHw/puq3Nt4V8Aaddar4b0vVrfy313W1OBOEBYbIYQZYwxDgox2gFgPuuvGwFejmmLnjKclKELwhb5Ocvm7RX91dmfPZXicPnOOqY+lJSpwvThbXs6kvm7RX92Lez1KKKK9o+iCiiigAooooAKKKKACiiigArxn9g//kiGuf8AZZviP/6mut17NXjP7B//ACRDXP8Ass3xH/8AU11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiivkL/got+1J+3h+yl8RPh74y+FGh/CO4+FXiD4leEfCevf8JDFqlx4hkl1bV47KdrdIZIbaFY45VZHdpSWzmPAGQD69or5U/b8/4KB6l+zl8UvCv7N/wy8YfDTwz4n8Q+Hr7xLr3jj4waybPw74T0K1nt7Y3VwFlha5mnurqGCGBZogSJGaRQgDexfsm+NfiX8Rfgrp/jX4ofE/4beNLrUJpZdO8U/CZZl0XUbPOI5YhNcXJDZDBts0i5HDdQADC8D/APKQv4of9kZ8B/8Ap28X16l4g/5C2h/9hV//AEkuK8t8D/8AKQv4of8AZGfAf/p28X16l4g/5C2h/wDYVf8A9JLigDUooooAKKKKACiiigAooooA/KrR/wDglj+2Ha/8FN4vhLc+ArQfsgab8fJ/jrYat/blp5jeIpNOXZpAsxL56QR6o0l0B5Xkle4bFe+/8FsrL9t74yfsr+N/2PP2Tf2FdT+JcPxI8B3enXPjC1+IWiaTBolzIxRY5LfULiKSf5QH3J8vzYzkV9sUUAfOP/BPr4g/td6j+zzH4I/aP/Ye1P4V6v4I8M6bpmh2upePtH1ceInhtDG7o2nzSLbAPEgxKQf3oIztNc78f/jp/wAFVLv/AIJuJ8SfgB+w7pth+0drkX2U/Di98eaXd23hlnmlQ3jXkk0Vre+XCscqxhwC8qg5COD9YUUAfnb/AMEuPCH7WP7Jj2vw78Vf8Eo/iJb614815L/4wfHfxj8XfCeoahrF++fM1C7jtb+Sdoo8sIrWEMIkO1QWLs36JUUUAZfg/wD5BM3/AGFb7/0rlrUrL8H/APIJm/7Ct9/6Vy1qUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABWT428BeB/iV4em8JfEPwfpmu6XcDE+n6vYx3EL+5SQEZ9+1a1FVGUoSUouzXVaEyhGcXGSun0eq+5ny/qv8AwTZh+GOpTeK/2H/jz4l+E+oSSGWTQopjqWg3L9T5llcEhSem4NhQflWq/wDw1t+2N+zd/on7YX7LsniDRYOJPiB8JC17AEH/AC0nsZMTQgDlnyF67VNfVFFess4qVly42CrLu9J/KcbS/wDAudHjvJadB82BqSovtHWHzpyvH/wHkZ578Cv2rv2d/wBpbTP7R+CfxZ0nXHWPfPYRT+XeQD1kt5AssY7ZZQD2Jr0KvGfjr+wH+y7+0Bqf/CVeKPh8ukeJUk8238XeFZzp2pwy9pPOhx5jDt5gcD0rzz/hXH/BST9mEeb8LPifpXxw8MQfd8PeOWGn67HGP4Ir9f3c7erzevC0/qeW4v8A3WtyS/lqWX3VF7r/AO3lD1F9dzTB6Yqjzx/npXf30376/wC3XP0PqmsnxB4B8C+LNQtdW8U+C9J1O6sW3WVzqGmxTSW5znKM6koc88YrwjwB/wAFNfgXfeI4vh1+0BomufCHxY/H9j/ECxNrBMehaG8/1MkeSMOxTd2FfRFhf2OqWUWpaZexXNvPGHguIJA6SKRkMrDgg+orzMfldailTxlHR6rmSlF21TTtKLtumm7b6M9PL81oYhupg62q0fK3GSvo01eMo32aaV9tSWggMNrDIPUGivK/2r/2rfBf7K/geDV9U0+41vxJrVx9i8H+ENMG691q9bAWKNQCQgLLvfBCgjgsyqxh8PWxdaNGlG8paJf106tvRK7bSQ8TiaGEoSrVpcsY6t/1u3skrttpJNsxP2yPjj8Ff2d/B1tceIPhpp/ivxZ4huPsXg3wbb6bFNea1eNgKiqVYrGCyl5MEKCAMsyqeN/ZY/4J/wCk6PpGp/E39qnQ9I1zxr4slFzf6LZW6xaT4fjP3bO0gjwgKjAaXlmI+8eWfa/ZN/ZS8aaR4yuv2sf2r9Qt9b+LGv2+yOKM7rPwrZHO3T7MZIUgEh5ASWJYAnLvJ9D1WZ5dkCoPCLD0qrfxzlTpyu19mDlBtQT3as5vXSNk88sx+fSrrGTr1aSX8Omqk48qf2pqM0nNraLuoLTWTk15DqP7Bv7KGov5zfCWG3kByslnqd3CVPsElA/Sqv8Awwx8KrP/AJFnxv450TH3f7K8Wzpt+m/dXtFFfIy4M4SlLmWBpJ94wUH98HB/ifXR4w4qjHl+u1Wu0puS+6amvwPF/wDhkzxlpn/IsftcfEuHH3RqerR3gH/faDNH/Cj/ANrHSjnQv2y3nQdINV8EWkmfq4bdXtFFL/U/I4/wlUh/gr14/wDuaRX+tudS/iunP/HQoS/9xI8X/wCEb/b10n/kH/Er4davjp/auj3Vvu+vknij/hKv28dJ/wCQh8Kvh/q+Ov8AZWuXFvn6ecOK9ooo/wBWHD+DjsTH/uNzL7p05fmH+sin/FwWGl/3C5X98KkfyPlD9orwb8Tv2h9Ah0z4w/sN3yahpzeZonirwt46tBqOlzA5ElvIF3rggHacqSASMgEcL4b/AG6f2rv2SvB97o37WvwP8S67pFpH5WgeP5NN8klzhYotR2bkBJIHmq25sDh2JYfdNUfEnhrw/wCMdAvPCvivRrbUdN1C3aC9sbyESRTRsMFWU8EVyS4ZzalVnXoZlU53Fr3oUXd2aXM4whez2bi2vNaHiZhLKsXWjicNgqdCunFuUJVXGaTXu1KcptTi1pdShON/cmtj5K/YE+PR/aL/AGhPFPj/AMcadDca9c+HYm0i8smJtLKxjkVHgiUliu55EfO45w3TJz9h18m6j+xv8SP2NfFd78Y/2BrO2vdNu0U+JPhZrdyWjvo1yc2V1IS8EvJIRmKknuAqV7D+zf8Atb/Cr9paxurPw1NdaT4l0k+X4h8G67D9n1LS5QcMJIm5ZQeN65HIBwcqM+C8Fjcgy7+zszq8+Ic6k+dq3tOeXNfm2lJL4tpaJcvKla8/4twnEGdpvDfVZckIRp83NTfJGz9jJ293qoO043fMpNuT9Rooor7Y4gooooAKKKKACiivOf2jf2o/hV+zH4Zh1nx9qM1xqWoSeToPhvS4vP1DVpyQFighHLZJALHCgkAnJAOVatSw9J1KslGK3b/r+uiZjiMRQwtGVWtJRit29v67LVt6JN6HbeK/FnhjwJ4cvPF/jPX7TS9L0+AzXuoX86xRQoOrMzHA/wAivlnXfHHxq/4KPx3ngb4Mi98E/Be6WS01zxxe2m3UPFEByksFhDIP3cDDKtKw5Bx2aM6XhT9mj4w/te+I7P4uftywrp3h61nFz4Y+DllcFrW2/uTak4x9pmx/yz+6OQQAzR19QWdnaadaRafp9rHBBBGscEEKBUjRRgKoHAAAAAHSvMcMTmq99OnRfTac159YRfb4mt3FOx4zhi86X7xOlh39nadRf3usIP8Al+OS+JwTsfJX7H//AAST+H37KHxx/wCF3H4p3/iO5sI508PWc2mLbCyEqNEzSMsjee/lOyghUHzE7emPrmiiuzA5fg8to+yw0OWN27a7v1ud+W5Xl+UYf2GDpqEbt2V9311bf/A0Ciiiuw9AKKKKACiiigAooooAKKKKACvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvgz/gt18XNXj8O/Dj4L+Df2dfjF4z1XTPi74G8a3954B+Ems65YQaXYa/HPdBrqyt5IluEitpH+zlvMKtGduJFz950UAfnL+034Q0Hxd+3t8Cv+CtWufshfEfxv4CtvhprfhPVPDsnwtvZ/EPhS/a8E1lqcuhyxfbSrL9thJSFnjE0b42uGHr//AASJ+Enjn4feFPjL8QtW+DuqfDfwl8SfjZqfif4dfD7W7BbO70nSpbSzgaWW0B/0Frm5gubn7MQCgmBYBnYD67ooA+ePgF8MfDfwu/b9+L+n+GtS8Q3Meo/CvwPfXDeIvF2o6w6Svqvi4FYnv55mgi+UYhjKxKclUBY59z8Qf8hbQ/8AsKv/AOklxXlvgf8A5SF/FD/sjPgP/wBO3i+vUvEH/IW0P/sKv/6SXFAGpRXnH7QX/DXf/Eo/4ZW/4Vv/AMvH9vf8LB+3/wDTPyPs/wBj/wC22/f/ALGO9eb/APG3b/q3D/yv1w1sd7Go4eyqSt1jC6+T5l+R5uIzL6vWdP2FWVusYXT9Hzr8tz6Por5w/wCNu3/VuH/lfo/427f9W4f+V+sv7T/6cVf/AAD/AO3MP7Y/6hq3/gv/AO6H0fRXzh/xt2/6tw/8r9dJ8I/+HjH/AAsLT/8AhfH/AApT/hFP3v8Aav8AwiP9r/2j/qn8ryvtH7v/AFvl7t38G7HOKqGY881H2NRX6uFkvV870NKea+0qKH1esru13Tsl5t87su7sz2uiiuV+Onwc8FftD/Bbxb8BviPYfadA8Z+HL3RdYhAGWtrmB4ZNuejBXJB7EA9q9E9U6qvlz/goH/wVe+En/BOqacfEr9nP41+M7aw8MjX9Z1b4bfD1tR07SrDzZYjJdX0ssNtAwMLko8gbaVOPmXPwXN+1h8ZvEv8AwRW03/gl/L4iZPj9f/Fb/hmLUZVyXiWGbyp9UK53tb/2EokM2cFpN249/sf/AIK8/DDwd8Ev+CFfxk+DXw70sWWgeE/gjLo+iWa/8sbS2tkhiT3wiKKAPrf4deN9J+Jvw+0L4kaDb3ENj4h0a11Kyiu0VZUiniWVFcKzAMFcAgEjOcE9axP2gvjTbfs+fCjUvitdfDPxn4xXT5IEXw78P/Dsmq6tdtLMkSiG2QgsAXDMxIVEVnYhVJqj+yR/yal8Mf8Asnui/wDpDDXoLBipCtg44OOlAHyv8Jf+CtXwh8cfHTwz+zr8Yv2c/jN8F/E3jh5ovAyfF3wTHYWniCeKMySW1tdWtzcw+eIxu8qR0Y5AALMAfqmvyx/ac+GH7VH7PH7df7LPxh/4KVftQ2Hxu8B3XxitfC/w+07wf4Og8J/8I/4x1K2njsdRurQPdPqUIEcicXUXkMwfZICyn9TqAMvwf/yCZv8AsK33/pXLWpWX4P8A+QTN/wBhW+/9K5a1KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDE+IHw1+HvxX8OS+EPib4I0rX9Lm/1lhq9hHcRE/3grggMOzDkdjXzvff8E4tV+EN7L4k/YV/aH8R/DGdpDK3ha7lOq6BcMTkg2twSYi3ILqzFQflUV9R0V3YXMsbg4uNKfuveLtKL9YyvF/cn5nBi8swOOkp1Ye8tpK8ZL0lFqS9LteR+f37Wf8AwUw/bp/Yk8L2HhT41/s6+CZfEerSyDQ/F+maxNPpGoRw7PO/0TKTxuPMj4aRAd+QMDFdN/wSjktv2um8Qft9fGmaTWfH7a9caFpyzW+yx8PWkcUUgh0+Ms2wMtxhpCd5ywzku0n1L8d/2cvgn+014QTwJ8c/h/a+INMiuBPBDPLJFJDIBjdHLEySRnBIO1hkcHIrT+FPwk+G/wADvAtl8NPhP4RtdD0PT1ItbC0BwCTlmZmJZ2J5LMSx7k17dbOsreSOjh8P7PETdpSjonG92ldtpPS8VZabtPlPCo5Hmqz1V8Rifa4aCvCEtZKdrJu0Um462k7vXZNcx0dFFFfLH1gUUUUAFFFFABRRRQAUUUUAFeQftIfsbfD74/X9r490rVLzwj4+0kZ0Lx34ebyr22YDhJcEC4i7GN+xYAruOfX6KxxGHoYqk6dWN0/6uuqa6NNNdGc+KwmGxtF0q8VKL/Po09010aaa6M+ZfA/7YXxH+Animz+DH7fWi2ujXN1KIPD/AMTtNQjRNbPYTHAFnORyVbCdThF27vpiGaG5hS4t5lkjkUNHIjAqykZBBHUVl+OPAng34l+FbzwR8QPDNlrGkahF5d5p9/AJI5F9wehB5BHIIBBBFfNE/wAL/wBo/wDYGnfWf2fI9R+JHwpRi958O725MmraDHnLNp0rZM8Y/wCeDZPGBks0g87nxeW/xL1KX8284/4kvjX95LmXVS3PJ9pjso0q3rUf5t6kF/eS+OK/miudfajLc+raK4f4C/tF/CL9pXwaPGvwl8VR38KMI7+ykHl3VhL3inhPzRuMHrwcZUkc13FenSq0q9NVKck4vZrVM9mjXo4mkqtKSlF6pp3T+YUVT8Q+ItA8I6Hd+J/FOtWunadYwNNe317OsUMEajJd3YgKB6mvl3U/jD8dv2+NRn8G/sv3194J+FyTNBrXxSuLdo73WFB2vDpcbYKKeQZzgjnG0rtfnxeNp4VqFnKcvhit3/kl1k7Jeb0fJjsxo4Jxgk51JfDCPxPz7KK6ylaK7t2T6747/tmapb+OJf2dP2TvCkXjj4kMNt6BIf7L8OLnBmv5l4BU/wDLIHcSMHBKq2j+zl+xnpfwv8TTfG34y+K5fHnxQ1KP/iYeLNTjGyyUg/6PYxfdt4gCVG0BiCfug7B3XwI/Z8+FH7N3gaLwB8JfDEen2gPmXdwx33F9NjmaeU/NI59TwOgAAAHa1hRwVSrVVfGNSktYxXww9P5pf33/ANuqK35sPl1atWWJx7UprWMV8EPS/wAUu85K/wDKorcooor0z2QooooAKKKKACiiigAooooAKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPGfA/wDykL+KH/ZGfAf/AKdvF9epeIP+Qtof/YVf/wBJLivLfA//ACkL+KH/AGRnwH/6dvF9eoeKWNrJpurOjGGy1DzLgqpJVGhlj3YHYGQE+gyaANaisoeOfBJGf+Ew0sfW/jH/ALNS/wDCc+Cf+hw0r/wYR/8AxVAGpRWX/wAJz4J/6HDSv/BhH/8AFUf8Jz4J/wChw0r/AMGEf/xVAGpRWX/wnPgn/ocNK/8ABhH/APFUf8Jz4J/6HDSv/BhH/wDFUAalFZf/AAnPgn/ocNK/8GEf/wAVR/wnPgn/AKHDSv8AwYR//FUAfOVn/wAEjv2VrH/gpRN/wVJhv/FJ8fS2bougtqcH9hRXj2Cae+pJbeR5gu2tEEJk83aQSduTmrf/AAUD/wCCZ3hv/golo7+D/iF+1v8AGrwR4YvNBk0nXPCPw48TWFnpuswu5ZmuormxuDI+DtyGUbQBjvX0F/wnPgn/AKHDSv8AwYR//FUf8Jz4J/6HDSv/AAYR/wDxVAHj37H/AOwyv7IPw61n4Y237Wvxk+Imn6nY29np0nxL8S2d7NoUEMLxLHYtbWduIQVYZ3B+Y0xjBzVX/gn54f8A+GPfD37H7/tT/G4p4ZuVuLD4lx/EN4vFssyzSyh59QjiUTD980ZRoyjRqqspxXtf/Cc+Cf8AocNK/wDBhH/8VR/wnPgn/ocNK/8ABhH/APFUAfMfwq/4JC/Bfwf8cvDX7RPxs/aI+M3xt8S+CJnuPA7fGHxvHqFn4funXYbq2tLW3toBPt4EsiO4wrAhlVh9YVl/8Jz4J/6HDSv/AAYR/wDxVIfHXgsD5fFumueyx3qMx+gByfwoAXwf/wAgmb/sK33/AKVy1qVmeEIpo9DEk8LRme6uLhUdcMFkneRcg9DhhxWnQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeD/Hr9iex8XeMj8ef2d/F8nw8+JkKk/27p0Q+yauOvk39vjbOjYAL4LDgnftArzTX/wDgq1a/s3xv8O/20Pgn4g0Tx1ZqhMHheGG6sdVgbcFvbaSWZNsTMjAqSSp4ySGC/YdfMn7eH/BNDwd+234m0bx2/wARrrwxrelWIsJbtNNF5Fc2gkeRYzGZI9rK8khDBv4yCDxjwMzweOw9KVfKtKresdOWV93Z2Sku6av1voz5fOcBmeEozxOSWVZvWDtySvvLldkpre6cebXmvoznPhN8NPHP/BSCz0r9oP8AaT1qC3+Gks5ufCHwu0S/LwXPlyMon1KZcec4ZSPKGApGCF+dW+t9M0zTdF06DR9H0+C0tLWFYra1tohHHDGowqKqgBVAAAA4ArlP2fvgl4T/AGcvg5oXwV8ES3Emm6FatHFNdMDJM7yPLLI2OAWkkdsDgbsDgV2Vd+XYN4agpVNaskueV7tu2qv2TvZKyS2XV+nlOAeDwynW1rTSdSTd25W1V/5U7qKSUUtl1ZRRRXoHqhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV4z+wf/yRDXP+yzfEf/1Ndbr2avGf2D/+SIa5/wBlm+I//qa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeM+B/+UhfxQ/7Iz4D/wDTt4vr2avMfib+yD8Fviz8SJfi54km8a6f4guNDtNIu77wj8UfEGgC5s7aa6mt45YtMvreOUxyXt0Vd1LDzmGcYAx/+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9cjrP7AWjSfHjw3qOj/Ev4wp4Hi8I63H4isz+0d4y3y6q91pR06QZ1XfhYE1QHawXMi7gx2FQD6Uorxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLej/hg/4I/wDQ8fGb/wASO8a//LegD2aivGf+GD/gj/0PHxm/8SO8a/8Ay3o/4YP+CP8A0PHxm/8AEjvGv/y3oA9morxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLeuR+Cf7AWjWHg29g+MvxL+MN3q7eLvEElnLD+0d4ywulPrF4+lx/u9VUZTT2tEORuyp3FmyxAPpSivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9morxn/hg/wCCP/Q8fGb/AMSO8a//AC3o/wCGD/gj/wBDx8Zv/EjvGv8A8t6APZqK8Z/4YP8Agj/0PHxm/wDEjvGv/wAt6P8Ahg/4I/8AQ8fGb/xI7xr/APLegD2aivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9mor5r+JH7AWjXXjL4fz/AA7+Jfxhg0i28XTSePIpP2jvGWbnSjo+pJHGu7VScjUH05/kKtiM87dyt13/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV4z/wwf8ABH/oePjN/wCJHeNf/lvR/wAMH/BH/oePjN/4kd41/wDlvQB7NRXjP/DB/wAEf+h4+M3/AIkd41/+W9H/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV81/Df9gLRrXxl8QJ/iJ8S/jDPpFz4uhk8BxR/tHeMs22lDR9NSSNtuqg5OoJqL/OWbEg527VXrv+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//Lej/hg/4I/9Dx8Zv/EjvGv/AMt6APZqK8Z/4YP+CP8A0PHxm/8AEjvGv/y3o/4YP+CP/Q8fGb/xI7xr/wDLegD2aivGf+GD/gj/ANDx8Zv/ABI7xr/8t6P+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//LeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9H/DB/wAEf+h4+M3/AIkd41/+W9AHs1FeM/8ADB/wR/6Hj4zf+JHeNf8A5b0f8MH/AAR/6Hj4zf8AiR3jX/5b0AezUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9cjo37AWjR/HjxJqOsfEv4wv4Hl8I6JH4dsx+0d4y3xaql1qp1GQ41XfhoH0sDcxXMbbQp3lgD6Uorxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t6P+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLej/hg/wCCP/Q8fGb/AMSO8a//AC3oA9morxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t65H9n/APYC0bTfgP4J0747/Ev4w3vji38I6bH4zvIP2jvGWyfVVtYxdyL5eqqmGnEhG1VXB4AGBQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezV4z+wf/AMkQ1z/ss3xH/wDU11uj/hg/4I/9Dx8Zv/EjvGv/AMt6774N/BvwB8A/AEHwy+GVhf2+k29/fXoGqa5ealcy3N5eTXt1NLdXsss8zyXFxNIWkdjl8DAAAAOoooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvy0i/Zk+Gv7cXwj/bD/bB+OAvbj4m+D/ih440D4XeM49VnhvPAVr4cjNvpx0xkcCzPn27XchQDzmnbzN6nFfqXXxx8YP+CWfxM8U638V/CfwO/bNv/h98Mvjrqk2o/FHwVB4Kgv71rq6to7XUpdK1F50OnG8hiUSb4bnbIzyR+WzcAHu37D/xb8T/AB//AGLPhB8d/GqqNZ8bfC7w/r2rhIwgF1eadBcS4UcKN8jcdq+I/wDgoF+x9+yp8EPHfw4+HX7Dfw2k0j9qfxv8SNL1fwt4p0bWLubWLTS7fU4Z9a1TVrmSV5JNLFp9pgeKctHI9xHFGhbAX7msPgr458G+Ovh5bfCT4sxeGvhn4J8L3ej6l8NYfDUFwmr/ALq3i0+Rb52860FokMgEaAiXzvnI2DPzF8FP+Can7fHwM+Onj39oLRP+Chfw71zxN8RddF1r2v8Air9nm5u9STTo2/0bSIJ08RRpBaQISscccSruZpGDOxNAHV/8FNf2cf2YfE1lF8c/il/wTG8Q/tGeJV0ptLtbXwxHZS3emW8QlmRlF5fW/kZeVwJLVZLjcw+U7Vx8tfDnUdd+Of7E37Bn7HXxA+PF5448L/Fzxtqdv8SNattUvlfVtO0fTdX1EeHrma4WK5dI57W3spxKsckn2F1dRudT92/Hr4Lftz+M/Htzrf7Pf7ceheBfD13YRwtoOtfCCHXJrOZQQ09tc/brbazZB2zRzqCOBg4rz64/4JO+BPDn7I/w5/Z1+D/xn8QeH/FPwn8ZN4x8FfE2+tIL++XxBNPdzXt1dwERx3MN0b+9Sa3BjUpPtUoUQgA5r9jLwJ4W/ZD/AOCn/wAW/wBiX4G6Z/ZHwx1H4ReGfH+ieELWVzYeHNSn1DVNNvI7OIki3juFs7eZolwgdWZQNzZ+168I/ZK/Y38VfAz4leO/2iPjn8bv+FjfE74iJp1prXiO38Npo9jZaZYJKLPT7KyE05giVri4lYtNI8kkzMzcKB7vQAUUUUAfMH/BZn4r/EP4Nf8ABNj4keLPhT4ru9B16/8A7H8P2eu6fJsuNNXVtYsdLluonHMckcV5I6uOVZQwIIzXkUv7NPwY/wCCcn/BSX9mjwp+x94R/wCEP0L4u2vivwx8RNCsb2Z7fXPsOjNqlnqVykjsJL2KW0kQ3R/eut26uzAgV9e/tT/s3/Dz9r39njxd+zT8VRdroXjDR5LG8uNPm8u5tWJDxXMLkELNFKscqMQQHjUkEcV5F8Ef2D/jRpv7Q/hj9pX9sH9rgfFjXPh94bvtH+HlvY+BIdAttN+2iJLzULlI7mc3d9LFBHF5gMUSI0gSFTISAD2X9oD9nP4O/tSeAR8Lfjr4UfXfDrX8V3caQdRuLeG6ePOxJhBIhmiycmJyY2wNykDFfH//AATO8DfDKz/bk+N+rfsM6AdC/Zr07w9pnhxbDS7iQaBqvja2ubr+0rvR4ixSOKG3a2tZ5IAscs8ZxvMTNXrX7SX7Gf7Yn7QX7Ivjb9m2D/goPNoeu+L/ABffXEXjm1+HMKS6d4anuWdNBSG1vLdjsgK2xvRKkzoGb5WbK7H7Iv7L37Uv7OXgYfCLxV+0X8OLvwdpPhb+yfBeh/D34KSeHToUqhVimDT6xfJOqKG/dtGNzHcznkMAfGXxw+Bn7Pn7Lv7ePwI8K/s3fsX+Iv2fXi+NOn2Wp/Hmd0j0jxlZvBKG0AyWd1czXcmoOyQodTS3AdCVcybFe/8AtjfsJ+JtE/bY+Pn7bnxd/wCCVHw1/aM8C61pfh650t/EHimzj1zTbTTNJ8u++w2VxZTJO7tkiN57cuYABu3LX0dqv/BPr9qD44eL/A7/ALaP7dNn468I+AfGen+K9N8LeFfhXB4efVdUsJRNYyahc/bbozRxTBZTFBHbq7Iu75RtO9+0d+yj+3b8bdV8WeFPBn/BRKx8H/D/AMWwtayaLa/CC2uda0qzkgWKeGz1Nr1I0Zv3jLLLayvGZOD8q4APY/2cfij8L/jf+z94I+MXwSwPB/ifwpp+p+F0FuIfLsJrdJIEMY/1ZWNlUp/CQR2rtK5T4FfBjwH+zl8FfCfwB+F2nyWvhvwV4cs9E0O3ml8yRLW2hWGPe/8AG+1AWY8sST3rq6ACiiigD4d/aQ+FXgH9tb/grnpv7Jv7Svh2PxR8NPAv7PS+M7TwRqUjHTdR1vUNbnsBd3MAIW5a3t7FliEgZY2u3YAMQa6j/gj9qut6P8PfjP8As73Gv6hqOhfBv9oXxD4N8Ey6pfSXU9voiQWV/a2hmlLSSrbjUGtkLsWEcCLn5a7n9p39i/x/8Tvjv4a/aw/Zq/aAi+GnxL8P+Grzw1d6rqPhJdd03WdEuJo7g2l1Zm4tmLRXESywyxzIyM0gYOrlap/C39hn4jfAD9lq++DXwF/amv8ARfH/AIh8ct4t8ZfFfVfCVnqNxrWpXWpR3eps1i5WCJbiFXtIwp/0eIxldzRgkA47/gpZ+zf/AMEyfDvgfxV+2J+2/wDBuDxLqA06HTdMknvbu41Ke7K+TZ2GiwrL+4vppCFj+yqkjSNuZsKWHLeD/i3+19+zB/wTP+Bf7OHxA8R/2l+1D8RvD9p4Y0OTXLgXkmnXxgMt1ql+5P79NMs8yzuSRNNEke4tcKT0v7U3/BO39qn47ftt+H/2vvA37Z3hHS7DwVo/2bwD4D8bfBybX7Lw/fyLtudViaLWbISXki5jWWSNjFGSqEZZm9T8b/sLfBz9qD4beFfD3/BQz4Z/Dv4z+I/DK3Ri1u/8Ara2aSTuu97aznuLprbckcCsPOfcYg2RkKAD8+P2edf1X/gnZ/wSX/b8u/2f/FOoy6v8OfjJ4yh8Pa/qF6bm/N3/AGPpES6lLI2TJP5rm4ZjwXycY4r2Dxp+yT8Hv+CZPx9/ZN+IP7LWm3Glan44+JS/D34oXMepTyv44tb3QdRujf6kXdvtV1Fd2EVwtw2XBd13bGK16f8Asz/8ER/2Nv2dfAfx5+Gtp8PfDk+k/HXV9Xiv10TwzHpk2k+Hb61hhXQ4pEkctFC0csqSDYA82RGpXJ1fgr/wTj+MWh/Fr4a/ED9qb9sy6+KemfBa0uU+GGif8IPBpDxXcto1iNR1OdLiX+0btLR5YkdEt0BmeTyy5BAB9ZUUUUAFeX/tu/FvxN8Af2L/AIvfHfwWqtrPgr4X6/r2kq8YcG5s9OnuIsqeGG+NeD1r1Csvxt4M8M/EbwZq/wAPfGukx3+ja9pdxp2rWE2dlzbTxtFLG2OcMjMp+tAH5jv+zL8Nv2IPg/8AseftifBH7bb/ABP8YfFDwNoPxR8aSarPNeePLbxGgt9S/tNnci8/fXC3cZcHyWgXy9ijFfpT8XPhR4I+Ofw31b4S/EmwurvQdcthb6pa2ep3FnJNFuDFPOt3SVA23B2sCQSOhNfLfwg/4JY/EvwrrXwo8IfG/wDbNv8A4gfDD4FapDqPwv8ABM/gqCxvRc2ttJa6bJquopO/9omzhlby9kNtukVJJPMZefXfiZ8CP2s/GXhH4x+HPCP7bDeH7nx0kEXww1GP4f2sr/DyMWkUM+zbNG2pPJKs06yTMhiaUKMqgyAfMH7O3wW+Bfw4/wCCutv4H/4JueBYfCngb4feANVsP2jV8MzSR6Be6zcvaPo+nmLcYpNWgC3U8sqjzI4p1SR8yBK8f/bt8ZXv7Z/x6+B/7YsfiGRfhn4H/a/8FeEfg/ZR3W2HW511jZrHiJ1BxJE00AsrRjkCK3uJl+W6Uj67/wCCfX7Cn7Uv7Dvh3w/8I739qP4ca/8AD3R4bhr/AEXRPgpd6VqurXsqsz31xqU2vXZkuJJ286WR4XaUkjK5BHG/tHf8G/X/AATb+NMPhH/hAP2XPhn4Hn0D4i6T4i1240/4fW0za9p9rOZLnSZdrx7YrlTsdzvAHJjfpQByv/BRX9gT4l/Hb/goFpf7UQ/4J+/DH9oXwbpfwSXw7H4a+InjC30zyNT/ALWluzNaiayuleQQkIN4iQ+cf3owa+nP+CdHxi+BPxy/Y58HeNf2cPhY3gTwtbw3Wkw+BJLCK1fw5d2V1LaXenNFESiGG4hlT5flYAMOGFUfjN+zx+2bf65bWP7Jn7aHhv4Y+ELbw/baZa+FdR+DkGt/2eYQyia0n+3W3lnYY1EcqTRr5QwuCQer/Y0/ZS8EfsVfs7aH+zz4E17VNYg0uW7u9R17XJVe91fULy6lu7y9nZFVd8txPK+AAFDBRwooA9RooooAK+Mf+Cj+gad+0B+2t+zF+xD8SxNefDbxxN4w8R+OPDguXit/EB0WwtPsdjdbCDNbefqHntASUkNqm4MBivs6vEv2xf2P9S/aT1LwH8T/AIZ/FubwB8Sfhfr0+qeB/GC6KmpwQi5tntbyzurN5Ixc2s8D4dFkicNHG6yKU5APHv8AgnD4f039n79tj9pz9iL4ZLNZ/DbwRJ4P8SeB/DZuXlt/D51qxu/tlja7yTDbedp/nrApCRtdPtCg4r079uT9mT/gn54+8OXf7SX7fPgfw/qvh/wJ4eme4vvGV7M+maZahjI832Uv5JmJwFk8szE7UQ5IBzvg5+wz8VfhB8O/jB4isv2qZbv44/GNmudW+L7eCrcQaVdw2Is9N+y6Q8rxfZbNFVkt5ZZDIzSmSRvMOOS/bf8A+Cdf7TP7X3ij4TavaftneHbHSPhqsWoap4R8W/CRtY0rxP4giUCLVrqC31WyB8pgZIrZi8SSHfhiq7QD598P/sfftR/tRf8ABBnxh+zvo/gfUZp/G/js6r8JfBHxK1p0vNM8FjxTa3+nadqE9x5joU06EnY5kdI2SIgsuwd7+yF4y+Cn7HHxY+JvwJg/4Jg+BP2fPijb/Ce58b6enw91G21PSvGGjWUjRNsvIbS0l8yC5ljV4JYUYC4V1LKc19NH4S/tx33wDuPBuqftmeFbb4inWlubLx1onwfEOnpZqUP2SXS7jU7gybsOGlW5jbDjbtK5blv2ff2EfiD4X/aO1f8Aa7/a1/aNi+Knjy98Et4P0ZdO8Fx6Doui6LJcpc3EEFl9ouXeSeaOJpJpZ3JWJEUKowQD4XsPgd4R+Av/AAS2+Av/AAVw8KXd7N8fdV1z4feLPG3xCbUpm1DxYviPVtPg1LSrxt+JrQw6pJGlvjZCIIzGEKZr9eq+KPh9/wAEivGHhXTfAfwD8V/tg3+v/AL4X+MbXxD4J+F03g2GK/DWVwbnTbC+1b7QxvLK0m8tkiFvG7CCJZJHCnP2vQAUUUUAFflpF+zJ8Nf24vhH+2H+2D8cBe3HxN8H/FDxxoHwu8Zx6rPDeeArXw5GbfTjpjI4FmfPt2u5CgHnNO3mb1OK/Uuvjj4wf8Es/iZ4p1v4r+E/gd+2bf8Aw++GXx11SbUfij4Kg8FQX9611dW0drqUulai86HTjeQxKJN8NztkZ5I/LZuAD3b9h/4t+J/j/wDsWfCD47+NVUaz42+F3h/XtXCRhALq806C4lwo4Ub5G47V8R/8FAv2Pv2VPgh47+HHw6/Yb+G0mkftT+N/iRper+FvFOjaxdzaxaaXb6nDPrWqatcySvJJpYtPtMDxTlo5HuI4o0LYC/c1h8FfHPg3x18PLb4SfFmLw18M/BPhe70fUvhrD4aguE1f91bxafIt87edaC0SGQCNARL53zkbBn5i+Cn/AATU/b4+Bnx08e/tBaJ/wUL+HeueJviLroute1/xV+zzc3epJp0bf6NpEE6eIo0gtIEJWOOOJV3M0jBnYmgDlP8Agoh+wB8TPjX/AMFDov2qZf8Agnf8Mf2h/B1j8DrTw3B4d+IXjG20yS21OPV727kktFnsrpHk8mWNB5nkofNx5owaofHr4T+FP+Cov/BMn4AXn7Ev7Knhq98G+HfixpOq6j8HPG1zDo1haWOjvf2d/o1yFhnSMJcI1sQkUoP3grLX1V+0H8Ev27PHXjq61f8AZ1/br0L4f+H7zTY7dtE1f4PQa7PZzDcHuba5N9b7XYFTtmjnQFfu4JFYHgf9hf4pfs0/sn+CP2Zv2I/2oj4MuPCd9c3WqeI/GfguHxI3iOW6luLm7ku4hPasskt3cPcFoZY9p+UDbxQByP8AwS38RfAvwT4v+J/7JvhP9gzw3+zt4/8ABdzpmp+MvB3hG4tbrTNWtb6KUWWp2t5bwwfao2FvNG2+GOSNoirKMivsGvAv2Qf2KvEf7P8A8S/H37RXxs+O1z8Svif8SV0628Q+Jf8AhH4tIsbTT9PSVbOwsbGOSX7PChuJ3YtLK8jyFmY4GPfaACiiigD5g/4LM/Ff4h/Br/gmx8SPFnwp8V3eg69f/wBj+H7PXdPk2XGmrq2sWOly3UTjmOSOK8kdXHKsoYEEZryKX9mn4Mf8E5P+Ckv7NHhT9j7wj/wh+hfF218V+GPiJoVjezPb659h0ZtUs9SuUkdhJexS2kiG6P711u3V2YECvr39qf8AZv8Ah5+17+zx4u/Zp+Kou10Lxho8ljeXGnzeXc2rEh4rmFyCFmilWOVGIIDxqSCOK8i+CP7B/wAaNN/aH8MftK/tg/tcD4sa58PvDd9o/wAPLex8CQ6Bbab9tESXmoXKR3M5u76WKCOLzAYokRpAkKmQkAHsv7QH7Ofwd/ak8Aj4W/HXwo+u+HWv4ru40g6jcW8N08ediTCCRDNFk5MTkxtgblIGK+I/2Gk+HPwn/ac/aP8Ai7+wf4RbTP2cPB3gK306HRtLuJBoOt+ONPe9l1G40eIkxxxR2/2a0nkhCxyzxnG8xM1e7ftJfsZ/tiftBfsi+Nv2bYP+Cg82h674v8X31xF45tfhzCkuneGp7lnTQUhtby3Y7ICtsb0SpM6Bm+Vmyu9+xp+y/wDtFfs4+Frf4R/E/wCNfwx8Q/D3SPDiaT4b8HeBvgvN4bTT1Uqo3SS6xfLLH5YdTH5almfcXPIYA/N79hP4j+Frb4JfBf8A4KZ/tqf8E7v+EgPjrxZpE2tftLa14/W58R6drOoagtvb3Y0wR/6HoqXkkVrDFDc8W4jZrbDEH6M8Ffsk/B7/AIKcftB/tY+PP2ptNuNV1HwP8ST8PfhhcS6lPE/ge1s9B066+36aUdfst1Ld38tw1wuHJjRd2xQtdj4T/wCCO3jLQ/BfhX9lbXf2yr/VP2c/BPjG017w/wDCt/BMEepPFZ341Cx0q61n7QxuLGC5SJggtkmZIURpiBmuy+NX/BOX4x638W/iV8Q/2WP2zLn4V6b8aLO2j+J+i/8ACDw6u8t1DaCx/tHTJnuIf7Ou3tEiid3S4QmGOTyw4JIB1f8AwSY+O3j79pr/AIJp/BH46fFPUJLzxJ4h+HenTa5fzD5726SMRSXLf7UrIZDjjLnHFfQ1cr8Dfgz4B/Z0+DHhT4B/CzS2svDfgzw9Z6Lodq8m90tbaFYo97fxuVQFmPLMSTya6qgAooooA+A4/wBmr4Mf8FG/+Ck/7S3hP9sHwh/wmGg/CKz8KeGPh5oN/ezJb6J9v0ddUvNStkjdRHeyS3UcYuh+9RbRFRlANeuf8EZvit8Q/jJ/wTa+HPir4q+LLvX9d09tZ8P3mu6hJvuNSXSdZvtLiupXPMkkkVnG7OeWZixyTUvxv/YQ+NGpftD+Jv2lv2Pf2tx8J9e+IHhux0b4h2994Eh1+21L7EJUs9Qt0kuYDa30UU8kQkJlidBGHhYxgnqPhh+xxrv7OHwT+D37PH7LHxvu/CPhX4aapbt4kg1HQLfVbnxhpqw3H2i1mmlKm1mnuplunuYhu3oyhQrnAB8w/wDBX/8AZP8A2H/h58HfFvxM0P4O3WoftI/FK8m074L6romt3Z8UT+LZkP2OTTpzNvs7e2cJcTeWY7eKCFy4wcNzv/BRvxt8efG37WH7NX/BPDxh8Ipvi2mufDXVvEfjjwhD4qOg6N4r1myS0gRtUu1jZl02EteXBhWKUSzPaq0LAceveJ/+Cb/7a0n7cfi39t/wT+3j4EOq6xYrpPg3T/G3wIuNYbwbow5awsZItftUXzXAeabylkmYKGO1VUemftK/sR/EL44eIvhd8evAn7Qlt4L+M/wus7u1sPHEHg1b3TNTgvreKLUbW50uS5VmtpnhilRFuRJC0a7ZW+bcAfKWvfBrQv2wf+CWX7Qn/BPP9lT9jbRPhH8RfDvjax0jxd8JG8QxSaRb3zT6XqAube7VFjazuLARyqywxkkODCG+96d/wTzj+BP7OX7XGufspah/wTG8B/s6fEjX/A58RaVf/DrU7XU9L8VaNbXccEyreRWdpIs0E08Ja3lhHyyh1Zhk16X8KP2C/jR8FPhd8QL/AMBftfyf8Ln+J/jODxL4x+K2p+A7a4triaGK3torOPSvOVYrNLS2jt0jE5lUFn84seLv7PX7DXxQ8J/tO3P7ZP7V37TSfE7x9B4Ok8LeGF0fwZH4f0fQNLmuY7m5EFoLm6keeaWGEvPJOx2xKihVyKAPpCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDzP9sX9rT4O/sMfs0+Lf2qvjzq81p4Y8Iab9pvRaxh57qRnWOG2hUkBpZZXjiQEgbnG4qMkfLnw9+Mv/BwB+0L4Ls/jf4C+An7NXwu0PW7Vb3QvAHxP1PX9Q19LZxujF7cWPlwWsrIVJQRSNHnDqGBUc1/wdBaBrd5/wAExIvHEGk3F/oPgv4reGNf8aWdvEZDLpEN55c25B95Q8sTHsAuTwM1+gnhPxX4a8eeFtN8b+DNdtdU0fWLCG+0rUrGYSQ3dtKgkjljYcMjIysCOCCKAPiD9tv/AIKRftsfsif8E5/Df7TPjz9m7wl4P+J938T9L8LeIPCOrapLrWmJb3Govatd209tJbs6ywqk8W45TzArqxU1931+dn/BzPdWt3/wTp0Q2tzHJ5fxz8IJJ5bhtrDUBlTjoR6V+idAHyr+xZ+3H8Wf2jf2+P2q/wBlnxv4e8O2vh/4Ga94ZsvCV5pVpOl5dx6jp81zObt5JnSRleNQnlpEApOQx5Hy3+wx+3d/wXy/b2/ZBg/bN+DHhb9lC40661DVYLHwVqWi+I7LUb02N1LbtEtz/aEsEckhiOxmGzLDcVGSO/8A+CVv/KYz/gol/wBjh4C/9Mt1Xy3/AMEH/AP/AAWC+IP/AASt0Twv+yT8e/gT4F8B6j4h8SQadrmv+DNW1HxPprtqlys0yFbtbN2Ehdow0WANobJyaAP0y/4Jf/t8eGv+Clf7GXhf9q/QfBVx4ZudVkurHXvDV1cec+l6jazNBPCJNq+Ym5d6NtUlHXKq2VHG/wDBRr9v74xfs5fF34Q/scfsk/CXQfF3xk+ON/qkfhRfGOqy2eiaPZabbC5vL69eFWlkVYz8sUeGfa+DlVR+/wD+Cbv7B/w+/wCCbX7IHhf9kv4d+Jb3XYdC+0XGqeIdSiEc+q39xM01xcsgJEYZ3IVMttRUUsxBY8//AMFE/wDgmL8I/wDgohZeD/EOv/Ejxl8PvH3w41G4vvh78Svh9q/2PVdEmnVFmRWIIeKQRx70OCQgAZctkAzfgHq3/BZ/RfjT4e0j9q7wr+zjr3gDUWuE8Qa18MbrW7DU9HZbaV4XW31BpY7lGmWKI7ZFYCQttwpr3f4x/tB/AT9nbQYfFX7QPxv8IeBdLuJTFBqXjHxLa6ZbyOBkqslzIiscHoDmvze1j4q/8FTP+CRf7X/wH+Fv7SH7aen/ALR3wf8Ajj8RbbwNBJr3g630nxF4ev7oqsE6y2zN9pjVmDO8jP8AKrDbGWVq2f2SPgr8H/22P+C0n7X3jr9sjwHo3jjX/hFqHhvw18NPDHjCwjvrTw5olxYPcG5trWcMivcyDzDNtLAlgpAcggH6LfDL4ufCj41+E4/Hvwa+J3h7xboUsjRxa14Y1qC/tHdQCyiaB2QkZGRnjIrl/A37ZX7IHxP+Is3wg+Gn7Vnw28ReLbdnW48L6F450+71GIpneGtopmlXbg5yvGDmvi3/AILzeDPCH7EP/BGX4wWX7HngLRvhfYeLvEWkxeL7rwNo8WnRww399Y2F9dmO3VVDy2yR27sBllbnnmuR/wCC0v8AwT4/YK/Zf/4I3+Ivid+z38IPCXw/8QfB/TNI1j4XfEHwvp9vaataajDeWyW8i30SiWd7gsFdmZvMaQOcuFYAH6ReMvjb8GPhz4r0nwJ8Qvi74Y0HXNetL260LRtZ1+2tbvUYLOLzruWCGV1eZIIj5krICI1+ZiBzWb4E/af/AGafij8PdV+Lfwy/aH8DeIvCmhXUttrnifQvFtneafp08SJJLFPcxStHC6JJGzK7AqsikgBhn81/+CgHwj8Pftq/8FOv+Cb/AIP/AGmvCkd7ZeI/BXjPWPGPhy4jKwXk8WiafetaTx9HhNxGqyQsCroGRgQxFVP+C13w2/4RX9rP9kb9ib4AfsZeD/E/w68b+K/E/iXxF8HbTV7XwlovjTWNM061NnFe3CW7xMIU/e+VJG4n8qOIjhSoB+mPwY/al/Zk/aQN8P2eP2jPAnj3+zCBqX/CF+L7LVPshJwBL9mlfy8kH72Old3X5P2/7IH7evib9uj4CftJfCT/AIJDfDL9m9/AnjFLfx74m8B/F7TLoa14VuU8m9sLiytNPtBcBVKyxli5Ro8KoJBH6wUAfNPgz9sz4kfGj/gpd41/Y++Duj6CfA/wh8D2lz8T/Et/aTTXZ8Ral+807TbQpMkaLHapJPOzLIxLxxgRnLHE/wCCSn7ePxZ/bS+G/wARPB/7Tnhjw7oPxc+D/wAUNV8HeP8AR/C1tPBYs0Eha1vLeO4mmkWGaE8M0jbmikZcKQB5X/wQfaXU/H37bfiPxPk+JJv21/F9pemT/WCwt4rNbFOeTGqNIEPp0rnPjH4h0H/gmj/wXq0r48eJdVh0T4XftZ/DmfSvF2oXD+Xa2XivQIfOtrqZhwvmWP7lRjLPJI2Tg0Ae6eNv28Pi/rP/AAV/8H/8E5fgX4c8N3nhzSPhpe+M/jZr2p2dxNd6bDI4g0y0tHjnjjhneYo7iVJd0MoKhdpJzfh78VP+Cq/7Qn7Jfgb4m/s+fGD9kPVvF95qesR+Mda0r+2dd8LXMEV48VoumzWd6r+aiIVuPMdwJQyqF2kV5v8A8EAfDGvfHHwz8ZP+CsfxH0qaDXv2mfiPcah4djvE/fWXhPTWex0m2OeQQqTZIwHURNjoav8A/BsH/wAoYvhr/wBjB4q/9SLUaAPPPgj+2h/wXn+OP7bHxv8A2ItE1b9kWy1r4GweHJdb1m68F+KDa6iNYsDewiALqhceWg2tvA56ZFfoj8Aofj/b/CPR4f2pNS8HXfjxUm/4SC48AWV3b6Q7edJ5X2eO7kkmUeT5Qbe7ZcORgEAfEP8AwT5/5WAf+ChH/YP+Fn/qNtXvVh+1h+31c/tHt8K73/glN4itvAY8WyaavxSb4u+HGtzpi3DRpqv2AXH2vY0QE3kbPNAbaV3AigDL/Zb/AG4/iz8bv+CoP7Uv7FHivw94dt/CvwQtfBcnhTUNPtJ01C7Or6Sby5+1u8zRyBZBiPy448Lw28819U1+eH/BPn/lYB/4KEf9g/4Wf+o21fQn/BWj9qDVf2Pv+CdvxT+N3hR5T4lh8NtpXg2K25ml1vUHWxsBGo5dhc3ET4HOEbpjIAPOP2e/26f22f2s/wBlz4xftE/s1fBTwL4muNP+L2peG/gTpV/qU+mW2u6JYX0NjPql7dvJIGzIt9IqxJHlbdUwWbNVP+CT/wC3R+3B+0z+0F+0V+zX+3T4L+F+j+JPgnrXh+yg/wCFXR6gbWX+0bS4umEkt7M7TFFSFdyxxDdv4YbTX0B+wL+zBpf7F37Fnwx/ZZ0tIs+CfBtlp+oTQ/duL4Rh7ucf9dLhppPq9fKf/BLH/lL5/wAFDf8AsdvAv/pknoA+2P2g/j18Lf2Xfgl4n/aF+NfiaPSPC3hDSJdR1m/k5KxIOEReryOxVEQcu7qoyWAr48/4I7f8FLv2wf27Pj3+0H8Jv2tvgb4Y+H8nwxk8K3nhjw/pEF0NRtbHXLO8v4YNSkmnkSS6jt0tFfy44QshmBXoF8+/4Kt/HH4ia7/wUI+G/wAGPi9+xP8AH/x38AfhzY2/jbUl+E3wmvvEFt4v8UiVhp9ndvEFiFpZBTctEXYyTGIOhVQa80/4JLft36b44/4La/tevH+yb8dtK/4WzrXgRIBrnwvubY+E/sWhXaE67ub/AIlYn6wGTPmryKAPu34V/tmfEJf+CkfxE/YA+O2iaHZyJ4QsvG3wf1nR7aaE6zoLv9lvYLkSyyKby2vFwTHtDwyo3lptJb6Tr8+v+CgrzaT/AMF3P2BdQ8J5GqalY/Eyy11Yv+W2mJolvKolx0RZcsueC9foLQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAGf4t8JeFvH3hbUvA3jjw7ZaxousWMtlq2lalarPb3ltKhSSGWNwVdGVipUgggkGvjDSP+CE/wAFfh5aTeEv2df23f2oPhR4Kkmd4Ph38P8A4xyQaPZB2LOlstzBPPbKSScRTL14Ir7fooA+TvjP/wAEa/2S/i/+wnpv/BPaz17x34U8FaV4li8QW+reHvE/m60+pLdyXj3Ml5qEd0XkkuJZJHYrnLfLtAAHN+GP+CM+ueGfEuneJH/4K/8A7aupDT76G5Onap8YbGW2uvLcN5UyDTAXjbG1lBGVJGRX2rRQB4z8AP2HPhN+zl+0r8Z/2pvBHiHxFdeIPjnqWkXvi2z1W7geztJNOtZLaAWiRwo8askjF/MeUlgMFRwT9gf9hz4Tf8E6v2atL/ZZ+CfiHxFqnh/SdSv722vPFN3BPeNJd3UlzIGeCGFCoeRguEBCgZJPJ9mooAK8H/bF/wCCfPwx/bK8Q+GvHmufF74oeAPFXhGC6t9B8WfCrx5caJfQwXLRNNC+wNFOjGCP5ZI2HBx1OfeKKAPkf4Jf8Ebf2ffhl+0DoP7Ufxd+Ofxi+N3jfwisv/CF6t8afHf9rR+HXkG2SWztoYYII5CP4zGxBAYEMoYbv7Vn/BKf4A/tQ/G20/ae0b4lfEn4T/E+30kaVdfEL4O+Lv7G1HUtPB3La3YaKWC6jU4x5kTMNqjdhVA+m6KAPCvhj/wT4+DXg79mjxb+yr8VPGnjr4veHPHlzczeL7z4v+LJdav9RE8EMDR+cQnkxqkEflpCsYjYF02sS1eI+F/+CBf7Kthd+F9C+Jv7Qfx2+JPgHwVqMF74U+EXxF+Jbah4Y0+S3/49l+yiBJJ44RgRxzyyIFG0gqSp+46KAPH/AIs/sU/Cv4x/tdfCT9tDxPr/AIgg8U/Bmz1628L2FhdQLp90mr2qWtybpHhaRyqIDH5ckeGyW3jipf2yP2Iv2e/27fhna/DH9oDw3eTx6VqsWq+G9d0TU5bDVdB1GLPlXtldwkSW8y5PIOCDhgw4r1uigD5U+CP/AASl8PfCP4p6D8VfF/7d37TPxLl8NXf2rRtD+I/xbe70yOYIyLJLbW0Futyyhjjz/M555NfVdFFAHyZ8F/2WvjH+zL/wVQ+KHxc+Hng4ah8Ifj54ZsdZ8UXkOoW8Z8NeLtNUW2TbySLLJDfWrhi8SyFZrc7wisGPX/8ABSr/AIJpfs8f8FUf2fbf9nT9o6/8Rafplj4gt9a03V/Cd5Bb6hZXcSSRho5J4JkCtHNKjAoch+MEAj6EooA5j4J/CDwN+z78HfCvwK+GWmGz8O+DvD1nouiWzEFo7W2hWGMMQBubagJbAyST3rhv2Ef2KfhX/wAE9f2ZND/ZS+C+v+INT8O6Beahc2d74ouoJr13vL2a8lDvBDDGQJJ3C4QYUKDk5J9gooA8Z+Dv7Dnwm+CP7YHxj/bX8KeIfEVx4q+N8OgR+K9P1C7gfT7QaRZGztvsiJCskZaM5k8ySTLcrsHFezUUUAfFfxq/4Ik/DX4rftb/ABC/bO8D/tz/ALSHwr8VfE9dKXxbafCnx7Y6VY3I06xisrYbG0+WQ7Y4y3zyN88shG0NtHPan/wRa8anx98NIdZ/4KAfGP4neCPDPxV0rxx4r0X43eLI9anluNIgvDp1vYGC1gWGN7q6WW4Em8SC1gwAU5+9aKAON/aB+EE/x8+D2ufCK2+LXjLwK+tQRxL4s+H2rpYaxp22VJN9tO8cqxsdmwko2Udh3yPjP4S/8G/Xw8+Cvxf1j45eBv8Agpr+13D4h8T6tY6h4xun+KOnD/hI5LQbYFvimlq1wgjzHgtnYzAEZr7+ooAK8b+Bn7EPwo/Z/wD2pfjR+1x4N8QeIbnxJ8dLjQpvFtlqd3A9jaNpNnJaWws0SFJIw0cjGTzJJcsAV2Dg+yUUAfJnw/8A2WfjH8S/+CtPjD9uf46+Dho/hjwB4Cg8DfBGxl1C3uH1Bblxd6rrbJDI5ty7lLSNJNshjidmRMrn6zoooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/9k=" } } ] } }, "considerations": { "users": [ "Who are the intended users of the model?" ], "useCases": [ "Who are the intended users of the model?" ], "technicalLimitations": [ "What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?" ], "performanceTradeoffs": [ "What are the known tradeoffs in accuracy/performance of the model?" ], "ethicalConsiderations": [ { "name": "The name of the risk", "mitigationStrategy": "Strategy used to address this risk" } ], "fairnessAssessments": [ { "groupAtRisk": "The groups or individuals at risk of being systematically disadvantaged by the model", "benefits": "Expected benefits to the identified groups", "harms": "Expected harms to the identified groups", "mitigationStrategy": "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented." } ] } } } ] }cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-machine-learning-1.5.xml000066400000000000000000003034201476011761300305340ustar00rootroot00000000000000 Acme Inc CompVis stable-diffusion 1.4 Stable Diffusion is a latent text-to-image diffusion model capable of generating photo-realistic images given any text input. For more information about how Stable Diffusion functions, please have a look at 🤗's Stable Diffusion with 🧨Diffusers blog. supervised task goes here the architecture family goes here The architecture of the model. dataset Training Data https://example.com/path/to/dataset public string string The type of performance metric The value of the performance metric The name of the slice this metric was computed on. By default, assume this metric is not sliced The lower bound of the confidence interval The upper bound of the confidence interval Performance images FID vs CLIP Scores on 512x512 samples for different v1-versions /9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAMEBgUGBgYFBgYGBwkIBgcJBwYGCAsICQoKCgoKBggLDAsKDAkKCgr/2wBDAQICAgICAgUDAwUKBwYHCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgr/wAARCAH4AxgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPDv2yv+CkH7G3/AAT/ALrwpYftYfFe68N3PjiW8i8K2tl4S1XV5dQe1WJrgKmnWs7LsWeI/OFyG4ztbGN+y9/wVb/YY/bK+Jp+D/7PHxO8Qav4gXTZb82mpfDPxDpMfkRlA7efqFhBDkF1+XfuOeAcHHyZ/wAFx/ird/BH/gpn+wN8U7D4UeLfHE2j+KfHUieFPAmnRXerahu0qyj2W8U0sSOw37yGkX5UY5JGD9i/smftw69+1R4r1Twvq37DPx4+FKaZp4uk1T4teE7HT7S9JkCeTA9tfXDNKM7iCqjaCc9qANj4f/t7fsnfFH4O/Ef4/eBPit9u8JfCTWNa0v4hat/YV/F/ZV3pMIm1CPypIFln8qMht0KSK/RC54rwnSf+DiL/AII+6xY22sJ+1feWenXao1vq+r/DHxLY2LK33W+03GnJCFOR8xcDnrXyt+wD/wAodv8Ago7/ANlg+NH/AKaEr7a/4IwWNlqf/BIL9njTdSs4ri2uPg3osdxbzxh0lRrNAysp4YEEgg8EGgD6G+F3xW+GPxu8B6d8Ufg58QtF8VeG9Xh83S9e8P6lFeWl0mSCUliZlbBBBweCCDgit+vzQ/4Je+GNH/ZN/wCC1X7Xn7C/wZtE0z4YXGjeHfH2h+FLQbLPQNSvLeNb1LeMfLCkzyBtigKqQxKoAQV9Zf8ABUXVP2qfDP7A/wATPHX7FPjt/D/xL8MeHX1zw5crpFrf/avsbLcT2fkXUUiOZ4I5oVwAweRSGBFAHvtFfB37Zv8AwVc1Sw/4I0eH/wBt39lSaMeP/jNpOiaJ8JdOjiiuHj8TauywJbqkqtHLLav9pYo6sjNaFWDAkHgv2/v2yv2sP2eP2i/gZ+w744/4KA+GvgRo+v8Awqk1Txd+0j4s8Eafdp4j8RWskVvLptulysenWLuC10xdAoWRFUL8quAfpdRXhH7BugftAaX4C1PWPjJ+3l4f/aD0nVLmKbwl4x0Pwhp+lGKEKwlikOnSvb3PzbSsiBMcgg9a8O/4ORPj78R/2dv+CPvxT8U/CjXZ9J1nWxpvh5dXtpSj2Vvf30NvcuGHKloHljDAgqZAQcgUAdj8TP8Aguz/AMEnfhN451P4d+KP2w9KvNT0SYxayfC/h/VNbtrBwSGWe6061ngiKkEMGcbSCDgg16F4w/4KZ/sI+CP2Qbn9vbVP2ktEvPhFZywRXXjTQIbjVIIpZbiO2SIxWUcswk86WNGTZuQt84UAkdh+yh+y58G/2Mv2fvDP7N/wI8IWWj+HfDOlxWsEdpbrG11IqASXUxUZkmlYF3kbLMzEkmvhf/g5o+Fvw2+FP/BC3426b8MvAek+H7bVfEug6nqNro1hHbRXF5Lr2nebcMkYCmR9oLNjLHJOSSSAfpbXnfgb9q74BfEn9ofx1+yn4K8e/bfH3w1s9NuvGug/2XdR/wBnQ38PnWjefJEsM3mR/NiJ3K9GCnivRK/PD9hr/lYa/bm/7E/4b/8ApnoA7zUf+Dhr/gkNpGo6pp2o/tS6jENF1SfTtWvT8LfE5s7S5hkMcqPdDTfJXawILb9vfOOa+svhR8Wvhj8dvh1pHxd+DXjzSvE/hjXrQXOj67ol6lxbXcRJG5HQkHDAqR1VlKkAgivx4/4Iz/8ABVf9ib9kL9lL4q/BL44ah4u1TxRJ8dfGV0nhDw18Lta1l9ShmugqQpLb2j2jPJtZdjzLjPzbQc19af8ABuV+zf8AG39mz/gnjcaX8b/hlf8AgWXxb8Sdd8UeGfAWqxmO58N6PdyR/ZrKSI8wsPLeTyyAyiYbgrblAB9c/tH/ALT37Pv7IXwtu/jV+0z8XNF8F+F7KVYpdX1u7EaPK2dsMajLzSsFYiOMM5CnAODXi3wH/wCC0/8AwTL/AGlfilo3wU+Ef7TsNz4q8RSFNA0bWfCmr6RLqTBSxFub+0hWY4BPyE5A4ry//gtj+yx+1P8AFXxd+z5+1l+y78F9M+K118BPiFc+INa+Eep6vFZf8JDBNBGizQSTgxC5tzGWj3AkNJuUOV2NF8Dv+C437PPxa/aC8Ifsr/tmfsffFL4CfEXxDqiJ4Hs/jB4NWPTtT1HIVI7C/BKvMWbYrlIwWdUVizhSAffNFfBPxj/aW/bl/bK/4KM+Pv8Agn3+wx8bdF+D/hv4J+HtHvvir8T7vwhBr2qXGparC1xZabY2t0fsyJ9nVneaQOQykADbhus+N3x4/ac/4JOf8E8/i9+1B+2D+0XY/HS88G2iXfhK+XwTb+HZ5ZJ3htLazu0tHaJgbuaPM0aoQjn5MqMgH2VRX5gfGnX/APgul+yR+xhP/wAFI/Hn7aXg7xrqPhnQIfFXjz9n5/hXY2OkQ6ZtWW8s7TVInN6JreEuRLIzhzEflPAboP8Agob/AMFC/wBsC68d/sQyf8E7/GOlaZaftJ3F7Nc2PirRYLq0msrjSbS6tbi5+UzKtqty9yY7eWJpTF5ZfDZAB+j9Ffmz+3B+19+2B/wS4+GXgv4M/Ev9vbwb43+JPx1+IZ0vwp8Sfin4S0zwx4f8BaVBbI+oXk6WsiJcLFuQxJNJuZ51VncKEfz3SP8AgqB8Sf2Rf2j/AIQaXr//AAWa+C/7XHgz4o/EKw8F+KPDnhqz8PWGu+F7i/LJbarapo9w5ls0mCpMJlYqrqAxZwVAP1oor8uvjt+3V+0d8Sv+ClvxW/ZD13/gqT4N/ZE0f4frpEfgLStf8D6TeXvjuK7tBNJqC3WtMIGjWUtEsVv8/wApDYZCW/Qb9mDw98Z/C3wQ0XRPj/8AHPS/iV4njE73PjjRvDselQatA8zvbSi1ikkjjbyGiVtjFWZSwwGwADv6K+P/APgrB+2p8f8A9n2/+Dv7LH7H9tokXxZ+P/jl/D/hrXvEtqbix8PWNvEJtQ1N4Aw+0PDEyFIidpLEndt2N5R46+Of/BRr/gl7+058ENI/az/a4034+fCf43fEG18AX2qXnw5sPDuq+FtfvEY2EkP2AiO4tpXSQOsilkVCdxOMgH6L0V+b/jP49/8ABTb49/8ABZH4y/sE/s7ftMaN4B+H/hf4deHdc/4SPUPA9lq11oEk8f7yOyidU8+e5kbJe6klihjgk2xFnXHoH/BN/wDaX/bB0r9tn42/8E2/21fi3pfxK1r4b6RoviTwf8SrDwxBo1xq+lagjh4ru0tv3EcsMqqoaMAMCxPYUAfbGrarYaHpVzreqz+Va2du89zLtLbI0UsxwAScAHgDNfFuif8ABxP/AMEifE2lw654c/aO8S6hZXAJt7yx+Cvi+WKUAkEq66SQ3II4PUV9h/EDSb7X/Aet6FpkQe5vdIuYLdCwUM7xMqjJ4HJHNflZ+zFr/wDwWR/4Inf8E4vCmifF39jb4U/ED4ZfCbQLm48XW/gf4jXf/CUWenG4mu7q88ue0W0l8hJXYxxyMSsR+YDLAA/TL43ftJ/Ar9m34OXn7QXx5+Jum+FPBthFBJea/rLtFDEJnVIgQRu3O7ooXG4lgMZrhf2KP+Ckv7FP/BRSx8S6p+xp8bY/Glt4QvILXxDPDoOoWSW0syyNEAby3i80MI3O6PcvHJGRntvh34x+CP7Y/wAAPC/xX0bSNO8UeCvGuiafr+ixa1psc0csEqJcW7vDKGCyLlTgjKOvYivi7/gkVaWtj/wU4/4KA2VjbRwwxfFPwykUMSBVRRpEgAAHAA9KAPpf9rP/AIKZ/sLfsN+JdM8EftQftC6b4b1/WbL7ZpXhyDT7vUdSurfe6CZLSyhmnMZaORQ+zBMbAHINbX7JH7eP7In7dvhnUfFn7J/xz0nxhb6NdLb61a2yTW17psrZ2rc2lykdxb7trbfMjXdsbGdpx6Nc+FfAmneJrj4oXfhzSYNZGlLZ3XiKSziW5FjG7yrC9wRv8lXkkcIW2guzYBJNfnP/AME8b/Sf20v+C1/xq/4KWfs3aCLP4L6b8MIPhpF4rt4fKtviF4gg1CO4uNTgwMXEVtHF9lFxyGCx7GILAAH6XVy/xr+M3w1/Z1+EfiP47fGPxJ/Y/hXwlo8+qeIdV+xzXH2S0hQvJJ5UCPJJhQTtRWY9ga/P79pz/gqN+0d/wSK/aK8eeB/217bXvix4E+IdrNq/7M2uaF4bt4r2XV8pGfBl0tjAil/MkjaC5dGdoixZpX+SP0jX/wBmb/gor+0B/wAEa/ij8GP2qPiHp/in44fFfwPrHk6FBZ2OnaZ4ZlvoSLbRYZII08yO3DKjTzPLIz7z5jrtoA6H4df8F4/+CXXxY8U6F4N8AfHXxNf33iXULWy0Qf8ACnPFkUNzNcOqQ/vpNLWJEZnX947KgByWAya9y/at/bO/Zc/Yd+HcHxX/AGsfjRpHgjQLq/FlaX+rM5+03JjeQQxJGrPI+yN22qpOFJr4XH7av/BSv/gkF+zv8Pb/APb6/ZL+Gur/AAQ8I6TofhbxL44+Efji9vNT8MQKkFjDf3lpeWkQuEaTywywHgyDBJwG/RzXvB3w7+JVppuoeJ/Cmja/BaTrfaRNqFhFdLBIUIWeEurbG2OQHXBwx5waAOD/AGOv23P2YP2/fhG/x2/ZI+Jw8W+FI9Xn0t9VGjXtji7hVGkj8u8hikOBIh3bdp3cE4OOE/aY/wCCvH/BOf8AZA+J1z8Ffj5+0zYab4vsreOfUPDGk6HqOsX9nE8ayI88GnW87who3RwXC5Vw3Qg14N/wbfgL+yx8Z1UYA/ap8c4A/wCvmGvuDxTd/Bj4GaP4q+Oni1fDvhazFp/afjTxVcww2okitoAgnu58AuI4Y1QM5O1EVRwAKAMj9mb9q39nP9sn4XwfGf8AZf8AjBovjTw1PO0H9p6NcFvJnUAtDNGwEkEoDKTHIquAykjBBPoNfnJ/wQp8Nav8Vfjx+1N/wUh8GfD+68H/AAm+P3jrSrj4V6Dd2RtW1G1022nt7jXvIIHlLfyy+cCQGYhycjYx+zf21PjF8Rf2ev2RPiX8dPhF8Pz4q8UeEfBGpatoHh4RO4vrqC3eSOMpH87ruUEonzMAQvJFAHp1FfmT/wAE6fjP+1h+2Na+AvjD4L/4L9/Dfx3qGof2fq/jX4M6Z8KtBj+y2zGOW80xRHMmpWrpGZIlnl3HcocpjIr1X/gq3+0ZrvwF8b6FJrH/AAWT8C/sweHbvQw0Oj3vw+0/Xdd1i7E0okuI1vHfZbKnlJ8lu3zh8uMgUAfcNFfnp/wRN/4KheKv2yvip8Yv2W/HH7R3hX40N8MG0q/8L/GLwl4cbR4/EumX0cm5bmy+5Bc280Rjby8I4cYHylm8p/4J3/ET/gtr/wAFK/2U/E3xi0L/AIKDeH/hxN4e8eeIdG8Jzn4T6Vqdx4ka1u3Ef21nRIbW1T5LZRBCZj5csryMSqUAfrDRX5YfsiftE/8ABYr/AIKufsEWf7a/wl/af8JfAm6stKu7XRvCumfDq11tPFep6fuiurm8nvmY2NvNdRSwpDApeJULmWQkIHftP/8ABXr9pnX/APg3P8K/8FQ/gTeW/hX4ja2+hx3iafptvcwm5/ttNOv4oYryOZFjlaOYJuVmRZBhiy7qAP1Nrz/x3+1J8Cfhn8fPAX7MHjfx19i8c/E631SfwPof9mXUn9pR6dAs94fOjiaGHy4mVsSuhbOE3Hivg39s34nf8Fkv+CdXwCH/AAUh+KH7WfhH4g6D4au7C9+KXwDsPhtZ2FhY6bc3EUNxHpeqLI15JLbGYBZJ3ZZApkKjHlN0n7YniXR/Gf8AwXJ/4J9eMPD1z51hq3hH4l3ljNtx5kMugWzo2O2VYGgD9DqK/LX48/8ABUjxv8ff25fip+zH4B/4KmfB79kvwR8GdRt9Fu/EPjQaJeeIPF+stHvuhbW+sTpDBZ25/dGQI7M4ODhsR7P7H3/BW347eJPhf+1V8JZfiL4A/aK+IX7Ovg//AISLwL4++GBhbTfiDZ3Gnz3FskkFjLLHHdRTwGGeKBsEuFQbhuYA/TGivy//AOCdPxy/a3/bV0fwJ8Y/Bv8AwX5+G3izW9USw1fxj8EtO+FOgoLGFtkt3pYVZk1OBo0MkQnkydyBymOK/UCgD59/au/4KnfsG/sSeP7D4UftIfHhdI8Ualpn9o2vhzSfDWp6zf8A2PeUFw8Gm21xJFGWVlDuFBKnBODXvtjeW+o2UOoWjlop4lkiZkKkqwyDggEcHoea/H/4C/sxftveIP8Agvj+0To2gf8ABTLXtI1jRvAvhS91TxAnws8P3Emq6XO8ksOlGKWAx28cKjYJogJZM7nJYZr3Hwt8dv8Agon/AMFNv2tfjh4I/ZI/ay034C/Cr4FeNpPAya1afDyw8Rat4o8Q26A35kF+TFbW0LsiqqLvcMDuBJ2gH6KUV+ef7N3/AAUO/ay139m79r/4G/tE6lokXx1/ZY0fUkm8ZeG9LSKy1qCbSLm+0fVhaS+YkUrrAXeAhowVHGGKCf8A4JK6l/wVU/bC/Z++DH7bX7Sn7b+maToes6Db3mo/DLQvhlprf8JFaeS8a3d7qDAPBPcPi52WkcMcSlI9rfMSAfoLWX448Z+Gvhx4L1j4h+M9S+xaPoOl3Go6teeS8nkW0EbSyybIwzttRWO1QWOMAE8VyP7Wn7Q/hv8AZJ/Zh+IH7Tvi3Tpb3T/AXhC/1y4sIHCvd/ZoHkWBWIIVpGVUBPALAmvzm8Rr/wAFqfij/wAEvPFP7ffj79rzwdfL4x+EWoeJrj9nmL4ZWsGmWug3enSTfZINWWT7aL1bOTzFeQyJ5wEbIy5egD7v1z/gop+xx4b/AGZPCP7Y+tfGHyfhv47vNNtfCniP/hH9Rb7dNfyeVaL9nW3M8XmOcZkjUL1YqOa1P2t/25P2U/2FPB+m+Ov2qvjBZ+FLHWtRFhosbWNze3Wo3O3cYre1tIpZ5iBydiNtyM4yM/nHpP7S3xp/ZV/4NyP2UfiL8CPF0Wi6xfan4E0a6u5tItL0PZXd4Ip4vLuopEBZCRvCh16qynmtD/grN8B/2p/G/wDwXM/Y2svh/wDtz6v4STxcfiA/gFYPAGj3y+BpLLw1atePCLmJhqBvOQftW/yN2YdpoA+1viD/AMFa/wDgn18KfgL4O/aV+I3x+Oj+FPiDc3EHgtr3wpqy6lq8kEjRzLDpn2X7cdjL8xMAADIejoT7L8FfjN8O/wBob4V6L8afhNq9zf8AhzxDafatJvLzSbqwlli3Fctb3ccc0Ryp+WRFPfGCK/J39s39lr9uiX/gtb+yh4Guf+CoOvy+I9Q8A+LX8M+MX+FHh7zPD0ltpNrHfyR2v2fyJzfMrO/mqfJ37YtqgCvV/wBsv/go18Xvh9+1n4W/4Jg6H/wUZ+GPwX1Hwp8LLDXviz+0R8VbPSIbrV759sMVrpunXUsNkLmfa11KMNHGkoCKNm1wD9NKK/OP/gnX/wAFJvHepf8ABQK+/wCCeXxK/bw+GP7Tek638P5fFfgb4t/DwaZDdW01vcLFdaRqdvpcslssgRhNHIgTKKcglgE47/gm/wDFD/gsD/wUh0D4l+Lb39vXTPht4X8BfHHxD4b0O/sfhVpOqapr0NrdAiCXzUSC3tYYmjhUrE1xI5mZ5RtQUAfqbRX5KTf8FU/H37afxz+KH/CJ/wDBZX4Jfsj+A/h746vvCfhTRfEUHh7UPEXimSyISfVbmPWblBb2bykiFYkDMqsGYFdzdR8Kv+CuXx5+LP8AwSn/AGsPHdl8XfBWrfFv9nK01rTrL4ofDhbW+0PxCIrM3Gna1bRv50H7xd2+E+ZGHibgBtigH6h1z/jv4s/Cv4Wz6Ha/E34l+H/DkvibXIdF8Nx69rMFm2ralMGMNlbCV1M9w4VtsSbnbacA4NfmP42+J/8AwW80D/gmLpv/AAVVb9uHwhY6honwtsfG+o/BU/Cmxl03VNNSzjuZlu9RyLpbuW33Tv8AZxDEkjGKNFUCSsP/AILTXvxi/ay8NfsB/tF/CT9ovUvAekfEX45eBZ9B0KHwxp9//YurajaT3dtrIluIy00tvG5jFs/+jvncyE4oA/XSivNP2VvhP8ffg58OLjwr+0b+1ZqPxh16XV5bmDxTqfhDTdFkhtWjiVLQQadHHEyqySP5hG8+aQThVx4F+3h+1V8fP2PP2/P2a/EF948x8Cfiprt38PvGuiTaXa7NP8R3UZl0a+W5MXnqZZFkgZDKIgqbthY5oA+yK+W/2kv+C1X/AAS9/ZH+Mb/s+fH79rbR9G8axXsFpc+G7TR9Q1G5tpplR4kmWyt5fJLLIjDeVGHB71znx0/aq+PfjP8A4LCfCP8AYK/Z28ef2R4c8O+BtT8ffHiSHS7W5N1pzMLTS9OEk8Tm3eS63SP5ZSUxEEMAMnyb/g5b8A+BNB/4Jwap4w0PwVpNlq+rfFjwe2q6paabFHc3rLqluoMsqqGkIVVUbicBQOwoA/SCiqHijxV4Y8EeH7rxZ408R2GkaVYxebfanql4lvb26dNzySEKg5HJIFfLn/BRP9pjx94p/YH+KfxH/wCCZX7Tvha9+JXgDQV8RWv/AAjl1pmuCW3tXE9xaSwMJgPPtoriNCAr79u1gQaAPrKivhH9u3/gqZrmmf8ABIrwr+1x+xzexr8QvjrD4f0H4M2jQw3Lx+INZZESIpKrRvLbL9pYo6Mpe22spBIrk/8Agob/AMFFfi7+zh8bfg7/AME1tC/bT+G3wv8AGfiH4eDxF8TP2hPizHp0FtZWUB+yCSzspnt7Sa+vLuKdhEdscaI5WMjlAD9GqK/Mn9j3/gpf4+8Cf8FFfAX7DXjn/gpb8Kv2sPC/xf0LV5vDXjbwNHo1tq/hfVtNt/tT2moQaPM9ubae3EhikKo7SRsvIQ5pfsv/ABa/4K3/ALfP7Tv7Unwf8Eftv6Z8L/A/wl+OGpaF4a8UQ/DHS9Y1V4gAIdMijnRIFggRfMeaZZp5WuUUOoQkgH6h15/+1H+1H8Cf2LvgTrv7S/7S/jn/AIRrwT4a+y/23rf9mXV59m+0XUVrD+5tYpZn3TTxJ8qHG7JwoJH54fFv9t/9qDx5/wAFFPiX+xt42/4KveDf2UrL4cWmiW/g2DxB4A0e4vviH9psVmn1RZ9YYW4j8/fGsFr8wwVJBQlvTP8Agqx8dP20P2Fv+CEvj744W/7UGjeLfiv4ZGkPY/E3TfA1hDa38F14ksoEl/s6YXNqGNlceW3DqWzIm07doB+gdFfFX/BSH9r39qWw/aw+Dn/BNf8AYd8SaJ4V8efFi01TWvEXxG1/RV1KPwnoNggLzwWbsqXNzLJujQSEoCmGHz74+R8E/tE/t5/sHf8ABRT4U/sZftpftF6Z8bPAfx80/V4fBHj5vBFnoGq6FrenW4uJLO5hscQTW8sTKEcIr73A4CMWAP0Dor8y/hL8ZP8Agqz+2n/wUC/ar/Zg+FX7Y2lfDPwB8J/Gul22ieKG+HOm6xqlqLiwEi6daxTIkJj3LJNLPc+fJzEkYQFmHXfsc/t8/tq6b8Fv2uPhD8erHTPin8Yv2WLi+XRtV0DQ/wCz18bwvpUl/pnmWcBIhuJTGUdIePnVVBYFmAP0Gor8tf8AgnT8fv2vf24vDfgf4yeEP+C+3w11zxNrENlq3i34Gaf8J9CA0xW2S3Wk7POTU4mjXzIhcOSSyb9pHB/UqgAooooAKKKKACiiigAooooAKKKKAPjP9v39lH4+/Gz/AIKU/sZfH/4Y+Av7T8I/CfxJ4uuvH+rf2paw/wBlQ3umW8Fs3lSyrLPvkRlxCjlcZYKCDX2ZRRQB+b/7IH7BP7WPwu/4JsftrfAHx38KfsPi34t/Ej4nap8PdJ/t2wl/tW01bTlh0+TzY52ig82QFdszxsnVwg5qp+xB8Vv+Cx/7LH7Fnw1/ZOsf+CMNxda14F8E2Gg/8JHr3x/8N2+nTSwQrH9oZLWS4nCZG7YqliOMjqP0rooA+Qf+CYf/AAT++Mv7N3jv4r/tiftj/EHQ/E/xz+OesWl54xm8LRSrpGh2FnEYbHSrEzASPHFGdpkcAvtjBBMe9/r10SRSjqGVhggjIIpaKAPyK/Y8/wCCSP7avw3/AOCiPhb4NfFbwFaQfsm/s/8AxM8WfEL4LamuvWco1G81QQNp2nNaJM1xF/Z8s97MkjxIpcS8kMm77W/bq8b/ALYWm+K4PAvw4/4JkeF/2iPhnqehRPqltqHj/S9Nu7XUhNOHje01WM29xAYvIKuJFYM0gIIxXb+P/j1+0X/w0XrPwF+BHwL8Fa+nh/wVouv6nq/i74k3ejEnUbvVbeOCKG30e+3hP7KdmdnTPnKAvykl3/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5w/4I2/sH/HX9lz4w/Hv9oH4ifArwx8EvC3xc1rR7nwj8A/B/iCPUrPwybO2khuLt5LdEtUmumZXKW42KFAJIVAPpv9uv8AY9+HH7fX7JPjj9kT4rXM9to3jXSPsrX9qgaWxuY5EntrpFPDNFPFFKFPDbMHgmqf/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfNPwb+NH/Bcb9ln4caZ+z/8AFH/gnT4f+PN/4ZsY9O034reDPjPpmiQa5bxKEhnvbPU0We3uCiqZWjEqs5YquMZwf+Co/wCzH/wU0/b2/wCCKfxH+B3jb4N+Dbj4y+LfEWmXeieA/A/iWP7JYadBq9jOtu99qDQRy3CQwyvJJlUZsiMY2ivrT/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegDwW1/b8/4LEy3McVz/AMECNbijaQCSU/tLeE22KTy2A+TjritT9lP9lH4+/Db/AILKftW/tWeNfAX2LwD8SvDfgm18Fa9/alrJ/aM1hpvk3a+RHK00PlyfLmVEDdVLDmvZv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDxn/gh3+yj8ff2Pv2W/Gvw5/aL8Bf8I7rOr/GzxPr+n2f9qWt35unXdwj282+1lkRd6gnYxDr/Eor7Mrxn/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegCt+2T8Sf27/ha3hjxL+xj+zR4S+KtiJbtPGnhnW/G39g6iVIh+zSWNzLG9ucHz/MSUDP7vaw+avj39pL4Cf8FLP+CtXxa+DHgz4/8A7EOjfs/fDT4V/FnTPHuu69rXxM0/xBrerzWAkEdjYxaaGS3WTzWDySOP4WAzHsk+y/8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APm74x/s1/tzfsZ/8ABRrx9/wUD/YZ+B+jfGHw18bfD2j2PxU+GN14wt9B1S21PSoWtrLUrG6ux9meP7OzI8MjIxZiQTuyvW/HD4DftN/8FY/+Cefxd/Zf/bA/Z1sfgXeeMrRLTwlYr42t/EU8UkDw3dteXb2iLEoF3DHmKNnJRD8+WGPZP+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD4n+NWg/8F0f2uP2MLj/gm747/Yq8H+CtR8TeH4fCvjz9oCT4q2N/o82m7VivL200uJBema4hDgRSKgQyn5hwV9V/aD/YA+KOk/tO/sFQ/ADwRLqnw+/Z1m1fTvE2rT6pawvpmnDQIdPsnaOWRJJy7RBSIUcg8kAc19B/8Jx/wUL/AOjX/gz/AOH41b/5l6P+E4/4KF/9Gv8AwZ/8Pxq3/wAy9AHkP/BXH/gn58Qf2wrH4WfHP4EaP4O1n4i/BHxfLrfh/wAK/EK283RPEtlcQiG+0u5Ox/KMsaRmOUqwR4xkDdvThfgjoX7UXiz4s+FtO1//AIN8/hF8LNPg1y1l1/xxqvj7w3fnTrdJVaSaxg060aeacAZiL+SAwBbGK+mP+E4/4KF/9Gv/AAZ/8Pxq3/zL0f8ACcf8FC/+jX/gz/4fjVv/AJl6APBP2zNa/bM+IXjPxF8KPHf/AAQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV1//BFf9iz41/sFfsMad8B/jxrGmnWH8T6rrFr4c0PUZryw8L2d3cGWHSbaeYBpY4QSS2Mb5HwWADt6Z/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AHkv/BV/9iz4/ftBah8Hf2qP2QLjRJfix8APHL+IPDWg+JLs29j4hsbiIQ6hpjzhT9neaJUCSkFVKkHbu3r5R47+Bv8AwUZ/4Kh/tN/BDVv2sv2RtN+Afwn+CPxBtfH99pd58RrDxFqvinX7NWFhFD/Z4MdvbRO8hdpGDOrkBQcY+sf+E4/4KF/9Gv8AwZ/8Pxq3/wAy9H/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6APJfgB+y38dvBP/BZn9oL9q/xP4F+y+APHHw38KaX4X1/+07V/tt3ZpILmPyElM8ewsPmkRVbPyk0fBn9lv47eFP+C1fxo/a31/wL9n+Hviz4P+HNE8P+IP7TtX+1X9rM7Tw+QspnTaCDueNVPYmvWv8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APSfijqHxB0n4Z+ItV+Evh6w1fxXbaFdy+GdJ1S8Nva3uoLC5toJpQCYo3lCKzgHarE9q+Cf2mfin/AMFuP2w/gF4n/ZN8Kf8ABLbw78KLvx/oV14f1r4k+KvjnpWr6Zo9ldxNBczw21jH9qnk8p32ZjXaxUkNjbX1b/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AGT4J+F3xA/4J6f8E8vC/wAFv2YPg/efF/xB8MvBmlaLofhgeILTRZvEDw+TBNMbm7byLYlTLcEMcfKUXkrXw7+wcP8AgsH+zz+2x8dfjr44/wCCOOpJov7QHj/RNTuZF+PPhdj4Xtre3NrK7hJ2a7wrmXCKjELtAJINffH/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AfJX/BcXwD/wAFSP2kvF/hH9lf9mP9lnXvFfwB1SwjvvjNqvg34j6LoeseIB50ynw/HJqF1E9tbskcTzTIj+alx5YICSK/u/7AfxK/aZtG039njxj/AMEmb/8AZ8+HfhjwwYvDt+PiX4e1a0iaJ4kisUttNneVSyNI/msNuY23Hc4z33/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6P+E4/4KF/9Gv/AAZ/8Pxq3/zL0AfHPxR/4JRfGP8A4K1fGz4mfGv/AIKU6NrHw/0PRbK58M/s0+CtK8SW8934WXdHKfFk0ljPJCb+aaOIpF5hEccZjcNhGr3b9nL4g/8ABVrwX+wXqOm/Gv8AZn0TxR8efAeox6RpwufG1laaX8RrKG6iT+1ormFpWsJJrQyuUuIkYTpkxqr7V9Q/4Tj/AIKF/wDRr/wZ/wDD8at/8y9H/Ccf8FC/+jX/AIM/+H41b/5l6APjP9tXwR/wV0/4K0/BWb9hXxl+wVo/7PPgLxfqNiPiN8QvEfxY0zxDdLptvdxXLwadaacCWmdoUAebYuMqQu7ev2p+0x4/+P37N/wS0ib9kT9kG7+Mmr2d7a6Yng+18c6foL21gsEgN0brUCI3CGOJPLHzt5u4cK1V/wDhOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA+JP+CLHh7/gqj+yHNrXwA+P3/BLG/0Pwz4++Mmv+LtV+IA+M3h26j0C31FhKsTWVtPJNclGjVCUwTvztABqn/wVh+EX/BUH9rj9tbS/hXqf/BPzW/iV+yd4Kaz1I+GfC/xV8P6MfiJqwihnX+0/tt3HMljbTM8YtfLAleDzCzB49n3P/wAJx/wUL/6Nf+DP/h+NW/8AmXo/4Tj/AIKF/wDRr/wZ/wDD8at/8y9AFP8AYw+NX7UHxRtNW8P/ALQP/BPbUfgPp+g2lnD4ahu/HuiazFqKESK8USaXK4tlhWOIYcKCJQF+6cekfG/WPi94f+E2va38A/Bmk+IvGNrYNL4f0LXNUaytL+4BBEMk6qxhDDI37SAcEgiuD/4Tj/goX/0a/wDBn/w/Grf/ADL0f8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXoA/Pz9qn9i79tn/AIKL+P8AwHLF/wAEhvA37N/jLQfiJpXiHVf2hB8TNF1DVLCC1nEs0dp/ZUS3V3JKMhRceXHkDcFJDp6x8e/2av22v2dP+CtXij/gof8AAb9jPQv2g9B8ffDrS/D0OnzeN9P0TWPBVxZsd5t31EeU1tPkO4jYOXJJA2DzPqv/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5f/AOCbn7Ln/BQfwr/wVI/aC/bU/bV+GehaDYfFLwX4ch8PReG/EUF/aacbUOn9mBtyzyyQRCPzZ3hijkleQx5TBr0b/gh/+y38dv2QP2IpvhB+0V4F/wCEd8RN8SPE2qLp39p2t3m0u9Slmt5PMtZZI/njZW27ty5wwB4r1r/hOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA8Z/4Iifso/H39kL/glV4V/Zt/aJ8Bf8I9410288SPe6L/alrd+Wt1q99cQHzraWSI7opo24c43YbBBA+DP2u/2VPjz+yl/waUeFf2Vv2gfDLeEfHeh+KNKttWsF1C2vTYSXHjJp4XEtrLJFJ+7mif5JDjOCQQQP1Z/4Tj/goX/0a/8ABn/w/Grf/MvXn/7TXwU/aV/bG+E1x8Df2jv2Jfgz4j8LXeoWd9caX/w0X4gs989rOlxA/mWvhuOQbZY0bAbBxgggkUAfOf7Z3wz/AOCyX/BRb4A/8O3vid+yV4S+HuheJruwsvij8fLH4lWd/YXum21xFNcS6XpaxreRy3JhBWOdFWMOYyxz5q+x/tE/sbfF/Wf+Cpv7G/xv+FHw88/4bfBvwx430zxVq39q2yf2St5o8Fpp6eTJKs0+94ymYkfbjL7RzXtP/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfG3xN/YB/aB/ZI/bW+K/7RnwK/4J9fDf9pzwB8a9ag8Qan4X8Q6rpemeIPCmtCIR3T29xqkTW9zaTkCTZvR1c4AAXMnuv7MNn+1x4d+GHxK+Iejf8EtPhN8FfFi6Vbr8P/CGm+MbGefX7hBM0iald6daJDbR7vJEewzYLSM3QA+qf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB+fH7YX7GP7cH/BSXX/CWmL/AMEgPAv7O3jnTPHel65fftFn4naLqGpaRHa3KzTfYzpcS3l1JIAQon8tM4LBTh0/W2vGf+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDyX4Afst/HbwT/wAFmf2gv2r/ABP4F+y+APHHw38KaX4X1/8AtO1f7bd2aSC5j8hJTPHsLD5pEVWz8pNeV+FvgV/wUT/4Jk/tafHDxt+yT+yZpvx7+FXx18bSeOY9GtPiJYeHdW8L+IbhAL8SnUAIrm2mdUZWjbegUDaSDu+rv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD5Z/Zu/4J4/tY6F+zf+1/8c/2iNL0ST46ftT6PqTy+DfDeqJLZaLBDpFzY6PpIu5fLSWVFnKPOSsZLDnClz9Kf8Evfgz8Sv2df+CdfwV+BPxj8N/2P4q8JfDfStL8Q6V9shuPsl3DbokkfmwO8cmGBG5GZT2JrS/4Tj/goX/0a/8ABn/w/Grf/MvR/wAJx/wUL/6Nf+DP/h+NW/8AmXoA6P8Aa1/Z48Oftb/swfED9mHxZqUllp/j3whf6HcX8MYd7T7TA8azqpIDNGzK4BOCVANfn3pXhD/gubbf8E8NR/4Jg3n7Fvg9dW0z4bXHgey+PUPxTsX0zUdLjsmtI7iDTCq3YvZLYLEqzeVEJmEryIuVH3D/AMJx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB8RfFT/gnX+2P4k/4IW/s6fscaL8HvO+JHgTxJ4KuvFfhz/hINOX7DDYXolu2+0NcCCXy0GcRyMW6KGPFfQn7Zf7Lnx2+K//AAVi/Yv/AGl/AHgb7f4J+E3/AAsX/hYGt/2naxf2V/amhQWtj+5klWafzZkZP3KSbMZfauDXrP8AwnH/AAUL/wCjX/gz/wCH41b/AOZej/hOP+Chf/Rr/wAGf/D8at/8y9AHkv7TP7Lfx2+IP/BYf9mP9qfwh4F+1+A/h54P8aWPjDXf7TtY/wCz57+zijtE8h5RNLvdWGY0cLjLFRzXnP7dH/BP742+G/2+h/wUg/Zs/ZX+Hnx4i8ReBYPC3xF+EXj27tLK4lNtN5lrqmmXl5FJBHOqHyZI5dqsijBJbKfUH/Ccf8FC/wDo1/4M/wDh+NW/+Zej/hOP+Chf/Rr/AMGf/D8at/8AMvQB5T+wtoHx11P403Pij4k/8Eg/hr+zvoNn4fnWz1yw8VaNqevXl88sIWFV0q3EcNv5Xnl2M7MWEYC4yaj/AOCLn7Lfx2/ZM/Z6+Ifgb9oHwL/YGqa78ePFniLSrX+07W78/Tb27WS2n3W0sirvUE7GIdf4lBr1r/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD4b8N/sBftIf8ABPj4wfErRPhV/wAEvPhj+1F8MvH/AI+1Dxd4Y1C91zRdJ8ReFpb5lkn0y4OrRGO6tUkBMLxybwrNuBJ2r618R/2dv2nPjr/wSp/aF+Elv/wT7+H/AMHfHXj7wlqul+EPh34G8SadcPfh7ERwG9vI4bW1WdpnlUDcURNuZOTX0V/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AeY/F79mX43+KP8Agh5rP7H2heCfP+It1+zGfCdv4d/tK2XdrH9gi0+zfaGkEA/f/J5hk8vvu28147+1P+wb+134o/4JvfsdaR8I/hlp2sfFD9mnxR8PfFmsfD7UfEdvZjVpNH0z7NeabHe5e3SXe5CyljHiNiC2Vz9Yf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQBufsr/Fj4+fGP4cXHir9o39lPUfg9r0WrS20PhbU/F2m61JNbLHGy3QuNOkeIKzPIgQkOPKJIAZc+df8Fav2NtU/bv8A2APiF+z94O/d+LptMXVvAF2s6wvba/YyLdWLJKxAh3TRLE0mRtSV+2a6n/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD5+/4Ix/sr/tf+B9W+Mf7bP/BRfwBZ+HPjb8Z/FVmuo6LZ6raX0el6HplnHbWFuktrLLENxM8jBG5zGWAYEDzP/gvD4O/4KcfthfDvV/2N/wBmT/gmje+KvDFr4q8Pa3pvxPHxc8P2MV/9klgu5oRYXc0c8REgeDcxwSm8AqRX2b/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AZv7PXir41ftjfB7xP4T/b//AOCd9n8NrK6uhYt4H8V+LtH8W2mvWRRXaSUWgeEJv+XypASSucYxXZfBT9jz9kj9muTVJv2c/wBlr4c+AH1yGOHWn8FeCLDSjqEabtiTm1hTzVXe+A2QN7Y6muf/AOE4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD88v2GP8Agkr+2z8Lv+CgnhL4TfG3wLaw/ss/s3+NvGHi/wCA+pjX7Oc6pcatJCbCzltUmaeM2PnXkqyyRoPMDYyGXP0J/wAFK/8Agn58X/Gv7YfgH/go9+zb8DPAPxa8ReFfBl14O8Z/CX4jSwQW/iHRJLk3UL2V1cRSw2t7BcPIwaVdrJIRuXBD/RP/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AeJfsd6F+0Hr3x80jW/G3/AARP+GHwC0HTba5lu/GB8YaDqWsiZoWSOOzi0m2IQMzEPI8y/u2YBcnFaf8AwSy/Zb+O37OPxY/ar8TfGfwL/Y1j8Sf2kNX8U+Cp/wC07W4/tHSZoLdIrnEErmHcyMPLlCSDHKjIr1r/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegDwT9szWv2zPiF4z8RfCjx3/wQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV83/EL/gkT+3D4b/4Nt/iL/wTw0Dw7pviX4neKPE9vrHhrwFofiWMWGgWb+JbDUP7JtrzUJIkaO3ghmkLOyguzqpclS/6F/8ACcf8FC/+jX/gz/4fjVv/AJl66T9l/wCMvif48fCT/hPPGngew8OavbeKPEGhanpGl64+pW0U+laze6W7xXMlvbNKkjWZkG6GMgSbSDjJAPmz/gpB+yF+1LfftYfBv/gpT+w94a0XxV48+E9pqmi+Ivhzr+tLpkfizQb9AHggvHVktrmKTdIhkAQl8sfk2Scj4J/Z2/by/bx/4KKfCn9s39tH9nPTfgl4E+Aen6vN4J8At43s9f1bXtb1GBbeS8uZrHMENvFEqlEDs+9AeQ7Bf0DooA+P/wDgnn+y38dvgZ+27+198X/in4F/svw78UfiRo+qeBdR/tO1n/tO0g03yZZPLhleSHbJ8u2VUY9QCOa5z9mf9m39sX9n39rf9uX9ojQPg/plxN8StY0DUvg9HrXiK3jtPEM1lozwOkzQPJLZp5+2MtLGpwdyqwGa+46KAPyP/bZ/Y0/bo/4KYroXhX/hz14E/Z98fweMdM1af9pBvihouoajoK210k8stk2mwre3UjqhVVmEaZYE4IDr+uFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRX5wf8Fev2Rv2N/ht8MdZ8TfCH4TXMv7U3xb8RSwfBbXND1y7Pid/EssomF1b3LTGS0sLQHz5wClrFBGUKgMikA/R+ivib/gpD+zT+z5P4NtvjT8aP8AgmL4i/aU8ey+GPsF5f8AgyK1+0ae1vDkSRm4vYZbQPI7lXsYpZwQTsJC59R/4JLatrOt/wDBNb4L6l4i+O8XxMv38CWi3vjaKWd/7RlUFWDNcok7PEQYWaZElLQsZFV9wAB0Xgf/AJSF/FD/ALIz4D/9O3i+vZq+ePgF8TvDfxR/b9+L+oeGtN8Q20enfCvwPY3C+IvCOo6O7ypqvi4lokv4IWni+YYmjDRMchXJU4+h6ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAor5w/bY/bY8Vfs2eKtJ8D+B/Cmn3l7eaeL66utVWRoliMjxqiLG6HdmNiSTgDHBzx6/8A/itH8b/AIQ6J8UY9JaxOq27tLaM27y5EkeJwD3XchIPoRXzeB4tyLMeIMRktCo3iKCvNcrS6XtLZtc0b22ut9bfRY3hXO8vyHD5zXppYeu7QfMm+trx3V+WVu9ntpfsKKKK+kPnQooooAKKKKACiiigAooooAK8Z/YP/wCSIa5/2Wb4j/8Aqa63Xs1eM/sH/wDJENc/7LN8R/8A1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr4lm/wCCbn7cWjfto+Pf20vBX7fXgGfXfFYOneHF8a/AO41abwloCuXi0eylj8QW0aRZw8siwo9xKN8mcKq/bVFAHz98WvgN/wAFBvFniSa8+E3/AAUD8PeEtIvdMt4LrTrr4KQalPZ3Kwqk1xZTtqEYi8yQNKEuI7kIW25ZQBXc/sh/sv8AgD9jD9m/wp+zJ8ML/UrzR/Cti8MV/rFwJbu9mlmkuLi5mZVVTJLPLLK21VUFyAAABXpFFAHjPgf/AJSF/FD/ALIz4D/9O3i+vZq8Z8D/APKQv4of9kZ8B/8Ap28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFc58Vvi38N/gd4FvfiX8WPF1roeh6eoN1f3ZOAScKqqoLOxPAVQWPYGrhTnVmoQTbeiS1bfkiKlSnSg5zaSWrb0SXds6OiuJ+BH7RvwT/aa8IP47+BnxAtfEGmRXBgnmgikikhkAztkilVJIzggjcoyORkV21OrSq0Kjp1YuMlumrNeqYqNajiKSqUpKUXqmmmn6NaBRRRWZofP37XHw+8G/FD48fCHwH4v0GK8t9SvtWN2hZkeSCG2SUpvQhgu7BwDXu2haFo3hjRrbw94e0yGzsbOFYrW1t4wqRIBgKAK8j+I3/Ez/AG3PhxY9f7L8M6xeY9PMVYc/pXs9fI8PYbDPO81xigueVZQ5rLmahRpaXte3NJu199dz6vP8TiFk2WYRzfJGi58t3ZOdarra9r8qSvbbTYKKKK+uPlAooooAKKKKACiiigAooooAK8Z/YP8A+SIa5/2Wb4j/APqa63Xs1eM/sH/8kQ1z/ss3xH/9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP8A8pC/ih/2RnwH/wCnbxfXs1eM+B/+UhfxQ/7Iz4D/APTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK+cf+Cp/j74+fDf9ky+8R/s+S39vqA1WCPWtR0tT9psdOKSmSaNl+ZCJBCpccqrscjGR5j/AMEVP2gvjb8avAHjXQ/i/wCO7vxBFoF/Zf2Re6tfG4vR56zGVJHcmRkHlxlS2eWcA4GB49TOaNPOYZc4S5pR5lL7Ozdu/Tfo9DwKvEGHo8QwymVOXPOPMpacuzdu70Tu1onZH25RRRXsHvhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8m/8Fq/h1ofjv8AYN1zWda16WxfwtrFjq1gsabhdXBc2iwMPRhdN06MFPQGvrKvl/8A4KR/8V/rvwV/Zph+f/hN/irZ3OqQdfN0zTlNzdLj8YzntivZ4flOnnVCpF25JczflFSlL8E18zxOI4wqZHXpSV+ePKl5ycYx/wDJmn8il/wSo/YF8WfsP/DvxBd/EPxXa3+v+MJbOa9stOLm3sY4Fl8tAzqrNITO+87QOFAzjJ+raKK48wx+JzTGTxWId5y30t5Ky8krHbluXYXKsDDCYdWhBWV3d922+7bbCiiiuI7jxc/8TT/goEB1TS/hTn6SSah/8TXtFeMfDz/iZ/tu/EW+6/2X4X0izz6eYGmx+lez18xwt79HF1f58TXf3TjD/wBsPpeJ/drYSl/LhqC++Mp/+3hRRRX0580FFFFABRRRQAUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzv4x/4Kt/sC/D74iah8MvGnx5Om3mka+dE1jV7rwrqq6Lp2oiXyTa3GrfZfsFvIJDsKyTrhuDzX0RXxV/wU68e3/wC1pa61/wAEhP2bLK11Txj8QtCWP4p6/JAJbD4d+GLlsTX112a/uE8xLO1yHdz57FI49zAHrvx3/wCCmH7Fn7Nfj7Ufhn8X/ivfWWr6JaRXWvx6Z4M1jU4NHgkj8xJb24srSaGyQoQ+6d0G05zjmvaPCfizwv488Lab448EeIrLV9G1iwivdJ1XTbpZ7e8tpUDxzRSISro6MGVgSCCCK+dP21v2nZP2b/BWgfsifs0+EofGnxq8faQ+mfDvwdeSeZFBbxxLBLrerPg+Tp1su1pZGGZmCwxhnf5fSP2IP2Y9O/Yv/ZD+HP7Kml+JZtZj8B+ErPSH1adNrXksUYEkoXJ2KzliqZO1SFycZoAzPA//ACkL+KH/AGRnwH/6dvF9ezV88fALUvivqf7fvxfk+LPgvw9olzH8K/A6aZF4d8Tz6olxZjVfF2yaV5rK0MMpO4GJVkVQARI2SB9D0AFFFeR/teftrfBH9ifwbY+MPjFdahK2q3LQaVpOjWyTXd4yAGQoruiBUDLuZmAG5RySBW+Gw2IxleNGhFynLZLdmGJxWHwVCVevNRhHVt6JHrlFcD+zV+0r8K/2sfhXa/F/4QapPPpk87288F5CI7izuEALwSoCQrgMp4JBDKQSCDXfVNajVw9WVKrFxlF2ae6fYqhXo4mjGrSkpRkrprVNPqgooorI1CiiigAooooAKKKKACiiigAooooAKKKKACiiigAr5i/bB8L+IP2cPinp37fnws0ma5i0+BNN+K2iWi86noxIAuwvea3ODn+4oyQqNn6dqK/sLHVbGfS9Ts4ri2uYWiuLeZAySowIZWB4IIJBB6g1yY3CrF0ORO0lrF/yyWz/AEa6ptdThzDBLHYZwT5ZJqUZdYyWqf6NdYuSe5V8K+KfD/jfwzp/jHwnq0N/pmqWcd1p97btlJoZFDI4PoQQav18sfs5399+xf8AtB3H7Fvi68lPgrxTJPqvwg1O5clYCW33OkMx/iRmLpnkhuSTIqj6npYHFPFUbzVpxdpLtJb/ACe8X1TXmTluNeNw95rlqRfLOP8ALJb/ACekovrFp9wooorsPQCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvl/Uv+Lrf8FaNNs/9ZYfCj4VzXW7r5Op6nP5W32zajOfavqCvl/8A4J8f8XE+LXx+/aTl+dfEnxNbQ9NnPPm2Okwi3hdf9lt7fitevln7rDYrEdocq9aklH/0lSPGzT99isLh/wCapzP0pxcv/SnA+oKKKK8g9kKKKy/G/im18DeC9X8a3trJPDo+l3F9NDD9+RYo2kKr7kLgVnVq06FKVWo7Rim2+ySbb+STfyNKVKpXqxpwV5SaSXdtpJfNtL5nln7Pf/Ex/aR+NPiHr5ms6VZhv+uFmVx/49Xs9fFv7CP7V2oeLP2gPEHgzWPCsMY8eavdarFcW8jFrSVIWfymzwyeXGQDgHd7Hj7Sr4jw5znLs84ceIwk+Ze1rc2jVpSqzqde8Zwfz7po+08Qcnx+S8Qqhi48r9lR5dU7qNKEOn96El8uzQUUUV92fDhRRRQAUUUUAFFFFABRRRQAV4z+wf8A8kQ1z/ss3xH/APU11uvZq8Z/YP8A+SIa5/2Wb4j/APqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzFq3/AAR5/YM1X4keLfi3b+C/H2k6/wCO9fm1vxbd+Gfjn4v0mPUr+U5ed4bLVYogcYUBUCqoCqAoAH07RQB83fEX/gkt+w58Uvi/d/H3xR4L8bQeMb/QrLRr/wAQaB8Z/FWkz3NjaRiO3hk+w6nCHChcksCWcs7FnZmPuPws+GXhT4N/D/S/hj4HOqHSdHgMNkda8QXmq3W0sW/eXd7LLcTHLH5pJGOMDOAAOgooA8Z8D/8AKQv4of8AZGfAf/p28X17NXjPgf8A5SF/FD/sjPgP/wBO3i+vZqACvn3/AIKB/wDBPzwb+3t4N0TRtZ8a3PhzWPDlzNJo+sQWQukRJhGJo3hLpvDeVGQQ6kFB2JB+gqK6sHjMTl+JjiMPLlnHZ/h102OXG4LC5jhZYbEx5oS3X49Ndz45/wCCVOkaV+zC3jT9gjxrYix8aeHNdm1xbsuRF4k064EccWoQBidoVY4o3QE7CFyS28D7Gr5//bs/Z68aeOdJ0b9or9n9Fg+Kfw1ma/8ADbKP+Qta4/0jTJcY3pKm4KD0Y4BUOxr0L9mb9obwV+1F8GdI+MXgdmjhv4il/p8zfvtOvE4mtZRwQ6NkdBuBVhwwr0s2bzGP9px1c3aov5alt/8ADNK8ezUo9EeXlCWWy/suWigr03/NTvt/ig3yy7pxl1Z31FFFeGe8FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB5j+1t+znYftL/AAiuPB9vqJ0zxBp1wmp+ENejJWTTNTh+aGZWHIGflbHO1iRyARn/ALGn7Rl9+0B8M5rXxzpw0zx14TvW0fx3ojAK1tfx5UyKv/POUAupHH3lBO0mvXq+X/2uPDuufswfF+w/b5+GmlTT6fHDHpfxc0WzTJv9KJCx36qOs1udvPUoACVUOT5ONTwVdY2Hw7VF3j0l6wvr3g2uiPDzFPL8Ssxgvdso1V3h0n60769XByX2UfUFFUvDfiLQ/F/h+x8V+GNUhvtN1K0jurC8t33RzwyKGR1PcFSD+NXa9VNSV1se3GSkk07phRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBynx1+I1v8H/AIK+LfircsoXw54bvdRAbozQwO6r7ksoAHcmvNf+CaPw5uPhj+w58PNH1BW+26lov9s30kn33lvpGuyX77gJlXn+7iue/wCCr2sahcfsqJ8INCuTFqfxL8Y6P4U09k+9uuLpXcAd8xwup9mr6N0XSNP8P6PaaDpNuIbWxto7e2iXokaKFVfwAAr15fuMiiutWo38qcVFf+TTf3HjQ/f5/J9KVNL51JOT/wDJYL7yzRRRXkHshXP/ABX8V2fgb4Y+IfGN/HG8WmaLc3LRSqCsmyJiEIPXcQBjvmugrxn9ua9ub74PWXwx02Zku/G/ifT9EhKfeVZJg7t9NsZBPo1eNxFjp5ZkOJxUNZRhLlXeTXLBfOc4I9jh/AwzLPMNhp6RlOPM+0U+ab+UIyZV/Yl/Z0+H/wAMfhR4f8fxeFIU8Uazokc+o6nIztIVm/ehAGJWPCsikIFzt5ya9wqKys7bTrOHT7KERwwRLHDGvRVUYAH0AqWryLJ8HkOU0cDhoKMYRSdkleSSUpO27k0229XfVkZ3m+LzzNauNxM3KU5N6tuybbjFX2UU0kloraIKKKK9Y8oKKKKACiiigAooooAKKKKACvGf2D/+SIa5/wBlm+I//qa63Xs1eM/sH/8AJENc/wCyzfEf/wBTXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/ykL+KH/ZGfAf8A6dvF9ezV4z4H/wCUhfxQ/wCyM+A//Tt4vr2agAooooAK+Q/ipFL/AME8v2oD+0RpEbRfCL4o6nFa/Ea0jH7rw/rLnbDqwA+5FKTtlPqSTkmNR9eVi/EX4e+EPix4E1b4bePtGi1DRtbsZLTUbOUcSRuMHB6qw6hhypAIwQK9DLsZHCVmqq5qc1yzXePdf3ov3ovo12bPOzLBSxlFOk+WrB80Jdpdn/dkrxkuqfdI2IZoriJZ4JVdHUMjo2QwPIII6inV8t/sSfELxf8AAr4h6l/wTy+Oesy3eqeGrQ3nw08Q3ZwfEHh/JCJnoZ7cAoyj+FDgERlj9SVnjsHLA4h02+aLs4yW0ovVSXqt10aaeqNMvxscfhlUS5ZK6lF7xktJRfo9n1TTWjCiiiuM7QooooAKKKKACiiigAooooAKKKKACiiigAooooAKg1TS9N1zTLnRdYsYrq0vIHguraeMMk0bqVZGU8EEEgg9QanopNJqzE0mrM+Wf2ZdU1L9jv49XX7D3ja/lfwnrpn1b4O6tdyE/udxe40lnPV4mJZM8lSSfvoo+pq8s/a9/Zyg/aS+E0nh3SdT/svxRo10mq+C9fjO2TTtTh+aJww5CsRtbrw2cZUVB+xz+0bP+0R8LWuPFmmf2V408N3j6R450Jxtey1GL5XIXtHJjep5HJXJKmvJwbeBxH1KXwu7pvy6w9YX07wa/lPDwDeW4r+z5/A7ypP+79qn6wvePem1/IetUUUV657oUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5Gf8ABWn4aftXfFX/AIKLr4Q+Glnr3iOS30HTtT8H6b4e8yVtGtztikmfy+LY/a45GMrFQA8eW+7j9UfhDp3jnSPhP4X0n4n6kl54ltfDtlD4ivI2BWe+WBFnkBGMhpA5z718/fsHf8Xh+P3xx/a3uP3ltrHi9fC3heU8r/Z2loI2kjP9yWRtx/2kNfUdfU8RZlOrh8PlrhFewjFNpauTinJP0ur95Xb1PkuGssp0sRiczjOT+sSk0m7pRUmotebs7do2S0Ciiivlj60K8V+Jv/Fd/tmfD/wOp32/hXRL7xFfRjoWkxbQE+6uCR9a9qrxX9n3/it/2ifiv8VW+eC11S28N6a/ZBaR5nUH3kZTXy/Ev+01cDgP+ftaLf8Agop1pfK8aa+Z9Nw5/s9LG47/AJ9UZJf46zVGPztKo/ke1UUUV9QfMhRRRQAUUUUAFFFFABRRRQAUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFYnxMl+I0Hw38QT/B+z0e48Wpod23ha38RTSx6fLqIhf7Mt08IMiwGXYHKAsELFQTgUAbdFfA2rf8Edfjx+1JcP4i/4KH/8FS/jB4k1KdRLJ4I+D+rr4P8AC9grZIiW2hWSe6CEMqzzS+YwBLDOQILf/gh9f/s6qvi39h//AIKkftA/C3WIpo0tbTxT4vj8UeHZ5XcIi3GmX6BZizMqLiRW+bA5IoA/QCvk79pr9vn9rL9lrRfGfxu8df8ABPiSf4Q+A7m5m1zxTZ/FGzbW5dJgciXVbfSRbmN4RGGm8uS7jm2D/Vhvlr3n9nCL9oq3+C+i2v7WF14SuPH8AuItfu/AyXCaXdbbiVYJ4Uuf3kZktxC7xksEkd1VmVQx/O/9uf8A4KRfsZ/tkftO+I/+CdnxZ/bA8DfDT4NfD7WUtvjhe+JPFUGnal431CCUMfDVlHI6yR2KOgF7dYBlwbeI4MklAH01+2x/wUT+M/7KWt+CfEvgr9jg+Nvhj4r1zw1pl58SZPiHaabHZTazqUdjEsViYZrm4aMTQynKxIVkAD5DY+rq/On/AILuftn/ALIPw6/Zz+H3ws8R/H/wjpWsaj8TPh74p0fRZdTjSSfQYPElnK9/Eg62yRW8zbxwFib0r7u+DPxq+E37RPwz0v4y/Az4g6X4q8K60kraTr+i3QmtbsRyvC5Rxw22SN0PupHagDgfA/8AykL+KH/ZGfAf/p28X17NXzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPoegAooooAKKKKAPEv24f2Z9b+PPgGw8YfCrUV0r4leBb3+1/AOtAhStyuC9rITwYZ1UIwPy52kggEHc/ZD/AGmNE/an+Ddr4/t9ObS9bs5307xb4emBE2kapD8s9u6nkAH5lzyVZc4OQPUa+Sf2mNJ1T9hz9oWP9ufwHp80ngbxRJBpvxp0WzjLCEFtlvrSIOrxs22THJDdMyMw9vBNZlhvqM/jV3Sfm9ZU/SW8e01b7Z4WOTyzFf2hD+HKyqryWkanrDaXeDv9g+tqKr6Rq2l6/pVrruiahDd2V7bpPZ3dvIHjmidQyOrDhlIIII6g1YrxWmnZnuJpq6CiiikMKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvlz9q3QtY/ZR+NVl+3l8PNNmm0S5SHSvjBo1nGWNzYFgsOpKg6ywHAJ6lMD5RvNfUdVta0bSfEej3fh/XtOhvLG+tnt7y0uIw0c0TqVdGB4KlSQR6GuTG4X63Q5U7STvF9pLZ+nRrqm0cGY4L69h+WL5ZxalCX8sls/TpJdYtoboWuaP4n0Sz8SeHtShvLDULWO5sru3cNHPE6hkdSOoKkEH3q3Xy5+yzrOrfskfG+8/YS8fajNL4e1BZtV+DusXkhYzWe4vPpbOessBJZR1K5PAKLX1HSwWK+t0OaStJO0l2kt16dU+qaYZdjfr2H5pLlnFuM4/yyW69OsX1i0+4UUUV2HeFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFeZftmfGhf2ev2WvHPxejuRFdaToE39mOT/wAvsuIbYf8Af6SOvTa+XP8AgoH/AMXd+L3wT/ZCtv3kPinxt/b/AImhXkHStLTz3jk9FkcgA/3o8V6OUUKeIzGnGp8CfNL/AAwTlL71G3zPMzjEVMNltSVP42uWP+KbUI/c5X+R6b+w98F2/Z9/ZN8C/Cu5tjFe2OgxTasjDkXs+Z7gH1xLK457AV6tRRXJia9TFYidafxSbb9W2/1OzDYenhMNChT+GCUV6JJfoFFFFYm5neLvEdl4P8Kan4t1I4t9L0+a7n5x8kaF2/RTXm37EPhy90T9nLRdX1cZ1DxDJPrV/JjHmPcytIrfjH5dcF/wU2+LvjP4e/CnT/BvhizC2nit7i11XUDHnyokVD5I7AyBm567UbHqOv8A2Cfih4o+Kn7O+n6j4q0mO2k0m5bS7SWGHYlzBDHGEkC9BjcUOOMxnp0r87XEOXYzxOWVe97Shh5Ne6+XmqShKWvlTUUns22k7pn6A8gx+D8Nnmnu+zr14p+8ublhGcY6edRybW6STas0e0UUUV+iH5+FFFFABRRRQAUUUUAFFFfCX7d//BWv4hfsv/tIzfBH4efDLRr+00OK1fXbrWjN5l0ZoY59luY3URgRyKN7B/mz8uBz5+ZZng8pw6rYl2i2lom9X5I8vN85y/I8KsRjJNRbUdE27vyXo36H3bRWH8MvHNl8T/ht4e+JWmWU1tbeIdDtNTt7a4x5kSTwpKqNj+IBwD7ityu6EozgpR2eq9Hr+p6UJxqQU4u6aTXo0mvwaCvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11uqKPZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACmyyxQRNPPIqIilnd2wFA6knsKdWD8VPhn4F+NPww8SfBz4oaEuqeGfFug3mjeItMeeSIXdjdQPBcQl42V0Dxu67lZWGcgg4NAHyR/wUO0b48/s/8Axi0r/gp3+x/rs/i698L+GYtB+Lnwah1JGTxh4WguLi6WawQnCarZvdXUsXeZJHizyEk8y+A/jv4k/wDBbX9oDwn+1Hq+p6x4B/Za+G3iqz1r4XeFbqf7Fq3xN8QWU6y2+r30YbdFpttcRq0Fuf8AXSRiR8gBV+Rvij4F/wCDSPwT491T4cfC/wDYa8a/F3UNDu2tdZn+EFt4q1qztZlPzJ9qW/SGXH96J3Xnr1r2H/gm78Af+DYX49ftMaBp/wCzF+zXe+CvjR4N1S28R+HfCXj688SaVq8NxZyrcxXMMF5dmG6MbxeYY1MmFjYumwE0Afr1RRRQAUUUUAeM+B/+UhfxQ/7Iz4D/APTt4vr2avGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABVLxJ4c0Lxh4evvCfijSYL/TdTtJLXULK5TdHPDIpV0YHqCpIP1q7RTTcWmt0JpSTTV0z5O/ZK8R69+x78cLn/gn58UdVnuNAvUm1P4K6/fSEm6sMlptKdz1mtySVHUpn7oMa19Y15L+2X+zHbftP/CQ6Do+rf2P4t0K8TVvA3iSI7ZdL1OE7onDAZCMRtcc8HOMquK37FH7Tlz+0j8MJ4/GukjR/HnhO9bR/H/h5wFey1CPKs6rn/VS7S6EZH3lBOwmvaxyWY4b6/Be+rKqv7z2n6T69pp/zI8PASeW4n+zpv3Hd0n/AHVvT9YX93vTa/kZ7HRRRXiHuhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeUfth/s5N+0Z8Kv7N8N6n/ZXjDw/eJq3gjXkO17DUofmjO7sj42N1GCGwSop37H37Ry/tH/ChdZ17TP7K8WaFdvpPjbQJBtk0/UoflkXaeQjEb168HbklTXqtfLf7UOkap+yH8dLT9ujwJYTSeGtWEGk/GLSLSMtvtdwS31VUHWSEkK3cqQONztXkYxPA4j67H4dFUX93pP1hfXvBv8AlPCzBPLcUsxh8DtGqv7v2anrC/vd6bf8qPqSiq+kavpev6Ta67omoQ3dle26T2l1byBo5onUMrqw4KkEEEdQasV6yaauj3E01dBRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8ufAH/i+P/BRv4tfHGX97pnw70ez8B+HpTypuCftV+R2DpLhCeu1se1fQXxb+Iuj/CD4W+I/ip4gI+xeHNEutRuVLY3rDE0m0e524HqSK8e/4Jh/DrWPA37H+geJfFoLeIPHVzc+LfEE7LgzXF/IZlcjqD5Pkg57ivYwf+z5ZiMR1lamv+3ven/5LFL/ALePFxv+05rhsP0jzVZf9u+7D/yeTf8A26fQVFFFeOe0FFFFAHh/7R2m6d8Tf2gvhf8ABrVtPgvdOW6vdd1qzuYhJE8cEJSEOjAhlZ2dSCMc17RpWk6VoWnQ6PoemW9naW6BLe1tIVjjiUdFVVACj2FeO/Df/iuP20vH3jJvng8KeH7Dw/Zydi0pNzMB7qw2n617VXynDVOnicTjsyaXNVrTinZX5KPLSir2vbmjUdr2u726n1HEdSph8PgsuTfLTowk1d256vNVbte1+WVNXte2l+gUUUV9WfLhRRRQAUUUUAFFFFABXx5qnwC+D37X/wDwUk8eX/xT8C2utaR8NfCOjaYlvI8kccuozs92sknlsvnFIy0ZR9y4IBXgY+wmZUUu7AADJJPAFfNv/BNBW8Y/D/x1+0RcAs3xI+JWq6pYzEcmwjl+z26e4Xy5APrXkZlTp4rFYfDTScXJzaaurQjp/wCTSX3HhZtRpY3GYXCVIqUXKU5Jq6tTjpdP+/OP3H0hbW1vZ28dnZ26RRRIEiijQKqKBgKAOAAOMU+iivXPd2CvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACvPP2uvhx44+MX7KHxP+EXwx1gad4l8VfDzWtH8Pag0xjFrfXNhNDBLuHK7ZHRs9sZr0OoNU1TTND0y41rWtRgs7Ozgee7u7qZY4oIkUszuzEBVABJJOAASaAPzA/YO/wCC3P8AwTC/Yr/Zf8D/ALGv7ULap+zp4/8Ah34Xs9G8T/DzxZ4C1GDZewRLHcXUU1tbyQ3Ec8qvMJt++XzN7AliaqfGj9uH9mj/AILE/ta/s8eAv+Ccfh3WvH2pfCv41aX4w8Y/GSDwjeafpfhbRLNZGvdPN7dxRPJJeqyQi3QFJPvEnyxj9BfE3xp/Y48aW8dr4x+LPwz1aKJt0Uep69p86ofUB3IFeVftUf8ABRz4JfsrWvwj8N/CFvB/jCT4jfG3w18PxpGg+K7aI6TBqtw0LX6xwLJ5ghIB8vCBiwG9aAPqGiiigAooooA8Z8D/APKQv4of9kZ8B/8Ap28X17NXjPgf/lIX8UP+yM+A/wD07eL69moAKKKKACiiigAooooAK+VP2yfB3ib9l/4uWf8AwUP+DujTXUFnbx6f8YfD1kvOraMCAL5V7z23B3d0UZKqr5+q6ivbKz1Kzm07UbSOe3uImjngmQMkiMMMrKeCCCQQeua7cBjHgsRztc0WmpR6Si91+qfSSTWxw5hgljsPyJ8sk1KMusZLZ/o11i2nuUfBvjHwz8QvCem+OvBesw6jpOr2Ud3p19btlJ4ZFDKw+oPQ8joa06+RvgJe3v7A37SZ/Y+8VXcn/Cs/Ht3Pf/CDU7mQlNMvGbfcaK7HoCzb4snksBlmkO365qswwawdZcj5qclzQl3i+/mneMl0kn0aJy3GvG0H7RctSD5Zx7SXbvFq0ovrFrqnYooorgPQCiiigAooooAKKKKACiiigAorxn9vHwl8WfGn7P11ovwgju5rz7fE+p2dgx866swrh40A5Y7zGSo5IUjnofM/+CY9/wCNfCv/AAlfwh+JE2oadeWi2l7pfh3WIJIZ4Yn8wSyokgBCEmLOOAef4ufisXxhPB8aUMhqYWfJVjdVtoc1pNQWlm/da+JS5rWi1dn2WE4ShjODq2eQxUOelKzo7z5bxTm9bpe8n8Lja95J2R9ZUUUV9qfGhRRRQAVU8QaBovirQr3wx4j0yG90/UbWS2vrO4TdHPC6lXRgeoKkgj3q3RSaUlZiaUk09mfL37Juv61+yv8AGW+/YK+I+pzT6TJHLqvwg1q8fJvNNLFpdOZj1ltzkgdSmThV2A/UNeR/tk/s5XX7Qvwwj/4Q3UhpfjfwveLq/gXXEIV7PUIvmVC3/POTARgcjlWIO0Crf7Iv7Rtr+0p8JIfFGoaadL8S6VcvpfjLQZAVk03U4TtmjKnkKT8y5/hYA8g48rBN4Ku8FP4d6b/u9Y+sL6d4Nfys8TL28uxLy6fw2cqT7x6w9ad9O8HF/ZZ6jRRRXrHuBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfMf8AwVI1O/8AFfwl8Kfsu+Hrp49R+LnjrT9BkMJw8Ngsqz3c/wDuqsaBvZzX0rpemWGi6Zb6NpVqkFraQJDbQRjCxxqoVVHsAAK+VNE8U+GP2mv+CqCXfh3xHYarofwU8BSiGSyu0mRda1GTy5dpUkHbbrsbHKum04PFfWVezmUZYbB4fCtWai5y9aj0+6EY/eeJlco4rG4nFp3TkqcX/dpqz++cpfcFFFFeMe2FNmmit4XuJ5AiIpZ3Y4CgckmnV57+1f41Pw//AGcvGHiWOXZKNFktrZweRLPiBCPcNID+FcWZY2nluXVsZU+GnCU36Ri5fpb5nZl2CqZjmFHCU/iqTjBespKP63+RzP7DkMus/DDWfivdxsJvG/i/UdXBcfMIjMYo1+gEZx9a9orl/gn4LHw6+EPhrwOYtkmmaJbQTjGMyiMeYfxfcfxrqK4eGsFUy7h/C4er8ahFy/xyXPP/AMnnI7uI8bTzDPsTiKfwOcuX/BH3If8AkkIhRRRXtnihRRRQAUUUUAFFFFAHmP7aPxK/4VD+yj4/+IEdx5U9n4YuY7KTONtzMvkQn/v7IlWf2Rvhr/wqD9mLwJ8OZLfyp9N8MWi3qYxi5eMST/8AkV3NeY/8FI/+K30H4a/s5w/P/wALB+Jum2upQf3tOtmNxctjvt2RHFfSdeXS/fZvVn0hGMfnJub/AAUTxqH7/Pa0+lOEIL1k3Ul+Cggooor1D2Qrxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK4D9q74Nf8NF/st/Er9nz7QsX/Cd+ANZ8O+azFQn22xmttxI6Y83Oa7+sP4m+G/E/jL4b+IfCHgnx5c+Fda1XQ7uz0jxPZ2cVxNpF1LC6RXiRTAxyvE7LIEcFWKAMCCaAPz7/AGJP+Dc//gnj4f8A2Svh94e/bC/YR8DXnxO07wzb2njW/stVvJ47y+iXy3uA6TKrGQKJDhQNzkYFWfj/AP8ABvR+x7oXjf4K/FT9gv8AZr8D+BPFHw/+PvhXxZ4j1ebUb5Hn0HT7z7ReW0OTMHmfbEUVgoJXl177+r/tO/8ABdH9kqQ+Gfiz+wD4P/aS0i3Oy1+IPwf8axeH76eIcK93pGoByJ2xlhbyGJSeOOKZpn7cP/Bbf9o6QeGPgL/wSW0T4RpMdr+O/jt8S4Z7Wz9T/Zmmp9qmbHIwyrnAJAyaAPvuvhv/AIKN65+3T+xv8CPiX+3Pof8AwUFtvsvhCSXVPDPwr1H4aaWui6jAbhVtdGlnCtqEt1PuS3WeK4jzLIpEQHy19Wfs3+BPjF8Nfgvovg74/wDxr/4WJ4xtxcSa74vGgw6Yl7LLcSzBY7WElIYokkWBFyzbIVLMzFmPxD8ZtM/b2+Lv7fV38UP2g/8Agmn4+8c/C34Va7v+BvhTwt498IJpl/fx7l/4SjUUvtYgllusE/ZYHiVbVWL4MzFlAPQdZ+Kv7Zf7Z/7X3xC/Z9+AX7Q0/wADtG+EHgzw7Prc9r4Q07Wb/VfEWsWst6ttP9vjkjSztrdIA6RLHLI87YlQKK9i/wCCbX7UPi79sT9jLwh8c/iPodjpvim4fUdI8W2Wmbvs0eraZqFzpt40IYlliee0kkRSSQjqCSRk+QeIvBf7ZX7Ln7ZHxH/as+AX7I1z8T9F+OXhDw9JrXhi38baVpWoeF/EWl20tqone7mWGa0lt5IFeSB5ZEe2bbHIrAn17/gmz+y94v8A2O/2MfCHwM+I+t2Oo+KYH1HV/Ft7pm77M+ranqFzqV4sJYBmiSe7kjRiASiKSATgAF7wP/ykL+KH/ZGfAf8A6dvF9ezV88fAL4R/Cj4Qft+/F/TfhN8MfD3he21T4V+B9Q1O38O6LBZJeXkmq+Lg9xKsKKJJWCqDI2WIUZPAr6HoAKKKKACiiigAooooAKKKKAPN/wBq39m7wt+1T8GNR+FfiK5eyumZbvQNagyJtK1GLJguoyCCCrcHBBKsy5Gc1yP7DH7SPin4u+E9V+EnxttksPil8O7tdK8baecD7SQP3OoRdN0U6AOCABuzgBSufdq+Yv25vhb41+GXi7Sf2/P2f9Ha58VeCbUweMtDt/l/4STw8TunhYDrLEAZEPJG3oxRFr2cvnDGUXl9V2u702/sz7N9Iz0T6KXLLueJmVOeCrrMaKvZWqJfah3S6yp6yXVx5o9j6dornvhP8UvBPxs+G+jfFf4dawl9ouu2KXVjcL12nqjD+F1YFWU8qykHkV0NeROE6U3Cas07NPdNbo9inUhVgpwd01dNbNPVMKKKKksKKKKACiiigAooooAK8r/aV+D/AIi8Uw6f8XPhO62/jrwkxn0iToNQg582yl/vI4Jxnox6jcTXqlFefmmW4bN8DPC172lazWkoyTvGcX0lGSUovo11TafflmY4nKcbDE0bXV7p6xlFq0oyXWMotxkuz6NJrkvgl8YPDvxv+H9p450BGgdyYdR0+b/W2N0nEkDjggqfUDIIPeutrwX4t6ZqP7MHxQk/aR8H2MsvhXXJUh+IukWyE+SxOE1KNR/EpOHA65J6sWX3PS9U07W9Mt9Z0i9iubS7gWa2uIXDJLGwBVlI6gggg152RZlia/tMBjrLE0bKVtFOL+CrFfyzS1X2KinB7Rv6Gd5dhqHJjsFd4atdxvq4SXx0pP8Amg3o/twcJreVp6KKK+hPACiiigAr5Z/aU03UP2Nvj9bftt+DLGVvB/iJoNK+MOlWsZIRCwS21dUHV42YI+OSDgDLsw+pqo+JvDWg+M/Dl/4R8U6VDfabqdpJa39ncLuSeGRSrow9CCRXHjsK8VRtF2nF3i+0lt8ns11i2uxwZjgnjcPaD5akXzQl/LJbP0esZLrFtdixpupafrGnW+r6TexXNrdQpNbXMEgZJY2AZXVhwQQQQR1BqavmD9kPxLr37M/xa1D9gT4n6rNcWltBJqfwl1u7bJ1HSCSXsmY9Zrc5GOpQEgBVXP0/TwWKWLoczVpLSS/lkt1+qfVNPqPLsasdhudrlmm4yj/LJbr9U+sXF9QooorrO4KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK5X466LN4k+CHjLw7beKv7Ckv/AArqNtHrmSP7OZ7aRRcZXkeXnfxz8tdVXzz/AMFQfiBrXhP9krVPAvg98+IfiLqVp4P8PwhsGWe/k8t145/1Am6d8V25bQnicwpUoOzco69tU2/RJNvyWpw5nXp4XLq1WaulGWnfRpJebbSVtbvTU+Kf+CLP7D/7ROm/Gnw/+15rkA0XwSdJvGs3e/RpNcWWOW3VPKRi6IsmJcyhcmJCoOQR+rlYXwv+H+i/Cj4baB8MPDibbDw9o1tp1p8uCY4YljBPuQuT7k1u13cQ51Wz3MpYmaSS92Nlb3U3a/d66/5Hn8OZHR4fyuOFpttv3pNu/vNK9uyutPvd2wooorxD3grxX9sT/iqrz4d/BuP5v+Em8cW0l7F132VqDNMMf98H8K9qrxW//wCK6/bvsLbG+18C+B5bjd/zzvLyTy8e2YRn8K+X4u/fZXDBLfEVaVL/ALdlNSn/AOU6cr+T8z6bhT9zmc8Y/wDmHp1an/byg4w/8nqRt6eR7VRRRX1B8yFFFFABRRRQAUUUUAFFFVNf13R/C2hXvibxDqMVnp+nWkl1fXc7YSCGNS7ux7AKCT7Ck2krsTaim3sj538Xf8XR/wCConhPQB+8s/hh8OL3WHbqsd9qEotQh/2vJAcewr6Tr4f/AOCff7XHwV+Nn7afxf1i21q5TXPG17aDwpFeWxRbnS9Pt2jAQ5+WQrmVkIBwM8kMB9wV4+SV6OLoVMRTkpc9Sb08mopf+AxT9GeBw7icPjsNWxVKal7SrN6O+zUYr/wGKfpJBRRRXsn0AV4z+wf/AMkQ1z/ss3xH/wDU11uvZq8Z/YP/AOSIa5/2Wb4j/wDqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFfA37cvhn4jftw/wDBTnw1/wAE2dT/AGjPG3w3+GWl/A+X4ieJovhzrZ0vVPFl2+rnTYrF7xQXjtYFTzZET75nQN/CyfPn7Mnxy+LvhH/glD/wTm+KGjfGLxOniDxB8evD3h/XIR4guT/wkem6jc6nbXkF5HvxdokWJx5gbyzbBhgigD9fKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9ezV4z4H/5SF/FD/sjPgP/ANO3i+vZqACiiigAooooAKKKKACiiigApGVWUqwBBGCD3paKAPkLwgx/4J0ftTj4Z3beR8GPi7q7S+F5mOIfC/iF+Xss9I4LjGUHADAAABZGP17XFftDfAfwL+0t8H9a+DPxEtC+n6xbFFnjA820nX5oriMno6OAw7HGDkEg+V/sJfHjx1qg1v8AZM/aIux/ws34bFLe9unJxr+lnAttTiJ5cMpUOeSGILYL7R7mJ/4VMH9bX8Wmkqn96O0anrtGfnyye7Z4OF/4Scb9Tf8ACqNun/dlq5U/TeVPy5or4Uj6Jooorwz3gooooAKKKKACiiigAooooAh1LTrDWNPn0nVbOK4tbqForm3mQMkqMCGVgeCCCQRXhXwq1G//AGWvinH+zt4rvJJPB/iCeSb4earcOT9mkJy+myMe4JyhPXIHJbC+91ynxq+EXhv43fD+88B+I90Xm4lsb6IfvbK5XmOeM9Qyn3GQSOhNfPZ7lmJxHs8dgbLE0buF9FOL+OlJ/wAs0tHryTUJraV/fyTMsPQ58FjbvDVrKVtXCS+CrFfzQb1X24OcHvG3V0V5T+zV8XvEniIaj8Gvi3th8c+EyItS7LqVtwIr6P8AvK4I3Y6MRkDcAPVq9HK8zw2b4GGKoXSd009JRknaUJLpKMk4yXddU035+Z5biMpxssNWtdWaa1jKLV4yi+sZRacX2fRppFFFFegcAUUUUAeP/tnfs56l8fPhtb6l4A1EaZ498IXo1jwJrSkK0F9Hg+SzH/llKFCMD8v3WIO3B0/2S/2i9N/aY+EFt42bTjpuu2M76d4s0KQFZNL1OH5ZoWU8gZ+Zc87WGecgem18r/tDWV5+xX+0PB+2V4VtJP8AhBvFssGl/F3TbZCVtXLbLbV1Ud1ZgkmByG6FpCR5GLX1DEfXI/A7KovLaM/+3b2l/cf908LHp5Zi/wC0I/A7Rqry2jU9YXtLvB3+wfVFFRWV7Z6lZQ6jp13HPb3ESyQTwuGSRGGVZSOCCCCCOualr19z3U01dBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXy38Yv+L7f8FMfhv8ACWM+dpHwq8NXfjHW0HKNf3BFtZRt6On+uX2Y19RsyqpZmAAGSSelfLv/AATdB+LGu/Fn9su7HmD4jeOpbXw9Oed+i6aDa2rA9skSggcZQda9jK/3FDEYv+WPLH/FU938I87PFzX/AGjEYfBr7c+aX+Gn734y5EfUdFFFeOe0FFFFABXiv7KP/FXePvip8YnG4ax4yOmWch/jtrCMRIw9juP5V1P7TXx60f8AZ0+Fdz4+1OykuZ5ZxZ6Xax8ebdOjsgYn7qgIzE88L0JNecf8E1/if4X8Y/Ar/hB9Ktp4tT8OXLHWGnO7z3uZZZVmDd84ZcHkbO/Br4XM84yytx3gMplVXtYQq1eXq5OChBbWvyurNK+ybPt8tynMqPBGOzSNJ+znKlS5uiipuc3ve3MqUHpu0j6Iooor7o+ICiiigAooooAKKKKACvLv22fGnhvwB+yP8RvEfi2FZbE+Eb20e3Zyone4iNvHFkcjfJKi5HPzV6jXzR+3b/xd74r/AAh/ZFtv3kHiXxX/AG94oiHI/srTV85o5PRZZCFB/vR15+aVZUsBU5fikuVesvdX/pV/RM8vOq8qGWVeTWUlyR85T9xfjK78kzgP+Cd//BK7Sf2dvE/h/wDaR8d+O7nUvEZ0FJrTRF04W8ek3FzbbJld/MYzsqyPGDhByTgnGPtaiiqy7LcJleGVDDxtHd+b0u362/yKynKcDkuDWGwkOWO73u3ZXbv1dv0WgUUUV3HpBXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfDP7dXwS+E37b37f8A4b/Zcj13x78Lvit4E+EsvjrwL8dPh74iSyvra2uNSOnXWk+UyMLqAlIpJUf5QJYwCvmMWqf8E+/+CD/ww/Yq8VeCfGnxI/ah+IXxfuPhbZXNr8KdE8W3EUGi+ERcBhNcWljECv2lld1852YgNwAVVgn/AAVr/wCCfvhf44/FTwp+2n8Q/wDgqd4l/Zw074daL/Z2k6ppmpWGmW9pcTSzNPN9uuHjdTcI0MTwb/LkW1iyrEVxH7En7Pmq/Gr4o6N47+Bv/ByJ40+NOn+ENdsdS8ReENI1fRL6K9tYrhHe1u1tyZYoZgpiLYBIc4OaAP0pooooAKKKKAPGfA//ACkL+KH/AGRnwH/6dvF9ezV4z4H/AOUhfxQ/7Iz4D/8ATt4vr2agAooooAKKKKACiiigAooooAKKKKACvnX9u74E+Or46J+1x+ztZ5+Jnw23z2tpGDjxBpRybnTJQvL7lLNGOSGLBcM4YfRVFdWCxdTA4mNaGtt09mno4vyaun9+6RyY7B0sfhpUZ6X1TW8WtYyXnF2a+7Zs4v8AZ7+O3gX9pT4QaL8Zvh3eGTTtYtQ5hkI820mHyy28gHR0cFT24yMggntK+QfFIP8AwTn/AGqD8QrUGD4L/F7WFj8RxLxB4X8RPwl5jpHb3GMOeApBJICIp+vgQwDKcg9CK6MxwlOhONWhrSqK8X1XeL/vQej7q0tpHPlmMq4iEqVfStTdppbPtJf3ZrVdnzR3iFFFFeaemFFFFABRRRQAUUUUAFFFFAHk/wC0t8JPE2tnTvjX8IVWLxx4TzJYLj5dUteTLYyY+8GGdvoxOCN24dd8GPi54a+Nvw/svHvhksiTgx3llKf3tncLxJBIOzKfzBBHBFdVXgfxRsL79lb4qyftBeF7OR/BniO4SH4g6XboSLOYnampRqPc4kA65zyWyvx+ZRlw5mEs2pr/AGepb6xFfZeijiEv7qtGtbeHLU3pu/1uXNcQ4COV1H+/p39hJ/aWrlQb/vO8qN9p80Nqit75RUOn6hY6rYQappl3HcW1zEstvPC4ZJEYZVlI4IIIINTV9fGSkk07pnybTi2mrNBRRRTEFZ3i7wn4d8d+F9Q8F+LtJhv9L1WzktdQsp1yk0LqVZT9QT71o0UpRUotNXTFKMZxcZK6Z8x/sdeLPEX7O/xO1H9gL4r6tNc/2VbtqHws1u7bnVdEJJ+zFu81vypUfwqcAKgJ+nK8b/bS/Z11n44/D6z8TfDS+GnfELwVe/2v4F1YEApdJgtbOTwYplUIwPy52k5CkHc/ZT/aJ0X9pv4PWXxCtLE6fqsEr2PibRJQRLpepRYWe3dTyMN8y55KspODkDysDJ4Os8DN6JXpvvHrH1ht5xcX0Z4mXSlgMQ8uqPRK9JvrDrG/endLu4OL6M9Iooor1j3AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPFf+Ch/wAYLz4J/seeNfFGiO/9r3+m/wBj6FHD/rXvbxhbRlB3ZfMMgH/TM12P7M3wfs/gD+z94P8Ag3aIgPh7QLe1uXj6SXAQGeT/AIFKXb/gVeK/tcf8Xu/bY+CP7MEP72w0O8n+IHiqHqFiswYrHcO6tcM6kHjkda+o69jFf7NlNCh1m3Ufp8EPwUn8zxcJ/tOcV6/Smo0l6/HP8XBfIKKKK8c9oKKKKAPCv25NMsviPpXgv4ALAr3vi/xZDiQKDJa2tupe5nTIOGVGx9Gau4+AX7OPw2/Zw8PXPh/4ewXbm+mEt9fahMsk9wVBChiqquFBOAFA5PcmuP8AA/8Axdb9svxP44b95pvgDR4tC0w/wm9n/e3Lr/tKP3R9iK9tr4nI8twGZ55is/qUoupzulSm1qqdJezk0/79T2mu9opJpaP7PO8xx2W5Lhsip1ZKnyKrVino6lV+0imv7kPZ6bXk203qiiiivtj4wKKKKACiiigAooooAK+aP2bv+L2/tx/Fv9oaX97pvhFIPAXhmXqA0JE9/jtkTlcEdmr2X9ob4sWPwL+Bvir4u35TGgaJPdQxydJZwpEMf/A5Ci/8CrjP2APhNffB/wDZO8J6Jr4dta1WzbWtflmH7yS8vGNw+/1ZQ6xn/rnXl4n/AGjMqNHpC9R/L3Yfi5P5Hi4z/as3w+H6QTqy9V7kP/JpSl/26ey0UUV6h7QUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5qf8FB/D37J3xH/AOC1/wAJvh5/wUpm0Gb4VRfBC9vvhVo/j+5SPw5qPjP+1xHeJMsxEE9wtj9l2RTZU+YcAsUB5f8AbR+GP/BOT4L/ALdX7Kus/wDBO3w98OPDPx21D436XY6jo3wfjs7WW+8GSRT/ANtvqNrYYjNutsCwllXduQBCQr4+sv2nbr9lf9sD9rG1/wCCX37Rv7L2j/EGzPwwf4hahqHiGKKS30mL+0P7Ot1hBXzVuJX+0YkjZCqROMndg8UP2e/+Cdn/AARn8W/DjxF+zr+xB4f0KX4tfE7Tfh9deKtIYvf6XLqIl+zM01yZJmt3nhjjaNJFG6SNiG28AH2tX59f8FtP2UvgJqeq/B39rrUvAz3HxC079ob4a6Rp+uz6vdutrZnxLbbkitjL9njZhI4aRYw7A4LEAY/QWvlX/go3+wp+1L+25feGNF+F/wC2P4a+HnhTw14h0LxJHoupfCRtcup9b0vUTewXBuhqtqFgYpbo0HlE/u3PmfPhQDxr/gpRP+zLd/8ABSX4e6B/wU71vSLT9nqf4QanJ4Si8c6gbbwvceNF1GLzheszLA1yun7TbLcHHM5j/eV0P/BAX45p8Xf2fPi74L8MaxrWoeBvhv8AtCeIvDXwqu9fe4e4HhcR2l7p0W+5/fPGkV7tiMhLCDyR2AHuPjz4Fft7+J/hr4W8O+Hv23fBOneI7C2uY/GOs3nwOF5Za1I8qtBNb2baqrWTxINozNOrE7ivAA6z9kT9lnwt+yN8KJvh7ovinU/Eeraxr994h8ZeLtbEYvfEGtXsplu76ZYlWNCzYVY0UJHHHHGowgoA4n4BfE7w38Uf2/fi/qHhrTfENtHp3wr8D2NwviLwjqOju8qar4uJaJL+CFp4vmGJow0THIVyVOPoevGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBzvxb+FXgn43/DbWfhP8RtIW+0XXbF7W+t24O08h1P8LqwDKw5VlBHSvBv2Gfip42+HHivVv2Bv2gtXa48WeB7VZvCOuXHH/CS+HidsFwpP3pYgBHIMkjaOWKu1fTdeEftz/s3+Kvi14W0n4wfBC4Sw+KXw6u21TwXf4x9rwP32ny8jdFOgK4JA3YyQpbPr5bXpVISwWIdoTd039ieyl6P4Z/3WnvE8fM6FalUjj8Or1IKzivtw3cf8S+KH95NbSPd6K85/ZU/aQ8K/tUfBfTfit4bt3s7iQta67o0+RNpWoRYE9rICAQVbkZAJVlbAzXo1ebXoVcNWlSqq0otprs1/X69T0sPXo4qhGtSd4ySafdP+vzW6CiiisjYKKKKACiiigAooooAKr6tpOm69pdzoms2MV1Z3kDw3VtOgZJY2BDKwPUEEirFFTKMZxcZK6ejXdMcZShJSi7Napng3wf1bUv2Zfien7NPjO+ll8MazJJP8OdYuXJ2c5fTZGP8AEpOUz1BA/iVR7zXI/G/4PeH/AI4fD+68E65I9vKWE+l6lDxLYXacxzoRggg9cEZBIzzXNfs1fGHxB4uttQ+FPxVjW28deE3FvrUPQX0X/LO9i6bkkGCcdCegDKK+SyuUuHcwjlFV/uJ3eHk+ltZUG+8FeVK796neGrpa/WZnGPEGAlm1Jfv4WWIiut9I10u03aNW3w1LS0VTT1Oiiivrz5IKKKKACvlb4721z+xD+0fF+1v4dt3X4e+ObiDTPixYwISmn3RbZbauFHTltkhHXcThmkBH1TWX418GeGfiJ4R1LwJ4z0iK/wBK1eyktNQs5h8ssTqVYe3B4I5BwRyK4sdhXiqK5HacXzRfaS/R6qS6pvsjz8ywUsZQXs3y1IPmhLtJd/7rV4yXWLfVI0bW6tr22jvLO4SaGZA8UsThldSMhgRwQRzmn18zfsZeMvE3wI+Iep/sB/F7V5bm68P2xvvhrrd0cHWdBJO2LPQzW+ChUfwqcDbHk/TNXgsUsXQU7Wa0kusZLdfJ7Pqmn1Ly/Gxx+GVS3LJNqUesZLSUX6PZ9U01owooorqO0KKKKACiiigAooooAKKKKACiiigAooooAKKK8B/4KUfteap+xf8Asz3HxL8N6Et/rOq6pHo2ieaxEVtczQzSCeTHJVFhc7RjLbRkAk104PCV8fi4Yairzm0l6v8Ap/ccuNxlDL8HUxNd2hBNv0X9JfM5n9iX/i9P7Unxx/axuP3tm3iGPwV4UlPRbLTlH2h4z3SWdlfPqpr6kr4f/wCCFP7Qtj8Tv2atS+DCeEvsF34AvUNzqCSFl1IX0tzMJWLc+aGSQNyRjZjHQfcFenxJRq4bOatCatycsUv7sYpRfzXvesmeVwxWpYrJKWIg7+05pt/3pSk5L5P3fSKCiiivDPfCsb4ieNNN+HPgPWPHmrkfZ9I02a7kUnG/YhYKPckAD3IrZrxT9sqebxla+EP2d9OlYTeOvEkUeoKjYYabbET3LDHphPrzXjcQ5jUyvJa2IpK9RK0F3qTahTXznOPyTPXyDL6eZ5xRw9V2pt3m+0Ipzm/lCMvm0a/7GngvUvCnwI07WfEIJ1jxRcS6/rEjDBee6bzAT6ER+WCPUGvVKbBBDawJbW8SpHGgWNEGAqgYAA7CnV05Tl1PKcro4Km7qnGMb92lq35yk5SfnJmGa5hUzXM62MmrOpJyt2TeiXlGKjFeUUFFFFegeeFFFFABRRRQAUUUUAfNH/BQZj8VfEvws/Y/syZF8feMkvfEUK850bTgLm4VvTcwj2k8EoRzX0sqqqhVUAAYAA6V+XvwT/4KSz/F3/gpzovxD8QfDkf2ZrUCeDPDdqJW8/TIbi7UpcsD8rSM7fvMAYRiATt+b9Q6+fyPHYXNKuIxNGV/eUfSMV7v33lI+X4czLBZzXxeMoS5vfUNmrRhH3d/5m5y+avqFFFFfQH1AUUUUAFeM/sH/wDJENc/7LN8R/8A1Ndbr2avGf2D/wDkiGuf9lm+I/8A6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFeW/tyfE7xJ8Ev2KfjB8Z/BkjprHhH4W+INa0po1ywubXTbieIgdzvjWgDwT9vv8AZe/bY8PftVeE/wDgo3/wTph8J69470TwTP4L8b/DjxxfPaWfinQHu/tkK290vFtdwXJkdWfCsJSCcApJ574c+Cv/AAVb/wCCif7Q/wAL/F37f3wI8DfA74U/CLxva+NbbwVoHjJNf1nxNr9mr/YGluYAIYbSGRzKV+8zKAQ2Q8eX+2V+1/8AHL9j/wD4N4PCXxe+H3xZ1XxF8WfGfw88KaP4c8XajeG4vb/W9aS2827SR8kyKk1zNF12mOMdFrzm7/4J+ePf+CNHxT/Zv/aF+FH7aPxa8bar49+MmgfD7416J458WvqGl+JV1oSQPfxwOoMUsFyFkjJZ2CdXOH3gH600UUUAFFFFAHjPgf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB8i/Hazu/2A/2lh+134XtZB8MPiBeQ2Hxc023QlNKvmbZb60qjoCzbJcDksT8zSLt+trO8tNRtItQ0+6jngnjWSCeFwySIwyGUjgggggjrVDxr4M8MfETwjqXgPxro0Oo6RrFlJaajY3C5SaGRSrKfwPUcjqOa+Z/2MvGfif9mT4s3v8AwTu+MmszXUen2z6h8IPEN43Or6ICSbNm6Ge2wRtH8CnACopb3J/8KuB5/wDl9RWvedNaJ+cqeifeFn9lngw/4SMf7P8A5c1np2hUerj5RqatdFO6+2j6rooorwz3gooooAKKKKACiiigAooooAK8k/aV+FHie9udP+PPwdhC+NvCiloYAPl1ey6y2UgH3sjJT0YkDBII9borzs1yzD5vgZYatdXs1JaShJO8ZxfSUZJNP1TunJP0MrzLEZTjY4mlZ2unF6xlFq0oSXWMo3TXo1ZpNcx8H/iv4X+NXw/sfiB4UmPkXabZ7aQ/vLWdeJIZB2ZTx7jBHBBrp68C+Itnd/smfFeT45eHraRvAnim7SLx1p0CEjTbpjtTUUUdFJOJAOpPcldvvNneWmoWkV/YXMc0E8ayQzROGWRGGQwI4IIIINcGRZniMUqmDxtliaNlNLRST+CrBfyVEr215JqcHrFX7s7y3D4ZwxmCu8NWu4X1cWvipSf89Nu19OaDhNaSdpKKKK+gPBCiiigDxb9tf9nnxB8ZfAth46+FF0th8RvAl5/a/gjUhgFplAMlm5PWKdV2FScZ25+UEHpf2W/2hvD/AO038HdP+Jmj2rWV7ua01/R5ciXS9Riws9s4PIKtyMgEqynAzivRK+VPjRDN+wx+0vH+1FosTR/DX4h3kOn/ABQtIl/d6VqLHbb6uFH3VYnZKfViTuZ1x5GK/wCE/E/XF8ErKp5dIz/7d2l/daf2Twsb/wAJeM+vx/hytGqu3SNT/t2/LP8AuNN/AfVdFNhmhuYUuLeVZI5FDI6NkMDyCCOop1eue6FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfG/iLwh4f/wCCmP7WGq+H/F1i2pfBf4QyTadLbLcSRw+IfEkkZSYh42ViltG2AVIIcgglZDXpn7fnx98X/DP4faZ8Hfgq3m/Ev4m350PwbAjYa13AfaL9sfdSCNt27naxUkEBq9C/Zq+AfhD9mT4J6D8FvBa77bR7QLcXjriS9uWO6a4f/aeQs3sCAOAK9zCSlleCeMTtVqXjT7pbTmuz+xF93JrY8HGRjm2OWCavSp2lU7Se8Kb7r7c12UE9yT4Efs5fBP8AZl8IP4E+Bnw/tfD+mS3BnnhglklkmkIxukllZ5JDgADcxwOBgV21FFePVq1a9R1KsnKT3bd2/Vs9qjRo4ekqdKKjFaJJJJeiWgUUUVmaBXiXw9/4ur+2J4t+IL/vNN8C6XF4d0puqm7kPm3Tj0Zf9WfYivUfiX440/4a/D7WvH+qYMGkabNdMhON5RSVQe7HCj3NcV+xz4I1Dwb8BdKvdfy2r+IpJNc1mVhhpLi6bzMsPUIY1PutfLZt/wAKHEGCwC+GnzYif/bnuUk/WpOUv+4fkfT5X/sGQ4zHP4qlqEP+3/fqtelOEY/9v+Z6jRRRX1J8wFFFFABRRRQAUUUUAFcl8ePirpnwP+DHif4uavtMPh/RZ7xY3OBNIqHy4vq77UHuwrra+aP+Cgzv8V/EPww/Y5sXLj4geLkvPEkSnP8AxJdPxc3Ct/d3MI9pPBKEc1xZjiJ4bBTnD4to/wCKT5Y/i19zPOzbFTweX1KlP47Wj/ik1GP/AJNJP0TKP7AH7Cvwh+HPw48IfHzxt8PYLr4mappp1TU9cvJpWeGW7Zptqwl/KidEkWMsqBuDzya+paRESNBHGgVVGFUDAA9KWqwWCw+Aw0aNGKSVr2Vruyu33b3bLy7LsLleEjh6EUkkr2SV3ZJyfdvdt66hRRRXWdwUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFUvEvhvQfGXhzUPCHirSYL/S9VspbPUrG5TdHc28qFJI3B6qysQR3Bq7RQB+eHwo/4N5Phj4A+LfgHUvGv7aXxf8AHPwo+E3iaPxB8L/gn4r1lLjSNEvoSxtdz433EVuWIiQgFV+Usys6v9UftS/sc6X+1T8UPg5418WfEG+sdG+EfxAHjFPDVtZo0es6nDbSw2Tyyk7o1gaaWQBQdzEZxtBrw39qH/g4M/4Jm/sr/GDUvgBrnxP13xj4y0SZote0L4c+FbnWH0yRTh45pYlEIdTlXQOXRgVYKeK9I/YQ/wCCtH7CX/BR641TQf2X/jGL3xFoUXm634P1zTJ9N1ayj3BTI1vcKpkjDMqtJGXRWZVZgSBQB9I0UV4X8d/+ClX7E37M/wAc/Dv7Nfxp+NqaT438VXum2mi6FB4f1G9aSW/ufstmJZLW3kjt1lmyivMyLkckDmgD3SivLf2k/wBtH9mv9kh9Ds/jv8Q5NO1DxNLPH4d0LSdBvtX1PUzCoaZoLHT4J7mVI1ZS7rGVTeu4jcM7v7P/AO0Z8E/2pvhvB8W/gD8QrPxJoE91Nam8tUkje3uYXKTW88MqrLbzIww0UqK6nqozQBx3gf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV41+2x+zHd/tHfDK3uvAuqjR/H/hG9GsfD/xAhCtZ6hHgiNm/wCeUu0I4OR91iG2AV7LRW+FxNbB4iNak7Si7/8AAa6pq6a6ptHPisLRxuGlQqq8ZKz/AEafRp2ae6aTPJv2Nf2nLT9qD4Rr4j1XSTo/ivRLt9J8ceHJQVl0vVIflljKnkIxG5DzwcE7lYD1mvk79rHw7rn7HPxzt/8AgoD8MNKnn8O6gsOmfGvQLGMsbixyFh1ZEHWaAkBj1KY+6DI1fUnhzxFoXi7w/Y+KvDGqwX+m6laR3Vhe20gaOeGRQyOpHUFSCD7125lhqK5cVh1+6qXsv5ZL4oP0vePeDT6M4csxVaTlhMS71adrv+eL+Ga9bWkuk1JbNF2iiivLPWCiiigAooooAKKKKACiiigCrrei6T4k0e68P69p8V3ZXtu8F3bTLlJY2BDKR6EGvEvgtrerfs4fEpf2XvHeoSzaDqJef4b61dNnfFnL6fIx/wCWkefl9QQOMote71xvx1+DeifHDwDP4Q1O4e0u45FudG1WHiXT7xOY5kI5GDwQCMgkZHUfO57luKqunmGAS+s0b8qvZVIPWdKT7TteLfwVFGW3Pf6DJMxw1JTwGOf+zVrcz3dOa0hViu8b2kl8dNyjvy27KivMP2a/jJrnjrTr/wCHHxOt0svHPhSQWviC06C5X/lneR9N0cgwcjgE9ACufT69PLMywubYGGKw7fLLo1ZxadpRkukoyTjJPZrtZvzcyy7E5VjZ4Wuvej1WqkmrxlF9Yyi1KLW6fqkUUUV3nCFZHj3wL4W+JvgvVPh7430iO/0nWbKS01C0lHEkbjB56gjqCOQQCORWvRUyjGcXGSumTOEakHGSuno13T3Pmn9izx14q+DfjbVf2CPjLq0lzqvhS2+1+ANbuuDrnh8kiLB7ywY8tlHZcDIjLH6WrxL9tr9n3xN8VvB2m/E/4OzLZ/En4f3Z1XwZfAYM7AfvrF+m6OdBsKkgbtuTtLZ639mP9oLwx+018HdM+KnhyFrWWcNb6xpUp/e6bfR/LPbSA4IKt0yASpVsDdXl4GUsJVeBqPZXg31h29YbPvHlfc8bLZzwNd5dVd+VXpt/ah/LfrKnpF9XHkl3PQKKKK9Y9sKKKKACiiigAooooAKKKKACqmv69o3hbQr3xN4i1KGy0/TrSS5vry4fbHBDGpZ3YnooUEk+gq3Xyp+29r2s/tMfF3w//wAE7vh1qc0Nvq8aa18WdUtHIbT9CjcFbXcPuy3LhVA6hdpIKua7cvwf13EqDfLFXcpfyxWsn92iXVtLqcOY436jhXUiuabajGP80npFffq30ipPoH7EWg6z+0z8XvEH/BRD4iabNDbatHJonwl0u7TDafoUbkNd7T92W5cM2eoXcASjivquqmgaDo3hXQrLwx4c0yGy0/TrSO1sbO3TbHBDGoVEUdgFAAHoKt0ZhjPruJc0uWKtGMf5YrSK+7VvrJt9Qy7BfUcKqcnzTbcpS/mk9ZP79EukVFdAoooriO4KKKKAPE/2xZZPHD+DP2c7F2L+NvEcZ1RUPI021xPcHjp0THrg17VFFHBEsMMaoiKFRVGAAOgFeKfDP/i6n7XvjP4lSfvNO8FWEXhnR26qblj5t2w9GVv3ZPowr22vluHf9uxmNzR7VKns4f8AXuhemreUqntZeejPp+IP9iwmDyxb04e0n/18rWm7+cafso+WoUUUV9SfMBRRRQAUUUUAFFFFABXzP+z/AP8AF9P28vij8fJT52k+A7SHwJ4ZkPK+eh8/UGHYMspVMjkq+K9l/aJ+Len/AAH+Bnir4v6iUK6Bos91BHIeJZwuIY/+BylE/wCBVxv7Afwk1D4O/sp+FtG8Qh21zV7Ztb8QzTD95Je3jGd9/qyh1jP/AFzry8T/ALRmNGh0heo/l7sP/JnJ/I8XGf7Vm1DD9IXqy+XuU1/4E5S/7dPZaKKK9Q9oKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK8r/bo+K+v/Af9iT4x/HHwpceVqngz4V+Idd02UDOy4tNNuLiNvwaMGvVK4P9qX4ffC/4tfsx/Eb4VfG/xX/YPgvxN4D1fSfF+uf2jFZ/2dpdzZSw3Vz58wMcHlwvI/mSAom3cwIBoA8i/wCCQH7Lfwr/AGU/+CePwr8KfDjwxa2t9rngjS9c8XawsI+1a3q93ax3F1d3Mv35naWV9pcsVQKgO1QK8s/4Kx/DLwV8L/2mP2Vf25/BGg2umfEGx/aK8PeBtT16zhWOfVNA13ztPubK4ZQDOitJFJHv3eWVfbjeTXzRpX/BO/8A4I0aFpdtomif8HE3xZs7Kzt0gs7O1/bK0aOKCJFCpGiKgCqqgAADAAAFdH8I/wDgnb/wR5vPjv8ADnxFYf8ABcL4g/EnXfDPxD0XXfCPg7xL+1No+tW2o6zaXsU1lF9j8stOzTKqBI8SNvKqQWoA/WCvj3/gtP8A8kB+FP8A2dF8NP8A1JbOvsKvBf2sf+CZ37HX7b/i3TfG37S3gfxLrd7pFvaxadHpvxN8QaRawm2uJLiCYW2nX8EBnSWRnWcoZRhBvwiBQDwv9tS2+LnjL/grV8J/Cn7HPiPQPDPxZ0T4K+IdS13xJ49sZNQ0OXwtPqVhC1mLCF4p7i7N7FBIskVzbiKON95lEioN/wD4IvSX+leEPjx4B+IKxXHxK0T9ojXD8V9c025V9L1nW7i0sbgXVggjQ21v9kktI/sz7pInicPJKxMj+qeM/wDgmR+xZ8QvAfg74f8AjD4YatexeAI7mPwfrrePdbTXtMjuGLTomsJeDUGSQn5la4ZSFUEYRQPQ/wBnr9mz4G/sp/DpPhR+z78ObLw1oQvZr2a1tXkkkuruZt0tzcTSs8txO5A3Syu7tgZY4FAHmHwC1L4r6n+378X5Piz4L8PaJcx/CvwOmmReHfE8+qJcWY1XxdsmleaytDDKTuBiVZFUAESNkgfQ9eM+B/8AlIX8UP8AsjPgP/07eL69moAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigCtrGj6V4h0i60DXdOhvLG+tnt7y0uYw8c8TqVdGU8MpUkEHqDXyn+zHrGq/sQftBSfsKePtQmk8E+JHn1P4K63eSFhGm7fcaM7nq8bNujzyQ3XLoo+ta8t/a/8A2ZtG/an+Dlz4Ek1JtL12xuE1Lwh4hhJWbSNUh+aC4Rl5Az8rY5KscYOCPUy3E0Yc2GxD/dVLJv8AlkvhmvOLeq6xcl2PKzPC1p8uKwy/fU7tLbmi/ig/KSWj6TUX3PUqK8T/AGH/ANpnWfj58Pr7wr8UdNXSviT4Gvf7H8f6IwCmO7TIW6QDgwzqpdSPlzuAJCgn2yuPFYWtg8RKjVXvR+59mn1TVmn1TTOzCYqjjcNGvSfuyXzXRpro00010aaCiiiuc6QooooAKKKKACiiigAooooA8h/aU+F3ilNRsP2hvg3bD/hMvC8Z8yzXga1p+cy2bgfeOMlO4PTkqR3fwm+KPhb4y+ArD4heELkvaX0WWif/AFlvKOHicdmVsg/mMgg10deA+Oba4/ZF+LUnxe0WB/8AhX3i69RPGVjEpK6RfOdqX6KOiOTh8dz3JQD4/ME+GsxlmcP92qte3XSEtIxrpdto1v7vLV3hNn12Aa4jy+OWz/3mkn7B/wA8dXKg/PeVH+9zU9pxR79RTLa5t7y3ju7SdJYpUDxSxsGV1IyCCOCCO9Pr69NNXR8k007MKKKKYgr5U+K0cn7CX7TqftEaWjRfC/4mX8Vl8RbZB+60XVmOINUwOFSQkrKeBkljuZkA+q6xfiN8PvCXxX8Cat8N/HekpfaRrVi9rf2z/wASMMZB/hYHDKw5VgCORXFjsLLE0k6btUi+aL7Nd/KSvGS7PukedmWCnjKCdJ8tWD5oPtJdH/dkrxkuqfdI2Y5I5Y1licMrAFWU5BB7ilr5s/Ym+IXi34XeK9X/AGEPjXqr3HiDwZbC48Gazc8HXvD5O2CQeskPEbgdAAOdjNX0nV4PFRxlBVErPZp7xktGn6P71ZrRmmAxsMfhlVSs9VKL3jJaSi/NP71ZrRoKKKK6jtCiiigAooooAKKKKAOF/aU+PnhD9mT4Ka98afGrbrXR7Qtb2aNiS9uWO2G3T/aeQqvsCSeAa89/YD+Afi/4a/D/AFT4yfGpPN+JfxOvxrnjKZ0w1puH+j2C5+6kEZ27f4WZgCQFrhdS/wCM8f23U0Nf9J+FnwJ1MS33eDXPFePlj9HS0UnPo+QQVkFfW1e1if8AhOwCwq/iVLSn5R3hD/2+S7uCex4WF/4U8weLf8OleNPzltOf4ezi+ym1uFFFFeKe6FFFFABWB8U/Hdh8MPhxrfxB1LaYtI0yW52MceY6qdifVm2qPc1v18Z/8FRfjv4r0bU9P+A2jGGLTL7TYdS1Z9oZ7gidxHCc/dUNCHP97I7DB+T444lo8JcMYjMZ35kuWFlf95O6h8k9X5R8z6rgvhyrxVxJQy+FuVvmnd29yNnP5taLzfke/fsfeA7/AMCfATRzru5tW1zfrOsyuMO9xdHzTu/2gpRT/u16dXDfs1fETxB8V/gX4c+IHinR0sb/AFGyZri3jjKIdkjxh1U9FdVDgejiu5r0uHIYOnw/hI4Rt0vZQ5W1ZtOKd2nqm7uTv1k/V+bxDPF1M+xcsUkqntJ8yTuk1Jqya0aVklbol6Iooor2jxwooooAKKKKACiiigD5n/b5J+L3j74VfsdWhMkPjLxWNW8UxLyP7H04CeVH9BI+0KT/ABR4r6YAAGAMAdAK+Z/2bP8Ai+X7b3xY/aMm/faX4RWHwF4WlPK7oCJr9h2z55UBh1ViK+mK8vLf3062Kf25WX+GF4r73zs8XKf9oqV8a/8Al5K0f8FO8F98ueXzCiiivUPaCiiigAooooAK8Z/YP/5Ihrn/AGWb4j/+prrdezV4z+wf/wAkQ1z/ALLN8R//AFNdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK83/bJ8cfDT4ZfshfFX4k/GfwKPFHg7w98N9c1PxZ4ZMMcg1fTINPnlurPZIQj+bCjx7WIU78HjNekV5F/wUD+Ffjn46/sF/G74I/DDSF1DxL4y+EXiXQ/D1g9zHCLm+u9LubeCIySMqRhpJEXc7BRnJIAJoA+Wfif+xr/AMEMfgv+xzpn7bnxJ/4Js/Da08J6lp3h+6+zWnw8sp7uH+17mztbVCgABIlvYQ5DYADEZxz7x4I/4JFf8Ev/AIa+NNI+I3w//YJ+Feja9oGqW+paJq+neDrWK4sbuCRZYZ4nVMo6SKrKw5BUGvz3/aM0X/gv9+0L/wAE/NP/AGCrz/gkD4a0u00+w8LWw8SxfHvRZZHGi3+n3it5BkUDzTYBCN/yiUn5tuD9UfCL9sf/AILpeKPix4X8NfF3/gjb4X8L+E9R8RWVr4n8TW/x90q8k0jTpJ0S5u1t0+adooi8gjX5nKbRyaAPuuiiigAooooA8Z8D/wDKQv4of9kZ8B/+nbxfXs1eM+B/+UhfxQ/7Iz4D/wDTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD5a/bZ8AeLvgJ8RtO/wCCh3wO0WW71Dw7aCy+J3h60GDr/h/ILyY6Ge3ADqx/hQZO2Pafoz4efEDwj8VfA2lfEjwFrMWoaNrdjHd6deQniSJxkZHVSOhU8ggg4INa80MNxC9vcRLJHIpV0dchgeCCD1FfIvwmmm/4J6ftPj9m/WpWj+EfxP1KW7+Gt5I37rQNYc7ptJJP3Y5Sd0Q9SANzGRh7lP8A4VcD7J/xqS93vOmtXHzlDWUe8OaP2UeDU/4SMf7VfwazXN2hUeil5RnpGXafLL7TPryiiivDPeCiiigAooooAKKKKACiiigAqn4g8P6N4r0O78NeItOivLC/t3gu7WZcrLGwwyn8DVyipnCFSDhNXTVmnqmno011TTsyoTnTmpwdmndNaNNapp90zwr4G+INZ/Z9+Ig/ZW+IWoyz6Xcq8/w41u5b/j4tgctYu3TzYs/L6r6AoK91rivj18F9J+OHgOTwzc3bWOpWsq3eg6vDkS6feJzHKpHOM8EDqCehwRkfs2/GfV/iLo994H+Itoth438LTC08S6fwBIcfJdR+scg+YEcAnjgqT8llM55Bj1k1d3pSu8PJ9lrKg2/tU1rTu7ypaaypO/1WaQhnuBeb0VarGyxEV3eirJL7NR6VLaRq66RqK3plFFFfXnyYUUUUAeG/tu/ALxZ8R/DGlfGT4KsLb4l/Du6bU/Cdwo/4/VA/f6fJ03RzICu0kfNgZAZs9v8As1/H3wn+0v8AB7Sfiz4TVoReRmPUdOlP73T7xPlmtpBwQyNnqBlSrYwwru6+A/2qf2mNJ/4Jjfti6hrfgDw//bmkfEvQ11nxN4L+2G0S0vxM8S38MvluoMuyXem35mUkkfJjw8wr0snr/XZu1OVoz9dozS6v7MratWf2T5vNMTQyDEf2jUdqM2o1PJ7Qml1enJJLVx5Xryn35RXG/s/fG7wn+0d8HNC+NXgiK4j03XbVpIobpQJIXSR4pY2xwSskbrkcHbkcGuyr2aVSnWpxqQd4tJp909UfQUa1LEUY1abvGSTTXVNXT+4KKKKs0CiiigArwv8Ab1/aG8T/AAZ+F9l4D+EUX2r4kfEPUBoPgSyQ/MlxJgSXjddscCNvLEFQxTdwSa9t1XVNN0PS7nW9Zv4rWzs7d57u6nkCRwxIpZnZjwFABJJ6AV8sfsa6VqX7WPx313/goT43sJU0ZUm0D4OaddIVNtpUbss+obT92S4fcAeGC715Uqa9bK6NKLljK6vTpWdn9qb+CHo2ry/uxfc8jNa9WShgqDtUq3V19mC+Ofqk+WP9+S7M9s/Za/Z68MfsufA7Q/g54Zl+0HT4DJqmpOP3moXsh3T3Lk8ku5JGScKFXOFFehUUV51etVxNaVWo7yk22+7Z6VChSw1CNGkrRikkuyWiCiiisjUKKKKAML4mfEPw58KPAeqfEPxZc+XY6XatNLgjdIeixrnqzMQoHqwry39n34EWXjDQ7/4yftB+CtM1bxL4zukv5LLV7CO4TS7UDFtbIsqnYVQgngHJAPK5qp4p/wCMpP2ho/AEP73wP8OrtLnxAw5j1PV+fKtfRki5LD1ypHKmveq+Nw9KlxNm8sVWipYbDuUKaaTjOp8NWpZppqGtKndNX9rJdGfX16tXhvKY4WlJxxNdRnUabUoU/ip07pppz0qzs07eyi+qGwww20KW9vCsccahY40UBVUDAAA6CnUUV9kkkrI+Qbbd2FFFFABRRRQAUUUUAFfPP/BTf9pj4lfsq/syv8QPhRaw/wBsX+uW+lxX88AlXT1kjlc3GxgVYgxBAGBXMgJBxg/Q1fLHxSsbL9s39tfT/gfeWcWofD/4QRx6x4yt5oxJb6lrcyEWlm6nKuscZZ2ByDmRGHSvLzipWWCdKjLlqVPdi1um+vpFJtvt52PFz6rXWXSoYeTjVqtQg1upPd+kYqUm+iWmrRw//BDj4u+LfHfwQ8U+BNf8Polr4d1xZ7XXFRg2oS3hmlmWRjw8iFFJbrtlQEcAn7frL8H+CPBfw80OPwx4A8IaXoemxMzRado+nx20CEnJIjjUKCT14rUrTKsHVy/LqeGqT53FWvt1f5ba69zXJMBWyvKqWEq1OeUFbmta+r/K9tde+oUUUV6B6oUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRXy1+3D+3z8e/2PPip4I0jTf2LH8T/D3xV428N+GdQ+I8/xEtLBbC81fUksVWKwEM1xcNEZEkbcIkYNgSZBIAPqWivJf2hviF+2l4O8QWFn+zF+y94F8eaZNZl9SvvFfxbuPDsttPvIEaRRaPfCVduDvLocnG3jJ5n/AIJpftoeNf2+f2aD+0X4v+Clh4IguvFWraXodtpXi5tattVs7G5a0/tCG4eztG8qWaKcIDECURXz8+1QDa8D/wDKQv4of9kZ8B/+nbxfXqviG+vbZbSx02RY5r67ECTMm4RgI8jNjudqHHuRXlXgf/lIX8UP+yM+A/8A07eL69S8Qf8AIW0P/sKv/wCklxQAg8P6vjnxzqmfaG0/+MUv/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqVz3xa+Kfgf4G/C7xF8Z/ibqs1h4c8KaLc6tr1/b6fPdvbWdvE0s0oht0eWTaisxVEZsA4BoAu/8I/q3/Q86r/35tP8A4xR/wj+rf9Dzqv8A35tP/jFcve/tO/AbTv2aH/bEvPiRZp8NU8Gf8JYfFYilMJ0c2v2oXQQJ5hBhwwQJvOQoXccV8of8FLP26/8AgoD8HP2Xrv8Abg/YE8H/AAa1j4S6X8LIfGV3rnxRGuRarfCQPKsFtpsKQMgNubd83EsTBpGVkBTBAPtf/hH9W/6HnVf+/Np/8Yo/4R/Vv+h51X/vzaf/ABisr4G+N9W+JvwT8HfEjXre3hvvEPhbT9SvYrRGWJJZ7aOV1QMzEKGcgAknGMk9ap/tE6n+0DpHwb1m/wD2WfCvhfWvHqrAvh/TvGmqT2elyM08aytcTQRySKqQmVwEUlmRV43ZAB0P/CP6t/0POq/9+bT/AOMUh0DWQMx+ONSLDoJILUr+IEIP6ivlH/glh+2X+2H+0n8R/j58FP20dA+Gln4m+Dfjqy0GOb4X22oJY3Cz2K3TEvfSvJKRvChtkWcH5K+w6AKPhzUbnVNJS5vFUTJLLDNsGFLxyNGxA7AlSfxq9WX4P/5BM3/YVvv/AErlrUoAKKKKACuA/ab/AGePBf7UfwZ1b4PeNg0Ud9GJNO1KFf32nXicw3UR4IdG54I3KWU8Ma7+itaNarh60atN2lFpp9mjKvQpYmjKlVV4yTTT6pngH7Cn7Q/jPx9o2s/s9/H7bbfFP4bTrp/ieNj/AMhW3x/o+pxZxvSZNpJH8RyQodRXv9fnh/wXP0P4pfDW98C/tM/Aka3oOpQWt/o3ijxf4ZvZrW4itnMD2sEskLAiMt9oIJ4BwM8rWn/wTz/4KWzeDvgro/g79vfWfE+ialfXjnwp428U6FcJZavYFU8vdeFSHlVxMDI+FKBCXJzX1WL4eq4/LY5tgkmpvWnH4oyV+blV9Y3XMklzRjLZpJnyOE4jpZfmksnxzadNaVZaRlF25eZtaSs+Vyb5ZSjum2j78oqh4a8U+GfGmiQeJfB3iKx1bTbpN9rqGm3aTwTL6q6Eqw+hq/XyLjKLs1Zn2UZRkk07phRRRSGFFFFABRRRQAUUUUAFePftJfDTxVpmsWP7SXwas9/izw1CVv8ATo+Brmm5zLauB95gMsh5ORgAnbj2GivNzfK6GcYGWHqNxejjJfFCcXeM4vpKL1XRq8XeMmn6OVZnXynGxxFNKS1Uov4ZwkrShJdYyWj6p2krOKa5/wCFvxL8LfF/wJp/xC8HXnm2OoQ7lVsb4XHDxOOzq2QR7cZGDXQV4B4shl/Y++Lb/EnTImX4ceMr9U8T2sYymiai5wt6oH3YpDgPjof+ALXvsM0NxClxbyrJG6hkdGyGB5BBHUVxZFmlfGQnhcYlHE0Wo1Etnf4akP7lRLmW/LLng9Ya9md5ZQwk4YnCNyw1a7pt7q3xU5f36bdn/MuWa0lo6iiivfPCCvEf2tP+Cf8A8Af2yr/S9b+KUer2Wp6REYLfVNBvI4Z5ICxbyH8yORWQMWYfLkFmwRk59uorDE4XDYyi6VeClF9Hsc2MwWEzDDuhiYKcHumrrTY+Urj9lT42fsVSnxl+wvqs+u+GEAfXPhH4j1FnjucAb5rC4fJgnbGSp+ViT97Cx16/+zh+1p8KP2mNMuYvCV1c6Z4g0tvL8QeENbh+z6lpcoOGWWFuSoPG9cr2JByo9Orx39o/9jPwF8eNTtviLoGsXng34g6UM6J478Pny7uEgYEcwBAuYuxR/wCEkAqCc+f9Tr5f72C1h1pt6f8Abjfwv+6/cf8Ad3PK+oYnK/ey7WHWk3Zf9w278j/uu8H/AHHqexUV8z+A/wBsf4g/A7xZZ/BT9vjQ7XQb+6l8jQPiTpykaFrpHTzHwBaTkclWwvU/INufpaKWKeJZoZFdHUMjqchgehB7iu3C4yhi4vk0a3i9JRfZrp5PVPdNo9HBZhhsfFum2pR0lFq0ovtKL1Xk9U902h1FFeJfte/tdL8BINM+GXww8N/8JZ8UvFxMHg3whbtksxyDd3JBHlW0eCzMSN21gCAHdPSwuFr4yuqNJXk/kkurb2SS1beiRpi8XQwVB1qztFfNtvRJJatt6JLVv8PFv2x/2pvh3+1b8TNB/wCCc/wM+LFp9p8Va89p8R9ZtZSi2OnW6+bPZQysAs0820x4jLgbWRvvHH2N4U8LeH/A/hjTvBnhPSorHS9JsorPTrKBcJBBGgREUegUAfhX5vfsrf8ABDj4yfCb9pHwp8Xfib8XvDs+j+GtUtNYMOjPcNeXF5CySiEiSJUWPzVwX3kso+6pbj9Ma9/iJZVhoUMJl1b2lOKbk7bzb1b0V9Eklb3Vpd3bPnuGnm+JnXxmZ0PZVJNRir7QS0S1dlzNtu/vN3srJBRRRXzB9UFFFFABXmv7T3xd1f4aeCYNB8Cwi58X+KboaZ4WsxjPnvw059EiU7iTwDtB4NeiajqNhpGnz6tql3Hb21rC01xPK21I41BLMxPQAAkn2rxH9njTr/46fEvUf2sfFVpIlgVk0z4e2NwuDBYqxWS72no8zZ56hdw5BWvmuIcZiZKnleDly18Rdcy3p01b2lX1SfLDvUnH+Vn0eQYTDxdTM8ZHmo0LPle1So7+zp+ja5p9qcJfzI9F+BXwi0n4I/DSw8B6bMbiaIGbU79877y7fmWZieSS3TOSFCjtXX0UV7mDweGy/CU8Nh48sIJRil0SVl/wXu223q2eJjMXiMfip4nES5pzblJvq27v/htkkktEgooorpOcKKKKACiiigAooooA89/am+POk/s1/ArX/i3qMIuLiwtfL0iw5Jvb6Q7LeAAcndIVzjkKGPasH9iD4C6t8BvgZa2njeZrnxh4lu5de8bX8uDJPqdyd8isR12DbHxwShI+9Xn3jD/jLr9uzT/h7H+/8DfBBo9W17vFfeI5VP2WA9m8hMucdG3qw5FfUNeThv8AbMfPEP4YXhD1+3L77QXlGR4mE/4UMzni38FO9OHm/wDl5L70oJ9oy7hRRRXrHthRRRQAUUUUAFFFFABXjP7B/wDyRDXP+yzfEf8A9TXW69mrxn9g/wD5Ihrn/ZZviP8A+prrdAHs1FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfnp/wAF7v2xf2Wvg/4O+FvwZ+KHx58NaF4ri+OXw98VyaBqWpLHdLolv4khafUCh58hBbXBZ+g8l/Sv0LooA+P/APgox+25oF//AME0dQ+Jn7GvxD0zxPrfxkntvAnwd1jRLwSQ32s6vcnTopoZF4JgzcXBPQC0b0r6I/Zo+Angv9lr9nrwT+zh8O4NmieB/C9lounEoFaVLeFY/NfHV3Kl2PUsxJ613FFAHzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPc/EH/IW0P8A7Cr/APpJcV5b4H/5SF/FD/sjPgP/ANO3i+vUvEH/ACFtD/7Cr/8ApJcUAcN+0b+zP/w0V/Y3/GQPxO8C/wBj/aP+Sc+K/wCy/t3m+V/x8fu383Z5XydNvmSdd3HmP/Ds/wD6yBftN/8Ah1v/ALmr6bor0aGbZjhqSp0qlorpywf5wb/E83EZPluKrOrVp3k93zTXlsqkV+CPmT/h2f8A9ZAv2m//AA63/wBzUf8ADs//AKyBftN/+HW/+5q+m6K2/t3Nv+fv/ktP/wCVGH+r+T/8+v8Ayap/8tPmT/h2f/1kC/ab/wDDrf8A3NXT/Bz9hv8A4U98SNO+I3/DYPx08U/2d53/ABIfGXxB+3abdeZC8X76DyV37d+9eRh0Vu2K90oqKmdZnVpuE6l01Z+7DZ+lNP7mvU0p5HlVGopwp2ad171TdetRr70/QKra1o2k+I9Hu/D2vadDeWN/bSW97aXEYaOeJ1KujKeCpUkEdwas0V5Z6p+GGn634s1b4aaZ/wAGwt/qd9Jr1l+0g/h7Up3kb7RJ8I7cr4jS8aX+F3tmis1GcEDZk5wfvr/gvL8TPg78P/8Agk/8cPhZrPxB8NaJq2pfCq+i8P8Ahy61a3trm6QKEVbe3Zg0gGNoCKemO1fVEfwD+BUPxhk/aHi+C3hJfiBLpn9my+OV8OWo1h7Pj/Rje+X55i4H7vft4HHFYXxu/Yy/Y+/aZ1qz8SftIfso/DX4g6jp1qbbT7/xv4F0/Vp7WAsXMUb3ULsibiW2qQMknFAGF+w58Zvg/wCPf2TfBE/gT4q+G9bTQPAGjJrraPrlvdf2cwsI8rP5bt5R+R+Gwflb0Ndt4W/aF+A/jf4P2/7QnhL4zeF9Q8B3Vu1xb+MrbXYG0uSJZDE0gud/lbRIpTO7G4EdaofBn9k79lj9nHStW0L9nn9mn4f+A7HXtn9u2fgzwbY6XFqOxWVPPS2iQTbVdwN4OA7AdTVqL9mn9nKD4KH9mqH4AeCU+HJtTbHwAvhWzGieSZTKYvsPl+RsMhLldmNx3YzzQB8J/wDBJv8AaH+AFz/wUL/bUs7f45eDpJvFXxs0c+GIk8TWhbWB/Y8CZtQJM3Hz/L+73fNx1r9Iq8T8E/8ABNT/AIJzfDXxdpvxA+HP7AXwT0DXtGvI7vSNb0T4VaRaXdjcIdyTQzRW6vE6kAhlIIIyDXtlAGX4P/5BM3/YVvv/AErlrUrL8H/8gmb/ALCt9/6Vy1qUAFFFFABRRRQAVR8R+GfDfjHRbjw34u8P2WqaddJsurDUbRJ4Zl9GRwVYexFXqKabi7p2YnGMlZq6PmXxN/wTM8C+FdbuPHX7H3xW8SfBvX5n8yWPw3cm40i6ft5+nzExuOmFUqo/u1R/4aJ/b2/ZoP2f9pj9nSD4keHYPv8Ajb4TZe7RB/HPpsuHLY5YxlUXHevqiivWWcVqq5cZBVl/e+NelRWl9/MvI8eWS0KTc8FN0X/d+B+tN3h9yg/M8t+Af7aP7M/7S6fZ/hJ8VtPvNSUH7RoN4xtdRgZfvBraYLJ8pyCwBXI6mvUq8o+Pn7Ef7Mf7Sj/2j8UPhbZSawhDW/iPTM2epQuv3WFzCVdtp5AcsvtXlv8Awof/AIKC/szfvv2ePj/a/FTw5B93wd8VDt1FEH8MOpR4Lv0A83ai46Gn9VyvF/7vV9nL+Wpt8qkVb/wKMfUn63m2D/3mj7SP81Lf505O/wD4BKXofVNFfNHhP/gpr8M9E16DwF+1l8OfEfwa8RzNsjj8XWpfTLl+/kahGPKkQf32CLx1r6M0LX9C8UaRBr/hnWrTUbC6jD2t7YXKzQzKf4ldCVYe4NceLy/GYJr20Gk9nvF+kleL+TO7CZjgsen7Com1utpL1i7SXzXzLdFFFcZ2hRRRQAUUUUAUfE3hrQvGXh698K+JtNjvNP1C2aC7tpRlZEYYI9vqOQeRXjXwG8S658CvH5/ZR+JOpST2pief4d63cn/j+shybNm/56xDgDuo6AbM+51w/wAf/gtp/wAbvAraGt82n6xYTreeHdZiyJLC9TlJARztJ4YdwfUAj5zPcuxUpwzLAL/aaKdleyq03rOlJ/3rc1Nv4Kii9pTPockzDDRhPLsc/wDZ61rvd05rSNWK8r8s0vjpuS3jA7iivNv2b/jTqHxP0C88L+O7Ead408MTiy8UaYcDEo+7cIO8UgG4EcdQMjBPpNerluY4XNsDDF4d3hJddGmtHGS3UotOMovVSTXr5eY5ficrxs8LiFaUX01TT1UovZxkmpRa0aafoUUUV3HEFFFFAGP488AeCfih4UvPA3xD8L2Ws6Rfx7LvT7+ASRyDscHoQeQwwQQCCCM180y/Dj9pH9gKRtV+BcepfEv4SxMXuvAV3OZdY8PxdS2nytzcRL/zxbngAclpK+rq8b/a7/a40v8AZv0bTvCvhLw7J4p+IviuU2vgnwVZHM19OePOlx/q7dOrucDAIBHJXF5RLNcTGNC6q/ZkrJpbu99HBbyUvdtd6bnjZvh8EqX1upN05wWk4/Er7Rt9tN2XI07t6Weq4j4kf8FN/hDc/DPSLn9mc/8ACd+PvF87WPhPwRbgpdR3YHztexkhraKLO52bAYD5W25deo/ZB/ZFu/gtPqfxm+M/iNfFfxZ8XASeKvFEi5W3U4K2NoCB5VtHhQAAN+0EgAIq+S+C/wDgmd8V9AsG/aHtf2gbnSvj7qN9Nqmq69aQqdHkeYKW01rYLhrYbQu/G4nL7ThVHpnwU/bZuJPG8P7P37Wfg5fh98RG+WyWaXOleIBnAlsbgnadxx+6Y7gSFBZgQN55xLLaby6pZOTs60b8lXXSKbScF/cl8cveUpLlivHwVfEyxtOtnMeSWnsv+fabVrvV8tZ9pO0U+WnJvmb+gaKKKR9iFFFFABRRXKfGz4s6H8E/htqXxC1xfNFpHts7NT893ctxFCvfLNjpnAyegrnxeLw+Aws8TiJKMIJyk3skldv+t9EtWjowmFxGOxUMPQi5Tm1GKW7bdkv6829Ezzn9pHVtT+M3j7TP2SvB17JFFfRrqHjy/t2wbPTFYEQZHR5mwMehGQVY17TpGkaZoGk22haLZR21nZW6QWtvEuFijRQqqB2AAArzj9l34T654C8JXfjT4hsJvGXi+6/tLxLcMOY3Yfu7YeiRKdoHQEtjjFen14PD2ExFR1M1xkXGtiLWi96dJX9nT8nZ89TvUm19hHuZ/isPTVPK8JJSo0L3ktqlV29pU81dclP/AKdwT+2wooor6Y+bCiiigAooooAKKKKACvOP2sfj5Yfs1fAfXfipLbi5v7eAW2g6ftLNe6hKdlvCFHLZcgkDnarHtXo9fL2u5/a7/bxtfDC/v/AvwLZL7Uu8V/4mlU+TH6N9mQFuOVkDKRhq8/Ma9SlQUKX8Sb5Y+Te8vSKvJ+iXU8vNsTVoYZU6D/e1HyQ8m95ekI3k/RLqej/sU/AO/wD2fPgRY6B4ruDdeKtbuJda8aag7BnutUuTvmLMPvbfljB7iPPc161RRXVh6FPC0I0ae0VZf13erfm2dmFw1LB4aFCkvdikl8u/m9W31bbCiiitjoCiiigAooooAKKKKACvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9epeIP+Qtof/YVf/0kuK8t8D/8pC/ih/2RnwH/AOnbxfXqXiD/AJC2h/8AYVf/ANJLigDUorjPi7+0J8IPgP8A2f8A8LW8Xf2V/avm/YP+JfcT+b5Wzf8A6mN9uPMTrjOeM4NcX/w8I/ZB/wCiu/8AlA1D/wCR68LGcUcM5diZYfF42lTqRteMqkIyV1dXTaaunf0PbwfDPEeYYeOIwuDq1KctpRpylF2dnZpNOzVvU9norxj/AIeEfsg/9Fd/8oGof/I9H/Dwj9kH/orv/lA1D/5Hrl/124N/6GVD/wAG0/8A5I6v9TeL/wDoX1//AAVP/wCRPZ6K8Y/4eEfsg/8ARXf/ACgah/8AI9bXw9/bG/Zw+KvjCz8BeAviN9v1a/8AM+yWn9kXkW/ZG0jfNJCqjCIx5I6Y64Fa0OL+E8TWjRo4+jKcmkkqsG23okkndtvRIyrcJ8U4ajKrVwNaMIptt05pJLVttqySW7PTaKK5X46Xvxd034LeLdS+ANlo9z45tvDl7N4PtfEEEktjcaksDtbRXCxSxOYmlCK211IDEg8V9EfPnVUV8Oal/wAFgrRf+CI8H/BUTR/CtjN4svvBsUFj4QMMpifxlJcDTf7M8oOJmjXU8oUDCTykJyD8w8w/4Lm/sJ/Db46f8EwfHH7XX7XXhL+0vjF4J+BKqBoXiXVLXQtN1WJGmmmttPF20L4nmlCvP5z7FjBY7QaAP0yorz39kj/k1L4Y/wDZPdF/9IYaT9p39l/4V/te/DA/Bv40jW5fDc+ow3Wo6fofiO70tr9YskW801pJHK0LE5aMOA20A8cUAeh0V+Vmrfs1fAL9jj/gtL8AfgX/AMEr9CvPCmr3Wm6xqf7R3hDw5rV3NoqeF/soWzudTglleOK6a5YCBgBIzMpbKlCf1ToAy/B//IJm/wCwrff+lctalZfg/wD5BM3/AGFb7/0rlrUoAKKKKACiiigAooooAKKKKACiiigDN8WeDvCPj3QZ/C3jnwvp2s6ZdLtudO1WyS4glHoySAqfxFfOmu/8E0fD3gLV5/Gf7Fvxp8TfB/WJpDLLp+lXBvtEupPWawuCUPoNpCqOi19O0V24XMcbgk1Rm0nut4v1i7xfzXzOHF5bgcc060E5LaSupL0kmpL5O3kfK/8Aw1B+2/8As1/6L+1d+zMPGmgwcP48+EZa5ZUH8c+nSkSrxy7qQg5wDXr3wF/a/wD2bv2mLTzfg18WdL1W6VS0+kPIYL6DHXfbShZVAORu27eOCa9KryD49fsJfsv/ALRl5/b/AI++Glvba+jB7fxVoMhsNThkH3XE8OGcjsJN4HpXZ9ZyrGfx6TpS/mp6x+dOT/8ASJL0OP6rm+C/3eqqsf5amkvlUiv/AEuD9T1+ivlb/hT/APwUW/Zj/e/BD40af8ZPDUH3fC3xIYW2sJGP4IdRTCyuePmmwo7LWt4J/wCCm/wdg8Qw/D39prwf4g+DniiU7VsfHNmY7G4bu0F8o8mSMf322A9qmWTYipFzwklWj/c+JesHaa+SkvMcc7w1OShjIujJ/wA/wv0qK8H83F+R9J0VX0rVtK13TYdZ0PU7e8s7mMSW91aTLJHKh6MrKSGB9RVivJaadmewmmroKKKKQzxv9pD4c+KfDmv2f7TnwcsTJ4l8PQGPWdLj4GuaZ1kgYDrIoG5DyeMYJCgej/DT4jeFviz4H074geDb8XGn6lAJIicbo26NG47OrAqR6g1u18C/tEfG74ofsk/tJ+JfCfwSvX0bQ7+7ttTl0q4s45ra5mkhRpXiDoTGjMWUhCOUIyMAD834nzrC+HmIeb1FJ4XESUakIq7jVa92rFaL31Hlqq6u1CavLmUv0PhrJ8Vx9h1lVNpYmhFypzk7KVJP3qUnq/dcuam7OycoO0bNffVFeG6H+2s/9i2d54z/AGbfibp801rHJPNB4UaW13FQTscPkrnplQcYyKtD9vj9nS0OPEmq65ox7jVPDV2mPrtjavfhxtwnKClLGQhez9/mp766+0pw79/meHPgzimMnGOElO2nucs9u3JOf5fI9oory7Sv21P2WdYx9k+NOkpnp9q8yD/0ai4rnP2iv29fg98HPhwfEHw/1mx8c+I9QmFn4c8NeHdQjuJLq7fhPNaMnyIR1aR8ADgZJAPrYDOskzStGlhcXSnKTsrVaf61F9/RHk4/J85yyjKrisLVhGKu70qn6QfyXVmp+1z+1toX7NHh6w0bQ9Bl8T+PfE8xs/BHgqwObjUrk8b2xzHAhOXkPAHA5rE/ZE/ZJ134aazqP7Q/7Q+vQ+J/i74qiH9t6wBmDSLc8rp1kD/q4U4BIwXIyeMVR/Y1/ZmvfDmv3/7TX7QHjDT/ABb8W/E8AGo6haTrLa6DanldOsQCQkag4Zhy5zyRkt9E19VXxeGwuHeFwU1JS+Oovt/3Yv8A59p/ObV37vLE+Vw+DxOLxKxeOg48v8Om/sf3pLrUa+UE+Ve9zSCuR+NfwJ+FP7Q/gif4ffF3wfbavp0vzReaNsttJjAlhkHzROP7ykdwcgkHrqK8WpTp1qbhUScXunqmerVpUq9J06sVKL0aaumvNM+UF8T/ALS//BPpha/EB9W+KnwegOIfEcUfm6/4Zh7C6Qf8fcCj/loOVAJO0BUP0j8Nfif8P/jF4OtPiB8MfFtlrWj3ybre+sZdyk91YdUcdCjAMp4IBrdZVZSrAEEYIPevm74lfsYeMPhh4yu/jv8AsJ+JLXwl4iuX83XPBV4p/sHxFjkh4lwLaU84kTAyf4NzPXl+yxeW60b1KX8t7zj/AIW/iX92Tuvsyex4vscdlGtC9Wj/ACN3nBf3G376X8knzL7MnpE+kqK8W/Z1/bR8IfGPX5vhL8QvDl34E+JOnLjVPBOvMFlfAyZbWThbqIgEhl5wM424Y+016GHxNDF0vaUpXX5Pqmt011TSaPVwmMw2Oo+1oS5l+KfVNOzTXVNJrsFeC6Vj9qb9opvET/vvAvw0vTFpw6xaprYHzS+jJAMAH+9ggkMRXRftUfEvxHoujad8HfhjNnxj43nax0tkPNjb4/f3jY5UImcHrk5GdpFdt8KPhp4c+D/w90v4c+FYdtpplsIxIRhppDy8rf7TMSx9z6V8xjv+F/Oll61oYdxnW7SqfFSpeajpVqLypRe7R9pgf+EHJnj3pXrqUKXeNP4atXyctaVN+dWS2TOiooor64+UCiiigAooooAKKKKACiiqmv67o/hbQr3xN4h1GKz0/TrSS6vrudsJBDGpd3Y9gFBJ9hSbSV2JtRTb2R59+158foP2bPgNrPxJgt/tWrFFsfDWnBdzXupTnZbxKo5b5juIHO1GxVb9jH4A3H7OnwG0zwfr9z9q8SajLJq3jDUXfc93qlyd87s38W04jDd1jB6mvmnwB+1h8Hf+Cg37f3hHw/puq3Nt4V8Aaddar4b0vVrfy313W1OBOEBYbIYQZYwxDgox2gFgPuuvGwFejmmLnjKclKELwhb5Ocvm7RX91dmfPZXicPnOOqY+lJSpwvThbXs6kvm7RX92Lez1KKKK9o+iCiiigAooooAKKKKACiiigArxn9g//kiGuf8AZZviP/6mut17NXjP7B//ACRDXP8Ass3xH/8AU11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiivkL/got+1J+3h+yl8RPh74y+FGh/CO4+FXiD4leEfCevf8JDFqlx4hkl1bV47KdrdIZIbaFY45VZHdpSWzmPAGQD69or5U/b8/4KB6l+zl8UvCv7N/wy8YfDTwz4n8Q+Hr7xLr3jj4waybPw74T0K1nt7Y3VwFlha5mnurqGCGBZogSJGaRQgDexfsm+NfiX8Rfgrp/jX4ofE/4beNLrUJpZdO8U/CZZl0XUbPOI5YhNcXJDZDBts0i5HDdQADC8D/APKQv4of9kZ8B/8Ap28X16l4g/5C2h/9hV//AEkuK8t8D/8AKQv4of8AZGfAf/p28X16l4g/5C2h/wDYVf8A9JLigDUooooAKKKKACiiigAooooA/KrR/wDglj+2Ha/8FN4vhLc+ArQfsgab8fJ/jrYat/blp5jeIpNOXZpAsxL56QR6o0l0B5Xkle4bFe+/8FsrL9t74yfsr+N/2PP2Tf2FdT+JcPxI8B3enXPjC1+IWiaTBolzIxRY5LfULiKSf5QH3J8vzYzkV9sUUAfOP/BPr4g/td6j+zzH4I/aP/Ye1P4V6v4I8M6bpmh2upePtH1ceInhtDG7o2nzSLbAPEgxKQf3oIztNc78f/jp/wAFVLv/AIJuJ8SfgB+w7pth+0drkX2U/Di98eaXd23hlnmlQ3jXkk0Vre+XCscqxhwC8qg5COD9YUUAfnb/AMEuPCH7WP7Jj2vw78Vf8Eo/iJb614815L/4wfHfxj8XfCeoahrF++fM1C7jtb+Sdoo8sIrWEMIkO1QWLs36JUUUAZfg/wD5BM3/AGFb7/0rlrUrL8H/APIJm/7Ct9/6Vy1qUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABWT428BeB/iV4em8JfEPwfpmu6XcDE+n6vYx3EL+5SQEZ9+1a1FVGUoSUouzXVaEyhGcXGSun0eq+5ny/qv8AwTZh+GOpTeK/2H/jz4l+E+oSSGWTQopjqWg3L9T5llcEhSem4NhQflWq/wDw1t+2N+zd/on7YX7LsniDRYOJPiB8JC17AEH/AC0nsZMTQgDlnyF67VNfVFFess4qVly42CrLu9J/KcbS/wDAudHjvJadB82BqSovtHWHzpyvH/wHkZ578Cv2rv2d/wBpbTP7R+CfxZ0nXHWPfPYRT+XeQD1kt5AssY7ZZQD2Jr0KvGfjr+wH+y7+0Bqf/CVeKPh8ukeJUk8238XeFZzp2pwy9pPOhx5jDt5gcD0rzz/hXH/BST9mEeb8LPifpXxw8MQfd8PeOWGn67HGP4Ir9f3c7erzevC0/qeW4v8A3WtyS/lqWX3VF7r/AO3lD1F9dzTB6Yqjzx/npXf30376/wC3XP0PqmsnxB4B8C+LNQtdW8U+C9J1O6sW3WVzqGmxTSW5znKM6koc88YrwjwB/wAFNfgXfeI4vh1+0BomufCHxY/H9j/ECxNrBMehaG8/1MkeSMOxTd2FfRFhf2OqWUWpaZexXNvPGHguIJA6SKRkMrDgg+orzMfldailTxlHR6rmSlF21TTtKLtumm7b6M9PL81oYhupg62q0fK3GSvo01eMo32aaV9tSWggMNrDIPUGivK/2r/2rfBf7K/geDV9U0+41vxJrVx9i8H+ENMG691q9bAWKNQCQgLLvfBCgjgsyqxh8PWxdaNGlG8paJf106tvRK7bSQ8TiaGEoSrVpcsY6t/1u3skrttpJNsxP2yPjj8Ff2d/B1tceIPhpp/ivxZ4huPsXg3wbb6bFNea1eNgKiqVYrGCyl5MEKCAMsyqeN/ZY/4J/wCk6PpGp/E39qnQ9I1zxr4slFzf6LZW6xaT4fjP3bO0gjwgKjAaXlmI+8eWfa/ZN/ZS8aaR4yuv2sf2r9Qt9b+LGv2+yOKM7rPwrZHO3T7MZIUgEh5ASWJYAnLvJ9D1WZ5dkCoPCLD0qrfxzlTpyu19mDlBtQT3as5vXSNk88sx+fSrrGTr1aSX8Omqk48qf2pqM0nNraLuoLTWTk15DqP7Bv7KGov5zfCWG3kByslnqd3CVPsElA/Sqv8Awwx8KrP/AJFnxv450TH3f7K8Wzpt+m/dXtFFfIy4M4SlLmWBpJ94wUH98HB/ifXR4w4qjHl+u1Wu0puS+6amvwPF/wDhkzxlpn/IsftcfEuHH3RqerR3gH/faDNH/Cj/ANrHSjnQv2y3nQdINV8EWkmfq4bdXtFFL/U/I4/wlUh/gr14/wDuaRX+tudS/iunP/HQoS/9xI8X/wCEb/b10n/kH/Er4davjp/auj3Vvu+vknij/hKv28dJ/wCQh8Kvh/q+Ov8AZWuXFvn6ecOK9ooo/wBWHD+DjsTH/uNzL7p05fmH+sin/FwWGl/3C5X98KkfyPlD9orwb8Tv2h9Ah0z4w/sN3yahpzeZonirwt46tBqOlzA5ElvIF3rggHacqSASMgEcL4b/AG6f2rv2SvB97o37WvwP8S67pFpH5WgeP5NN8klzhYotR2bkBJIHmq25sDh2JYfdNUfEnhrw/wCMdAvPCvivRrbUdN1C3aC9sbyESRTRsMFWU8EVyS4ZzalVnXoZlU53Fr3oUXd2aXM4whez2bi2vNaHiZhLKsXWjicNgqdCunFuUJVXGaTXu1KcptTi1pdShON/cmtj5K/YE+PR/aL/AGhPFPj/AMcadDca9c+HYm0i8smJtLKxjkVHgiUliu55EfO45w3TJz9h18m6j+xv8SP2NfFd78Y/2BrO2vdNu0U+JPhZrdyWjvo1yc2V1IS8EvJIRmKknuAqV7D+zf8Atb/Cr9paxurPw1NdaT4l0k+X4h8G67D9n1LS5QcMJIm5ZQeN65HIBwcqM+C8Fjcgy7+zszq8+Ic6k+dq3tOeXNfm2lJL4tpaJcvKla8/4twnEGdpvDfVZckIRp83NTfJGz9jJ293qoO043fMpNuT9Rooor7Y4gooooAKKKKACiivOf2jf2o/hV+zH4Zh1nx9qM1xqWoSeToPhvS4vP1DVpyQFighHLZJALHCgkAnJAOVatSw9J1KslGK3b/r+uiZjiMRQwtGVWtJRit29v67LVt6JN6HbeK/FnhjwJ4cvPF/jPX7TS9L0+AzXuoX86xRQoOrMzHA/wAivlnXfHHxq/4KPx3ngb4Mi98E/Be6WS01zxxe2m3UPFEByksFhDIP3cDDKtKw5Bx2aM6XhT9mj4w/te+I7P4uftywrp3h61nFz4Y+DllcFrW2/uTak4x9pmx/yz+6OQQAzR19QWdnaadaRafp9rHBBBGscEEKBUjRRgKoHAAAAAHSvMcMTmq99OnRfTac159YRfb4mt3FOx4zhi86X7xOlh39nadRf3usIP8Al+OS+JwTsfJX7H//AAST+H37KHxx/wCF3H4p3/iO5sI508PWc2mLbCyEqNEzSMsjee/lOyghUHzE7emPrmiiuzA5fg8to+yw0OWN27a7v1ud+W5Xl+UYf2GDpqEbt2V9311bf/A0Ciiiuw9AKKKKACiiigAooooAKKKKACvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvgz/gt18XNXj8O/Dj4L+Df2dfjF4z1XTPi74G8a3954B+Ems65YQaXYa/HPdBrqyt5IluEitpH+zlvMKtGduJFz950UAfnL+034Q0Hxd+3t8Cv+CtWufshfEfxv4CtvhprfhPVPDsnwtvZ/EPhS/a8E1lqcuhyxfbSrL9thJSFnjE0b42uGHr//AASJ+Enjn4feFPjL8QtW+DuqfDfwl8SfjZqfif4dfD7W7BbO70nSpbSzgaWW0B/0Frm5gubn7MQCgmBYBnYD67ooA+ePgF8MfDfwu/b9+L+n+GtS8Q3Meo/CvwPfXDeIvF2o6w6Svqvi4FYnv55mgi+UYhjKxKclUBY59z8Qf8hbQ/8AsKv/AOklxXlvgf8A5SF/FD/sjPgP/wBO3i+vUvEH/IW0P/sKv/6SXFAGpRXnH7QX/DXf/Eo/4ZW/4Vv/AMvH9vf8LB+3/wDTPyPs/wBj/wC22/f/ALGO9eb/APG3b/q3D/yv1w1sd7Go4eyqSt1jC6+T5l+R5uIzL6vWdP2FWVusYXT9Hzr8tz6Por5w/wCNu3/VuH/lfo/427f9W4f+V+sv7T/6cVf/AAD/AO3MP7Y/6hq3/gv/AO6H0fRXzh/xt2/6tw/8r9dJ8I/+HjH/AAsLT/8AhfH/AApT/hFP3v8Aav8AwiP9r/2j/qn8ryvtH7v/AFvl7t38G7HOKqGY881H2NRX6uFkvV870NKea+0qKH1esru13Tsl5t87su7sz2uiiuV+Onwc8FftD/Bbxb8BviPYfadA8Z+HL3RdYhAGWtrmB4ZNuejBXJB7EA9q9E9U6qvlz/goH/wVe+En/BOqacfEr9nP41+M7aw8MjX9Z1b4bfD1tR07SrDzZYjJdX0ssNtAwMLko8gbaVOPmXPwXN+1h8ZvEv8AwRW03/gl/L4iZPj9f/Fb/hmLUZVyXiWGbyp9UK53tb/2EokM2cFpN249/sf/AIK8/DDwd8Ev+CFfxk+DXw70sWWgeE/gjLo+iWa/8sbS2tkhiT3wiKKAPrf4deN9J+Jvw+0L4kaDb3ENj4h0a11Kyiu0VZUiniWVFcKzAMFcAgEjOcE9axP2gvjTbfs+fCjUvitdfDPxn4xXT5IEXw78P/Dsmq6tdtLMkSiG2QgsAXDMxIVEVnYhVJqj+yR/yal8Mf8Asnui/wDpDDXoLBipCtg44OOlAHyv8Jf+CtXwh8cfHTwz+zr8Yv2c/jN8F/E3jh5ovAyfF3wTHYWniCeKMySW1tdWtzcw+eIxu8qR0Y5AALMAfqmvyx/ac+GH7VH7PH7df7LPxh/4KVftQ2Hxu8B3XxitfC/w+07wf4Og8J/8I/4x1K2njsdRurQPdPqUIEcicXUXkMwfZICyn9TqAMvwf/yCZv8AsK33/pXLWpWX4P8A+QTN/wBhW+/9K5a1KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDE+IHw1+HvxX8OS+EPib4I0rX9Lm/1lhq9hHcRE/3grggMOzDkdjXzvff8E4tV+EN7L4k/YV/aH8R/DGdpDK3ha7lOq6BcMTkg2twSYi3ILqzFQflUV9R0V3YXMsbg4uNKfuveLtKL9YyvF/cn5nBi8swOOkp1Ye8tpK8ZL0lFqS9LteR+f37Wf8AwUw/bp/Yk8L2HhT41/s6+CZfEerSyDQ/F+maxNPpGoRw7PO/0TKTxuPMj4aRAd+QMDFdN/wSjktv2um8Qft9fGmaTWfH7a9caFpyzW+yx8PWkcUUgh0+Ms2wMtxhpCd5ywzku0n1L8d/2cvgn+014QTwJ8c/h/a+INMiuBPBDPLJFJDIBjdHLEySRnBIO1hkcHIrT+FPwk+G/wADvAtl8NPhP4RtdD0PT1ItbC0BwCTlmZmJZ2J5LMSx7k17dbOsreSOjh8P7PETdpSjonG92ldtpPS8VZabtPlPCo5Hmqz1V8Rifa4aCvCEtZKdrJu0Um462k7vXZNcx0dFFFfLH1gUUUUAFFFFABRRRQAUUUUAFeQftIfsbfD74/X9r490rVLzwj4+0kZ0Lx34ebyr22YDhJcEC4i7GN+xYAruOfX6KxxGHoYqk6dWN0/6uuqa6NNNdGc+KwmGxtF0q8VKL/Po09010aaa6M+ZfA/7YXxH+Animz+DH7fWi2ujXN1KIPD/AMTtNQjRNbPYTHAFnORyVbCdThF27vpiGaG5hS4t5lkjkUNHIjAqykZBBHUVl+OPAng34l+FbzwR8QPDNlrGkahF5d5p9/AJI5F9wehB5BHIIBBBFfNE/wAL/wBo/wDYGnfWf2fI9R+JHwpRi958O725MmraDHnLNp0rZM8Y/wCeDZPGBks0g87nxeW/xL1KX8284/4kvjX95LmXVS3PJ9pjso0q3rUf5t6kF/eS+OK/miudfajLc+raK4f4C/tF/CL9pXwaPGvwl8VR38KMI7+ykHl3VhL3inhPzRuMHrwcZUkc13FenSq0q9NVKck4vZrVM9mjXo4mkqtKSlF6pp3T+YUVT8Q+ItA8I6Hd+J/FOtWunadYwNNe317OsUMEajJd3YgKB6mvl3U/jD8dv2+NRn8G/sv3194J+FyTNBrXxSuLdo73WFB2vDpcbYKKeQZzgjnG0rtfnxeNp4VqFnKcvhit3/kl1k7Jeb0fJjsxo4Jxgk51JfDCPxPz7KK6ylaK7t2T6747/tmapb+OJf2dP2TvCkXjj4kMNt6BIf7L8OLnBmv5l4BU/wDLIHcSMHBKq2j+zl+xnpfwv8TTfG34y+K5fHnxQ1KP/iYeLNTjGyyUg/6PYxfdt4gCVG0BiCfug7B3XwI/Z8+FH7N3gaLwB8JfDEen2gPmXdwx33F9NjmaeU/NI59TwOgAAAHa1hRwVSrVVfGNSktYxXww9P5pf33/ANuqK35sPl1atWWJx7UprWMV8EPS/wAUu85K/wDKorcooor0z2QooooAKKKKACiiigAooooAKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPGfA/wDykL+KH/ZGfAf/AKdvF9epeIP+Qtof/YVf/wBJLivLfA//ACkL+KH/AGRnwH/6dvF9eoeKWNrJpurOjGGy1DzLgqpJVGhlj3YHYGQE+gyaANaisoeOfBJGf+Ew0sfW/jH/ALNS/wDCc+Cf+hw0r/wYR/8AxVAGpRWX/wAJz4J/6HDSv/BhH/8AFUf8Jz4J/wChw0r/AMGEf/xVAGpRWX/wnPgn/ocNK/8ABhH/APFUf8Jz4J/6HDSv/BhH/wDFUAalFZf/AAnPgn/ocNK/8GEf/wAVR/wnPgn/AKHDSv8AwYR//FUAfOVn/wAEjv2VrH/gpRN/wVJhv/FJ8fS2bougtqcH9hRXj2Cae+pJbeR5gu2tEEJk83aQSduTmrf/AAUD/wCCZ3hv/golo7+D/iF+1v8AGrwR4YvNBk0nXPCPw48TWFnpuswu5ZmuormxuDI+DtyGUbQBjvX0F/wnPgn/AKHDSv8AwYR//FUf8Jz4J/6HDSv/AAYR/wDxVAHj37H/AOwyv7IPw61n4Y237Wvxk+Imn6nY29np0nxL8S2d7NoUEMLxLHYtbWduIQVYZ3B+Y0xjBzVX/gn54f8A+GPfD37H7/tT/G4p4ZuVuLD4lx/EN4vFssyzSyh59QjiUTD980ZRoyjRqqspxXtf/Cc+Cf8AocNK/wDBhH/8VR/wnPgn/ocNK/8ABhH/APFUAfMfwq/4JC/Bfwf8cvDX7RPxs/aI+M3xt8S+CJnuPA7fGHxvHqFn4funXYbq2tLW3toBPt4EsiO4wrAhlVh9YVl/8Jz4J/6HDSv/AAYR/wDxVIfHXgsD5fFumueyx3qMx+gByfwoAXwf/wAgmb/sK33/AKVy1qVmeEIpo9DEk8LRme6uLhUdcMFkneRcg9DhhxWnQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeD/Hr9iex8XeMj8ef2d/F8nw8+JkKk/27p0Q+yauOvk39vjbOjYAL4LDgnftArzTX/wDgq1a/s3xv8O/20Pgn4g0Tx1ZqhMHheGG6sdVgbcFvbaSWZNsTMjAqSSp4ySGC/YdfMn7eH/BNDwd+234m0bx2/wARrrwxrelWIsJbtNNF5Fc2gkeRYzGZI9rK8khDBv4yCDxjwMzweOw9KVfKtKresdOWV93Z2Sku6av1voz5fOcBmeEozxOSWVZvWDtySvvLldkpre6cebXmvoznPhN8NPHP/BSCz0r9oP8AaT1qC3+Gks5ufCHwu0S/LwXPlyMon1KZcec4ZSPKGApGCF+dW+t9M0zTdF06DR9H0+C0tLWFYra1tohHHDGowqKqgBVAAAA4ArlP2fvgl4T/AGcvg5oXwV8ES3Emm6FatHFNdMDJM7yPLLI2OAWkkdsDgbsDgV2Vd+XYN4agpVNaskueV7tu2qv2TvZKyS2XV+nlOAeDwynW1rTSdSTd25W1V/5U7qKSUUtl1ZRRRXoHqhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV4z+wf/yRDXP+yzfEf/1Ndbr2avGf2D/+SIa5/wBlm+I//qa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeM+B/+UhfxQ/7Iz4D/wDTt4vr2avMfib+yD8Fviz8SJfi54km8a6f4guNDtNIu77wj8UfEGgC5s7aa6mt45YtMvreOUxyXt0Vd1LDzmGcYAx/+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9cjrP7AWjSfHjw3qOj/Ev4wp4Hi8I63H4isz+0d4y3y6q91pR06QZ1XfhYE1QHawXMi7gx2FQD6Uorxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLej/hg/4I/wDQ8fGb/wASO8a//LegD2aivGf+GD/gj/0PHxm/8SO8a/8Ay3o/4YP+CP8A0PHxm/8AEjvGv/y3oA9morxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLeuR+Cf7AWjWHg29g+MvxL+MN3q7eLvEElnLD+0d4ywulPrF4+lx/u9VUZTT2tEORuyp3FmyxAPpSivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9morxn/hg/wCCP/Q8fGb/AMSO8a//AC3o/wCGD/gj/wBDx8Zv/EjvGv8A8t6APZqK8Z/4YP8Agj/0PHxm/wDEjvGv/wAt6P8Ahg/4I/8AQ8fGb/xI7xr/APLegD2aivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9mor5r+JH7AWjXXjL4fz/AA7+Jfxhg0i28XTSePIpP2jvGWbnSjo+pJHGu7VScjUH05/kKtiM87dyt13/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV4z/wwf8ABH/oePjN/wCJHeNf/lvR/wAMH/BH/oePjN/4kd41/wDlvQB7NRXjP/DB/wAEf+h4+M3/AIkd41/+W9H/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV81/Df9gLRrXxl8QJ/iJ8S/jDPpFz4uhk8BxR/tHeMs22lDR9NSSNtuqg5OoJqL/OWbEg527VXrv+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//Lej/hg/4I/9Dx8Zv/EjvGv/AMt6APZqK8Z/4YP+CP8A0PHxm/8AEjvGv/y3o/4YP+CP/Q8fGb/xI7xr/wDLegD2aivGf+GD/gj/ANDx8Zv/ABI7xr/8t6P+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//LeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9H/DB/wAEf+h4+M3/AIkd41/+W9AHs1FeM/8ADB/wR/6Hj4zf+JHeNf8A5b0f8MH/AAR/6Hj4zf8AiR3jX/5b0AezUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9cjo37AWjR/HjxJqOsfEv4wv4Hl8I6JH4dsx+0d4y3xaql1qp1GQ41XfhoH0sDcxXMbbQp3lgD6Uorxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t6P+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLej/hg/wCCP/Q8fGb/AMSO8a//AC3oA9morxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t65H9n/APYC0bTfgP4J0747/Ev4w3vji38I6bH4zvIP2jvGWyfVVtYxdyL5eqqmGnEhG1VXB4AGBQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezV4z+wf/AMkQ1z/ss3xH/wDU11uj/hg/4I/9Dx8Zv/EjvGv/AMt6774N/BvwB8A/AEHwy+GVhf2+k29/fXoGqa5ealcy3N5eTXt1NLdXsss8zyXFxNIWkdjl8DAAAAOoooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvy0i/Zk+Gv7cXwj/bD/bB+OAvbj4m+D/ih440D4XeM49VnhvPAVr4cjNvpx0xkcCzPn27XchQDzmnbzN6nFfqXXxx8YP+CWfxM8U638V/CfwO/bNv/h98Mvjrqk2o/FHwVB4Kgv71rq6to7XUpdK1F50OnG8hiUSb4bnbIzyR+WzcAHu37D/xb8T/AB//AGLPhB8d/GqqNZ8bfC7w/r2rhIwgF1eadBcS4UcKN8jcdq+I/wDgoF+x9+yp8EPHfw4+HX7Dfw2k0j9qfxv8SNL1fwt4p0bWLubWLTS7fU4Z9a1TVrmSV5JNLFp9pgeKctHI9xHFGhbAX7msPgr458G+Ovh5bfCT4sxeGvhn4J8L3ej6l8NYfDUFwmr/ALq3i0+Rb52860FokMgEaAiXzvnI2DPzF8FP+Can7fHwM+Onj39oLRP+Chfw71zxN8RddF1r2v8Air9nm5u9STTo2/0bSIJ08RRpBaQISscccSruZpGDOxNAHV/8FNf2cf2YfE1lF8c/il/wTG8Q/tGeJV0ptLtbXwxHZS3emW8QlmRlF5fW/kZeVwJLVZLjcw+U7Vx8tfDnUdd+Of7E37Bn7HXxA+PF5448L/Fzxtqdv8SNattUvlfVtO0fTdX1EeHrma4WK5dI57W3spxKsckn2F1dRudT92/Hr4Lftz+M/Htzrf7Pf7ceheBfD13YRwtoOtfCCHXJrOZQQ09tc/brbazZB2zRzqCOBg4rz64/4JO+BPDn7I/w5/Z1+D/xn8QeH/FPwn8ZN4x8FfE2+tIL++XxBNPdzXt1dwERx3MN0b+9Sa3BjUpPtUoUQgA5r9jLwJ4W/ZD/AOCn/wAW/wBiX4G6Z/ZHwx1H4ReGfH+ieELWVzYeHNSn1DVNNvI7OIki3juFs7eZolwgdWZQNzZ+168I/ZK/Y38VfAz4leO/2iPjn8bv+FjfE74iJp1prXiO38Npo9jZaZYJKLPT7KyE05giVri4lYtNI8kkzMzcKB7vQAUUUUAfMH/BZn4r/EP4Nf8ABNj4keLPhT4ru9B16/8A7H8P2eu6fJsuNNXVtYsdLluonHMckcV5I6uOVZQwIIzXkUv7NPwY/wCCcn/BSX9mjwp+x94R/wCEP0L4u2vivwx8RNCsb2Z7fXPsOjNqlnqVykjsJL2KW0kQ3R/eut26uzAgV9e/tT/s3/Dz9r39njxd+zT8VRdroXjDR5LG8uNPm8u5tWJDxXMLkELNFKscqMQQHjUkEcV5F8Ef2D/jRpv7Q/hj9pX9sH9rgfFjXPh94bvtH+HlvY+BIdAttN+2iJLzULlI7mc3d9LFBHF5gMUSI0gSFTISAD2X9oD9nP4O/tSeAR8Lfjr4UfXfDrX8V3caQdRuLeG6ePOxJhBIhmiycmJyY2wNykDFfH//AATO8DfDKz/bk+N+rfsM6AdC/Zr07w9pnhxbDS7iQaBqvja2ubr+0rvR4ixSOKG3a2tZ5IAscs8ZxvMTNXrX7SX7Gf7Yn7QX7Ivjb9m2D/goPNoeu+L/ABffXEXjm1+HMKS6d4anuWdNBSG1vLdjsgK2xvRKkzoGb5WbK7H7Iv7L37Uv7OXgYfCLxV+0X8OLvwdpPhb+yfBeh/D34KSeHToUqhVimDT6xfJOqKG/dtGNzHcznkMAfGXxw+Bn7Pn7Lv7ePwI8K/s3fsX+Iv2fXi+NOn2Wp/Hmd0j0jxlZvBKG0AyWd1czXcmoOyQodTS3AdCVcybFe/8AtjfsJ+JtE/bY+Pn7bnxd/wCCVHw1/aM8C61pfh650t/EHimzj1zTbTTNJ8u++w2VxZTJO7tkiN57cuYABu3LX0dqv/BPr9qD44eL/A7/ALaP7dNn468I+AfGen+K9N8LeFfhXB4efVdUsJRNYyahc/bbozRxTBZTFBHbq7Iu75RtO9+0d+yj+3b8bdV8WeFPBn/BRKx8H/D/AMWwtayaLa/CC2uda0qzkgWKeGz1Nr1I0Zv3jLLLayvGZOD8q4APY/2cfij8L/jf+z94I+MXwSwPB/ifwpp+p+F0FuIfLsJrdJIEMY/1ZWNlUp/CQR2rtK5T4FfBjwH+zl8FfCfwB+F2nyWvhvwV4cs9E0O3ml8yRLW2hWGPe/8AG+1AWY8sST3rq6ACiiigD4d/aQ+FXgH9tb/grnpv7Jv7Svh2PxR8NPAv7PS+M7TwRqUjHTdR1vUNbnsBd3MAIW5a3t7FliEgZY2u3YAMQa6j/gj9qut6P8PfjP8As73Gv6hqOhfBv9oXxD4N8Ey6pfSXU9voiQWV/a2hmlLSSrbjUGtkLsWEcCLn5a7n9p39i/x/8Tvjv4a/aw/Zq/aAi+GnxL8P+Grzw1d6rqPhJdd03WdEuJo7g2l1Zm4tmLRXESywyxzIyM0gYOrlap/C39hn4jfAD9lq++DXwF/amv8ARfH/AIh8ct4t8ZfFfVfCVnqNxrWpXWpR3eps1i5WCJbiFXtIwp/0eIxldzRgkA47/gpZ+zf/AMEyfDvgfxV+2J+2/wDBuDxLqA06HTdMknvbu41Ke7K+TZ2GiwrL+4vppCFj+yqkjSNuZsKWHLeD/i3+19+zB/wTP+Bf7OHxA8R/2l+1D8RvD9p4Y0OTXLgXkmnXxgMt1ql+5P79NMs8yzuSRNNEke4tcKT0v7U3/BO39qn47ftt+H/2vvA37Z3hHS7DwVo/2bwD4D8bfBybX7Lw/fyLtudViaLWbISXki5jWWSNjFGSqEZZm9T8b/sLfBz9qD4beFfD3/BQz4Z/Dv4z+I/DK3Ri1u/8Ara2aSTuu97aznuLprbckcCsPOfcYg2RkKAD8+P2edf1X/gnZ/wSX/b8u/2f/FOoy6v8OfjJ4yh8Pa/qF6bm/N3/AGPpES6lLI2TJP5rm4ZjwXycY4r2Dxp+yT8Hv+CZPx9/ZN+IP7LWm3Glan44+JS/D34oXMepTyv44tb3QdRujf6kXdvtV1Fd2EVwtw2XBd13bGK16f8Asz/8ER/2Nv2dfAfx5+Gtp8PfDk+k/HXV9Xiv10TwzHpk2k+Hb61hhXQ4pEkctFC0csqSDYA82RGpXJ1fgr/wTj+MWh/Fr4a/ED9qb9sy6+KemfBa0uU+GGif8IPBpDxXcto1iNR1OdLiX+0btLR5YkdEt0BmeTyy5BAB9ZUUUUAFeX/tu/FvxN8Af2L/AIvfHfwWqtrPgr4X6/r2kq8YcG5s9OnuIsqeGG+NeD1r1Csvxt4M8M/EbwZq/wAPfGukx3+ja9pdxp2rWE2dlzbTxtFLG2OcMjMp+tAH5jv+zL8Nv2IPg/8AseftifBH7bb/ABP8YfFDwNoPxR8aSarPNeePLbxGgt9S/tNnci8/fXC3cZcHyWgXy9ijFfpT8XPhR4I+Ofw31b4S/EmwurvQdcthb6pa2ep3FnJNFuDFPOt3SVA23B2sCQSOhNfLfwg/4JY/EvwrrXwo8IfG/wDbNv8A4gfDD4FapDqPwv8ABM/gqCxvRc2ttJa6bJquopO/9omzhlby9kNtukVJJPMZefXfiZ8CP2s/GXhH4x+HPCP7bDeH7nx0kEXww1GP4f2sr/DyMWkUM+zbNG2pPJKs06yTMhiaUKMqgyAfMH7O3wW+Bfw4/wCCutv4H/4JueBYfCngb4feANVsP2jV8MzSR6Be6zcvaPo+nmLcYpNWgC3U8sqjzI4p1SR8yBK8f/bt8ZXv7Z/x6+B/7YsfiGRfhn4H/a/8FeEfg/ZR3W2HW511jZrHiJ1BxJE00AsrRjkCK3uJl+W6Uj67/wCCfX7Cn7Uv7Dvh3w/8I739qP4ca/8AD3R4bhr/AEXRPgpd6VqurXsqsz31xqU2vXZkuJJ286WR4XaUkjK5BHG/tHf8G/X/AATb+NMPhH/hAP2XPhn4Hn0D4i6T4i1240/4fW0za9p9rOZLnSZdrx7YrlTsdzvAHJjfpQByv/BRX9gT4l/Hb/goFpf7UQ/4J+/DH9oXwbpfwSXw7H4a+InjC30zyNT/ALWluzNaiayuleQQkIN4iQ+cf3owa+nP+CdHxi+BPxy/Y58HeNf2cPhY3gTwtbw3Wkw+BJLCK1fw5d2V1LaXenNFESiGG4hlT5flYAMOGFUfjN+zx+2bf65bWP7Jn7aHhv4Y+ELbw/baZa+FdR+DkGt/2eYQyia0n+3W3lnYY1EcqTRr5QwuCQer/Y0/ZS8EfsVfs7aH+zz4E17VNYg0uW7u9R17XJVe91fULy6lu7y9nZFVd8txPK+AAFDBRwooA9RooooAK+Mf+Cj+gad+0B+2t+zF+xD8SxNefDbxxN4w8R+OPDguXit/EB0WwtPsdjdbCDNbefqHntASUkNqm4MBivs6vEv2xf2P9S/aT1LwH8T/AIZ/FubwB8Sfhfr0+qeB/GC6KmpwQi5tntbyzurN5Ixc2s8D4dFkicNHG6yKU5APHv8AgnD4f039n79tj9pz9iL4ZLNZ/DbwRJ4P8SeB/DZuXlt/D51qxu/tlja7yTDbedp/nrApCRtdPtCg4r079uT9mT/gn54+8OXf7SX7fPgfw/qvh/wJ4eme4vvGV7M+maZahjI832Uv5JmJwFk8szE7UQ5IBzvg5+wz8VfhB8O/jB4isv2qZbv44/GNmudW+L7eCrcQaVdw2Is9N+y6Q8rxfZbNFVkt5ZZDIzSmSRvMOOS/bf8A+Cdf7TP7X3ij4TavaftneHbHSPhqsWoap4R8W/CRtY0rxP4giUCLVrqC31WyB8pgZIrZi8SSHfhiq7QD598P/sfftR/tRf8ABBnxh+zvo/gfUZp/G/js6r8JfBHxK1p0vNM8FjxTa3+nadqE9x5joU06EnY5kdI2SIgsuwd7+yF4y+Cn7HHxY+JvwJg/4Jg+BP2fPijb/Ce58b6enw91G21PSvGGjWUjRNsvIbS0l8yC5ljV4JYUYC4V1LKc19NH4S/tx33wDuPBuqftmeFbb4inWlubLx1onwfEOnpZqUP2SXS7jU7gybsOGlW5jbDjbtK5blv2ff2EfiD4X/aO1f8Aa7/a1/aNi+Knjy98Et4P0ZdO8Fx6Doui6LJcpc3EEFl9ouXeSeaOJpJpZ3JWJEUKowQD4XsPgd4R+Av/AAS2+Av/AAVw8KXd7N8fdV1z4feLPG3xCbUpm1DxYviPVtPg1LSrxt+JrQw6pJGlvjZCIIzGEKZr9eq+KPh9/wAEivGHhXTfAfwD8V/tg3+v/AL4X+MbXxD4J+F03g2GK/DWVwbnTbC+1b7QxvLK0m8tkiFvG7CCJZJHCnP2vQAUUUUAFflpF+zJ8Nf24vhH+2H+2D8cBe3HxN8H/FDxxoHwu8Zx6rPDeeArXw5GbfTjpjI4FmfPt2u5CgHnNO3mb1OK/Uuvjj4wf8Es/iZ4p1v4r+E/gd+2bf8Aw++GXx11SbUfij4Kg8FQX9611dW0drqUulai86HTjeQxKJN8NztkZ5I/LZuAD3b9h/4t+J/j/wDsWfCD47+NVUaz42+F3h/XtXCRhALq806C4lwo4Ub5G47V8R/8FAv2Pv2VPgh47+HHw6/Yb+G0mkftT+N/iRper+FvFOjaxdzaxaaXb6nDPrWqatcySvJJpYtPtMDxTlo5HuI4o0LYC/c1h8FfHPg3x18PLb4SfFmLw18M/BPhe70fUvhrD4aguE1f91bxafIt87edaC0SGQCNARL53zkbBn5i+Cn/AATU/b4+Bnx08e/tBaJ/wUL+HeueJviLroute1/xV+zzc3epJp0bf6NpEE6eIo0gtIEJWOOOJV3M0jBnYmgDlP8Agoh+wB8TPjX/AMFDov2qZf8Agnf8Mf2h/B1j8DrTw3B4d+IXjG20yS21OPV727kktFnsrpHk8mWNB5nkofNx5owaofHr4T+FP+Cov/BMn4AXn7Ev7Knhq98G+HfixpOq6j8HPG1zDo1haWOjvf2d/o1yFhnSMJcI1sQkUoP3grLX1V+0H8Ev27PHXjq61f8AZ1/br0L4f+H7zTY7dtE1f4PQa7PZzDcHuba5N9b7XYFTtmjnQFfu4JFYHgf9hf4pfs0/sn+CP2Zv2I/2oj4MuPCd9c3WqeI/GfguHxI3iOW6luLm7ku4hPasskt3cPcFoZY9p+UDbxQByP8AwS38RfAvwT4v+J/7JvhP9gzw3+zt4/8ABdzpmp+MvB3hG4tbrTNWtb6KUWWp2t5bwwfao2FvNG2+GOSNoirKMivsGvAv2Qf2KvEf7P8A8S/H37RXxs+O1z8Svif8SV0628Q+Jf8AhH4tIsbTT9PSVbOwsbGOSX7PChuJ3YtLK8jyFmY4GPfaACiiigD5g/4LM/Ff4h/Br/gmx8SPFnwp8V3eg69f/wBj+H7PXdPk2XGmrq2sWOly3UTjmOSOK8kdXHKsoYEEZryKX9mn4Mf8E5P+Ckv7NHhT9j7wj/wh+hfF218V+GPiJoVjezPb659h0ZtUs9SuUkdhJexS2kiG6P711u3V2YECvr39qf8AZv8Ah5+17+zx4u/Zp+Kou10Lxho8ljeXGnzeXc2rEh4rmFyCFmilWOVGIIDxqSCOK8i+CP7B/wAaNN/aH8MftK/tg/tcD4sa58PvDd9o/wAPLex8CQ6Bbab9tESXmoXKR3M5u76WKCOLzAYokRpAkKmQkAHsv7QH7Ofwd/ak8Aj4W/HXwo+u+HWv4ru40g6jcW8N08ediTCCRDNFk5MTkxtgblIGK+I/2Gk+HPwn/ac/aP8Ai7+wf4RbTP2cPB3gK306HRtLuJBoOt+ONPe9l1G40eIkxxxR2/2a0nkhCxyzxnG8xM1e7ftJfsZ/tiftBfsi+Nv2bYP+Cg82h674v8X31xF45tfhzCkuneGp7lnTQUhtby3Y7ICtsb0SpM6Bm+Vmyu9+xp+y/wDtFfs4+Frf4R/E/wCNfwx8Q/D3SPDiaT4b8HeBvgvN4bTT1Uqo3SS6xfLLH5YdTH5almfcXPIYA/N79hP4j+Frb4JfBf8A4KZ/tqf8E7v+EgPjrxZpE2tftLa14/W58R6drOoagtvb3Y0wR/6HoqXkkVrDFDc8W4jZrbDEH6M8Ffsk/B7/AIKcftB/tY+PP2ptNuNV1HwP8ST8PfhhcS6lPE/ge1s9B066+36aUdfst1Ld38tw1wuHJjRd2xQtdj4T/wCCO3jLQ/BfhX9lbXf2yr/VP2c/BPjG017w/wDCt/BMEepPFZ341Cx0q61n7QxuLGC5SJggtkmZIURpiBmuy+NX/BOX4x638W/iV8Q/2WP2zLn4V6b8aLO2j+J+i/8ACDw6u8t1DaCx/tHTJnuIf7Ou3tEiid3S4QmGOTyw4JIB1f8AwSY+O3j79pr/AIJp/BH46fFPUJLzxJ4h+HenTa5fzD5726SMRSXLf7UrIZDjjLnHFfQ1cr8Dfgz4B/Z0+DHhT4B/CzS2svDfgzw9Z6Lodq8m90tbaFYo97fxuVQFmPLMSTya6qgAooooA+A4/wBmr4Mf8FG/+Ck/7S3hP9sHwh/wmGg/CKz8KeGPh5oN/ezJb6J9v0ddUvNStkjdRHeyS3UcYuh+9RbRFRlANeuf8EZvit8Q/jJ/wTa+HPir4q+LLvX9d09tZ8P3mu6hJvuNSXSdZvtLiupXPMkkkVnG7OeWZixyTUvxv/YQ+NGpftD+Jv2lv2Pf2tx8J9e+IHhux0b4h2994Eh1+21L7EJUs9Qt0kuYDa30UU8kQkJlidBGHhYxgnqPhh+xxrv7OHwT+D37PH7LHxvu/CPhX4aapbt4kg1HQLfVbnxhpqw3H2i1mmlKm1mnuplunuYhu3oyhQrnAB8w/wDBX/8AZP8A2H/h58HfFvxM0P4O3WoftI/FK8m074L6romt3Z8UT+LZkP2OTTpzNvs7e2cJcTeWY7eKCFy4wcNzv/BRvxt8efG37WH7NX/BPDxh8Ipvi2mufDXVvEfjjwhD4qOg6N4r1myS0gRtUu1jZl02EteXBhWKUSzPaq0LAceveJ/+Cb/7a0n7cfi39t/wT+3j4EOq6xYrpPg3T/G3wIuNYbwbow5awsZItftUXzXAeabylkmYKGO1VUemftK/sR/EL44eIvhd8evAn7Qlt4L+M/wus7u1sPHEHg1b3TNTgvreKLUbW50uS5VmtpnhilRFuRJC0a7ZW+bcAfKWvfBrQv2wf+CWX7Qn/BPP9lT9jbRPhH8RfDvjax0jxd8JG8QxSaRb3zT6XqAube7VFjazuLARyqywxkkODCG+96d/wTzj+BP7OX7XGufspah/wTG8B/s6fEjX/A58RaVf/DrU7XU9L8VaNbXccEyreRWdpIs0E08Ja3lhHyyh1Zhk16X8KP2C/jR8FPhd8QL/AMBftfyf8Ln+J/jODxL4x+K2p+A7a4triaGK3torOPSvOVYrNLS2jt0jE5lUFn84seLv7PX7DXxQ8J/tO3P7ZP7V37TSfE7x9B4Ok8LeGF0fwZH4f0fQNLmuY7m5EFoLm6keeaWGEvPJOx2xKihVyKAPpCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDzP9sX9rT4O/sMfs0+Lf2qvjzq81p4Y8Iab9pvRaxh57qRnWOG2hUkBpZZXjiQEgbnG4qMkfLnw9+Mv/BwB+0L4Ls/jf4C+An7NXwu0PW7Vb3QvAHxP1PX9Q19LZxujF7cWPlwWsrIVJQRSNHnDqGBUc1/wdBaBrd5/wAExIvHEGk3F/oPgv4reGNf8aWdvEZDLpEN55c25B95Q8sTHsAuTwM1+gnhPxX4a8eeFtN8b+DNdtdU0fWLCG+0rUrGYSQ3dtKgkjljYcMjIysCOCCKAPiD9tv/AIKRftsfsif8E5/Df7TPjz9m7wl4P+J938T9L8LeIPCOrapLrWmJb3Govatd209tJbs6ywqk8W45TzArqxU1931+dn/BzPdWt3/wTp0Q2tzHJ5fxz8IJJ5bhtrDUBlTjoR6V+idAHyr+xZ+3H8Wf2jf2+P2q/wBlnxv4e8O2vh/4Ga94ZsvCV5pVpOl5dx6jp81zObt5JnSRleNQnlpEApOQx5Hy3+wx+3d/wXy/b2/ZBg/bN+DHhb9lC40661DVYLHwVqWi+I7LUb02N1LbtEtz/aEsEckhiOxmGzLDcVGSO/8A+CVv/KYz/gol/wBjh4C/9Mt1Xy3/AMEH/AP/AAWC+IP/AASt0Twv+yT8e/gT4F8B6j4h8SQadrmv+DNW1HxPprtqlys0yFbtbN2Ehdow0WANobJyaAP0y/4Jf/t8eGv+Clf7GXhf9q/QfBVx4ZudVkurHXvDV1cec+l6jazNBPCJNq+Ym5d6NtUlHXKq2VHG/wDBRr9v74xfs5fF34Q/scfsk/CXQfF3xk+ON/qkfhRfGOqy2eiaPZabbC5vL69eFWlkVYz8sUeGfa+DlVR+/wD+Cbv7B/w+/wCCbX7IHhf9kv4d+Jb3XYdC+0XGqeIdSiEc+q39xM01xcsgJEYZ3IVMttRUUsxBY8//AMFE/wDgmL8I/wDgohZeD/EOv/Ejxl8PvH3w41G4vvh78Svh9q/2PVdEmnVFmRWIIeKQRx70OCQgAZctkAzfgHq3/BZ/RfjT4e0j9q7wr+zjr3gDUWuE8Qa18MbrW7DU9HZbaV4XW31BpY7lGmWKI7ZFYCQttwpr3f4x/tB/AT9nbQYfFX7QPxv8IeBdLuJTFBqXjHxLa6ZbyOBkqslzIiscHoDmvze1j4q/8FTP+CRf7X/wH+Fv7SH7aen/ALR3wf8Ajj8RbbwNBJr3g630nxF4ev7oqsE6y2zN9pjVmDO8jP8AKrDbGWVq2f2SPgr8H/22P+C0n7X3jr9sjwHo3jjX/hFqHhvw18NPDHjCwjvrTw5olxYPcG5trWcMivcyDzDNtLAlgpAcggH6LfDL4ufCj41+E4/Hvwa+J3h7xboUsjRxa14Y1qC/tHdQCyiaB2QkZGRnjIrl/A37ZX7IHxP+Is3wg+Gn7Vnw28ReLbdnW48L6F450+71GIpneGtopmlXbg5yvGDmvi3/AILzeDPCH7EP/BGX4wWX7HngLRvhfYeLvEWkxeL7rwNo8WnRww399Y2F9dmO3VVDy2yR27sBllbnnmuR/wCC0v8AwT4/YK/Zf/4I3+Ivid+z38IPCXw/8QfB/TNI1j4XfEHwvp9vaataajDeWyW8i30SiWd7gsFdmZvMaQOcuFYAH6ReMvjb8GPhz4r0nwJ8Qvi74Y0HXNetL260LRtZ1+2tbvUYLOLzruWCGV1eZIIj5krICI1+ZiBzWb4E/af/AGafij8PdV+Lfwy/aH8DeIvCmhXUttrnifQvFtneafp08SJJLFPcxStHC6JJGzK7AqsikgBhn81/+CgHwj8Pftq/8FOv+Cb/AIP/AGmvCkd7ZeI/BXjPWPGPhy4jKwXk8WiafetaTx9HhNxGqyQsCroGRgQxFVP+C13w2/4RX9rP9kb9ib4AfsZeD/E/w68b+K/E/iXxF8HbTV7XwlovjTWNM061NnFe3CW7xMIU/e+VJG4n8qOIjhSoB+mPwY/al/Zk/aQN8P2eP2jPAnj3+zCBqX/CF+L7LVPshJwBL9mlfy8kH72Old3X5P2/7IH7evib9uj4CftJfCT/AIJDfDL9m9/AnjFLfx74m8B/F7TLoa14VuU8m9sLiytNPtBcBVKyxli5Ro8KoJBH6wUAfNPgz9sz4kfGj/gpd41/Y++Duj6CfA/wh8D2lz8T/Et/aTTXZ8Ral+807TbQpMkaLHapJPOzLIxLxxgRnLHE/wCCSn7ePxZ/bS+G/wARPB/7Tnhjw7oPxc+D/wAUNV8HeP8AR/C1tPBYs0Eha1vLeO4mmkWGaE8M0jbmikZcKQB5X/wQfaXU/H37bfiPxPk+JJv21/F9pemT/WCwt4rNbFOeTGqNIEPp0rnPjH4h0H/gmj/wXq0r48eJdVh0T4XftZ/DmfSvF2oXD+Xa2XivQIfOtrqZhwvmWP7lRjLPJI2Tg0Ae6eNv28Pi/rP/AAV/8H/8E5fgX4c8N3nhzSPhpe+M/jZr2p2dxNd6bDI4g0y0tHjnjjhneYo7iVJd0MoKhdpJzfh78VP+Cq/7Qn7Jfgb4m/s+fGD9kPVvF95qesR+Mda0r+2dd8LXMEV48VoumzWd6r+aiIVuPMdwJQyqF2kV5v8A8EAfDGvfHHwz8ZP+CsfxH0qaDXv2mfiPcah4djvE/fWXhPTWex0m2OeQQqTZIwHURNjoav8A/BsH/wAoYvhr/wBjB4q/9SLUaAPPPgj+2h/wXn+OP7bHxv8A2ItE1b9kWy1r4GweHJdb1m68F+KDa6iNYsDewiALqhceWg2tvA56ZFfoj8Aofj/b/CPR4f2pNS8HXfjxUm/4SC48AWV3b6Q7edJ5X2eO7kkmUeT5Qbe7ZcORgEAfEP8AwT5/5WAf+ChH/YP+Fn/qNtXvVh+1h+31c/tHt8K73/glN4itvAY8WyaavxSb4u+HGtzpi3DRpqv2AXH2vY0QE3kbPNAbaV3AigDL/Zb/AG4/iz8bv+CoP7Uv7FHivw94dt/CvwQtfBcnhTUNPtJ01C7Or6Sby5+1u8zRyBZBiPy448Lw28819U1+eH/BPn/lYB/4KEf9g/4Wf+o21fQn/BWj9qDVf2Pv+CdvxT+N3hR5T4lh8NtpXg2K25ml1vUHWxsBGo5dhc3ET4HOEbpjIAPOP2e/26f22f2s/wBlz4xftE/s1fBTwL4muNP+L2peG/gTpV/qU+mW2u6JYX0NjPql7dvJIGzIt9IqxJHlbdUwWbNVP+CT/wC3R+3B+0z+0F+0V+zX+3T4L+F+j+JPgnrXh+yg/wCFXR6gbWX+0bS4umEkt7M7TFFSFdyxxDdv4YbTX0B+wL+zBpf7F37Fnwx/ZZ0tIs+CfBtlp+oTQ/duL4Rh7ucf9dLhppPq9fKf/BLH/lL5/wAFDf8AsdvAv/pknoA+2P2g/j18Lf2Xfgl4n/aF+NfiaPSPC3hDSJdR1m/k5KxIOEReryOxVEQcu7qoyWAr48/4I7f8FLv2wf27Pj3+0H8Jv2tvgb4Y+H8nwxk8K3nhjw/pEF0NRtbHXLO8v4YNSkmnkSS6jt0tFfy44QshmBXoF8+/4Kt/HH4ia7/wUI+G/wAGPi9+xP8AH/x38AfhzY2/jbUl+E3wmvvEFt4v8UiVhp9ndvEFiFpZBTctEXYyTGIOhVQa80/4JLft36b44/4La/tevH+yb8dtK/4WzrXgRIBrnwvubY+E/sWhXaE67ub/AIlYn6wGTPmryKAPu34V/tmfEJf+CkfxE/YA+O2iaHZyJ4QsvG3wf1nR7aaE6zoLv9lvYLkSyyKby2vFwTHtDwyo3lptJb6Tr8+v+CgrzaT/AMF3P2BdQ8J5GqalY/Eyy11Yv+W2mJolvKolx0RZcsueC9foLQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAGf4t8JeFvH3hbUvA3jjw7ZaxousWMtlq2lalarPb3ltKhSSGWNwVdGVipUgggkGvjDSP+CE/wAFfh5aTeEv2df23f2oPhR4Kkmd4Ph38P8A4xyQaPZB2LOlstzBPPbKSScRTL14Ir7fooA+TvjP/wAEa/2S/i/+wnpv/BPaz17x34U8FaV4li8QW+reHvE/m60+pLdyXj3Ml5qEd0XkkuJZJHYrnLfLtAAHN+GP+CM+ueGfEuneJH/4K/8A7aupDT76G5Onap8YbGW2uvLcN5UyDTAXjbG1lBGVJGRX2rRQB4z8AP2HPhN+zl+0r8Z/2pvBHiHxFdeIPjnqWkXvi2z1W7geztJNOtZLaAWiRwo8askjF/MeUlgMFRwT9gf9hz4Tf8E6v2atL/ZZ+CfiHxFqnh/SdSv722vPFN3BPeNJd3UlzIGeCGFCoeRguEBCgZJPJ9mooAK8H/bF/wCCfPwx/bK8Q+GvHmufF74oeAPFXhGC6t9B8WfCrx5caJfQwXLRNNC+wNFOjGCP5ZI2HBx1OfeKKAPkf4Jf8Ebf2ffhl+0DoP7Ufxd+Ofxi+N3jfwisv/CF6t8afHf9rR+HXkG2SWztoYYII5CP4zGxBAYEMoYbv7Vn/BKf4A/tQ/G20/ae0b4lfEn4T/E+30kaVdfEL4O+Lv7G1HUtPB3La3YaKWC6jU4x5kTMNqjdhVA+m6KAPCvhj/wT4+DXg79mjxb+yr8VPGnjr4veHPHlzczeL7z4v+LJdav9RE8EMDR+cQnkxqkEflpCsYjYF02sS1eI+F/+CBf7Kthd+F9C+Jv7Qfx2+JPgHwVqMF74U+EXxF+Jbah4Y0+S3/49l+yiBJJ44RgRxzyyIFG0gqSp+46KAPH/AIs/sU/Cv4x/tdfCT9tDxPr/AIgg8U/Bmz1628L2FhdQLp90mr2qWtybpHhaRyqIDH5ckeGyW3jipf2yP2Iv2e/27fhna/DH9oDw3eTx6VqsWq+G9d0TU5bDVdB1GLPlXtldwkSW8y5PIOCDhgw4r1uigD5U+CP/AASl8PfCP4p6D8VfF/7d37TPxLl8NXf2rRtD+I/xbe70yOYIyLJLbW0Futyyhjjz/M555NfVdFFAHyZ8F/2WvjH+zL/wVQ+KHxc+Hng4ah8Ifj54ZsdZ8UXkOoW8Z8NeLtNUW2TbySLLJDfWrhi8SyFZrc7wisGPX/8ABSr/AIJpfs8f8FUf2fbf9nT9o6/8Rafplj4gt9a03V/Cd5Bb6hZXcSSRho5J4JkCtHNKjAoch+MEAj6EooA5j4J/CDwN+z78HfCvwK+GWmGz8O+DvD1nouiWzEFo7W2hWGMMQBubagJbAyST3rhv2Ef2KfhX/wAE9f2ZND/ZS+C+v+INT8O6Beahc2d74ouoJr13vL2a8lDvBDDGQJJ3C4QYUKDk5J9gooA8Z+Dv7Dnwm+CP7YHxj/bX8KeIfEVx4q+N8OgR+K9P1C7gfT7QaRZGztvsiJCskZaM5k8ySTLcrsHFezUUUAfFfxq/4Ik/DX4rftb/ABC/bO8D/tz/ALSHwr8VfE9dKXxbafCnx7Y6VY3I06xisrYbG0+WQ7Y4y3zyN88shG0NtHPan/wRa8anx98NIdZ/4KAfGP4neCPDPxV0rxx4r0X43eLI9anluNIgvDp1vYGC1gWGN7q6WW4Em8SC1gwAU5+9aKAON/aB+EE/x8+D2ufCK2+LXjLwK+tQRxL4s+H2rpYaxp22VJN9tO8cqxsdmwko2Udh3yPjP4S/8G/Xw8+Cvxf1j45eBv8Agpr+13D4h8T6tY6h4xun+KOnD/hI5LQbYFvimlq1wgjzHgtnYzAEZr7+ooAK8b+Bn7EPwo/Z/wD2pfjR+1x4N8QeIbnxJ8dLjQpvFtlqd3A9jaNpNnJaWws0SFJIw0cjGTzJJcsAV2Dg+yUUAfJnw/8A2WfjH8S/+CtPjD9uf46+Dho/hjwB4Cg8DfBGxl1C3uH1Bblxd6rrbJDI5ty7lLSNJNshjidmRMrn6zoooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/9k= Who are the intended users of the model? Who are the intended users of the model? What are the known technical limitations of the model? What are the known tradeoffs in accuracy/performance of the model? The name of the risk Strategy used to address this risk The groups or individuals at risk of being systematically disadvantaged by the model Expected benefits to the identified groups Expected harms to the identified groups With respect to the benefits and harms outlined, please describe any mitigation strategy implemented. cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-author-1.5.json000066400000000000000000000005151476011761300305630ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "authors": [ { "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-author-1.5.xml000066400000000000000000000006561476011761300304200ustar00rootroot00000000000000 Samantha Wright samantha.wright@example.com 800-555-1212 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-license-1.5.json000066400000000000000000000004271476011761300307050ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "licenses": [ { "license": { "id": "Apache-2.0" } } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-license-1.5.xml000066400000000000000000000005011476011761300305250ustar00rootroot00000000000000 Apache-2.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-lifecycle-1.5.json000066400000000000000000000006641476011761300312250ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "lifecycles": [ { "phase": "build" }, { "phase": "post-build" }, { "name": "platform-integration-testing", "description": "Integration testing specific to the runtime platform" } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-lifecycle-1.5.xml000066400000000000000000000011601476011761300310440ustar00rootroot00000000000000 build post-build platform-integration-testing Integration testing specific to the runtime platform cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-manufacture-1.5.json000066400000000000000000000007731476011761300316010ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "manufacture": { "bom-ref": "manufacturer-1", "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "bom-ref": "contact-1", "name": "Acme Professional Services", "email": "professional.services@example.com" } ] } }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-manufacture-1.5.xml000066400000000000000000000010311476011761300314140ustar00rootroot00000000000000 Acme, Inc. https://example.com Acme Professional Services professional.services@example.com cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-supplier-1.5.json000066400000000000000000000007421476011761300311260ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "supplier": { "bom-ref": "supplier-1", "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "bom-ref": "contact-1", "name": "Acme Distribution", "email": "distribution@example.com" } ] } }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-supplier-1.5.xml000066400000000000000000000007751476011761300307630ustar00rootroot00000000000000 Acme, Inc. https://example.com Acme Distribution distribution@example.com cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-timestamp-1.5.json000066400000000000000000000003401476011761300312600ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13T20:20:39+00:00" }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-timestamp-1.5.xml000066400000000000000000000003761476011761300311200ustar00rootroot00000000000000 2020-04-07T07:01:00Z cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-tool-1.5.json000066400000000000000000000022121476011761300302320ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "tools": { "components": [ { "type": "application", "group": "Awesome Vendor", "name": "Awesome Tool", "version": "9.1.2", "hashes": [ { "alg": "SHA-1", "content": "25ed8e31b995bb927966616df2a42b979a2717f0" }, { "alg": "SHA-256", "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } ] } ], "services": [ { "provider": { "name": "Acme Org", "url": [ "https://example.com" ] }, "group": "com.example", "name": "Acme Signing Server", "description": "Signs artifacts", "endpoints": [ "https://example.com/sign", "https://example.com/verify", "https://example.com/tsa" ] } ] } }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-tool-1.5.xml000066400000000000000000000026771476011761300301000ustar00rootroot00000000000000 Awesome Vendor Awesome Tool 9.1.2 25ed8e31b995bb927966616df2a42b979a2717f0 a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df Acme Org https://example.com com.example Acme Signing Server Signs artifacts https://example.com/sign https://example.com/verify https://example.com/tsa cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-tool-deprecated-1.5.json000066400000000000000000000011351476011761300323330ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "tools": [ { "vendor": "Awesome Vendor", "name": "Awesome Tool", "version": "9.1.2", "hashes": [ { "alg": "SHA-1", "content": "25ed8e31b995bb927966616df2a42b979a2717f0" }, { "alg": "SHA-256", "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } ] } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-metadata-tool-deprecated-1.5.xml000066400000000000000000000012161476011761300321620ustar00rootroot00000000000000 Awesome Vendor Awesome Tool 9.1.2 25ed8e31b995bb927966616df2a42b979a2717f0 a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-minimal-viable-1.5.json000066400000000000000000000003431476011761300303700ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-minimal-viable-1.5.xml000066400000000000000000000004311476011761300302150ustar00rootroot00000000000000 acme-library cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-patch-1.5.json000066400000000000000000000046411476011761300266060ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "unofficial", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] }, { "type": "backport", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", "description": "blah blah", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] }, { "type": "defect", "id": "JIRA-874319", "description": "Enable to do something", "source": { "name": "Example Org", "url": "https://issues.example.org/874319" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-patch-1.5.xml000066400000000000000000000064111476011761300264320ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 blah uri/to/changes.diff CVE-2019-9997 CVE-2019-9997 blah blah NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 http://some/other/site-1 http://some/other/site-2 JIRA-874319 Enable to do something Example Org https://issues.example.org/874319 http://some/other/site-1 http://some/other/site-2 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-properties-1.5.json000066400000000000000000000027601476011761300277030ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "properties": [ { "name": "Foo", "value": "Bar" }, { "name": "Foo", "value": "You" }, { "name": "Foo", "value": "Two" }, { "name": "Bar", "value": "Foo" } ] }, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "licenses": [ { "license": { "id": "Apache-2.0", "properties": [ { "name": "Foo", "value": "Bar" }, { "name": "Foo", "value": "You" }, { "name": "Foo", "value": "Two" }, { "name": "Bar", "value": "Foo" } ] } } ], "properties": [ { "name": "Foo", "value": "Bar" } ] } ], "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "group": "org.partner", "name": "Stock ticker service", "endpoints": [ "https://partner.org/api/v1/stock" ], "properties": [ { "name": "Foo", "value": "Bar" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-properties-1.5.xml000066400000000000000000000031741476011761300275320ustar00rootroot00000000000000 Bar You Two Foo acme-library 1.0.0 Apache-2.0 Bar You Two Foo Bar Foo org.partner Stock ticker service https://partner.org/api/v1/stock Bar Foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-random-attributes-1.5.xml000066400000000000000000000512021476011761300307750ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-release-notes-1.5.json000066400000000000000000000123321476011761300302510ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-example", "version": "1.0.0", "releaseNotes": { "type": "major", "title": "My new release", "featuredImage": "https://example.com/featured_image.png", "socialImage": "https://example.com/social_image.png", "description": "The main description of your release", "timestamp": "2021-09-17T00:51:18+00:00", "aliases": [ "Project Orion" ], "tags": [ "CMS", "SEO", "wysiwyg" ], "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.example.com/17240" } }, { "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", "description": "Great new feature that does something", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] } ], "notes": [ { "locale": "en-US", "text": { "contentType": "text/html", "encoding": "base64", "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+" } }, { "locale": "es", "text": { "contentType": "text/html", "encoding": "base64", "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4=" } } ] } } ], "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "name": "Partner Org", "url": [ "https://partner.org" ], "contact": [ { "name": "Support", "email": "support@partner.org", "phone": "800-555-1212" } ] }, "group": "org.partner", "name": "Stock ticker service", "version": "2020-Q2", "description": "Provides real-time stock information", "endpoints": [ "https://partner.org/api/v1/lookup", "https://partner.org/api/v1/stock" ], "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "PII", "flow": "inbound" }, { "classification": "PIFI", "flow": "outbound" }, { "classification": "pubic", "flow": "bi-directional" }, { "classification": "partner-data", "flow": "unknown" } ], "licenses": [ { "license": { "name": "Partner license" } } ], "externalReferences": [ { "type": "website", "url": "http://partner.org" }, { "type": "documentation", "url": "http://api.partner.org/swagger" } ], "releaseNotes": { "type": "major", "title": "My new release", "featuredImage": "https://example.com/featured_image.png", "socialImage": "https://example.com/social_image.png", "description": "The main description of your release", "timestamp": "2021-09-17T00:51:18+00:00", "aliases": [ "Project Orion" ], "tags": [ "CMS", "SEO", "wysiwyg" ], "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.example.com/17240" } }, { "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", "description": "Great new feature that does something", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] } ], "notes": [ { "locale": "en-US", "text": { "contentType": "text/html", "encoding": "base64", "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+" } }, { "locale": "es", "text": { "contentType": "text/html", "encoding": "base64", "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4=" } } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-release-notes-1.5.xml000066400000000000000000000152541476011761300301060ustar00rootroot00000000000000 acme-example 1.0.0 major My new release https://example.com/featured_image.png https://example.com/social_image.png The main description of your release 2021-09-17T00:51:18+00:00 Project Orion CMS SEO wysiwyg JIRA-17240 Great new feature that does something Acme Org https://issues.example.com/17240 CVE-2019-9997 CVE-2019-9997 A security issue was fixed that did something bad NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 http://some/other/site-1 http://some/other/site-2 en-US PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+ es PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4= Partner Org https://partner.org Support support@partner 800-555-1212 org.partner Stock ticker service 2020-Q2 Provides real-time stock information https://partner.org/api/v1/lookup https://partner.org/api/v1/stock true true PII PIFI pubic partner-data Partner license http://partner.org http://api.partner.org/swagger major My new release https://example.com/featured_image.png https://example.com/social_image.png The main description of your release 2021-09-17T00:51:18+00:00 Project Orion CMS SEO wysiwyg JIRA-17240 Great new feature that does something Acme Org https://issues.example.com/17240 CVE-2019-9997 CVE-2019-9997 A security issue was fixed that did something bad NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 http://some/other/site-1 http://some/other/site-2 en-US PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+ es PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4= cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-saasbom-1.5.json000066400000000000000000000223041476011761300271300ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2021-01-10T12:00:00Z", "component": { "bom-ref": "acme-stock-application", "type": "application", "name": "Acme SaaSBOM Example", "version": "2022-1" } }, "services": [ { "bom-ref": "stock-ticker-service", "provider": { "name": "Acme Inc", "url": [ "https://example.com" ] }, "group": "com.example", "name": "Stock Ticker Service", "version": "2022-1", "endpoints": [ "https://example.com/", "https://example.com/app" ], "authenticated": true, "trustZone": "Acme Public Zone", "data": [ { "name": "Consumer to Stock Service", "description": "Traffic to/from consumer to service", "classification": "Customer", "flow": "bi-directional", "source": [ "https://0.0.0.0" ], "destination": [ "https://0.0.0.0" ] }, { "name": "Stock Service to MS-1", "description": "Traffic to/from stock service to microservice-1", "classification": "PII", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" ] }, { "name": "Stock Service to MS-2", "description": "Traffic to/from stock service to microservice-2", "classification": "PIFI", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" ] }, { "name": "Stock Service to MS-3", "description": "Traffic to/from stock service to microservice-3", "classification": "Public", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" ] } ], "externalReferences": [ { "type": "documentation", "url": "https://example.com/app/swagger" } ], "services": [ { "bom-ref": "ms-1.example.com", "provider": { "name": "Acme Inc", "url": [ "https://example.com" ] }, "group": "com.example", "name": "Microservice 1", "version": "2022-1", "description": "Example Microservice", "endpoints": [ "https://ms-1.example.com" ], "authenticated": true, "trustZone": "Acme Private Zone", "data": [ { "name": "Stock Service to MS-1", "description": "Traffic to/from stock service to microservice-1", "classification": "PII", "flow": "bi-directional", "governance": { "owners": [ { "organization": { "name": "Customer Name" } } ] }, "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" ] }, { "name": "MS-1 to Database", "description": "Traffic to/from microservice-1 to database", "classification": "PII", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" ] } ], "externalReferences": [ { "type": "documentation", "url": "https://ms-1.example.com/swagger" } ] }, { "bom-ref": "ms-2.example.com", "provider": { "name": "Acme Inc", "url": [ "https://example.com" ] }, "group": "com.example", "name": "Microservice 2", "version": "2022-1", "description": "Example Microservice", "endpoints": [ "https://ms-2.example.com" ], "authenticated": true, "trustZone": "Acme Private Zone", "data": [ { "name": "Stock Service to MS-2", "description": "Traffic to/from stock service to microservice-2", "classification": "PIFI", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" ] } ], "externalReferences": [ { "type": "documentation", "url": "https://ms-2.example.com/swagger" } ] }, { "bom-ref": "ms-3.example.com", "provider": { "name": "Acme Inc", "url": [ "https://example.com" ] }, "group": "com.example", "name": "Microservice 3", "version": "2022-1", "description": "Example Microservice", "endpoints": [ "https://ms-3.example.com" ], "authenticated": true, "trustZone": "Acme Private Zone", "data": [ { "name": "Stock Service to MS-3", "description": "Traffic to/from stock service to microservice-3", "classification": "Public", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" ] }, { "name": "MS-3 to S3", "description": "Data pushed from microservice-3 to S3 bucket", "classification": "Public", "flow": "outbound", "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com" ] } ], "externalReferences": [ { "type": "documentation", "url": "https://ms-3.example.com/swagger" } ] }, { "bom-ref": "ms-1-pgsql.example.com", "group": "org.postgresql", "name": "Postgres", "version": "14.1", "description": "Postgres database for Microservice #1", "endpoints": [ "https://ms-1-pgsql.example.com:5432" ], "authenticated": true, "trustZone": "Acme Private Zone", "data": [ { "name": "MS-1 to Database", "description": "Traffic to/from microservice-1 to database", "classification": "PII", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" ] } ] }, { "bom-ref": "s3-example.amazon.com", "group": "com.amazon", "name": "S3", "description": "S3 bucket", "endpoints": [ "https://s3-example.amazon.com" ], "authenticated": true, "trustZone": "Public Internet", "data": [ { "name": "MS-3 to S3", "description": "Data pushed from microservice-3 to S3 bucket", "classification": "Public", "flow": "inbound", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" ] } ] } ] } ], "dependencies": [ { "ref": "acme-stock-application", "dependsOn": [ "stock-ticker-service" ] }, { "ref": "stock-ticker-service", "dependsOn": [ "ms-1.example.com", "ms-2.example.com", "ms-3.example.com" ] }, { "ref": "ms-1.example.com", "dependsOn": [ "ms-1-pgsql.example.com" ] }, { "ref": "ms-2.example.com", "dependsOn": [ ] }, { "ref": "ms-3.example.com", "dependsOn": [ "s3-example.amazon.com" ] } ] }cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-saasbom-1.5.xml000066400000000000000000000277311476011761300267700ustar00rootroot00000000000000 2021-01-10T12:00:00Z Acme SaaSBOM Example 2022-1 Acme Inc https://example.com com.example Stock ticker Service https://example.com/ https://example.com/app true Acme Public Zone Customer Customer Name https://0.0.0.0 https://0.0.0.0 PII urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com PIFI urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com Public urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com https://example.com/app/swagger Acme Inc https://example.com com.example Microservice 1 https://ms-1.example.com true Acme Private Zone PII urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service PII urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com https://ms-1.example.com/swagger Acme Inc https://example.com com.example Microservice 2 https://ms-2.example.com true Acme Private Zone PII urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service https://ms-2.example.com/swagger Acme Inc https://example.com com.example Microservice 3 https://ms-3.example.com true Acme Private Zone PII urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service Public urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com https://ms-3.example.com/swagger org.postgresql Postgres 14.1 Postgres database for Microservice #1 https://ms-1-pgsql.example.com:5432 true Acme Private Zone PII urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com com.amazon S3 S3 bucket https://s3-example.amazon.com true Public Internet Public urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-service-1.5.json000066400000000000000000000044101476011761300271410ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "pkg:maven/com.acme/stock-java-client@1.0.12", "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "stock-java-client", "version": "1.0.12", "hashes": [ { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" } ], "licenses": [ { "license": { "id": "Apache-2.0" } } ], "purl": "pkg:maven/com.acme/stock-java-client@1.0.12" } ], "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "name": "Partner Org", "url": [ "https://partner.org" ], "contact": [ { "name": "Support", "email": "support@partner.org", "phone": "800-555-1212" } ] }, "group": "org.partner", "name": "Stock ticker service", "version": "2020-Q2", "description": "Provides real-time stock information", "endpoints": [ "https://partner.org/api/v1/lookup", "https://partner.org/api/v1/stock" ], "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "PII", "flow": "inbound" }, { "classification": "PIFI", "flow": "outbound" }, { "classification": "pubic", "flow": "bi-directional" }, { "classification": "partner-data", "flow": "unknown" } ], "licenses": [ { "license": { "name": "Partner license" } } ], "externalReferences": [ { "type": "website", "url": "http://partner.org" }, { "type": "documentation", "url": "http://api.partner.org/swagger" } ] } ], "dependencies": [ { "ref": "pkg:maven/com.acme/stock-java-client@1.0.12", "dependsOn": [ "b2a46a4b-8367-4bae-9820-95557cfe03a8" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-service-1.5.xml000066400000000000000000000052051476011761300267730ustar00rootroot00000000000000 com.acme stock-java-client 1.0.12 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a Apache-2.0 pkg:maven/com.acme/stock-java-client@1.0.12 Partner Org https://partner.org Support support@partner 800-555-1212 org.partner Stock ticker service 2020-Q2 Provides real-time stock information https://partner.org/api/v1/lookup https://partner.org/api/v1/stock true true PII PIFI pubic partner-data Partner license http://partner.org http://api.partner.org/swagger cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-service-empty-objects-1.5.json000066400000000000000000000006431476011761300317300ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "contact": [ ] }, "name": "Stock ticker service", "endpoints": [ ], "data": [ ], "externalReferences": [ ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-service-empty-objects-1.5.xml000066400000000000000000000007571476011761300315650ustar00rootroot00000000000000 Stock ticker service cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-signatures-1.5.json000066400000000000000000000230051476011761300276660ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "5366293e-0740-4dcf-b1d0-0c1fc26e4981", "type": "application", "name": "amce app", "version": "1.0", "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" ], "value": "tqITqIm0gUMWXIjqDgwqzqPw1CwTUKRewZQ5YpX3VwFMWV68NJgX4npU91cSwSC-MRlx1QfOYwSQkeU26VpXSg" } } ], "services": [ { "bom-ref": "ee10d0a2-baba-4656-a5ac-d49e172a0d3d", "group": "org.partner", "name": "Stock ticker service", "version": "2020-Q2", "endpoints": [ "https://partner.org/api/v1/lookup", "https://partner.org/api/v1/stock" ], "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "PII", "flow": "inbound" } ], "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" ], "value": "6A77T3RBTAuVpZOgFFFfOvGOQ1hqMbfSQ91VucRM1RIP6QqX9kEF1Pi1_vCl37qpVzK51kIyppgUF_i9s999XA" } } ], "compositions": [ { "aggregate": "complete", "assemblies": [ "5366293e-0740-4dcf-b1d0-0c1fc26e4981", "ee10d0a2-baba-4656-a5ac-d49e172a0d3d" ], "dependencies": [ "5366293e-0740-4dcf-b1d0-0c1fc26e4981" ], "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" ], "value": "lm6wx-elyBTbNMKNF8riooZhvrm6f5j8JpvgP9JtVv50dd7sXQLH7PqJcn9fmKV8eoF8cszPllEsQQhEQOM4hA" } } ], "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" ], "value": "m4pMbQQVV61TlP4Og7a75SeY8lh00LkkUDXZ4PIhXsR512MPRgZmusFYorJlYq9wM3P9n9gM3T8BTg9XdFdQkQ" } } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-vulnerability-1.5.json000066400000000000000000000425221476011761300304000ustar00rootroot00000000000000{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", "type": "library", "group": "com.fasterxml.jackson.core", "name": "jackson-databind", "version": "2.9.4", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" } ], "vulnerabilities": [ { "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", "source": { "name": "Snyk", "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" }, "references": [ { "id": "CVE-2018-7489", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" } } ], "ratings": [ { "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" }, "score": 9.8, "severity": "critical", "method": "CVSSv3", "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "justification": "An optional reason for rating the vulnerability as it was" } ], "cwes": [ 184, 502 ], "description": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", "detail": "", "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", "workaround": "Describe the workarounds here", "proofOfConcept": { "reproductionSteps": "Precise steps to reproduce go here", "environment": "Describe the environment", "supportingMaterial": [ { "contentType": "image/jpeg", "encoding": "base64", "content": "/9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k=" } ] }, "advisories": [ { "title": "GitHub Commit", "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" }, { "title": "GitHub Issue", "url": "https://github.com/FasterXML/jackson-databind/issues/1931" } ], "created": "2021-01-01T00:00:00.000Z", "published": "2021-01-01T00:00:00.000Z", "updated": "2021-01-01T00:00:00.000Z", "rejected": "2022-01-01T00:00:00.000Z", "credits": { "organizations": [ { "name": "Acme, Inc.", "url": [ "https://example.com" ] } ], "individuals": [ { "name": "Jane Doe", "email": "jane.doe@example.com" } ] }, "tools": { "components": [ { "type": "application", "group": "Snyk", "name": "Snyk CLI (Linux)", "version": "1.729.0", "hashes": [ { "alg": "SHA-256", "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" } ] } ], "services": [ { "provider": { "name": "Acme Inc" }, "name": "Acme BOM Analyzer", "endpoints": [ "https://example.com/analyze" ] } ] }, "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": ["will_not_fix", "update"], "detail": "An optional explanation of why the application is not affected by the vulnerable component.", "firstIssued": "2022-01-01T00:00:00.000Z", "lastUpdated": "2022-02-01T00:00:00.000Z" }, "affects": [ { "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", "versions": [ { "range": "vers:semver/<2.6.7.5", "status": "affected" }, { "range": "vers:semver/2.7.0|<2.8.11.1", "status": "affected" }, { "range": "vers:semver/2.9.0|<2.9.5", "status": "affected" } ] } ], "properties": [ { "name": "Foo", "value": "Bar" }, { "name": "Foo", "value": "You" }, { "name": "Foo", "value": "Two" }, { "name": "Bar", "value": "Foo" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-vulnerability-1.5.xml000066400000000000000000000465221476011761300302330ustar00rootroot00000000000000 com.fasterxml.jackson.core jackson-databind 2.9.4 pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 Snyk https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 CVE-2018-7489 NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 CVE-2018-7489 NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 NVD https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0 9.8 critical CVSSv3 AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H An optional reason for rating the vulnerability as it was 184 502 FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher. Describe the workarounds here Precise steps to reproduce go here Describe the environment /9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k= GitHub Commit https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2 GitHub Issue https://github.com/FasterXML/jackson-databind/issues/1931 2021-01-01T00:00:00.000Z 2021-01-01T00:00:00.000Z 2021-01-01T00:00:00.000Z 2022-01-01T00:00:00.000Z Acme, Inc. https://example.com Jane Doe jane.doe@example.com Snyk Snyk CLI (Linux) 1.729.0 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d Acme Inf Acme BOM Analyzer https://example.com/analyze not_affected code_not_reachable will_not_fix update An optional explanation of why the application is not affected by the vulnerable component. 2022-01-01T00:00:00.000Z 2022-02-01T00:00:00.000Z pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 vers:semver/<2.6.7.5 affected vers:semver/2.7.0|<2.8.11.1 affected vers:semver/2.9.0|<2.9.5 affected Bar You Two Foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.5/valid-xml-signature-1.5.xml000066400000000000000000000256551476011761300301450ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe jdoe@example.com 2018-11-07T22:01:45Z John Doe jdoe@example.com Initial commit org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef Apache-2.0 blah fdaf Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Apache-2.0 pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security PrB8/rofGs34XwIX5OIdYSjV2aKSe5VaztJKBvsgjIk= ePGNg30Zl9CW7RZdcRn8gFCp1AlWncjudA9pQDXyqZOvyj9RC2YtkI688WdfDOdVRZs6mflJFXr7 IKA9wY6jVrEqZmlef55Qp/8iGwOjOjWbwYsm2AhrdkUi9gaFSWEd8uITYHOpWbiPFSsnimiK9+ft 56dkg/oJMLdXzlaukzq9iGkRcafRkW433OQcZIXwD2K8lg4cdD0pNNNqBa+PgIvzbxA5H84TyQDB HBcQiw/j1edRBJgPOwlqzZDUawOJaFhAPUQ+GGKMetIJH2FqqrHXGuV1NIwnbWTCg40RdOcBdCrl PDtDVjFh34uZ4dYBpJBIlM4daD2N4B6WPB5iHRyuZTczF2q03ObabuTgkpK6EeadFVqFNsEOOPPt MDDyda+Lwff5KjvUHvRRtUDIOm2rNIQKzaseulwYcA9UWQHAFcupJmWcLLM4zzY7F/uOdZuSurzh U6h5kdb76Juepof6ee4Q5YpwNOGNL5JfB4C3sc/Dbbv8dZ8OuXFYSZN7reUGZzCNksByqERPEbAe n1ldJu1HnRXRQpwaon8Asy9CuNmPfFCfDwOs2B4p4tb+tLNIKFHdRlpd19Zr9vCMCbltXeqq0Cpq OejSyLYGqSWzzzUh449dJrg6KTevrTNEln5GAlLBFSdjM5JA7KV2u/GyDVFwSEW7UKooGN4CtgU= CN=bomsigner,OU=development,O=cyclonedx MIIE+DCCAuCgAwIBAgIEXGzayTANBgkqhkiG9w0BAQsFADA+MRIwEAYDVQQKDAljeWNsb25lZHgx FDASBgNVBAsMC2RldmVsb3BtZW50MRIwEAYDVQQDDAlib21zaWduZXIwHhcNMTkwMjIwMDQ0MjQ5 WhcNNDkwMjIwMDQ0MjQ5WjA+MRIwEAYDVQQKDAljeWNsb25lZHgxFDASBgNVBAsMC2RldmVsb3Bt ZW50MRIwEAYDVQQDDAlib21zaWduZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCo 5JZsM4ZLfWW/dpRlU6CpnItWspddF+bEVDETKVwVj9tGpqR5jURgKS/BOQP2TGUsR3/ZJJBhYRll ONhrUQrVKV/I6wp3Z40qPEa1RJLE+QlG9iL8qBV52CnXkLmnUSax3dspSzmSct5vDiTnvpHG9jr0 AKFeTjy7U9rv8GJybz0ijwlpBoO9JRdYPX2PrrzoSeJLoxKq+GwuyCZ5LhXRN0p1a+NAirTAmY+c G1ZTLkMmfeCUy1t6H/bG4RnYOSSPOvk7Rb68lQpUqb+pbbNuB2o/b9cDwtLLCtGVlu+5Wj8mrytY 3FGFQM20j3yVeRInmGqTTDBelQa/CO4JKqBlmaeYEIvNYbFs9+AlqadivwDO51RpdPo9fPSpsBpy ZMv6S2bXNuUML+Rk99WyKJTPM0PTZhRLZ64ZXEhlz3kQWVoSlrcwwim6sj6LRUb5IRqA3lxRFUI6 NXKyiQLamQp+t3/9OGW9L1rLCcw7yFo0s8LhMTPMiv4ol9/hQViT+8ICzDsr0OM9ZiF4/UagFRlt IClV70cjh1DpsZjzQIRVGaj8uQ/JdtfRz4E43Ki7U0a2Vpho/t6poLVndv46tkX5nYGtMW4WfMoD ZflQ9pajvvKtr2jB1wob6nsU+VTmAcWZy4BCPH+XyfDw/0SFBdUceJJJtPWIeYFDUY7onptf+wID AQABMA0GCSqGSIb3DQEBCwUAA4ICAQCOVariNgK+9OF/5T9ZaSvZbkk45RTmzgQNXtFc5xfRvqwP s+pu/DFXm1R+ltjyS5j3w6NBZUFUI5MqLQr6JEEDrbu8BvfBO57wJNAEATj1JIHEfDfh7BxnBF8f oYFOwbrh4jOt0wz0FW2obsSVmF4GSvS7tTlWqTcsxjdZVmwP40RWu18B9jzv7M61adrWD3ksDA5O amSOsZi3Nt0aacDkyGRdCIEFi0fplxQInXMtD1z3RhXu2JSTAIr54Cei49Bh71kAXSWHMCog/f8a lSrZyqZBty/ACfU9DqlPIM+giHePKm4z2bcdpUdKZk6wcKDn4CvuBOqsMBMg7L05UEyyqTPD/4dk 2GwJ8Nv0E5gsYHCIXF2cZ3OUVsw0mB/ozleEJVDE02uZZN/1wW1Xq028LsMdgN0Wk1WvWyF5MEdh nPWuhqp6tNaDI/kK6XQF+LjYJUzua3AQFOHfYNLKhO6d+bJ4rr0833v4v3cLW34kbXkKb6U3Yv8X SK3jBGCACiPgnc0N6awkh1kDlrZQ7GMsl14c+2+vpl9Lf0sL0mRUIyICfSC8MjlsP/BZH3emyfsk iWivPALomycKqP+PSkt1WaWApGENZWk1wNN99FYSYlt6LViW2p6T97fRx4jPRlHu+wecfD2k9RP4 bt5W2HWfOP0zNAS7SnAVLEl2QZxXKw== qOSWbDOGS31lv3aUZVOgqZyLVrKXXRfmxFQxEylcFY/bRqakeY1EYCkvwTkD9kxlLEd/2SSQYWEZ ZTjYa1EK1SlfyOsKd2eNKjxGtUSSxPkJRvYi/KgVedgp15C5p1Emsd3bKUs5knLebw4k576RxvY6 9AChXk48u1Pa7/Bicm89Io8JaQaDvSUXWD19j6686EniS6MSqvhsLsgmeS4V0TdKdWvjQIq0wJmP nBtWUy5DJn3glMtbeh/2xuEZ2Dkkjzr5O0W+vJUKVKm/qW2zbgdqP2/XA8LSywrRlZbvuVo/Jq8r WNxRhUDNtI98lXkSJ5hqk0wwXpUGvwjuCSqgZZmnmBCLzWGxbPfgJamnYr8AzudUaXT6PXz0qbAa cmTL+ktm1zblDC/kZPfVsiiUzzND02YUS2euGVxIZc95EFlaEpa3MMIpurI+i0VG+SEagN5cURVC OjVysokC2pkKfrd//ThlvS9aywnMO8haNLPC4TEzzIr+KJff4UFYk/vCAsw7K9DjPWYheP1GoBUZ bSApVe9HI4dQ6bGY80CEVRmo/LkPyXbX0c+BONyou1NGtlaYaP7eqaC1Z3b+OrZF+Z2BrTFuFnzK A2X5UPaWo77yra9owdcKG+p7FPlU5gHFmcuAQjx/l8nw8P9EhQXVHHiSSbT1iHmBQ1GO6J6bX/s= AQAB cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/000077500000000000000000000000001476011761300232125ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-bomformat-1.6.json000066400000000000000000000003451476011761300300230ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "AnotherFormat", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.json000066400000000000000000000007071476011761300306130ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0" }, { "type": "library", "bom-ref": "", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.xml000066400000000000000000000020241476011761300304340ustar00rootroot00000000000000 acme-library 1.0.0 acme-library 1.0.0 acme-library2 1.0.0 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-component-swid-1.6.json000066400000000000000000000007011476011761300307770ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "name": "Acme Application", "version": "9.1.1" } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-component-swid-1.6.xml000066400000000000000000000006611476011761300306330ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-component-type-1.6.json000066400000000000000000000004711476011761300310160ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "foo", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-component-type-1.6.xml000066400000000000000000000004721476011761300306460ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-dependency-1.6.json000066400000000000000000000014521476011761300301530ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "library-a", "type": "library", "name": "library-a", "version": "1.0.0" }, { "bom-ref": "library-b", "type": "library", "name": "library-b", "version": "1.0.0" }, { "bom-ref": "library-c", "type": "library", "name": "library-c", "version": "1.0.0" } ], "dependencies": [ { "dependsOn": [] }, { "ref": "", "dependsOn": [ "library-a" ] }, { "ref": "library-b", "dependsOn": [ "library-c" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-dependency-1.6.xml000066400000000000000000000020761476011761300300050ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 1.0.0 acme-library-b 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-empty-component-1.6.json000066400000000000000000000004051476011761300311700ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-empty-component-1.6.xml000066400000000000000000000003671476011761300310260ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-hash-alg-1.6.json000066400000000000000000000016301476011761300275170ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "FOO", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-hash-alg-1.6.xml000066400000000000000000000014771476011761300273570ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-hash-md5-1.6.json000066400000000000000000000015731476011761300274470ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "foo" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-hash-md5-1.6.xml000066400000000000000000000014421476011761300272710ustar00rootroot00000000000000 acme-library 1.0.0 required foo e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-hash-sha1-1.6.json000066400000000000000000000015631476011761300276150ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "foo" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-hash-sha1-1.6.xml000066400000000000000000000014321476011761300274370ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 foo f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-hash-sha256-1.6.json000066400000000000000000000015331476011761300277660ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "foo" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-hash-sha256-1.6.xml000066400000000000000000000014021476011761300276100ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a foo e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-hash-sha512-1.6.json000066400000000000000000000014331476011761300277600ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "foo" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-hash-sha512-1.6.xml000066400000000000000000000013021476011761300276020ustar00rootroot00000000000000 acme-library 1.0.0 required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-issue-type-1.6.json000066400000000000000000000023401476011761300301410ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "unofficial", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "foo", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-issue-type-1.6.xml000066400000000000000000000030221476011761300277660ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-license-choice-1.6.json000066400000000000000000000011031476011761300307000ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", "license": { "name": "Apache License 2.0" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-license-choice-1.6.xml000066400000000000000000000024301476011761300305330ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-license-encoding-1.6.json000066400000000000000000000367541476011761300312600ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2.0", "text": { "contentType": "text/plain", "encoding": "base85", "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-license-encoding-1.6.xml000066400000000000000000000402041476011761300310700ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-license-id-1.6.json000066400000000000000000000007541476011761300300550ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "licenses": [ { "license": { "id": "Apache-2" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-license-id-1.6.xml000066400000000000000000000402021476011761300276740ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-license-id-count-1.6.xml000066400000000000000000000024611476011761300310270ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 MIT MIT pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar invalid-license-missing-id-and-name-1.6.json000066400000000000000000000007011476011761300331130ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "license-with-no-id-nor-name", "version": "23", "description": "testcase for issue#288", "licenses": [ { "license": {} } ] } ] } invalid-license-missing-id-and-name-1.6.xml000066400000000000000000000007221476011761300327450ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6 license-with-no-id-nor-name 23 testcase for issue#288 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-license-name-count-1.6.xml000066400000000000000000000025271476011761300313560ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache License 2.0 Apache License 2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-metadata-license-1.6.json000066400000000000000000000005251476011761300312350ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "licenses": [ { "license": { "id": "Apache-2" } } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-metadata-license-1.6.xml000066400000000000000000000004771476011761300310720ustar00rootroot00000000000000 Apache-2 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-metadata-timestamp-1.6.json000066400000000000000000000004211476011761300316110ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13" }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-metadata-timestamp-1.6.xml000066400000000000000000000003641476011761300314460ustar00rootroot00000000000000 2020-04-07 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-missing-component-type-1.6.json000066400000000000000000000004441476011761300324650ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-missing-component-type-1.6.xml000066400000000000000000000004571476011761300323200ustar00rootroot00000000000000 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-namespace-1.6.xml000066400000000000000000000510571476011761300276260ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-patch-type-1.6.json000066400000000000000000000023411476011761300301110ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "foo", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-patch-type-1.6.xml000066400000000000000000000030231476011761300277360ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-properties-1.6.json000066400000000000000000000025121476011761300302270ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bcb403ae-91fa-436e-bc93-84d1078cdeed", "version": 1, "metadata": { "properties": [ { "value": "missing a name" }, { "unexpected-property": "foo" }, {} ] }, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "licenses": [ { "license": { "id": "Apache-2.0", "properties": [ { "value": "missing a name" }, { "unexpected-property": "foo" }, {} ] } } ], "properties": [ { "value": "missing a name" }, { "unexpected-property": "foo" }, {} ] } ], "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "group": "org.partner", "name": "Stock ticker service", "endpoints": [ "https://partner.org/api/v1/stock" ], "properties": [ { "value": "missing a name" }, { "unexpected-property": "foo" }, {} ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-properties-1.6.xml000066400000000000000000000027401476011761300300610ustar00rootroot00000000000000 missing a name acme-library 1.0.0 Apache-2.0 missing a name missing a name org.partner Stock ticker service https://partner.org/api/v1/stock missing a name cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-scope-1.6.json000066400000000000000000000005231476011761300271440ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "scope": "foo" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-scope-1.6.xml000066400000000000000000000005351476011761300267760ustar00rootroot00000000000000 acme-library 1.0.0 foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-serialnumber-1.6.json000066400000000000000000000003241476011761300305220ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-serialnumber-1.6.xml000066400000000000000000000510431476011761300303550ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-service-data-1.6.json000066400000000000000000000007561476011761300304120ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "name": "Stock ticker service", "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "foo", "flow": "bar" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/invalid-service-data-1.6.xml000066400000000000000000000006401476011761300302310ustar00rootroot00000000000000 Stock ticker service bar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-annotation-1.6.json000066400000000000000000000053431476011761300276630ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "component-a", "type": "library", "name": "Component A", "version": "1.0.0" } ], "annotations": [ { "bom-ref": "annotation-1", "subjects": [ "component-a" ], "annotator": { "organization": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Professional Services", "email": "professional.services@example.com" } ] } }, "timestamp": "2022-01-01T00:00:00Z", "text": "This is a sample annotation made by an organization" }, { "bom-ref": "annotation-2", "subjects": [ "component-a" ], "annotator": { "individual": { "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" } }, "timestamp": "2022-01-01T00:00:00Z", "text": "This is a sample annotation made by a person" }, { "bom-ref": "annotation-3", "subjects": [ "component-a" ], "annotator": { "component": { "type": "application", "name": "Awesome Tool", "version": "9.1.2" } }, "timestamp": "2022-01-01T00:00:00Z", "text": "This is a sample annotation made by a component" }, { "bom-ref": "annotation-4", "subjects": [ "component-a" ], "annotator": { "service": { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "name": "Partner Org", "url": [ "https://partner.org" ], "contact" : [ { "name": "Support", "email": "support@partner.org", "phone": "800-555-1212" } ] }, "group": "org.partner", "name": "BOM Annotation Service", "version": "2020-Q2", "endpoints": [ "https://partner.org/api/v1/inspect", "https://partner.org/api/v1/annotate" ], "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "public", "flow": "bi-directional" } ] } }, "timestamp": "2022-01-01T00:00:00Z", "text": "This is a sample annotation made by a service" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-annotation-1.6.xml000066400000000000000000000070201476011761300275040ustar00rootroot00000000000000 Component A 1.0.0 Acme, Inc. https://example.com Acme Professional Services professional.services@example.com 2022-01-01T00:00:00Z This is a sample annotation made by an organization Samantha Wright samantha.wright@example.com 800-555-1212 2022-01-01T00:00:00Z This is a sample annotation made by a person Awesome Tool 9.1.2 2022-01-01T00:00:00Z This is a sample annotation made by a component Partner Org https://partner.org Support support@partner.org 800-555-1212 org.partner BOM Annotation Service 2020-Q2 https://partner.org/api/v1/inspect https://partner.org/api/v1/annotate true true public 2022-01-01T00:00:00Z This is a sample annotation made by a service cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-assembly-1.6.json000066400000000000000000000011441476011761300273230ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library-a", "version": "1.0.0", "components": [ { "type": "library", "name": "acme-library-b", "version": "2.0.0" } ] } ], "services": [ { "name": "acme-service-a", "services": [ { "name": "acme-service-b" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-assembly-1.6.xml000066400000000000000000000014301476011761300271500ustar00rootroot00000000000000 acme-library-a 1.0.0 acme-library-b 2.0.0 acme-service-a acme-service-b cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-attestation-1.6.json000066400000000000000000000131261476011761300300460ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "declarations": { "assessors": [ { "bom-ref": "assessor-1", "thirdParty": true, "organization": { "name": "Assessors Inc" } } ], "attestations": [ { "summary": "Attestation summary here", "assessor": "assessor-1", "map": [ { "requirement": "requirement-1", "claims": [ "claim-1" ], "counterClaims": [ "counterClaim-1" ], "conformance": { "score": 0.8, "rationale": "Conformance rationale here", "mitigationStrategies": [ "mitigationStrategy-1" ] }, "confidence": { "score": 1, "rationale": "Confidence rationale here" } } ], "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB...", "MIID..." ], "value": "tqIT..." } } ], "claims": [ { "bom-ref": "claim-1", "target": "acme-inc", "predicate": "Predicate here", "mitigationStrategies": [ "mitigationStrategy-1" ], "reasoning": "Reasoning here", "evidence": [ "evidence-1" ], "counterEvidence": [ "counterEvidence-1" ], "externalReferences": [ { "type": "issue-tracker", "url": "https://alm.example.com" } ], "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB...", "MIID..." ], "value": "tqIT..." } } ], "evidence": [ { "bom-ref": "evidence-1", "propertyName": "internal.com.acme.someProperty", "description": "Description here", "data": [ { "name": "Name of the data", "contents": { "attachment": { "content": "Evidence here", "contentType": "text/plain" } }, "classification": "PII", "sensitiveData": [ "Describe sensitive data here" ] } ], "created": "2023-04-25T00:00:00+00:00", "expires": "2023-05-25T00:00:00+00:00", "author": { "name": "Mary" }, "reviewer": { "name": "Jane" }, "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB...", "MIID..." ], "value": "tqIT..." } }, { "bom-ref": "counterEvidence-1", "propertyName": "internal.com.acme.someProperty", "description": "Description here", "data": [ { "name": "Name of the data", "contents": { "attachment": { "content": "Counter evidence here", "contentType": "text/plain" } }, "classification": "Public", "sensitiveData": [ "Describe sensitive data here" ] } ], "created": "2023-04-25T00:00:00+00:00", "expires": "2023-05-25T00:00:00+00:00", "author": { "name": "Mary" }, "reviewer": { "name": "Jane" }, "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB...", "MIID..." ], "value": "tqIT..." } }, { "bom-ref": "mitigationStrategy-1", "propertyName": "internal.com.acme.someProperty", "description": "Description here", "data": [ { "name": "Name of the data", "contents": { "attachment": { "content": "Mitigation strategy here", "contentType": "text/plain" } }, "classification": "Company Confidential", "sensitiveData": [ "Describe sensitive data here" ] } ], "created": "2023-04-25T00:00:00+00:00", "expires": "2023-05-25T00:00:00+00:00", "author": { "name": "Mary" }, "reviewer": { "name": "Jane" }, "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB...", "MIID..." ], "value": "tqIT..." } } ], "targets": { "organizations": [ { "bom-ref": "acme-inc", "name": "Acme Inc" } ] }, "affirmation": { "statement": "I certify, to the best of my knowledge, that all information is correct...", "signatories": [ { "name": "Tom", "role": "CEO", "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB...", "MIID..." ], "value": "tqIT..." } }, { "name": "Jerry", "role": "COO", "organization": { "name": "Acme Inc" }, "externalReference": { "type": "electronic-signature", "url": "https://example.com/coo-sig.png" } } ], "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB...", "MIID..." ], "value": "tqIT..." } }, "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB...", "MIID..." ], "value": "tqIT..." } }, "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB...", "MIID..." ], "value": "tqIT..." } } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-attestation-1.6.xml000066400000000000000000000157051476011761300277020ustar00rootroot00000000000000 true Assessors Inc Attestation summary here assessor-1 requirement-1 claim-1 counterClaim-1 0.8 Conformance rationale here mitigationStrategy-1 1 Confidence rationale here acme-inc Predicate here mitigationStrategy-1 Reasoning here evidence-1 counterEvidence-1 https://alm.example.com internal.com.acme.someProperty Description here Name of the data Evidence here PII Describe sensitive data here 2023-04-25T00:00:00+00:00 2023-05-25T00:00:00+00:00 Mary Jane internal.com.acme.someProperty Description here Name of the data Counter evidence here Public Describe sensitive data here 2023-04-25T00:00:00+00:00 2023-05-25T00:00:00+00:00 Mary Jane internal.com.acme.someProperty Description here Name of the data Mitigation strategy here Company Confidential Describe sensitive data here 2023-04-25T00:00:00+00:00 2023-05-25T00:00:00+00:00 Mary Jane Acme Inc I certify, to the best of my knowledge, that all information is correct... Tom CEO Jerry COO Acme Inc https://example.com/coo-sig.png cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-bom-1.6.json000066400000000000000000000571331476011761300262720ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13T20:20:39+00:00", "tools": [ { "vendor": "Awesome Vendor", "name": "Awesome Tool", "version": "9.1.2", "hashes": [ { "alg": "SHA-1", "content": "25ed8e31b995bb927966616df2a42b979a2717f0" }, { "alg": "SHA-256", "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } ] } ], "authors": [ { "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" } ], "component": { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1", "text": { "contentType": "text/xml", "encoding": "base64", "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" } } }, "manufacturer": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Professional Services", "email": "professional.services@example.com" } ] }, "supplier": { "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "name": "Acme Distribution", "email": "distribution@example.com" } ] } }, "components": [ { "bom-ref": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", "type": "application", "author": "Joane Doe et al.", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "description": "Modified version of Apache Catalina", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ], "licenses": [ { "license": { "id": "Apache-2.0", "text": { "contentType": "text/plain", "encoding": "base64", "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ], "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", "pedigree": { "ancestors": [ { "type": "application", "author": "Apache Super Heros", "publisher": "Apache", "group": "org.apache.tomcat", "name": "tomcat-catalina", "version": "9.0.14", "description": "Apache Catalina", "licenses": [ { "license": { "id": "Apache-2.0" } } ], "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar" } ], "commits": [ { "uid": "7638417db6d59f3c431d3e1f261cc637155684cd", "url": "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd", "author": { "timestamp": "2018-11-13T20:20:39+00:00", "name": "John Doe", "email": "john.doe@example.com" }, "committer": { "timestamp": "2018-11-07T22:01:45Z", "name": "Jane Doe", "email": "jane.doe@example.com" }, "message": "Initial commit" } ], "notes": "Commentary here" } }, { "type": "library", "bom-ref": "pkg:maven/com.example/myapplication@1.0.0?packaging=war", "supplier": { "name": "Example, Inc.", "url": [ "https://example.com", "https://example.net" ], "contact": [ { "name": "Example Support AMER", "email": "support@example.com", "phone": "800-555-1212" }, { "name": "Example Support APAC", "email": "support@apac.example.com" } ] }, "manufacturer": { "name": "Example-2, Inc.", "url": [ "https://example.org" ], "contact": [ { "email": "support@example.org" } ] }, "authors": [ { "name": "Anthony Edward Stark", "phone": "555-212-970-4133", "email": "ironman@example.org" }, { "name": "Peter Benjamin Parker", "email": "spiderman@example.org" } ], "group": "org.example", "name": "mylibrary", "version": "1.0.0", "scope": "required", "hashes": [ { "alg": "MD5", "content": "2342c2eaf1feb9a80195dbaddf2ebaa3" }, { "alg": "SHA-1", "content": "68b78babe00a053f9e35ec6a2d9080f5b90122b0" }, { "alg": "SHA-256", "content": "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" }, { "alg": "SHA-512", "content": "387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef" } ], "licenses": [ { "expression": "EPL-2.0 OR GPL-2.0-with-classpath-exception" } ], "copyright": "Copyright Example Inc. All rights reserved.", "cpe": "cpe:/a:example:myapplication:1.0.0", "purl": "pkg:maven/com.example/myapplication@1.0.0?packaging=war", "modified": false, "externalReferences": [ { "url": "http://example.org/docs", "type": "documentation", "comment": "All component versions are documented here" }, { "url": "http://example.org/security", "type": "advisories" } ] }, { "type": "framework", "author": "Example Super Heros", "group": "com.example", "name": "myframework", "version": "1.0.0", "description": "Example Inc, enterprise framework", "scope": "required", "hashes": [ { "alg": "MD5", "content": "cfcb0b64aacd2f81c1cd546543de965a" }, { "alg": "SHA-1", "content": "7fbeef2346c45d565c3341f037bce4e088af8a52" }, { "alg": "SHA-256", "content": "0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1" }, { "alg": "SHA-512", "content": "854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79" } ], "licenses": [ { "license": { "name": "Some random license" } } ], "purl": "pkg:maven/com.example/myframework@1.0.0?packaging=war", "modified": false, "externalReferences": [ { "type": "website", "url": "http://example.com/myframework" }, { "type": "advisories", "url": "http://example.com/security" } ] } ], "dependencies": [ { "ref": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", "dependsOn": [ "pkg:maven/com.example/myapplication@1.0.0?packaging=war" ] } ] }cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-bom-1.6.xml000066400000000000000000000613021476011761300261120ustar00rootroot00000000000000 2020-04-13T20:20:39+00:00 Awesome Vendor Awesome Tool 9.1.2 25ed8e31b995bb927966616df2a42b979a2717f0 a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df Samantha Wright samantha.wright@example.com 800-555-1212 Acme Super Heros Acme Application 9.1.1 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Acme, Inc. https://example.com Acme Professional Services professional.services@example.com Acme, Inc. https://example.com Acme Distribution distribution@example.com Joane Doe et al. Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache Super Heros Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-13T20:20:39+00:00 John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here Example, Inc. https://example.com https://example.net Example Support AMER support@example.com 800-555-1212 Example Support APAC support@apac.example.com Example-2, Inc. https://example.org support@example.org Anthony Edward Stark ironman@example.org 555-212-970-4133 Peter Benjamin Parker spiderman@example.org org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0-with-classpath-exception Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security Example Super Heros com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-data-1.6.json000066400000000000000000000012461476011761300304200ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1b1bff0e-fdb9-4088-8b9a-1a9f2d9006da", "version": 1, "components": [ { "type": "data", "name": "my-configs", "version": "1337", "data": [ { "type": "configuration", "name": "app.ini", "contents": { "url": "https://example.com/cfg/1337/app.ini" } }, { "type": "other", "name": ".env", "contents": { "url": "https://example.com/cfg/1337/env" } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-data-1.6.xml000066400000000000000000000014221476011761300302430ustar00rootroot00000000000000 my-configs 1337 configuration app.ini https://example.com/cfg/1337/app.ini other .env https://example.com/cfg/1337/env cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-hashes-1.6.json000066400000000000000000000042631476011761300307640ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-example", "version": "1.0.0", "hashes": [ { "alg": "MD5", "content": "641b6e166f8b33c5e959e2adcc18b1c7" }, { "alg": "SHA-1", "content": "9188560f22e0b73070d2efce670c74af2bdf30af" }, { "alg": "SHA-256", "content": "d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964" }, { "alg": "SHA-384", "content": "d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad" }, { "alg": "SHA-512", "content": "74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6" }, { "alg": "SHA3-256", "content": "7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa" }, { "alg": "SHA3-384", "content": "a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5" }, { "alg": "SHA3-512", "content": "7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20" }, { "alg": "BLAKE2b-256", "content": "d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237" }, { "alg": "BLAKE2b-384", "content": "e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a" }, { "alg": "BLAKE2b-512", "content": "f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d" }, { "alg": "BLAKE3", "content": "26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-hashes-1.6.xml000066400000000000000000000035511476011761300306120ustar00rootroot00000000000000 acme-example 1.0.0 641b6e166f8b33c5e959e2adcc18b1c7 9188560f22e0b73070d2efce670c74af2bdf30af d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964 d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad 74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6 7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5 7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20 d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237 e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d 26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-identifiers-1.6.json000066400000000000000000000014561476011761300320170ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.example", "name": "acme-library", "version": "1.0.0", "cpe": "cpe:2.3:a:example:acme-library:1.0.0:*:*:*:*:*:*:*", "purl": "pkg:maven/com.example/acme-library@1.0.0", "omniborId": [ "gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64", "gitoid:blob:sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08" ], "swhid": [ "swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2", "swh:1:dir:d198bc9d7a6bcf6db04f476d29314f157507d505" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-identifiers-1.6.xml000066400000000000000000000015411476011761300316410ustar00rootroot00000000000000 com.example acme-library 1.0.0 cpe:2.3:a:example:acme-library:1.0.0:*:*:*:*:*:*:* pkg:maven/com.example/acme-library@1.0.0 gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64 gitoid:blob:sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2 swh:1:dir:d198bc9d7a6bcf6db04f476d29314f157507d505 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-ref-1.6.json000066400000000000000000000011661476011761300302640ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "bom-ref": "123", "name": "acme-library", "version": "1.0.0", "components" : [ { "type": "library", "bom-ref": "456", "name": "acme-library", "version": "1.0.0" } ] }, { "type": "library", "bom-ref": "789", "name": "acme-library", "version": "1.0.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-ref-1.6.xml000066400000000000000000000013011476011761300301020ustar00rootroot00000000000000 acme-library 1.0.0 acme-library 1.0.0 acme-library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-swid-1.6.json000066400000000000000000000010101476011761300304420ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1" } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-swid-1.6.xml000066400000000000000000000007541476011761300303070ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-swid-full-1.6.json000066400000000000000000000025761476011761300314240ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "author": "Acme Super Heros", "name": "Acme Application", "version": "9.1.1", "swid": { "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "name": "Acme Application", "version": "9.1.1", "text": { "contentType": "text/xml", "encoding": "base64", "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" } } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-swid-full-1.6.xml000066400000000000000000000025021476011761300312400ustar00rootroot00000000000000 Acme Super Heros Acme Application 9.1.1 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-types-1.6.json000066400000000000000000000020161476011761300306470ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "name": "application-a", "version": "1.0" }, { "type": "library", "name": "library-a", "version": "1.0" }, { "type": "framework", "name": "framework-a", "version": "1.0" }, { "type": "container", "name": "container-a", "version": "1.0" }, { "type": "operating-system", "name": "operating-system-a", "version": "1.0" }, { "type": "firmware", "name": "firmware-a", "version": "1.0" }, { "type": "device", "name": "device-a", "version": "1.0" }, { "type": "file", "name": "file-a", "version": "1.0" }, { "type": "data", "name": "data-a", "version": "1.0" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-component-types-1.6.xml000066400000000000000000000024771476011761300305110ustar00rootroot00000000000000 application-a 1.0 library-a 1.0 framework-a 1.0 container-a 1.0 operating-system-a 1.0 firmware-a 1.0 device-a 1.0 file-a 1.0 data-a 1.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-compositions-1.6.json000066400000000000000000000035221476011761300302340ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "component": { "bom-ref": "acme-application-1.0", "type": "application", "name": "Acme Application", "version": "1.0" } }, "components": [ { "bom-ref": "pkg:maven/partner/shaded-library@1.0", "type": "library", "name": "Partner Shaded Library", "version": "1.0", "purl": "pkg:maven/partner/shaded-library@1.0", "components": [ { "bom-ref": "pkg:maven/ossproject/library@2.0", "type": "library", "name": "Some Opensource Library", "version": "2.0", "purl": "pkg:maven/ossproject/library@2.0" } ] }, { "bom-ref": "pkg:maven/acme/library@3.0", "type": "library", "name": "Acme Library", "version": "3.0", "purl": "pkg:maven/acme/library@3.0" } ], "dependencies": [ { "ref": "acme-application-1.0", "dependsOn": [ "pkg:maven/partner/shaded-library@1.0", "pkg:maven/acme/library@3.0" ] } ], "vulnerabilities": [ { "bom-ref": "vulnerability-1", "id": "ACME-12345", "source": { "name": "Acme Inc" } } ], "compositions": [ { "bom-ref": "composition-1", "aggregate": "complete", "assemblies": [ "pkg:maven/partner/shaded-library@1.0" ], "dependencies": [ "acme-application-1.0" ] }, { "aggregate": "unknown", "assemblies": [ "pkg:maven/acme/library@3.0" ] }, { "aggregate": "incomplete_first_party_only", "vulnerabilities": [ "vulnerability-1" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-compositions-1.6.xml000066400000000000000000000046401476011761300300650ustar00rootroot00000000000000 Acme Application 1.0 Partner Shaded Library 1.0 pkg:maven/partner/shaded-library@1.0 Some Opensource Library 2.0 pkg:maven/ossproject/library@2.0 Acme Library 3.0 pkg:maven/acme/library@3.0 complete unknown incomplete_first_party_only ACME-12345 Acme Inc cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-cryptography-full-1.6.json000066400000000000000000000057421476011761300312070ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "cryptographic-asset", "bom-ref": "asset-1", "name": "Name here", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "ae", "parameterSetIdentifier": "128", "curve": "brainpoolP160r1", "executionEnvironment": "software-plain-ram", "implementationPlatform": "x86_64", "certificationLevel": [ "fips140-1-l4" ], "mode": "gcm", "padding": "pkcs5", "cryptoFunctions": ["keygen", "encrypt", "decrypt", "tag"], "classicalSecurityLevel": 128, "nistQuantumSecurityLevel": 1 }, "oid": "oid:1.2.3.4.5.6.7.8.9" } }, { "type": "cryptographic-asset", "bom-ref": "asset-2", "name": "Name here", "cryptoProperties": { "assetType": "certificate", "certificateProperties": { "subjectName": "Subject name here", "issuerName": "Issuer name here", "notValidBefore": "2022-01-01T00:00:00.000Z", "notValidAfter": "2024-01-01T00:00:00.000Z", "signatureAlgorithmRef": "bom-ref-to-algorithm", "subjectPublicKeyRef": "bom-ref-to-public-key", "certificateFormat": "X.509", "certificateExtension": "crt" }, "oid": "oid:1.2.3.4.5.6.7.8.9" } }, { "type": "cryptographic-asset", "bom-ref": "asset-3", "name": "Name here", "cryptoProperties": { "assetType": "protocol", "protocolProperties": { "type": "tls", "version": "1.3", "cipherSuites": [ { "name": "TLS_DHE_RSA_WITH_AES_128_CCM", "algorithms": [ "bom-ref-to-algorithm" ], "identifiers": [ "0xC0" ] } ] }, "oid": "oid:1.2.3.4.5.6.7.8.9" } }, { "type": "cryptographic-asset", "bom-ref": "asset-4", "name": "Name here", "cryptoProperties": { "assetType": "related-crypto-material", "relatedCryptoMaterialProperties": { "type": "private-key", "id": "12345", "state": "active", "algorithmRef": "bom-ref-to-algorithm", "creationDate": "2024-01-01T00:00:00.000Z", "activationDate": "2024-01-02T00:00:00.000Z", "updateDate": "2024-01-03T00:00:00.000Z", "expirationDate": "2024-01-04T00:00:00.000Z", "value": "Value here", "size": 1024, "format": "PEM", "securedBy": { "mechanism": "HSM", "algorithmRef": "bom-ref-to-algorithm" } }, "oid": "oid:1.2.3.4.5.6.7.8.9" } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-cryptography-full-1.6.xml000066400000000000000000000110251476011761300310250ustar00rootroot00000000000000 Name here algorithm ae 128 brainpoolP160r1 software-plain-ram x86_64 fips140-1-l4 gcm pkcs5 keygen encrypt decrypt tag 128 1 oid:1.2.3.4.5.6.7.8.9 Name here certificate Subject name here Issuer name here 2022-01-01T00:00:00.000Z 2024-01-01T00:00:00.000Z bom-ref-to-algorithm bom-ref-to-public-key X.509 crt oid:1.2.3.4.5.6.7.8.9 Name here protocol tls 1.3 TLS_DHE_RSA_WITH_AES_128_CCM bom-ref-to-algorithm 0xC0 oid:1.2.3.4.5.6.7.8.9 Name here related-crypto-material private-key 12345 active bom-ref-to-algorithm 2024-01-01T00:00:00.000Z 2024-01-02T00:00:00.000Z 2024-01-03T00:00:00.000Z 2024-01-04T00:00:00.000Z Value here 1024 PEM HSM bom-ref-to-algorithm oid:1.2.3.4.5.6.7.8.9 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.json000066400000000000000000000027631476011761300332720ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "component": { "type": "application", "bom-ref": "acme-application", "name": "Acme Application", "version": "1.0" } }, "components": [ { "type": "cryptographic-asset", "bom-ref": "aes128gcm", "name": "AES", "cryptoProperties": { "assetType": "algorithm", "algorithmProperties": { "primitive": "ae", "parameterSetIdentifier": "128", "executionEnvironment": "software-plain-ram", "implementationPlatform": "x86_64", "certificationLevel": [ "none" ], "mode": "gcm", "cryptoFunctions": ["keygen", "encrypt", "decrypt", "tag"], "classicalSecurityLevel": 128, "nistQuantumSecurityLevel": 1 }, "oid": "oid:2.16.840.1.101.3.4.1.6" } }, { "type": "library", "bom-ref": "crypto-library", "name": "Crypto library", "version": "1.0.0" }, { "type": "library", "bom-ref": "some-library", "name": "Some library", "version": "1.0.0" } ], "dependencies": [ { "ref": "acme-application", "dependsOn": ["crypto-library"] }, { "ref": "crypto-library", "provides": ["aes128gcm"], "dependsOn": ["some-library"] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.xml000066400000000000000000000042511476011761300331130ustar00rootroot00000000000000 Acme Application 1.0 AES algorithm ae 128 software-plain-ram x86_64 none gcm keygen encrypt decrypt tag 128 1 oid:2.16.840.1.101.3.4.1.6 Crypto library 1.0.0 Some library 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-dependency-1.6.json000066400000000000000000000013651476011761300276270ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "library-a", "type": "library", "name": "library-a", "version": "1.0.0" }, { "bom-ref": "library-b", "type": "library", "name": "library-b", "version": "1.0.0" }, { "bom-ref": "library-c", "type": "library", "name": "library-c", "version": "1.0.0" } ], "dependencies": [ { "ref": "library-a", "dependsOn": [] }, { "ref": "library-b", "dependsOn": [ "library-c" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-dependency-1.6.xml000066400000000000000000000014511476011761300274520ustar00rootroot00000000000000 library-a 1.0.0 library-b 1.0.0 library-c 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-empty-components-1.6.json000066400000000000000000000003411476011761300310230ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-empty-components-1.6.xml000066400000000000000000000002731476011761300306560ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-evidence-1.6.json000066400000000000000000000106201476011761300272650ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "group": "com.google.code.findbugs", "name": "findbugs-project", "version": "3.0.0", "licenses": [ { "license": { "id": "LGPL-3.0-or-later", "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html" } } ], "purl": "pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0", "evidence": { "identity": { "field": "purl", "confidence": 1, "methods": [ { "technique": "filename", "confidence": 0.1, "value": "findbugs-project-3.0.0.jar" }, { "technique": "ast-fingerprint", "confidence": 0.9, "value": "61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab" }, { "technique": "hash-comparison", "confidence": 0.7, "value": "7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf" } ], "tools": [ "bom-ref-of-tool-that-performed-analysis" ] }, "occurrences": [ { "bom-ref": "d6bf237e-4e11-4713-9f62-56d18d5e2079", "location": "/path/to/component" }, { "bom-ref": "b574d5d1-e3cf-4dcd-9ba5-f3507eb1b175", "location": "/another/path/to/component" } ], "callstack": { "frames": [ { "package": "com.apache.logging.log4j.core", "module": "Logger.class", "function": "logMessage", "parameters": [ "com.acme.HelloWorld", "Level.INFO", "null", "Hello World" ], "line": 150, "column": 17, "fullFilename": "/path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class" }, { "module": "HelloWorld.class", "function": "main", "line": 20, "column": 12, "fullFilename": "/path/to/HelloWorld.class" } ] }, "licenses": [ { "license": { "id": "Apache-2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0" } }, { "license": { "id": "LGPL-2.1-only", "url": "https://opensource.org/licenses/LGPL-2.1" } } ], "copyright": [ { "text": "Copyright 2012 Google Inc. All Rights Reserved." }, { "text": "Copyright (C) 2004,2005 Dave Brosius " }, { "text": "Copyright (C) 2005 William Pugh" }, { "text": "Copyright (C) 2004,2005 University of Maryland" } ] } }, { "type": "application", "group": "com.example", "name": "example-project", "version": "1.0.0", "purl": "pkg:maven/com.example/example-project@1.0.0", "evidence": { "identity": [ { "field": "group", "confidence": 0.1, "concludedValue": "com.example", "methods": [ { "technique": "filename", "confidence": 0.1, "value": "example-project-1.0.0.jar" } ] }, { "field": "name", "confidence": 0.1, "concludedValue": "example-project", "methods": [ { "technique": "filename", "confidence": 0.1, "value": "example-project-1.0.0.jar" } ] }, { "field": "version", "confidence": 0.1, "concludedValue": "1.0.0", "methods": [ { "technique": "filename", "confidence": 0.1, "value": "example-project-1.0.0.jar" } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-evidence-1.6.xml000066400000000000000000000143571476011761300271270ustar00rootroot00000000000000 com.google.code.findbugs findbugs-project 3.0.0 LGPL-3.0-or-later https://www.gnu.org/licenses/lgpl-3.0-standalone.html pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0 purl 1 filename 0.1 findbugs-project-3.0.0.jar ast-fingerprint 0.9 61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab hash-comparison 0.7 7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf /path/to/component /another/path/to/component com.apache.logging.log4j.core Logger.class logMessage com.acme.HelloWorld Level.INFO null Hello World 150 17 /path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class HelloWorld.class main 20 12 /path/to/HelloWorld.class Apache-2.0 http://www.apache.org/licenses/LICENSE-2.0 LGPL-2.1-only https://opensource.org/licenses/LGPL-2.1 ]]> com.example example-project 1.0.0 pkg:maven/com.example/example-project@1.0.0 group 0.1 com.example filename 0.1 example-project-1.0.0.jar name 0.1 example-project filename 0.1 example-project-1.0.0.jar version 0.1 1.0.0 filename 0.1 example-project-1.0.0.jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-external-elements-1.6.xml000066400000000000000000000535041476011761300307760ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt Banana Banana pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 Banana Banana pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar Banana Banana Banana Banana foo 1.0 Banana Banana bar 1.0 Banana Banana 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com Banana Banana 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Banana Banana Initial commit Banana Banana Banana Banana Commentary here Banana Banana Banana Banana Banana Banana Banana Banana cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.json000066400000000000000000000142611476011761300312660ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "org.example", "name": "mylibrary", "version": "1.0.0", "externalReferences": [ { "type": "advisories", "url": "https://example.org/security/feed/csaf", "comment": "Security advisories from the vendor" }, { "type": "bom", "url": "https://example.org/support/sbom/portal-server/1.0.0", "comment": "An external SBOM that describes what this component includes", "hashes": [ { "alg": "SHA-256", "content": "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" } ] }, { "type": "documentation", "url": "https://example.org/support/documentation/portal-server/1.0.0", "comment": "Vendor provided documentation for the product" } ] }, { "type": "application", "name": "dummy", "description": "this component has all external reference types possible", "externalReferences": [ { "type": "vcs", "url": "http://example.com/extref/vcs" }, { "type": "issue-tracker", "url": "http://example.com/extref/issue-tracker" }, { "type": "website", "url": "http://example.com/extref/website" }, { "type": "advisories", "url": "http://example.com/extref/advisories" }, { "type": "bom", "url": "http://example.com/extref/bom" }, { "type": "mailing-list", "url": "http://example.com/extref/mailing-list" }, { "type": "social", "url": "http://example.com/extref/social" }, { "type": "chat", "url": "http://example.com/extref/chat" }, { "type": "documentation", "url": "http://example.com/extref/documentation" }, { "type": "support", "url": "http://example.com/extref/support" }, { "type": "source-distribution", "url": "http://example.com/extref/source-distribution" }, { "type": "distribution", "url": "http://example.com/extref/distribution" }, { "type": "distribution-intake", "url": "http://example.com/extref/distribution-intake" }, { "type": "license", "url": "http://example.com/extref/license" }, { "type": "build-meta", "url": "http://example.com/extref/build-meta" }, { "type": "build-system", "url": "http://example.com/extref/build-system" }, { "type": "release-notes", "url": "http://example.com/extref/release-notes" }, { "type": "security-contact", "url": "http://example.com/extref/security-contact" }, { "type": "model-card", "url": "http://example.com/extref/model-card" }, { "type": "log", "url": "http://example.com/extref/log" }, { "type": "configuration", "url": "http://example.com/extref/configuration" }, { "type": "evidence", "url": "http://example.com/extref/evidence" }, { "type": "formulation", "url": "http://example.com/extref/formulation" }, { "type": "attestation", "url": "http://example.com/extref/attestation" }, { "type": "threat-model", "url": "http://example.com/extref/threat-model" }, { "type": "adversary-model", "url": "http://example.com/extref/adversary-model" }, { "type": "risk-assessment", "url": "http://example.com/extref/risk-assessment" }, { "type": "vulnerability-assertion", "url": "http://example.com/extref/vulnerability-assertion" }, { "type": "exploitability-statement", "url": "http://example.com/extref/exploitability-statement" }, { "type": "pentest-report", "url": "http://example.com/extref/pentest-report" }, { "type": "static-analysis-report", "url": "http://example.com/extref/static-analysis-report" }, { "type": "dynamic-analysis-report", "url": "http://example.com/extref/dynamic-analysis-report" }, { "type": "runtime-analysis-report", "url": "http://example.com/extref/runtime-analysis-report" }, { "type": "component-analysis-report", "url": "http://example.com/extref/component-analysis-report" }, { "type": "maturity-report", "url": "http://example.com/extref/maturity-report" }, { "type": "certification-report", "url": "http://example.com/extref/certification-report" }, { "type": "quality-metrics", "url": "http://example.com/extref/quality-metrics" }, { "type": "codified-infrastructure", "url": "http://example.com/extref/codified-infrastructure" }, { "type": "poam", "url": "http://example.com/extref/poam" }, { "type": "electronic-signature", "url": "http://example.com/extref/electronic-signature" }, { "type": "digital-signature", "url": "http://example.com/extref/digital-signature" }, { "type": "rfc-9116", "url": "http://example.com/extref/rfc-9116" }, { "type": "other", "url": "http://example.com/extref/other" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.xml000066400000000000000000000144071476011761300311170ustar00rootroot00000000000000 Acme Inc org.example mylibrary 1.0.0 https://example.org/security/feed/csaf Security advisories from the vendor https://example.org/support/sbom/portal-server/1.0.0 An external SBOM that describes what this component includes 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 https://example.org/support/documentation/portal-server/1.0.0 Vendor provided documentation for the product dummy this component has all external reference types possible http://example.com/extref/vcs http://example.com/extref/issue-tracker http://example.com/extref/website http://example.com/extref/advisories http://example.com/extref/bom http://example.com/extref/mailing-list http://example.com/extref/social http://example.com/extref/chat http://example.com/extref/documentation http://example.com/extref/support http://example.com/extref/source-distribution http://example.com/extref/distribution http://example.com/extref/distribution-intake http://example.com/extref/license http://example.com/extref/build-meta http://example.com/extref/build-system http://example.com/extref/release-notes http://example.com/extref/security-contact http://example.com/extref/model-card http://example.com/extref/log http://example.com/extref/configuration http://example.com/extref/evidence http://example.com/extref/formulation http://example.com/extref/attestation http://example.com/extref/threat-model http://example.com/extref/adversary-model http://example.com/extref/risk-assessment http://example.com/extref/vulnerability-assertion http://example.com/extref/exploitability-statement http://example.com/extref/pentest-report http://example.com/extref/static-analysis-report http://example.com/extref/dynamic-analysis-report http://example.com/extref/runtime-analysis-report http://example.com/extref/component-analysis-report http://example.com/extref/maturity-report http://example.com/extref/certification-report http://example.com/extref/quality-metrics http://example.com/extref/codified-infrastructure http://example.com/extref/poam http://example.com/extref/electronic-signature http://example.com/extref/digital-signature http://example.com/extref/rfc-9116 http://example.com/extref/other cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-formulation-1.6.json000066400000000000000000000171271476011761300300530ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "org.example", "name": "mylibrary", "version": "1.0.0" } ], "formulation": [ { "bom-ref": "formula-1", "components": [ { "bom-ref": "component-1", "type": "platform", "name": "Pipeline controller image", "version": "v0.47.0" } ], "workflows": [ { "bom-ref": "workflow-1", "uid": "8edb2b08-e2c7-11ed-b5ea-0242ac120002", "name": "My workflow", "description": "Workflow description here", "resourceReferences": [ { "ref": "component-a" } ], "tasks": [ { "bom-ref": "task-1", "uid": "task-uid-1", "name": "fetch-repository", "description": "Description here", "resourceReferences": [ { "ref": "component-a" } ], "taskTypes": [ "clone", "build" ], "trigger": { "bom-ref": "trigger-1", "uid": "trigger-1", "type": "api" }, "steps": [ { "name": "My step" } ], "inputs": [ { "resource": { "ref": "component-a" } } ], "outputs": [ { "resource": { "ref": "component-b" } } ], "timeStart": "2023-01-01T00:00:00+00:00", "timeEnd": "2023-01-01T00:00:00+00:00", "workspaces": [ { "bom-ref": "workspace-1", "uid": "workspace-uid-1", "name": "workspace" } ], "runtimeTopology": [ { "ref": "task-1", "dependsOn": [ "task-2" ] } ] } ], "taskDependencies": [ { "ref": "task-1", "dependsOn": ["task-2"] } ], "taskTypes": [ "clone", "build" ], "trigger": { "bom-ref": "trigger-2", "uid": "trigger-uid-2", "name": "My trigger", "description": "Description here", "resourceReferences": [ { "ref": "component-a" } ], "type": "api", "event": { "uid": "event-1", "description": "Description here", "timeReceived": "2023-01-01T00:00:00+00:00", "data": { "contentType": "text/plain", "content": "Foo/Bar" }, "source": { "ref": "component-g" }, "target": { "ref": "component-h" }, "properties": [ { "name": "Foo", "value": "Bar" } ] }, "conditions": [ { "description": "Description here", "expression": "1 == 1", "properties": [ { "name": "Foo", "value": "Bar" } ] } ], "timeActivated": "2023-01-01T00:00:00+00:00", "inputs": [ { "resource": { "ref": "component-10" }, "source": { "ref": "component-11" }, "target": { "ref": "component-12" } } ], "outputs": [ { "resource": { "ref": "component-14" }, "type": "artifact", "source": { "ref": "component-15" }, "target": { "ref": "component-16" } } ], "properties": [ { "name": "Foo", "value": "Bar" } ] }, "steps": [ { "name": "My step", "description": "Description here", "commands": [ { "executed": "ls -las", "properties": [ { "name": "Foo", "value": "Bar" } ] } ], "properties": [ { "name": "Foo", "value": "Bar" } ] } ], "inputs": [ { "environmentVars": [ { "name": "Foo", "value": "Bar" } ] }, { "environmentVars": [ "FooBar" ] }, { "environmentVars": [ { "name": "Foo", "value": "Bar" }, "FooBar" ] } ], "outputs": [ { "environmentVars": [ { "name": "Foo", "value": "Bar" } ] }, { "environmentVars": [ "FooBar" ] }, { "environmentVars": [ { "name": "Foo", "value": "Bar" }, "FooBar" ] } ], "timeStart": "2023-01-01T00:00:00+00:00", "timeEnd": "2023-01-01T00:00:10+00:00", "workspaces": [ { "bom-ref": "workspace-2", "uid": "workspace-1", "name": "My workspace", "aliases": [ "default-workspace" ], "description": "Description here", "resourceReferences": [ { "ref": "component-t" } ], "accessMode": "read-write", "mountPath": "/tmp/workspace", "managedDataType": "ConfigMap", "volumeRequest": "requestedVolumeClaim", "volume": { "uid": "volume-1", "name": "My volume", "mode": "filesystem", "path": "/", "sizeAllocated": "10GB", "persistent": true, "remote": false } } ], "runtimeTopology": [ { "ref": "component-s", "dependsOn": [ "component-r" ] } ], "properties": [ { "name": "Foo", "value": "Bar" } ] } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-formulation-1.6.xml000066400000000000000000000267441476011761300277070ustar00rootroot00000000000000 Acme Inc org.example mylibrary 1.0.0 Pipeline controller image v0.47.0 8edb2b08-e2c7-11ed-b5ea-0242ac120002 My workflow Workflow description here component-a task-uid-1 fetch-repository Description here component-a clone build trigger-1 api My step component-a component-b 2023-01-01T00:00:00+00:00 2023-01-01T00:00:00+00:00 workspace-uid-1 workspace clone build trigger-uid-2 My trigger Description here component-a api event-1 Description here 2023-01-01T00:00:00+00:00 Foo/Bar component-g component-h Bar Description here 1 == 1 Bar 2023-01-01T00:00:00+00:00 component-10 component-11 component-12 component-14 artifact component-15 component-16 Bar My step Description here ls -las Bar Bar Bar FooBar Bar FooBar Bar FooBar Bar FooBar 2023-01-01T00:00:00+00:00 2023-01-01T00:00:10+00:00 workspace-1 My workspace default-workspace Description here component-t read-write /tmp/workspace ConfigMap requestedVolumeClaim volume-1 My volume filesystem / 10GB true false Bar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.json000066400000000000000000000024701476011761300313260ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "description": "Modified version of Apache Catalina", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ], "licenses": [ { "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", "acknowledgement": "declared", "bom-ref": "my-license" } ], "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.xml000066400000000000000000000023531476011761300311550ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-license-id-1.6.json000066400000000000000000000024421476011761300275220ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "description": "Modified version of Apache Catalina", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ], "licenses": [ { "license": { "id": "Apache-2.0", "acknowledgement": "declared", "bom-ref": "my-license" } } ], "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-license-id-1.6.xml000066400000000000000000000023571476011761300273560ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-license-licensing-1.6.json000066400000000000000000000031031476011761300310740ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "cryptographic-provider", "version": "2.2.0", "licenses": [ { "license": { "bom-ref": "acme-license-1", "name": "Acme Commercial License", "licensing": { "altIds": [ "acme", "acme-license" ], "licensor": { "organization": { "name": "Acme Inc", "contact": [ { "name": "Acme Licensing Fulfillment", "email": "licensing@example.com" } ] } }, "licensee": { "organization": { "name": "Example Co." } }, "purchaser": { "individual": { "name": "Samantha Wright", "email": "samantha.wright@gmail.com", "phone": "800-555-1212" } }, "purchaseOrder": "PO-12345", "licenseTypes": ["appliance"], "lastRenewal": "2022-04-13T20:20:39+00:00", "expiration": "2023-04-13T20:20:39+00:00" } } } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-license-licensing-1.6.xml000066400000000000000000000042251476011761300307310ustar00rootroot00000000000000 Acme Inc com.acme cryptographic-provider 2.2.0 Acme Commercial License acme acme-license Acme Inc Acme Licensing Fulfillment licensing@example.com Example Co. Samantha Wright samantha.wright@gmail.com 800-555-1212 PO-12345 appliance 2022-04-13T20:20:39+00:00 2023-04-13T20:20:39+00:00 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-license-name-1.6.json000066400000000000000000000024071476011761300300470ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "application", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", "description": "Modified version of Apache Catalina", "scope": "required", "hashes": [ { "alg": "MD5", "content": "3942447fac867ae5cdb3229b658f4d48" }, { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" }, { "alg": "SHA-256", "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" }, { "alg": "SHA-512", "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" } ], "licenses": [ { "license": { "name": "Apache License 2.0", "bom-ref": "my-license" } } ], "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-license-name-1.6.xml000066400000000000000000000023401476011761300276720ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache License 2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.json000066400000000000000000003005241476011761300307110ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "component-a", "type": "machine-learning-model", "publisher": "Acme Inc", "group": "CompVis", "name": "stable-diffusion", "version": "1.4", "description": "Stable Diffusion is a latent text-to-image diffusion model capable of generating photo-realistic images given any text input. For more information about how Stable Diffusion functions, please have a look at \uD83E\uDD17's Stable Diffusion with \uD83E\uDDE8Diffusers blog.", "modelCard": { "modelParameters": { "approach": { "type": "supervised" }, "task": "task goes here", "architectureFamily": "the architecture family goes here", "modelArchitecture": "The architecture of the model.", "datasets": [ { "type": "dataset", "name": "Training Data", "contents": { "url": "https://example.com/path/to/dataset" }, "classification": "public" } ], "inputs": [ { "format": "string" } ], "outputs": [ { "format": "byte[]" } ] }, "quantitativeAnalysis": { "performanceMetrics": [ { "type": "The type of performance metric", "value": "The value of the performance metric", "slice": "The name of the slice this metric was computed on. By default, assume this metric is not sliced", "confidenceInterval": { "lowerBound": "The lower bound of the confidence interval", "upperBound": "The upper bound of the confidence interval" } } ], "graphics": { "description": "Performance images", "collection": [ { "name": "FID vs CLIP Scores on 512x512 samples for different v1-versions", "image": { "contentType": "image/jpeg", "encoding": "base64", "content": "/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAMEBgUGBgYFBgYGBwkIBgcJBwYGCAsICQoKCgoKBggLDAsKDAkKCgr/2wBDAQICAgICAgUDAwUKBwYHCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgr/wAARCAH4AxgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPDv2yv+CkH7G3/AAT/ALrwpYftYfFe68N3PjiW8i8K2tl4S1XV5dQe1WJrgKmnWs7LsWeI/OFyG4ztbGN+y9/wVb/YY/bK+Jp+D/7PHxO8Qav4gXTZb82mpfDPxDpMfkRlA7efqFhBDkF1+XfuOeAcHHyZ/wAFx/ird/BH/gpn+wN8U7D4UeLfHE2j+KfHUieFPAmnRXerahu0qyj2W8U0sSOw37yGkX5UY5JGD9i/smftw69+1R4r1Twvq37DPx4+FKaZp4uk1T4teE7HT7S9JkCeTA9tfXDNKM7iCqjaCc9qANj4f/t7fsnfFH4O/Ef4/eBPit9u8JfCTWNa0v4hat/YV/F/ZV3pMIm1CPypIFln8qMht0KSK/RC54rwnSf+DiL/AII+6xY22sJ+1feWenXao1vq+r/DHxLY2LK33W+03GnJCFOR8xcDnrXyt+wD/wAodv8Ago7/ANlg+NH/AKaEr7a/4IwWNlqf/BIL9njTdSs4ri2uPg3osdxbzxh0lRrNAysp4YEEgg8EGgD6G+F3xW+GPxu8B6d8Ufg58QtF8VeG9Xh83S9e8P6lFeWl0mSCUliZlbBBBweCCDgit+vzQ/4Je+GNH/ZN/wCC1X7Xn7C/wZtE0z4YXGjeHfH2h+FLQbLPQNSvLeNb1LeMfLCkzyBtigKqQxKoAQV9Zf8ABUXVP2qfDP7A/wATPHX7FPjt/D/xL8MeHX1zw5crpFrf/avsbLcT2fkXUUiOZ4I5oVwAweRSGBFAHvtFfB37Zv8AwVc1Sw/4I0eH/wBt39lSaMeP/jNpOiaJ8JdOjiiuHj8TauywJbqkqtHLLav9pYo6sjNaFWDAkHgv2/v2yv2sP2eP2i/gZ+w744/4KA+GvgRo+v8Awqk1Txd+0j4s8Eafdp4j8RWskVvLptulysenWLuC10xdAoWRFUL8quAfpdRXhH7BugftAaX4C1PWPjJ+3l4f/aD0nVLmKbwl4x0Pwhp+lGKEKwlikOnSvb3PzbSsiBMcgg9a8O/4ORPj78R/2dv+CPvxT8U/CjXZ9J1nWxpvh5dXtpSj2Vvf30NvcuGHKloHljDAgqZAQcgUAdj8TP8Aguz/AMEnfhN451P4d+KP2w9KvNT0SYxayfC/h/VNbtrBwSGWe6061ngiKkEMGcbSCDgg16F4w/4KZ/sI+CP2Qbn9vbVP2ktEvPhFZywRXXjTQIbjVIIpZbiO2SIxWUcswk86WNGTZuQt84UAkdh+yh+y58G/2Mv2fvDP7N/wI8IWWj+HfDOlxWsEdpbrG11IqASXUxUZkmlYF3kbLMzEkmvhf/g5o+Fvw2+FP/BC3426b8MvAek+H7bVfEug6nqNro1hHbRXF5Lr2nebcMkYCmR9oLNjLHJOSSSAfpbXnfgb9q74BfEn9ofx1+yn4K8e/bfH3w1s9NuvGug/2XdR/wBnQ38PnWjefJEsM3mR/NiJ3K9GCnivRK/PD9hr/lYa/bm/7E/4b/8ApnoA7zUf+Dhr/gkNpGo6pp2o/tS6jENF1SfTtWvT8LfE5s7S5hkMcqPdDTfJXawILb9vfOOa+svhR8Wvhj8dvh1pHxd+DXjzSvE/hjXrQXOj67ol6lxbXcRJG5HQkHDAqR1VlKkAgivx4/4Iz/8ABVf9ib9kL9lL4q/BL44ah4u1TxRJ8dfGV0nhDw18Lta1l9ShmugqQpLb2j2jPJtZdjzLjPzbQc19af8ABuV+zf8AG39mz/gnjcaX8b/hlf8AgWXxb8Sdd8UeGfAWqxmO58N6PdyR/ZrKSI8wsPLeTyyAyiYbgrblAB9c/tH/ALT37Pv7IXwtu/jV+0z8XNF8F+F7KVYpdX1u7EaPK2dsMajLzSsFYiOMM5CnAODXi3wH/wCC0/8AwTL/AGlfilo3wU+Ef7TsNz4q8RSFNA0bWfCmr6RLqTBSxFub+0hWY4BPyE5A4ry//gtj+yx+1P8AFXxd+z5+1l+y78F9M+K118BPiFc+INa+Eep6vFZf8JDBNBGizQSTgxC5tzGWj3AkNJuUOV2NF8Dv+C437PPxa/aC8Ifsr/tmfsffFL4CfEXxDqiJ4Hs/jB4NWPTtT1HIVI7C/BKvMWbYrlIwWdUVizhSAffNFfBPxj/aW/bl/bK/4KM+Pv8Agn3+wx8bdF+D/hv4J+HtHvvir8T7vwhBr2qXGparC1xZabY2t0fsyJ9nVneaQOQykADbhus+N3x4/ac/4JOf8E8/i9+1B+2D+0XY/HS88G2iXfhK+XwTb+HZ5ZJ3htLazu0tHaJgbuaPM0aoQjn5MqMgH2VRX5gfGnX/APgul+yR+xhP/wAFI/Hn7aXg7xrqPhnQIfFXjz9n5/hXY2OkQ6ZtWW8s7TVInN6JreEuRLIzhzEflPAboP8Agob/AMFC/wBsC68d/sQyf8E7/GOlaZaftJ3F7Nc2PirRYLq0msrjSbS6tbi5+UzKtqty9yY7eWJpTF5ZfDZAB+j9Ffmz+3B+19+2B/wS4+GXgv4M/Ev9vbwb43+JPx1+IZ0vwp8Sfin4S0zwx4f8BaVBbI+oXk6WsiJcLFuQxJNJuZ51VncKEfz3SP8AgqB8Sf2Rf2j/AIQaXr//AAWa+C/7XHgz4o/EKw8F+KPDnhqz8PWGu+F7i/LJbarapo9w5ls0mCpMJlYqrqAxZwVAP1oor8uvjt+3V+0d8Sv+ClvxW/ZD13/gqT4N/ZE0f4frpEfgLStf8D6TeXvjuK7tBNJqC3WtMIGjWUtEsVv8/wApDYZCW/Qb9mDw98Z/C3wQ0XRPj/8AHPS/iV4njE73PjjRvDselQatA8zvbSi1ikkjjbyGiVtjFWZSwwGwADv6K+P/APgrB+2p8f8A9n2/+Dv7LH7H9tokXxZ+P/jl/D/hrXvEtqbix8PWNvEJtQ1N4Aw+0PDEyFIidpLEndt2N5R46+Of/BRr/gl7+058ENI/az/a4034+fCf43fEG18AX2qXnw5sPDuq+FtfvEY2EkP2AiO4tpXSQOsilkVCdxOMgH6L0V+b/jP49/8ABTb49/8ABZH4y/sE/s7ftMaN4B+H/hf4deHdc/4SPUPA9lq11oEk8f7yOyidU8+e5kbJe6klihjgk2xFnXHoH/BN/wDaX/bB0r9tn42/8E2/21fi3pfxK1r4b6RoviTwf8SrDwxBo1xq+lagjh4ru0tv3EcsMqqoaMAMCxPYUAfbGrarYaHpVzreqz+Va2du89zLtLbI0UsxwAScAHgDNfFuif8ABxP/AMEifE2lw654c/aO8S6hZXAJt7yx+Cvi+WKUAkEq66SQ3II4PUV9h/EDSb7X/Aet6FpkQe5vdIuYLdCwUM7xMqjJ4HJHNflZ+zFr/wDwWR/4Inf8E4vCmifF39jb4U/ED4ZfCbQLm48XW/gf4jXf/CUWenG4mu7q88ue0W0l8hJXYxxyMSsR+YDLAA/TL43ftJ/Ar9m34OXn7QXx5+Jum+FPBthFBJea/rLtFDEJnVIgQRu3O7ooXG4lgMZrhf2KP+Ckv7FP/BRSx8S6p+xp8bY/Glt4QvILXxDPDoOoWSW0syyNEAby3i80MI3O6PcvHJGRntvh34x+CP7Y/wAAPC/xX0bSNO8UeCvGuiafr+ixa1psc0csEqJcW7vDKGCyLlTgjKOvYivi7/gkVaWtj/wU4/4KA2VjbRwwxfFPwykUMSBVRRpEgAAHAA9KAPpf9rP/AIKZ/sLfsN+JdM8EftQftC6b4b1/WbL7ZpXhyDT7vUdSurfe6CZLSyhmnMZaORQ+zBMbAHINbX7JH7eP7In7dvhnUfFn7J/xz0nxhb6NdLb61a2yTW17psrZ2rc2lykdxb7trbfMjXdsbGdpx6Nc+FfAmneJrj4oXfhzSYNZGlLZ3XiKSziW5FjG7yrC9wRv8lXkkcIW2guzYBJNfnP/AME8b/Sf20v+C1/xq/4KWfs3aCLP4L6b8MIPhpF4rt4fKtviF4gg1CO4uNTgwMXEVtHF9lFxyGCx7GILAAH6XVy/xr+M3w1/Z1+EfiP47fGPxJ/Y/hXwlo8+qeIdV+xzXH2S0hQvJJ5UCPJJhQTtRWY9ga/P79pz/gqN+0d/wSK/aK8eeB/217bXvix4E+IdrNq/7M2uaF4bt4r2XV8pGfBl0tjAil/MkjaC5dGdoixZpX+SP0jX/wBmb/gor+0B/wAEa/ij8GP2qPiHp/in44fFfwPrHk6FBZ2OnaZ4ZlvoSLbRYZII08yO3DKjTzPLIz7z5jrtoA6H4df8F4/+CXXxY8U6F4N8AfHXxNf33iXULWy0Qf8ACnPFkUNzNcOqQ/vpNLWJEZnX947KgByWAya9y/at/bO/Zc/Yd+HcHxX/AGsfjRpHgjQLq/FlaX+rM5+03JjeQQxJGrPI+yN22qpOFJr4XH7av/BSv/gkF+zv8Pb/APb6/ZL+Gur/AAQ8I6TofhbxL44+Efji9vNT8MQKkFjDf3lpeWkQuEaTywywHgyDBJwG/RzXvB3w7+JVppuoeJ/Cmja/BaTrfaRNqFhFdLBIUIWeEurbG2OQHXBwx5waAOD/AGOv23P2YP2/fhG/x2/ZI+Jw8W+FI9Xn0t9VGjXtji7hVGkj8u8hikOBIh3bdp3cE4OOE/aY/wCCvH/BOf8AZA+J1z8Ffj5+0zYab4vsreOfUPDGk6HqOsX9nE8ayI88GnW87who3RwXC5Vw3Qg14N/wbfgL+yx8Z1UYA/ap8c4A/wCvmGvuDxTd/Bj4GaP4q+Oni1fDvhazFp/afjTxVcww2okitoAgnu58AuI4Y1QM5O1EVRwAKAMj9mb9q39nP9sn4XwfGf8AZf8AjBovjTw1PO0H9p6NcFvJnUAtDNGwEkEoDKTHIquAykjBBPoNfnJ/wQp8Nav8Vfjx+1N/wUh8GfD+68H/AAm+P3jrSrj4V6Dd2RtW1G1022nt7jXvIIHlLfyy+cCQGYhycjYx+zf21PjF8Rf2ev2RPiX8dPhF8Pz4q8UeEfBGpatoHh4RO4vrqC3eSOMpH87ruUEonzMAQvJFAHp1FfmT/wAE6fjP+1h+2Na+AvjD4L/4L9/Dfx3qGof2fq/jX4M6Z8KtBj+y2zGOW80xRHMmpWrpGZIlnl3HcocpjIr1X/gq3+0ZrvwF8b6FJrH/AAWT8C/sweHbvQw0Oj3vw+0/Xdd1i7E0okuI1vHfZbKnlJ8lu3zh8uMgUAfcNFfnp/wRN/4KheKv2yvip8Yv2W/HH7R3hX40N8MG0q/8L/GLwl4cbR4/EumX0cm5bmy+5Bc280Rjby8I4cYHylm8p/4J3/ET/gtr/wAFK/2U/E3xi0L/AIKDeH/hxN4e8eeIdG8Jzn4T6Vqdx4ka1u3Ef21nRIbW1T5LZRBCZj5csryMSqUAfrDRX5YfsiftE/8ABYr/AIKufsEWf7a/wl/af8JfAm6stKu7XRvCumfDq11tPFep6fuiurm8nvmY2NvNdRSwpDApeJULmWQkIHftP/8ABXr9pnX/APg3P8K/8FQ/gTeW/hX4ja2+hx3iafptvcwm5/ttNOv4oYryOZFjlaOYJuVmRZBhiy7qAP1Nrz/x3+1J8Cfhn8fPAX7MHjfx19i8c/E631SfwPof9mXUn9pR6dAs94fOjiaGHy4mVsSuhbOE3Hivg39s34nf8Fkv+CdXwCH/AAUh+KH7WfhH4g6D4au7C9+KXwDsPhtZ2FhY6bc3EUNxHpeqLI15JLbGYBZJ3ZZApkKjHlN0n7YniXR/Gf8AwXJ/4J9eMPD1z51hq3hH4l3ljNtx5kMugWzo2O2VYGgD9DqK/LX48/8ABUjxv8ff25fip+zH4B/4KmfB79kvwR8GdRt9Fu/EPjQaJeeIPF+stHvuhbW+sTpDBZ25/dGQI7M4ODhsR7P7H3/BW347eJPhf+1V8JZfiL4A/aK+IX7Ovg//AISLwL4++GBhbTfiDZ3Gnz3FskkFjLLHHdRTwGGeKBsEuFQbhuYA/TGivy//AOCdPxy/a3/bV0fwJ8Y/Bv8AwX5+G3izW9USw1fxj8EtO+FOgoLGFtkt3pYVZk1OBo0MkQnkydyBymOK/UCgD59/au/4KnfsG/sSeP7D4UftIfHhdI8Ualpn9o2vhzSfDWp6zf8A2PeUFw8Gm21xJFGWVlDuFBKnBODXvtjeW+o2UOoWjlop4lkiZkKkqwyDggEcHoea/H/4C/sxftveIP8Agvj+0To2gf8ABTLXtI1jRvAvhS91TxAnws8P3Emq6XO8ksOlGKWAx28cKjYJogJZM7nJYZr3Hwt8dv8Agon/AMFNv2tfjh4I/ZI/ay034C/Cr4FeNpPAya1afDyw8Rat4o8Q26A35kF+TFbW0LsiqqLvcMDuBJ2gH6KUV+ef7N3/AAUO/ay139m79r/4G/tE6lokXx1/ZY0fUkm8ZeG9LSKy1qCbSLm+0fVhaS+YkUrrAXeAhowVHGGKCf8A4JK6l/wVU/bC/Z++DH7bX7Sn7b+maToes6Db3mo/DLQvhlprf8JFaeS8a3d7qDAPBPcPi52WkcMcSlI9rfMSAfoLWX448Z+Gvhx4L1j4h+M9S+xaPoOl3Go6teeS8nkW0EbSyybIwzttRWO1QWOMAE8VyP7Wn7Q/hv8AZJ/Zh+IH7Tvi3Tpb3T/AXhC/1y4sIHCvd/ZoHkWBWIIVpGVUBPALAmvzm8Rr/wAFqfij/wAEvPFP7ffj79rzwdfL4x+EWoeJrj9nmL4ZWsGmWug3enSTfZINWWT7aL1bOTzFeQyJ5wEbIy5egD7v1z/gop+xx4b/AGZPCP7Y+tfGHyfhv47vNNtfCniP/hH9Rb7dNfyeVaL9nW3M8XmOcZkjUL1YqOa1P2t/25P2U/2FPB+m+Ov2qvjBZ+FLHWtRFhosbWNze3Wo3O3cYre1tIpZ5iBydiNtyM4yM/nHpP7S3xp/ZV/4NyP2UfiL8CPF0Wi6xfan4E0a6u5tItL0PZXd4Ip4vLuopEBZCRvCh16qynmtD/grN8B/2p/G/wDwXM/Y2svh/wDtz6v4STxcfiA/gFYPAGj3y+BpLLw1atePCLmJhqBvOQftW/yN2YdpoA+1viD/AMFa/wDgn18KfgL4O/aV+I3x+Oj+FPiDc3EHgtr3wpqy6lq8kEjRzLDpn2X7cdjL8xMAADIejoT7L8FfjN8O/wBob4V6L8afhNq9zf8AhzxDafatJvLzSbqwlli3Fctb3ccc0Ryp+WRFPfGCK/J39s39lr9uiX/gtb+yh4Guf+CoOvy+I9Q8A+LX8M+MX+FHh7zPD0ltpNrHfyR2v2fyJzfMrO/mqfJ37YtqgCvV/wBsv/go18Xvh9+1n4W/4Jg6H/wUZ+GPwX1Hwp8LLDXviz+0R8VbPSIbrV759sMVrpunXUsNkLmfa11KMNHGkoCKNm1wD9NKK/OP/gnX/wAFJvHepf8ABQK+/wCCeXxK/bw+GP7Tek638P5fFfgb4t/DwaZDdW01vcLFdaRqdvpcslssgRhNHIgTKKcglgE47/gm/wDFD/gsD/wUh0D4l+Lb39vXTPht4X8BfHHxD4b0O/sfhVpOqapr0NrdAiCXzUSC3tYYmjhUrE1xI5mZ5RtQUAfqbRX5KTf8FU/H37afxz+KH/CJ/wDBZX4Jfsj+A/h746vvCfhTRfEUHh7UPEXimSyISfVbmPWblBb2bykiFYkDMqsGYFdzdR8Kv+CuXx5+LP8AwSn/AGsPHdl8XfBWrfFv9nK01rTrL4ofDhbW+0PxCIrM3Gna1bRv50H7xd2+E+ZGHibgBtigH6h1z/jv4s/Cv4Wz6Ha/E34l+H/DkvibXIdF8Nx69rMFm2ralMGMNlbCV1M9w4VtsSbnbacA4NfmP42+J/8AwW80D/gmLpv/AAVVb9uHwhY6honwtsfG+o/BU/Cmxl03VNNSzjuZlu9RyLpbuW33Tv8AZxDEkjGKNFUCSsP/AILTXvxi/ay8NfsB/tF/CT9ovUvAekfEX45eBZ9B0KHwxp9//YurajaT3dtrIluIy00tvG5jFs/+jvncyE4oA/XSivNP2VvhP8ffg58OLjwr+0b+1ZqPxh16XV5bmDxTqfhDTdFkhtWjiVLQQadHHEyqySP5hG8+aQThVx4F+3h+1V8fP2PP2/P2a/EF948x8Cfiprt38PvGuiTaXa7NP8R3UZl0a+W5MXnqZZFkgZDKIgqbthY5oA+yK+W/2kv+C1X/AAS9/ZH+Mb/s+fH79rbR9G8axXsFpc+G7TR9Q1G5tpplR4kmWyt5fJLLIjDeVGHB71znx0/aq+PfjP8A4LCfCP8AYK/Z28ef2R4c8O+BtT8ffHiSHS7W5N1pzMLTS9OEk8Tm3eS63SP5ZSUxEEMAMnyb/g5b8A+BNB/4Jwap4w0PwVpNlq+rfFjwe2q6paabFHc3rLqluoMsqqGkIVVUbicBQOwoA/SCiqHijxV4Y8EeH7rxZ408R2GkaVYxebfanql4lvb26dNzySEKg5HJIFfLn/BRP9pjx94p/YH+KfxH/wCCZX7Tvha9+JXgDQV8RWv/AAjl1pmuCW3tXE9xaSwMJgPPtoriNCAr79u1gQaAPrKivhH9u3/gqZrmmf8ABIrwr+1x+xzexr8QvjrD4f0H4M2jQw3Lx+INZZESIpKrRvLbL9pYo6Mpe22spBIrk/8Agob/AMFFfi7+zh8bfg7/AME1tC/bT+G3wv8AGfiH4eDxF8TP2hPizHp0FtZWUB+yCSzspnt7Sa+vLuKdhEdscaI5WMjlAD9GqK/Mn9j3/gpf4+8Cf8FFfAX7DXjn/gpb8Kv2sPC/xf0LV5vDXjbwNHo1tq/hfVtNt/tT2moQaPM9ubae3EhikKo7SRsvIQ5pfsv/ABa/4K3/ALfP7Tv7Unwf8Eftv6Z8L/A/wl+OGpaF4a8UQ/DHS9Y1V4gAIdMijnRIFggRfMeaZZp5WuUUOoQkgH6h15/+1H+1H8Cf2LvgTrv7S/7S/jn/AIRrwT4a+y/23rf9mXV59m+0XUVrD+5tYpZn3TTxJ8qHG7JwoJH54fFv9t/9qDx5/wAFFPiX+xt42/4KveDf2UrL4cWmiW/g2DxB4A0e4vviH9psVmn1RZ9YYW4j8/fGsFr8wwVJBQlvTP8Agqx8dP20P2Fv+CEvj744W/7UGjeLfiv4ZGkPY/E3TfA1hDa38F14ksoEl/s6YXNqGNlceW3DqWzIm07doB+gdFfFX/BSH9r39qWw/aw+Dn/BNf8AYd8SaJ4V8efFi01TWvEXxG1/RV1KPwnoNggLzwWbsqXNzLJujQSEoCmGHz74+R8E/tE/t5/sHf8ABRT4U/sZftpftF6Z8bPAfx80/V4fBHj5vBFnoGq6FrenW4uJLO5hscQTW8sTKEcIr73A4CMWAP0Dor8y/hL8ZP8Agqz+2n/wUC/ar/Zg+FX7Y2lfDPwB8J/Gul22ieKG+HOm6xqlqLiwEi6daxTIkJj3LJNLPc+fJzEkYQFmHXfsc/t8/tq6b8Fv2uPhD8erHTPin8Yv2WLi+XRtV0DQ/wCz18bwvpUl/pnmWcBIhuJTGUdIePnVVBYFmAP0Gor8tf8AgnT8fv2vf24vDfgf4yeEP+C+3w11zxNrENlq3i34Gaf8J9CA0xW2S3Wk7POTU4mjXzIhcOSSyb9pHB/UqgAooooAKKKKACiiigAooooAKKKKAPjP9v39lH4+/Gz/AIKU/sZfH/4Y+Av7T8I/CfxJ4uuvH+rf2paw/wBlQ3umW8Fs3lSyrLPvkRlxCjlcZYKCDX2ZRRQB+b/7IH7BP7WPwu/4JsftrfAHx38KfsPi34t/Ej4nap8PdJ/t2wl/tW01bTlh0+TzY52ig82QFdszxsnVwg5qp+xB8Vv+Cx/7LH7Fnw1/ZOsf+CMNxda14F8E2Gg/8JHr3x/8N2+nTSwQrH9oZLWS4nCZG7YqliOMjqP0rooA+Qf+CYf/AAT++Mv7N3jv4r/tiftj/EHQ/E/xz+OesWl54xm8LRSrpGh2FnEYbHSrEzASPHFGdpkcAvtjBBMe9/r10SRSjqGVhggjIIpaKAPyK/Y8/wCCSP7avw3/AOCiPhb4NfFbwFaQfsm/s/8AxM8WfEL4LamuvWco1G81QQNp2nNaJM1xF/Z8s97MkjxIpcS8kMm77W/bq8b/ALYWm+K4PAvw4/4JkeF/2iPhnqehRPqltqHj/S9Nu7XUhNOHje01WM29xAYvIKuJFYM0gIIxXb+P/j1+0X/w0XrPwF+BHwL8Fa+nh/wVouv6nq/i74k3ejEnUbvVbeOCKG30e+3hP7KdmdnTPnKAvykl3/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5w/4I2/sH/HX9lz4w/Hv9oH4ifArwx8EvC3xc1rR7nwj8A/B/iCPUrPwybO2khuLt5LdEtUmumZXKW42KFAJIVAPpv9uv8AY9+HH7fX7JPjj9kT4rXM9to3jXSPsrX9qgaWxuY5EntrpFPDNFPFFKFPDbMHgmqf/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfNPwb+NH/Bcb9ln4caZ+z/8AFH/gnT4f+PN/4ZsY9O034reDPjPpmiQa5bxKEhnvbPU0We3uCiqZWjEqs5YquMZwf+Co/wCzH/wU0/b2/wCCKfxH+B3jb4N+Dbj4y+LfEWmXeieA/A/iWP7JYadBq9jOtu99qDQRy3CQwyvJJlUZsiMY2ivrT/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegDwW1/b8/4LEy3McVz/AMECNbijaQCSU/tLeE22KTy2A+TjritT9lP9lH4+/Db/AILKftW/tWeNfAX2LwD8SvDfgm18Fa9/alrJ/aM1hpvk3a+RHK00PlyfLmVEDdVLDmvZv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDxn/gh3+yj8ff2Pv2W/Gvw5/aL8Bf8I7rOr/GzxPr+n2f9qWt35unXdwj282+1lkRd6gnYxDr/Eor7Mrxn/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegCt+2T8Sf27/ha3hjxL+xj+zR4S+KtiJbtPGnhnW/G39g6iVIh+zSWNzLG9ucHz/MSUDP7vaw+avj39pL4Cf8FLP+CtXxa+DHgz4/8A7EOjfs/fDT4V/FnTPHuu69rXxM0/xBrerzWAkEdjYxaaGS3WTzWDySOP4WAzHsk+y/8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APm74x/s1/tzfsZ/8ABRrx9/wUD/YZ+B+jfGHw18bfD2j2PxU+GN14wt9B1S21PSoWtrLUrG6ux9meP7OzI8MjIxZiQTuyvW/HD4DftN/8FY/+Cefxd/Zf/bA/Z1sfgXeeMrRLTwlYr42t/EU8UkDw3dteXb2iLEoF3DHmKNnJRD8+WGPZP+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD4n+NWg/8F0f2uP2MLj/gm747/Yq8H+CtR8TeH4fCvjz9oCT4q2N/o82m7VivL200uJBema4hDgRSKgQyn5hwV9V/aD/YA+KOk/tO/sFQ/ADwRLqnw+/Z1m1fTvE2rT6pawvpmnDQIdPsnaOWRJJy7RBSIUcg8kAc19B/8Jx/wUL/AOjX/gz/AOH41b/5l6P+E4/4KF/9Gv8AwZ/8Pxq3/wAy9AHkP/BXH/gn58Qf2wrH4WfHP4EaP4O1n4i/BHxfLrfh/wAK/EK283RPEtlcQiG+0u5Ox/KMsaRmOUqwR4xkDdvThfgjoX7UXiz4s+FtO1//AIN8/hF8LNPg1y1l1/xxqvj7w3fnTrdJVaSaxg060aeacAZiL+SAwBbGK+mP+E4/4KF/9Gv/AAZ/8Pxq3/zL0f8ACcf8FC/+jX/gz/4fjVv/AJl6APBP2zNa/bM+IXjPxF8KPHf/AAQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV1//BFf9iz41/sFfsMad8B/jxrGmnWH8T6rrFr4c0PUZryw8L2d3cGWHSbaeYBpY4QSS2Mb5HwWADt6Z/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AHkv/BV/9iz4/ftBah8Hf2qP2QLjRJfix8APHL+IPDWg+JLs29j4hsbiIQ6hpjzhT9neaJUCSkFVKkHbu3r5R47+Bv8AwUZ/4Kh/tN/BDVv2sv2RtN+Afwn+CPxBtfH99pd58RrDxFqvinX7NWFhFD/Z4MdvbRO8hdpGDOrkBQcY+sf+E4/4KF/9Gv8AwZ/8Pxq3/wAy9H/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6APJfgB+y38dvBP/BZn9oL9q/xP4F+y+APHHw38KaX4X1/+07V/tt3ZpILmPyElM8ewsPmkRVbPyk0fBn9lv47eFP+C1fxo/a31/wL9n+Hviz4P+HNE8P+IP7TtX+1X9rM7Tw+QspnTaCDueNVPYmvWv8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APSfijqHxB0n4Z+ItV+Evh6w1fxXbaFdy+GdJ1S8Nva3uoLC5toJpQCYo3lCKzgHarE9q+Cf2mfin/AMFuP2w/gF4n/ZN8Kf8ABLbw78KLvx/oV14f1r4k+KvjnpWr6Zo9ldxNBczw21jH9qnk8p32ZjXaxUkNjbX1b/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AGT4J+F3xA/4J6f8E8vC/wAFv2YPg/efF/xB8MvBmlaLofhgeILTRZvEDw+TBNMbm7byLYlTLcEMcfKUXkrXw7+wcP8AgsH+zz+2x8dfjr44/wCCOOpJov7QHj/RNTuZF+PPhdj4Xtre3NrK7hJ2a7wrmXCKjELtAJINffH/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AfJX/BcXwD/wAFSP2kvF/hH9lf9mP9lnXvFfwB1SwjvvjNqvg34j6LoeseIB50ynw/HJqF1E9tbskcTzTIj+alx5YICSK/u/7AfxK/aZtG039njxj/AMEmb/8AZ8+HfhjwwYvDt+PiX4e1a0iaJ4kisUttNneVSyNI/msNuY23Hc4z33/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6P+E4/4KF/9Gv/AAZ/8Pxq3/zL0AfHPxR/4JRfGP8A4K1fGz4mfGv/AIKU6NrHw/0PRbK58M/s0+CtK8SW8934WXdHKfFk0ljPJCb+aaOIpF5hEccZjcNhGr3b9nL4g/8ABVrwX+wXqOm/Gv8AZn0TxR8efAeox6RpwufG1laaX8RrKG6iT+1ormFpWsJJrQyuUuIkYTpkxqr7V9Q/4Tj/AIKF/wDRr/wZ/wDD8at/8y9H/Ccf8FC/+jX/AIM/+H41b/5l6APjP9tXwR/wV0/4K0/BWb9hXxl+wVo/7PPgLxfqNiPiN8QvEfxY0zxDdLptvdxXLwadaacCWmdoUAebYuMqQu7ev2p+0x4/+P37N/wS0ib9kT9kG7+Mmr2d7a6Yng+18c6foL21gsEgN0brUCI3CGOJPLHzt5u4cK1V/wDhOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA+JP+CLHh7/gqj+yHNrXwA+P3/BLG/0Pwz4++Mmv+LtV+IA+M3h26j0C31FhKsTWVtPJNclGjVCUwTvztABqn/wVh+EX/BUH9rj9tbS/hXqf/BPzW/iV+yd4Kaz1I+GfC/xV8P6MfiJqwihnX+0/tt3HMljbTM8YtfLAleDzCzB49n3P/wAJx/wUL/6Nf+DP/h+NW/8AmXo/4Tj/AIKF/wDRr/wZ/wDD8at/8y9AFP8AYw+NX7UHxRtNW8P/ALQP/BPbUfgPp+g2lnD4ahu/HuiazFqKESK8USaXK4tlhWOIYcKCJQF+6cekfG/WPi94f+E2va38A/Bmk+IvGNrYNL4f0LXNUaytL+4BBEMk6qxhDDI37SAcEgiuD/4Tj/goX/0a/wDBn/w/Grf/ADL0f8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXoA/Pz9qn9i79tn/AIKL+P8AwHLF/wAEhvA37N/jLQfiJpXiHVf2hB8TNF1DVLCC1nEs0dp/ZUS3V3JKMhRceXHkDcFJDp6x8e/2av22v2dP+CtXij/gof8AAb9jPQv2g9B8ffDrS/D0OnzeN9P0TWPBVxZsd5t31EeU1tPkO4jYOXJJA2DzPqv/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5f/AOCbn7Ln/BQfwr/wVI/aC/bU/bV+GehaDYfFLwX4ch8PReG/EUF/aacbUOn9mBtyzyyQRCPzZ3hijkleQx5TBr0b/gh/+y38dv2QP2IpvhB+0V4F/wCEd8RN8SPE2qLp39p2t3m0u9Slmt5PMtZZI/njZW27ty5wwB4r1r/hOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA8Z/4Iifso/H39kL/glV4V/Zt/aJ8Bf8I9410288SPe6L/alrd+Wt1q99cQHzraWSI7opo24c43YbBBA+DP2u/2VPjz+yl/waUeFf2Vv2gfDLeEfHeh+KNKttWsF1C2vTYSXHjJp4XEtrLJFJ+7mif5JDjOCQQQP1Z/4Tj/goX/0a/8ABn/w/Grf/MvXn/7TXwU/aV/bG+E1x8Df2jv2Jfgz4j8LXeoWd9caX/w0X4gs989rOlxA/mWvhuOQbZY0bAbBxgggkUAfOf7Z3wz/AOCyX/BRb4A/8O3vid+yV4S+HuheJruwsvij8fLH4lWd/YXum21xFNcS6XpaxreRy3JhBWOdFWMOYyxz5q+x/tE/sbfF/Wf+Cpv7G/xv+FHw88/4bfBvwx430zxVq39q2yf2St5o8Fpp6eTJKs0+94ymYkfbjL7RzXtP/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfG3xN/YB/aB/ZI/bW+K/7RnwK/4J9fDf9pzwB8a9ag8Qan4X8Q6rpemeIPCmtCIR3T29xqkTW9zaTkCTZvR1c4AAXMnuv7MNn+1x4d+GHxK+Iejf8EtPhN8FfFi6Vbr8P/CGm+MbGefX7hBM0iald6daJDbR7vJEewzYLSM3QA+qf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB+fH7YX7GP7cH/BSXX/CWmL/AMEgPAv7O3jnTPHel65fftFn4naLqGpaRHa3KzTfYzpcS3l1JIAQon8tM4LBTh0/W2vGf+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDyX4Afst/HbwT/wAFmf2gv2r/ABP4F+y+APHHw38KaX4X1/8AtO1f7bd2aSC5j8hJTPHsLD5pEVWz8pNeV+FvgV/wUT/4Jk/tafHDxt+yT+yZpvx7+FXx18bSeOY9GtPiJYeHdW8L+IbhAL8SnUAIrm2mdUZWjbegUDaSDu+rv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD5Z/Zu/4J4/tY6F+zf+1/8c/2iNL0ST46ftT6PqTy+DfDeqJLZaLBDpFzY6PpIu5fLSWVFnKPOSsZLDnClz9Kf8Evfgz8Sv2df+CdfwV+BPxj8N/2P4q8JfDfStL8Q6V9shuPsl3DbokkfmwO8cmGBG5GZT2JrS/4Tj/goX/0a/8ABn/w/Grf/MvR/wAJx/wUL/6Nf+DP/h+NW/8AmXoA6P8Aa1/Z48Oftb/swfED9mHxZqUllp/j3whf6HcX8MYd7T7TA8azqpIDNGzK4BOCVANfn3pXhD/gubbf8E8NR/4Jg3n7Fvg9dW0z4bXHgey+PUPxTsX0zUdLjsmtI7iDTCq3YvZLYLEqzeVEJmEryIuVH3D/AMJx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB8RfFT/gnX+2P4k/4IW/s6fscaL8HvO+JHgTxJ4KuvFfhz/hINOX7DDYXolu2+0NcCCXy0GcRyMW6KGPFfQn7Zf7Lnx2+K//AAVi/Yv/AGl/AHgb7f4J+E3/AAsX/hYGt/2naxf2V/amhQWtj+5klWafzZkZP3KSbMZfauDXrP8AwnH/AAUL/wCjX/gz/wCH41b/AOZej/hOP+Chf/Rr/wAGf/D8at/8y9AHkv7TP7Lfx2+IP/BYf9mP9qfwh4F+1+A/h54P8aWPjDXf7TtY/wCz57+zijtE8h5RNLvdWGY0cLjLFRzXnP7dH/BP742+G/2+h/wUg/Zs/ZX+Hnx4i8ReBYPC3xF+EXj27tLK4lNtN5lrqmmXl5FJBHOqHyZI5dqsijBJbKfUH/Ccf8FC/wDo1/4M/wDh+NW/+Zej/hOP+Chf/Rr/AMGf/D8at/8AMvQB5T+wtoHx11P403Pij4k/8Eg/hr+zvoNn4fnWz1yw8VaNqevXl88sIWFV0q3EcNv5Xnl2M7MWEYC4yaj/AOCLn7Lfx2/ZM/Z6+Ifgb9oHwL/YGqa78ePFniLSrX+07W78/Tb27WS2n3W0sirvUE7GIdf4lBr1r/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD4b8N/sBftIf8ABPj4wfErRPhV/wAEvPhj+1F8MvH/AI+1Dxd4Y1C91zRdJ8ReFpb5lkn0y4OrRGO6tUkBMLxybwrNuBJ2r618R/2dv2nPjr/wSp/aF+Elv/wT7+H/AMHfHXj7wlqul+EPh34G8SadcPfh7ERwG9vI4bW1WdpnlUDcURNuZOTX0V/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AeY/F79mX43+KP8Agh5rP7H2heCfP+It1+zGfCdv4d/tK2XdrH9gi0+zfaGkEA/f/J5hk8vvu28147+1P+wb+134o/4JvfsdaR8I/hlp2sfFD9mnxR8PfFmsfD7UfEdvZjVpNH0z7NeabHe5e3SXe5CyljHiNiC2Vz9Yf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQBufsr/Fj4+fGP4cXHir9o39lPUfg9r0WrS20PhbU/F2m61JNbLHGy3QuNOkeIKzPIgQkOPKJIAZc+df8Fav2NtU/bv8A2APiF+z94O/d+LptMXVvAF2s6wvba/YyLdWLJKxAh3TRLE0mRtSV+2a6n/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD5+/4Ix/sr/tf+B9W+Mf7bP/BRfwBZ+HPjb8Z/FVmuo6LZ6raX0el6HplnHbWFuktrLLENxM8jBG5zGWAYEDzP/gvD4O/4KcfthfDvV/2N/wBmT/gmje+KvDFr4q8Pa3pvxPHxc8P2MV/9klgu5oRYXc0c8REgeDcxwSm8AqRX2b/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AZv7PXir41ftjfB7xP4T/b//AOCd9n8NrK6uhYt4H8V+LtH8W2mvWRRXaSUWgeEJv+XypASSucYxXZfBT9jz9kj9muTVJv2c/wBlr4c+AH1yGOHWn8FeCLDSjqEabtiTm1hTzVXe+A2QN7Y6muf/AOE4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD88v2GP8Agkr+2z8Lv+CgnhL4TfG3wLaw/ss/s3+NvGHi/wCA+pjX7Oc6pcatJCbCzltUmaeM2PnXkqyyRoPMDYyGXP0J/wAFK/8Agn58X/Gv7YfgH/go9+zb8DPAPxa8ReFfBl14O8Z/CX4jSwQW/iHRJLk3UL2V1cRSw2t7BcPIwaVdrJIRuXBD/RP/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AeJfsd6F+0Hr3x80jW/G3/AARP+GHwC0HTba5lu/GB8YaDqWsiZoWSOOzi0m2IQMzEPI8y/u2YBcnFaf8AwSy/Zb+O37OPxY/ar8TfGfwL/Y1j8Sf2kNX8U+Cp/wC07W4/tHSZoLdIrnEErmHcyMPLlCSDHKjIr1r/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegDwT9szWv2zPiF4z8RfCjx3/wQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV83/EL/gkT+3D4b/4Nt/iL/wTw0Dw7pviX4neKPE9vrHhrwFofiWMWGgWb+JbDUP7JtrzUJIkaO3ghmkLOyguzqpclS/6F/8ACcf8FC/+jX/gz/4fjVv/AJl66T9l/wCMvif48fCT/hPPGngew8OavbeKPEGhanpGl64+pW0U+laze6W7xXMlvbNKkjWZkG6GMgSbSDjJAPmz/gpB+yF+1LfftYfBv/gpT+w94a0XxV48+E9pqmi+Ivhzr+tLpkfizQb9AHggvHVktrmKTdIhkAQl8sfk2Scj4J/Z2/by/bx/4KKfCn9s39tH9nPTfgl4E+Aen6vN4J8At43s9f1bXtb1GBbeS8uZrHMENvFEqlEDs+9AeQ7Bf0DooA+P/wDgnn+y38dvgZ+27+198X/in4F/svw78UfiRo+qeBdR/tO1n/tO0g03yZZPLhleSHbJ8u2VUY9QCOa5z9mf9m39sX9n39rf9uX9ojQPg/plxN8StY0DUvg9HrXiK3jtPEM1lozwOkzQPJLZp5+2MtLGpwdyqwGa+46KAPyP/bZ/Y0/bo/4KYroXhX/hz14E/Z98fweMdM1af9pBvihouoajoK210k8stk2mwre3UjqhVVmEaZYE4IDr+uFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRX5wf8Fev2Rv2N/ht8MdZ8TfCH4TXMv7U3xb8RSwfBbXND1y7Pid/EssomF1b3LTGS0sLQHz5wClrFBGUKgMikA/R+ivib/gpD+zT+z5P4NtvjT8aP8AgmL4i/aU8ey+GPsF5f8AgyK1+0ae1vDkSRm4vYZbQPI7lXsYpZwQTsJC59R/4JLatrOt/wDBNb4L6l4i+O8XxMv38CWi3vjaKWd/7RlUFWDNcok7PEQYWaZElLQsZFV9wAB0Xgf/AJSF/FD/ALIz4D/9O3i+vZq+ePgF8TvDfxR/b9+L+oeGtN8Q20enfCvwPY3C+IvCOo6O7ypqvi4lokv4IWni+YYmjDRMchXJU4+h6ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAor5w/bY/bY8Vfs2eKtJ8D+B/Cmn3l7eaeL66utVWRoliMjxqiLG6HdmNiSTgDHBzx6/8A/itH8b/AIQ6J8UY9JaxOq27tLaM27y5EkeJwD3XchIPoRXzeB4tyLMeIMRktCo3iKCvNcrS6XtLZtc0b22ut9bfRY3hXO8vyHD5zXppYeu7QfMm+trx3V+WVu9ntpfsKKKK+kPnQooooAKKKKACiiigAooooAK8Z/YP/wCSIa5/2Wb4j/8Aqa63Xs1eM/sH/wDJENc/7LN8R/8A1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr4lm/wCCbn7cWjfto+Pf20vBX7fXgGfXfFYOneHF8a/AO41abwloCuXi0eylj8QW0aRZw8siwo9xKN8mcKq/bVFAHz98WvgN/wAFBvFniSa8+E3/AAUD8PeEtIvdMt4LrTrr4KQalPZ3Kwqk1xZTtqEYi8yQNKEuI7kIW25ZQBXc/sh/sv8AgD9jD9m/wp+zJ8ML/UrzR/Cti8MV/rFwJbu9mlmkuLi5mZVVTJLPLLK21VUFyAAABXpFFAHjPgf/AJSF/FD/ALIz4D/9O3i+vZq8Z8D/APKQv4of9kZ8B/8Ap28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFc58Vvi38N/gd4FvfiX8WPF1roeh6eoN1f3ZOAScKqqoLOxPAVQWPYGrhTnVmoQTbeiS1bfkiKlSnSg5zaSWrb0SXds6OiuJ+BH7RvwT/aa8IP47+BnxAtfEGmRXBgnmgikikhkAztkilVJIzggjcoyORkV21OrSq0Kjp1YuMlumrNeqYqNajiKSqUpKUXqmmmn6NaBRRRWZofP37XHw+8G/FD48fCHwH4v0GK8t9SvtWN2hZkeSCG2SUpvQhgu7BwDXu2haFo3hjRrbw94e0yGzsbOFYrW1t4wqRIBgKAK8j+I3/Ez/AG3PhxY9f7L8M6xeY9PMVYc/pXs9fI8PYbDPO81xigueVZQ5rLmahRpaXte3NJu199dz6vP8TiFk2WYRzfJGi58t3ZOdarra9r8qSvbbTYKKKK+uPlAooooAKKKKACiiigAooooAK8Z/YP8A+SIa5/2Wb4j/APqa63Xs1eM/sH/8kQ1z/ss3xH/9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP8A8pC/ih/2RnwH/wCnbxfXs1eM+B/+UhfxQ/7Iz4D/APTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK+cf+Cp/j74+fDf9ky+8R/s+S39vqA1WCPWtR0tT9psdOKSmSaNl+ZCJBCpccqrscjGR5j/AMEVP2gvjb8avAHjXQ/i/wCO7vxBFoF/Zf2Re6tfG4vR56zGVJHcmRkHlxlS2eWcA4GB49TOaNPOYZc4S5pR5lL7Ozdu/Tfo9DwKvEGHo8QwymVOXPOPMpacuzdu70Tu1onZH25RRRXsHvhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8m/8Fq/h1ofjv8AYN1zWda16WxfwtrFjq1gsabhdXBc2iwMPRhdN06MFPQGvrKvl/8A4KR/8V/rvwV/Zph+f/hN/irZ3OqQdfN0zTlNzdLj8YzntivZ4flOnnVCpF25JczflFSlL8E18zxOI4wqZHXpSV+ePKl5ycYx/wDJmn8il/wSo/YF8WfsP/DvxBd/EPxXa3+v+MJbOa9stOLm3sY4Fl8tAzqrNITO+87QOFAzjJ+raKK48wx+JzTGTxWId5y30t5Ky8krHbluXYXKsDDCYdWhBWV3d922+7bbCiiiuI7jxc/8TT/goEB1TS/hTn6SSah/8TXtFeMfDz/iZ/tu/EW+6/2X4X0izz6eYGmx+lez18xwt79HF1f58TXf3TjD/wBsPpeJ/drYSl/LhqC++Mp/+3hRRRX0580FFFFABRRRQAUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzv4x/4Kt/sC/D74iah8MvGnx5Om3mka+dE1jV7rwrqq6Lp2oiXyTa3GrfZfsFvIJDsKyTrhuDzX0RXxV/wU68e3/wC1pa61/wAEhP2bLK11Txj8QtCWP4p6/JAJbD4d+GLlsTX112a/uE8xLO1yHdz57FI49zAHrvx3/wCCmH7Fn7Nfj7Ufhn8X/ivfWWr6JaRXWvx6Z4M1jU4NHgkj8xJb24srSaGyQoQ+6d0G05zjmvaPCfizwv488Lab448EeIrLV9G1iwivdJ1XTbpZ7e8tpUDxzRSISro6MGVgSCCCK+dP21v2nZP2b/BWgfsifs0+EofGnxq8faQ+mfDvwdeSeZFBbxxLBLrerPg+Tp1su1pZGGZmCwxhnf5fSP2IP2Y9O/Yv/ZD+HP7Kml+JZtZj8B+ErPSH1adNrXksUYEkoXJ2KzliqZO1SFycZoAzPA//ACkL+KH/AGRnwH/6dvF9ezV88fALUvivqf7fvxfk+LPgvw9olzH8K/A6aZF4d8Tz6olxZjVfF2yaV5rK0MMpO4GJVkVQARI2SB9D0AFFFeR/teftrfBH9ifwbY+MPjFdahK2q3LQaVpOjWyTXd4yAGQoruiBUDLuZmAG5RySBW+Gw2IxleNGhFynLZLdmGJxWHwVCVevNRhHVt6JHrlFcD+zV+0r8K/2sfhXa/F/4QapPPpk87288F5CI7izuEALwSoCQrgMp4JBDKQSCDXfVNajVw9WVKrFxlF2ae6fYqhXo4mjGrSkpRkrprVNPqgooorI1CiiigAooooAKKKKACiiigAooooAKKKKACiiigAr5i/bB8L+IP2cPinp37fnws0ma5i0+BNN+K2iWi86noxIAuwvea3ODn+4oyQqNn6dqK/sLHVbGfS9Ts4ri2uYWiuLeZAySowIZWB4IIJBB6g1yY3CrF0ORO0lrF/yyWz/AEa6ptdThzDBLHYZwT5ZJqUZdYyWqf6NdYuSe5V8K+KfD/jfwzp/jHwnq0N/pmqWcd1p97btlJoZFDI4PoQQav18sfs5399+xf8AtB3H7Fvi68lPgrxTJPqvwg1O5clYCW33OkMx/iRmLpnkhuSTIqj6npYHFPFUbzVpxdpLtJb/ACe8X1TXmTluNeNw95rlqRfLOP8ALJb/ACekovrFp9wooorsPQCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvl/Uv+Lrf8FaNNs/9ZYfCj4VzXW7r5Op6nP5W32zajOfavqCvl/8A4J8f8XE+LXx+/aTl+dfEnxNbQ9NnPPm2Okwi3hdf9lt7fitevln7rDYrEdocq9aklH/0lSPGzT99isLh/wCapzP0pxcv/SnA+oKKKK8g9kKKKy/G/im18DeC9X8a3trJPDo+l3F9NDD9+RYo2kKr7kLgVnVq06FKVWo7Rim2+ySbb+STfyNKVKpXqxpwV5SaSXdtpJfNtL5nln7Pf/Ex/aR+NPiHr5ms6VZhv+uFmVx/49Xs9fFv7CP7V2oeLP2gPEHgzWPCsMY8eavdarFcW8jFrSVIWfymzwyeXGQDgHd7Hj7Sr4jw5znLs84ceIwk+Ze1rc2jVpSqzqde8Zwfz7po+08Qcnx+S8Qqhi48r9lR5dU7qNKEOn96El8uzQUUUV92fDhRRRQAUUUUAFFFFABRRRQAV4z+wf8A8kQ1z/ss3xH/APU11uvZq8Z/YP8A+SIa5/2Wb4j/APqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzFq3/AAR5/YM1X4keLfi3b+C/H2k6/wCO9fm1vxbd+Gfjn4v0mPUr+U5ed4bLVYogcYUBUCqoCqAoAH07RQB83fEX/gkt+w58Uvi/d/H3xR4L8bQeMb/QrLRr/wAQaB8Z/FWkz3NjaRiO3hk+w6nCHChcksCWcs7FnZmPuPws+GXhT4N/D/S/hj4HOqHSdHgMNkda8QXmq3W0sW/eXd7LLcTHLH5pJGOMDOAAOgooA8Z8D/8AKQv4of8AZGfAf/p28X17NXjPgf8A5SF/FD/sjPgP/wBO3i+vZqACvn3/AIKB/wDBPzwb+3t4N0TRtZ8a3PhzWPDlzNJo+sQWQukRJhGJo3hLpvDeVGQQ6kFB2JB+gqK6sHjMTl+JjiMPLlnHZ/h102OXG4LC5jhZYbEx5oS3X49Ndz45/wCCVOkaV+zC3jT9gjxrYix8aeHNdm1xbsuRF4k064EccWoQBidoVY4o3QE7CFyS28D7Gr5//bs/Z68aeOdJ0b9or9n9Fg+Kfw1ma/8ADbKP+Qta4/0jTJcY3pKm4KD0Y4BUOxr0L9mb9obwV+1F8GdI+MXgdmjhv4il/p8zfvtOvE4mtZRwQ6NkdBuBVhwwr0s2bzGP9px1c3aov5alt/8ADNK8ezUo9EeXlCWWy/suWigr03/NTvt/ig3yy7pxl1Z31FFFeGe8FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB5j+1t+znYftL/AAiuPB9vqJ0zxBp1wmp+ENejJWTTNTh+aGZWHIGflbHO1iRyARn/ALGn7Rl9+0B8M5rXxzpw0zx14TvW0fx3ojAK1tfx5UyKv/POUAupHH3lBO0mvXq+X/2uPDuufswfF+w/b5+GmlTT6fHDHpfxc0WzTJv9KJCx36qOs1udvPUoACVUOT5ONTwVdY2Hw7VF3j0l6wvr3g2uiPDzFPL8Ssxgvdso1V3h0n60769XByX2UfUFFUvDfiLQ/F/h+x8V+GNUhvtN1K0jurC8t33RzwyKGR1PcFSD+NXa9VNSV1se3GSkk07phRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBynx1+I1v8H/AIK+LfircsoXw54bvdRAbozQwO6r7ksoAHcmvNf+CaPw5uPhj+w58PNH1BW+26lov9s30kn33lvpGuyX77gJlXn+7iue/wCCr2sahcfsqJ8INCuTFqfxL8Y6P4U09k+9uuLpXcAd8xwup9mr6N0XSNP8P6PaaDpNuIbWxto7e2iXokaKFVfwAAr15fuMiiutWo38qcVFf+TTf3HjQ/f5/J9KVNL51JOT/wDJYL7yzRRRXkHshXP/ABX8V2fgb4Y+IfGN/HG8WmaLc3LRSqCsmyJiEIPXcQBjvmugrxn9ua9ub74PWXwx02Zku/G/ifT9EhKfeVZJg7t9NsZBPo1eNxFjp5ZkOJxUNZRhLlXeTXLBfOc4I9jh/AwzLPMNhp6RlOPM+0U+ab+UIyZV/Yl/Z0+H/wAMfhR4f8fxeFIU8Uazokc+o6nIztIVm/ehAGJWPCsikIFzt5ya9wqKys7bTrOHT7KERwwRLHDGvRVUYAH0AqWryLJ8HkOU0cDhoKMYRSdkleSSUpO27k0229XfVkZ3m+LzzNauNxM3KU5N6tuybbjFX2UU0kloraIKKKK9Y8oKKKKACiiigAooooAKKKKACvGf2D/+SIa5/wBlm+I//qa63Xs1eM/sH/8AJENc/wCyzfEf/wBTXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/ykL+KH/ZGfAf8A6dvF9ezV4z4H/wCUhfxQ/wCyM+A//Tt4vr2agAooooAK+Q/ipFL/AME8v2oD+0RpEbRfCL4o6nFa/Ea0jH7rw/rLnbDqwA+5FKTtlPqSTkmNR9eVi/EX4e+EPix4E1b4bePtGi1DRtbsZLTUbOUcSRuMHB6qw6hhypAIwQK9DLsZHCVmqq5qc1yzXePdf3ov3ovo12bPOzLBSxlFOk+WrB80Jdpdn/dkrxkuqfdI2IZoriJZ4JVdHUMjo2QwPIII6inV8t/sSfELxf8AAr4h6l/wTy+Oesy3eqeGrQ3nw08Q3ZwfEHh/JCJnoZ7cAoyj+FDgERlj9SVnjsHLA4h02+aLs4yW0ovVSXqt10aaeqNMvxscfhlUS5ZK6lF7xktJRfo9n1TTWjCiiiuM7QooooAKKKKACiiigAooooAKKKKACiiigAooooAKg1TS9N1zTLnRdYsYrq0vIHguraeMMk0bqVZGU8EEEgg9QanopNJqzE0mrM+Wf2ZdU1L9jv49XX7D3ja/lfwnrpn1b4O6tdyE/udxe40lnPV4mJZM8lSSfvoo+pq8s/a9/Zyg/aS+E0nh3SdT/svxRo10mq+C9fjO2TTtTh+aJww5CsRtbrw2cZUVB+xz+0bP+0R8LWuPFmmf2V408N3j6R450Jxtey1GL5XIXtHJjep5HJXJKmvJwbeBxH1KXwu7pvy6w9YX07wa/lPDwDeW4r+z5/A7ypP+79qn6wvePem1/IetUUUV657oUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5Gf8ABWn4aftXfFX/AIKLr4Q+Glnr3iOS30HTtT8H6b4e8yVtGtztikmfy+LY/a45GMrFQA8eW+7j9UfhDp3jnSPhP4X0n4n6kl54ltfDtlD4ivI2BWe+WBFnkBGMhpA5z718/fsHf8Xh+P3xx/a3uP3ltrHi9fC3heU8r/Z2loI2kjP9yWRtx/2kNfUdfU8RZlOrh8PlrhFewjFNpauTinJP0ur95Xb1PkuGssp0sRiczjOT+sSk0m7pRUmotebs7do2S0Ciiivlj60K8V+Jv/Fd/tmfD/wOp32/hXRL7xFfRjoWkxbQE+6uCR9a9qrxX9n3/it/2ifiv8VW+eC11S28N6a/ZBaR5nUH3kZTXy/Ev+01cDgP+ftaLf8Agop1pfK8aa+Z9Nw5/s9LG47/AJ9UZJf46zVGPztKo/ke1UUUV9QfMhRRRQAUUUUAFFFFABRRRQAUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFYnxMl+I0Hw38QT/B+z0e48Wpod23ha38RTSx6fLqIhf7Mt08IMiwGXYHKAsELFQTgUAbdFfA2rf8Edfjx+1JcP4i/4KH/8FS/jB4k1KdRLJ4I+D+rr4P8AC9grZIiW2hWSe6CEMqzzS+YwBLDOQILf/gh9f/s6qvi39h//AIKkftA/C3WIpo0tbTxT4vj8UeHZ5XcIi3GmX6BZizMqLiRW+bA5IoA/QCvk79pr9vn9rL9lrRfGfxu8df8ABPiSf4Q+A7m5m1zxTZ/FGzbW5dJgciXVbfSRbmN4RGGm8uS7jm2D/Vhvlr3n9nCL9oq3+C+i2v7WF14SuPH8AuItfu/AyXCaXdbbiVYJ4Uuf3kZktxC7xksEkd1VmVQx/O/9uf8A4KRfsZ/tkftO+I/+CdnxZ/bA8DfDT4NfD7WUtvjhe+JPFUGnal431CCUMfDVlHI6yR2KOgF7dYBlwbeI4MklAH01+2x/wUT+M/7KWt+CfEvgr9jg+Nvhj4r1zw1pl58SZPiHaabHZTazqUdjEsViYZrm4aMTQynKxIVkAD5DY+rq/On/AILuftn/ALIPw6/Zz+H3ws8R/H/wjpWsaj8TPh74p0fRZdTjSSfQYPElnK9/Eg62yRW8zbxwFib0r7u+DPxq+E37RPwz0v4y/Az4g6X4q8K60kraTr+i3QmtbsRyvC5Rxw22SN0PupHagDgfA/8AykL+KH/ZGfAf/p28X17NXzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPoegAooooAKKKKAPEv24f2Z9b+PPgGw8YfCrUV0r4leBb3+1/AOtAhStyuC9rITwYZ1UIwPy52kggEHc/ZD/AGmNE/an+Ddr4/t9ObS9bs5307xb4emBE2kapD8s9u6nkAH5lzyVZc4OQPUa+Sf2mNJ1T9hz9oWP9ufwHp80ngbxRJBpvxp0WzjLCEFtlvrSIOrxs22THJDdMyMw9vBNZlhvqM/jV3Sfm9ZU/SW8e01b7Z4WOTyzFf2hD+HKyqryWkanrDaXeDv9g+tqKr6Rq2l6/pVrruiahDd2V7bpPZ3dvIHjmidQyOrDhlIIII6g1YrxWmnZnuJpq6CiiikMKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvlz9q3QtY/ZR+NVl+3l8PNNmm0S5SHSvjBo1nGWNzYFgsOpKg6ywHAJ6lMD5RvNfUdVta0bSfEej3fh/XtOhvLG+tnt7y0uIw0c0TqVdGB4KlSQR6GuTG4X63Q5U7STvF9pLZ+nRrqm0cGY4L69h+WL5ZxalCX8sls/TpJdYtoboWuaP4n0Sz8SeHtShvLDULWO5sru3cNHPE6hkdSOoKkEH3q3Xy5+yzrOrfskfG+8/YS8fajNL4e1BZtV+DusXkhYzWe4vPpbOessBJZR1K5PAKLX1HSwWK+t0OaStJO0l2kt16dU+qaYZdjfr2H5pLlnFuM4/yyW69OsX1i0+4UUUV2HeFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFeZftmfGhf2ev2WvHPxejuRFdaToE39mOT/wAvsuIbYf8Af6SOvTa+XP8AgoH/AMXd+L3wT/ZCtv3kPinxt/b/AImhXkHStLTz3jk9FkcgA/3o8V6OUUKeIzGnGp8CfNL/AAwTlL71G3zPMzjEVMNltSVP42uWP+KbUI/c5X+R6b+w98F2/Z9/ZN8C/Cu5tjFe2OgxTasjDkXs+Z7gH1xLK457AV6tRRXJia9TFYidafxSbb9W2/1OzDYenhMNChT+GCUV6JJfoFFFFYm5neLvEdl4P8Kan4t1I4t9L0+a7n5x8kaF2/RTXm37EPhy90T9nLRdX1cZ1DxDJPrV/JjHmPcytIrfjH5dcF/wU2+LvjP4e/CnT/BvhizC2nit7i11XUDHnyokVD5I7AyBm567UbHqOv8A2Cfih4o+Kn7O+n6j4q0mO2k0m5bS7SWGHYlzBDHGEkC9BjcUOOMxnp0r87XEOXYzxOWVe97Shh5Ne6+XmqShKWvlTUUns22k7pn6A8gx+D8Nnmnu+zr14p+8ublhGcY6edRybW6STas0e0UUUV+iH5+FFFFABRRRQAUUUUAFFFfCX7d//BWv4hfsv/tIzfBH4efDLRr+00OK1fXbrWjN5l0ZoY59luY3URgRyKN7B/mz8uBz5+ZZng8pw6rYl2i2lom9X5I8vN85y/I8KsRjJNRbUdE27vyXo36H3bRWH8MvHNl8T/ht4e+JWmWU1tbeIdDtNTt7a4x5kSTwpKqNj+IBwD7ityu6EozgpR2eq9Hr+p6UJxqQU4u6aTXo0mvwaCvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11uqKPZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACmyyxQRNPPIqIilnd2wFA6knsKdWD8VPhn4F+NPww8SfBz4oaEuqeGfFug3mjeItMeeSIXdjdQPBcQl42V0Dxu67lZWGcgg4NAHyR/wUO0b48/s/8Axi0r/gp3+x/rs/i698L+GYtB+Lnwah1JGTxh4WguLi6WawQnCarZvdXUsXeZJHizyEk8y+A/jv4k/wDBbX9oDwn+1Hq+p6x4B/Za+G3iqz1r4XeFbqf7Fq3xN8QWU6y2+r30YbdFpttcRq0Fuf8AXSRiR8gBV+Rvij4F/wCDSPwT491T4cfC/wDYa8a/F3UNDu2tdZn+EFt4q1qztZlPzJ9qW/SGXH96J3Xnr1r2H/gm78Af+DYX49ftMaBp/wCzF+zXe+CvjR4N1S28R+HfCXj688SaVq8NxZyrcxXMMF5dmG6MbxeYY1MmFjYumwE0Afr1RRRQAUUUUAeM+B/+UhfxQ/7Iz4D/APTt4vr2avGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABVLxJ4c0Lxh4evvCfijSYL/TdTtJLXULK5TdHPDIpV0YHqCpIP1q7RTTcWmt0JpSTTV0z5O/ZK8R69+x78cLn/gn58UdVnuNAvUm1P4K6/fSEm6sMlptKdz1mtySVHUpn7oMa19Y15L+2X+zHbftP/CQ6Do+rf2P4t0K8TVvA3iSI7ZdL1OE7onDAZCMRtcc8HOMquK37FH7Tlz+0j8MJ4/GukjR/HnhO9bR/H/h5wFey1CPKs6rn/VS7S6EZH3lBOwmvaxyWY4b6/Be+rKqv7z2n6T69pp/zI8PASeW4n+zpv3Hd0n/AHVvT9YX93vTa/kZ7HRRRXiHuhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeUfth/s5N+0Z8Kv7N8N6n/ZXjDw/eJq3gjXkO17DUofmjO7sj42N1GCGwSop37H37Ry/tH/ChdZ17TP7K8WaFdvpPjbQJBtk0/UoflkXaeQjEb168HbklTXqtfLf7UOkap+yH8dLT9ujwJYTSeGtWEGk/GLSLSMtvtdwS31VUHWSEkK3cqQONztXkYxPA4j67H4dFUX93pP1hfXvBv8AlPCzBPLcUsxh8DtGqv7v2anrC/vd6bf8qPqSiq+kavpev6Ta67omoQ3dle26T2l1byBo5onUMrqw4KkEEEdQasV6yaauj3E01dBRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8ufAH/i+P/BRv4tfHGX97pnw70ez8B+HpTypuCftV+R2DpLhCeu1se1fQXxb+Iuj/CD4W+I/ip4gI+xeHNEutRuVLY3rDE0m0e524HqSK8e/4Jh/DrWPA37H+geJfFoLeIPHVzc+LfEE7LgzXF/IZlcjqD5Pkg57ivYwf+z5ZiMR1lamv+3ven/5LFL/ALePFxv+05rhsP0jzVZf9u+7D/yeTf8A26fQVFFFeOe0FFFFAHh/7R2m6d8Tf2gvhf8ABrVtPgvdOW6vdd1qzuYhJE8cEJSEOjAhlZ2dSCMc17RpWk6VoWnQ6PoemW9naW6BLe1tIVjjiUdFVVACj2FeO/Df/iuP20vH3jJvng8KeH7Dw/Zydi0pNzMB7qw2n617VXynDVOnicTjsyaXNVrTinZX5KPLSir2vbmjUdr2u726n1HEdSph8PgsuTfLTowk1d256vNVbte1+WVNXte2l+gUUUV9WfLhRRRQAUUUUAFFFFABXx5qnwC+D37X/wDwUk8eX/xT8C2utaR8NfCOjaYlvI8kccuozs92sknlsvnFIy0ZR9y4IBXgY+wmZUUu7AADJJPAFfNv/BNBW8Y/D/x1+0RcAs3xI+JWq6pYzEcmwjl+z26e4Xy5APrXkZlTp4rFYfDTScXJzaaurQjp/wCTSX3HhZtRpY3GYXCVIqUXKU5Jq6tTjpdP+/OP3H0hbW1vZ28dnZ26RRRIEiijQKqKBgKAOAAOMU+iivXPd2CvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACvPP2uvhx44+MX7KHxP+EXwx1gad4l8VfDzWtH8Pag0xjFrfXNhNDBLuHK7ZHRs9sZr0OoNU1TTND0y41rWtRgs7Ozgee7u7qZY4oIkUszuzEBVABJJOAASaAPzA/YO/wCC3P8AwTC/Yr/Zf8D/ALGv7ULap+zp4/8Ah34Xs9G8T/DzxZ4C1GDZewRLHcXUU1tbyQ3Ec8qvMJt++XzN7AliaqfGj9uH9mj/AILE/ta/s8eAv+Ccfh3WvH2pfCv41aX4w8Y/GSDwjeafpfhbRLNZGvdPN7dxRPJJeqyQi3QFJPvEnyxj9BfE3xp/Y48aW8dr4x+LPwz1aKJt0Uep69p86ofUB3IFeVftUf8ABRz4JfsrWvwj8N/CFvB/jCT4jfG3w18PxpGg+K7aI6TBqtw0LX6xwLJ5ghIB8vCBiwG9aAPqGiiigAooooA8Z8D/APKQv4of9kZ8B/8Ap28X17NXjPgf/lIX8UP+yM+A/wD07eL69moAKKKKACiiigAooooAK+VP2yfB3ib9l/4uWf8AwUP+DujTXUFnbx6f8YfD1kvOraMCAL5V7z23B3d0UZKqr5+q6ivbKz1Kzm07UbSOe3uImjngmQMkiMMMrKeCCCQQeua7cBjHgsRztc0WmpR6Si91+qfSSTWxw5hgljsPyJ8sk1KMusZLZ/o11i2nuUfBvjHwz8QvCem+OvBesw6jpOr2Ud3p19btlJ4ZFDKw+oPQ8joa06+RvgJe3v7A37SZ/Y+8VXcn/Cs/Ht3Pf/CDU7mQlNMvGbfcaK7HoCzb4snksBlmkO365qswwawdZcj5qclzQl3i+/mneMl0kn0aJy3GvG0H7RctSD5Zx7SXbvFq0ovrFrqnYooorgPQCiiigAooooAKKKKACiiigAorxn9vHwl8WfGn7P11ovwgju5rz7fE+p2dgx866swrh40A5Y7zGSo5IUjnofM/+CY9/wCNfCv/AAlfwh+JE2oadeWi2l7pfh3WIJIZ4Yn8wSyokgBCEmLOOAef4ufisXxhPB8aUMhqYWfJVjdVtoc1pNQWlm/da+JS5rWi1dn2WE4ShjODq2eQxUOelKzo7z5bxTm9bpe8n8Lja95J2R9ZUUUV9qfGhRRRQAVU8QaBovirQr3wx4j0yG90/UbWS2vrO4TdHPC6lXRgeoKkgj3q3RSaUlZiaUk09mfL37Juv61+yv8AGW+/YK+I+pzT6TJHLqvwg1q8fJvNNLFpdOZj1ltzkgdSmThV2A/UNeR/tk/s5XX7Qvwwj/4Q3UhpfjfwveLq/gXXEIV7PUIvmVC3/POTARgcjlWIO0Crf7Iv7Rtr+0p8JIfFGoaadL8S6VcvpfjLQZAVk03U4TtmjKnkKT8y5/hYA8g48rBN4Ku8FP4d6b/u9Y+sL6d4Nfys8TL28uxLy6fw2cqT7x6w9ad9O8HF/ZZ6jRRRXrHuBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfMf8AwVI1O/8AFfwl8Kfsu+Hrp49R+LnjrT9BkMJw8Ngsqz3c/wDuqsaBvZzX0rpemWGi6Zb6NpVqkFraQJDbQRjCxxqoVVHsAAK+VNE8U+GP2mv+CqCXfh3xHYarofwU8BSiGSyu0mRda1GTy5dpUkHbbrsbHKum04PFfWVezmUZYbB4fCtWai5y9aj0+6EY/eeJlco4rG4nFp3TkqcX/dpqz++cpfcFFFFeMe2FNmmit4XuJ5AiIpZ3Y4CgckmnV57+1f41Pw//AGcvGHiWOXZKNFktrZweRLPiBCPcNID+FcWZY2nluXVsZU+GnCU36Ri5fpb5nZl2CqZjmFHCU/iqTjBespKP63+RzP7DkMus/DDWfivdxsJvG/i/UdXBcfMIjMYo1+gEZx9a9orl/gn4LHw6+EPhrwOYtkmmaJbQTjGMyiMeYfxfcfxrqK4eGsFUy7h/C4er8ahFy/xyXPP/AMnnI7uI8bTzDPsTiKfwOcuX/BH3If8AkkIhRRRXtnihRRRQAUUUUAFFFFAHmP7aPxK/4VD+yj4/+IEdx5U9n4YuY7KTONtzMvkQn/v7IlWf2Rvhr/wqD9mLwJ8OZLfyp9N8MWi3qYxi5eMST/8AkV3NeY/8FI/+K30H4a/s5w/P/wALB+Jum2upQf3tOtmNxctjvt2RHFfSdeXS/fZvVn0hGMfnJub/AAUTxqH7/Pa0+lOEIL1k3Ul+Cggooor1D2Qrxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK4D9q74Nf8NF/st/Er9nz7QsX/Cd+ANZ8O+azFQn22xmttxI6Y83Oa7+sP4m+G/E/jL4b+IfCHgnx5c+Fda1XQ7uz0jxPZ2cVxNpF1LC6RXiRTAxyvE7LIEcFWKAMCCaAPz7/AGJP+Dc//gnj4f8A2Svh94e/bC/YR8DXnxO07wzb2njW/stVvJ47y+iXy3uA6TKrGQKJDhQNzkYFWfj/AP8ABvR+x7oXjf4K/FT9gv8AZr8D+BPFHw/+PvhXxZ4j1ebUb5Hn0HT7z7ReW0OTMHmfbEUVgoJXl177+r/tO/8ABdH9kqQ+Gfiz+wD4P/aS0i3Oy1+IPwf8axeH76eIcK93pGoByJ2xlhbyGJSeOOKZpn7cP/Bbf9o6QeGPgL/wSW0T4RpMdr+O/jt8S4Z7Wz9T/Zmmp9qmbHIwyrnAJAyaAPvuvhv/AIKN65+3T+xv8CPiX+3Pof8AwUFtvsvhCSXVPDPwr1H4aaWui6jAbhVtdGlnCtqEt1PuS3WeK4jzLIpEQHy19Wfs3+BPjF8Nfgvovg74/wDxr/4WJ4xtxcSa74vGgw6Yl7LLcSzBY7WElIYokkWBFyzbIVLMzFmPxD8ZtM/b2+Lv7fV38UP2g/8Agmn4+8c/C34Va7v+BvhTwt498IJpl/fx7l/4SjUUvtYgllusE/ZYHiVbVWL4MzFlAPQdZ+Kv7Zf7Z/7X3xC/Z9+AX7Q0/wADtG+EHgzw7Prc9r4Q07Wb/VfEWsWst6ttP9vjkjSztrdIA6RLHLI87YlQKK9i/wCCbX7UPi79sT9jLwh8c/iPodjpvim4fUdI8W2Wmbvs0eraZqFzpt40IYlliee0kkRSSQjqCSRk+QeIvBf7ZX7Ln7ZHxH/as+AX7I1z8T9F+OXhDw9JrXhi38baVpWoeF/EWl20tqone7mWGa0lt5IFeSB5ZEe2bbHIrAn17/gmz+y94v8A2O/2MfCHwM+I+t2Oo+KYH1HV/Ft7pm77M+ranqFzqV4sJYBmiSe7kjRiASiKSATgAF7wP/ykL+KH/ZGfAf8A6dvF9ezV88fAL4R/Cj4Qft+/F/TfhN8MfD3he21T4V+B9Q1O38O6LBZJeXkmq+Lg9xKsKKJJWCqDI2WIUZPAr6HoAKKKKACiiigAooooAKKKKAPN/wBq39m7wt+1T8GNR+FfiK5eyumZbvQNagyJtK1GLJguoyCCCrcHBBKsy5Gc1yP7DH7SPin4u+E9V+EnxttksPil8O7tdK8baecD7SQP3OoRdN0U6AOCABuzgBSufdq+Yv25vhb41+GXi7Sf2/P2f9Ha58VeCbUweMtDt/l/4STw8TunhYDrLEAZEPJG3oxRFr2cvnDGUXl9V2u702/sz7N9Iz0T6KXLLueJmVOeCrrMaKvZWqJfah3S6yp6yXVx5o9j6dornvhP8UvBPxs+G+jfFf4dawl9ouu2KXVjcL12nqjD+F1YFWU8qykHkV0NeROE6U3Cas07NPdNbo9inUhVgpwd01dNbNPVMKKKKksKKKKACiiigAooooAK8r/aV+D/AIi8Uw6f8XPhO62/jrwkxn0iToNQg582yl/vI4Jxnox6jcTXqlFefmmW4bN8DPC172lazWkoyTvGcX0lGSUovo11TafflmY4nKcbDE0bXV7p6xlFq0oyXWMotxkuz6NJrkvgl8YPDvxv+H9p450BGgdyYdR0+b/W2N0nEkDjggqfUDIIPeutrwX4t6ZqP7MHxQk/aR8H2MsvhXXJUh+IukWyE+SxOE1KNR/EpOHA65J6sWX3PS9U07W9Mt9Z0i9iubS7gWa2uIXDJLGwBVlI6gggg152RZlia/tMBjrLE0bKVtFOL+CrFfyzS1X2KinB7Rv6Gd5dhqHJjsFd4atdxvq4SXx0pP8Amg3o/twcJreVp6KKK+hPACiiigAr5Z/aU03UP2Nvj9bftt+DLGVvB/iJoNK+MOlWsZIRCwS21dUHV42YI+OSDgDLsw+pqo+JvDWg+M/Dl/4R8U6VDfabqdpJa39ncLuSeGRSrow9CCRXHjsK8VRtF2nF3i+0lt8ns11i2uxwZjgnjcPaD5akXzQl/LJbP0esZLrFtdixpupafrGnW+r6TexXNrdQpNbXMEgZJY2AZXVhwQQQQR1BqavmD9kPxLr37M/xa1D9gT4n6rNcWltBJqfwl1u7bJ1HSCSXsmY9Zrc5GOpQEgBVXP0/TwWKWLoczVpLSS/lkt1+qfVNPqPLsasdhudrlmm4yj/LJbr9U+sXF9QooorrO4KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK5X466LN4k+CHjLw7beKv7Ckv/AArqNtHrmSP7OZ7aRRcZXkeXnfxz8tdVXzz/AMFQfiBrXhP9krVPAvg98+IfiLqVp4P8PwhsGWe/k8t145/1Am6d8V25bQnicwpUoOzco69tU2/RJNvyWpw5nXp4XLq1WaulGWnfRpJebbSVtbvTU+Kf+CLP7D/7ROm/Gnw/+15rkA0XwSdJvGs3e/RpNcWWOW3VPKRi6IsmJcyhcmJCoOQR+rlYXwv+H+i/Cj4baB8MPDibbDw9o1tp1p8uCY4YljBPuQuT7k1u13cQ51Wz3MpYmaSS92Nlb3U3a/d66/5Hn8OZHR4fyuOFpttv3pNu/vNK9uyutPvd2wooorxD3grxX9sT/iqrz4d/BuP5v+Em8cW0l7F132VqDNMMf98H8K9qrxW//wCK6/bvsLbG+18C+B5bjd/zzvLyTy8e2YRn8K+X4u/fZXDBLfEVaVL/ALdlNSn/AOU6cr+T8z6bhT9zmc8Y/wDmHp1an/byg4w/8nqRt6eR7VRRRX1B8yFFFFABRRRQAUUUUAFFFVNf13R/C2hXvibxDqMVnp+nWkl1fXc7YSCGNS7ux7AKCT7Ck2krsTaim3sj538Xf8XR/wCConhPQB+8s/hh8OL3WHbqsd9qEotQh/2vJAcewr6Tr4f/AOCff7XHwV+Nn7afxf1i21q5TXPG17aDwpFeWxRbnS9Pt2jAQ5+WQrmVkIBwM8kMB9wV4+SV6OLoVMRTkpc9Sb08mopf+AxT9GeBw7icPjsNWxVKal7SrN6O+zUYr/wGKfpJBRRRXsn0AV4z+wf/AMkQ1z/ss3xH/wDU11uvZq8Z/YP/AOSIa5/2Wb4j/wDqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFfA37cvhn4jftw/wDBTnw1/wAE2dT/AGjPG3w3+GWl/A+X4ieJovhzrZ0vVPFl2+rnTYrF7xQXjtYFTzZET75nQN/CyfPn7Mnxy+LvhH/glD/wTm+KGjfGLxOniDxB8evD3h/XIR4guT/wkem6jc6nbXkF5HvxdokWJx5gbyzbBhgigD9fKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9ezV4z4H/5SF/FD/sjPgP/ANO3i+vZqACiiigAooooAKKKKACiiigApGVWUqwBBGCD3paKAPkLwgx/4J0ftTj4Z3beR8GPi7q7S+F5mOIfC/iF+Xss9I4LjGUHADAAABZGP17XFftDfAfwL+0t8H9a+DPxEtC+n6xbFFnjA820nX5oriMno6OAw7HGDkEg+V/sJfHjx1qg1v8AZM/aIux/ws34bFLe9unJxr+lnAttTiJ5cMpUOeSGILYL7R7mJ/4VMH9bX8Wmkqn96O0anrtGfnyye7Z4OF/4Scb9Tf8ACqNun/dlq5U/TeVPy5or4Uj6Jooorwz3gooooAKKKKACiiigAooooAh1LTrDWNPn0nVbOK4tbqForm3mQMkqMCGVgeCCCQRXhXwq1G//AGWvinH+zt4rvJJPB/iCeSb4earcOT9mkJy+myMe4JyhPXIHJbC+91ynxq+EXhv43fD+88B+I90Xm4lsb6IfvbK5XmOeM9Qyn3GQSOhNfPZ7lmJxHs8dgbLE0buF9FOL+OlJ/wAs0tHryTUJraV/fyTMsPQ58FjbvDVrKVtXCS+CrFfzQb1X24OcHvG3V0V5T+zV8XvEniIaj8Gvi3th8c+EyItS7LqVtwIr6P8AvK4I3Y6MRkDcAPVq9HK8zw2b4GGKoXSd009JRknaUJLpKMk4yXddU035+Z5biMpxssNWtdWaa1jKLV4yi+sZRacX2fRppFFFFegcAUUUUAeP/tnfs56l8fPhtb6l4A1EaZ498IXo1jwJrSkK0F9Hg+SzH/llKFCMD8v3WIO3B0/2S/2i9N/aY+EFt42bTjpuu2M76d4s0KQFZNL1OH5ZoWU8gZ+Zc87WGecgem18r/tDWV5+xX+0PB+2V4VtJP8AhBvFssGl/F3TbZCVtXLbLbV1Ud1ZgkmByG6FpCR5GLX1DEfXI/A7KovLaM/+3b2l/cf908LHp5Zi/wC0I/A7Rqry2jU9YXtLvB3+wfVFFRWV7Z6lZQ6jp13HPb3ESyQTwuGSRGGVZSOCCCCCOualr19z3U01dBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXy38Yv+L7f8FMfhv8ACWM+dpHwq8NXfjHW0HKNf3BFtZRt6On+uX2Y19RsyqpZmAAGSSelfLv/AATdB+LGu/Fn9su7HmD4jeOpbXw9Oed+i6aDa2rA9skSggcZQda9jK/3FDEYv+WPLH/FU938I87PFzX/AGjEYfBr7c+aX+Gn734y5EfUdFFFeOe0FFFFABXiv7KP/FXePvip8YnG4ax4yOmWch/jtrCMRIw9juP5V1P7TXx60f8AZ0+Fdz4+1OykuZ5ZxZ6Xax8ebdOjsgYn7qgIzE88L0JNecf8E1/if4X8Y/Ar/hB9Ktp4tT8OXLHWGnO7z3uZZZVmDd84ZcHkbO/Br4XM84yytx3gMplVXtYQq1eXq5OChBbWvyurNK+ybPt8tynMqPBGOzSNJ+znKlS5uiipuc3ve3MqUHpu0j6Iooor7o+ICiiigAooooAKKKKACvLv22fGnhvwB+yP8RvEfi2FZbE+Eb20e3Zyone4iNvHFkcjfJKi5HPzV6jXzR+3b/xd74r/AAh/ZFtv3kHiXxX/AG94oiHI/srTV85o5PRZZCFB/vR15+aVZUsBU5fikuVesvdX/pV/RM8vOq8qGWVeTWUlyR85T9xfjK78kzgP+Cd//BK7Sf2dvE/h/wDaR8d+O7nUvEZ0FJrTRF04W8ek3FzbbJld/MYzsqyPGDhByTgnGPtaiiqy7LcJleGVDDxtHd+b0u362/yKynKcDkuDWGwkOWO73u3ZXbv1dv0WgUUUV3HpBXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfDP7dXwS+E37b37f8A4b/Zcj13x78Lvit4E+EsvjrwL8dPh74iSyvra2uNSOnXWk+UyMLqAlIpJUf5QJYwCvmMWqf8E+/+CD/ww/Yq8VeCfGnxI/ah+IXxfuPhbZXNr8KdE8W3EUGi+ERcBhNcWljECv2lld1852YgNwAVVgn/AAVr/wCCfvhf44/FTwp+2n8Q/wDgqd4l/Zw074daL/Z2k6ppmpWGmW9pcTSzNPN9uuHjdTcI0MTwb/LkW1iyrEVxH7En7Pmq/Gr4o6N47+Bv/ByJ40+NOn+ENdsdS8ReENI1fRL6K9tYrhHe1u1tyZYoZgpiLYBIc4OaAP0pooooAKKKKAPGfA//ACkL+KH/AGRnwH/6dvF9ezV4z4H/AOUhfxQ/7Iz4D/8ATt4vr2agAooooAKKKKACiiigAooooAKKKKACvnX9u74E+Or46J+1x+ztZ5+Jnw23z2tpGDjxBpRybnTJQvL7lLNGOSGLBcM4YfRVFdWCxdTA4mNaGtt09mno4vyaun9+6RyY7B0sfhpUZ6X1TW8WtYyXnF2a+7Zs4v8AZ7+O3gX9pT4QaL8Zvh3eGTTtYtQ5hkI820mHyy28gHR0cFT24yMggntK+QfFIP8AwTn/AGqD8QrUGD4L/F7WFj8RxLxB4X8RPwl5jpHb3GMOeApBJICIp+vgQwDKcg9CK6MxwlOhONWhrSqK8X1XeL/vQej7q0tpHPlmMq4iEqVfStTdppbPtJf3ZrVdnzR3iFFFFeaemFFFFABRRRQAUUUUAFFFFAHk/wC0t8JPE2tnTvjX8IVWLxx4TzJYLj5dUteTLYyY+8GGdvoxOCN24dd8GPi54a+Nvw/svHvhksiTgx3llKf3tncLxJBIOzKfzBBHBFdVXgfxRsL79lb4qyftBeF7OR/BniO4SH4g6XboSLOYnampRqPc4kA65zyWyvx+ZRlw5mEs2pr/AGepb6xFfZeijiEv7qtGtbeHLU3pu/1uXNcQ4COV1H+/p39hJ/aWrlQb/vO8qN9p80Nqit75RUOn6hY6rYQappl3HcW1zEstvPC4ZJEYZVlI4IIIINTV9fGSkk07pnybTi2mrNBRRRTEFZ3i7wn4d8d+F9Q8F+LtJhv9L1WzktdQsp1yk0LqVZT9QT71o0UpRUotNXTFKMZxcZK6Z8x/sdeLPEX7O/xO1H9gL4r6tNc/2VbtqHws1u7bnVdEJJ+zFu81vypUfwqcAKgJ+nK8b/bS/Z11n44/D6z8TfDS+GnfELwVe/2v4F1YEApdJgtbOTwYplUIwPy52k5CkHc/ZT/aJ0X9pv4PWXxCtLE6fqsEr2PibRJQRLpepRYWe3dTyMN8y55KspODkDysDJ4Os8DN6JXpvvHrH1ht5xcX0Z4mXSlgMQ8uqPRK9JvrDrG/endLu4OL6M9Iooor1j3AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPFf+Ch/wAYLz4J/seeNfFGiO/9r3+m/wBj6FHD/rXvbxhbRlB3ZfMMgH/TM12P7M3wfs/gD+z94P8Ag3aIgPh7QLe1uXj6SXAQGeT/AIFKXb/gVeK/tcf8Xu/bY+CP7MEP72w0O8n+IHiqHqFiswYrHcO6tcM6kHjkda+o69jFf7NlNCh1m3Ufp8EPwUn8zxcJ/tOcV6/Smo0l6/HP8XBfIKKKK8c9oKKKKAPCv25NMsviPpXgv4ALAr3vi/xZDiQKDJa2tupe5nTIOGVGx9Gau4+AX7OPw2/Zw8PXPh/4ewXbm+mEt9fahMsk9wVBChiqquFBOAFA5PcmuP8AA/8Axdb9svxP44b95pvgDR4tC0w/wm9n/e3Lr/tKP3R9iK9tr4nI8twGZ55is/qUoupzulSm1qqdJezk0/79T2mu9opJpaP7PO8xx2W5Lhsip1ZKnyKrVino6lV+0imv7kPZ6bXk203qiiiivtj4wKKKKACiiigAooooAK+aP2bv+L2/tx/Fv9oaX97pvhFIPAXhmXqA0JE9/jtkTlcEdmr2X9ob4sWPwL+Bvir4u35TGgaJPdQxydJZwpEMf/A5Ci/8CrjP2APhNffB/wDZO8J6Jr4dta1WzbWtflmH7yS8vGNw+/1ZQ6xn/rnXl4n/AGjMqNHpC9R/L3Yfi5P5Hi4z/as3w+H6QTqy9V7kP/JpSl/26ey0UUV6h7QUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5qf8FB/D37J3xH/AOC1/wAJvh5/wUpm0Gb4VRfBC9vvhVo/j+5SPw5qPjP+1xHeJMsxEE9wtj9l2RTZU+YcAsUB5f8AbR+GP/BOT4L/ALdX7Kus/wDBO3w98OPDPx21D436XY6jo3wfjs7WW+8GSRT/ANtvqNrYYjNutsCwllXduQBCQr4+sv2nbr9lf9sD9rG1/wCCX37Rv7L2j/EGzPwwf4hahqHiGKKS30mL+0P7Ot1hBXzVuJX+0YkjZCqROMndg8UP2e/+Cdn/AARn8W/DjxF+zr+xB4f0KX4tfE7Tfh9deKtIYvf6XLqIl+zM01yZJmt3nhjjaNJFG6SNiG28AH2tX59f8FtP2UvgJqeq/B39rrUvAz3HxC079ob4a6Rp+uz6vdutrZnxLbbkitjL9njZhI4aRYw7A4LEAY/QWvlX/go3+wp+1L+25feGNF+F/wC2P4a+HnhTw14h0LxJHoupfCRtcup9b0vUTewXBuhqtqFgYpbo0HlE/u3PmfPhQDxr/gpRP+zLd/8ABSX4e6B/wU71vSLT9nqf4QanJ4Si8c6gbbwvceNF1GLzheszLA1yun7TbLcHHM5j/eV0P/BAX45p8Xf2fPi74L8MaxrWoeBvhv8AtCeIvDXwqu9fe4e4HhcR2l7p0W+5/fPGkV7tiMhLCDyR2AHuPjz4Fft7+J/hr4W8O+Hv23fBOneI7C2uY/GOs3nwOF5Za1I8qtBNb2baqrWTxINozNOrE7ivAA6z9kT9lnwt+yN8KJvh7ovinU/Eeraxr994h8ZeLtbEYvfEGtXsplu76ZYlWNCzYVY0UJHHHHGowgoA4n4BfE7w38Uf2/fi/qHhrTfENtHp3wr8D2NwviLwjqOju8qar4uJaJL+CFp4vmGJow0THIVyVOPoevGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBzvxb+FXgn43/DbWfhP8RtIW+0XXbF7W+t24O08h1P8LqwDKw5VlBHSvBv2Gfip42+HHivVv2Bv2gtXa48WeB7VZvCOuXHH/CS+HidsFwpP3pYgBHIMkjaOWKu1fTdeEftz/s3+Kvi14W0n4wfBC4Sw+KXw6u21TwXf4x9rwP32ny8jdFOgK4JA3YyQpbPr5bXpVISwWIdoTd039ieyl6P4Z/3WnvE8fM6FalUjj8Or1IKzivtw3cf8S+KH95NbSPd6K85/ZU/aQ8K/tUfBfTfit4bt3s7iQta67o0+RNpWoRYE9rICAQVbkZAJVlbAzXo1ebXoVcNWlSqq0otprs1/X69T0sPXo4qhGtSd4ySafdP+vzW6CiiisjYKKKKACiiigAooooAKr6tpOm69pdzoms2MV1Z3kDw3VtOgZJY2BDKwPUEEirFFTKMZxcZK6ejXdMcZShJSi7Napng3wf1bUv2Zfien7NPjO+ll8MazJJP8OdYuXJ2c5fTZGP8AEpOUz1BA/iVR7zXI/G/4PeH/AI4fD+68E65I9vKWE+l6lDxLYXacxzoRggg9cEZBIzzXNfs1fGHxB4uttQ+FPxVjW28deE3FvrUPQX0X/LO9i6bkkGCcdCegDKK+SyuUuHcwjlFV/uJ3eHk+ltZUG+8FeVK796neGrpa/WZnGPEGAlm1Jfv4WWIiut9I10u03aNW3w1LS0VTT1Oiiivrz5IKKKKACvlb4721z+xD+0fF+1v4dt3X4e+ObiDTPixYwISmn3RbZbauFHTltkhHXcThmkBH1TWX418GeGfiJ4R1LwJ4z0iK/wBK1eyktNQs5h8ssTqVYe3B4I5BwRyK4sdhXiqK5HacXzRfaS/R6qS6pvsjz8ywUsZQXs3y1IPmhLtJd/7rV4yXWLfVI0bW6tr22jvLO4SaGZA8UsThldSMhgRwQRzmn18zfsZeMvE3wI+Iep/sB/F7V5bm68P2xvvhrrd0cHWdBJO2LPQzW+ChUfwqcDbHk/TNXgsUsXQU7Wa0kusZLdfJ7Pqmn1Ly/Gxx+GVS3LJNqUesZLSUX6PZ9U01owooorqO0KKKKACiiigAooooAKKKKACiiigAooooAKKK8B/4KUfteap+xf8Asz3HxL8N6Et/rOq6pHo2ieaxEVtczQzSCeTHJVFhc7RjLbRkAk104PCV8fi4Yairzm0l6v8Ap/ccuNxlDL8HUxNd2hBNv0X9JfM5n9iX/i9P7Unxx/axuP3tm3iGPwV4UlPRbLTlH2h4z3SWdlfPqpr6kr4f/wCCFP7Qtj8Tv2atS+DCeEvsF34AvUNzqCSFl1IX0tzMJWLc+aGSQNyRjZjHQfcFenxJRq4bOatCatycsUv7sYpRfzXvesmeVwxWpYrJKWIg7+05pt/3pSk5L5P3fSKCiiivDPfCsb4ieNNN+HPgPWPHmrkfZ9I02a7kUnG/YhYKPckAD3IrZrxT9sqebxla+EP2d9OlYTeOvEkUeoKjYYabbET3LDHphPrzXjcQ5jUyvJa2IpK9RK0F3qTahTXznOPyTPXyDL6eZ5xRw9V2pt3m+0Ipzm/lCMvm0a/7GngvUvCnwI07WfEIJ1jxRcS6/rEjDBee6bzAT6ER+WCPUGvVKbBBDawJbW8SpHGgWNEGAqgYAA7CnV05Tl1PKcro4Km7qnGMb92lq35yk5SfnJmGa5hUzXM62MmrOpJyt2TeiXlGKjFeUUFFFFegeeFFFFABRRRQAUUUUAfNH/BQZj8VfEvws/Y/syZF8feMkvfEUK850bTgLm4VvTcwj2k8EoRzX0sqqqhVUAAYAA6V+XvwT/4KSz/F3/gpzovxD8QfDkf2ZrUCeDPDdqJW8/TIbi7UpcsD8rSM7fvMAYRiATt+b9Q6+fyPHYXNKuIxNGV/eUfSMV7v33lI+X4czLBZzXxeMoS5vfUNmrRhH3d/5m5y+avqFFFFfQH1AUUUUAFeM/sH/wDJENc/7LN8R/8A1Ndbr2avGf2D/wDkiGuf9lm+I/8A6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFeW/tyfE7xJ8Ev2KfjB8Z/BkjprHhH4W+INa0po1ywubXTbieIgdzvjWgDwT9vv8AZe/bY8PftVeE/wDgo3/wTph8J69470TwTP4L8b/DjxxfPaWfinQHu/tkK290vFtdwXJkdWfCsJSCcApJ574c+Cv/AAVb/wCCif7Q/wAL/F37f3wI8DfA74U/CLxva+NbbwVoHjJNf1nxNr9mr/YGluYAIYbSGRzKV+8zKAQ2Q8eX+2V+1/8AHL9j/wD4N4PCXxe+H3xZ1XxF8WfGfw88KaP4c8XajeG4vb/W9aS2827SR8kyKk1zNF12mOMdFrzm7/4J+ePf+CNHxT/Zv/aF+FH7aPxa8bar49+MmgfD7416J458WvqGl+JV1oSQPfxwOoMUsFyFkjJZ2CdXOH3gH600UUUAFFFFAHjPgf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB8i/Hazu/2A/2lh+134XtZB8MPiBeQ2Hxc023QlNKvmbZb60qjoCzbJcDksT8zSLt+trO8tNRtItQ0+6jngnjWSCeFwySIwyGUjgggggjrVDxr4M8MfETwjqXgPxro0Oo6RrFlJaajY3C5SaGRSrKfwPUcjqOa+Z/2MvGfif9mT4s3v8AwTu+MmszXUen2z6h8IPEN43Or6ICSbNm6Ge2wRtH8CnACopb3J/8KuB5/wDl9RWvedNaJ+cqeifeFn9lngw/4SMf7P8A5c1np2hUerj5RqatdFO6+2j6rooorwz3gooooAKKKKACiiigAooooAK8k/aV+FHie9udP+PPwdhC+NvCiloYAPl1ey6y2UgH3sjJT0YkDBII9borzs1yzD5vgZYatdXs1JaShJO8ZxfSUZJNP1TunJP0MrzLEZTjY4mlZ2unF6xlFq0oSXWMo3TXo1ZpNcx8H/iv4X+NXw/sfiB4UmPkXabZ7aQ/vLWdeJIZB2ZTx7jBHBBrp68C+Itnd/smfFeT45eHraRvAnim7SLx1p0CEjTbpjtTUUUdFJOJAOpPcldvvNneWmoWkV/YXMc0E8ayQzROGWRGGQwI4IIIINcGRZniMUqmDxtliaNlNLRST+CrBfyVEr215JqcHrFX7s7y3D4ZwxmCu8NWu4X1cWvipSf89Nu19OaDhNaSdpKKKK+gPBCiiigDxb9tf9nnxB8ZfAth46+FF0th8RvAl5/a/gjUhgFplAMlm5PWKdV2FScZ25+UEHpf2W/2hvD/AO038HdP+Jmj2rWV7ua01/R5ciXS9Riws9s4PIKtyMgEqynAzivRK+VPjRDN+wx+0vH+1FosTR/DX4h3kOn/ABQtIl/d6VqLHbb6uFH3VYnZKfViTuZ1x5GK/wCE/E/XF8ErKp5dIz/7d2l/daf2Twsb/wAJeM+vx/hytGqu3SNT/t2/LP8AuNN/AfVdFNhmhuYUuLeVZI5FDI6NkMDyCCOop1eue6FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfG/iLwh4f/wCCmP7WGq+H/F1i2pfBf4QyTadLbLcSRw+IfEkkZSYh42ViltG2AVIIcgglZDXpn7fnx98X/DP4faZ8Hfgq3m/Ev4m350PwbAjYa13AfaL9sfdSCNt27naxUkEBq9C/Zq+AfhD9mT4J6D8FvBa77bR7QLcXjriS9uWO6a4f/aeQs3sCAOAK9zCSlleCeMTtVqXjT7pbTmuz+xF93JrY8HGRjm2OWCavSp2lU7Se8Kb7r7c12UE9yT4Efs5fBP8AZl8IP4E+Bnw/tfD+mS3BnnhglklkmkIxukllZ5JDgADcxwOBgV21FFePVq1a9R1KsnKT3bd2/Vs9qjRo4ekqdKKjFaJJJJeiWgUUUVmaBXiXw9/4ur+2J4t+IL/vNN8C6XF4d0puqm7kPm3Tj0Zf9WfYivUfiX440/4a/D7WvH+qYMGkabNdMhON5RSVQe7HCj3NcV+xz4I1Dwb8BdKvdfy2r+IpJNc1mVhhpLi6bzMsPUIY1PutfLZt/wAKHEGCwC+GnzYif/bnuUk/WpOUv+4fkfT5X/sGQ4zHP4qlqEP+3/fqtelOEY/9v+Z6jRRRX1J8wFFFFABRRRQAUUUUAFcl8ePirpnwP+DHif4uavtMPh/RZ7xY3OBNIqHy4vq77UHuwrra+aP+Cgzv8V/EPww/Y5sXLj4geLkvPEkSnP8AxJdPxc3Ct/d3MI9pPBKEc1xZjiJ4bBTnD4to/wCKT5Y/i19zPOzbFTweX1KlP47Wj/ik1GP/AJNJP0TKP7AH7Cvwh+HPw48IfHzxt8PYLr4mappp1TU9cvJpWeGW7Zptqwl/KidEkWMsqBuDzya+paRESNBHGgVVGFUDAA9KWqwWCw+Aw0aNGKSVr2Vruyu33b3bLy7LsLleEjh6EUkkr2SV3ZJyfdvdt66hRRRXWdwUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFUvEvhvQfGXhzUPCHirSYL/S9VspbPUrG5TdHc28qFJI3B6qysQR3Bq7RQB+eHwo/4N5Phj4A+LfgHUvGv7aXxf8AHPwo+E3iaPxB8L/gn4r1lLjSNEvoSxtdz433EVuWIiQgFV+Usys6v9UftS/sc6X+1T8UPg5418WfEG+sdG+EfxAHjFPDVtZo0es6nDbSw2Tyyk7o1gaaWQBQdzEZxtBrw39qH/g4M/4Jm/sr/GDUvgBrnxP13xj4y0SZote0L4c+FbnWH0yRTh45pYlEIdTlXQOXRgVYKeK9I/YQ/wCCtH7CX/BR641TQf2X/jGL3xFoUXm634P1zTJ9N1ayj3BTI1vcKpkjDMqtJGXRWZVZgSBQB9I0UV4X8d/+ClX7E37M/wAc/Dv7Nfxp+NqaT438VXum2mi6FB4f1G9aSW/ufstmJZLW3kjt1lmyivMyLkckDmgD3SivLf2k/wBtH9mv9kh9Ds/jv8Q5NO1DxNLPH4d0LSdBvtX1PUzCoaZoLHT4J7mVI1ZS7rGVTeu4jcM7v7P/AO0Z8E/2pvhvB8W/gD8QrPxJoE91Nam8tUkje3uYXKTW88MqrLbzIww0UqK6nqozQBx3gf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV41+2x+zHd/tHfDK3uvAuqjR/H/hG9GsfD/xAhCtZ6hHgiNm/wCeUu0I4OR91iG2AV7LRW+FxNbB4iNak7Si7/8AAa6pq6a6ptHPisLRxuGlQqq8ZKz/AEafRp2ae6aTPJv2Nf2nLT9qD4Rr4j1XSTo/ivRLt9J8ceHJQVl0vVIflljKnkIxG5DzwcE7lYD1mvk79rHw7rn7HPxzt/8AgoD8MNKnn8O6gsOmfGvQLGMsbixyFh1ZEHWaAkBj1KY+6DI1fUnhzxFoXi7w/Y+KvDGqwX+m6laR3Vhe20gaOeGRQyOpHUFSCD7125lhqK5cVh1+6qXsv5ZL4oP0vePeDT6M4csxVaTlhMS71adrv+eL+Ga9bWkuk1JbNF2iiivLPWCiiigAooooAKKKKACiiigCrrei6T4k0e68P69p8V3ZXtu8F3bTLlJY2BDKR6EGvEvgtrerfs4fEpf2XvHeoSzaDqJef4b61dNnfFnL6fIx/wCWkefl9QQOMote71xvx1+DeifHDwDP4Q1O4e0u45FudG1WHiXT7xOY5kI5GDwQCMgkZHUfO57luKqunmGAS+s0b8qvZVIPWdKT7TteLfwVFGW3Pf6DJMxw1JTwGOf+zVrcz3dOa0hViu8b2kl8dNyjvy27KivMP2a/jJrnjrTr/wCHHxOt0svHPhSQWviC06C5X/lneR9N0cgwcjgE9ACufT69PLMywubYGGKw7fLLo1ZxadpRkukoyTjJPZrtZvzcyy7E5VjZ4Wuvej1WqkmrxlF9Yyi1KLW6fqkUUUV3nCFZHj3wL4W+JvgvVPh7430iO/0nWbKS01C0lHEkbjB56gjqCOQQCORWvRUyjGcXGSumTOEakHGSuno13T3Pmn9izx14q+DfjbVf2CPjLq0lzqvhS2+1+ANbuuDrnh8kiLB7ywY8tlHZcDIjLH6WrxL9tr9n3xN8VvB2m/E/4OzLZ/En4f3Z1XwZfAYM7AfvrF+m6OdBsKkgbtuTtLZ639mP9oLwx+018HdM+KnhyFrWWcNb6xpUp/e6bfR/LPbSA4IKt0yASpVsDdXl4GUsJVeBqPZXg31h29YbPvHlfc8bLZzwNd5dVd+VXpt/ah/LfrKnpF9XHkl3PQKKKK9Y9sKKKKACiiigAooooAKKKKACqmv69o3hbQr3xN4i1KGy0/TrSS5vry4fbHBDGpZ3YnooUEk+gq3Xyp+29r2s/tMfF3w//wAE7vh1qc0Nvq8aa18WdUtHIbT9CjcFbXcPuy3LhVA6hdpIKua7cvwf13EqDfLFXcpfyxWsn92iXVtLqcOY436jhXUiuabajGP80npFffq30ipPoH7EWg6z+0z8XvEH/BRD4iabNDbatHJonwl0u7TDafoUbkNd7T92W5cM2eoXcASjivquqmgaDo3hXQrLwx4c0yGy0/TrSO1sbO3TbHBDGoVEUdgFAAHoKt0ZhjPruJc0uWKtGMf5YrSK+7VvrJt9Qy7BfUcKqcnzTbcpS/mk9ZP79EukVFdAoooriO4KKKKAPE/2xZZPHD+DP2c7F2L+NvEcZ1RUPI021xPcHjp0THrg17VFFHBEsMMaoiKFRVGAAOgFeKfDP/i6n7XvjP4lSfvNO8FWEXhnR26qblj5t2w9GVv3ZPowr22vluHf9uxmNzR7VKns4f8AXuhemreUqntZeejPp+IP9iwmDyxb04e0n/18rWm7+cafso+WoUUUV9SfMBRRRQAUUUUAFFFFABXzP+z/AP8AF9P28vij8fJT52k+A7SHwJ4ZkPK+eh8/UGHYMspVMjkq+K9l/aJ+Len/AAH+Bnir4v6iUK6Bos91BHIeJZwuIY/+BylE/wCBVxv7Afwk1D4O/sp+FtG8Qh21zV7Ztb8QzTD95Je3jGd9/qyh1jP/AFzry8T/ALRmNGh0heo/l7sP/JnJ/I8XGf7Vm1DD9IXqy+XuU1/4E5S/7dPZaKKK9Q9oKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK8r/bo+K+v/Af9iT4x/HHwpceVqngz4V+Idd02UDOy4tNNuLiNvwaMGvVK4P9qX4ffC/4tfsx/Eb4VfG/xX/YPgvxN4D1fSfF+uf2jFZ/2dpdzZSw3Vz58wMcHlwvI/mSAom3cwIBoA8i/wCCQH7Lfwr/AGU/+CePwr8KfDjwxa2t9rngjS9c8XawsI+1a3q93ax3F1d3Mv35naWV9pcsVQKgO1QK8s/4Kx/DLwV8L/2mP2Vf25/BGg2umfEGx/aK8PeBtT16zhWOfVNA13ztPubK4ZQDOitJFJHv3eWVfbjeTXzRpX/BO/8A4I0aFpdtomif8HE3xZs7Kzt0gs7O1/bK0aOKCJFCpGiKgCqqgAADAAAFdH8I/wDgnb/wR5vPjv8ADnxFYf8ABcL4g/EnXfDPxD0XXfCPg7xL+1No+tW2o6zaXsU1lF9j8stOzTKqBI8SNvKqQWoA/WCvj3/gtP8A8kB+FP8A2dF8NP8A1JbOvsKvBf2sf+CZ37HX7b/i3TfG37S3gfxLrd7pFvaxadHpvxN8QaRawm2uJLiCYW2nX8EBnSWRnWcoZRhBvwiBQDwv9tS2+LnjL/grV8J/Cn7HPiPQPDPxZ0T4K+IdS13xJ49sZNQ0OXwtPqVhC1mLCF4p7i7N7FBIskVzbiKON95lEioN/wD4IvSX+leEPjx4B+IKxXHxK0T9ojXD8V9c025V9L1nW7i0sbgXVggjQ21v9kktI/sz7pInicPJKxMj+qeM/wDgmR+xZ8QvAfg74f8AjD4YatexeAI7mPwfrrePdbTXtMjuGLTomsJeDUGSQn5la4ZSFUEYRQPQ/wBnr9mz4G/sp/DpPhR+z78ObLw1oQvZr2a1tXkkkuruZt0tzcTSs8txO5A3Syu7tgZY4FAHmHwC1L4r6n+378X5Piz4L8PaJcx/CvwOmmReHfE8+qJcWY1XxdsmleaytDDKTuBiVZFUAESNkgfQ9eM+B/8AlIX8UP8AsjPgP/07eL69moAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigCtrGj6V4h0i60DXdOhvLG+tnt7y0uYw8c8TqVdGU8MpUkEHqDXyn+zHrGq/sQftBSfsKePtQmk8E+JHn1P4K63eSFhGm7fcaM7nq8bNujzyQ3XLoo+ta8t/a/8A2ZtG/an+Dlz4Ek1JtL12xuE1Lwh4hhJWbSNUh+aC4Rl5Az8rY5KscYOCPUy3E0Yc2GxD/dVLJv8AlkvhmvOLeq6xcl2PKzPC1p8uKwy/fU7tLbmi/ig/KSWj6TUX3PUqK8T/AGH/ANpnWfj58Pr7wr8UdNXSviT4Gvf7H8f6IwCmO7TIW6QDgwzqpdSPlzuAJCgn2yuPFYWtg8RKjVXvR+59mn1TVmn1TTOzCYqjjcNGvSfuyXzXRpro00010aaCiiiuc6QooooAKKKKACiiigAooooA8h/aU+F3ilNRsP2hvg3bD/hMvC8Z8yzXga1p+cy2bgfeOMlO4PTkqR3fwm+KPhb4y+ArD4heELkvaX0WWif/AFlvKOHicdmVsg/mMgg10deA+Oba4/ZF+LUnxe0WB/8AhX3i69RPGVjEpK6RfOdqX6KOiOTh8dz3JQD4/ME+GsxlmcP92qte3XSEtIxrpdto1v7vLV3hNn12Aa4jy+OWz/3mkn7B/wA8dXKg/PeVH+9zU9pxR79RTLa5t7y3ju7SdJYpUDxSxsGV1IyCCOCCO9Pr69NNXR8k007MKKKKYgr5U+K0cn7CX7TqftEaWjRfC/4mX8Vl8RbZB+60XVmOINUwOFSQkrKeBkljuZkA+q6xfiN8PvCXxX8Cat8N/HekpfaRrVi9rf2z/wASMMZB/hYHDKw5VgCORXFjsLLE0k6btUi+aL7Nd/KSvGS7PukedmWCnjKCdJ8tWD5oPtJdH/dkrxkuqfdI2Y5I5Y1licMrAFWU5BB7ilr5s/Ym+IXi34XeK9X/AGEPjXqr3HiDwZbC48Gazc8HXvD5O2CQeskPEbgdAAOdjNX0nV4PFRxlBVErPZp7xktGn6P71ZrRmmAxsMfhlVSs9VKL3jJaSi/NP71ZrRoKKKK6jtCiiigAooooAKKKKAOF/aU+PnhD9mT4Ka98afGrbrXR7Qtb2aNiS9uWO2G3T/aeQqvsCSeAa89/YD+Afi/4a/D/AFT4yfGpPN+JfxOvxrnjKZ0w1puH+j2C5+6kEZ27f4WZgCQFrhdS/wCM8f23U0Nf9J+FnwJ1MS33eDXPFePlj9HS0UnPo+QQVkFfW1e1if8AhOwCwq/iVLSn5R3hD/2+S7uCex4WF/4U8weLf8OleNPzltOf4ezi+ym1uFFFFeKe6FFFFABWB8U/Hdh8MPhxrfxB1LaYtI0yW52MceY6qdifVm2qPc1v18Z/8FRfjv4r0bU9P+A2jGGLTL7TYdS1Z9oZ7gidxHCc/dUNCHP97I7DB+T444lo8JcMYjMZ35kuWFlf95O6h8k9X5R8z6rgvhyrxVxJQy+FuVvmnd29yNnP5taLzfke/fsfeA7/AMCfATRzru5tW1zfrOsyuMO9xdHzTu/2gpRT/u16dXDfs1fETxB8V/gX4c+IHinR0sb/AFGyZri3jjKIdkjxh1U9FdVDgejiu5r0uHIYOnw/hI4Rt0vZQ5W1ZtOKd2nqm7uTv1k/V+bxDPF1M+xcsUkqntJ8yTuk1Jqya0aVklbol6Iooor2jxwooooAKKKKACiiigD5n/b5J+L3j74VfsdWhMkPjLxWNW8UxLyP7H04CeVH9BI+0KT/ABR4r6YAAGAMAdAK+Z/2bP8Ai+X7b3xY/aMm/faX4RWHwF4WlPK7oCJr9h2z55UBh1ViK+mK8vLf3062Kf25WX+GF4r73zs8XKf9oqV8a/8Al5K0f8FO8F98ueXzCiiivUPaCiiigAooooAK8Z/YP/5Ihrn/AGWb4j/+prrdezV4z+wf/wAkQ1z/ALLN8R//AFNdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK83/bJ8cfDT4ZfshfFX4k/GfwKPFHg7w98N9c1PxZ4ZMMcg1fTINPnlurPZIQj+bCjx7WIU78HjNekV5F/wUD+Ffjn46/sF/G74I/DDSF1DxL4y+EXiXQ/D1g9zHCLm+u9LubeCIySMqRhpJEXc7BRnJIAJoA+Wfif+xr/AMEMfgv+xzpn7bnxJ/4Js/Da08J6lp3h+6+zWnw8sp7uH+17mztbVCgABIlvYQ5DYADEZxz7x4I/4JFf8Ev/AIa+NNI+I3w//YJ+Feja9oGqW+paJq+neDrWK4sbuCRZYZ4nVMo6SKrKw5BUGvz3/aM0X/gv9+0L/wAE/NP/AGCrz/gkD4a0u00+w8LWw8SxfHvRZZHGi3+n3it5BkUDzTYBCN/yiUn5tuD9UfCL9sf/AILpeKPix4X8NfF3/gjb4X8L+E9R8RWVr4n8TW/x90q8k0jTpJ0S5u1t0+adooi8gjX5nKbRyaAPuuiiigAooooA8Z8D/wDKQv4of9kZ8B/+nbxfXs1eM+B/+UhfxQ/7Iz4D/wDTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD5a/bZ8AeLvgJ8RtO/wCCh3wO0WW71Dw7aCy+J3h60GDr/h/ILyY6Ge3ADqx/hQZO2Pafoz4efEDwj8VfA2lfEjwFrMWoaNrdjHd6deQniSJxkZHVSOhU8ggg4INa80MNxC9vcRLJHIpV0dchgeCCD1FfIvwmmm/4J6ftPj9m/WpWj+EfxP1KW7+Gt5I37rQNYc7ptJJP3Y5Sd0Q9SANzGRh7lP8A4VcD7J/xqS93vOmtXHzlDWUe8OaP2UeDU/4SMf7VfwazXN2hUeil5RnpGXafLL7TPryiiivDPeCiiigAooooAKKKKACiiigAqn4g8P6N4r0O78NeItOivLC/t3gu7WZcrLGwwyn8DVyipnCFSDhNXTVmnqmno011TTsyoTnTmpwdmndNaNNapp90zwr4G+INZ/Z9+Ig/ZW+IWoyz6Xcq8/w41u5b/j4tgctYu3TzYs/L6r6AoK91rivj18F9J+OHgOTwzc3bWOpWsq3eg6vDkS6feJzHKpHOM8EDqCehwRkfs2/GfV/iLo994H+Itoth438LTC08S6fwBIcfJdR+scg+YEcAnjgqT8llM55Bj1k1d3pSu8PJ9lrKg2/tU1rTu7ypaaypO/1WaQhnuBeb0VarGyxEV3eirJL7NR6VLaRq66RqK3plFFFfXnyYUUUUAeG/tu/ALxZ8R/DGlfGT4KsLb4l/Du6bU/Cdwo/4/VA/f6fJ03RzICu0kfNgZAZs9v8As1/H3wn+0v8AB7Sfiz4TVoReRmPUdOlP73T7xPlmtpBwQyNnqBlSrYwwru6+A/2qf2mNJ/4Jjfti6hrfgDw//bmkfEvQ11nxN4L+2G0S0vxM8S38MvluoMuyXem35mUkkfJjw8wr0snr/XZu1OVoz9dozS6v7MratWf2T5vNMTQyDEf2jUdqM2o1PJ7Qml1enJJLVx5Xryn35RXG/s/fG7wn+0d8HNC+NXgiK4j03XbVpIobpQJIXSR4pY2xwSskbrkcHbkcGuyr2aVSnWpxqQd4tJp909UfQUa1LEUY1abvGSTTXVNXT+4KKKKs0CiiigArwv8Ab1/aG8T/AAZ+F9l4D+EUX2r4kfEPUBoPgSyQ/MlxJgSXjddscCNvLEFQxTdwSa9t1XVNN0PS7nW9Zv4rWzs7d57u6nkCRwxIpZnZjwFABJJ6AV8sfsa6VqX7WPx313/goT43sJU0ZUm0D4OaddIVNtpUbss+obT92S4fcAeGC715Uqa9bK6NKLljK6vTpWdn9qb+CHo2ry/uxfc8jNa9WShgqDtUq3V19mC+Ofqk+WP9+S7M9s/Za/Z68MfsufA7Q/g54Zl+0HT4DJqmpOP3moXsh3T3Lk8ku5JGScKFXOFFehUUV51etVxNaVWo7yk22+7Z6VChSw1CNGkrRikkuyWiCiiisjUKKKKAML4mfEPw58KPAeqfEPxZc+XY6XatNLgjdIeixrnqzMQoHqwry39n34EWXjDQ7/4yftB+CtM1bxL4zukv5LLV7CO4TS7UDFtbIsqnYVQgngHJAPK5qp4p/wCMpP2ho/AEP73wP8OrtLnxAw5j1PV+fKtfRki5LD1ypHKmveq+Nw9KlxNm8sVWipYbDuUKaaTjOp8NWpZppqGtKndNX9rJdGfX16tXhvKY4WlJxxNdRnUabUoU/ip07pppz0qzs07eyi+qGwww20KW9vCsccahY40UBVUDAAA6CnUUV9kkkrI+Qbbd2FFFFABRRRQAUUUUAFfPP/BTf9pj4lfsq/syv8QPhRaw/wBsX+uW+lxX88AlXT1kjlc3GxgVYgxBAGBXMgJBxg/Q1fLHxSsbL9s39tfT/gfeWcWofD/4QRx6x4yt5oxJb6lrcyEWlm6nKuscZZ2ByDmRGHSvLzipWWCdKjLlqVPdi1um+vpFJtvt52PFz6rXWXSoYeTjVqtQg1upPd+kYqUm+iWmrRw//BDj4u+LfHfwQ8U+BNf8Polr4d1xZ7XXFRg2oS3hmlmWRjw8iFFJbrtlQEcAn7frL8H+CPBfw80OPwx4A8IaXoemxMzRado+nx20CEnJIjjUKCT14rUrTKsHVy/LqeGqT53FWvt1f5ba69zXJMBWyvKqWEq1OeUFbmta+r/K9tde+oUUUV6B6oUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRXy1+3D+3z8e/2PPip4I0jTf2LH8T/D3xV428N+GdQ+I8/xEtLBbC81fUksVWKwEM1xcNEZEkbcIkYNgSZBIAPqWivJf2hviF+2l4O8QWFn+zF+y94F8eaZNZl9SvvFfxbuPDsttPvIEaRRaPfCVduDvLocnG3jJ5n/AIJpftoeNf2+f2aD+0X4v+Clh4IguvFWraXodtpXi5tattVs7G5a0/tCG4eztG8qWaKcIDECURXz8+1QDa8D/wDKQv4of9kZ8B/+nbxfXqviG+vbZbSx02RY5r67ECTMm4RgI8jNjudqHHuRXlXgf/lIX8UP+yM+A/8A07eL69S8Qf8AIW0P/sKv/wCklxQAg8P6vjnxzqmfaG0/+MUv/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqVz3xa+Kfgf4G/C7xF8Z/ibqs1h4c8KaLc6tr1/b6fPdvbWdvE0s0oht0eWTaisxVEZsA4BoAu/8I/q3/Q86r/35tP8A4xR/wj+rf9Dzqv8A35tP/jFcve/tO/AbTv2aH/bEvPiRZp8NU8Gf8JYfFYilMJ0c2v2oXQQJ5hBhwwQJvOQoXccV8of8FLP26/8AgoD8HP2Xrv8Abg/YE8H/AAa1j4S6X8LIfGV3rnxRGuRarfCQPKsFtpsKQMgNubd83EsTBpGVkBTBAPtf/hH9W/6HnVf+/Np/8Yo/4R/Vv+h51X/vzaf/ABisr4G+N9W+JvwT8HfEjXre3hvvEPhbT9SvYrRGWJJZ7aOV1QMzEKGcgAknGMk9ap/tE6n+0DpHwb1m/wD2WfCvhfWvHqrAvh/TvGmqT2elyM08aytcTQRySKqQmVwEUlmRV43ZAB0P/CP6t/0POq/9+bT/AOMUh0DWQMx+ONSLDoJILUr+IEIP6ivlH/glh+2X+2H+0n8R/j58FP20dA+Gln4m+Dfjqy0GOb4X22oJY3Cz2K3TEvfSvJKRvChtkWcH5K+w6AKPhzUbnVNJS5vFUTJLLDNsGFLxyNGxA7AlSfxq9WX4P/5BM3/YVvv/AErlrUoAKKKKACuA/ab/AGePBf7UfwZ1b4PeNg0Ud9GJNO1KFf32nXicw3UR4IdG54I3KWU8Ma7+itaNarh60atN2lFpp9mjKvQpYmjKlVV4yTTT6pngH7Cn7Q/jPx9o2s/s9/H7bbfFP4bTrp/ieNj/AMhW3x/o+pxZxvSZNpJH8RyQodRXv9fnh/wXP0P4pfDW98C/tM/Aka3oOpQWt/o3ijxf4ZvZrW4itnMD2sEskLAiMt9oIJ4BwM8rWn/wTz/4KWzeDvgro/g79vfWfE+ialfXjnwp428U6FcJZavYFU8vdeFSHlVxMDI+FKBCXJzX1WL4eq4/LY5tgkmpvWnH4oyV+blV9Y3XMklzRjLZpJnyOE4jpZfmksnxzadNaVZaRlF25eZtaSs+Vyb5ZSjum2j78oqh4a8U+GfGmiQeJfB3iKx1bTbpN9rqGm3aTwTL6q6Eqw+hq/XyLjKLs1Zn2UZRkk07phRRRSGFFFFABRRRQAUUUUAFePftJfDTxVpmsWP7SXwas9/izw1CVv8ATo+Brmm5zLauB95gMsh5ORgAnbj2GivNzfK6GcYGWHqNxejjJfFCcXeM4vpKL1XRq8XeMmn6OVZnXynGxxFNKS1Uov4ZwkrShJdYyWj6p2krOKa5/wCFvxL8LfF/wJp/xC8HXnm2OoQ7lVsb4XHDxOOzq2QR7cZGDXQV4B4shl/Y++Lb/EnTImX4ceMr9U8T2sYymiai5wt6oH3YpDgPjof+ALXvsM0NxClxbyrJG6hkdGyGB5BBHUVxZFmlfGQnhcYlHE0Wo1Etnf4akP7lRLmW/LLng9Ya9md5ZQwk4YnCNyw1a7pt7q3xU5f36bdn/MuWa0lo6iiivfPCCvEf2tP+Cf8A8Af2yr/S9b+KUer2Wp6REYLfVNBvI4Z5ICxbyH8yORWQMWYfLkFmwRk59uorDE4XDYyi6VeClF9Hsc2MwWEzDDuhiYKcHumrrTY+Urj9lT42fsVSnxl+wvqs+u+GEAfXPhH4j1FnjucAb5rC4fJgnbGSp+ViT97Cx16/+zh+1p8KP2mNMuYvCV1c6Z4g0tvL8QeENbh+z6lpcoOGWWFuSoPG9cr2JByo9Orx39o/9jPwF8eNTtviLoGsXng34g6UM6J478Pny7uEgYEcwBAuYuxR/wCEkAqCc+f9Tr5f72C1h1pt6f8Abjfwv+6/cf8Ad3PK+oYnK/ey7WHWk3Zf9w278j/uu8H/AHHqexUV8z+A/wBsf4g/A7xZZ/BT9vjQ7XQb+6l8jQPiTpykaFrpHTzHwBaTkclWwvU/INufpaKWKeJZoZFdHUMjqchgehB7iu3C4yhi4vk0a3i9JRfZrp5PVPdNo9HBZhhsfFum2pR0lFq0ovtKL1Xk9U902h1FFeJfte/tdL8BINM+GXww8N/8JZ8UvFxMHg3whbtksxyDd3JBHlW0eCzMSN21gCAHdPSwuFr4yuqNJXk/kkurb2SS1beiRpi8XQwVB1qztFfNtvRJJatt6JLVv8PFv2x/2pvh3+1b8TNB/wCCc/wM+LFp9p8Va89p8R9ZtZSi2OnW6+bPZQysAs0820x4jLgbWRvvHH2N4U8LeH/A/hjTvBnhPSorHS9JsorPTrKBcJBBGgREUegUAfhX5vfsrf8ABDj4yfCb9pHwp8Xfib8XvDs+j+GtUtNYMOjPcNeXF5CySiEiSJUWPzVwX3kso+6pbj9Ma9/iJZVhoUMJl1b2lOKbk7bzb1b0V9Eklb3Vpd3bPnuGnm+JnXxmZ0PZVJNRir7QS0S1dlzNtu/vN3srJBRRRXzB9UFFFFABXmv7T3xd1f4aeCYNB8Cwi58X+KboaZ4WsxjPnvw059EiU7iTwDtB4NeiajqNhpGnz6tql3Hb21rC01xPK21I41BLMxPQAAkn2rxH9njTr/46fEvUf2sfFVpIlgVk0z4e2NwuDBYqxWS72no8zZ56hdw5BWvmuIcZiZKnleDly18Rdcy3p01b2lX1SfLDvUnH+Vn0eQYTDxdTM8ZHmo0LPle1So7+zp+ja5p9qcJfzI9F+BXwi0n4I/DSw8B6bMbiaIGbU79877y7fmWZieSS3TOSFCjtXX0UV7mDweGy/CU8Nh48sIJRil0SVl/wXu223q2eJjMXiMfip4nES5pzblJvq27v/htkkktEgooorpOcKKKKACiiigAooooA89/am+POk/s1/ArX/i3qMIuLiwtfL0iw5Jvb6Q7LeAAcndIVzjkKGPasH9iD4C6t8BvgZa2njeZrnxh4lu5de8bX8uDJPqdyd8isR12DbHxwShI+9Xn3jD/jLr9uzT/h7H+/8DfBBo9W17vFfeI5VP2WA9m8hMucdG3qw5FfUNeThv8AbMfPEP4YXhD1+3L77QXlGR4mE/4UMzni38FO9OHm/wDl5L70oJ9oy7hRRRXrHthRRRQAUUUUAFFFFABXjP7B/wDyRDXP+yzfEf8A9TXW69mrxn9g/wD5Ihrn/ZZviP8A+prrdAHs1FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfnp/wAF7v2xf2Wvg/4O+FvwZ+KHx58NaF4ri+OXw98VyaBqWpLHdLolv4khafUCh58hBbXBZ+g8l/Sv0LooA+P/APgox+25oF//AME0dQ+Jn7GvxD0zxPrfxkntvAnwd1jRLwSQ32s6vcnTopoZF4JgzcXBPQC0b0r6I/Zo+Angv9lr9nrwT+zh8O4NmieB/C9lounEoFaVLeFY/NfHV3Kl2PUsxJ613FFAHzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPc/EH/IW0P8A7Cr/APpJcV5b4H/5SF/FD/sjPgP/ANO3i+vUvEH/ACFtD/7Cr/8ApJcUAcN+0b+zP/w0V/Y3/GQPxO8C/wBj/aP+Sc+K/wCy/t3m+V/x8fu383Z5XydNvmSdd3HmP/Ds/wD6yBftN/8Ah1v/ALmr6bor0aGbZjhqSp0qlorpywf5wb/E83EZPluKrOrVp3k93zTXlsqkV+CPmT/h2f8A9ZAv2m//AA63/wBzUf8ADs//AKyBftN/+HW/+5q+m6K2/t3Nv+fv/ktP/wCVGH+r+T/8+v8Ayap/8tPmT/h2f/1kC/ab/wDDrf8A3NXT/Bz9hv8A4U98SNO+I3/DYPx08U/2d53/ABIfGXxB+3abdeZC8X76DyV37d+9eRh0Vu2K90oqKmdZnVpuE6l01Z+7DZ+lNP7mvU0p5HlVGopwp2ad171TdetRr70/QKra1o2k+I9Hu/D2vadDeWN/bSW97aXEYaOeJ1KujKeCpUkEdwas0V5Z6p+GGn634s1b4aaZ/wAGwt/qd9Jr1l+0g/h7Up3kb7RJ8I7cr4jS8aX+F3tmis1GcEDZk5wfvr/gvL8TPg78P/8Agk/8cPhZrPxB8NaJq2pfCq+i8P8Ahy61a3trm6QKEVbe3Zg0gGNoCKemO1fVEfwD+BUPxhk/aHi+C3hJfiBLpn9my+OV8OWo1h7Pj/Rje+X55i4H7vft4HHFYXxu/Yy/Y+/aZ1qz8SftIfso/DX4g6jp1qbbT7/xv4F0/Vp7WAsXMUb3ULsibiW2qQMknFAGF+w58Zvg/wCPf2TfBE/gT4q+G9bTQPAGjJrraPrlvdf2cwsI8rP5bt5R+R+Gwflb0Ndt4W/aF+A/jf4P2/7QnhL4zeF9Q8B3Vu1xb+MrbXYG0uSJZDE0gud/lbRIpTO7G4EdaofBn9k79lj9nHStW0L9nn9mn4f+A7HXtn9u2fgzwbY6XFqOxWVPPS2iQTbVdwN4OA7AdTVqL9mn9nKD4KH9mqH4AeCU+HJtTbHwAvhWzGieSZTKYvsPl+RsMhLldmNx3YzzQB8J/wDBJv8AaH+AFz/wUL/bUs7f45eDpJvFXxs0c+GIk8TWhbWB/Y8CZtQJM3Hz/L+73fNx1r9Iq8T8E/8ABNT/AIJzfDXxdpvxA+HP7AXwT0DXtGvI7vSNb0T4VaRaXdjcIdyTQzRW6vE6kAhlIIIyDXtlAGX4P/5BM3/YVvv/AErlrUrL8H/8gmb/ALCt9/6Vy1qUAFFFFABRRRQAVR8R+GfDfjHRbjw34u8P2WqaddJsurDUbRJ4Zl9GRwVYexFXqKabi7p2YnGMlZq6PmXxN/wTM8C+FdbuPHX7H3xW8SfBvX5n8yWPw3cm40i6ft5+nzExuOmFUqo/u1R/4aJ/b2/ZoP2f9pj9nSD4keHYPv8Ajb4TZe7RB/HPpsuHLY5YxlUXHevqiivWWcVqq5cZBVl/e+NelRWl9/MvI8eWS0KTc8FN0X/d+B+tN3h9yg/M8t+Af7aP7M/7S6fZ/hJ8VtPvNSUH7RoN4xtdRgZfvBraYLJ8pyCwBXI6mvUq8o+Pn7Ef7Mf7Sj/2j8UPhbZSawhDW/iPTM2epQuv3WFzCVdtp5AcsvtXlv8Awof/AIKC/szfvv2ePj/a/FTw5B93wd8VDt1FEH8MOpR4Lv0A83ai46Gn9VyvF/7vV9nL+Wpt8qkVb/wKMfUn63m2D/3mj7SP81Lf505O/wD4BKXofVNFfNHhP/gpr8M9E16DwF+1l8OfEfwa8RzNsjj8XWpfTLl+/kahGPKkQf32CLx1r6M0LX9C8UaRBr/hnWrTUbC6jD2t7YXKzQzKf4ldCVYe4NceLy/GYJr20Gk9nvF+kleL+TO7CZjgsen7Com1utpL1i7SXzXzLdFFFcZ2hRRRQAUUUUAUfE3hrQvGXh698K+JtNjvNP1C2aC7tpRlZEYYI9vqOQeRXjXwG8S658CvH5/ZR+JOpST2pief4d63cn/j+shybNm/56xDgDuo6AbM+51w/wAf/gtp/wAbvAraGt82n6xYTreeHdZiyJLC9TlJARztJ4YdwfUAj5zPcuxUpwzLAL/aaKdleyq03rOlJ/3rc1Nv4Kii9pTPockzDDRhPLsc/wDZ61rvd05rSNWK8r8s0vjpuS3jA7iivNv2b/jTqHxP0C88L+O7Ead408MTiy8UaYcDEo+7cIO8UgG4EcdQMjBPpNerluY4XNsDDF4d3hJddGmtHGS3UotOMovVSTXr5eY5ficrxs8LiFaUX01TT1UovZxkmpRa0aafoUUUV3HEFFFFAGP488AeCfih4UvPA3xD8L2Ws6Rfx7LvT7+ASRyDscHoQeQwwQQCCCM180y/Dj9pH9gKRtV+BcepfEv4SxMXuvAV3OZdY8PxdS2nytzcRL/zxbngAclpK+rq8b/a7/a40v8AZv0bTvCvhLw7J4p+IviuU2vgnwVZHM19OePOlx/q7dOrucDAIBHJXF5RLNcTGNC6q/ZkrJpbu99HBbyUvdtd6bnjZvh8EqX1upN05wWk4/Er7Rt9tN2XI07t6Weq4j4kf8FN/hDc/DPSLn9mc/8ACd+PvF87WPhPwRbgpdR3YHztexkhraKLO52bAYD5W25deo/ZB/ZFu/gtPqfxm+M/iNfFfxZ8XASeKvFEi5W3U4K2NoCB5VtHhQAAN+0EgAIq+S+C/wDgmd8V9AsG/aHtf2gbnSvj7qN9Nqmq69aQqdHkeYKW01rYLhrYbQu/G4nL7ThVHpnwU/bZuJPG8P7P37Wfg5fh98RG+WyWaXOleIBnAlsbgnadxx+6Y7gSFBZgQN55xLLaby6pZOTs60b8lXXSKbScF/cl8cveUpLlivHwVfEyxtOtnMeSWnsv+fabVrvV8tZ9pO0U+WnJvmb+gaKKKR9iFFFFABRRXKfGz4s6H8E/htqXxC1xfNFpHts7NT893ctxFCvfLNjpnAyegrnxeLw+Aws8TiJKMIJyk3skldv+t9EtWjowmFxGOxUMPQi5Tm1GKW7bdkv6829Ezzn9pHVtT+M3j7TP2SvB17JFFfRrqHjy/t2wbPTFYEQZHR5mwMehGQVY17TpGkaZoGk22haLZR21nZW6QWtvEuFijRQqqB2AAArzj9l34T654C8JXfjT4hsJvGXi+6/tLxLcMOY3Yfu7YeiRKdoHQEtjjFen14PD2ExFR1M1xkXGtiLWi96dJX9nT8nZ89TvUm19hHuZ/isPTVPK8JJSo0L3ktqlV29pU81dclP/AKdwT+2wooor6Y+bCiiigAooooAKKKKACvOP2sfj5Yfs1fAfXfipLbi5v7eAW2g6ftLNe6hKdlvCFHLZcgkDnarHtXo9fL2u5/a7/bxtfDC/v/AvwLZL7Uu8V/4mlU+TH6N9mQFuOVkDKRhq8/Ma9SlQUKX8Sb5Y+Te8vSKvJ+iXU8vNsTVoYZU6D/e1HyQ8m95ekI3k/RLqej/sU/AO/wD2fPgRY6B4ruDdeKtbuJda8aag7BnutUuTvmLMPvbfljB7iPPc161RRXVh6FPC0I0ae0VZf13erfm2dmFw1LB4aFCkvdikl8u/m9W31bbCiiitjoCiiigAooooAKKKKACvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9epeIP+Qtof/YVf/0kuK8t8D/8pC/ih/2RnwH/AOnbxfXqXiD/AJC2h/8AYVf/ANJLigDUorjPi7+0J8IPgP8A2f8A8LW8Xf2V/avm/YP+JfcT+b5Wzf8A6mN9uPMTrjOeM4NcX/w8I/ZB/wCiu/8AlA1D/wCR68LGcUcM5diZYfF42lTqRteMqkIyV1dXTaaunf0PbwfDPEeYYeOIwuDq1KctpRpylF2dnZpNOzVvU9norxj/AIeEfsg/9Fd/8oGof/I9H/Dwj9kH/orv/lA1D/5Hrl/124N/6GVD/wAG0/8A5I6v9TeL/wDoX1//AAVP/wCRPZ6K8Y/4eEfsg/8ARXf/ACgah/8AI9bXw9/bG/Zw+KvjCz8BeAviN9v1a/8AM+yWn9kXkW/ZG0jfNJCqjCIx5I6Y64Fa0OL+E8TWjRo4+jKcmkkqsG23okkndtvRIyrcJ8U4ajKrVwNaMIptt05pJLVttqySW7PTaKK5X46Xvxd034LeLdS+ANlo9z45tvDl7N4PtfEEEktjcaksDtbRXCxSxOYmlCK211IDEg8V9EfPnVUV8Oal/wAFgrRf+CI8H/BUTR/CtjN4svvBsUFj4QMMpifxlJcDTf7M8oOJmjXU8oUDCTykJyD8w8w/4Lm/sJ/Db46f8EwfHH7XX7XXhL+0vjF4J+BKqBoXiXVLXQtN1WJGmmmttPF20L4nmlCvP5z7FjBY7QaAP0yorz39kj/k1L4Y/wDZPdF/9IYaT9p39l/4V/te/DA/Bv40jW5fDc+ow3Wo6fofiO70tr9YskW801pJHK0LE5aMOA20A8cUAeh0V+Vmrfs1fAL9jj/gtL8AfgX/AMEr9CvPCmr3Wm6xqf7R3hDw5rV3NoqeF/soWzudTglleOK6a5YCBgBIzMpbKlCf1ToAy/B//IJm/wCwrff+lctalZfg/wD5BM3/AGFb7/0rlrUoAKKKKACiiigAooooAKKKKACiiigDN8WeDvCPj3QZ/C3jnwvp2s6ZdLtudO1WyS4glHoySAqfxFfOmu/8E0fD3gLV5/Gf7Fvxp8TfB/WJpDLLp+lXBvtEupPWawuCUPoNpCqOi19O0V24XMcbgk1Rm0nut4v1i7xfzXzOHF5bgcc060E5LaSupL0kmpL5O3kfK/8Aw1B+2/8As1/6L+1d+zMPGmgwcP48+EZa5ZUH8c+nSkSrxy7qQg5wDXr3wF/a/wD2bv2mLTzfg18WdL1W6VS0+kPIYL6DHXfbShZVAORu27eOCa9KryD49fsJfsv/ALRl5/b/AI++Glvba+jB7fxVoMhsNThkH3XE8OGcjsJN4HpXZ9ZyrGfx6TpS/mp6x+dOT/8ASJL0OP6rm+C/3eqqsf5amkvlUiv/AEuD9T1+ivlb/hT/APwUW/Zj/e/BD40af8ZPDUH3fC3xIYW2sJGP4IdRTCyuePmmwo7LWt4J/wCCm/wdg8Qw/D39prwf4g+DniiU7VsfHNmY7G4bu0F8o8mSMf322A9qmWTYipFzwklWj/c+JesHaa+SkvMcc7w1OShjIujJ/wA/wv0qK8H83F+R9J0VX0rVtK13TYdZ0PU7e8s7mMSW91aTLJHKh6MrKSGB9RVivJaadmewmmroKKKKQzxv9pD4c+KfDmv2f7TnwcsTJ4l8PQGPWdLj4GuaZ1kgYDrIoG5DyeMYJCgej/DT4jeFviz4H074geDb8XGn6lAJIicbo26NG47OrAqR6g1u18C/tEfG74ofsk/tJ+JfCfwSvX0bQ7+7ttTl0q4s45ra5mkhRpXiDoTGjMWUhCOUIyMAD834nzrC+HmIeb1FJ4XESUakIq7jVa92rFaL31Hlqq6u1CavLmUv0PhrJ8Vx9h1lVNpYmhFypzk7KVJP3qUnq/dcuam7OycoO0bNffVFeG6H+2s/9i2d54z/AGbfibp801rHJPNB4UaW13FQTscPkrnplQcYyKtD9vj9nS0OPEmq65ox7jVPDV2mPrtjavfhxtwnKClLGQhez9/mp766+0pw79/meHPgzimMnGOElO2nucs9u3JOf5fI9oory7Sv21P2WdYx9k+NOkpnp9q8yD/0ai4rnP2iv29fg98HPhwfEHw/1mx8c+I9QmFn4c8NeHdQjuJLq7fhPNaMnyIR1aR8ADgZJAPrYDOskzStGlhcXSnKTsrVaf61F9/RHk4/J85yyjKrisLVhGKu70qn6QfyXVmp+1z+1toX7NHh6w0bQ9Bl8T+PfE8xs/BHgqwObjUrk8b2xzHAhOXkPAHA5rE/ZE/ZJ134aazqP7Q/7Q+vQ+J/i74qiH9t6wBmDSLc8rp1kD/q4U4BIwXIyeMVR/Y1/ZmvfDmv3/7TX7QHjDT/ABb8W/E8AGo6haTrLa6DanldOsQCQkag4Zhy5zyRkt9E19VXxeGwuHeFwU1JS+Oovt/3Yv8A59p/ObV37vLE+Vw+DxOLxKxeOg48v8Om/sf3pLrUa+UE+Ve9zSCuR+NfwJ+FP7Q/gif4ffF3wfbavp0vzReaNsttJjAlhkHzROP7ykdwcgkHrqK8WpTp1qbhUScXunqmerVpUq9J06sVKL0aaumvNM+UF8T/ALS//BPpha/EB9W+KnwegOIfEcUfm6/4Zh7C6Qf8fcCj/loOVAJO0BUP0j8Nfif8P/jF4OtPiB8MfFtlrWj3ybre+sZdyk91YdUcdCjAMp4IBrdZVZSrAEEYIPevm74lfsYeMPhh4yu/jv8AsJ+JLXwl4iuX83XPBV4p/sHxFjkh4lwLaU84kTAyf4NzPXl+yxeW60b1KX8t7zj/AIW/iX92Tuvsyex4vscdlGtC9Wj/ACN3nBf3G376X8knzL7MnpE+kqK8W/Z1/bR8IfGPX5vhL8QvDl34E+JOnLjVPBOvMFlfAyZbWThbqIgEhl5wM424Y+016GHxNDF0vaUpXX5Pqmt011TSaPVwmMw2Oo+1oS5l+KfVNOzTXVNJrsFeC6Vj9qb9opvET/vvAvw0vTFpw6xaprYHzS+jJAMAH+9ggkMRXRftUfEvxHoujad8HfhjNnxj43nax0tkPNjb4/f3jY5UImcHrk5GdpFdt8KPhp4c+D/w90v4c+FYdtpplsIxIRhppDy8rf7TMSx9z6V8xjv+F/Oll61oYdxnW7SqfFSpeajpVqLypRe7R9pgf+EHJnj3pXrqUKXeNP4atXyctaVN+dWS2TOiooor64+UCiiigAooooAKKKKACiiqmv67o/hbQr3xN4h1GKz0/TrSS6vrudsJBDGpd3Y9gFBJ9hSbSV2JtRTb2R59+158foP2bPgNrPxJgt/tWrFFsfDWnBdzXupTnZbxKo5b5juIHO1GxVb9jH4A3H7OnwG0zwfr9z9q8SajLJq3jDUXfc93qlyd87s38W04jDd1jB6mvmnwB+1h8Hf+Cg37f3hHw/puq3Nt4V8Aaddar4b0vVrfy313W1OBOEBYbIYQZYwxDgox2gFgPuuvGwFejmmLnjKclKELwhb5Ocvm7RX91dmfPZXicPnOOqY+lJSpwvThbXs6kvm7RX92Lez1KKKK9o+iCiiigAooooAKKKKACiiigArxn9g//kiGuf8AZZviP/6mut17NXjP7B//ACRDXP8Ass3xH/8AU11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiivkL/got+1J+3h+yl8RPh74y+FGh/CO4+FXiD4leEfCevf8JDFqlx4hkl1bV47KdrdIZIbaFY45VZHdpSWzmPAGQD69or5U/b8/4KB6l+zl8UvCv7N/wy8YfDTwz4n8Q+Hr7xLr3jj4waybPw74T0K1nt7Y3VwFlha5mnurqGCGBZogSJGaRQgDexfsm+NfiX8Rfgrp/jX4ofE/4beNLrUJpZdO8U/CZZl0XUbPOI5YhNcXJDZDBts0i5HDdQADC8D/APKQv4of9kZ8B/8Ap28X16l4g/5C2h/9hV//AEkuK8t8D/8AKQv4of8AZGfAf/p28X16l4g/5C2h/wDYVf8A9JLigDUooooAKKKKACiiigAooooA/KrR/wDglj+2Ha/8FN4vhLc+ArQfsgab8fJ/jrYat/blp5jeIpNOXZpAsxL56QR6o0l0B5Xkle4bFe+/8FsrL9t74yfsr+N/2PP2Tf2FdT+JcPxI8B3enXPjC1+IWiaTBolzIxRY5LfULiKSf5QH3J8vzYzkV9sUUAfOP/BPr4g/td6j+zzH4I/aP/Ye1P4V6v4I8M6bpmh2upePtH1ceInhtDG7o2nzSLbAPEgxKQf3oIztNc78f/jp/wAFVLv/AIJuJ8SfgB+w7pth+0drkX2U/Di98eaXd23hlnmlQ3jXkk0Vre+XCscqxhwC8qg5COD9YUUAfnb/AMEuPCH7WP7Jj2vw78Vf8Eo/iJb614815L/4wfHfxj8XfCeoahrF++fM1C7jtb+Sdoo8sIrWEMIkO1QWLs36JUUUAZfg/wD5BM3/AGFb7/0rlrUrL8H/APIJm/7Ct9/6Vy1qUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABWT428BeB/iV4em8JfEPwfpmu6XcDE+n6vYx3EL+5SQEZ9+1a1FVGUoSUouzXVaEyhGcXGSun0eq+5ny/qv8AwTZh+GOpTeK/2H/jz4l+E+oSSGWTQopjqWg3L9T5llcEhSem4NhQflWq/wDw1t+2N+zd/on7YX7LsniDRYOJPiB8JC17AEH/AC0nsZMTQgDlnyF67VNfVFFess4qVly42CrLu9J/KcbS/wDAudHjvJadB82BqSovtHWHzpyvH/wHkZ578Cv2rv2d/wBpbTP7R+CfxZ0nXHWPfPYRT+XeQD1kt5AssY7ZZQD2Jr0KvGfjr+wH+y7+0Bqf/CVeKPh8ukeJUk8238XeFZzp2pwy9pPOhx5jDt5gcD0rzz/hXH/BST9mEeb8LPifpXxw8MQfd8PeOWGn67HGP4Ir9f3c7erzevC0/qeW4v8A3WtyS/lqWX3VF7r/AO3lD1F9dzTB6Yqjzx/npXf30376/wC3XP0PqmsnxB4B8C+LNQtdW8U+C9J1O6sW3WVzqGmxTSW5znKM6koc88YrwjwB/wAFNfgXfeI4vh1+0BomufCHxY/H9j/ECxNrBMehaG8/1MkeSMOxTd2FfRFhf2OqWUWpaZexXNvPGHguIJA6SKRkMrDgg+orzMfldailTxlHR6rmSlF21TTtKLtumm7b6M9PL81oYhupg62q0fK3GSvo01eMo32aaV9tSWggMNrDIPUGivK/2r/2rfBf7K/geDV9U0+41vxJrVx9i8H+ENMG691q9bAWKNQCQgLLvfBCgjgsyqxh8PWxdaNGlG8paJf106tvRK7bSQ8TiaGEoSrVpcsY6t/1u3skrttpJNsxP2yPjj8Ff2d/B1tceIPhpp/ivxZ4huPsXg3wbb6bFNea1eNgKiqVYrGCyl5MEKCAMsyqeN/ZY/4J/wCk6PpGp/E39qnQ9I1zxr4slFzf6LZW6xaT4fjP3bO0gjwgKjAaXlmI+8eWfa/ZN/ZS8aaR4yuv2sf2r9Qt9b+LGv2+yOKM7rPwrZHO3T7MZIUgEh5ASWJYAnLvJ9D1WZ5dkCoPCLD0qrfxzlTpyu19mDlBtQT3as5vXSNk88sx+fSrrGTr1aSX8Omqk48qf2pqM0nNraLuoLTWTk15DqP7Bv7KGov5zfCWG3kByslnqd3CVPsElA/Sqv8Awwx8KrP/AJFnxv450TH3f7K8Wzpt+m/dXtFFfIy4M4SlLmWBpJ94wUH98HB/ifXR4w4qjHl+u1Wu0puS+6amvwPF/wDhkzxlpn/IsftcfEuHH3RqerR3gH/faDNH/Cj/ANrHSjnQv2y3nQdINV8EWkmfq4bdXtFFL/U/I4/wlUh/gr14/wDuaRX+tudS/iunP/HQoS/9xI8X/wCEb/b10n/kH/Er4davjp/auj3Vvu+vknij/hKv28dJ/wCQh8Kvh/q+Ov8AZWuXFvn6ecOK9ooo/wBWHD+DjsTH/uNzL7p05fmH+sin/FwWGl/3C5X98KkfyPlD9orwb8Tv2h9Ah0z4w/sN3yahpzeZonirwt46tBqOlzA5ElvIF3rggHacqSASMgEcL4b/AG6f2rv2SvB97o37WvwP8S67pFpH5WgeP5NN8klzhYotR2bkBJIHmq25sDh2JYfdNUfEnhrw/wCMdAvPCvivRrbUdN1C3aC9sbyESRTRsMFWU8EVyS4ZzalVnXoZlU53Fr3oUXd2aXM4whez2bi2vNaHiZhLKsXWjicNgqdCunFuUJVXGaTXu1KcptTi1pdShON/cmtj5K/YE+PR/aL/AGhPFPj/AMcadDca9c+HYm0i8smJtLKxjkVHgiUliu55EfO45w3TJz9h18m6j+xv8SP2NfFd78Y/2BrO2vdNu0U+JPhZrdyWjvo1yc2V1IS8EvJIRmKknuAqV7D+zf8Atb/Cr9paxurPw1NdaT4l0k+X4h8G67D9n1LS5QcMJIm5ZQeN65HIBwcqM+C8Fjcgy7+zszq8+Ic6k+dq3tOeXNfm2lJL4tpaJcvKla8/4twnEGdpvDfVZckIRp83NTfJGz9jJ293qoO043fMpNuT9Rooor7Y4gooooAKKKKACiivOf2jf2o/hV+zH4Zh1nx9qM1xqWoSeToPhvS4vP1DVpyQFighHLZJALHCgkAnJAOVatSw9J1KslGK3b/r+uiZjiMRQwtGVWtJRit29v67LVt6JN6HbeK/FnhjwJ4cvPF/jPX7TS9L0+AzXuoX86xRQoOrMzHA/wAivlnXfHHxq/4KPx3ngb4Mi98E/Be6WS01zxxe2m3UPFEByksFhDIP3cDDKtKw5Bx2aM6XhT9mj4w/te+I7P4uftywrp3h61nFz4Y+DllcFrW2/uTak4x9pmx/yz+6OQQAzR19QWdnaadaRafp9rHBBBGscEEKBUjRRgKoHAAAAAHSvMcMTmq99OnRfTac159YRfb4mt3FOx4zhi86X7xOlh39nadRf3usIP8Al+OS+JwTsfJX7H//AAST+H37KHxx/wCF3H4p3/iO5sI508PWc2mLbCyEqNEzSMsjee/lOyghUHzE7emPrmiiuzA5fg8to+yw0OWN27a7v1ud+W5Xl+UYf2GDpqEbt2V9311bf/A0Ciiiuw9AKKKKACiiigAooooAKKKKACvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvgz/gt18XNXj8O/Dj4L+Df2dfjF4z1XTPi74G8a3954B+Ems65YQaXYa/HPdBrqyt5IluEitpH+zlvMKtGduJFz950UAfnL+034Q0Hxd+3t8Cv+CtWufshfEfxv4CtvhprfhPVPDsnwtvZ/EPhS/a8E1lqcuhyxfbSrL9thJSFnjE0b42uGHr//AASJ+Enjn4feFPjL8QtW+DuqfDfwl8SfjZqfif4dfD7W7BbO70nSpbSzgaWW0B/0Frm5gubn7MQCgmBYBnYD67ooA+ePgF8MfDfwu/b9+L+n+GtS8Q3Meo/CvwPfXDeIvF2o6w6Svqvi4FYnv55mgi+UYhjKxKclUBY59z8Qf8hbQ/8AsKv/AOklxXlvgf8A5SF/FD/sjPgP/wBO3i+vUvEH/IW0P/sKv/6SXFAGpRXnH7QX/DXf/Eo/4ZW/4Vv/AMvH9vf8LB+3/wDTPyPs/wBj/wC22/f/ALGO9eb/APG3b/q3D/yv1w1sd7Go4eyqSt1jC6+T5l+R5uIzL6vWdP2FWVusYXT9Hzr8tz6Por5w/wCNu3/VuH/lfo/427f9W4f+V+sv7T/6cVf/AAD/AO3MP7Y/6hq3/gv/AO6H0fRXzh/xt2/6tw/8r9dJ8I/+HjH/AAsLT/8AhfH/AApT/hFP3v8Aav8AwiP9r/2j/qn8ryvtH7v/AFvl7t38G7HOKqGY881H2NRX6uFkvV870NKea+0qKH1esru13Tsl5t87su7sz2uiiuV+Onwc8FftD/Bbxb8BviPYfadA8Z+HL3RdYhAGWtrmB4ZNuejBXJB7EA9q9E9U6qvlz/goH/wVe+En/BOqacfEr9nP41+M7aw8MjX9Z1b4bfD1tR07SrDzZYjJdX0ssNtAwMLko8gbaVOPmXPwXN+1h8ZvEv8AwRW03/gl/L4iZPj9f/Fb/hmLUZVyXiWGbyp9UK53tb/2EokM2cFpN249/sf/AIK8/DDwd8Ev+CFfxk+DXw70sWWgeE/gjLo+iWa/8sbS2tkhiT3wiKKAPrf4deN9J+Jvw+0L4kaDb3ENj4h0a11Kyiu0VZUiniWVFcKzAMFcAgEjOcE9axP2gvjTbfs+fCjUvitdfDPxn4xXT5IEXw78P/Dsmq6tdtLMkSiG2QgsAXDMxIVEVnYhVJqj+yR/yal8Mf8Asnui/wDpDDXoLBipCtg44OOlAHyv8Jf+CtXwh8cfHTwz+zr8Yv2c/jN8F/E3jh5ovAyfF3wTHYWniCeKMySW1tdWtzcw+eIxu8qR0Y5AALMAfqmvyx/ac+GH7VH7PH7df7LPxh/4KVftQ2Hxu8B3XxitfC/w+07wf4Og8J/8I/4x1K2njsdRurQPdPqUIEcicXUXkMwfZICyn9TqAMvwf/yCZv8AsK33/pXLWpWX4P8A+QTN/wBhW+/9K5a1KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDE+IHw1+HvxX8OS+EPib4I0rX9Lm/1lhq9hHcRE/3grggMOzDkdjXzvff8E4tV+EN7L4k/YV/aH8R/DGdpDK3ha7lOq6BcMTkg2twSYi3ILqzFQflUV9R0V3YXMsbg4uNKfuveLtKL9YyvF/cn5nBi8swOOkp1Ye8tpK8ZL0lFqS9LteR+f37Wf8AwUw/bp/Yk8L2HhT41/s6+CZfEerSyDQ/F+maxNPpGoRw7PO/0TKTxuPMj4aRAd+QMDFdN/wSjktv2um8Qft9fGmaTWfH7a9caFpyzW+yx8PWkcUUgh0+Ms2wMtxhpCd5ywzku0n1L8d/2cvgn+014QTwJ8c/h/a+INMiuBPBDPLJFJDIBjdHLEySRnBIO1hkcHIrT+FPwk+G/wADvAtl8NPhP4RtdD0PT1ItbC0BwCTlmZmJZ2J5LMSx7k17dbOsreSOjh8P7PETdpSjonG92ldtpPS8VZabtPlPCo5Hmqz1V8Rifa4aCvCEtZKdrJu0Um462k7vXZNcx0dFFFfLH1gUUUUAFFFFABRRRQAUUUUAFeQftIfsbfD74/X9r490rVLzwj4+0kZ0Lx34ebyr22YDhJcEC4i7GN+xYAruOfX6KxxGHoYqk6dWN0/6uuqa6NNNdGc+KwmGxtF0q8VKL/Po09010aaa6M+ZfA/7YXxH+Animz+DH7fWi2ujXN1KIPD/AMTtNQjRNbPYTHAFnORyVbCdThF27vpiGaG5hS4t5lkjkUNHIjAqykZBBHUVl+OPAng34l+FbzwR8QPDNlrGkahF5d5p9/AJI5F9wehB5BHIIBBBFfNE/wAL/wBo/wDYGnfWf2fI9R+JHwpRi958O725MmraDHnLNp0rZM8Y/wCeDZPGBks0g87nxeW/xL1KX8284/4kvjX95LmXVS3PJ9pjso0q3rUf5t6kF/eS+OK/miudfajLc+raK4f4C/tF/CL9pXwaPGvwl8VR38KMI7+ykHl3VhL3inhPzRuMHrwcZUkc13FenSq0q9NVKck4vZrVM9mjXo4mkqtKSlF6pp3T+YUVT8Q+ItA8I6Hd+J/FOtWunadYwNNe317OsUMEajJd3YgKB6mvl3U/jD8dv2+NRn8G/sv3194J+FyTNBrXxSuLdo73WFB2vDpcbYKKeQZzgjnG0rtfnxeNp4VqFnKcvhit3/kl1k7Jeb0fJjsxo4Jxgk51JfDCPxPz7KK6ylaK7t2T6747/tmapb+OJf2dP2TvCkXjj4kMNt6BIf7L8OLnBmv5l4BU/wDLIHcSMHBKq2j+zl+xnpfwv8TTfG34y+K5fHnxQ1KP/iYeLNTjGyyUg/6PYxfdt4gCVG0BiCfug7B3XwI/Z8+FH7N3gaLwB8JfDEen2gPmXdwx33F9NjmaeU/NI59TwOgAAAHa1hRwVSrVVfGNSktYxXww9P5pf33/ANuqK35sPl1atWWJx7UprWMV8EPS/wAUu85K/wDKorcooor0z2QooooAKKKKACiiigAooooAKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPGfA/wDykL+KH/ZGfAf/AKdvF9epeIP+Qtof/YVf/wBJLivLfA//ACkL+KH/AGRnwH/6dvF9eoeKWNrJpurOjGGy1DzLgqpJVGhlj3YHYGQE+gyaANaisoeOfBJGf+Ew0sfW/jH/ALNS/wDCc+Cf+hw0r/wYR/8AxVAGpRWX/wAJz4J/6HDSv/BhH/8AFUf8Jz4J/wChw0r/AMGEf/xVAGpRWX/wnPgn/ocNK/8ABhH/APFUf8Jz4J/6HDSv/BhH/wDFUAalFZf/AAnPgn/ocNK/8GEf/wAVR/wnPgn/AKHDSv8AwYR//FUAfOVn/wAEjv2VrH/gpRN/wVJhv/FJ8fS2bougtqcH9hRXj2Cae+pJbeR5gu2tEEJk83aQSduTmrf/AAUD/wCCZ3hv/golo7+D/iF+1v8AGrwR4YvNBk0nXPCPw48TWFnpuswu5ZmuormxuDI+DtyGUbQBjvX0F/wnPgn/AKHDSv8AwYR//FUf8Jz4J/6HDSv/AAYR/wDxVAHj37H/AOwyv7IPw61n4Y237Wvxk+Imn6nY29np0nxL8S2d7NoUEMLxLHYtbWduIQVYZ3B+Y0xjBzVX/gn54f8A+GPfD37H7/tT/G4p4ZuVuLD4lx/EN4vFssyzSyh59QjiUTD980ZRoyjRqqspxXtf/Cc+Cf8AocNK/wDBhH/8VR/wnPgn/ocNK/8ABhH/APFUAfMfwq/4JC/Bfwf8cvDX7RPxs/aI+M3xt8S+CJnuPA7fGHxvHqFn4funXYbq2tLW3toBPt4EsiO4wrAhlVh9YVl/8Jz4J/6HDSv/AAYR/wDxVIfHXgsD5fFumueyx3qMx+gByfwoAXwf/wAgmb/sK33/AKVy1qVmeEIpo9DEk8LRme6uLhUdcMFkneRcg9DhhxWnQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeD/Hr9iex8XeMj8ef2d/F8nw8+JkKk/27p0Q+yauOvk39vjbOjYAL4LDgnftArzTX/wDgq1a/s3xv8O/20Pgn4g0Tx1ZqhMHheGG6sdVgbcFvbaSWZNsTMjAqSSp4ySGC/YdfMn7eH/BNDwd+234m0bx2/wARrrwxrelWIsJbtNNF5Fc2gkeRYzGZI9rK8khDBv4yCDxjwMzweOw9KVfKtKresdOWV93Z2Sku6av1voz5fOcBmeEozxOSWVZvWDtySvvLldkpre6cebXmvoznPhN8NPHP/BSCz0r9oP8AaT1qC3+Gks5ufCHwu0S/LwXPlyMon1KZcec4ZSPKGApGCF+dW+t9M0zTdF06DR9H0+C0tLWFYra1tohHHDGowqKqgBVAAAA4ArlP2fvgl4T/AGcvg5oXwV8ES3Emm6FatHFNdMDJM7yPLLI2OAWkkdsDgbsDgV2Vd+XYN4agpVNaskueV7tu2qv2TvZKyS2XV+nlOAeDwynW1rTSdSTd25W1V/5U7qKSUUtl1ZRRRXoHqhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV4z+wf/yRDXP+yzfEf/1Ndbr2avGf2D/+SIa5/wBlm+I//qa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeM+B/+UhfxQ/7Iz4D/wDTt4vr2avMfib+yD8Fviz8SJfi54km8a6f4guNDtNIu77wj8UfEGgC5s7aa6mt45YtMvreOUxyXt0Vd1LDzmGcYAx/+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9cjrP7AWjSfHjw3qOj/Ev4wp4Hi8I63H4isz+0d4y3y6q91pR06QZ1XfhYE1QHawXMi7gx2FQD6Uorxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLej/hg/4I/wDQ8fGb/wASO8a//LegD2aivGf+GD/gj/0PHxm/8SO8a/8Ay3o/4YP+CP8A0PHxm/8AEjvGv/y3oA9morxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLeuR+Cf7AWjWHg29g+MvxL+MN3q7eLvEElnLD+0d4ywulPrF4+lx/u9VUZTT2tEORuyp3FmyxAPpSivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9morxn/hg/wCCP/Q8fGb/AMSO8a//AC3o/wCGD/gj/wBDx8Zv/EjvGv8A8t6APZqK8Z/4YP8Agj/0PHxm/wDEjvGv/wAt6P8Ahg/4I/8AQ8fGb/xI7xr/APLegD2aivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9mor5r+JH7AWjXXjL4fz/AA7+Jfxhg0i28XTSePIpP2jvGWbnSjo+pJHGu7VScjUH05/kKtiM87dyt13/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV4z/wwf8ABH/oePjN/wCJHeNf/lvR/wAMH/BH/oePjN/4kd41/wDlvQB7NRXjP/DB/wAEf+h4+M3/AIkd41/+W9H/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV81/Df9gLRrXxl8QJ/iJ8S/jDPpFz4uhk8BxR/tHeMs22lDR9NSSNtuqg5OoJqL/OWbEg527VXrv+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//Lej/hg/4I/9Dx8Zv/EjvGv/AMt6APZqK8Z/4YP+CP8A0PHxm/8AEjvGv/y3o/4YP+CP/Q8fGb/xI7xr/wDLegD2aivGf+GD/gj/ANDx8Zv/ABI7xr/8t6P+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//LeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9H/DB/wAEf+h4+M3/AIkd41/+W9AHs1FeM/8ADB/wR/6Hj4zf+JHeNf8A5b0f8MH/AAR/6Hj4zf8AiR3jX/5b0AezUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9cjo37AWjR/HjxJqOsfEv4wv4Hl8I6JH4dsx+0d4y3xaql1qp1GQ41XfhoH0sDcxXMbbQp3lgD6Uorxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t6P+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLej/hg/wCCP/Q8fGb/AMSO8a//AC3oA9morxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t65H9n/APYC0bTfgP4J0747/Ev4w3vji38I6bH4zvIP2jvGWyfVVtYxdyL5eqqmGnEhG1VXB4AGBQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezV4z+wf/AMkQ1z/ss3xH/wDU11uj/hg/4I/9Dx8Zv/EjvGv/AMt6774N/BvwB8A/AEHwy+GVhf2+k29/fXoGqa5ealcy3N5eTXt1NLdXsss8zyXFxNIWkdjl8DAAAAOoooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvy0i/Zk+Gv7cXwj/bD/bB+OAvbj4m+D/ih440D4XeM49VnhvPAVr4cjNvpx0xkcCzPn27XchQDzmnbzN6nFfqXXxx8YP+CWfxM8U638V/CfwO/bNv/h98Mvjrqk2o/FHwVB4Kgv71rq6to7XUpdK1F50OnG8hiUSb4bnbIzyR+WzcAHu37D/xb8T/AB//AGLPhB8d/GqqNZ8bfC7w/r2rhIwgF1eadBcS4UcKN8jcdq+I/wDgoF+x9+yp8EPHfw4+HX7Dfw2k0j9qfxv8SNL1fwt4p0bWLubWLTS7fU4Z9a1TVrmSV5JNLFp9pgeKctHI9xHFGhbAX7msPgr458G+Ovh5bfCT4sxeGvhn4J8L3ej6l8NYfDUFwmr/ALq3i0+Rb52860FokMgEaAiXzvnI2DPzF8FP+Can7fHwM+Onj39oLRP+Chfw71zxN8RddF1r2v8Air9nm5u9STTo2/0bSIJ08RRpBaQISscccSruZpGDOxNAHV/8FNf2cf2YfE1lF8c/il/wTG8Q/tGeJV0ptLtbXwxHZS3emW8QlmRlF5fW/kZeVwJLVZLjcw+U7Vx8tfDnUdd+Of7E37Bn7HXxA+PF5448L/Fzxtqdv8SNattUvlfVtO0fTdX1EeHrma4WK5dI57W3spxKsckn2F1dRudT92/Hr4Lftz+M/Htzrf7Pf7ceheBfD13YRwtoOtfCCHXJrOZQQ09tc/brbazZB2zRzqCOBg4rz64/4JO+BPDn7I/w5/Z1+D/xn8QeH/FPwn8ZN4x8FfE2+tIL++XxBNPdzXt1dwERx3MN0b+9Sa3BjUpPtUoUQgA5r9jLwJ4W/ZD/AOCn/wAW/wBiX4G6Z/ZHwx1H4ReGfH+ieELWVzYeHNSn1DVNNvI7OIki3juFs7eZolwgdWZQNzZ+168I/ZK/Y38VfAz4leO/2iPjn8bv+FjfE74iJp1prXiO38Npo9jZaZYJKLPT7KyE05giVri4lYtNI8kkzMzcKB7vQAUUUUAfMH/BZn4r/EP4Nf8ABNj4keLPhT4ru9B16/8A7H8P2eu6fJsuNNXVtYsdLluonHMckcV5I6uOVZQwIIzXkUv7NPwY/wCCcn/BSX9mjwp+x94R/wCEP0L4u2vivwx8RNCsb2Z7fXPsOjNqlnqVykjsJL2KW0kQ3R/eut26uzAgV9e/tT/s3/Dz9r39njxd+zT8VRdroXjDR5LG8uNPm8u5tWJDxXMLkELNFKscqMQQHjUkEcV5F8Ef2D/jRpv7Q/hj9pX9sH9rgfFjXPh94bvtH+HlvY+BIdAttN+2iJLzULlI7mc3d9LFBHF5gMUSI0gSFTISAD2X9oD9nP4O/tSeAR8Lfjr4UfXfDrX8V3caQdRuLeG6ePOxJhBIhmiycmJyY2wNykDFfH//AATO8DfDKz/bk+N+rfsM6AdC/Zr07w9pnhxbDS7iQaBqvja2ubr+0rvR4ixSOKG3a2tZ5IAscs8ZxvMTNXrX7SX7Gf7Yn7QX7Ivjb9m2D/goPNoeu+L/ABffXEXjm1+HMKS6d4anuWdNBSG1vLdjsgK2xvRKkzoGb5WbK7H7Iv7L37Uv7OXgYfCLxV+0X8OLvwdpPhb+yfBeh/D34KSeHToUqhVimDT6xfJOqKG/dtGNzHcznkMAfGXxw+Bn7Pn7Lv7ePwI8K/s3fsX+Iv2fXi+NOn2Wp/Hmd0j0jxlZvBKG0AyWd1czXcmoOyQodTS3AdCVcybFe/8AtjfsJ+JtE/bY+Pn7bnxd/wCCVHw1/aM8C61pfh650t/EHimzj1zTbTTNJ8u++w2VxZTJO7tkiN57cuYABu3LX0dqv/BPr9qD44eL/A7/ALaP7dNn468I+AfGen+K9N8LeFfhXB4efVdUsJRNYyahc/bbozRxTBZTFBHbq7Iu75RtO9+0d+yj+3b8bdV8WeFPBn/BRKx8H/D/AMWwtayaLa/CC2uda0qzkgWKeGz1Nr1I0Zv3jLLLayvGZOD8q4APY/2cfij8L/jf+z94I+MXwSwPB/ifwpp+p+F0FuIfLsJrdJIEMY/1ZWNlUp/CQR2rtK5T4FfBjwH+zl8FfCfwB+F2nyWvhvwV4cs9E0O3ml8yRLW2hWGPe/8AG+1AWY8sST3rq6ACiiigD4d/aQ+FXgH9tb/grnpv7Jv7Svh2PxR8NPAv7PS+M7TwRqUjHTdR1vUNbnsBd3MAIW5a3t7FliEgZY2u3YAMQa6j/gj9qut6P8PfjP8As73Gv6hqOhfBv9oXxD4N8Ey6pfSXU9voiQWV/a2hmlLSSrbjUGtkLsWEcCLn5a7n9p39i/x/8Tvjv4a/aw/Zq/aAi+GnxL8P+Grzw1d6rqPhJdd03WdEuJo7g2l1Zm4tmLRXESywyxzIyM0gYOrlap/C39hn4jfAD9lq++DXwF/amv8ARfH/AIh8ct4t8ZfFfVfCVnqNxrWpXWpR3eps1i5WCJbiFXtIwp/0eIxldzRgkA47/gpZ+zf/AMEyfDvgfxV+2J+2/wDBuDxLqA06HTdMknvbu41Ke7K+TZ2GiwrL+4vppCFj+yqkjSNuZsKWHLeD/i3+19+zB/wTP+Bf7OHxA8R/2l+1D8RvD9p4Y0OTXLgXkmnXxgMt1ql+5P79NMs8yzuSRNNEke4tcKT0v7U3/BO39qn47ftt+H/2vvA37Z3hHS7DwVo/2bwD4D8bfBybX7Lw/fyLtudViaLWbISXki5jWWSNjFGSqEZZm9T8b/sLfBz9qD4beFfD3/BQz4Z/Dv4z+I/DK3Ri1u/8Ara2aSTuu97aznuLprbckcCsPOfcYg2RkKAD8+P2edf1X/gnZ/wSX/b8u/2f/FOoy6v8OfjJ4yh8Pa/qF6bm/N3/AGPpES6lLI2TJP5rm4ZjwXycY4r2Dxp+yT8Hv+CZPx9/ZN+IP7LWm3Glan44+JS/D34oXMepTyv44tb3QdRujf6kXdvtV1Fd2EVwtw2XBd13bGK16f8Asz/8ER/2Nv2dfAfx5+Gtp8PfDk+k/HXV9Xiv10TwzHpk2k+Hb61hhXQ4pEkctFC0csqSDYA82RGpXJ1fgr/wTj+MWh/Fr4a/ED9qb9sy6+KemfBa0uU+GGif8IPBpDxXcto1iNR1OdLiX+0btLR5YkdEt0BmeTyy5BAB9ZUUUUAFeX/tu/FvxN8Af2L/AIvfHfwWqtrPgr4X6/r2kq8YcG5s9OnuIsqeGG+NeD1r1Csvxt4M8M/EbwZq/wAPfGukx3+ja9pdxp2rWE2dlzbTxtFLG2OcMjMp+tAH5jv+zL8Nv2IPg/8AseftifBH7bb/ABP8YfFDwNoPxR8aSarPNeePLbxGgt9S/tNnci8/fXC3cZcHyWgXy9ijFfpT8XPhR4I+Ofw31b4S/EmwurvQdcthb6pa2ep3FnJNFuDFPOt3SVA23B2sCQSOhNfLfwg/4JY/EvwrrXwo8IfG/wDbNv8A4gfDD4FapDqPwv8ABM/gqCxvRc2ttJa6bJquopO/9omzhlby9kNtukVJJPMZefXfiZ8CP2s/GXhH4x+HPCP7bDeH7nx0kEXww1GP4f2sr/DyMWkUM+zbNG2pPJKs06yTMhiaUKMqgyAfMH7O3wW+Bfw4/wCCutv4H/4JueBYfCngb4feANVsP2jV8MzSR6Be6zcvaPo+nmLcYpNWgC3U8sqjzI4p1SR8yBK8f/bt8ZXv7Z/x6+B/7YsfiGRfhn4H/a/8FeEfg/ZR3W2HW511jZrHiJ1BxJE00AsrRjkCK3uJl+W6Uj67/wCCfX7Cn7Uv7Dvh3w/8I739qP4ca/8AD3R4bhr/AEXRPgpd6VqurXsqsz31xqU2vXZkuJJ286WR4XaUkjK5BHG/tHf8G/X/AATb+NMPhH/hAP2XPhn4Hn0D4i6T4i1240/4fW0za9p9rOZLnSZdrx7YrlTsdzvAHJjfpQByv/BRX9gT4l/Hb/goFpf7UQ/4J+/DH9oXwbpfwSXw7H4a+InjC30zyNT/ALWluzNaiayuleQQkIN4iQ+cf3owa+nP+CdHxi+BPxy/Y58HeNf2cPhY3gTwtbw3Wkw+BJLCK1fw5d2V1LaXenNFESiGG4hlT5flYAMOGFUfjN+zx+2bf65bWP7Jn7aHhv4Y+ELbw/baZa+FdR+DkGt/2eYQyia0n+3W3lnYY1EcqTRr5QwuCQer/Y0/ZS8EfsVfs7aH+zz4E17VNYg0uW7u9R17XJVe91fULy6lu7y9nZFVd8txPK+AAFDBRwooA9RooooAK+Mf+Cj+gad+0B+2t+zF+xD8SxNefDbxxN4w8R+OPDguXit/EB0WwtPsdjdbCDNbefqHntASUkNqm4MBivs6vEv2xf2P9S/aT1LwH8T/AIZ/FubwB8Sfhfr0+qeB/GC6KmpwQi5tntbyzurN5Ixc2s8D4dFkicNHG6yKU5APHv8AgnD4f039n79tj9pz9iL4ZLNZ/DbwRJ4P8SeB/DZuXlt/D51qxu/tlja7yTDbedp/nrApCRtdPtCg4r079uT9mT/gn54+8OXf7SX7fPgfw/qvh/wJ4eme4vvGV7M+maZahjI832Uv5JmJwFk8szE7UQ5IBzvg5+wz8VfhB8O/jB4isv2qZbv44/GNmudW+L7eCrcQaVdw2Is9N+y6Q8rxfZbNFVkt5ZZDIzSmSRvMOOS/bf8A+Cdf7TP7X3ij4TavaftneHbHSPhqsWoap4R8W/CRtY0rxP4giUCLVrqC31WyB8pgZIrZi8SSHfhiq7QD598P/sfftR/tRf8ABBnxh+zvo/gfUZp/G/js6r8JfBHxK1p0vNM8FjxTa3+nadqE9x5joU06EnY5kdI2SIgsuwd7+yF4y+Cn7HHxY+JvwJg/4Jg+BP2fPijb/Ce58b6enw91G21PSvGGjWUjRNsvIbS0l8yC5ljV4JYUYC4V1LKc19NH4S/tx33wDuPBuqftmeFbb4inWlubLx1onwfEOnpZqUP2SXS7jU7gybsOGlW5jbDjbtK5blv2ff2EfiD4X/aO1f8Aa7/a1/aNi+Knjy98Et4P0ZdO8Fx6Doui6LJcpc3EEFl9ouXeSeaOJpJpZ3JWJEUKowQD4XsPgd4R+Av/AAS2+Av/AAVw8KXd7N8fdV1z4feLPG3xCbUpm1DxYviPVtPg1LSrxt+JrQw6pJGlvjZCIIzGEKZr9eq+KPh9/wAEivGHhXTfAfwD8V/tg3+v/AL4X+MbXxD4J+F03g2GK/DWVwbnTbC+1b7QxvLK0m8tkiFvG7CCJZJHCnP2vQAUUUUAFflpF+zJ8Nf24vhH+2H+2D8cBe3HxN8H/FDxxoHwu8Zx6rPDeeArXw5GbfTjpjI4FmfPt2u5CgHnNO3mb1OK/Uuvjj4wf8Es/iZ4p1v4r+E/gd+2bf8Aw++GXx11SbUfij4Kg8FQX9611dW0drqUulai86HTjeQxKJN8NztkZ5I/LZuAD3b9h/4t+J/j/wDsWfCD47+NVUaz42+F3h/XtXCRhALq806C4lwo4Ub5G47V8R/8FAv2Pv2VPgh47+HHw6/Yb+G0mkftT+N/iRper+FvFOjaxdzaxaaXb6nDPrWqatcySvJJpYtPtMDxTlo5HuI4o0LYC/c1h8FfHPg3x18PLb4SfFmLw18M/BPhe70fUvhrD4aguE1f91bxafIt87edaC0SGQCNARL53zkbBn5i+Cn/AATU/b4+Bnx08e/tBaJ/wUL+HeueJviLroute1/xV+zzc3epJp0bf6NpEE6eIo0gtIEJWOOOJV3M0jBnYmgDlP8Agoh+wB8TPjX/AMFDov2qZf8Agnf8Mf2h/B1j8DrTw3B4d+IXjG20yS21OPV727kktFnsrpHk8mWNB5nkofNx5owaofHr4T+FP+Cov/BMn4AXn7Ev7Knhq98G+HfixpOq6j8HPG1zDo1haWOjvf2d/o1yFhnSMJcI1sQkUoP3grLX1V+0H8Ev27PHXjq61f8AZ1/br0L4f+H7zTY7dtE1f4PQa7PZzDcHuba5N9b7XYFTtmjnQFfu4JFYHgf9hf4pfs0/sn+CP2Zv2I/2oj4MuPCd9c3WqeI/GfguHxI3iOW6luLm7ku4hPasskt3cPcFoZY9p+UDbxQByP8AwS38RfAvwT4v+J/7JvhP9gzw3+zt4/8ABdzpmp+MvB3hG4tbrTNWtb6KUWWp2t5bwwfao2FvNG2+GOSNoirKMivsGvAv2Qf2KvEf7P8A8S/H37RXxs+O1z8Svif8SV0628Q+Jf8AhH4tIsbTT9PSVbOwsbGOSX7PChuJ3YtLK8jyFmY4GPfaACiiigD5g/4LM/Ff4h/Br/gmx8SPFnwp8V3eg69f/wBj+H7PXdPk2XGmrq2sWOly3UTjmOSOK8kdXHKsoYEEZryKX9mn4Mf8E5P+Ckv7NHhT9j7wj/wh+hfF218V+GPiJoVjezPb659h0ZtUs9SuUkdhJexS2kiG6P711u3V2YECvr39qf8AZv8Ah5+17+zx4u/Zp+Kou10Lxho8ljeXGnzeXc2rEh4rmFyCFmilWOVGIIDxqSCOK8i+CP7B/wAaNN/aH8MftK/tg/tcD4sa58PvDd9o/wAPLex8CQ6Bbab9tESXmoXKR3M5u76WKCOLzAYokRpAkKmQkAHsv7QH7Ofwd/ak8Aj4W/HXwo+u+HWv4ru40g6jcW8N08ediTCCRDNFk5MTkxtgblIGK+I/2Gk+HPwn/ac/aP8Ai7+wf4RbTP2cPB3gK306HRtLuJBoOt+ONPe9l1G40eIkxxxR2/2a0nkhCxyzxnG8xM1e7ftJfsZ/tiftBfsi+Nv2bYP+Cg82h674v8X31xF45tfhzCkuneGp7lnTQUhtby3Y7ICtsb0SpM6Bm+Vmyu9+xp+y/wDtFfs4+Frf4R/E/wCNfwx8Q/D3SPDiaT4b8HeBvgvN4bTT1Uqo3SS6xfLLH5YdTH5almfcXPIYA/N79hP4j+Frb4JfBf8A4KZ/tqf8E7v+EgPjrxZpE2tftLa14/W58R6drOoagtvb3Y0wR/6HoqXkkVrDFDc8W4jZrbDEH6M8Ffsk/B7/AIKcftB/tY+PP2ptNuNV1HwP8ST8PfhhcS6lPE/ge1s9B066+36aUdfst1Ld38tw1wuHJjRd2xQtdj4T/wCCO3jLQ/BfhX9lbXf2yr/VP2c/BPjG017w/wDCt/BMEepPFZ341Cx0q61n7QxuLGC5SJggtkmZIURpiBmuy+NX/BOX4x638W/iV8Q/2WP2zLn4V6b8aLO2j+J+i/8ACDw6u8t1DaCx/tHTJnuIf7Ou3tEiid3S4QmGOTyw4JIB1f8AwSY+O3j79pr/AIJp/BH46fFPUJLzxJ4h+HenTa5fzD5726SMRSXLf7UrIZDjjLnHFfQ1cr8Dfgz4B/Z0+DHhT4B/CzS2svDfgzw9Z6Lodq8m90tbaFYo97fxuVQFmPLMSTya6qgAooooA+A4/wBmr4Mf8FG/+Ck/7S3hP9sHwh/wmGg/CKz8KeGPh5oN/ezJb6J9v0ddUvNStkjdRHeyS3UcYuh+9RbRFRlANeuf8EZvit8Q/jJ/wTa+HPir4q+LLvX9d09tZ8P3mu6hJvuNSXSdZvtLiupXPMkkkVnG7OeWZixyTUvxv/YQ+NGpftD+Jv2lv2Pf2tx8J9e+IHhux0b4h2994Eh1+21L7EJUs9Qt0kuYDa30UU8kQkJlidBGHhYxgnqPhh+xxrv7OHwT+D37PH7LHxvu/CPhX4aapbt4kg1HQLfVbnxhpqw3H2i1mmlKm1mnuplunuYhu3oyhQrnAB8w/wDBX/8AZP8A2H/h58HfFvxM0P4O3WoftI/FK8m074L6romt3Z8UT+LZkP2OTTpzNvs7e2cJcTeWY7eKCFy4wcNzv/BRvxt8efG37WH7NX/BPDxh8Ipvi2mufDXVvEfjjwhD4qOg6N4r1myS0gRtUu1jZl02EteXBhWKUSzPaq0LAceveJ/+Cb/7a0n7cfi39t/wT+3j4EOq6xYrpPg3T/G3wIuNYbwbow5awsZItftUXzXAeabylkmYKGO1VUemftK/sR/EL44eIvhd8evAn7Qlt4L+M/wus7u1sPHEHg1b3TNTgvreKLUbW50uS5VmtpnhilRFuRJC0a7ZW+bcAfKWvfBrQv2wf+CWX7Qn/BPP9lT9jbRPhH8RfDvjax0jxd8JG8QxSaRb3zT6XqAube7VFjazuLARyqywxkkODCG+96d/wTzj+BP7OX7XGufspah/wTG8B/s6fEjX/A58RaVf/DrU7XU9L8VaNbXccEyreRWdpIs0E08Ja3lhHyyh1Zhk16X8KP2C/jR8FPhd8QL/AMBftfyf8Ln+J/jODxL4x+K2p+A7a4triaGK3torOPSvOVYrNLS2jt0jE5lUFn84seLv7PX7DXxQ8J/tO3P7ZP7V37TSfE7x9B4Ok8LeGF0fwZH4f0fQNLmuY7m5EFoLm6keeaWGEvPJOx2xKihVyKAPpCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDzP9sX9rT4O/sMfs0+Lf2qvjzq81p4Y8Iab9pvRaxh57qRnWOG2hUkBpZZXjiQEgbnG4qMkfLnw9+Mv/BwB+0L4Ls/jf4C+An7NXwu0PW7Vb3QvAHxP1PX9Q19LZxujF7cWPlwWsrIVJQRSNHnDqGBUc1/wdBaBrd5/wAExIvHEGk3F/oPgv4reGNf8aWdvEZDLpEN55c25B95Q8sTHsAuTwM1+gnhPxX4a8eeFtN8b+DNdtdU0fWLCG+0rUrGYSQ3dtKgkjljYcMjIysCOCCKAPiD9tv/AIKRftsfsif8E5/Df7TPjz9m7wl4P+J938T9L8LeIPCOrapLrWmJb3Govatd209tJbs6ywqk8W45TzArqxU1931+dn/BzPdWt3/wTp0Q2tzHJ5fxz8IJJ5bhtrDUBlTjoR6V+idAHyr+xZ+3H8Wf2jf2+P2q/wBlnxv4e8O2vh/4Ga94ZsvCV5pVpOl5dx6jp81zObt5JnSRleNQnlpEApOQx5Hy3+wx+3d/wXy/b2/ZBg/bN+DHhb9lC40661DVYLHwVqWi+I7LUb02N1LbtEtz/aEsEckhiOxmGzLDcVGSO/8A+CVv/KYz/gol/wBjh4C/9Mt1Xy3/AMEH/AP/AAWC+IP/AASt0Twv+yT8e/gT4F8B6j4h8SQadrmv+DNW1HxPprtqlys0yFbtbN2Ehdow0WANobJyaAP0y/4Jf/t8eGv+Clf7GXhf9q/QfBVx4ZudVkurHXvDV1cec+l6jazNBPCJNq+Ym5d6NtUlHXKq2VHG/wDBRr9v74xfs5fF34Q/scfsk/CXQfF3xk+ON/qkfhRfGOqy2eiaPZabbC5vL69eFWlkVYz8sUeGfa+DlVR+/wD+Cbv7B/w+/wCCbX7IHhf9kv4d+Jb3XYdC+0XGqeIdSiEc+q39xM01xcsgJEYZ3IVMttRUUsxBY8//AMFE/wDgmL8I/wDgohZeD/EOv/Ejxl8PvH3w41G4vvh78Svh9q/2PVdEmnVFmRWIIeKQRx70OCQgAZctkAzfgHq3/BZ/RfjT4e0j9q7wr+zjr3gDUWuE8Qa18MbrW7DU9HZbaV4XW31BpY7lGmWKI7ZFYCQttwpr3f4x/tB/AT9nbQYfFX7QPxv8IeBdLuJTFBqXjHxLa6ZbyOBkqslzIiscHoDmvze1j4q/8FTP+CRf7X/wH+Fv7SH7aen/ALR3wf8Ajj8RbbwNBJr3g630nxF4ev7oqsE6y2zN9pjVmDO8jP8AKrDbGWVq2f2SPgr8H/22P+C0n7X3jr9sjwHo3jjX/hFqHhvw18NPDHjCwjvrTw5olxYPcG5trWcMivcyDzDNtLAlgpAcggH6LfDL4ufCj41+E4/Hvwa+J3h7xboUsjRxa14Y1qC/tHdQCyiaB2QkZGRnjIrl/A37ZX7IHxP+Is3wg+Gn7Vnw28ReLbdnW48L6F450+71GIpneGtopmlXbg5yvGDmvi3/AILzeDPCH7EP/BGX4wWX7HngLRvhfYeLvEWkxeL7rwNo8WnRww399Y2F9dmO3VVDy2yR27sBllbnnmuR/wCC0v8AwT4/YK/Zf/4I3+Ivid+z38IPCXw/8QfB/TNI1j4XfEHwvp9vaataajDeWyW8i30SiWd7gsFdmZvMaQOcuFYAH6ReMvjb8GPhz4r0nwJ8Qvi74Y0HXNetL260LRtZ1+2tbvUYLOLzruWCGV1eZIIj5krICI1+ZiBzWb4E/af/AGafij8PdV+Lfwy/aH8DeIvCmhXUttrnifQvFtneafp08SJJLFPcxStHC6JJGzK7AqsikgBhn81/+CgHwj8Pftq/8FOv+Cb/AIP/AGmvCkd7ZeI/BXjPWPGPhy4jKwXk8WiafetaTx9HhNxGqyQsCroGRgQxFVP+C13w2/4RX9rP9kb9ib4AfsZeD/E/w68b+K/E/iXxF8HbTV7XwlovjTWNM061NnFe3CW7xMIU/e+VJG4n8qOIjhSoB+mPwY/al/Zk/aQN8P2eP2jPAnj3+zCBqX/CF+L7LVPshJwBL9mlfy8kH72Old3X5P2/7IH7evib9uj4CftJfCT/AIJDfDL9m9/AnjFLfx74m8B/F7TLoa14VuU8m9sLiytNPtBcBVKyxli5Ro8KoJBH6wUAfNPgz9sz4kfGj/gpd41/Y++Duj6CfA/wh8D2lz8T/Et/aTTXZ8Ral+807TbQpMkaLHapJPOzLIxLxxgRnLHE/wCCSn7ePxZ/bS+G/wARPB/7Tnhjw7oPxc+D/wAUNV8HeP8AR/C1tPBYs0Eha1vLeO4mmkWGaE8M0jbmikZcKQB5X/wQfaXU/H37bfiPxPk+JJv21/F9pemT/WCwt4rNbFOeTGqNIEPp0rnPjH4h0H/gmj/wXq0r48eJdVh0T4XftZ/DmfSvF2oXD+Xa2XivQIfOtrqZhwvmWP7lRjLPJI2Tg0Ae6eNv28Pi/rP/AAV/8H/8E5fgX4c8N3nhzSPhpe+M/jZr2p2dxNd6bDI4g0y0tHjnjjhneYo7iVJd0MoKhdpJzfh78VP+Cq/7Qn7Jfgb4m/s+fGD9kPVvF95qesR+Mda0r+2dd8LXMEV48VoumzWd6r+aiIVuPMdwJQyqF2kV5v8A8EAfDGvfHHwz8ZP+CsfxH0qaDXv2mfiPcah4djvE/fWXhPTWex0m2OeQQqTZIwHURNjoav8A/BsH/wAoYvhr/wBjB4q/9SLUaAPPPgj+2h/wXn+OP7bHxv8A2ItE1b9kWy1r4GweHJdb1m68F+KDa6iNYsDewiALqhceWg2tvA56ZFfoj8Aofj/b/CPR4f2pNS8HXfjxUm/4SC48AWV3b6Q7edJ5X2eO7kkmUeT5Qbe7ZcORgEAfEP8AwT5/5WAf+ChH/YP+Fn/qNtXvVh+1h+31c/tHt8K73/glN4itvAY8WyaavxSb4u+HGtzpi3DRpqv2AXH2vY0QE3kbPNAbaV3AigDL/Zb/AG4/iz8bv+CoP7Uv7FHivw94dt/CvwQtfBcnhTUNPtJ01C7Or6Sby5+1u8zRyBZBiPy448Lw28819U1+eH/BPn/lYB/4KEf9g/4Wf+o21fQn/BWj9qDVf2Pv+CdvxT+N3hR5T4lh8NtpXg2K25ml1vUHWxsBGo5dhc3ET4HOEbpjIAPOP2e/26f22f2s/wBlz4xftE/s1fBTwL4muNP+L2peG/gTpV/qU+mW2u6JYX0NjPql7dvJIGzIt9IqxJHlbdUwWbNVP+CT/wC3R+3B+0z+0F+0V+zX+3T4L+F+j+JPgnrXh+yg/wCFXR6gbWX+0bS4umEkt7M7TFFSFdyxxDdv4YbTX0B+wL+zBpf7F37Fnwx/ZZ0tIs+CfBtlp+oTQ/duL4Rh7ucf9dLhppPq9fKf/BLH/lL5/wAFDf8AsdvAv/pknoA+2P2g/j18Lf2Xfgl4n/aF+NfiaPSPC3hDSJdR1m/k5KxIOEReryOxVEQcu7qoyWAr48/4I7f8FLv2wf27Pj3+0H8Jv2tvgb4Y+H8nwxk8K3nhjw/pEF0NRtbHXLO8v4YNSkmnkSS6jt0tFfy44QshmBXoF8+/4Kt/HH4ia7/wUI+G/wAGPi9+xP8AH/x38AfhzY2/jbUl+E3wmvvEFt4v8UiVhp9ndvEFiFpZBTctEXYyTGIOhVQa80/4JLft36b44/4La/tevH+yb8dtK/4WzrXgRIBrnwvubY+E/sWhXaE67ub/AIlYn6wGTPmryKAPu34V/tmfEJf+CkfxE/YA+O2iaHZyJ4QsvG3wf1nR7aaE6zoLv9lvYLkSyyKby2vFwTHtDwyo3lptJb6Tr8+v+CgrzaT/AMF3P2BdQ8J5GqalY/Eyy11Yv+W2mJolvKolx0RZcsueC9foLQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAGf4t8JeFvH3hbUvA3jjw7ZaxousWMtlq2lalarPb3ltKhSSGWNwVdGVipUgggkGvjDSP+CE/wAFfh5aTeEv2df23f2oPhR4Kkmd4Ph38P8A4xyQaPZB2LOlstzBPPbKSScRTL14Ir7fooA+TvjP/wAEa/2S/i/+wnpv/BPaz17x34U8FaV4li8QW+reHvE/m60+pLdyXj3Ml5qEd0XkkuJZJHYrnLfLtAAHN+GP+CM+ueGfEuneJH/4K/8A7aupDT76G5Onap8YbGW2uvLcN5UyDTAXjbG1lBGVJGRX2rRQB4z8AP2HPhN+zl+0r8Z/2pvBHiHxFdeIPjnqWkXvi2z1W7geztJNOtZLaAWiRwo8askjF/MeUlgMFRwT9gf9hz4Tf8E6v2atL/ZZ+CfiHxFqnh/SdSv722vPFN3BPeNJd3UlzIGeCGFCoeRguEBCgZJPJ9mooAK8H/bF/wCCfPwx/bK8Q+GvHmufF74oeAPFXhGC6t9B8WfCrx5caJfQwXLRNNC+wNFOjGCP5ZI2HBx1OfeKKAPkf4Jf8Ebf2ffhl+0DoP7Ufxd+Ofxi+N3jfwisv/CF6t8afHf9rR+HXkG2SWztoYYII5CP4zGxBAYEMoYbv7Vn/BKf4A/tQ/G20/ae0b4lfEn4T/E+30kaVdfEL4O+Lv7G1HUtPB3La3YaKWC6jU4x5kTMNqjdhVA+m6KAPCvhj/wT4+DXg79mjxb+yr8VPGnjr4veHPHlzczeL7z4v+LJdav9RE8EMDR+cQnkxqkEflpCsYjYF02sS1eI+F/+CBf7Kthd+F9C+Jv7Qfx2+JPgHwVqMF74U+EXxF+Jbah4Y0+S3/49l+yiBJJ44RgRxzyyIFG0gqSp+46KAPH/AIs/sU/Cv4x/tdfCT9tDxPr/AIgg8U/Bmz1628L2FhdQLp90mr2qWtybpHhaRyqIDH5ckeGyW3jipf2yP2Iv2e/27fhna/DH9oDw3eTx6VqsWq+G9d0TU5bDVdB1GLPlXtldwkSW8y5PIOCDhgw4r1uigD5U+CP/AASl8PfCP4p6D8VfF/7d37TPxLl8NXf2rRtD+I/xbe70yOYIyLJLbW0Futyyhjjz/M555NfVdFFAHyZ8F/2WvjH+zL/wVQ+KHxc+Hng4ah8Ifj54ZsdZ8UXkOoW8Z8NeLtNUW2TbySLLJDfWrhi8SyFZrc7wisGPX/8ABSr/AIJpfs8f8FUf2fbf9nT9o6/8Rafplj4gt9a03V/Cd5Bb6hZXcSSRho5J4JkCtHNKjAoch+MEAj6EooA5j4J/CDwN+z78HfCvwK+GWmGz8O+DvD1nouiWzEFo7W2hWGMMQBubagJbAyST3rhv2Ef2KfhX/wAE9f2ZND/ZS+C+v+INT8O6Beahc2d74ouoJr13vL2a8lDvBDDGQJJ3C4QYUKDk5J9gooA8Z+Dv7Dnwm+CP7YHxj/bX8KeIfEVx4q+N8OgR+K9P1C7gfT7QaRZGztvsiJCskZaM5k8ySTLcrsHFezUUUAfFfxq/4Ik/DX4rftb/ABC/bO8D/tz/ALSHwr8VfE9dKXxbafCnx7Y6VY3I06xisrYbG0+WQ7Y4y3zyN88shG0NtHPan/wRa8anx98NIdZ/4KAfGP4neCPDPxV0rxx4r0X43eLI9anluNIgvDp1vYGC1gWGN7q6WW4Em8SC1gwAU5+9aKAON/aB+EE/x8+D2ufCK2+LXjLwK+tQRxL4s+H2rpYaxp22VJN9tO8cqxsdmwko2Udh3yPjP4S/8G/Xw8+Cvxf1j45eBv8Agpr+13D4h8T6tY6h4xun+KOnD/hI5LQbYFvimlq1wgjzHgtnYzAEZr7+ooAK8b+Bn7EPwo/Z/wD2pfjR+1x4N8QeIbnxJ8dLjQpvFtlqd3A9jaNpNnJaWws0SFJIw0cjGTzJJcsAV2Dg+yUUAfJnw/8A2WfjH8S/+CtPjD9uf46+Dho/hjwB4Cg8DfBGxl1C3uH1Bblxd6rrbJDI5ty7lLSNJNshjidmRMrn6zoooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/9k=" } } ] } }, "considerations": { "users": [ "Who are the intended users of the model?" ], "useCases": [ "Who are the intended users of the model?" ], "technicalLimitations": [ "What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?" ], "performanceTradeoffs": [ "What are the known tradeoffs in accuracy/performance of the model?" ], "ethicalConsiderations": [ { "name": "The name of the risk", "mitigationStrategy": "Strategy used to address this risk" } ], "fairnessAssessments": [ { "groupAtRisk": "The groups or individuals at risk of being systematically disadvantaged by the model", "benefits": "Expected benefits to the identified groups", "harms": "Expected harms to the identified groups", "mitigationStrategy": "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented." } ] } } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.xml000066400000000000000000003036321476011761300305430ustar00rootroot00000000000000 Acme Inc CompVis stable-diffusion 1.4 Stable Diffusion is a latent text-to-image diffusion model capable of generating photo-realistic images given any text input. For more information about how Stable Diffusion functions, please have a look at 🤗's Stable Diffusion with 🧨Diffusers blog. supervised task goes here the architecture family goes here The architecture of the model. dataset Training Data https://example.com/path/to/dataset public string byte[] The type of performance metric The value of the performance metric The name of the slice this metric was computed on. By default, assume this metric is not sliced The lower bound of the confidence interval The upper bound of the confidence interval Performance images FID vs CLIP Scores on 512x512 samples for different v1-versions /9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAMEBgUGBgYFBgYGBwkIBgcJBwYGCAsICQoKCgoKBggLDAsKDAkKCgr/2wBDAQICAgICAgUDAwUKBwYHCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgr/wAARCAH4AxgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPDv2yv+CkH7G3/AAT/ALrwpYftYfFe68N3PjiW8i8K2tl4S1XV5dQe1WJrgKmnWs7LsWeI/OFyG4ztbGN+y9/wVb/YY/bK+Jp+D/7PHxO8Qav4gXTZb82mpfDPxDpMfkRlA7efqFhBDkF1+XfuOeAcHHyZ/wAFx/ird/BH/gpn+wN8U7D4UeLfHE2j+KfHUieFPAmnRXerahu0qyj2W8U0sSOw37yGkX5UY5JGD9i/smftw69+1R4r1Twvq37DPx4+FKaZp4uk1T4teE7HT7S9JkCeTA9tfXDNKM7iCqjaCc9qANj4f/t7fsnfFH4O/Ef4/eBPit9u8JfCTWNa0v4hat/YV/F/ZV3pMIm1CPypIFln8qMht0KSK/RC54rwnSf+DiL/AII+6xY22sJ+1feWenXao1vq+r/DHxLY2LK33W+03GnJCFOR8xcDnrXyt+wD/wAodv8Ago7/ANlg+NH/AKaEr7a/4IwWNlqf/BIL9njTdSs4ri2uPg3osdxbzxh0lRrNAysp4YEEgg8EGgD6G+F3xW+GPxu8B6d8Ufg58QtF8VeG9Xh83S9e8P6lFeWl0mSCUliZlbBBBweCCDgit+vzQ/4Je+GNH/ZN/wCC1X7Xn7C/wZtE0z4YXGjeHfH2h+FLQbLPQNSvLeNb1LeMfLCkzyBtigKqQxKoAQV9Zf8ABUXVP2qfDP7A/wATPHX7FPjt/D/xL8MeHX1zw5crpFrf/avsbLcT2fkXUUiOZ4I5oVwAweRSGBFAHvtFfB37Zv8AwVc1Sw/4I0eH/wBt39lSaMeP/jNpOiaJ8JdOjiiuHj8TauywJbqkqtHLLav9pYo6sjNaFWDAkHgv2/v2yv2sP2eP2i/gZ+w744/4KA+GvgRo+v8Awqk1Txd+0j4s8Eafdp4j8RWskVvLptulysenWLuC10xdAoWRFUL8quAfpdRXhH7BugftAaX4C1PWPjJ+3l4f/aD0nVLmKbwl4x0Pwhp+lGKEKwlikOnSvb3PzbSsiBMcgg9a8O/4ORPj78R/2dv+CPvxT8U/CjXZ9J1nWxpvh5dXtpSj2Vvf30NvcuGHKloHljDAgqZAQcgUAdj8TP8Aguz/AMEnfhN451P4d+KP2w9KvNT0SYxayfC/h/VNbtrBwSGWe6061ngiKkEMGcbSCDgg16F4w/4KZ/sI+CP2Qbn9vbVP2ktEvPhFZywRXXjTQIbjVIIpZbiO2SIxWUcswk86WNGTZuQt84UAkdh+yh+y58G/2Mv2fvDP7N/wI8IWWj+HfDOlxWsEdpbrG11IqASXUxUZkmlYF3kbLMzEkmvhf/g5o+Fvw2+FP/BC3426b8MvAek+H7bVfEug6nqNro1hHbRXF5Lr2nebcMkYCmR9oLNjLHJOSSSAfpbXnfgb9q74BfEn9ofx1+yn4K8e/bfH3w1s9NuvGug/2XdR/wBnQ38PnWjefJEsM3mR/NiJ3K9GCnivRK/PD9hr/lYa/bm/7E/4b/8ApnoA7zUf+Dhr/gkNpGo6pp2o/tS6jENF1SfTtWvT8LfE5s7S5hkMcqPdDTfJXawILb9vfOOa+svhR8Wvhj8dvh1pHxd+DXjzSvE/hjXrQXOj67ol6lxbXcRJG5HQkHDAqR1VlKkAgivx4/4Iz/8ABVf9ib9kL9lL4q/BL44ah4u1TxRJ8dfGV0nhDw18Lta1l9ShmugqQpLb2j2jPJtZdjzLjPzbQc19af8ABuV+zf8AG39mz/gnjcaX8b/hlf8AgWXxb8Sdd8UeGfAWqxmO58N6PdyR/ZrKSI8wsPLeTyyAyiYbgrblAB9c/tH/ALT37Pv7IXwtu/jV+0z8XNF8F+F7KVYpdX1u7EaPK2dsMajLzSsFYiOMM5CnAODXi3wH/wCC0/8AwTL/AGlfilo3wU+Ef7TsNz4q8RSFNA0bWfCmr6RLqTBSxFub+0hWY4BPyE5A4ry//gtj+yx+1P8AFXxd+z5+1l+y78F9M+K118BPiFc+INa+Eep6vFZf8JDBNBGizQSTgxC5tzGWj3AkNJuUOV2NF8Dv+C437PPxa/aC8Ifsr/tmfsffFL4CfEXxDqiJ4Hs/jB4NWPTtT1HIVI7C/BKvMWbYrlIwWdUVizhSAffNFfBPxj/aW/bl/bK/4KM+Pv8Agn3+wx8bdF+D/hv4J+HtHvvir8T7vwhBr2qXGparC1xZabY2t0fsyJ9nVneaQOQykADbhus+N3x4/ac/4JOf8E8/i9+1B+2D+0XY/HS88G2iXfhK+XwTb+HZ5ZJ3htLazu0tHaJgbuaPM0aoQjn5MqMgH2VRX5gfGnX/APgul+yR+xhP/wAFI/Hn7aXg7xrqPhnQIfFXjz9n5/hXY2OkQ6ZtWW8s7TVInN6JreEuRLIzhzEflPAboP8Agob/AMFC/wBsC68d/sQyf8E7/GOlaZaftJ3F7Nc2PirRYLq0msrjSbS6tbi5+UzKtqty9yY7eWJpTF5ZfDZAB+j9Ffmz+3B+19+2B/wS4+GXgv4M/Ev9vbwb43+JPx1+IZ0vwp8Sfin4S0zwx4f8BaVBbI+oXk6WsiJcLFuQxJNJuZ51VncKEfz3SP8AgqB8Sf2Rf2j/AIQaXr//AAWa+C/7XHgz4o/EKw8F+KPDnhqz8PWGu+F7i/LJbarapo9w5ls0mCpMJlYqrqAxZwVAP1oor8uvjt+3V+0d8Sv+ClvxW/ZD13/gqT4N/ZE0f4frpEfgLStf8D6TeXvjuK7tBNJqC3WtMIGjWUtEsVv8/wApDYZCW/Qb9mDw98Z/C3wQ0XRPj/8AHPS/iV4njE73PjjRvDselQatA8zvbSi1ikkjjbyGiVtjFWZSwwGwADv6K+P/APgrB+2p8f8A9n2/+Dv7LH7H9tokXxZ+P/jl/D/hrXvEtqbix8PWNvEJtQ1N4Aw+0PDEyFIidpLEndt2N5R46+Of/BRr/gl7+058ENI/az/a4034+fCf43fEG18AX2qXnw5sPDuq+FtfvEY2EkP2AiO4tpXSQOsilkVCdxOMgH6L0V+b/jP49/8ABTb49/8ABZH4y/sE/s7ftMaN4B+H/hf4deHdc/4SPUPA9lq11oEk8f7yOyidU8+e5kbJe6klihjgk2xFnXHoH/BN/wDaX/bB0r9tn42/8E2/21fi3pfxK1r4b6RoviTwf8SrDwxBo1xq+lagjh4ru0tv3EcsMqqoaMAMCxPYUAfbGrarYaHpVzreqz+Va2du89zLtLbI0UsxwAScAHgDNfFuif8ABxP/AMEifE2lw654c/aO8S6hZXAJt7yx+Cvi+WKUAkEq66SQ3II4PUV9h/EDSb7X/Aet6FpkQe5vdIuYLdCwUM7xMqjJ4HJHNflZ+zFr/wDwWR/4Inf8E4vCmifF39jb4U/ED4ZfCbQLm48XW/gf4jXf/CUWenG4mu7q88ue0W0l8hJXYxxyMSsR+YDLAA/TL43ftJ/Ar9m34OXn7QXx5+Jum+FPBthFBJea/rLtFDEJnVIgQRu3O7ooXG4lgMZrhf2KP+Ckv7FP/BRSx8S6p+xp8bY/Glt4QvILXxDPDoOoWSW0syyNEAby3i80MI3O6PcvHJGRntvh34x+CP7Y/wAAPC/xX0bSNO8UeCvGuiafr+ixa1psc0csEqJcW7vDKGCyLlTgjKOvYivi7/gkVaWtj/wU4/4KA2VjbRwwxfFPwykUMSBVRRpEgAAHAA9KAPpf9rP/AIKZ/sLfsN+JdM8EftQftC6b4b1/WbL7ZpXhyDT7vUdSurfe6CZLSyhmnMZaORQ+zBMbAHINbX7JH7eP7In7dvhnUfFn7J/xz0nxhb6NdLb61a2yTW17psrZ2rc2lykdxb7trbfMjXdsbGdpx6Nc+FfAmneJrj4oXfhzSYNZGlLZ3XiKSziW5FjG7yrC9wRv8lXkkcIW2guzYBJNfnP/AME8b/Sf20v+C1/xq/4KWfs3aCLP4L6b8MIPhpF4rt4fKtviF4gg1CO4uNTgwMXEVtHF9lFxyGCx7GILAAH6XVy/xr+M3w1/Z1+EfiP47fGPxJ/Y/hXwlo8+qeIdV+xzXH2S0hQvJJ5UCPJJhQTtRWY9ga/P79pz/gqN+0d/wSK/aK8eeB/217bXvix4E+IdrNq/7M2uaF4bt4r2XV8pGfBl0tjAil/MkjaC5dGdoixZpX+SP0jX/wBmb/gor+0B/wAEa/ij8GP2qPiHp/in44fFfwPrHk6FBZ2OnaZ4ZlvoSLbRYZII08yO3DKjTzPLIz7z5jrtoA6H4df8F4/+CXXxY8U6F4N8AfHXxNf33iXULWy0Qf8ACnPFkUNzNcOqQ/vpNLWJEZnX947KgByWAya9y/at/bO/Zc/Yd+HcHxX/AGsfjRpHgjQLq/FlaX+rM5+03JjeQQxJGrPI+yN22qpOFJr4XH7av/BSv/gkF+zv8Pb/APb6/ZL+Gur/AAQ8I6TofhbxL44+Efji9vNT8MQKkFjDf3lpeWkQuEaTywywHgyDBJwG/RzXvB3w7+JVppuoeJ/Cmja/BaTrfaRNqFhFdLBIUIWeEurbG2OQHXBwx5waAOD/AGOv23P2YP2/fhG/x2/ZI+Jw8W+FI9Xn0t9VGjXtji7hVGkj8u8hikOBIh3bdp3cE4OOE/aY/wCCvH/BOf8AZA+J1z8Ffj5+0zYab4vsreOfUPDGk6HqOsX9nE8ayI88GnW87who3RwXC5Vw3Qg14N/wbfgL+yx8Z1UYA/ap8c4A/wCvmGvuDxTd/Bj4GaP4q+Oni1fDvhazFp/afjTxVcww2okitoAgnu58AuI4Y1QM5O1EVRwAKAMj9mb9q39nP9sn4XwfGf8AZf8AjBovjTw1PO0H9p6NcFvJnUAtDNGwEkEoDKTHIquAykjBBPoNfnJ/wQp8Nav8Vfjx+1N/wUh8GfD+68H/AAm+P3jrSrj4V6Dd2RtW1G1022nt7jXvIIHlLfyy+cCQGYhycjYx+zf21PjF8Rf2ev2RPiX8dPhF8Pz4q8UeEfBGpatoHh4RO4vrqC3eSOMpH87ruUEonzMAQvJFAHp1FfmT/wAE6fjP+1h+2Na+AvjD4L/4L9/Dfx3qGof2fq/jX4M6Z8KtBj+y2zGOW80xRHMmpWrpGZIlnl3HcocpjIr1X/gq3+0ZrvwF8b6FJrH/AAWT8C/sweHbvQw0Oj3vw+0/Xdd1i7E0okuI1vHfZbKnlJ8lu3zh8uMgUAfcNFfnp/wRN/4KheKv2yvip8Yv2W/HH7R3hX40N8MG0q/8L/GLwl4cbR4/EumX0cm5bmy+5Bc280Rjby8I4cYHylm8p/4J3/ET/gtr/wAFK/2U/E3xi0L/AIKDeH/hxN4e8eeIdG8Jzn4T6Vqdx4ka1u3Ef21nRIbW1T5LZRBCZj5csryMSqUAfrDRX5YfsiftE/8ABYr/AIKufsEWf7a/wl/af8JfAm6stKu7XRvCumfDq11tPFep6fuiurm8nvmY2NvNdRSwpDApeJULmWQkIHftP/8ABXr9pnX/APg3P8K/8FQ/gTeW/hX4ja2+hx3iafptvcwm5/ttNOv4oYryOZFjlaOYJuVmRZBhiy7qAP1Nrz/x3+1J8Cfhn8fPAX7MHjfx19i8c/E631SfwPof9mXUn9pR6dAs94fOjiaGHy4mVsSuhbOE3Hivg39s34nf8Fkv+CdXwCH/AAUh+KH7WfhH4g6D4au7C9+KXwDsPhtZ2FhY6bc3EUNxHpeqLI15JLbGYBZJ3ZZApkKjHlN0n7YniXR/Gf8AwXJ/4J9eMPD1z51hq3hH4l3ljNtx5kMugWzo2O2VYGgD9DqK/LX48/8ABUjxv8ff25fip+zH4B/4KmfB79kvwR8GdRt9Fu/EPjQaJeeIPF+stHvuhbW+sTpDBZ25/dGQI7M4ODhsR7P7H3/BW347eJPhf+1V8JZfiL4A/aK+IX7Ovg//AISLwL4++GBhbTfiDZ3Gnz3FskkFjLLHHdRTwGGeKBsEuFQbhuYA/TGivy//AOCdPxy/a3/bV0fwJ8Y/Bv8AwX5+G3izW9USw1fxj8EtO+FOgoLGFtkt3pYVZk1OBo0MkQnkydyBymOK/UCgD59/au/4KnfsG/sSeP7D4UftIfHhdI8Ualpn9o2vhzSfDWp6zf8A2PeUFw8Gm21xJFGWVlDuFBKnBODXvtjeW+o2UOoWjlop4lkiZkKkqwyDggEcHoea/H/4C/sxftveIP8Agvj+0To2gf8ABTLXtI1jRvAvhS91TxAnws8P3Emq6XO8ksOlGKWAx28cKjYJogJZM7nJYZr3Hwt8dv8Agon/AMFNv2tfjh4I/ZI/ay034C/Cr4FeNpPAya1afDyw8Rat4o8Q26A35kF+TFbW0LsiqqLvcMDuBJ2gH6KUV+ef7N3/AAUO/ay139m79r/4G/tE6lokXx1/ZY0fUkm8ZeG9LSKy1qCbSLm+0fVhaS+YkUrrAXeAhowVHGGKCf8A4JK6l/wVU/bC/Z++DH7bX7Sn7b+maToes6Db3mo/DLQvhlprf8JFaeS8a3d7qDAPBPcPi52WkcMcSlI9rfMSAfoLWX448Z+Gvhx4L1j4h+M9S+xaPoOl3Go6teeS8nkW0EbSyybIwzttRWO1QWOMAE8VyP7Wn7Q/hv8AZJ/Zh+IH7Tvi3Tpb3T/AXhC/1y4sIHCvd/ZoHkWBWIIVpGVUBPALAmvzm8Rr/wAFqfij/wAEvPFP7ffj79rzwdfL4x+EWoeJrj9nmL4ZWsGmWug3enSTfZINWWT7aL1bOTzFeQyJ5wEbIy5egD7v1z/gop+xx4b/AGZPCP7Y+tfGHyfhv47vNNtfCniP/hH9Rb7dNfyeVaL9nW3M8XmOcZkjUL1YqOa1P2t/25P2U/2FPB+m+Ov2qvjBZ+FLHWtRFhosbWNze3Wo3O3cYre1tIpZ5iBydiNtyM4yM/nHpP7S3xp/ZV/4NyP2UfiL8CPF0Wi6xfan4E0a6u5tItL0PZXd4Ip4vLuopEBZCRvCh16qynmtD/grN8B/2p/G/wDwXM/Y2svh/wDtz6v4STxcfiA/gFYPAGj3y+BpLLw1atePCLmJhqBvOQftW/yN2YdpoA+1viD/AMFa/wDgn18KfgL4O/aV+I3x+Oj+FPiDc3EHgtr3wpqy6lq8kEjRzLDpn2X7cdjL8xMAADIejoT7L8FfjN8O/wBob4V6L8afhNq9zf8AhzxDafatJvLzSbqwlli3Fctb3ccc0Ryp+WRFPfGCK/J39s39lr9uiX/gtb+yh4Guf+CoOvy+I9Q8A+LX8M+MX+FHh7zPD0ltpNrHfyR2v2fyJzfMrO/mqfJ37YtqgCvV/wBsv/go18Xvh9+1n4W/4Jg6H/wUZ+GPwX1Hwp8LLDXviz+0R8VbPSIbrV759sMVrpunXUsNkLmfa11KMNHGkoCKNm1wD9NKK/OP/gnX/wAFJvHepf8ABQK+/wCCeXxK/bw+GP7Tek638P5fFfgb4t/DwaZDdW01vcLFdaRqdvpcslssgRhNHIgTKKcglgE47/gm/wDFD/gsD/wUh0D4l+Lb39vXTPht4X8BfHHxD4b0O/sfhVpOqapr0NrdAiCXzUSC3tYYmjhUrE1xI5mZ5RtQUAfqbRX5KTf8FU/H37afxz+KH/CJ/wDBZX4Jfsj+A/h746vvCfhTRfEUHh7UPEXimSyISfVbmPWblBb2bykiFYkDMqsGYFdzdR8Kv+CuXx5+LP8AwSn/AGsPHdl8XfBWrfFv9nK01rTrL4ofDhbW+0PxCIrM3Gna1bRv50H7xd2+E+ZGHibgBtigH6h1z/jv4s/Cv4Wz6Ha/E34l+H/DkvibXIdF8Nx69rMFm2ralMGMNlbCV1M9w4VtsSbnbacA4NfmP42+J/8AwW80D/gmLpv/AAVVb9uHwhY6honwtsfG+o/BU/Cmxl03VNNSzjuZlu9RyLpbuW33Tv8AZxDEkjGKNFUCSsP/AILTXvxi/ay8NfsB/tF/CT9ovUvAekfEX45eBZ9B0KHwxp9//YurajaT3dtrIluIy00tvG5jFs/+jvncyE4oA/XSivNP2VvhP8ffg58OLjwr+0b+1ZqPxh16XV5bmDxTqfhDTdFkhtWjiVLQQadHHEyqySP5hG8+aQThVx4F+3h+1V8fP2PP2/P2a/EF948x8Cfiprt38PvGuiTaXa7NP8R3UZl0a+W5MXnqZZFkgZDKIgqbthY5oA+yK+W/2kv+C1X/AAS9/ZH+Mb/s+fH79rbR9G8axXsFpc+G7TR9Q1G5tpplR4kmWyt5fJLLIjDeVGHB71znx0/aq+PfjP8A4LCfCP8AYK/Z28ef2R4c8O+BtT8ffHiSHS7W5N1pzMLTS9OEk8Tm3eS63SP5ZSUxEEMAMnyb/g5b8A+BNB/4Jwap4w0PwVpNlq+rfFjwe2q6paabFHc3rLqluoMsqqGkIVVUbicBQOwoA/SCiqHijxV4Y8EeH7rxZ408R2GkaVYxebfanql4lvb26dNzySEKg5HJIFfLn/BRP9pjx94p/YH+KfxH/wCCZX7Tvha9+JXgDQV8RWv/AAjl1pmuCW3tXE9xaSwMJgPPtoriNCAr79u1gQaAPrKivhH9u3/gqZrmmf8ABIrwr+1x+xzexr8QvjrD4f0H4M2jQw3Lx+INZZESIpKrRvLbL9pYo6Mpe22spBIrk/8Agob/AMFFfi7+zh8bfg7/AME1tC/bT+G3wv8AGfiH4eDxF8TP2hPizHp0FtZWUB+yCSzspnt7Sa+vLuKdhEdscaI5WMjlAD9GqK/Mn9j3/gpf4+8Cf8FFfAX7DXjn/gpb8Kv2sPC/xf0LV5vDXjbwNHo1tq/hfVtNt/tT2moQaPM9ubae3EhikKo7SRsvIQ5pfsv/ABa/4K3/ALfP7Tv7Unwf8Eftv6Z8L/A/wl+OGpaF4a8UQ/DHS9Y1V4gAIdMijnRIFggRfMeaZZp5WuUUOoQkgH6h15/+1H+1H8Cf2LvgTrv7S/7S/jn/AIRrwT4a+y/23rf9mXV59m+0XUVrD+5tYpZn3TTxJ8qHG7JwoJH54fFv9t/9qDx5/wAFFPiX+xt42/4KveDf2UrL4cWmiW/g2DxB4A0e4vviH9psVmn1RZ9YYW4j8/fGsFr8wwVJBQlvTP8Agqx8dP20P2Fv+CEvj744W/7UGjeLfiv4ZGkPY/E3TfA1hDa38F14ksoEl/s6YXNqGNlceW3DqWzIm07doB+gdFfFX/BSH9r39qWw/aw+Dn/BNf8AYd8SaJ4V8efFi01TWvEXxG1/RV1KPwnoNggLzwWbsqXNzLJujQSEoCmGHz74+R8E/tE/t5/sHf8ABRT4U/sZftpftF6Z8bPAfx80/V4fBHj5vBFnoGq6FrenW4uJLO5hscQTW8sTKEcIr73A4CMWAP0Dor8y/hL8ZP8Agqz+2n/wUC/ar/Zg+FX7Y2lfDPwB8J/Gul22ieKG+HOm6xqlqLiwEi6daxTIkJj3LJNLPc+fJzEkYQFmHXfsc/t8/tq6b8Fv2uPhD8erHTPin8Yv2WLi+XRtV0DQ/wCz18bwvpUl/pnmWcBIhuJTGUdIePnVVBYFmAP0Gor8tf8AgnT8fv2vf24vDfgf4yeEP+C+3w11zxNrENlq3i34Gaf8J9CA0xW2S3Wk7POTU4mjXzIhcOSSyb9pHB/UqgAooooAKKKKACiiigAooooAKKKKAPjP9v39lH4+/Gz/AIKU/sZfH/4Y+Av7T8I/CfxJ4uuvH+rf2paw/wBlQ3umW8Fs3lSyrLPvkRlxCjlcZYKCDX2ZRRQB+b/7IH7BP7WPwu/4JsftrfAHx38KfsPi34t/Ej4nap8PdJ/t2wl/tW01bTlh0+TzY52ig82QFdszxsnVwg5qp+xB8Vv+Cx/7LH7Fnw1/ZOsf+CMNxda14F8E2Gg/8JHr3x/8N2+nTSwQrH9oZLWS4nCZG7YqliOMjqP0rooA+Qf+CYf/AAT++Mv7N3jv4r/tiftj/EHQ/E/xz+OesWl54xm8LRSrpGh2FnEYbHSrEzASPHFGdpkcAvtjBBMe9/r10SRSjqGVhggjIIpaKAPyK/Y8/wCCSP7avw3/AOCiPhb4NfFbwFaQfsm/s/8AxM8WfEL4LamuvWco1G81QQNp2nNaJM1xF/Z8s97MkjxIpcS8kMm77W/bq8b/ALYWm+K4PAvw4/4JkeF/2iPhnqehRPqltqHj/S9Nu7XUhNOHje01WM29xAYvIKuJFYM0gIIxXb+P/j1+0X/w0XrPwF+BHwL8Fa+nh/wVouv6nq/i74k3ejEnUbvVbeOCKG30e+3hP7KdmdnTPnKAvykl3/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5w/4I2/sH/HX9lz4w/Hv9oH4ifArwx8EvC3xc1rR7nwj8A/B/iCPUrPwybO2khuLt5LdEtUmumZXKW42KFAJIVAPpv9uv8AY9+HH7fX7JPjj9kT4rXM9to3jXSPsrX9qgaWxuY5EntrpFPDNFPFFKFPDbMHgmqf/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfNPwb+NH/Bcb9ln4caZ+z/8AFH/gnT4f+PN/4ZsY9O034reDPjPpmiQa5bxKEhnvbPU0We3uCiqZWjEqs5YquMZwf+Co/wCzH/wU0/b2/wCCKfxH+B3jb4N+Dbj4y+LfEWmXeieA/A/iWP7JYadBq9jOtu99qDQRy3CQwyvJJlUZsiMY2ivrT/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegDwW1/b8/4LEy3McVz/AMECNbijaQCSU/tLeE22KTy2A+TjritT9lP9lH4+/Db/AILKftW/tWeNfAX2LwD8SvDfgm18Fa9/alrJ/aM1hpvk3a+RHK00PlyfLmVEDdVLDmvZv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDxn/gh3+yj8ff2Pv2W/Gvw5/aL8Bf8I7rOr/GzxPr+n2f9qWt35unXdwj282+1lkRd6gnYxDr/Eor7Mrxn/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegCt+2T8Sf27/ha3hjxL+xj+zR4S+KtiJbtPGnhnW/G39g6iVIh+zSWNzLG9ucHz/MSUDP7vaw+avj39pL4Cf8FLP+CtXxa+DHgz4/8A7EOjfs/fDT4V/FnTPHuu69rXxM0/xBrerzWAkEdjYxaaGS3WTzWDySOP4WAzHsk+y/8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APm74x/s1/tzfsZ/8ABRrx9/wUD/YZ+B+jfGHw18bfD2j2PxU+GN14wt9B1S21PSoWtrLUrG6ux9meP7OzI8MjIxZiQTuyvW/HD4DftN/8FY/+Cefxd/Zf/bA/Z1sfgXeeMrRLTwlYr42t/EU8UkDw3dteXb2iLEoF3DHmKNnJRD8+WGPZP+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD4n+NWg/8F0f2uP2MLj/gm747/Yq8H+CtR8TeH4fCvjz9oCT4q2N/o82m7VivL200uJBema4hDgRSKgQyn5hwV9V/aD/YA+KOk/tO/sFQ/ADwRLqnw+/Z1m1fTvE2rT6pawvpmnDQIdPsnaOWRJJy7RBSIUcg8kAc19B/8Jx/wUL/AOjX/gz/AOH41b/5l6P+E4/4KF/9Gv8AwZ/8Pxq3/wAy9AHkP/BXH/gn58Qf2wrH4WfHP4EaP4O1n4i/BHxfLrfh/wAK/EK283RPEtlcQiG+0u5Ox/KMsaRmOUqwR4xkDdvThfgjoX7UXiz4s+FtO1//AIN8/hF8LNPg1y1l1/xxqvj7w3fnTrdJVaSaxg060aeacAZiL+SAwBbGK+mP+E4/4KF/9Gv/AAZ/8Pxq3/zL0f8ACcf8FC/+jX/gz/4fjVv/AJl6APBP2zNa/bM+IXjPxF8KPHf/AAQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV1//BFf9iz41/sFfsMad8B/jxrGmnWH8T6rrFr4c0PUZryw8L2d3cGWHSbaeYBpY4QSS2Mb5HwWADt6Z/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AHkv/BV/9iz4/ftBah8Hf2qP2QLjRJfix8APHL+IPDWg+JLs29j4hsbiIQ6hpjzhT9neaJUCSkFVKkHbu3r5R47+Bv8AwUZ/4Kh/tN/BDVv2sv2RtN+Afwn+CPxBtfH99pd58RrDxFqvinX7NWFhFD/Z4MdvbRO8hdpGDOrkBQcY+sf+E4/4KF/9Gv8AwZ/8Pxq3/wAy9H/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6APJfgB+y38dvBP/BZn9oL9q/xP4F+y+APHHw38KaX4X1/+07V/tt3ZpILmPyElM8ewsPmkRVbPyk0fBn9lv47eFP+C1fxo/a31/wL9n+Hviz4P+HNE8P+IP7TtX+1X9rM7Tw+QspnTaCDueNVPYmvWv8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APSfijqHxB0n4Z+ItV+Evh6w1fxXbaFdy+GdJ1S8Nva3uoLC5toJpQCYo3lCKzgHarE9q+Cf2mfin/AMFuP2w/gF4n/ZN8Kf8ABLbw78KLvx/oV14f1r4k+KvjnpWr6Zo9ldxNBczw21jH9qnk8p32ZjXaxUkNjbX1b/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AGT4J+F3xA/4J6f8E8vC/wAFv2YPg/efF/xB8MvBmlaLofhgeILTRZvEDw+TBNMbm7byLYlTLcEMcfKUXkrXw7+wcP8AgsH+zz+2x8dfjr44/wCCOOpJov7QHj/RNTuZF+PPhdj4Xtre3NrK7hJ2a7wrmXCKjELtAJINffH/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AfJX/BcXwD/wAFSP2kvF/hH9lf9mP9lnXvFfwB1SwjvvjNqvg34j6LoeseIB50ynw/HJqF1E9tbskcTzTIj+alx5YICSK/u/7AfxK/aZtG039njxj/AMEmb/8AZ8+HfhjwwYvDt+PiX4e1a0iaJ4kisUttNneVSyNI/msNuY23Hc4z33/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6P+E4/4KF/9Gv/AAZ/8Pxq3/zL0AfHPxR/4JRfGP8A4K1fGz4mfGv/AIKU6NrHw/0PRbK58M/s0+CtK8SW8934WXdHKfFk0ljPJCb+aaOIpF5hEccZjcNhGr3b9nL4g/8ABVrwX+wXqOm/Gv8AZn0TxR8efAeox6RpwufG1laaX8RrKG6iT+1ormFpWsJJrQyuUuIkYTpkxqr7V9Q/4Tj/AIKF/wDRr/wZ/wDD8at/8y9H/Ccf8FC/+jX/AIM/+H41b/5l6APjP9tXwR/wV0/4K0/BWb9hXxl+wVo/7PPgLxfqNiPiN8QvEfxY0zxDdLptvdxXLwadaacCWmdoUAebYuMqQu7ev2p+0x4/+P37N/wS0ib9kT9kG7+Mmr2d7a6Yng+18c6foL21gsEgN0brUCI3CGOJPLHzt5u4cK1V/wDhOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA+JP+CLHh7/gqj+yHNrXwA+P3/BLG/0Pwz4++Mmv+LtV+IA+M3h26j0C31FhKsTWVtPJNclGjVCUwTvztABqn/wVh+EX/BUH9rj9tbS/hXqf/BPzW/iV+yd4Kaz1I+GfC/xV8P6MfiJqwihnX+0/tt3HMljbTM8YtfLAleDzCzB49n3P/wAJx/wUL/6Nf+DP/h+NW/8AmXo/4Tj/AIKF/wDRr/wZ/wDD8at/8y9AFP8AYw+NX7UHxRtNW8P/ALQP/BPbUfgPp+g2lnD4ahu/HuiazFqKESK8USaXK4tlhWOIYcKCJQF+6cekfG/WPi94f+E2va38A/Bmk+IvGNrYNL4f0LXNUaytL+4BBEMk6qxhDDI37SAcEgiuD/4Tj/goX/0a/wDBn/w/Grf/ADL0f8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXoA/Pz9qn9i79tn/AIKL+P8AwHLF/wAEhvA37N/jLQfiJpXiHVf2hB8TNF1DVLCC1nEs0dp/ZUS3V3JKMhRceXHkDcFJDp6x8e/2av22v2dP+CtXij/gof8AAb9jPQv2g9B8ffDrS/D0OnzeN9P0TWPBVxZsd5t31EeU1tPkO4jYOXJJA2DzPqv/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5f/AOCbn7Ln/BQfwr/wVI/aC/bU/bV+GehaDYfFLwX4ch8PReG/EUF/aacbUOn9mBtyzyyQRCPzZ3hijkleQx5TBr0b/gh/+y38dv2QP2IpvhB+0V4F/wCEd8RN8SPE2qLp39p2t3m0u9Slmt5PMtZZI/njZW27ty5wwB4r1r/hOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA8Z/4Iifso/H39kL/glV4V/Zt/aJ8Bf8I9410288SPe6L/alrd+Wt1q99cQHzraWSI7opo24c43YbBBA+DP2u/2VPjz+yl/waUeFf2Vv2gfDLeEfHeh+KNKttWsF1C2vTYSXHjJp4XEtrLJFJ+7mif5JDjOCQQQP1Z/4Tj/goX/0a/8ABn/w/Grf/MvXn/7TXwU/aV/bG+E1x8Df2jv2Jfgz4j8LXeoWd9caX/w0X4gs989rOlxA/mWvhuOQbZY0bAbBxgggkUAfOf7Z3wz/AOCyX/BRb4A/8O3vid+yV4S+HuheJruwsvij8fLH4lWd/YXum21xFNcS6XpaxreRy3JhBWOdFWMOYyxz5q+x/tE/sbfF/Wf+Cpv7G/xv+FHw88/4bfBvwx430zxVq39q2yf2St5o8Fpp6eTJKs0+94ymYkfbjL7RzXtP/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfG3xN/YB/aB/ZI/bW+K/7RnwK/4J9fDf9pzwB8a9ag8Qan4X8Q6rpemeIPCmtCIR3T29xqkTW9zaTkCTZvR1c4AAXMnuv7MNn+1x4d+GHxK+Iejf8EtPhN8FfFi6Vbr8P/CGm+MbGefX7hBM0iald6daJDbR7vJEewzYLSM3QA+qf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB+fH7YX7GP7cH/BSXX/CWmL/AMEgPAv7O3jnTPHel65fftFn4naLqGpaRHa3KzTfYzpcS3l1JIAQon8tM4LBTh0/W2vGf+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDyX4Afst/HbwT/wAFmf2gv2r/ABP4F+y+APHHw38KaX4X1/8AtO1f7bd2aSC5j8hJTPHsLD5pEVWz8pNeV+FvgV/wUT/4Jk/tafHDxt+yT+yZpvx7+FXx18bSeOY9GtPiJYeHdW8L+IbhAL8SnUAIrm2mdUZWjbegUDaSDu+rv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD5Z/Zu/4J4/tY6F+zf+1/8c/2iNL0ST46ftT6PqTy+DfDeqJLZaLBDpFzY6PpIu5fLSWVFnKPOSsZLDnClz9Kf8Evfgz8Sv2df+CdfwV+BPxj8N/2P4q8JfDfStL8Q6V9shuPsl3DbokkfmwO8cmGBG5GZT2JrS/4Tj/goX/0a/8ABn/w/Grf/MvR/wAJx/wUL/6Nf+DP/h+NW/8AmXoA6P8Aa1/Z48Oftb/swfED9mHxZqUllp/j3whf6HcX8MYd7T7TA8azqpIDNGzK4BOCVANfn3pXhD/gubbf8E8NR/4Jg3n7Fvg9dW0z4bXHgey+PUPxTsX0zUdLjsmtI7iDTCq3YvZLYLEqzeVEJmEryIuVH3D/AMJx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB8RfFT/gnX+2P4k/4IW/s6fscaL8HvO+JHgTxJ4KuvFfhz/hINOX7DDYXolu2+0NcCCXy0GcRyMW6KGPFfQn7Zf7Lnx2+K//AAVi/Yv/AGl/AHgb7f4J+E3/AAsX/hYGt/2naxf2V/amhQWtj+5klWafzZkZP3KSbMZfauDXrP8AwnH/AAUL/wCjX/gz/wCH41b/AOZej/hOP+Chf/Rr/wAGf/D8at/8y9AHkv7TP7Lfx2+IP/BYf9mP9qfwh4F+1+A/h54P8aWPjDXf7TtY/wCz57+zijtE8h5RNLvdWGY0cLjLFRzXnP7dH/BP742+G/2+h/wUg/Zs/ZX+Hnx4i8ReBYPC3xF+EXj27tLK4lNtN5lrqmmXl5FJBHOqHyZI5dqsijBJbKfUH/Ccf8FC/wDo1/4M/wDh+NW/+Zej/hOP+Chf/Rr/AMGf/D8at/8AMvQB5T+wtoHx11P403Pij4k/8Eg/hr+zvoNn4fnWz1yw8VaNqevXl88sIWFV0q3EcNv5Xnl2M7MWEYC4yaj/AOCLn7Lfx2/ZM/Z6+Ifgb9oHwL/YGqa78ePFniLSrX+07W78/Tb27WS2n3W0sirvUE7GIdf4lBr1r/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD4b8N/sBftIf8ABPj4wfErRPhV/wAEvPhj+1F8MvH/AI+1Dxd4Y1C91zRdJ8ReFpb5lkn0y4OrRGO6tUkBMLxybwrNuBJ2r618R/2dv2nPjr/wSp/aF+Elv/wT7+H/AMHfHXj7wlqul+EPh34G8SadcPfh7ERwG9vI4bW1WdpnlUDcURNuZOTX0V/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AeY/F79mX43+KP8Agh5rP7H2heCfP+It1+zGfCdv4d/tK2XdrH9gi0+zfaGkEA/f/J5hk8vvu28147+1P+wb+134o/4JvfsdaR8I/hlp2sfFD9mnxR8PfFmsfD7UfEdvZjVpNH0z7NeabHe5e3SXe5CyljHiNiC2Vz9Yf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQBufsr/Fj4+fGP4cXHir9o39lPUfg9r0WrS20PhbU/F2m61JNbLHGy3QuNOkeIKzPIgQkOPKJIAZc+df8Fav2NtU/bv8A2APiF+z94O/d+LptMXVvAF2s6wvba/YyLdWLJKxAh3TRLE0mRtSV+2a6n/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD5+/4Ix/sr/tf+B9W+Mf7bP/BRfwBZ+HPjb8Z/FVmuo6LZ6raX0el6HplnHbWFuktrLLENxM8jBG5zGWAYEDzP/gvD4O/4KcfthfDvV/2N/wBmT/gmje+KvDFr4q8Pa3pvxPHxc8P2MV/9klgu5oRYXc0c8REgeDcxwSm8AqRX2b/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AZv7PXir41ftjfB7xP4T/b//AOCd9n8NrK6uhYt4H8V+LtH8W2mvWRRXaSUWgeEJv+XypASSucYxXZfBT9jz9kj9muTVJv2c/wBlr4c+AH1yGOHWn8FeCLDSjqEabtiTm1hTzVXe+A2QN7Y6muf/AOE4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD88v2GP8Agkr+2z8Lv+CgnhL4TfG3wLaw/ss/s3+NvGHi/wCA+pjX7Oc6pcatJCbCzltUmaeM2PnXkqyyRoPMDYyGXP0J/wAFK/8Agn58X/Gv7YfgH/go9+zb8DPAPxa8ReFfBl14O8Z/CX4jSwQW/iHRJLk3UL2V1cRSw2t7BcPIwaVdrJIRuXBD/RP/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AeJfsd6F+0Hr3x80jW/G3/AARP+GHwC0HTba5lu/GB8YaDqWsiZoWSOOzi0m2IQMzEPI8y/u2YBcnFaf8AwSy/Zb+O37OPxY/ar8TfGfwL/Y1j8Sf2kNX8U+Cp/wC07W4/tHSZoLdIrnEErmHcyMPLlCSDHKjIr1r/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegDwT9szWv2zPiF4z8RfCjx3/wQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV83/EL/gkT+3D4b/4Nt/iL/wTw0Dw7pviX4neKPE9vrHhrwFofiWMWGgWb+JbDUP7JtrzUJIkaO3ghmkLOyguzqpclS/6F/8ACcf8FC/+jX/gz/4fjVv/AJl66T9l/wCMvif48fCT/hPPGngew8OavbeKPEGhanpGl64+pW0U+laze6W7xXMlvbNKkjWZkG6GMgSbSDjJAPmz/gpB+yF+1LfftYfBv/gpT+w94a0XxV48+E9pqmi+Ivhzr+tLpkfizQb9AHggvHVktrmKTdIhkAQl8sfk2Scj4J/Z2/by/bx/4KKfCn9s39tH9nPTfgl4E+Aen6vN4J8At43s9f1bXtb1GBbeS8uZrHMENvFEqlEDs+9AeQ7Bf0DooA+P/wDgnn+y38dvgZ+27+198X/in4F/svw78UfiRo+qeBdR/tO1n/tO0g03yZZPLhleSHbJ8u2VUY9QCOa5z9mf9m39sX9n39rf9uX9ojQPg/plxN8StY0DUvg9HrXiK3jtPEM1lozwOkzQPJLZp5+2MtLGpwdyqwGa+46KAPyP/bZ/Y0/bo/4KYroXhX/hz14E/Z98fweMdM1af9pBvihouoajoK210k8stk2mwre3UjqhVVmEaZYE4IDr+uFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRX5wf8Fev2Rv2N/ht8MdZ8TfCH4TXMv7U3xb8RSwfBbXND1y7Pid/EssomF1b3LTGS0sLQHz5wClrFBGUKgMikA/R+ivib/gpD+zT+z5P4NtvjT8aP8AgmL4i/aU8ey+GPsF5f8AgyK1+0ae1vDkSRm4vYZbQPI7lXsYpZwQTsJC59R/4JLatrOt/wDBNb4L6l4i+O8XxMv38CWi3vjaKWd/7RlUFWDNcok7PEQYWaZElLQsZFV9wAB0Xgf/AJSF/FD/ALIz4D/9O3i+vZq+ePgF8TvDfxR/b9+L+oeGtN8Q20enfCvwPY3C+IvCOo6O7ypqvi4lokv4IWni+YYmjDRMchXJU4+h6ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAor5w/bY/bY8Vfs2eKtJ8D+B/Cmn3l7eaeL66utVWRoliMjxqiLG6HdmNiSTgDHBzx6/8A/itH8b/AIQ6J8UY9JaxOq27tLaM27y5EkeJwD3XchIPoRXzeB4tyLMeIMRktCo3iKCvNcrS6XtLZtc0b22ut9bfRY3hXO8vyHD5zXppYeu7QfMm+trx3V+WVu9ntpfsKKKK+kPnQooooAKKKKACiiigAooooAK8Z/YP/wCSIa5/2Wb4j/8Aqa63Xs1eM/sH/wDJENc/7LN8R/8A1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr4lm/wCCbn7cWjfto+Pf20vBX7fXgGfXfFYOneHF8a/AO41abwloCuXi0eylj8QW0aRZw8siwo9xKN8mcKq/bVFAHz98WvgN/wAFBvFniSa8+E3/AAUD8PeEtIvdMt4LrTrr4KQalPZ3Kwqk1xZTtqEYi8yQNKEuI7kIW25ZQBXc/sh/sv8AgD9jD9m/wp+zJ8ML/UrzR/Cti8MV/rFwJbu9mlmkuLi5mZVVTJLPLLK21VUFyAAABXpFFAHjPgf/AJSF/FD/ALIz4D/9O3i+vZq8Z8D/APKQv4of9kZ8B/8Ap28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFc58Vvi38N/gd4FvfiX8WPF1roeh6eoN1f3ZOAScKqqoLOxPAVQWPYGrhTnVmoQTbeiS1bfkiKlSnSg5zaSWrb0SXds6OiuJ+BH7RvwT/aa8IP47+BnxAtfEGmRXBgnmgikikhkAztkilVJIzggjcoyORkV21OrSq0Kjp1YuMlumrNeqYqNajiKSqUpKUXqmmmn6NaBRRRWZofP37XHw+8G/FD48fCHwH4v0GK8t9SvtWN2hZkeSCG2SUpvQhgu7BwDXu2haFo3hjRrbw94e0yGzsbOFYrW1t4wqRIBgKAK8j+I3/Ez/AG3PhxY9f7L8M6xeY9PMVYc/pXs9fI8PYbDPO81xigueVZQ5rLmahRpaXte3NJu199dz6vP8TiFk2WYRzfJGi58t3ZOdarra9r8qSvbbTYKKKK+uPlAooooAKKKKACiiigAooooAK8Z/YP8A+SIa5/2Wb4j/APqa63Xs1eM/sH/8kQ1z/ss3xH/9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP8A8pC/ih/2RnwH/wCnbxfXs1eM+B/+UhfxQ/7Iz4D/APTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK+cf+Cp/j74+fDf9ky+8R/s+S39vqA1WCPWtR0tT9psdOKSmSaNl+ZCJBCpccqrscjGR5j/AMEVP2gvjb8avAHjXQ/i/wCO7vxBFoF/Zf2Re6tfG4vR56zGVJHcmRkHlxlS2eWcA4GB49TOaNPOYZc4S5pR5lL7Ozdu/Tfo9DwKvEGHo8QwymVOXPOPMpacuzdu70Tu1onZH25RRRXsHvhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8m/8Fq/h1ofjv8AYN1zWda16WxfwtrFjq1gsabhdXBc2iwMPRhdN06MFPQGvrKvl/8A4KR/8V/rvwV/Zph+f/hN/irZ3OqQdfN0zTlNzdLj8YzntivZ4flOnnVCpF25JczflFSlL8E18zxOI4wqZHXpSV+ePKl5ycYx/wDJmn8il/wSo/YF8WfsP/DvxBd/EPxXa3+v+MJbOa9stOLm3sY4Fl8tAzqrNITO+87QOFAzjJ+raKK48wx+JzTGTxWId5y30t5Ky8krHbluXYXKsDDCYdWhBWV3d922+7bbCiiiuI7jxc/8TT/goEB1TS/hTn6SSah/8TXtFeMfDz/iZ/tu/EW+6/2X4X0izz6eYGmx+lez18xwt79HF1f58TXf3TjD/wBsPpeJ/drYSl/LhqC++Mp/+3hRRRX0580FFFFABRRRQAUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzv4x/4Kt/sC/D74iah8MvGnx5Om3mka+dE1jV7rwrqq6Lp2oiXyTa3GrfZfsFvIJDsKyTrhuDzX0RXxV/wU68e3/wC1pa61/wAEhP2bLK11Txj8QtCWP4p6/JAJbD4d+GLlsTX112a/uE8xLO1yHdz57FI49zAHrvx3/wCCmH7Fn7Nfj7Ufhn8X/ivfWWr6JaRXWvx6Z4M1jU4NHgkj8xJb24srSaGyQoQ+6d0G05zjmvaPCfizwv488Lab448EeIrLV9G1iwivdJ1XTbpZ7e8tpUDxzRSISro6MGVgSCCCK+dP21v2nZP2b/BWgfsifs0+EofGnxq8faQ+mfDvwdeSeZFBbxxLBLrerPg+Tp1su1pZGGZmCwxhnf5fSP2IP2Y9O/Yv/ZD+HP7Kml+JZtZj8B+ErPSH1adNrXksUYEkoXJ2KzliqZO1SFycZoAzPA//ACkL+KH/AGRnwH/6dvF9ezV88fALUvivqf7fvxfk+LPgvw9olzH8K/A6aZF4d8Tz6olxZjVfF2yaV5rK0MMpO4GJVkVQARI2SB9D0AFFFeR/teftrfBH9ifwbY+MPjFdahK2q3LQaVpOjWyTXd4yAGQoruiBUDLuZmAG5RySBW+Gw2IxleNGhFynLZLdmGJxWHwVCVevNRhHVt6JHrlFcD+zV+0r8K/2sfhXa/F/4QapPPpk87288F5CI7izuEALwSoCQrgMp4JBDKQSCDXfVNajVw9WVKrFxlF2ae6fYqhXo4mjGrSkpRkrprVNPqgooorI1CiiigAooooAKKKKACiiigAooooAKKKKACiiigAr5i/bB8L+IP2cPinp37fnws0ma5i0+BNN+K2iWi86noxIAuwvea3ODn+4oyQqNn6dqK/sLHVbGfS9Ts4ri2uYWiuLeZAySowIZWB4IIJBB6g1yY3CrF0ORO0lrF/yyWz/AEa6ptdThzDBLHYZwT5ZJqUZdYyWqf6NdYuSe5V8K+KfD/jfwzp/jHwnq0N/pmqWcd1p97btlJoZFDI4PoQQav18sfs5399+xf8AtB3H7Fvi68lPgrxTJPqvwg1O5clYCW33OkMx/iRmLpnkhuSTIqj6npYHFPFUbzVpxdpLtJb/ACe8X1TXmTluNeNw95rlqRfLOP8ALJb/ACekovrFp9wooorsPQCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvl/Uv+Lrf8FaNNs/9ZYfCj4VzXW7r5Op6nP5W32zajOfavqCvl/8A4J8f8XE+LXx+/aTl+dfEnxNbQ9NnPPm2Okwi3hdf9lt7fitevln7rDYrEdocq9aklH/0lSPGzT99isLh/wCapzP0pxcv/SnA+oKKKK8g9kKKKy/G/im18DeC9X8a3trJPDo+l3F9NDD9+RYo2kKr7kLgVnVq06FKVWo7Rim2+ySbb+STfyNKVKpXqxpwV5SaSXdtpJfNtL5nln7Pf/Ex/aR+NPiHr5ms6VZhv+uFmVx/49Xs9fFv7CP7V2oeLP2gPEHgzWPCsMY8eavdarFcW8jFrSVIWfymzwyeXGQDgHd7Hj7Sr4jw5znLs84ceIwk+Ze1rc2jVpSqzqde8Zwfz7po+08Qcnx+S8Qqhi48r9lR5dU7qNKEOn96El8uzQUUUV92fDhRRRQAUUUUAFFFFABRRRQAV4z+wf8A8kQ1z/ss3xH/APU11uvZq8Z/YP8A+SIa5/2Wb4j/APqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzFq3/AAR5/YM1X4keLfi3b+C/H2k6/wCO9fm1vxbd+Gfjn4v0mPUr+U5ed4bLVYogcYUBUCqoCqAoAH07RQB83fEX/gkt+w58Uvi/d/H3xR4L8bQeMb/QrLRr/wAQaB8Z/FWkz3NjaRiO3hk+w6nCHChcksCWcs7FnZmPuPws+GXhT4N/D/S/hj4HOqHSdHgMNkda8QXmq3W0sW/eXd7LLcTHLH5pJGOMDOAAOgooA8Z8D/8AKQv4of8AZGfAf/p28X17NXjPgf8A5SF/FD/sjPgP/wBO3i+vZqACvn3/AIKB/wDBPzwb+3t4N0TRtZ8a3PhzWPDlzNJo+sQWQukRJhGJo3hLpvDeVGQQ6kFB2JB+gqK6sHjMTl+JjiMPLlnHZ/h102OXG4LC5jhZYbEx5oS3X49Ndz45/wCCVOkaV+zC3jT9gjxrYix8aeHNdm1xbsuRF4k064EccWoQBidoVY4o3QE7CFyS28D7Gr5//bs/Z68aeOdJ0b9or9n9Fg+Kfw1ma/8ADbKP+Qta4/0jTJcY3pKm4KD0Y4BUOxr0L9mb9obwV+1F8GdI+MXgdmjhv4il/p8zfvtOvE4mtZRwQ6NkdBuBVhwwr0s2bzGP9px1c3aov5alt/8ADNK8ezUo9EeXlCWWy/suWigr03/NTvt/ig3yy7pxl1Z31FFFeGe8FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB5j+1t+znYftL/AAiuPB9vqJ0zxBp1wmp+ENejJWTTNTh+aGZWHIGflbHO1iRyARn/ALGn7Rl9+0B8M5rXxzpw0zx14TvW0fx3ojAK1tfx5UyKv/POUAupHH3lBO0mvXq+X/2uPDuufswfF+w/b5+GmlTT6fHDHpfxc0WzTJv9KJCx36qOs1udvPUoACVUOT5ONTwVdY2Hw7VF3j0l6wvr3g2uiPDzFPL8Ssxgvdso1V3h0n60769XByX2UfUFFUvDfiLQ/F/h+x8V+GNUhvtN1K0jurC8t33RzwyKGR1PcFSD+NXa9VNSV1se3GSkk07phRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBynx1+I1v8H/AIK+LfircsoXw54bvdRAbozQwO6r7ksoAHcmvNf+CaPw5uPhj+w58PNH1BW+26lov9s30kn33lvpGuyX77gJlXn+7iue/wCCr2sahcfsqJ8INCuTFqfxL8Y6P4U09k+9uuLpXcAd8xwup9mr6N0XSNP8P6PaaDpNuIbWxto7e2iXokaKFVfwAAr15fuMiiutWo38qcVFf+TTf3HjQ/f5/J9KVNL51JOT/wDJYL7yzRRRXkHshXP/ABX8V2fgb4Y+IfGN/HG8WmaLc3LRSqCsmyJiEIPXcQBjvmugrxn9ua9ub74PWXwx02Zku/G/ifT9EhKfeVZJg7t9NsZBPo1eNxFjp5ZkOJxUNZRhLlXeTXLBfOc4I9jh/AwzLPMNhp6RlOPM+0U+ab+UIyZV/Yl/Z0+H/wAMfhR4f8fxeFIU8Uazokc+o6nIztIVm/ehAGJWPCsikIFzt5ya9wqKys7bTrOHT7KERwwRLHDGvRVUYAH0AqWryLJ8HkOU0cDhoKMYRSdkleSSUpO27k0229XfVkZ3m+LzzNauNxM3KU5N6tuybbjFX2UU0kloraIKKKK9Y8oKKKKACiiigAooooAKKKKACvGf2D/+SIa5/wBlm+I//qa63Xs1eM/sH/8AJENc/wCyzfEf/wBTXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/ykL+KH/ZGfAf8A6dvF9ezV4z4H/wCUhfxQ/wCyM+A//Tt4vr2agAooooAK+Q/ipFL/AME8v2oD+0RpEbRfCL4o6nFa/Ea0jH7rw/rLnbDqwA+5FKTtlPqSTkmNR9eVi/EX4e+EPix4E1b4bePtGi1DRtbsZLTUbOUcSRuMHB6qw6hhypAIwQK9DLsZHCVmqq5qc1yzXePdf3ov3ovo12bPOzLBSxlFOk+WrB80Jdpdn/dkrxkuqfdI2IZoriJZ4JVdHUMjo2QwPIII6inV8t/sSfELxf8AAr4h6l/wTy+Oesy3eqeGrQ3nw08Q3ZwfEHh/JCJnoZ7cAoyj+FDgERlj9SVnjsHLA4h02+aLs4yW0ovVSXqt10aaeqNMvxscfhlUS5ZK6lF7xktJRfo9n1TTWjCiiiuM7QooooAKKKKACiiigAooooAKKKKACiiigAooooAKg1TS9N1zTLnRdYsYrq0vIHguraeMMk0bqVZGU8EEEgg9QanopNJqzE0mrM+Wf2ZdU1L9jv49XX7D3ja/lfwnrpn1b4O6tdyE/udxe40lnPV4mJZM8lSSfvoo+pq8s/a9/Zyg/aS+E0nh3SdT/svxRo10mq+C9fjO2TTtTh+aJww5CsRtbrw2cZUVB+xz+0bP+0R8LWuPFmmf2V408N3j6R450Jxtey1GL5XIXtHJjep5HJXJKmvJwbeBxH1KXwu7pvy6w9YX07wa/lPDwDeW4r+z5/A7ypP+79qn6wvePem1/IetUUUV657oUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5Gf8ABWn4aftXfFX/AIKLr4Q+Glnr3iOS30HTtT8H6b4e8yVtGtztikmfy+LY/a45GMrFQA8eW+7j9UfhDp3jnSPhP4X0n4n6kl54ltfDtlD4ivI2BWe+WBFnkBGMhpA5z718/fsHf8Xh+P3xx/a3uP3ltrHi9fC3heU8r/Z2loI2kjP9yWRtx/2kNfUdfU8RZlOrh8PlrhFewjFNpauTinJP0ur95Xb1PkuGssp0sRiczjOT+sSk0m7pRUmotebs7do2S0Ciiivlj60K8V+Jv/Fd/tmfD/wOp32/hXRL7xFfRjoWkxbQE+6uCR9a9qrxX9n3/it/2ifiv8VW+eC11S28N6a/ZBaR5nUH3kZTXy/Ev+01cDgP+ftaLf8Agop1pfK8aa+Z9Nw5/s9LG47/AJ9UZJf46zVGPztKo/ke1UUUV9QfMhRRRQAUUUUAFFFFABRRRQAUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFYnxMl+I0Hw38QT/B+z0e48Wpod23ha38RTSx6fLqIhf7Mt08IMiwGXYHKAsELFQTgUAbdFfA2rf8Edfjx+1JcP4i/4KH/8FS/jB4k1KdRLJ4I+D+rr4P8AC9grZIiW2hWSe6CEMqzzS+YwBLDOQILf/gh9f/s6qvi39h//AIKkftA/C3WIpo0tbTxT4vj8UeHZ5XcIi3GmX6BZizMqLiRW+bA5IoA/QCvk79pr9vn9rL9lrRfGfxu8df8ABPiSf4Q+A7m5m1zxTZ/FGzbW5dJgciXVbfSRbmN4RGGm8uS7jm2D/Vhvlr3n9nCL9oq3+C+i2v7WF14SuPH8AuItfu/AyXCaXdbbiVYJ4Uuf3kZktxC7xksEkd1VmVQx/O/9uf8A4KRfsZ/tkftO+I/+CdnxZ/bA8DfDT4NfD7WUtvjhe+JPFUGnal431CCUMfDVlHI6yR2KOgF7dYBlwbeI4MklAH01+2x/wUT+M/7KWt+CfEvgr9jg+Nvhj4r1zw1pl58SZPiHaabHZTazqUdjEsViYZrm4aMTQynKxIVkAD5DY+rq/On/AILuftn/ALIPw6/Zz+H3ws8R/H/wjpWsaj8TPh74p0fRZdTjSSfQYPElnK9/Eg62yRW8zbxwFib0r7u+DPxq+E37RPwz0v4y/Az4g6X4q8K60kraTr+i3QmtbsRyvC5Rxw22SN0PupHagDgfA/8AykL+KH/ZGfAf/p28X17NXzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPoegAooooAKKKKAPEv24f2Z9b+PPgGw8YfCrUV0r4leBb3+1/AOtAhStyuC9rITwYZ1UIwPy52kggEHc/ZD/AGmNE/an+Ddr4/t9ObS9bs5307xb4emBE2kapD8s9u6nkAH5lzyVZc4OQPUa+Sf2mNJ1T9hz9oWP9ufwHp80ngbxRJBpvxp0WzjLCEFtlvrSIOrxs22THJDdMyMw9vBNZlhvqM/jV3Sfm9ZU/SW8e01b7Z4WOTyzFf2hD+HKyqryWkanrDaXeDv9g+tqKr6Rq2l6/pVrruiahDd2V7bpPZ3dvIHjmidQyOrDhlIIII6g1YrxWmnZnuJpq6CiiikMKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvlz9q3QtY/ZR+NVl+3l8PNNmm0S5SHSvjBo1nGWNzYFgsOpKg6ywHAJ6lMD5RvNfUdVta0bSfEej3fh/XtOhvLG+tnt7y0uIw0c0TqVdGB4KlSQR6GuTG4X63Q5U7STvF9pLZ+nRrqm0cGY4L69h+WL5ZxalCX8sls/TpJdYtoboWuaP4n0Sz8SeHtShvLDULWO5sru3cNHPE6hkdSOoKkEH3q3Xy5+yzrOrfskfG+8/YS8fajNL4e1BZtV+DusXkhYzWe4vPpbOessBJZR1K5PAKLX1HSwWK+t0OaStJO0l2kt16dU+qaYZdjfr2H5pLlnFuM4/yyW69OsX1i0+4UUUV2HeFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFeZftmfGhf2ev2WvHPxejuRFdaToE39mOT/wAvsuIbYf8Af6SOvTa+XP8AgoH/AMXd+L3wT/ZCtv3kPinxt/b/AImhXkHStLTz3jk9FkcgA/3o8V6OUUKeIzGnGp8CfNL/AAwTlL71G3zPMzjEVMNltSVP42uWP+KbUI/c5X+R6b+w98F2/Z9/ZN8C/Cu5tjFe2OgxTasjDkXs+Z7gH1xLK457AV6tRRXJia9TFYidafxSbb9W2/1OzDYenhMNChT+GCUV6JJfoFFFFYm5neLvEdl4P8Kan4t1I4t9L0+a7n5x8kaF2/RTXm37EPhy90T9nLRdX1cZ1DxDJPrV/JjHmPcytIrfjH5dcF/wU2+LvjP4e/CnT/BvhizC2nit7i11XUDHnyokVD5I7AyBm567UbHqOv8A2Cfih4o+Kn7O+n6j4q0mO2k0m5bS7SWGHYlzBDHGEkC9BjcUOOMxnp0r87XEOXYzxOWVe97Shh5Ne6+XmqShKWvlTUUns22k7pn6A8gx+D8Nnmnu+zr14p+8ublhGcY6edRybW6STas0e0UUUV+iH5+FFFFABRRRQAUUUUAFFFfCX7d//BWv4hfsv/tIzfBH4efDLRr+00OK1fXbrWjN5l0ZoY59luY3URgRyKN7B/mz8uBz5+ZZng8pw6rYl2i2lom9X5I8vN85y/I8KsRjJNRbUdE27vyXo36H3bRWH8MvHNl8T/ht4e+JWmWU1tbeIdDtNTt7a4x5kSTwpKqNj+IBwD7ityu6EozgpR2eq9Hr+p6UJxqQU4u6aTXo0mvwaCvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11uqKPZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACmyyxQRNPPIqIilnd2wFA6knsKdWD8VPhn4F+NPww8SfBz4oaEuqeGfFug3mjeItMeeSIXdjdQPBcQl42V0Dxu67lZWGcgg4NAHyR/wUO0b48/s/8Axi0r/gp3+x/rs/i698L+GYtB+Lnwah1JGTxh4WguLi6WawQnCarZvdXUsXeZJHizyEk8y+A/jv4k/wDBbX9oDwn+1Hq+p6x4B/Za+G3iqz1r4XeFbqf7Fq3xN8QWU6y2+r30YbdFpttcRq0Fuf8AXSRiR8gBV+Rvij4F/wCDSPwT491T4cfC/wDYa8a/F3UNDu2tdZn+EFt4q1qztZlPzJ9qW/SGXH96J3Xnr1r2H/gm78Af+DYX49ftMaBp/wCzF+zXe+CvjR4N1S28R+HfCXj688SaVq8NxZyrcxXMMF5dmG6MbxeYY1MmFjYumwE0Afr1RRRQAUUUUAeM+B/+UhfxQ/7Iz4D/APTt4vr2avGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABVLxJ4c0Lxh4evvCfijSYL/TdTtJLXULK5TdHPDIpV0YHqCpIP1q7RTTcWmt0JpSTTV0z5O/ZK8R69+x78cLn/gn58UdVnuNAvUm1P4K6/fSEm6sMlptKdz1mtySVHUpn7oMa19Y15L+2X+zHbftP/CQ6Do+rf2P4t0K8TVvA3iSI7ZdL1OE7onDAZCMRtcc8HOMquK37FH7Tlz+0j8MJ4/GukjR/HnhO9bR/H/h5wFey1CPKs6rn/VS7S6EZH3lBOwmvaxyWY4b6/Be+rKqv7z2n6T69pp/zI8PASeW4n+zpv3Hd0n/AHVvT9YX93vTa/kZ7HRRRXiHuhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeUfth/s5N+0Z8Kv7N8N6n/ZXjDw/eJq3gjXkO17DUofmjO7sj42N1GCGwSop37H37Ry/tH/ChdZ17TP7K8WaFdvpPjbQJBtk0/UoflkXaeQjEb168HbklTXqtfLf7UOkap+yH8dLT9ujwJYTSeGtWEGk/GLSLSMtvtdwS31VUHWSEkK3cqQONztXkYxPA4j67H4dFUX93pP1hfXvBv8AlPCzBPLcUsxh8DtGqv7v2anrC/vd6bf8qPqSiq+kavpev6Ta67omoQ3dle26T2l1byBo5onUMrqw4KkEEEdQasV6yaauj3E01dBRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8ufAH/i+P/BRv4tfHGX97pnw70ez8B+HpTypuCftV+R2DpLhCeu1se1fQXxb+Iuj/CD4W+I/ip4gI+xeHNEutRuVLY3rDE0m0e524HqSK8e/4Jh/DrWPA37H+geJfFoLeIPHVzc+LfEE7LgzXF/IZlcjqD5Pkg57ivYwf+z5ZiMR1lamv+3ven/5LFL/ALePFxv+05rhsP0jzVZf9u+7D/yeTf8A26fQVFFFeOe0FFFFAHh/7R2m6d8Tf2gvhf8ABrVtPgvdOW6vdd1qzuYhJE8cEJSEOjAhlZ2dSCMc17RpWk6VoWnQ6PoemW9naW6BLe1tIVjjiUdFVVACj2FeO/Df/iuP20vH3jJvng8KeH7Dw/Zydi0pNzMB7qw2n617VXynDVOnicTjsyaXNVrTinZX5KPLSir2vbmjUdr2u726n1HEdSph8PgsuTfLTowk1d256vNVbte1+WVNXte2l+gUUUV9WfLhRRRQAUUUUAFFFFABXx5qnwC+D37X/wDwUk8eX/xT8C2utaR8NfCOjaYlvI8kccuozs92sknlsvnFIy0ZR9y4IBXgY+wmZUUu7AADJJPAFfNv/BNBW8Y/D/x1+0RcAs3xI+JWq6pYzEcmwjl+z26e4Xy5APrXkZlTp4rFYfDTScXJzaaurQjp/wCTSX3HhZtRpY3GYXCVIqUXKU5Jq6tTjpdP+/OP3H0hbW1vZ28dnZ26RRRIEiijQKqKBgKAOAAOMU+iivXPd2CvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACvPP2uvhx44+MX7KHxP+EXwx1gad4l8VfDzWtH8Pag0xjFrfXNhNDBLuHK7ZHRs9sZr0OoNU1TTND0y41rWtRgs7Ozgee7u7qZY4oIkUszuzEBVABJJOAASaAPzA/YO/wCC3P8AwTC/Yr/Zf8D/ALGv7ULap+zp4/8Ah34Xs9G8T/DzxZ4C1GDZewRLHcXUU1tbyQ3Ec8qvMJt++XzN7AliaqfGj9uH9mj/AILE/ta/s8eAv+Ccfh3WvH2pfCv41aX4w8Y/GSDwjeafpfhbRLNZGvdPN7dxRPJJeqyQi3QFJPvEnyxj9BfE3xp/Y48aW8dr4x+LPwz1aKJt0Uep69p86ofUB3IFeVftUf8ABRz4JfsrWvwj8N/CFvB/jCT4jfG3w18PxpGg+K7aI6TBqtw0LX6xwLJ5ghIB8vCBiwG9aAPqGiiigAooooA8Z8D/APKQv4of9kZ8B/8Ap28X17NXjPgf/lIX8UP+yM+A/wD07eL69moAKKKKACiiigAooooAK+VP2yfB3ib9l/4uWf8AwUP+DujTXUFnbx6f8YfD1kvOraMCAL5V7z23B3d0UZKqr5+q6ivbKz1Kzm07UbSOe3uImjngmQMkiMMMrKeCCCQQeua7cBjHgsRztc0WmpR6Si91+qfSSTWxw5hgljsPyJ8sk1KMusZLZ/o11i2nuUfBvjHwz8QvCem+OvBesw6jpOr2Ud3p19btlJ4ZFDKw+oPQ8joa06+RvgJe3v7A37SZ/Y+8VXcn/Cs/Ht3Pf/CDU7mQlNMvGbfcaK7HoCzb4snksBlmkO365qswwawdZcj5qclzQl3i+/mneMl0kn0aJy3GvG0H7RctSD5Zx7SXbvFq0ovrFrqnYooorgPQCiiigAooooAKKKKACiiigAorxn9vHwl8WfGn7P11ovwgju5rz7fE+p2dgx866swrh40A5Y7zGSo5IUjnofM/+CY9/wCNfCv/AAlfwh+JE2oadeWi2l7pfh3WIJIZ4Yn8wSyokgBCEmLOOAef4ufisXxhPB8aUMhqYWfJVjdVtoc1pNQWlm/da+JS5rWi1dn2WE4ShjODq2eQxUOelKzo7z5bxTm9bpe8n8Lja95J2R9ZUUUV9qfGhRRRQAVU8QaBovirQr3wx4j0yG90/UbWS2vrO4TdHPC6lXRgeoKkgj3q3RSaUlZiaUk09mfL37Juv61+yv8AGW+/YK+I+pzT6TJHLqvwg1q8fJvNNLFpdOZj1ltzkgdSmThV2A/UNeR/tk/s5XX7Qvwwj/4Q3UhpfjfwveLq/gXXEIV7PUIvmVC3/POTARgcjlWIO0Crf7Iv7Rtr+0p8JIfFGoaadL8S6VcvpfjLQZAVk03U4TtmjKnkKT8y5/hYA8g48rBN4Ku8FP4d6b/u9Y+sL6d4Nfys8TL28uxLy6fw2cqT7x6w9ad9O8HF/ZZ6jRRRXrHuBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfMf8AwVI1O/8AFfwl8Kfsu+Hrp49R+LnjrT9BkMJw8Ngsqz3c/wDuqsaBvZzX0rpemWGi6Zb6NpVqkFraQJDbQRjCxxqoVVHsAAK+VNE8U+GP2mv+CqCXfh3xHYarofwU8BSiGSyu0mRda1GTy5dpUkHbbrsbHKum04PFfWVezmUZYbB4fCtWai5y9aj0+6EY/eeJlco4rG4nFp3TkqcX/dpqz++cpfcFFFFeMe2FNmmit4XuJ5AiIpZ3Y4CgckmnV57+1f41Pw//AGcvGHiWOXZKNFktrZweRLPiBCPcNID+FcWZY2nluXVsZU+GnCU36Ri5fpb5nZl2CqZjmFHCU/iqTjBespKP63+RzP7DkMus/DDWfivdxsJvG/i/UdXBcfMIjMYo1+gEZx9a9orl/gn4LHw6+EPhrwOYtkmmaJbQTjGMyiMeYfxfcfxrqK4eGsFUy7h/C4er8ahFy/xyXPP/AMnnI7uI8bTzDPsTiKfwOcuX/BH3If8AkkIhRRRXtnihRRRQAUUUUAFFFFAHmP7aPxK/4VD+yj4/+IEdx5U9n4YuY7KTONtzMvkQn/v7IlWf2Rvhr/wqD9mLwJ8OZLfyp9N8MWi3qYxi5eMST/8AkV3NeY/8FI/+K30H4a/s5w/P/wALB+Jum2upQf3tOtmNxctjvt2RHFfSdeXS/fZvVn0hGMfnJub/AAUTxqH7/Pa0+lOEIL1k3Ul+Cggooor1D2Qrxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK4D9q74Nf8NF/st/Er9nz7QsX/Cd+ANZ8O+azFQn22xmttxI6Y83Oa7+sP4m+G/E/jL4b+IfCHgnx5c+Fda1XQ7uz0jxPZ2cVxNpF1LC6RXiRTAxyvE7LIEcFWKAMCCaAPz7/AGJP+Dc//gnj4f8A2Svh94e/bC/YR8DXnxO07wzb2njW/stVvJ47y+iXy3uA6TKrGQKJDhQNzkYFWfj/AP8ABvR+x7oXjf4K/FT9gv8AZr8D+BPFHw/+PvhXxZ4j1ebUb5Hn0HT7z7ReW0OTMHmfbEUVgoJXl177+r/tO/8ABdH9kqQ+Gfiz+wD4P/aS0i3Oy1+IPwf8axeH76eIcK93pGoByJ2xlhbyGJSeOOKZpn7cP/Bbf9o6QeGPgL/wSW0T4RpMdr+O/jt8S4Z7Wz9T/Zmmp9qmbHIwyrnAJAyaAPvuvhv/AIKN65+3T+xv8CPiX+3Pof8AwUFtvsvhCSXVPDPwr1H4aaWui6jAbhVtdGlnCtqEt1PuS3WeK4jzLIpEQHy19Wfs3+BPjF8Nfgvovg74/wDxr/4WJ4xtxcSa74vGgw6Yl7LLcSzBY7WElIYokkWBFyzbIVLMzFmPxD8ZtM/b2+Lv7fV38UP2g/8Agmn4+8c/C34Va7v+BvhTwt498IJpl/fx7l/4SjUUvtYgllusE/ZYHiVbVWL4MzFlAPQdZ+Kv7Zf7Z/7X3xC/Z9+AX7Q0/wADtG+EHgzw7Prc9r4Q07Wb/VfEWsWst6ttP9vjkjSztrdIA6RLHLI87YlQKK9i/wCCbX7UPi79sT9jLwh8c/iPodjpvim4fUdI8W2Wmbvs0eraZqFzpt40IYlliee0kkRSSQjqCSRk+QeIvBf7ZX7Ln7ZHxH/as+AX7I1z8T9F+OXhDw9JrXhi38baVpWoeF/EWl20tqone7mWGa0lt5IFeSB5ZEe2bbHIrAn17/gmz+y94v8A2O/2MfCHwM+I+t2Oo+KYH1HV/Ft7pm77M+ranqFzqV4sJYBmiSe7kjRiASiKSATgAF7wP/ykL+KH/ZGfAf8A6dvF9ezV88fAL4R/Cj4Qft+/F/TfhN8MfD3he21T4V+B9Q1O38O6LBZJeXkmq+Lg9xKsKKJJWCqDI2WIUZPAr6HoAKKKKACiiigAooooAKKKKAPN/wBq39m7wt+1T8GNR+FfiK5eyumZbvQNagyJtK1GLJguoyCCCrcHBBKsy5Gc1yP7DH7SPin4u+E9V+EnxttksPil8O7tdK8baecD7SQP3OoRdN0U6AOCABuzgBSufdq+Yv25vhb41+GXi7Sf2/P2f9Ha58VeCbUweMtDt/l/4STw8TunhYDrLEAZEPJG3oxRFr2cvnDGUXl9V2u702/sz7N9Iz0T6KXLLueJmVOeCrrMaKvZWqJfah3S6yp6yXVx5o9j6dornvhP8UvBPxs+G+jfFf4dawl9ouu2KXVjcL12nqjD+F1YFWU8qykHkV0NeROE6U3Cas07NPdNbo9inUhVgpwd01dNbNPVMKKKKksKKKKACiiigAooooAK8r/aV+D/AIi8Uw6f8XPhO62/jrwkxn0iToNQg582yl/vI4Jxnox6jcTXqlFefmmW4bN8DPC172lazWkoyTvGcX0lGSUovo11TafflmY4nKcbDE0bXV7p6xlFq0oyXWMotxkuz6NJrkvgl8YPDvxv+H9p450BGgdyYdR0+b/W2N0nEkDjggqfUDIIPeutrwX4t6ZqP7MHxQk/aR8H2MsvhXXJUh+IukWyE+SxOE1KNR/EpOHA65J6sWX3PS9U07W9Mt9Z0i9iubS7gWa2uIXDJLGwBVlI6gggg152RZlia/tMBjrLE0bKVtFOL+CrFfyzS1X2KinB7Rv6Gd5dhqHJjsFd4atdxvq4SXx0pP8Amg3o/twcJreVp6KKK+hPACiiigAr5Z/aU03UP2Nvj9bftt+DLGVvB/iJoNK+MOlWsZIRCwS21dUHV42YI+OSDgDLsw+pqo+JvDWg+M/Dl/4R8U6VDfabqdpJa39ncLuSeGRSrow9CCRXHjsK8VRtF2nF3i+0lt8ns11i2uxwZjgnjcPaD5akXzQl/LJbP0esZLrFtdixpupafrGnW+r6TexXNrdQpNbXMEgZJY2AZXVhwQQQQR1BqavmD9kPxLr37M/xa1D9gT4n6rNcWltBJqfwl1u7bJ1HSCSXsmY9Zrc5GOpQEgBVXP0/TwWKWLoczVpLSS/lkt1+qfVNPqPLsasdhudrlmm4yj/LJbr9U+sXF9QooorrO4KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK5X466LN4k+CHjLw7beKv7Ckv/AArqNtHrmSP7OZ7aRRcZXkeXnfxz8tdVXzz/AMFQfiBrXhP9krVPAvg98+IfiLqVp4P8PwhsGWe/k8t145/1Am6d8V25bQnicwpUoOzco69tU2/RJNvyWpw5nXp4XLq1WaulGWnfRpJebbSVtbvTU+Kf+CLP7D/7ROm/Gnw/+15rkA0XwSdJvGs3e/RpNcWWOW3VPKRi6IsmJcyhcmJCoOQR+rlYXwv+H+i/Cj4baB8MPDibbDw9o1tp1p8uCY4YljBPuQuT7k1u13cQ51Wz3MpYmaSS92Nlb3U3a/d66/5Hn8OZHR4fyuOFpttv3pNu/vNK9uyutPvd2wooorxD3grxX9sT/iqrz4d/BuP5v+Em8cW0l7F132VqDNMMf98H8K9qrxW//wCK6/bvsLbG+18C+B5bjd/zzvLyTy8e2YRn8K+X4u/fZXDBLfEVaVL/ALdlNSn/AOU6cr+T8z6bhT9zmc8Y/wDmHp1an/byg4w/8nqRt6eR7VRRRX1B8yFFFFABRRRQAUUUUAFFFVNf13R/C2hXvibxDqMVnp+nWkl1fXc7YSCGNS7ux7AKCT7Ck2krsTaim3sj538Xf8XR/wCConhPQB+8s/hh8OL3WHbqsd9qEotQh/2vJAcewr6Tr4f/AOCff7XHwV+Nn7afxf1i21q5TXPG17aDwpFeWxRbnS9Pt2jAQ5+WQrmVkIBwM8kMB9wV4+SV6OLoVMRTkpc9Sb08mopf+AxT9GeBw7icPjsNWxVKal7SrN6O+zUYr/wGKfpJBRRRXsn0AV4z+wf/AMkQ1z/ss3xH/wDU11uvZq8Z/YP/AOSIa5/2Wb4j/wDqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFfA37cvhn4jftw/wDBTnw1/wAE2dT/AGjPG3w3+GWl/A+X4ieJovhzrZ0vVPFl2+rnTYrF7xQXjtYFTzZET75nQN/CyfPn7Mnxy+LvhH/glD/wTm+KGjfGLxOniDxB8evD3h/XIR4guT/wkem6jc6nbXkF5HvxdokWJx5gbyzbBhgigD9fKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9ezV4z4H/5SF/FD/sjPgP/ANO3i+vZqACiiigAooooAKKKKACiiigApGVWUqwBBGCD3paKAPkLwgx/4J0ftTj4Z3beR8GPi7q7S+F5mOIfC/iF+Xss9I4LjGUHADAAABZGP17XFftDfAfwL+0t8H9a+DPxEtC+n6xbFFnjA820nX5oriMno6OAw7HGDkEg+V/sJfHjx1qg1v8AZM/aIux/ws34bFLe9unJxr+lnAttTiJ5cMpUOeSGILYL7R7mJ/4VMH9bX8Wmkqn96O0anrtGfnyye7Z4OF/4Scb9Tf8ACqNun/dlq5U/TeVPy5or4Uj6Jooorwz3gooooAKKKKACiiigAooooAh1LTrDWNPn0nVbOK4tbqForm3mQMkqMCGVgeCCCQRXhXwq1G//AGWvinH+zt4rvJJPB/iCeSb4earcOT9mkJy+myMe4JyhPXIHJbC+91ynxq+EXhv43fD+88B+I90Xm4lsb6IfvbK5XmOeM9Qyn3GQSOhNfPZ7lmJxHs8dgbLE0buF9FOL+OlJ/wAs0tHryTUJraV/fyTMsPQ58FjbvDVrKVtXCS+CrFfzQb1X24OcHvG3V0V5T+zV8XvEniIaj8Gvi3th8c+EyItS7LqVtwIr6P8AvK4I3Y6MRkDcAPVq9HK8zw2b4GGKoXSd009JRknaUJLpKMk4yXddU035+Z5biMpxssNWtdWaa1jKLV4yi+sZRacX2fRppFFFFegcAUUUUAeP/tnfs56l8fPhtb6l4A1EaZ498IXo1jwJrSkK0F9Hg+SzH/llKFCMD8v3WIO3B0/2S/2i9N/aY+EFt42bTjpuu2M76d4s0KQFZNL1OH5ZoWU8gZ+Zc87WGecgem18r/tDWV5+xX+0PB+2V4VtJP8AhBvFssGl/F3TbZCVtXLbLbV1Ud1ZgkmByG6FpCR5GLX1DEfXI/A7KovLaM/+3b2l/cf908LHp5Zi/wC0I/A7Rqry2jU9YXtLvB3+wfVFFRWV7Z6lZQ6jp13HPb3ESyQTwuGSRGGVZSOCCCCCOualr19z3U01dBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXy38Yv+L7f8FMfhv8ACWM+dpHwq8NXfjHW0HKNf3BFtZRt6On+uX2Y19RsyqpZmAAGSSelfLv/AATdB+LGu/Fn9su7HmD4jeOpbXw9Oed+i6aDa2rA9skSggcZQda9jK/3FDEYv+WPLH/FU938I87PFzX/AGjEYfBr7c+aX+Gn734y5EfUdFFFeOe0FFFFABXiv7KP/FXePvip8YnG4ax4yOmWch/jtrCMRIw9juP5V1P7TXx60f8AZ0+Fdz4+1OykuZ5ZxZ6Xax8ebdOjsgYn7qgIzE88L0JNecf8E1/if4X8Y/Ar/hB9Ktp4tT8OXLHWGnO7z3uZZZVmDd84ZcHkbO/Br4XM84yytx3gMplVXtYQq1eXq5OChBbWvyurNK+ybPt8tynMqPBGOzSNJ+znKlS5uiipuc3ve3MqUHpu0j6Iooor7o+ICiiigAooooAKKKKACvLv22fGnhvwB+yP8RvEfi2FZbE+Eb20e3Zyone4iNvHFkcjfJKi5HPzV6jXzR+3b/xd74r/AAh/ZFtv3kHiXxX/AG94oiHI/srTV85o5PRZZCFB/vR15+aVZUsBU5fikuVesvdX/pV/RM8vOq8qGWVeTWUlyR85T9xfjK78kzgP+Cd//BK7Sf2dvE/h/wDaR8d+O7nUvEZ0FJrTRF04W8ek3FzbbJld/MYzsqyPGDhByTgnGPtaiiqy7LcJleGVDDxtHd+b0u362/yKynKcDkuDWGwkOWO73u3ZXbv1dv0WgUUUV3HpBXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfDP7dXwS+E37b37f8A4b/Zcj13x78Lvit4E+EsvjrwL8dPh74iSyvra2uNSOnXWk+UyMLqAlIpJUf5QJYwCvmMWqf8E+/+CD/ww/Yq8VeCfGnxI/ah+IXxfuPhbZXNr8KdE8W3EUGi+ERcBhNcWljECv2lld1852YgNwAVVgn/AAVr/wCCfvhf44/FTwp+2n8Q/wDgqd4l/Zw074daL/Z2k6ppmpWGmW9pcTSzNPN9uuHjdTcI0MTwb/LkW1iyrEVxH7En7Pmq/Gr4o6N47+Bv/ByJ40+NOn+ENdsdS8ReENI1fRL6K9tYrhHe1u1tyZYoZgpiLYBIc4OaAP0pooooAKKKKAPGfA//ACkL+KH/AGRnwH/6dvF9ezV4z4H/AOUhfxQ/7Iz4D/8ATt4vr2agAooooAKKKKACiiigAooooAKKKKACvnX9u74E+Or46J+1x+ztZ5+Jnw23z2tpGDjxBpRybnTJQvL7lLNGOSGLBcM4YfRVFdWCxdTA4mNaGtt09mno4vyaun9+6RyY7B0sfhpUZ6X1TW8WtYyXnF2a+7Zs4v8AZ7+O3gX9pT4QaL8Zvh3eGTTtYtQ5hkI820mHyy28gHR0cFT24yMggntK+QfFIP8AwTn/AGqD8QrUGD4L/F7WFj8RxLxB4X8RPwl5jpHb3GMOeApBJICIp+vgQwDKcg9CK6MxwlOhONWhrSqK8X1XeL/vQej7q0tpHPlmMq4iEqVfStTdppbPtJf3ZrVdnzR3iFFFFeaemFFFFABRRRQAUUUUAFFFFAHk/wC0t8JPE2tnTvjX8IVWLxx4TzJYLj5dUteTLYyY+8GGdvoxOCN24dd8GPi54a+Nvw/svHvhksiTgx3llKf3tncLxJBIOzKfzBBHBFdVXgfxRsL79lb4qyftBeF7OR/BniO4SH4g6XboSLOYnampRqPc4kA65zyWyvx+ZRlw5mEs2pr/AGepb6xFfZeijiEv7qtGtbeHLU3pu/1uXNcQ4COV1H+/p39hJ/aWrlQb/vO8qN9p80Nqit75RUOn6hY6rYQappl3HcW1zEstvPC4ZJEYZVlI4IIIINTV9fGSkk07pnybTi2mrNBRRRTEFZ3i7wn4d8d+F9Q8F+LtJhv9L1WzktdQsp1yk0LqVZT9QT71o0UpRUotNXTFKMZxcZK6Z8x/sdeLPEX7O/xO1H9gL4r6tNc/2VbtqHws1u7bnVdEJJ+zFu81vypUfwqcAKgJ+nK8b/bS/Z11n44/D6z8TfDS+GnfELwVe/2v4F1YEApdJgtbOTwYplUIwPy52k5CkHc/ZT/aJ0X9pv4PWXxCtLE6fqsEr2PibRJQRLpepRYWe3dTyMN8y55KspODkDysDJ4Os8DN6JXpvvHrH1ht5xcX0Z4mXSlgMQ8uqPRK9JvrDrG/endLu4OL6M9Iooor1j3AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPFf+Ch/wAYLz4J/seeNfFGiO/9r3+m/wBj6FHD/rXvbxhbRlB3ZfMMgH/TM12P7M3wfs/gD+z94P8Ag3aIgPh7QLe1uXj6SXAQGeT/AIFKXb/gVeK/tcf8Xu/bY+CP7MEP72w0O8n+IHiqHqFiswYrHcO6tcM6kHjkda+o69jFf7NlNCh1m3Ufp8EPwUn8zxcJ/tOcV6/Smo0l6/HP8XBfIKKKK8c9oKKKKAPCv25NMsviPpXgv4ALAr3vi/xZDiQKDJa2tupe5nTIOGVGx9Gau4+AX7OPw2/Zw8PXPh/4ewXbm+mEt9fahMsk9wVBChiqquFBOAFA5PcmuP8AA/8Axdb9svxP44b95pvgDR4tC0w/wm9n/e3Lr/tKP3R9iK9tr4nI8twGZ55is/qUoupzulSm1qqdJezk0/79T2mu9opJpaP7PO8xx2W5Lhsip1ZKnyKrVino6lV+0imv7kPZ6bXk203qiiiivtj4wKKKKACiiigAooooAK+aP2bv+L2/tx/Fv9oaX97pvhFIPAXhmXqA0JE9/jtkTlcEdmr2X9ob4sWPwL+Bvir4u35TGgaJPdQxydJZwpEMf/A5Ci/8CrjP2APhNffB/wDZO8J6Jr4dta1WzbWtflmH7yS8vGNw+/1ZQ6xn/rnXl4n/AGjMqNHpC9R/L3Yfi5P5Hi4z/as3w+H6QTqy9V7kP/JpSl/26ey0UUV6h7QUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5qf8FB/D37J3xH/AOC1/wAJvh5/wUpm0Gb4VRfBC9vvhVo/j+5SPw5qPjP+1xHeJMsxEE9wtj9l2RTZU+YcAsUB5f8AbR+GP/BOT4L/ALdX7Kus/wDBO3w98OPDPx21D436XY6jo3wfjs7WW+8GSRT/ANtvqNrYYjNutsCwllXduQBCQr4+sv2nbr9lf9sD9rG1/wCCX37Rv7L2j/EGzPwwf4hahqHiGKKS30mL+0P7Ot1hBXzVuJX+0YkjZCqROMndg8UP2e/+Cdn/AARn8W/DjxF+zr+xB4f0KX4tfE7Tfh9deKtIYvf6XLqIl+zM01yZJmt3nhjjaNJFG6SNiG28AH2tX59f8FtP2UvgJqeq/B39rrUvAz3HxC079ob4a6Rp+uz6vdutrZnxLbbkitjL9njZhI4aRYw7A4LEAY/QWvlX/go3+wp+1L+25feGNF+F/wC2P4a+HnhTw14h0LxJHoupfCRtcup9b0vUTewXBuhqtqFgYpbo0HlE/u3PmfPhQDxr/gpRP+zLd/8ABSX4e6B/wU71vSLT9nqf4QanJ4Si8c6gbbwvceNF1GLzheszLA1yun7TbLcHHM5j/eV0P/BAX45p8Xf2fPi74L8MaxrWoeBvhv8AtCeIvDXwqu9fe4e4HhcR2l7p0W+5/fPGkV7tiMhLCDyR2AHuPjz4Fft7+J/hr4W8O+Hv23fBOneI7C2uY/GOs3nwOF5Za1I8qtBNb2baqrWTxINozNOrE7ivAA6z9kT9lnwt+yN8KJvh7ovinU/Eeraxr994h8ZeLtbEYvfEGtXsplu76ZYlWNCzYVY0UJHHHHGowgoA4n4BfE7w38Uf2/fi/qHhrTfENtHp3wr8D2NwviLwjqOju8qar4uJaJL+CFp4vmGJow0THIVyVOPoevGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBzvxb+FXgn43/DbWfhP8RtIW+0XXbF7W+t24O08h1P8LqwDKw5VlBHSvBv2Gfip42+HHivVv2Bv2gtXa48WeB7VZvCOuXHH/CS+HidsFwpP3pYgBHIMkjaOWKu1fTdeEftz/s3+Kvi14W0n4wfBC4Sw+KXw6u21TwXf4x9rwP32ny8jdFOgK4JA3YyQpbPr5bXpVISwWIdoTd039ieyl6P4Z/3WnvE8fM6FalUjj8Or1IKzivtw3cf8S+KH95NbSPd6K85/ZU/aQ8K/tUfBfTfit4bt3s7iQta67o0+RNpWoRYE9rICAQVbkZAJVlbAzXo1ebXoVcNWlSqq0otprs1/X69T0sPXo4qhGtSd4ySafdP+vzW6CiiisjYKKKKACiiigAooooAKr6tpOm69pdzoms2MV1Z3kDw3VtOgZJY2BDKwPUEEirFFTKMZxcZK6ejXdMcZShJSi7Napng3wf1bUv2Zfien7NPjO+ll8MazJJP8OdYuXJ2c5fTZGP8AEpOUz1BA/iVR7zXI/G/4PeH/AI4fD+68E65I9vKWE+l6lDxLYXacxzoRggg9cEZBIzzXNfs1fGHxB4uttQ+FPxVjW28deE3FvrUPQX0X/LO9i6bkkGCcdCegDKK+SyuUuHcwjlFV/uJ3eHk+ltZUG+8FeVK796neGrpa/WZnGPEGAlm1Jfv4WWIiut9I10u03aNW3w1LS0VTT1Oiiivrz5IKKKKACvlb4721z+xD+0fF+1v4dt3X4e+ObiDTPixYwISmn3RbZbauFHTltkhHXcThmkBH1TWX418GeGfiJ4R1LwJ4z0iK/wBK1eyktNQs5h8ssTqVYe3B4I5BwRyK4sdhXiqK5HacXzRfaS/R6qS6pvsjz8ywUsZQXs3y1IPmhLtJd/7rV4yXWLfVI0bW6tr22jvLO4SaGZA8UsThldSMhgRwQRzmn18zfsZeMvE3wI+Iep/sB/F7V5bm68P2xvvhrrd0cHWdBJO2LPQzW+ChUfwqcDbHk/TNXgsUsXQU7Wa0kusZLdfJ7Pqmn1Ly/Gxx+GVS3LJNqUesZLSUX6PZ9U01owooorqO0KKKKACiiigAooooAKKKKACiiigAooooAKKK8B/4KUfteap+xf8Asz3HxL8N6Et/rOq6pHo2ieaxEVtczQzSCeTHJVFhc7RjLbRkAk104PCV8fi4Yairzm0l6v8Ap/ccuNxlDL8HUxNd2hBNv0X9JfM5n9iX/i9P7Unxx/axuP3tm3iGPwV4UlPRbLTlH2h4z3SWdlfPqpr6kr4f/wCCFP7Qtj8Tv2atS+DCeEvsF34AvUNzqCSFl1IX0tzMJWLc+aGSQNyRjZjHQfcFenxJRq4bOatCatycsUv7sYpRfzXvesmeVwxWpYrJKWIg7+05pt/3pSk5L5P3fSKCiiivDPfCsb4ieNNN+HPgPWPHmrkfZ9I02a7kUnG/YhYKPckAD3IrZrxT9sqebxla+EP2d9OlYTeOvEkUeoKjYYabbET3LDHphPrzXjcQ5jUyvJa2IpK9RK0F3qTahTXznOPyTPXyDL6eZ5xRw9V2pt3m+0Ipzm/lCMvm0a/7GngvUvCnwI07WfEIJ1jxRcS6/rEjDBee6bzAT6ER+WCPUGvVKbBBDawJbW8SpHGgWNEGAqgYAA7CnV05Tl1PKcro4Km7qnGMb92lq35yk5SfnJmGa5hUzXM62MmrOpJyt2TeiXlGKjFeUUFFFFegeeFFFFABRRRQAUUUUAfNH/BQZj8VfEvws/Y/syZF8feMkvfEUK850bTgLm4VvTcwj2k8EoRzX0sqqqhVUAAYAA6V+XvwT/4KSz/F3/gpzovxD8QfDkf2ZrUCeDPDdqJW8/TIbi7UpcsD8rSM7fvMAYRiATt+b9Q6+fyPHYXNKuIxNGV/eUfSMV7v33lI+X4czLBZzXxeMoS5vfUNmrRhH3d/5m5y+avqFFFFfQH1AUUUUAFeM/sH/wDJENc/7LN8R/8A1Ndbr2avGf2D/wDkiGuf9lm+I/8A6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFeW/tyfE7xJ8Ev2KfjB8Z/BkjprHhH4W+INa0po1ywubXTbieIgdzvjWgDwT9vv8AZe/bY8PftVeE/wDgo3/wTph8J69470TwTP4L8b/DjxxfPaWfinQHu/tkK290vFtdwXJkdWfCsJSCcApJ574c+Cv/AAVb/wCCif7Q/wAL/F37f3wI8DfA74U/CLxva+NbbwVoHjJNf1nxNr9mr/YGluYAIYbSGRzKV+8zKAQ2Q8eX+2V+1/8AHL9j/wD4N4PCXxe+H3xZ1XxF8WfGfw88KaP4c8XajeG4vb/W9aS2827SR8kyKk1zNF12mOMdFrzm7/4J+ePf+CNHxT/Zv/aF+FH7aPxa8bar49+MmgfD7416J458WvqGl+JV1oSQPfxwOoMUsFyFkjJZ2CdXOH3gH600UUUAFFFFAHjPgf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB8i/Hazu/2A/2lh+134XtZB8MPiBeQ2Hxc023QlNKvmbZb60qjoCzbJcDksT8zSLt+trO8tNRtItQ0+6jngnjWSCeFwySIwyGUjgggggjrVDxr4M8MfETwjqXgPxro0Oo6RrFlJaajY3C5SaGRSrKfwPUcjqOa+Z/2MvGfif9mT4s3v8AwTu+MmszXUen2z6h8IPEN43Or6ICSbNm6Ge2wRtH8CnACopb3J/8KuB5/wDl9RWvedNaJ+cqeifeFn9lngw/4SMf7P8A5c1np2hUerj5RqatdFO6+2j6rooorwz3gooooAKKKKACiiigAooooAK8k/aV+FHie9udP+PPwdhC+NvCiloYAPl1ey6y2UgH3sjJT0YkDBII9borzs1yzD5vgZYatdXs1JaShJO8ZxfSUZJNP1TunJP0MrzLEZTjY4mlZ2unF6xlFq0oSXWMo3TXo1ZpNcx8H/iv4X+NXw/sfiB4UmPkXabZ7aQ/vLWdeJIZB2ZTx7jBHBBrp68C+Itnd/smfFeT45eHraRvAnim7SLx1p0CEjTbpjtTUUUdFJOJAOpPcldvvNneWmoWkV/YXMc0E8ayQzROGWRGGQwI4IIIINcGRZniMUqmDxtliaNlNLRST+CrBfyVEr215JqcHrFX7s7y3D4ZwxmCu8NWu4X1cWvipSf89Nu19OaDhNaSdpKKKK+gPBCiiigDxb9tf9nnxB8ZfAth46+FF0th8RvAl5/a/gjUhgFplAMlm5PWKdV2FScZ25+UEHpf2W/2hvD/AO038HdP+Jmj2rWV7ua01/R5ciXS9Riws9s4PIKtyMgEqynAzivRK+VPjRDN+wx+0vH+1FosTR/DX4h3kOn/ABQtIl/d6VqLHbb6uFH3VYnZKfViTuZ1x5GK/wCE/E/XF8ErKp5dIz/7d2l/daf2Twsb/wAJeM+vx/hytGqu3SNT/t2/LP8AuNN/AfVdFNhmhuYUuLeVZI5FDI6NkMDyCCOop1eue6FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfG/iLwh4f/wCCmP7WGq+H/F1i2pfBf4QyTadLbLcSRw+IfEkkZSYh42ViltG2AVIIcgglZDXpn7fnx98X/DP4faZ8Hfgq3m/Ev4m350PwbAjYa13AfaL9sfdSCNt27naxUkEBq9C/Zq+AfhD9mT4J6D8FvBa77bR7QLcXjriS9uWO6a4f/aeQs3sCAOAK9zCSlleCeMTtVqXjT7pbTmuz+xF93JrY8HGRjm2OWCavSp2lU7Se8Kb7r7c12UE9yT4Efs5fBP8AZl8IP4E+Bnw/tfD+mS3BnnhglklkmkIxukllZ5JDgADcxwOBgV21FFePVq1a9R1KsnKT3bd2/Vs9qjRo4ekqdKKjFaJJJJeiWgUUUVmaBXiXw9/4ur+2J4t+IL/vNN8C6XF4d0puqm7kPm3Tj0Zf9WfYivUfiX440/4a/D7WvH+qYMGkabNdMhON5RSVQe7HCj3NcV+xz4I1Dwb8BdKvdfy2r+IpJNc1mVhhpLi6bzMsPUIY1PutfLZt/wAKHEGCwC+GnzYif/bnuUk/WpOUv+4fkfT5X/sGQ4zHP4qlqEP+3/fqtelOEY/9v+Z6jRRRX1J8wFFFFABRRRQAUUUUAFcl8ePirpnwP+DHif4uavtMPh/RZ7xY3OBNIqHy4vq77UHuwrra+aP+Cgzv8V/EPww/Y5sXLj4geLkvPEkSnP8AxJdPxc3Ct/d3MI9pPBKEc1xZjiJ4bBTnD4to/wCKT5Y/i19zPOzbFTweX1KlP47Wj/ik1GP/AJNJP0TKP7AH7Cvwh+HPw48IfHzxt8PYLr4mappp1TU9cvJpWeGW7Zptqwl/KidEkWMsqBuDzya+paRESNBHGgVVGFUDAA9KWqwWCw+Aw0aNGKSVr2Vruyu33b3bLy7LsLleEjh6EUkkr2SV3ZJyfdvdt66hRRRXWdwUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFUvEvhvQfGXhzUPCHirSYL/S9VspbPUrG5TdHc28qFJI3B6qysQR3Bq7RQB+eHwo/4N5Phj4A+LfgHUvGv7aXxf8AHPwo+E3iaPxB8L/gn4r1lLjSNEvoSxtdz433EVuWIiQgFV+Usys6v9UftS/sc6X+1T8UPg5418WfEG+sdG+EfxAHjFPDVtZo0es6nDbSw2Tyyk7o1gaaWQBQdzEZxtBrw39qH/g4M/4Jm/sr/GDUvgBrnxP13xj4y0SZote0L4c+FbnWH0yRTh45pYlEIdTlXQOXRgVYKeK9I/YQ/wCCtH7CX/BR641TQf2X/jGL3xFoUXm634P1zTJ9N1ayj3BTI1vcKpkjDMqtJGXRWZVZgSBQB9I0UV4X8d/+ClX7E37M/wAc/Dv7Nfxp+NqaT438VXum2mi6FB4f1G9aSW/ufstmJZLW3kjt1lmyivMyLkckDmgD3SivLf2k/wBtH9mv9kh9Ds/jv8Q5NO1DxNLPH4d0LSdBvtX1PUzCoaZoLHT4J7mVI1ZS7rGVTeu4jcM7v7P/AO0Z8E/2pvhvB8W/gD8QrPxJoE91Nam8tUkje3uYXKTW88MqrLbzIww0UqK6nqozQBx3gf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV41+2x+zHd/tHfDK3uvAuqjR/H/hG9GsfD/xAhCtZ6hHgiNm/wCeUu0I4OR91iG2AV7LRW+FxNbB4iNak7Si7/8AAa6pq6a6ptHPisLRxuGlQqq8ZKz/AEafRp2ae6aTPJv2Nf2nLT9qD4Rr4j1XSTo/ivRLt9J8ceHJQVl0vVIflljKnkIxG5DzwcE7lYD1mvk79rHw7rn7HPxzt/8AgoD8MNKnn8O6gsOmfGvQLGMsbixyFh1ZEHWaAkBj1KY+6DI1fUnhzxFoXi7w/Y+KvDGqwX+m6laR3Vhe20gaOeGRQyOpHUFSCD7125lhqK5cVh1+6qXsv5ZL4oP0vePeDT6M4csxVaTlhMS71adrv+eL+Ga9bWkuk1JbNF2iiivLPWCiiigAooooAKKKKACiiigCrrei6T4k0e68P69p8V3ZXtu8F3bTLlJY2BDKR6EGvEvgtrerfs4fEpf2XvHeoSzaDqJef4b61dNnfFnL6fIx/wCWkefl9QQOMote71xvx1+DeifHDwDP4Q1O4e0u45FudG1WHiXT7xOY5kI5GDwQCMgkZHUfO57luKqunmGAS+s0b8qvZVIPWdKT7TteLfwVFGW3Pf6DJMxw1JTwGOf+zVrcz3dOa0hViu8b2kl8dNyjvy27KivMP2a/jJrnjrTr/wCHHxOt0svHPhSQWviC06C5X/lneR9N0cgwcjgE9ACufT69PLMywubYGGKw7fLLo1ZxadpRkukoyTjJPZrtZvzcyy7E5VjZ4Wuvej1WqkmrxlF9Yyi1KLW6fqkUUUV3nCFZHj3wL4W+JvgvVPh7430iO/0nWbKS01C0lHEkbjB56gjqCOQQCORWvRUyjGcXGSumTOEakHGSuno13T3Pmn9izx14q+DfjbVf2CPjLq0lzqvhS2+1+ANbuuDrnh8kiLB7ywY8tlHZcDIjLH6WrxL9tr9n3xN8VvB2m/E/4OzLZ/En4f3Z1XwZfAYM7AfvrF+m6OdBsKkgbtuTtLZ639mP9oLwx+018HdM+KnhyFrWWcNb6xpUp/e6bfR/LPbSA4IKt0yASpVsDdXl4GUsJVeBqPZXg31h29YbPvHlfc8bLZzwNd5dVd+VXpt/ah/LfrKnpF9XHkl3PQKKKK9Y9sKKKKACiiigAooooAKKKKACqmv69o3hbQr3xN4i1KGy0/TrSS5vry4fbHBDGpZ3YnooUEk+gq3Xyp+29r2s/tMfF3w//wAE7vh1qc0Nvq8aa18WdUtHIbT9CjcFbXcPuy3LhVA6hdpIKua7cvwf13EqDfLFXcpfyxWsn92iXVtLqcOY436jhXUiuabajGP80npFffq30ipPoH7EWg6z+0z8XvEH/BRD4iabNDbatHJonwl0u7TDafoUbkNd7T92W5cM2eoXcASjivquqmgaDo3hXQrLwx4c0yGy0/TrSO1sbO3TbHBDGoVEUdgFAAHoKt0ZhjPruJc0uWKtGMf5YrSK+7VvrJt9Qy7BfUcKqcnzTbcpS/mk9ZP79EukVFdAoooriO4KKKKAPE/2xZZPHD+DP2c7F2L+NvEcZ1RUPI021xPcHjp0THrg17VFFHBEsMMaoiKFRVGAAOgFeKfDP/i6n7XvjP4lSfvNO8FWEXhnR26qblj5t2w9GVv3ZPowr22vluHf9uxmNzR7VKns4f8AXuhemreUqntZeejPp+IP9iwmDyxb04e0n/18rWm7+cafso+WoUUUV9SfMBRRRQAUUUUAFFFFABXzP+z/AP8AF9P28vij8fJT52k+A7SHwJ4ZkPK+eh8/UGHYMspVMjkq+K9l/aJ+Len/AAH+Bnir4v6iUK6Bos91BHIeJZwuIY/+BylE/wCBVxv7Afwk1D4O/sp+FtG8Qh21zV7Ztb8QzTD95Je3jGd9/qyh1jP/AFzry8T/ALRmNGh0heo/l7sP/JnJ/I8XGf7Vm1DD9IXqy+XuU1/4E5S/7dPZaKKK9Q9oKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK8r/bo+K+v/Af9iT4x/HHwpceVqngz4V+Idd02UDOy4tNNuLiNvwaMGvVK4P9qX4ffC/4tfsx/Eb4VfG/xX/YPgvxN4D1fSfF+uf2jFZ/2dpdzZSw3Vz58wMcHlwvI/mSAom3cwIBoA8i/wCCQH7Lfwr/AGU/+CePwr8KfDjwxa2t9rngjS9c8XawsI+1a3q93ax3F1d3Mv35naWV9pcsVQKgO1QK8s/4Kx/DLwV8L/2mP2Vf25/BGg2umfEGx/aK8PeBtT16zhWOfVNA13ztPubK4ZQDOitJFJHv3eWVfbjeTXzRpX/BO/8A4I0aFpdtomif8HE3xZs7Kzt0gs7O1/bK0aOKCJFCpGiKgCqqgAADAAAFdH8I/wDgnb/wR5vPjv8ADnxFYf8ABcL4g/EnXfDPxD0XXfCPg7xL+1No+tW2o6zaXsU1lF9j8stOzTKqBI8SNvKqQWoA/WCvj3/gtP8A8kB+FP8A2dF8NP8A1JbOvsKvBf2sf+CZ37HX7b/i3TfG37S3gfxLrd7pFvaxadHpvxN8QaRawm2uJLiCYW2nX8EBnSWRnWcoZRhBvwiBQDwv9tS2+LnjL/grV8J/Cn7HPiPQPDPxZ0T4K+IdS13xJ49sZNQ0OXwtPqVhC1mLCF4p7i7N7FBIskVzbiKON95lEioN/wD4IvSX+leEPjx4B+IKxXHxK0T9ojXD8V9c025V9L1nW7i0sbgXVggjQ21v9kktI/sz7pInicPJKxMj+qeM/wDgmR+xZ8QvAfg74f8AjD4YatexeAI7mPwfrrePdbTXtMjuGLTomsJeDUGSQn5la4ZSFUEYRQPQ/wBnr9mz4G/sp/DpPhR+z78ObLw1oQvZr2a1tXkkkuruZt0tzcTSs8txO5A3Syu7tgZY4FAHmHwC1L4r6n+378X5Piz4L8PaJcx/CvwOmmReHfE8+qJcWY1XxdsmleaytDDKTuBiVZFUAESNkgfQ9eM+B/8AlIX8UP8AsjPgP/07eL69moAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigCtrGj6V4h0i60DXdOhvLG+tnt7y0uYw8c8TqVdGU8MpUkEHqDXyn+zHrGq/sQftBSfsKePtQmk8E+JHn1P4K63eSFhGm7fcaM7nq8bNujzyQ3XLoo+ta8t/a/8A2ZtG/an+Dlz4Ek1JtL12xuE1Lwh4hhJWbSNUh+aC4Rl5Az8rY5KscYOCPUy3E0Yc2GxD/dVLJv8AlkvhmvOLeq6xcl2PKzPC1p8uKwy/fU7tLbmi/ig/KSWj6TUX3PUqK8T/AGH/ANpnWfj58Pr7wr8UdNXSviT4Gvf7H8f6IwCmO7TIW6QDgwzqpdSPlzuAJCgn2yuPFYWtg8RKjVXvR+59mn1TVmn1TTOzCYqjjcNGvSfuyXzXRpro00010aaCiiiuc6QooooAKKKKACiiigAooooA8h/aU+F3ilNRsP2hvg3bD/hMvC8Z8yzXga1p+cy2bgfeOMlO4PTkqR3fwm+KPhb4y+ArD4heELkvaX0WWif/AFlvKOHicdmVsg/mMgg10deA+Oba4/ZF+LUnxe0WB/8AhX3i69RPGVjEpK6RfOdqX6KOiOTh8dz3JQD4/ME+GsxlmcP92qte3XSEtIxrpdto1v7vLV3hNn12Aa4jy+OWz/3mkn7B/wA8dXKg/PeVH+9zU9pxR79RTLa5t7y3ju7SdJYpUDxSxsGV1IyCCOCCO9Pr69NNXR8k007MKKKKYgr5U+K0cn7CX7TqftEaWjRfC/4mX8Vl8RbZB+60XVmOINUwOFSQkrKeBkljuZkA+q6xfiN8PvCXxX8Cat8N/HekpfaRrVi9rf2z/wASMMZB/hYHDKw5VgCORXFjsLLE0k6btUi+aL7Nd/KSvGS7PukedmWCnjKCdJ8tWD5oPtJdH/dkrxkuqfdI2Y5I5Y1licMrAFWU5BB7ilr5s/Ym+IXi34XeK9X/AGEPjXqr3HiDwZbC48Gazc8HXvD5O2CQeskPEbgdAAOdjNX0nV4PFRxlBVErPZp7xktGn6P71ZrRmmAxsMfhlVSs9VKL3jJaSi/NP71ZrRoKKKK6jtCiiigAooooAKKKKAOF/aU+PnhD9mT4Ka98afGrbrXR7Qtb2aNiS9uWO2G3T/aeQqvsCSeAa89/YD+Afi/4a/D/AFT4yfGpPN+JfxOvxrnjKZ0w1puH+j2C5+6kEZ27f4WZgCQFrhdS/wCM8f23U0Nf9J+FnwJ1MS33eDXPFePlj9HS0UnPo+QQVkFfW1e1if8AhOwCwq/iVLSn5R3hD/2+S7uCex4WF/4U8weLf8OleNPzltOf4ezi+ym1uFFFFeKe6FFFFABWB8U/Hdh8MPhxrfxB1LaYtI0yW52MceY6qdifVm2qPc1v18Z/8FRfjv4r0bU9P+A2jGGLTL7TYdS1Z9oZ7gidxHCc/dUNCHP97I7DB+T444lo8JcMYjMZ35kuWFlf95O6h8k9X5R8z6rgvhyrxVxJQy+FuVvmnd29yNnP5taLzfke/fsfeA7/AMCfATRzru5tW1zfrOsyuMO9xdHzTu/2gpRT/u16dXDfs1fETxB8V/gX4c+IHinR0sb/AFGyZri3jjKIdkjxh1U9FdVDgejiu5r0uHIYOnw/hI4Rt0vZQ5W1ZtOKd2nqm7uTv1k/V+bxDPF1M+xcsUkqntJ8yTuk1Jqya0aVklbol6Iooor2jxwooooAKKKKACiiigD5n/b5J+L3j74VfsdWhMkPjLxWNW8UxLyP7H04CeVH9BI+0KT/ABR4r6YAAGAMAdAK+Z/2bP8Ai+X7b3xY/aMm/faX4RWHwF4WlPK7oCJr9h2z55UBh1ViK+mK8vLf3062Kf25WX+GF4r73zs8XKf9oqV8a/8Al5K0f8FO8F98ueXzCiiivUPaCiiigAooooAK8Z/YP/5Ihrn/AGWb4j/+prrdezV4z+wf/wAkQ1z/ALLN8R//AFNdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK83/bJ8cfDT4ZfshfFX4k/GfwKPFHg7w98N9c1PxZ4ZMMcg1fTINPnlurPZIQj+bCjx7WIU78HjNekV5F/wUD+Ffjn46/sF/G74I/DDSF1DxL4y+EXiXQ/D1g9zHCLm+u9LubeCIySMqRhpJEXc7BRnJIAJoA+Wfif+xr/AMEMfgv+xzpn7bnxJ/4Js/Da08J6lp3h+6+zWnw8sp7uH+17mztbVCgABIlvYQ5DYADEZxz7x4I/4JFf8Ev/AIa+NNI+I3w//YJ+Feja9oGqW+paJq+neDrWK4sbuCRZYZ4nVMo6SKrKw5BUGvz3/aM0X/gv9+0L/wAE/NP/AGCrz/gkD4a0u00+w8LWw8SxfHvRZZHGi3+n3it5BkUDzTYBCN/yiUn5tuD9UfCL9sf/AILpeKPix4X8NfF3/gjb4X8L+E9R8RWVr4n8TW/x90q8k0jTpJ0S5u1t0+adooi8gjX5nKbRyaAPuuiiigAooooA8Z8D/wDKQv4of9kZ8B/+nbxfXs1eM+B/+UhfxQ/7Iz4D/wDTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD5a/bZ8AeLvgJ8RtO/wCCh3wO0WW71Dw7aCy+J3h60GDr/h/ILyY6Ge3ADqx/hQZO2Pafoz4efEDwj8VfA2lfEjwFrMWoaNrdjHd6deQniSJxkZHVSOhU8ggg4INa80MNxC9vcRLJHIpV0dchgeCCD1FfIvwmmm/4J6ftPj9m/WpWj+EfxP1KW7+Gt5I37rQNYc7ptJJP3Y5Sd0Q9SANzGRh7lP8A4VcD7J/xqS93vOmtXHzlDWUe8OaP2UeDU/4SMf7VfwazXN2hUeil5RnpGXafLL7TPryiiivDPeCiiigAooooAKKKKACiiigAqn4g8P6N4r0O78NeItOivLC/t3gu7WZcrLGwwyn8DVyipnCFSDhNXTVmnqmno011TTsyoTnTmpwdmndNaNNapp90zwr4G+INZ/Z9+Ig/ZW+IWoyz6Xcq8/w41u5b/j4tgctYu3TzYs/L6r6AoK91rivj18F9J+OHgOTwzc3bWOpWsq3eg6vDkS6feJzHKpHOM8EDqCehwRkfs2/GfV/iLo994H+Itoth438LTC08S6fwBIcfJdR+scg+YEcAnjgqT8llM55Bj1k1d3pSu8PJ9lrKg2/tU1rTu7ypaaypO/1WaQhnuBeb0VarGyxEV3eirJL7NR6VLaRq66RqK3plFFFfXnyYUUUUAeG/tu/ALxZ8R/DGlfGT4KsLb4l/Du6bU/Cdwo/4/VA/f6fJ03RzICu0kfNgZAZs9v8As1/H3wn+0v8AB7Sfiz4TVoReRmPUdOlP73T7xPlmtpBwQyNnqBlSrYwwru6+A/2qf2mNJ/4Jjfti6hrfgDw//bmkfEvQ11nxN4L+2G0S0vxM8S38MvluoMuyXem35mUkkfJjw8wr0snr/XZu1OVoz9dozS6v7MratWf2T5vNMTQyDEf2jUdqM2o1PJ7Qml1enJJLVx5Xryn35RXG/s/fG7wn+0d8HNC+NXgiK4j03XbVpIobpQJIXSR4pY2xwSskbrkcHbkcGuyr2aVSnWpxqQd4tJp909UfQUa1LEUY1abvGSTTXVNXT+4KKKKs0CiiigArwv8Ab1/aG8T/AAZ+F9l4D+EUX2r4kfEPUBoPgSyQ/MlxJgSXjddscCNvLEFQxTdwSa9t1XVNN0PS7nW9Zv4rWzs7d57u6nkCRwxIpZnZjwFABJJ6AV8sfsa6VqX7WPx313/goT43sJU0ZUm0D4OaddIVNtpUbss+obT92S4fcAeGC715Uqa9bK6NKLljK6vTpWdn9qb+CHo2ry/uxfc8jNa9WShgqDtUq3V19mC+Ofqk+WP9+S7M9s/Za/Z68MfsufA7Q/g54Zl+0HT4DJqmpOP3moXsh3T3Lk8ku5JGScKFXOFFehUUV51etVxNaVWo7yk22+7Z6VChSw1CNGkrRikkuyWiCiiisjUKKKKAML4mfEPw58KPAeqfEPxZc+XY6XatNLgjdIeixrnqzMQoHqwry39n34EWXjDQ7/4yftB+CtM1bxL4zukv5LLV7CO4TS7UDFtbIsqnYVQgngHJAPK5qp4p/wCMpP2ho/AEP73wP8OrtLnxAw5j1PV+fKtfRki5LD1ypHKmveq+Nw9KlxNm8sVWipYbDuUKaaTjOp8NWpZppqGtKndNX9rJdGfX16tXhvKY4WlJxxNdRnUabUoU/ip07pppz0qzs07eyi+qGwww20KW9vCsccahY40UBVUDAAA6CnUUV9kkkrI+Qbbd2FFFFABRRRQAUUUUAFfPP/BTf9pj4lfsq/syv8QPhRaw/wBsX+uW+lxX88AlXT1kjlc3GxgVYgxBAGBXMgJBxg/Q1fLHxSsbL9s39tfT/gfeWcWofD/4QRx6x4yt5oxJb6lrcyEWlm6nKuscZZ2ByDmRGHSvLzipWWCdKjLlqVPdi1um+vpFJtvt52PFz6rXWXSoYeTjVqtQg1upPd+kYqUm+iWmrRw//BDj4u+LfHfwQ8U+BNf8Polr4d1xZ7XXFRg2oS3hmlmWRjw8iFFJbrtlQEcAn7frL8H+CPBfw80OPwx4A8IaXoemxMzRado+nx20CEnJIjjUKCT14rUrTKsHVy/LqeGqT53FWvt1f5ba69zXJMBWyvKqWEq1OeUFbmta+r/K9tde+oUUUV6B6oUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRXy1+3D+3z8e/2PPip4I0jTf2LH8T/D3xV428N+GdQ+I8/xEtLBbC81fUksVWKwEM1xcNEZEkbcIkYNgSZBIAPqWivJf2hviF+2l4O8QWFn+zF+y94F8eaZNZl9SvvFfxbuPDsttPvIEaRRaPfCVduDvLocnG3jJ5n/AIJpftoeNf2+f2aD+0X4v+Clh4IguvFWraXodtpXi5tattVs7G5a0/tCG4eztG8qWaKcIDECURXz8+1QDa8D/wDKQv4of9kZ8B/+nbxfXqviG+vbZbSx02RY5r67ECTMm4RgI8jNjudqHHuRXlXgf/lIX8UP+yM+A/8A07eL69S8Qf8AIW0P/sKv/wCklxQAg8P6vjnxzqmfaG0/+MUv/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqVz3xa+Kfgf4G/C7xF8Z/ibqs1h4c8KaLc6tr1/b6fPdvbWdvE0s0oht0eWTaisxVEZsA4BoAu/8I/q3/Q86r/35tP8A4xR/wj+rf9Dzqv8A35tP/jFcve/tO/AbTv2aH/bEvPiRZp8NU8Gf8JYfFYilMJ0c2v2oXQQJ5hBhwwQJvOQoXccV8of8FLP26/8AgoD8HP2Xrv8Abg/YE8H/AAa1j4S6X8LIfGV3rnxRGuRarfCQPKsFtpsKQMgNubd83EsTBpGVkBTBAPtf/hH9W/6HnVf+/Np/8Yo/4R/Vv+h51X/vzaf/ABisr4G+N9W+JvwT8HfEjXre3hvvEPhbT9SvYrRGWJJZ7aOV1QMzEKGcgAknGMk9ap/tE6n+0DpHwb1m/wD2WfCvhfWvHqrAvh/TvGmqT2elyM08aytcTQRySKqQmVwEUlmRV43ZAB0P/CP6t/0POq/9+bT/AOMUh0DWQMx+ONSLDoJILUr+IEIP6ivlH/glh+2X+2H+0n8R/j58FP20dA+Gln4m+Dfjqy0GOb4X22oJY3Cz2K3TEvfSvJKRvChtkWcH5K+w6AKPhzUbnVNJS5vFUTJLLDNsGFLxyNGxA7AlSfxq9WX4P/5BM3/YVvv/AErlrUoAKKKKACuA/ab/AGePBf7UfwZ1b4PeNg0Ud9GJNO1KFf32nXicw3UR4IdG54I3KWU8Ma7+itaNarh60atN2lFpp9mjKvQpYmjKlVV4yTTT6pngH7Cn7Q/jPx9o2s/s9/H7bbfFP4bTrp/ieNj/AMhW3x/o+pxZxvSZNpJH8RyQodRXv9fnh/wXP0P4pfDW98C/tM/Aka3oOpQWt/o3ijxf4ZvZrW4itnMD2sEskLAiMt9oIJ4BwM8rWn/wTz/4KWzeDvgro/g79vfWfE+ialfXjnwp428U6FcJZavYFU8vdeFSHlVxMDI+FKBCXJzX1WL4eq4/LY5tgkmpvWnH4oyV+blV9Y3XMklzRjLZpJnyOE4jpZfmksnxzadNaVZaRlF25eZtaSs+Vyb5ZSjum2j78oqh4a8U+GfGmiQeJfB3iKx1bTbpN9rqGm3aTwTL6q6Eqw+hq/XyLjKLs1Zn2UZRkk07phRRRSGFFFFABRRRQAUUUUAFePftJfDTxVpmsWP7SXwas9/izw1CVv8ATo+Brmm5zLauB95gMsh5ORgAnbj2GivNzfK6GcYGWHqNxejjJfFCcXeM4vpKL1XRq8XeMmn6OVZnXynGxxFNKS1Uov4ZwkrShJdYyWj6p2krOKa5/wCFvxL8LfF/wJp/xC8HXnm2OoQ7lVsb4XHDxOOzq2QR7cZGDXQV4B4shl/Y++Lb/EnTImX4ceMr9U8T2sYymiai5wt6oH3YpDgPjof+ALXvsM0NxClxbyrJG6hkdGyGB5BBHUVxZFmlfGQnhcYlHE0Wo1Etnf4akP7lRLmW/LLng9Ya9md5ZQwk4YnCNyw1a7pt7q3xU5f36bdn/MuWa0lo6iiivfPCCvEf2tP+Cf8A8Af2yr/S9b+KUer2Wp6REYLfVNBvI4Z5ICxbyH8yORWQMWYfLkFmwRk59uorDE4XDYyi6VeClF9Hsc2MwWEzDDuhiYKcHumrrTY+Urj9lT42fsVSnxl+wvqs+u+GEAfXPhH4j1FnjucAb5rC4fJgnbGSp+ViT97Cx16/+zh+1p8KP2mNMuYvCV1c6Z4g0tvL8QeENbh+z6lpcoOGWWFuSoPG9cr2JByo9Orx39o/9jPwF8eNTtviLoGsXng34g6UM6J478Pny7uEgYEcwBAuYuxR/wCEkAqCc+f9Tr5f72C1h1pt6f8Abjfwv+6/cf8Ad3PK+oYnK/ey7WHWk3Zf9w278j/uu8H/AHHqexUV8z+A/wBsf4g/A7xZZ/BT9vjQ7XQb+6l8jQPiTpykaFrpHTzHwBaTkclWwvU/INufpaKWKeJZoZFdHUMjqchgehB7iu3C4yhi4vk0a3i9JRfZrp5PVPdNo9HBZhhsfFum2pR0lFq0ovtKL1Xk9U902h1FFeJfte/tdL8BINM+GXww8N/8JZ8UvFxMHg3whbtksxyDd3JBHlW0eCzMSN21gCAHdPSwuFr4yuqNJXk/kkurb2SS1beiRpi8XQwVB1qztFfNtvRJJatt6JLVv8PFv2x/2pvh3+1b8TNB/wCCc/wM+LFp9p8Va89p8R9ZtZSi2OnW6+bPZQysAs0820x4jLgbWRvvHH2N4U8LeH/A/hjTvBnhPSorHS9JsorPTrKBcJBBGgREUegUAfhX5vfsrf8ABDj4yfCb9pHwp8Xfib8XvDs+j+GtUtNYMOjPcNeXF5CySiEiSJUWPzVwX3kso+6pbj9Ma9/iJZVhoUMJl1b2lOKbk7bzb1b0V9Eklb3Vpd3bPnuGnm+JnXxmZ0PZVJNRir7QS0S1dlzNtu/vN3srJBRRRXzB9UFFFFABXmv7T3xd1f4aeCYNB8Cwi58X+KboaZ4WsxjPnvw059EiU7iTwDtB4NeiajqNhpGnz6tql3Hb21rC01xPK21I41BLMxPQAAkn2rxH9njTr/46fEvUf2sfFVpIlgVk0z4e2NwuDBYqxWS72no8zZ56hdw5BWvmuIcZiZKnleDly18Rdcy3p01b2lX1SfLDvUnH+Vn0eQYTDxdTM8ZHmo0LPle1So7+zp+ja5p9qcJfzI9F+BXwi0n4I/DSw8B6bMbiaIGbU79877y7fmWZieSS3TOSFCjtXX0UV7mDweGy/CU8Nh48sIJRil0SVl/wXu223q2eJjMXiMfip4nES5pzblJvq27v/htkkktEgooorpOcKKKKACiiigAooooA89/am+POk/s1/ArX/i3qMIuLiwtfL0iw5Jvb6Q7LeAAcndIVzjkKGPasH9iD4C6t8BvgZa2njeZrnxh4lu5de8bX8uDJPqdyd8isR12DbHxwShI+9Xn3jD/jLr9uzT/h7H+/8DfBBo9W17vFfeI5VP2WA9m8hMucdG3qw5FfUNeThv8AbMfPEP4YXhD1+3L77QXlGR4mE/4UMzni38FO9OHm/wDl5L70oJ9oy7hRRRXrHthRRRQAUUUUAFFFFABXjP7B/wDyRDXP+yzfEf8A9TXW69mrxn9g/wD5Ihrn/ZZviP8A+prrdAHs1FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfnp/wAF7v2xf2Wvg/4O+FvwZ+KHx58NaF4ri+OXw98VyaBqWpLHdLolv4khafUCh58hBbXBZ+g8l/Sv0LooA+P/APgox+25oF//AME0dQ+Jn7GvxD0zxPrfxkntvAnwd1jRLwSQ32s6vcnTopoZF4JgzcXBPQC0b0r6I/Zo+Angv9lr9nrwT+zh8O4NmieB/C9lounEoFaVLeFY/NfHV3Kl2PUsxJ613FFAHzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPc/EH/IW0P8A7Cr/APpJcV5b4H/5SF/FD/sjPgP/ANO3i+vUvEH/ACFtD/7Cr/8ApJcUAcN+0b+zP/w0V/Y3/GQPxO8C/wBj/aP+Sc+K/wCy/t3m+V/x8fu383Z5XydNvmSdd3HmP/Ds/wD6yBftN/8Ah1v/ALmr6bor0aGbZjhqSp0qlorpywf5wb/E83EZPluKrOrVp3k93zTXlsqkV+CPmT/h2f8A9ZAv2m//AA63/wBzUf8ADs//AKyBftN/+HW/+5q+m6K2/t3Nv+fv/ktP/wCVGH+r+T/8+v8Ayap/8tPmT/h2f/1kC/ab/wDDrf8A3NXT/Bz9hv8A4U98SNO+I3/DYPx08U/2d53/ABIfGXxB+3abdeZC8X76DyV37d+9eRh0Vu2K90oqKmdZnVpuE6l01Z+7DZ+lNP7mvU0p5HlVGopwp2ad171TdetRr70/QKra1o2k+I9Hu/D2vadDeWN/bSW97aXEYaOeJ1KujKeCpUkEdwas0V5Z6p+GGn634s1b4aaZ/wAGwt/qd9Jr1l+0g/h7Up3kb7RJ8I7cr4jS8aX+F3tmis1GcEDZk5wfvr/gvL8TPg78P/8Agk/8cPhZrPxB8NaJq2pfCq+i8P8Ahy61a3trm6QKEVbe3Zg0gGNoCKemO1fVEfwD+BUPxhk/aHi+C3hJfiBLpn9my+OV8OWo1h7Pj/Rje+X55i4H7vft4HHFYXxu/Yy/Y+/aZ1qz8SftIfso/DX4g6jp1qbbT7/xv4F0/Vp7WAsXMUb3ULsibiW2qQMknFAGF+w58Zvg/wCPf2TfBE/gT4q+G9bTQPAGjJrraPrlvdf2cwsI8rP5bt5R+R+Gwflb0Ndt4W/aF+A/jf4P2/7QnhL4zeF9Q8B3Vu1xb+MrbXYG0uSJZDE0gud/lbRIpTO7G4EdaofBn9k79lj9nHStW0L9nn9mn4f+A7HXtn9u2fgzwbY6XFqOxWVPPS2iQTbVdwN4OA7AdTVqL9mn9nKD4KH9mqH4AeCU+HJtTbHwAvhWzGieSZTKYvsPl+RsMhLldmNx3YzzQB8J/wDBJv8AaH+AFz/wUL/bUs7f45eDpJvFXxs0c+GIk8TWhbWB/Y8CZtQJM3Hz/L+73fNx1r9Iq8T8E/8ABNT/AIJzfDXxdpvxA+HP7AXwT0DXtGvI7vSNb0T4VaRaXdjcIdyTQzRW6vE6kAhlIIIyDXtlAGX4P/5BM3/YVvv/AErlrUrL8H/8gmb/ALCt9/6Vy1qUAFFFFABRRRQAVR8R+GfDfjHRbjw34u8P2WqaddJsurDUbRJ4Zl9GRwVYexFXqKabi7p2YnGMlZq6PmXxN/wTM8C+FdbuPHX7H3xW8SfBvX5n8yWPw3cm40i6ft5+nzExuOmFUqo/u1R/4aJ/b2/ZoP2f9pj9nSD4keHYPv8Ajb4TZe7RB/HPpsuHLY5YxlUXHevqiivWWcVqq5cZBVl/e+NelRWl9/MvI8eWS0KTc8FN0X/d+B+tN3h9yg/M8t+Af7aP7M/7S6fZ/hJ8VtPvNSUH7RoN4xtdRgZfvBraYLJ8pyCwBXI6mvUq8o+Pn7Ef7Mf7Sj/2j8UPhbZSawhDW/iPTM2epQuv3WFzCVdtp5AcsvtXlv8Awof/AIKC/szfvv2ePj/a/FTw5B93wd8VDt1FEH8MOpR4Lv0A83ai46Gn9VyvF/7vV9nL+Wpt8qkVb/wKMfUn63m2D/3mj7SP81Lf505O/wD4BKXofVNFfNHhP/gpr8M9E16DwF+1l8OfEfwa8RzNsjj8XWpfTLl+/kahGPKkQf32CLx1r6M0LX9C8UaRBr/hnWrTUbC6jD2t7YXKzQzKf4ldCVYe4NceLy/GYJr20Gk9nvF+kleL+TO7CZjgsen7Com1utpL1i7SXzXzLdFFFcZ2hRRRQAUUUUAUfE3hrQvGXh698K+JtNjvNP1C2aC7tpRlZEYYI9vqOQeRXjXwG8S658CvH5/ZR+JOpST2pief4d63cn/j+shybNm/56xDgDuo6AbM+51w/wAf/gtp/wAbvAraGt82n6xYTreeHdZiyJLC9TlJARztJ4YdwfUAj5zPcuxUpwzLAL/aaKdleyq03rOlJ/3rc1Nv4Kii9pTPockzDDRhPLsc/wDZ61rvd05rSNWK8r8s0vjpuS3jA7iivNv2b/jTqHxP0C88L+O7Ead408MTiy8UaYcDEo+7cIO8UgG4EcdQMjBPpNerluY4XNsDDF4d3hJddGmtHGS3UotOMovVSTXr5eY5ficrxs8LiFaUX01TT1UovZxkmpRa0aafoUUUV3HEFFFFAGP488AeCfih4UvPA3xD8L2Ws6Rfx7LvT7+ASRyDscHoQeQwwQQCCCM180y/Dj9pH9gKRtV+BcepfEv4SxMXuvAV3OZdY8PxdS2nytzcRL/zxbngAclpK+rq8b/a7/a40v8AZv0bTvCvhLw7J4p+IviuU2vgnwVZHM19OePOlx/q7dOrucDAIBHJXF5RLNcTGNC6q/ZkrJpbu99HBbyUvdtd6bnjZvh8EqX1upN05wWk4/Er7Rt9tN2XI07t6Weq4j4kf8FN/hDc/DPSLn9mc/8ACd+PvF87WPhPwRbgpdR3YHztexkhraKLO52bAYD5W25deo/ZB/ZFu/gtPqfxm+M/iNfFfxZ8XASeKvFEi5W3U4K2NoCB5VtHhQAAN+0EgAIq+S+C/wDgmd8V9AsG/aHtf2gbnSvj7qN9Nqmq69aQqdHkeYKW01rYLhrYbQu/G4nL7ThVHpnwU/bZuJPG8P7P37Wfg5fh98RG+WyWaXOleIBnAlsbgnadxx+6Y7gSFBZgQN55xLLaby6pZOTs60b8lXXSKbScF/cl8cveUpLlivHwVfEyxtOtnMeSWnsv+fabVrvV8tZ9pO0U+WnJvmb+gaKKKR9iFFFFABRRXKfGz4s6H8E/htqXxC1xfNFpHts7NT893ctxFCvfLNjpnAyegrnxeLw+Aws8TiJKMIJyk3skldv+t9EtWjowmFxGOxUMPQi5Tm1GKW7bdkv6829Ezzn9pHVtT+M3j7TP2SvB17JFFfRrqHjy/t2wbPTFYEQZHR5mwMehGQVY17TpGkaZoGk22haLZR21nZW6QWtvEuFijRQqqB2AAArzj9l34T654C8JXfjT4hsJvGXi+6/tLxLcMOY3Yfu7YeiRKdoHQEtjjFen14PD2ExFR1M1xkXGtiLWi96dJX9nT8nZ89TvUm19hHuZ/isPTVPK8JJSo0L3ktqlV29pU81dclP/AKdwT+2wooor6Y+bCiiigAooooAKKKKACvOP2sfj5Yfs1fAfXfipLbi5v7eAW2g6ftLNe6hKdlvCFHLZcgkDnarHtXo9fL2u5/a7/bxtfDC/v/AvwLZL7Uu8V/4mlU+TH6N9mQFuOVkDKRhq8/Ma9SlQUKX8Sb5Y+Te8vSKvJ+iXU8vNsTVoYZU6D/e1HyQ8m95ekI3k/RLqej/sU/AO/wD2fPgRY6B4ruDdeKtbuJda8aag7BnutUuTvmLMPvbfljB7iPPc161RRXVh6FPC0I0ae0VZf13erfm2dmFw1LB4aFCkvdikl8u/m9W31bbCiiitjoCiiigAooooAKKKKACvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9epeIP+Qtof/YVf/0kuK8t8D/8pC/ih/2RnwH/AOnbxfXqXiD/AJC2h/8AYVf/ANJLigDUorjPi7+0J8IPgP8A2f8A8LW8Xf2V/avm/YP+JfcT+b5Wzf8A6mN9uPMTrjOeM4NcX/w8I/ZB/wCiu/8AlA1D/wCR68LGcUcM5diZYfF42lTqRteMqkIyV1dXTaaunf0PbwfDPEeYYeOIwuDq1KctpRpylF2dnZpNOzVvU9norxj/AIeEfsg/9Fd/8oGof/I9H/Dwj9kH/orv/lA1D/5Hrl/124N/6GVD/wAG0/8A5I6v9TeL/wDoX1//AAVP/wCRPZ6K8Y/4eEfsg/8ARXf/ACgah/8AI9bXw9/bG/Zw+KvjCz8BeAviN9v1a/8AM+yWn9kXkW/ZG0jfNJCqjCIx5I6Y64Fa0OL+E8TWjRo4+jKcmkkqsG23okkndtvRIyrcJ8U4ajKrVwNaMIptt05pJLVttqySW7PTaKK5X46Xvxd034LeLdS+ANlo9z45tvDl7N4PtfEEEktjcaksDtbRXCxSxOYmlCK211IDEg8V9EfPnVUV8Oal/wAFgrRf+CI8H/BUTR/CtjN4svvBsUFj4QMMpifxlJcDTf7M8oOJmjXU8oUDCTykJyD8w8w/4Lm/sJ/Db46f8EwfHH7XX7XXhL+0vjF4J+BKqBoXiXVLXQtN1WJGmmmttPF20L4nmlCvP5z7FjBY7QaAP0yorz39kj/k1L4Y/wDZPdF/9IYaT9p39l/4V/te/DA/Bv40jW5fDc+ow3Wo6fofiO70tr9YskW801pJHK0LE5aMOA20A8cUAeh0V+Vmrfs1fAL9jj/gtL8AfgX/AMEr9CvPCmr3Wm6xqf7R3hDw5rV3NoqeF/soWzudTglleOK6a5YCBgBIzMpbKlCf1ToAy/B//IJm/wCwrff+lctalZfg/wD5BM3/AGFb7/0rlrUoAKKKKACiiigAooooAKKKKACiiigDN8WeDvCPj3QZ/C3jnwvp2s6ZdLtudO1WyS4glHoySAqfxFfOmu/8E0fD3gLV5/Gf7Fvxp8TfB/WJpDLLp+lXBvtEupPWawuCUPoNpCqOi19O0V24XMcbgk1Rm0nut4v1i7xfzXzOHF5bgcc060E5LaSupL0kmpL5O3kfK/8Aw1B+2/8As1/6L+1d+zMPGmgwcP48+EZa5ZUH8c+nSkSrxy7qQg5wDXr3wF/a/wD2bv2mLTzfg18WdL1W6VS0+kPIYL6DHXfbShZVAORu27eOCa9KryD49fsJfsv/ALRl5/b/AI++Glvba+jB7fxVoMhsNThkH3XE8OGcjsJN4HpXZ9ZyrGfx6TpS/mp6x+dOT/8ASJL0OP6rm+C/3eqqsf5amkvlUiv/AEuD9T1+ivlb/hT/APwUW/Zj/e/BD40af8ZPDUH3fC3xIYW2sJGP4IdRTCyuePmmwo7LWt4J/wCCm/wdg8Qw/D39prwf4g+DniiU7VsfHNmY7G4bu0F8o8mSMf322A9qmWTYipFzwklWj/c+JesHaa+SkvMcc7w1OShjIujJ/wA/wv0qK8H83F+R9J0VX0rVtK13TYdZ0PU7e8s7mMSW91aTLJHKh6MrKSGB9RVivJaadmewmmroKKKKQzxv9pD4c+KfDmv2f7TnwcsTJ4l8PQGPWdLj4GuaZ1kgYDrIoG5DyeMYJCgej/DT4jeFviz4H074geDb8XGn6lAJIicbo26NG47OrAqR6g1u18C/tEfG74ofsk/tJ+JfCfwSvX0bQ7+7ttTl0q4s45ra5mkhRpXiDoTGjMWUhCOUIyMAD834nzrC+HmIeb1FJ4XESUakIq7jVa92rFaL31Hlqq6u1CavLmUv0PhrJ8Vx9h1lVNpYmhFypzk7KVJP3qUnq/dcuam7OycoO0bNffVFeG6H+2s/9i2d54z/AGbfibp801rHJPNB4UaW13FQTscPkrnplQcYyKtD9vj9nS0OPEmq65ox7jVPDV2mPrtjavfhxtwnKClLGQhez9/mp766+0pw79/meHPgzimMnGOElO2nucs9u3JOf5fI9oory7Sv21P2WdYx9k+NOkpnp9q8yD/0ai4rnP2iv29fg98HPhwfEHw/1mx8c+I9QmFn4c8NeHdQjuJLq7fhPNaMnyIR1aR8ADgZJAPrYDOskzStGlhcXSnKTsrVaf61F9/RHk4/J85yyjKrisLVhGKu70qn6QfyXVmp+1z+1toX7NHh6w0bQ9Bl8T+PfE8xs/BHgqwObjUrk8b2xzHAhOXkPAHA5rE/ZE/ZJ134aazqP7Q/7Q+vQ+J/i74qiH9t6wBmDSLc8rp1kD/q4U4BIwXIyeMVR/Y1/ZmvfDmv3/7TX7QHjDT/ABb8W/E8AGo6haTrLa6DanldOsQCQkag4Zhy5zyRkt9E19VXxeGwuHeFwU1JS+Oovt/3Yv8A59p/ObV37vLE+Vw+DxOLxKxeOg48v8Om/sf3pLrUa+UE+Ve9zSCuR+NfwJ+FP7Q/gif4ffF3wfbavp0vzReaNsttJjAlhkHzROP7ykdwcgkHrqK8WpTp1qbhUScXunqmerVpUq9J06sVKL0aaumvNM+UF8T/ALS//BPpha/EB9W+KnwegOIfEcUfm6/4Zh7C6Qf8fcCj/loOVAJO0BUP0j8Nfif8P/jF4OtPiB8MfFtlrWj3ybre+sZdyk91YdUcdCjAMp4IBrdZVZSrAEEYIPevm74lfsYeMPhh4yu/jv8AsJ+JLXwl4iuX83XPBV4p/sHxFjkh4lwLaU84kTAyf4NzPXl+yxeW60b1KX8t7zj/AIW/iX92Tuvsyex4vscdlGtC9Wj/ACN3nBf3G376X8knzL7MnpE+kqK8W/Z1/bR8IfGPX5vhL8QvDl34E+JOnLjVPBOvMFlfAyZbWThbqIgEhl5wM424Y+016GHxNDF0vaUpXX5Pqmt011TSaPVwmMw2Oo+1oS5l+KfVNOzTXVNJrsFeC6Vj9qb9opvET/vvAvw0vTFpw6xaprYHzS+jJAMAH+9ggkMRXRftUfEvxHoujad8HfhjNnxj43nax0tkPNjb4/f3jY5UImcHrk5GdpFdt8KPhp4c+D/w90v4c+FYdtpplsIxIRhppDy8rf7TMSx9z6V8xjv+F/Oll61oYdxnW7SqfFSpeajpVqLypRe7R9pgf+EHJnj3pXrqUKXeNP4atXyctaVN+dWS2TOiooor64+UCiiigAooooAKKKKACiiqmv67o/hbQr3xN4h1GKz0/TrSS6vrudsJBDGpd3Y9gFBJ9hSbSV2JtRTb2R59+158foP2bPgNrPxJgt/tWrFFsfDWnBdzXupTnZbxKo5b5juIHO1GxVb9jH4A3H7OnwG0zwfr9z9q8SajLJq3jDUXfc93qlyd87s38W04jDd1jB6mvmnwB+1h8Hf+Cg37f3hHw/puq3Nt4V8Aaddar4b0vVrfy313W1OBOEBYbIYQZYwxDgox2gFgPuuvGwFejmmLnjKclKELwhb5Ocvm7RX91dmfPZXicPnOOqY+lJSpwvThbXs6kvm7RX92Lez1KKKK9o+iCiiigAooooAKKKKACiiigArxn9g//kiGuf8AZZviP/6mut17NXjP7B//ACRDXP8Ass3xH/8AU11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiivkL/got+1J+3h+yl8RPh74y+FGh/CO4+FXiD4leEfCevf8JDFqlx4hkl1bV47KdrdIZIbaFY45VZHdpSWzmPAGQD69or5U/b8/4KB6l+zl8UvCv7N/wy8YfDTwz4n8Q+Hr7xLr3jj4waybPw74T0K1nt7Y3VwFlha5mnurqGCGBZogSJGaRQgDexfsm+NfiX8Rfgrp/jX4ofE/4beNLrUJpZdO8U/CZZl0XUbPOI5YhNcXJDZDBts0i5HDdQADC8D/APKQv4of9kZ8B/8Ap28X16l4g/5C2h/9hV//AEkuK8t8D/8AKQv4of8AZGfAf/p28X16l4g/5C2h/wDYVf8A9JLigDUooooAKKKKACiiigAooooA/KrR/wDglj+2Ha/8FN4vhLc+ArQfsgab8fJ/jrYat/blp5jeIpNOXZpAsxL56QR6o0l0B5Xkle4bFe+/8FsrL9t74yfsr+N/2PP2Tf2FdT+JcPxI8B3enXPjC1+IWiaTBolzIxRY5LfULiKSf5QH3J8vzYzkV9sUUAfOP/BPr4g/td6j+zzH4I/aP/Ye1P4V6v4I8M6bpmh2upePtH1ceInhtDG7o2nzSLbAPEgxKQf3oIztNc78f/jp/wAFVLv/AIJuJ8SfgB+w7pth+0drkX2U/Di98eaXd23hlnmlQ3jXkk0Vre+XCscqxhwC8qg5COD9YUUAfnb/AMEuPCH7WP7Jj2vw78Vf8Eo/iJb614815L/4wfHfxj8XfCeoahrF++fM1C7jtb+Sdoo8sIrWEMIkO1QWLs36JUUUAZfg/wD5BM3/AGFb7/0rlrUrL8H/APIJm/7Ct9/6Vy1qUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABWT428BeB/iV4em8JfEPwfpmu6XcDE+n6vYx3EL+5SQEZ9+1a1FVGUoSUouzXVaEyhGcXGSun0eq+5ny/qv8AwTZh+GOpTeK/2H/jz4l+E+oSSGWTQopjqWg3L9T5llcEhSem4NhQflWq/wDw1t+2N+zd/on7YX7LsniDRYOJPiB8JC17AEH/AC0nsZMTQgDlnyF67VNfVFFess4qVly42CrLu9J/KcbS/wDAudHjvJadB82BqSovtHWHzpyvH/wHkZ578Cv2rv2d/wBpbTP7R+CfxZ0nXHWPfPYRT+XeQD1kt5AssY7ZZQD2Jr0KvGfjr+wH+y7+0Bqf/CVeKPh8ukeJUk8238XeFZzp2pwy9pPOhx5jDt5gcD0rzz/hXH/BST9mEeb8LPifpXxw8MQfd8PeOWGn67HGP4Ir9f3c7erzevC0/qeW4v8A3WtyS/lqWX3VF7r/AO3lD1F9dzTB6Yqjzx/npXf30376/wC3XP0PqmsnxB4B8C+LNQtdW8U+C9J1O6sW3WVzqGmxTSW5znKM6koc88YrwjwB/wAFNfgXfeI4vh1+0BomufCHxY/H9j/ECxNrBMehaG8/1MkeSMOxTd2FfRFhf2OqWUWpaZexXNvPGHguIJA6SKRkMrDgg+orzMfldailTxlHR6rmSlF21TTtKLtumm7b6M9PL81oYhupg62q0fK3GSvo01eMo32aaV9tSWggMNrDIPUGivK/2r/2rfBf7K/geDV9U0+41vxJrVx9i8H+ENMG691q9bAWKNQCQgLLvfBCgjgsyqxh8PWxdaNGlG8paJf106tvRK7bSQ8TiaGEoSrVpcsY6t/1u3skrttpJNsxP2yPjj8Ff2d/B1tceIPhpp/ivxZ4huPsXg3wbb6bFNea1eNgKiqVYrGCyl5MEKCAMsyqeN/ZY/4J/wCk6PpGp/E39qnQ9I1zxr4slFzf6LZW6xaT4fjP3bO0gjwgKjAaXlmI+8eWfa/ZN/ZS8aaR4yuv2sf2r9Qt9b+LGv2+yOKM7rPwrZHO3T7MZIUgEh5ASWJYAnLvJ9D1WZ5dkCoPCLD0qrfxzlTpyu19mDlBtQT3as5vXSNk88sx+fSrrGTr1aSX8Omqk48qf2pqM0nNraLuoLTWTk15DqP7Bv7KGov5zfCWG3kByslnqd3CVPsElA/Sqv8Awwx8KrP/AJFnxv450TH3f7K8Wzpt+m/dXtFFfIy4M4SlLmWBpJ94wUH98HB/ifXR4w4qjHl+u1Wu0puS+6amvwPF/wDhkzxlpn/IsftcfEuHH3RqerR3gH/faDNH/Cj/ANrHSjnQv2y3nQdINV8EWkmfq4bdXtFFL/U/I4/wlUh/gr14/wDuaRX+tudS/iunP/HQoS/9xI8X/wCEb/b10n/kH/Er4davjp/auj3Vvu+vknij/hKv28dJ/wCQh8Kvh/q+Ov8AZWuXFvn6ecOK9ooo/wBWHD+DjsTH/uNzL7p05fmH+sin/FwWGl/3C5X98KkfyPlD9orwb8Tv2h9Ah0z4w/sN3yahpzeZonirwt46tBqOlzA5ElvIF3rggHacqSASMgEcL4b/AG6f2rv2SvB97o37WvwP8S67pFpH5WgeP5NN8klzhYotR2bkBJIHmq25sDh2JYfdNUfEnhrw/wCMdAvPCvivRrbUdN1C3aC9sbyESRTRsMFWU8EVyS4ZzalVnXoZlU53Fr3oUXd2aXM4whez2bi2vNaHiZhLKsXWjicNgqdCunFuUJVXGaTXu1KcptTi1pdShON/cmtj5K/YE+PR/aL/AGhPFPj/AMcadDca9c+HYm0i8smJtLKxjkVHgiUliu55EfO45w3TJz9h18m6j+xv8SP2NfFd78Y/2BrO2vdNu0U+JPhZrdyWjvo1yc2V1IS8EvJIRmKknuAqV7D+zf8Atb/Cr9paxurPw1NdaT4l0k+X4h8G67D9n1LS5QcMJIm5ZQeN65HIBwcqM+C8Fjcgy7+zszq8+Ic6k+dq3tOeXNfm2lJL4tpaJcvKla8/4twnEGdpvDfVZckIRp83NTfJGz9jJ293qoO043fMpNuT9Rooor7Y4gooooAKKKKACiivOf2jf2o/hV+zH4Zh1nx9qM1xqWoSeToPhvS4vP1DVpyQFighHLZJALHCgkAnJAOVatSw9J1KslGK3b/r+uiZjiMRQwtGVWtJRit29v67LVt6JN6HbeK/FnhjwJ4cvPF/jPX7TS9L0+AzXuoX86xRQoOrMzHA/wAivlnXfHHxq/4KPx3ngb4Mi98E/Be6WS01zxxe2m3UPFEByksFhDIP3cDDKtKw5Bx2aM6XhT9mj4w/te+I7P4uftywrp3h61nFz4Y+DllcFrW2/uTak4x9pmx/yz+6OQQAzR19QWdnaadaRafp9rHBBBGscEEKBUjRRgKoHAAAAAHSvMcMTmq99OnRfTac159YRfb4mt3FOx4zhi86X7xOlh39nadRf3usIP8Al+OS+JwTsfJX7H//AAST+H37KHxx/wCF3H4p3/iO5sI508PWc2mLbCyEqNEzSMsjee/lOyghUHzE7emPrmiiuzA5fg8to+yw0OWN27a7v1ud+W5Xl+UYf2GDpqEbt2V9311bf/A0Ciiiuw9AKKKKACiiigAooooAKKKKACvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvgz/gt18XNXj8O/Dj4L+Df2dfjF4z1XTPi74G8a3954B+Ems65YQaXYa/HPdBrqyt5IluEitpH+zlvMKtGduJFz950UAfnL+034Q0Hxd+3t8Cv+CtWufshfEfxv4CtvhprfhPVPDsnwtvZ/EPhS/a8E1lqcuhyxfbSrL9thJSFnjE0b42uGHr//AASJ+Enjn4feFPjL8QtW+DuqfDfwl8SfjZqfif4dfD7W7BbO70nSpbSzgaWW0B/0Frm5gubn7MQCgmBYBnYD67ooA+ePgF8MfDfwu/b9+L+n+GtS8Q3Meo/CvwPfXDeIvF2o6w6Svqvi4FYnv55mgi+UYhjKxKclUBY59z8Qf8hbQ/8AsKv/AOklxXlvgf8A5SF/FD/sjPgP/wBO3i+vUvEH/IW0P/sKv/6SXFAGpRXnH7QX/DXf/Eo/4ZW/4Vv/AMvH9vf8LB+3/wDTPyPs/wBj/wC22/f/ALGO9eb/APG3b/q3D/yv1w1sd7Go4eyqSt1jC6+T5l+R5uIzL6vWdP2FWVusYXT9Hzr8tz6Por5w/wCNu3/VuH/lfo/427f9W4f+V+sv7T/6cVf/AAD/AO3MP7Y/6hq3/gv/AO6H0fRXzh/xt2/6tw/8r9dJ8I/+HjH/AAsLT/8AhfH/AApT/hFP3v8Aav8AwiP9r/2j/qn8ryvtH7v/AFvl7t38G7HOKqGY881H2NRX6uFkvV870NKea+0qKH1esru13Tsl5t87su7sz2uiiuV+Onwc8FftD/Bbxb8BviPYfadA8Z+HL3RdYhAGWtrmB4ZNuejBXJB7EA9q9E9U6qvlz/goH/wVe+En/BOqacfEr9nP41+M7aw8MjX9Z1b4bfD1tR07SrDzZYjJdX0ssNtAwMLko8gbaVOPmXPwXN+1h8ZvEv8AwRW03/gl/L4iZPj9f/Fb/hmLUZVyXiWGbyp9UK53tb/2EokM2cFpN249/sf/AIK8/DDwd8Ev+CFfxk+DXw70sWWgeE/gjLo+iWa/8sbS2tkhiT3wiKKAPrf4deN9J+Jvw+0L4kaDb3ENj4h0a11Kyiu0VZUiniWVFcKzAMFcAgEjOcE9axP2gvjTbfs+fCjUvitdfDPxn4xXT5IEXw78P/Dsmq6tdtLMkSiG2QgsAXDMxIVEVnYhVJqj+yR/yal8Mf8Asnui/wDpDDXoLBipCtg44OOlAHyv8Jf+CtXwh8cfHTwz+zr8Yv2c/jN8F/E3jh5ovAyfF3wTHYWniCeKMySW1tdWtzcw+eIxu8qR0Y5AALMAfqmvyx/ac+GH7VH7PH7df7LPxh/4KVftQ2Hxu8B3XxitfC/w+07wf4Og8J/8I/4x1K2njsdRurQPdPqUIEcicXUXkMwfZICyn9TqAMvwf/yCZv8AsK33/pXLWpWX4P8A+QTN/wBhW+/9K5a1KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDE+IHw1+HvxX8OS+EPib4I0rX9Lm/1lhq9hHcRE/3grggMOzDkdjXzvff8E4tV+EN7L4k/YV/aH8R/DGdpDK3ha7lOq6BcMTkg2twSYi3ILqzFQflUV9R0V3YXMsbg4uNKfuveLtKL9YyvF/cn5nBi8swOOkp1Ye8tpK8ZL0lFqS9LteR+f37Wf8AwUw/bp/Yk8L2HhT41/s6+CZfEerSyDQ/F+maxNPpGoRw7PO/0TKTxuPMj4aRAd+QMDFdN/wSjktv2um8Qft9fGmaTWfH7a9caFpyzW+yx8PWkcUUgh0+Ms2wMtxhpCd5ywzku0n1L8d/2cvgn+014QTwJ8c/h/a+INMiuBPBDPLJFJDIBjdHLEySRnBIO1hkcHIrT+FPwk+G/wADvAtl8NPhP4RtdD0PT1ItbC0BwCTlmZmJZ2J5LMSx7k17dbOsreSOjh8P7PETdpSjonG92ldtpPS8VZabtPlPCo5Hmqz1V8Rifa4aCvCEtZKdrJu0Um462k7vXZNcx0dFFFfLH1gUUUUAFFFFABRRRQAUUUUAFeQftIfsbfD74/X9r490rVLzwj4+0kZ0Lx34ebyr22YDhJcEC4i7GN+xYAruOfX6KxxGHoYqk6dWN0/6uuqa6NNNdGc+KwmGxtF0q8VKL/Po09010aaa6M+ZfA/7YXxH+Animz+DH7fWi2ujXN1KIPD/AMTtNQjRNbPYTHAFnORyVbCdThF27vpiGaG5hS4t5lkjkUNHIjAqykZBBHUVl+OPAng34l+FbzwR8QPDNlrGkahF5d5p9/AJI5F9wehB5BHIIBBBFfNE/wAL/wBo/wDYGnfWf2fI9R+JHwpRi958O725MmraDHnLNp0rZM8Y/wCeDZPGBks0g87nxeW/xL1KX8284/4kvjX95LmXVS3PJ9pjso0q3rUf5t6kF/eS+OK/miudfajLc+raK4f4C/tF/CL9pXwaPGvwl8VR38KMI7+ykHl3VhL3inhPzRuMHrwcZUkc13FenSq0q9NVKck4vZrVM9mjXo4mkqtKSlF6pp3T+YUVT8Q+ItA8I6Hd+J/FOtWunadYwNNe317OsUMEajJd3YgKB6mvl3U/jD8dv2+NRn8G/sv3194J+FyTNBrXxSuLdo73WFB2vDpcbYKKeQZzgjnG0rtfnxeNp4VqFnKcvhit3/kl1k7Jeb0fJjsxo4Jxgk51JfDCPxPz7KK6ylaK7t2T6747/tmapb+OJf2dP2TvCkXjj4kMNt6BIf7L8OLnBmv5l4BU/wDLIHcSMHBKq2j+zl+xnpfwv8TTfG34y+K5fHnxQ1KP/iYeLNTjGyyUg/6PYxfdt4gCVG0BiCfug7B3XwI/Z8+FH7N3gaLwB8JfDEen2gPmXdwx33F9NjmaeU/NI59TwOgAAAHa1hRwVSrVVfGNSktYxXww9P5pf33/ANuqK35sPl1atWWJx7UprWMV8EPS/wAUu85K/wDKorcooor0z2QooooAKKKKACiiigAooooAKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPGfA/wDykL+KH/ZGfAf/AKdvF9epeIP+Qtof/YVf/wBJLivLfA//ACkL+KH/AGRnwH/6dvF9eoeKWNrJpurOjGGy1DzLgqpJVGhlj3YHYGQE+gyaANaisoeOfBJGf+Ew0sfW/jH/ALNS/wDCc+Cf+hw0r/wYR/8AxVAGpRWX/wAJz4J/6HDSv/BhH/8AFUf8Jz4J/wChw0r/AMGEf/xVAGpRWX/wnPgn/ocNK/8ABhH/APFUf8Jz4J/6HDSv/BhH/wDFUAalFZf/AAnPgn/ocNK/8GEf/wAVR/wnPgn/AKHDSv8AwYR//FUAfOVn/wAEjv2VrH/gpRN/wVJhv/FJ8fS2bougtqcH9hRXj2Cae+pJbeR5gu2tEEJk83aQSduTmrf/AAUD/wCCZ3hv/golo7+D/iF+1v8AGrwR4YvNBk0nXPCPw48TWFnpuswu5ZmuormxuDI+DtyGUbQBjvX0F/wnPgn/AKHDSv8AwYR//FUf8Jz4J/6HDSv/AAYR/wDxVAHj37H/AOwyv7IPw61n4Y237Wvxk+Imn6nY29np0nxL8S2d7NoUEMLxLHYtbWduIQVYZ3B+Y0xjBzVX/gn54f8A+GPfD37H7/tT/G4p4ZuVuLD4lx/EN4vFssyzSyh59QjiUTD980ZRoyjRqqspxXtf/Cc+Cf8AocNK/wDBhH/8VR/wnPgn/ocNK/8ABhH/APFUAfMfwq/4JC/Bfwf8cvDX7RPxs/aI+M3xt8S+CJnuPA7fGHxvHqFn4funXYbq2tLW3toBPt4EsiO4wrAhlVh9YVl/8Jz4J/6HDSv/AAYR/wDxVIfHXgsD5fFumueyx3qMx+gByfwoAXwf/wAgmb/sK33/AKVy1qVmeEIpo9DEk8LRme6uLhUdcMFkneRcg9DhhxWnQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeD/Hr9iex8XeMj8ef2d/F8nw8+JkKk/27p0Q+yauOvk39vjbOjYAL4LDgnftArzTX/wDgq1a/s3xv8O/20Pgn4g0Tx1ZqhMHheGG6sdVgbcFvbaSWZNsTMjAqSSp4ySGC/YdfMn7eH/BNDwd+234m0bx2/wARrrwxrelWIsJbtNNF5Fc2gkeRYzGZI9rK8khDBv4yCDxjwMzweOw9KVfKtKresdOWV93Z2Sku6av1voz5fOcBmeEozxOSWVZvWDtySvvLldkpre6cebXmvoznPhN8NPHP/BSCz0r9oP8AaT1qC3+Gks5ufCHwu0S/LwXPlyMon1KZcec4ZSPKGApGCF+dW+t9M0zTdF06DR9H0+C0tLWFYra1tohHHDGowqKqgBVAAAA4ArlP2fvgl4T/AGcvg5oXwV8ES3Emm6FatHFNdMDJM7yPLLI2OAWkkdsDgbsDgV2Vd+XYN4agpVNaskueV7tu2qv2TvZKyS2XV+nlOAeDwynW1rTSdSTd25W1V/5U7qKSUUtl1ZRRRXoHqhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV4z+wf/yRDXP+yzfEf/1Ndbr2avGf2D/+SIa5/wBlm+I//qa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeM+B/+UhfxQ/7Iz4D/wDTt4vr2avMfib+yD8Fviz8SJfi54km8a6f4guNDtNIu77wj8UfEGgC5s7aa6mt45YtMvreOUxyXt0Vd1LDzmGcYAx/+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9cjrP7AWjSfHjw3qOj/Ev4wp4Hi8I63H4isz+0d4y3y6q91pR06QZ1XfhYE1QHawXMi7gx2FQD6Uorxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLej/hg/4I/wDQ8fGb/wASO8a//LegD2aivGf+GD/gj/0PHxm/8SO8a/8Ay3o/4YP+CP8A0PHxm/8AEjvGv/y3oA9morxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLeuR+Cf7AWjWHg29g+MvxL+MN3q7eLvEElnLD+0d4ywulPrF4+lx/u9VUZTT2tEORuyp3FmyxAPpSivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9morxn/hg/wCCP/Q8fGb/AMSO8a//AC3o/wCGD/gj/wBDx8Zv/EjvGv8A8t6APZqK8Z/4YP8Agj/0PHxm/wDEjvGv/wAt6P8Ahg/4I/8AQ8fGb/xI7xr/APLegD2aivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9mor5r+JH7AWjXXjL4fz/AA7+Jfxhg0i28XTSePIpP2jvGWbnSjo+pJHGu7VScjUH05/kKtiM87dyt13/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV4z/wwf8ABH/oePjN/wCJHeNf/lvR/wAMH/BH/oePjN/4kd41/wDlvQB7NRXjP/DB/wAEf+h4+M3/AIkd41/+W9H/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV81/Df9gLRrXxl8QJ/iJ8S/jDPpFz4uhk8BxR/tHeMs22lDR9NSSNtuqg5OoJqL/OWbEg527VXrv+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//Lej/hg/4I/9Dx8Zv/EjvGv/AMt6APZqK8Z/4YP+CP8A0PHxm/8AEjvGv/y3o/4YP+CP/Q8fGb/xI7xr/wDLegD2aivGf+GD/gj/ANDx8Zv/ABI7xr/8t6P+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//LeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9H/DB/wAEf+h4+M3/AIkd41/+W9AHs1FeM/8ADB/wR/6Hj4zf+JHeNf8A5b0f8MH/AAR/6Hj4zf8AiR3jX/5b0AezUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9cjo37AWjR/HjxJqOsfEv4wv4Hl8I6JH4dsx+0d4y3xaql1qp1GQ41XfhoH0sDcxXMbbQp3lgD6Uorxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t6P+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLej/hg/wCCP/Q8fGb/AMSO8a//AC3oA9morxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t65H9n/APYC0bTfgP4J0747/Ev4w3vji38I6bH4zvIP2jvGWyfVVtYxdyL5eqqmGnEhG1VXB4AGBQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezV4z+wf/AMkQ1z/ss3xH/wDU11uj/hg/4I/9Dx8Zv/EjvGv/AMt6774N/BvwB8A/AEHwy+GVhf2+k29/fXoGqa5ealcy3N5eTXt1NLdXsss8zyXFxNIWkdjl8DAAAAOoooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvy0i/Zk+Gv7cXwj/bD/bB+OAvbj4m+D/ih440D4XeM49VnhvPAVr4cjNvpx0xkcCzPn27XchQDzmnbzN6nFfqXXxx8YP+CWfxM8U638V/CfwO/bNv/h98Mvjrqk2o/FHwVB4Kgv71rq6to7XUpdK1F50OnG8hiUSb4bnbIzyR+WzcAHu37D/xb8T/AB//AGLPhB8d/GqqNZ8bfC7w/r2rhIwgF1eadBcS4UcKN8jcdq+I/wDgoF+x9+yp8EPHfw4+HX7Dfw2k0j9qfxv8SNL1fwt4p0bWLubWLTS7fU4Z9a1TVrmSV5JNLFp9pgeKctHI9xHFGhbAX7msPgr458G+Ovh5bfCT4sxeGvhn4J8L3ej6l8NYfDUFwmr/ALq3i0+Rb52860FokMgEaAiXzvnI2DPzF8FP+Can7fHwM+Onj39oLRP+Chfw71zxN8RddF1r2v8Air9nm5u9STTo2/0bSIJ08RRpBaQISscccSruZpGDOxNAHV/8FNf2cf2YfE1lF8c/il/wTG8Q/tGeJV0ptLtbXwxHZS3emW8QlmRlF5fW/kZeVwJLVZLjcw+U7Vx8tfDnUdd+Of7E37Bn7HXxA+PF5448L/Fzxtqdv8SNattUvlfVtO0fTdX1EeHrma4WK5dI57W3spxKsckn2F1dRudT92/Hr4Lftz+M/Htzrf7Pf7ceheBfD13YRwtoOtfCCHXJrOZQQ09tc/brbazZB2zRzqCOBg4rz64/4JO+BPDn7I/w5/Z1+D/xn8QeH/FPwn8ZN4x8FfE2+tIL++XxBNPdzXt1dwERx3MN0b+9Sa3BjUpPtUoUQgA5r9jLwJ4W/ZD/AOCn/wAW/wBiX4G6Z/ZHwx1H4ReGfH+ieELWVzYeHNSn1DVNNvI7OIki3juFs7eZolwgdWZQNzZ+168I/ZK/Y38VfAz4leO/2iPjn8bv+FjfE74iJp1prXiO38Npo9jZaZYJKLPT7KyE05giVri4lYtNI8kkzMzcKB7vQAUUUUAfMH/BZn4r/EP4Nf8ABNj4keLPhT4ru9B16/8A7H8P2eu6fJsuNNXVtYsdLluonHMckcV5I6uOVZQwIIzXkUv7NPwY/wCCcn/BSX9mjwp+x94R/wCEP0L4u2vivwx8RNCsb2Z7fXPsOjNqlnqVykjsJL2KW0kQ3R/eut26uzAgV9e/tT/s3/Dz9r39njxd+zT8VRdroXjDR5LG8uNPm8u5tWJDxXMLkELNFKscqMQQHjUkEcV5F8Ef2D/jRpv7Q/hj9pX9sH9rgfFjXPh94bvtH+HlvY+BIdAttN+2iJLzULlI7mc3d9LFBHF5gMUSI0gSFTISAD2X9oD9nP4O/tSeAR8Lfjr4UfXfDrX8V3caQdRuLeG6ePOxJhBIhmiycmJyY2wNykDFfH//AATO8DfDKz/bk+N+rfsM6AdC/Zr07w9pnhxbDS7iQaBqvja2ubr+0rvR4ixSOKG3a2tZ5IAscs8ZxvMTNXrX7SX7Gf7Yn7QX7Ivjb9m2D/goPNoeu+L/ABffXEXjm1+HMKS6d4anuWdNBSG1vLdjsgK2xvRKkzoGb5WbK7H7Iv7L37Uv7OXgYfCLxV+0X8OLvwdpPhb+yfBeh/D34KSeHToUqhVimDT6xfJOqKG/dtGNzHcznkMAfGXxw+Bn7Pn7Lv7ePwI8K/s3fsX+Iv2fXi+NOn2Wp/Hmd0j0jxlZvBKG0AyWd1czXcmoOyQodTS3AdCVcybFe/8AtjfsJ+JtE/bY+Pn7bnxd/wCCVHw1/aM8C61pfh650t/EHimzj1zTbTTNJ8u++w2VxZTJO7tkiN57cuYABu3LX0dqv/BPr9qD44eL/A7/ALaP7dNn468I+AfGen+K9N8LeFfhXB4efVdUsJRNYyahc/bbozRxTBZTFBHbq7Iu75RtO9+0d+yj+3b8bdV8WeFPBn/BRKx8H/D/AMWwtayaLa/CC2uda0qzkgWKeGz1Nr1I0Zv3jLLLayvGZOD8q4APY/2cfij8L/jf+z94I+MXwSwPB/ifwpp+p+F0FuIfLsJrdJIEMY/1ZWNlUp/CQR2rtK5T4FfBjwH+zl8FfCfwB+F2nyWvhvwV4cs9E0O3ml8yRLW2hWGPe/8AG+1AWY8sST3rq6ACiiigD4d/aQ+FXgH9tb/grnpv7Jv7Svh2PxR8NPAv7PS+M7TwRqUjHTdR1vUNbnsBd3MAIW5a3t7FliEgZY2u3YAMQa6j/gj9qut6P8PfjP8As73Gv6hqOhfBv9oXxD4N8Ey6pfSXU9voiQWV/a2hmlLSSrbjUGtkLsWEcCLn5a7n9p39i/x/8Tvjv4a/aw/Zq/aAi+GnxL8P+Grzw1d6rqPhJdd03WdEuJo7g2l1Zm4tmLRXESywyxzIyM0gYOrlap/C39hn4jfAD9lq++DXwF/amv8ARfH/AIh8ct4t8ZfFfVfCVnqNxrWpXWpR3eps1i5WCJbiFXtIwp/0eIxldzRgkA47/gpZ+zf/AMEyfDvgfxV+2J+2/wDBuDxLqA06HTdMknvbu41Ke7K+TZ2GiwrL+4vppCFj+yqkjSNuZsKWHLeD/i3+19+zB/wTP+Bf7OHxA8R/2l+1D8RvD9p4Y0OTXLgXkmnXxgMt1ql+5P79NMs8yzuSRNNEke4tcKT0v7U3/BO39qn47ftt+H/2vvA37Z3hHS7DwVo/2bwD4D8bfBybX7Lw/fyLtudViaLWbISXki5jWWSNjFGSqEZZm9T8b/sLfBz9qD4beFfD3/BQz4Z/Dv4z+I/DK3Ri1u/8Ara2aSTuu97aznuLprbckcCsPOfcYg2RkKAD8+P2edf1X/gnZ/wSX/b8u/2f/FOoy6v8OfjJ4yh8Pa/qF6bm/N3/AGPpES6lLI2TJP5rm4ZjwXycY4r2Dxp+yT8Hv+CZPx9/ZN+IP7LWm3Glan44+JS/D34oXMepTyv44tb3QdRujf6kXdvtV1Fd2EVwtw2XBd13bGK16f8Asz/8ER/2Nv2dfAfx5+Gtp8PfDk+k/HXV9Xiv10TwzHpk2k+Hb61hhXQ4pEkctFC0csqSDYA82RGpXJ1fgr/wTj+MWh/Fr4a/ED9qb9sy6+KemfBa0uU+GGif8IPBpDxXcto1iNR1OdLiX+0btLR5YkdEt0BmeTyy5BAB9ZUUUUAFeX/tu/FvxN8Af2L/AIvfHfwWqtrPgr4X6/r2kq8YcG5s9OnuIsqeGG+NeD1r1Csvxt4M8M/EbwZq/wAPfGukx3+ja9pdxp2rWE2dlzbTxtFLG2OcMjMp+tAH5jv+zL8Nv2IPg/8AseftifBH7bb/ABP8YfFDwNoPxR8aSarPNeePLbxGgt9S/tNnci8/fXC3cZcHyWgXy9ijFfpT8XPhR4I+Ofw31b4S/EmwurvQdcthb6pa2ep3FnJNFuDFPOt3SVA23B2sCQSOhNfLfwg/4JY/EvwrrXwo8IfG/wDbNv8A4gfDD4FapDqPwv8ABM/gqCxvRc2ttJa6bJquopO/9omzhlby9kNtukVJJPMZefXfiZ8CP2s/GXhH4x+HPCP7bDeH7nx0kEXww1GP4f2sr/DyMWkUM+zbNG2pPJKs06yTMhiaUKMqgyAfMH7O3wW+Bfw4/wCCutv4H/4JueBYfCngb4feANVsP2jV8MzSR6Be6zcvaPo+nmLcYpNWgC3U8sqjzI4p1SR8yBK8f/bt8ZXv7Z/x6+B/7YsfiGRfhn4H/a/8FeEfg/ZR3W2HW511jZrHiJ1BxJE00AsrRjkCK3uJl+W6Uj67/wCCfX7Cn7Uv7Dvh3w/8I739qP4ca/8AD3R4bhr/AEXRPgpd6VqurXsqsz31xqU2vXZkuJJ286WR4XaUkjK5BHG/tHf8G/X/AATb+NMPhH/hAP2XPhn4Hn0D4i6T4i1240/4fW0za9p9rOZLnSZdrx7YrlTsdzvAHJjfpQByv/BRX9gT4l/Hb/goFpf7UQ/4J+/DH9oXwbpfwSXw7H4a+InjC30zyNT/ALWluzNaiayuleQQkIN4iQ+cf3owa+nP+CdHxi+BPxy/Y58HeNf2cPhY3gTwtbw3Wkw+BJLCK1fw5d2V1LaXenNFESiGG4hlT5flYAMOGFUfjN+zx+2bf65bWP7Jn7aHhv4Y+ELbw/baZa+FdR+DkGt/2eYQyia0n+3W3lnYY1EcqTRr5QwuCQer/Y0/ZS8EfsVfs7aH+zz4E17VNYg0uW7u9R17XJVe91fULy6lu7y9nZFVd8txPK+AAFDBRwooA9RooooAK+Mf+Cj+gad+0B+2t+zF+xD8SxNefDbxxN4w8R+OPDguXit/EB0WwtPsdjdbCDNbefqHntASUkNqm4MBivs6vEv2xf2P9S/aT1LwH8T/AIZ/FubwB8Sfhfr0+qeB/GC6KmpwQi5tntbyzurN5Ixc2s8D4dFkicNHG6yKU5APHv8AgnD4f039n79tj9pz9iL4ZLNZ/DbwRJ4P8SeB/DZuXlt/D51qxu/tlja7yTDbedp/nrApCRtdPtCg4r079uT9mT/gn54+8OXf7SX7fPgfw/qvh/wJ4eme4vvGV7M+maZahjI832Uv5JmJwFk8szE7UQ5IBzvg5+wz8VfhB8O/jB4isv2qZbv44/GNmudW+L7eCrcQaVdw2Is9N+y6Q8rxfZbNFVkt5ZZDIzSmSRvMOOS/bf8A+Cdf7TP7X3ij4TavaftneHbHSPhqsWoap4R8W/CRtY0rxP4giUCLVrqC31WyB8pgZIrZi8SSHfhiq7QD598P/sfftR/tRf8ABBnxh+zvo/gfUZp/G/js6r8JfBHxK1p0vNM8FjxTa3+nadqE9x5joU06EnY5kdI2SIgsuwd7+yF4y+Cn7HHxY+JvwJg/4Jg+BP2fPijb/Ce58b6enw91G21PSvGGjWUjRNsvIbS0l8yC5ljV4JYUYC4V1LKc19NH4S/tx33wDuPBuqftmeFbb4inWlubLx1onwfEOnpZqUP2SXS7jU7gybsOGlW5jbDjbtK5blv2ff2EfiD4X/aO1f8Aa7/a1/aNi+Knjy98Et4P0ZdO8Fx6Doui6LJcpc3EEFl9ouXeSeaOJpJpZ3JWJEUKowQD4XsPgd4R+Av/AAS2+Av/AAVw8KXd7N8fdV1z4feLPG3xCbUpm1DxYviPVtPg1LSrxt+JrQw6pJGlvjZCIIzGEKZr9eq+KPh9/wAEivGHhXTfAfwD8V/tg3+v/AL4X+MbXxD4J+F03g2GK/DWVwbnTbC+1b7QxvLK0m8tkiFvG7CCJZJHCnP2vQAUUUUAFflpF+zJ8Nf24vhH+2H+2D8cBe3HxN8H/FDxxoHwu8Zx6rPDeeArXw5GbfTjpjI4FmfPt2u5CgHnNO3mb1OK/Uuvjj4wf8Es/iZ4p1v4r+E/gd+2bf8Aw++GXx11SbUfij4Kg8FQX9611dW0drqUulai86HTjeQxKJN8NztkZ5I/LZuAD3b9h/4t+J/j/wDsWfCD47+NVUaz42+F3h/XtXCRhALq806C4lwo4Ub5G47V8R/8FAv2Pv2VPgh47+HHw6/Yb+G0mkftT+N/iRper+FvFOjaxdzaxaaXb6nDPrWqatcySvJJpYtPtMDxTlo5HuI4o0LYC/c1h8FfHPg3x18PLb4SfFmLw18M/BPhe70fUvhrD4aguE1f91bxafIt87edaC0SGQCNARL53zkbBn5i+Cn/AATU/b4+Bnx08e/tBaJ/wUL+HeueJviLroute1/xV+zzc3epJp0bf6NpEE6eIo0gtIEJWOOOJV3M0jBnYmgDlP8Agoh+wB8TPjX/AMFDov2qZf8Agnf8Mf2h/B1j8DrTw3B4d+IXjG20yS21OPV727kktFnsrpHk8mWNB5nkofNx5owaofHr4T+FP+Cov/BMn4AXn7Ev7Knhq98G+HfixpOq6j8HPG1zDo1haWOjvf2d/o1yFhnSMJcI1sQkUoP3grLX1V+0H8Ev27PHXjq61f8AZ1/br0L4f+H7zTY7dtE1f4PQa7PZzDcHuba5N9b7XYFTtmjnQFfu4JFYHgf9hf4pfs0/sn+CP2Zv2I/2oj4MuPCd9c3WqeI/GfguHxI3iOW6luLm7ku4hPasskt3cPcFoZY9p+UDbxQByP8AwS38RfAvwT4v+J/7JvhP9gzw3+zt4/8ABdzpmp+MvB3hG4tbrTNWtb6KUWWp2t5bwwfao2FvNG2+GOSNoirKMivsGvAv2Qf2KvEf7P8A8S/H37RXxs+O1z8Svif8SV0628Q+Jf8AhH4tIsbTT9PSVbOwsbGOSX7PChuJ3YtLK8jyFmY4GPfaACiiigD5g/4LM/Ff4h/Br/gmx8SPFnwp8V3eg69f/wBj+H7PXdPk2XGmrq2sWOly3UTjmOSOK8kdXHKsoYEEZryKX9mn4Mf8E5P+Ckv7NHhT9j7wj/wh+hfF218V+GPiJoVjezPb659h0ZtUs9SuUkdhJexS2kiG6P711u3V2YECvr39qf8AZv8Ah5+17+zx4u/Zp+Kou10Lxho8ljeXGnzeXc2rEh4rmFyCFmilWOVGIIDxqSCOK8i+CP7B/wAaNN/aH8MftK/tg/tcD4sa58PvDd9o/wAPLex8CQ6Bbab9tESXmoXKR3M5u76WKCOLzAYokRpAkKmQkAHsv7QH7Ofwd/ak8Aj4W/HXwo+u+HWv4ru40g6jcW8N08ediTCCRDNFk5MTkxtgblIGK+I/2Gk+HPwn/ac/aP8Ai7+wf4RbTP2cPB3gK306HRtLuJBoOt+ONPe9l1G40eIkxxxR2/2a0nkhCxyzxnG8xM1e7ftJfsZ/tiftBfsi+Nv2bYP+Cg82h674v8X31xF45tfhzCkuneGp7lnTQUhtby3Y7ICtsb0SpM6Bm+Vmyu9+xp+y/wDtFfs4+Frf4R/E/wCNfwx8Q/D3SPDiaT4b8HeBvgvN4bTT1Uqo3SS6xfLLH5YdTH5almfcXPIYA/N79hP4j+Frb4JfBf8A4KZ/tqf8E7v+EgPjrxZpE2tftLa14/W58R6drOoagtvb3Y0wR/6HoqXkkVrDFDc8W4jZrbDEH6M8Ffsk/B7/AIKcftB/tY+PP2ptNuNV1HwP8ST8PfhhcS6lPE/ge1s9B066+36aUdfst1Ld38tw1wuHJjRd2xQtdj4T/wCCO3jLQ/BfhX9lbXf2yr/VP2c/BPjG017w/wDCt/BMEepPFZ341Cx0q61n7QxuLGC5SJggtkmZIURpiBmuy+NX/BOX4x638W/iV8Q/2WP2zLn4V6b8aLO2j+J+i/8ACDw6u8t1DaCx/tHTJnuIf7Ou3tEiid3S4QmGOTyw4JIB1f8AwSY+O3j79pr/AIJp/BH46fFPUJLzxJ4h+HenTa5fzD5726SMRSXLf7UrIZDjjLnHFfQ1cr8Dfgz4B/Z0+DHhT4B/CzS2svDfgzw9Z6Lodq8m90tbaFYo97fxuVQFmPLMSTya6qgAooooA+A4/wBmr4Mf8FG/+Ck/7S3hP9sHwh/wmGg/CKz8KeGPh5oN/ezJb6J9v0ddUvNStkjdRHeyS3UcYuh+9RbRFRlANeuf8EZvit8Q/jJ/wTa+HPir4q+LLvX9d09tZ8P3mu6hJvuNSXSdZvtLiupXPMkkkVnG7OeWZixyTUvxv/YQ+NGpftD+Jv2lv2Pf2tx8J9e+IHhux0b4h2994Eh1+21L7EJUs9Qt0kuYDa30UU8kQkJlidBGHhYxgnqPhh+xxrv7OHwT+D37PH7LHxvu/CPhX4aapbt4kg1HQLfVbnxhpqw3H2i1mmlKm1mnuplunuYhu3oyhQrnAB8w/wDBX/8AZP8A2H/h58HfFvxM0P4O3WoftI/FK8m074L6romt3Z8UT+LZkP2OTTpzNvs7e2cJcTeWY7eKCFy4wcNzv/BRvxt8efG37WH7NX/BPDxh8Ipvi2mufDXVvEfjjwhD4qOg6N4r1myS0gRtUu1jZl02EteXBhWKUSzPaq0LAceveJ/+Cb/7a0n7cfi39t/wT+3j4EOq6xYrpPg3T/G3wIuNYbwbow5awsZItftUXzXAeabylkmYKGO1VUemftK/sR/EL44eIvhd8evAn7Qlt4L+M/wus7u1sPHEHg1b3TNTgvreKLUbW50uS5VmtpnhilRFuRJC0a7ZW+bcAfKWvfBrQv2wf+CWX7Qn/BPP9lT9jbRPhH8RfDvjax0jxd8JG8QxSaRb3zT6XqAube7VFjazuLARyqywxkkODCG+96d/wTzj+BP7OX7XGufspah/wTG8B/s6fEjX/A58RaVf/DrU7XU9L8VaNbXccEyreRWdpIs0E08Ja3lhHyyh1Zhk16X8KP2C/jR8FPhd8QL/AMBftfyf8Ln+J/jODxL4x+K2p+A7a4triaGK3torOPSvOVYrNLS2jt0jE5lUFn84seLv7PX7DXxQ8J/tO3P7ZP7V37TSfE7x9B4Ok8LeGF0fwZH4f0fQNLmuY7m5EFoLm6keeaWGEvPJOx2xKihVyKAPpCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDzP9sX9rT4O/sMfs0+Lf2qvjzq81p4Y8Iab9pvRaxh57qRnWOG2hUkBpZZXjiQEgbnG4qMkfLnw9+Mv/BwB+0L4Ls/jf4C+An7NXwu0PW7Vb3QvAHxP1PX9Q19LZxujF7cWPlwWsrIVJQRSNHnDqGBUc1/wdBaBrd5/wAExIvHEGk3F/oPgv4reGNf8aWdvEZDLpEN55c25B95Q8sTHsAuTwM1+gnhPxX4a8eeFtN8b+DNdtdU0fWLCG+0rUrGYSQ3dtKgkjljYcMjIysCOCCKAPiD9tv/AIKRftsfsif8E5/Df7TPjz9m7wl4P+J938T9L8LeIPCOrapLrWmJb3Govatd209tJbs6ywqk8W45TzArqxU1931+dn/BzPdWt3/wTp0Q2tzHJ5fxz8IJJ5bhtrDUBlTjoR6V+idAHyr+xZ+3H8Wf2jf2+P2q/wBlnxv4e8O2vh/4Ga94ZsvCV5pVpOl5dx6jp81zObt5JnSRleNQnlpEApOQx5Hy3+wx+3d/wXy/b2/ZBg/bN+DHhb9lC40661DVYLHwVqWi+I7LUb02N1LbtEtz/aEsEckhiOxmGzLDcVGSO/8A+CVv/KYz/gol/wBjh4C/9Mt1Xy3/AMEH/AP/AAWC+IP/AASt0Twv+yT8e/gT4F8B6j4h8SQadrmv+DNW1HxPprtqlys0yFbtbN2Ehdow0WANobJyaAP0y/4Jf/t8eGv+Clf7GXhf9q/QfBVx4ZudVkurHXvDV1cec+l6jazNBPCJNq+Ym5d6NtUlHXKq2VHG/wDBRr9v74xfs5fF34Q/scfsk/CXQfF3xk+ON/qkfhRfGOqy2eiaPZabbC5vL69eFWlkVYz8sUeGfa+DlVR+/wD+Cbv7B/w+/wCCbX7IHhf9kv4d+Jb3XYdC+0XGqeIdSiEc+q39xM01xcsgJEYZ3IVMttRUUsxBY8//AMFE/wDgmL8I/wDgohZeD/EOv/Ejxl8PvH3w41G4vvh78Svh9q/2PVdEmnVFmRWIIeKQRx70OCQgAZctkAzfgHq3/BZ/RfjT4e0j9q7wr+zjr3gDUWuE8Qa18MbrW7DU9HZbaV4XW31BpY7lGmWKI7ZFYCQttwpr3f4x/tB/AT9nbQYfFX7QPxv8IeBdLuJTFBqXjHxLa6ZbyOBkqslzIiscHoDmvze1j4q/8FTP+CRf7X/wH+Fv7SH7aen/ALR3wf8Ajj8RbbwNBJr3g630nxF4ev7oqsE6y2zN9pjVmDO8jP8AKrDbGWVq2f2SPgr8H/22P+C0n7X3jr9sjwHo3jjX/hFqHhvw18NPDHjCwjvrTw5olxYPcG5trWcMivcyDzDNtLAlgpAcggH6LfDL4ufCj41+E4/Hvwa+J3h7xboUsjRxa14Y1qC/tHdQCyiaB2QkZGRnjIrl/A37ZX7IHxP+Is3wg+Gn7Vnw28ReLbdnW48L6F450+71GIpneGtopmlXbg5yvGDmvi3/AILzeDPCH7EP/BGX4wWX7HngLRvhfYeLvEWkxeL7rwNo8WnRww399Y2F9dmO3VVDy2yR27sBllbnnmuR/wCC0v8AwT4/YK/Zf/4I3+Ivid+z38IPCXw/8QfB/TNI1j4XfEHwvp9vaataajDeWyW8i30SiWd7gsFdmZvMaQOcuFYAH6ReMvjb8GPhz4r0nwJ8Qvi74Y0HXNetL260LRtZ1+2tbvUYLOLzruWCGV1eZIIj5krICI1+ZiBzWb4E/af/AGafij8PdV+Lfwy/aH8DeIvCmhXUttrnifQvFtneafp08SJJLFPcxStHC6JJGzK7AqsikgBhn81/+CgHwj8Pftq/8FOv+Cb/AIP/AGmvCkd7ZeI/BXjPWPGPhy4jKwXk8WiafetaTx9HhNxGqyQsCroGRgQxFVP+C13w2/4RX9rP9kb9ib4AfsZeD/E/w68b+K/E/iXxF8HbTV7XwlovjTWNM061NnFe3CW7xMIU/e+VJG4n8qOIjhSoB+mPwY/al/Zk/aQN8P2eP2jPAnj3+zCBqX/CF+L7LVPshJwBL9mlfy8kH72Old3X5P2/7IH7evib9uj4CftJfCT/AIJDfDL9m9/AnjFLfx74m8B/F7TLoa14VuU8m9sLiytNPtBcBVKyxli5Ro8KoJBH6wUAfNPgz9sz4kfGj/gpd41/Y++Duj6CfA/wh8D2lz8T/Et/aTTXZ8Ral+807TbQpMkaLHapJPOzLIxLxxgRnLHE/wCCSn7ePxZ/bS+G/wARPB/7Tnhjw7oPxc+D/wAUNV8HeP8AR/C1tPBYs0Eha1vLeO4mmkWGaE8M0jbmikZcKQB5X/wQfaXU/H37bfiPxPk+JJv21/F9pemT/WCwt4rNbFOeTGqNIEPp0rnPjH4h0H/gmj/wXq0r48eJdVh0T4XftZ/DmfSvF2oXD+Xa2XivQIfOtrqZhwvmWP7lRjLPJI2Tg0Ae6eNv28Pi/rP/AAV/8H/8E5fgX4c8N3nhzSPhpe+M/jZr2p2dxNd6bDI4g0y0tHjnjjhneYo7iVJd0MoKhdpJzfh78VP+Cq/7Qn7Jfgb4m/s+fGD9kPVvF95qesR+Mda0r+2dd8LXMEV48VoumzWd6r+aiIVuPMdwJQyqF2kV5v8A8EAfDGvfHHwz8ZP+CsfxH0qaDXv2mfiPcah4djvE/fWXhPTWex0m2OeQQqTZIwHURNjoav8A/BsH/wAoYvhr/wBjB4q/9SLUaAPPPgj+2h/wXn+OP7bHxv8A2ItE1b9kWy1r4GweHJdb1m68F+KDa6iNYsDewiALqhceWg2tvA56ZFfoj8Aofj/b/CPR4f2pNS8HXfjxUm/4SC48AWV3b6Q7edJ5X2eO7kkmUeT5Qbe7ZcORgEAfEP8AwT5/5WAf+ChH/YP+Fn/qNtXvVh+1h+31c/tHt8K73/glN4itvAY8WyaavxSb4u+HGtzpi3DRpqv2AXH2vY0QE3kbPNAbaV3AigDL/Zb/AG4/iz8bv+CoP7Uv7FHivw94dt/CvwQtfBcnhTUNPtJ01C7Or6Sby5+1u8zRyBZBiPy448Lw28819U1+eH/BPn/lYB/4KEf9g/4Wf+o21fQn/BWj9qDVf2Pv+CdvxT+N3hR5T4lh8NtpXg2K25ml1vUHWxsBGo5dhc3ET4HOEbpjIAPOP2e/26f22f2s/wBlz4xftE/s1fBTwL4muNP+L2peG/gTpV/qU+mW2u6JYX0NjPql7dvJIGzIt9IqxJHlbdUwWbNVP+CT/wC3R+3B+0z+0F+0V+zX+3T4L+F+j+JPgnrXh+yg/wCFXR6gbWX+0bS4umEkt7M7TFFSFdyxxDdv4YbTX0B+wL+zBpf7F37Fnwx/ZZ0tIs+CfBtlp+oTQ/duL4Rh7ucf9dLhppPq9fKf/BLH/lL5/wAFDf8AsdvAv/pknoA+2P2g/j18Lf2Xfgl4n/aF+NfiaPSPC3hDSJdR1m/k5KxIOEReryOxVEQcu7qoyWAr48/4I7f8FLv2wf27Pj3+0H8Jv2tvgb4Y+H8nwxk8K3nhjw/pEF0NRtbHXLO8v4YNSkmnkSS6jt0tFfy44QshmBXoF8+/4Kt/HH4ia7/wUI+G/wAGPi9+xP8AH/x38AfhzY2/jbUl+E3wmvvEFt4v8UiVhp9ndvEFiFpZBTctEXYyTGIOhVQa80/4JLft36b44/4La/tevH+yb8dtK/4WzrXgRIBrnwvubY+E/sWhXaE67ub/AIlYn6wGTPmryKAPu34V/tmfEJf+CkfxE/YA+O2iaHZyJ4QsvG3wf1nR7aaE6zoLv9lvYLkSyyKby2vFwTHtDwyo3lptJb6Tr8+v+CgrzaT/AMF3P2BdQ8J5GqalY/Eyy11Yv+W2mJolvKolx0RZcsueC9foLQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAGf4t8JeFvH3hbUvA3jjw7ZaxousWMtlq2lalarPb3ltKhSSGWNwVdGVipUgggkGvjDSP+CE/wAFfh5aTeEv2df23f2oPhR4Kkmd4Ph38P8A4xyQaPZB2LOlstzBPPbKSScRTL14Ir7fooA+TvjP/wAEa/2S/i/+wnpv/BPaz17x34U8FaV4li8QW+reHvE/m60+pLdyXj3Ml5qEd0XkkuJZJHYrnLfLtAAHN+GP+CM+ueGfEuneJH/4K/8A7aupDT76G5Onap8YbGW2uvLcN5UyDTAXjbG1lBGVJGRX2rRQB4z8AP2HPhN+zl+0r8Z/2pvBHiHxFdeIPjnqWkXvi2z1W7geztJNOtZLaAWiRwo8askjF/MeUlgMFRwT9gf9hz4Tf8E6v2atL/ZZ+CfiHxFqnh/SdSv722vPFN3BPeNJd3UlzIGeCGFCoeRguEBCgZJPJ9mooAK8H/bF/wCCfPwx/bK8Q+GvHmufF74oeAPFXhGC6t9B8WfCrx5caJfQwXLRNNC+wNFOjGCP5ZI2HBx1OfeKKAPkf4Jf8Ebf2ffhl+0DoP7Ufxd+Ofxi+N3jfwisv/CF6t8afHf9rR+HXkG2SWztoYYII5CP4zGxBAYEMoYbv7Vn/BKf4A/tQ/G20/ae0b4lfEn4T/E+30kaVdfEL4O+Lv7G1HUtPB3La3YaKWC6jU4x5kTMNqjdhVA+m6KAPCvhj/wT4+DXg79mjxb+yr8VPGnjr4veHPHlzczeL7z4v+LJdav9RE8EMDR+cQnkxqkEflpCsYjYF02sS1eI+F/+CBf7Kthd+F9C+Jv7Qfx2+JPgHwVqMF74U+EXxF+Jbah4Y0+S3/49l+yiBJJ44RgRxzyyIFG0gqSp+46KAPH/AIs/sU/Cv4x/tdfCT9tDxPr/AIgg8U/Bmz1628L2FhdQLp90mr2qWtybpHhaRyqIDH5ckeGyW3jipf2yP2Iv2e/27fhna/DH9oDw3eTx6VqsWq+G9d0TU5bDVdB1GLPlXtldwkSW8y5PIOCDhgw4r1uigD5U+CP/AASl8PfCP4p6D8VfF/7d37TPxLl8NXf2rRtD+I/xbe70yOYIyLJLbW0Futyyhjjz/M555NfVdFFAHyZ8F/2WvjH+zL/wVQ+KHxc+Hng4ah8Ifj54ZsdZ8UXkOoW8Z8NeLtNUW2TbySLLJDfWrhi8SyFZrc7wisGPX/8ABSr/AIJpfs8f8FUf2fbf9nT9o6/8Rafplj4gt9a03V/Cd5Bb6hZXcSSRho5J4JkCtHNKjAoch+MEAj6EooA5j4J/CDwN+z78HfCvwK+GWmGz8O+DvD1nouiWzEFo7W2hWGMMQBubagJbAyST3rhv2Ef2KfhX/wAE9f2ZND/ZS+C+v+INT8O6Beahc2d74ouoJr13vL2a8lDvBDDGQJJ3C4QYUKDk5J9gooA8Z+Dv7Dnwm+CP7YHxj/bX8KeIfEVx4q+N8OgR+K9P1C7gfT7QaRZGztvsiJCskZaM5k8ySTLcrsHFezUUUAfFfxq/4Ik/DX4rftb/ABC/bO8D/tz/ALSHwr8VfE9dKXxbafCnx7Y6VY3I06xisrYbG0+WQ7Y4y3zyN88shG0NtHPan/wRa8anx98NIdZ/4KAfGP4neCPDPxV0rxx4r0X43eLI9anluNIgvDp1vYGC1gWGN7q6WW4Em8SC1gwAU5+9aKAON/aB+EE/x8+D2ufCK2+LXjLwK+tQRxL4s+H2rpYaxp22VJN9tO8cqxsdmwko2Udh3yPjP4S/8G/Xw8+Cvxf1j45eBv8Agpr+13D4h8T6tY6h4xun+KOnD/hI5LQbYFvimlq1wgjzHgtnYzAEZr7+ooAK8b+Bn7EPwo/Z/wD2pfjR+1x4N8QeIbnxJ8dLjQpvFtlqd3A9jaNpNnJaWws0SFJIw0cjGTzJJcsAV2Dg+yUUAfJnw/8A2WfjH8S/+CtPjD9uf46+Dho/hjwB4Cg8DfBGxl1C3uH1Bblxd6rrbJDI5ty7lLSNJNshjidmRMrn6zoooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/9k= Who are the intended users of the model? Who are the intended users of the model? What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance? What are the known tradeoffs in accuracy/performance of the model? The name of the risk Strategy used to address this risk The groups or individuals at risk of being systematically disadvantaged by the model Expected benefits to the identified groups Expected harms to the identified groups With respect to the benefits and harms outlined, please describe any mitigation strategy implemented. valid-machine-learning-considerations-env-1.6.json000066400000000000000000000035531476011761300344440ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ed5c5ba0-2be6-4b58-ac29-01a7fd375123", "version": 1, "components": [ { "bom-ref": "huggingface.co-meta-llama-Llama-2-7b", "group": "meta-llama", "name": "Llama-2-7b", "type": "machine-learning-model", "supplier": { "name": "Hugging Face" }, "publisher": "meta", "externalReferences": [ { "type": "distribution", "url": "https://huggingface.co/meta-llama/Llama-2-7b" } ], "modelCard": { "considerations": { "environmentalConsiderations": { "energyConsumptions": [ { "activity": "training", "energyProviders": [ { "description": "Meta data-center, US-East", "organization": { "name": "Meta", "address": { "country": "United States", "region": "New Jersey", "locality": "Newark" } }, "energySource": "natural-gas", "energyProvided": { "value": 0.4, "unit": "kWh" } } ], "activityEnergyCost": { "value": 0.4, "unit": "kWh" }, "co2CostEquivalent": { "value": 31.22, "unit": "tCO2eq" }, "co2CostOffset": { "value": 31.22, "unit": "tCO2eq" } } ] } } } } ] } valid-machine-learning-considerations-env-1.6.xml000066400000000000000000000053731476011761300342750ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6 Hugging Face meta meta-llama Llama-2-7b https://huggingface.co/meta-llama/Llama-2-7b training Meta data-center, US-East Meta
United States New Jersey Newark
natural-gas 0.4 kWh 0.4 kWh 31.22 tCO2eq 31.22 tCO2eq cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-author-1.6.json000066400000000000000000000006151476011761300305660ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "authors": [ { "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-author-1.6.xml000066400000000000000000000006561476011761300304220ustar00rootroot00000000000000 Samantha Wright samantha.wright@example.com 800-555-1212 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-license-1.6.json000066400000000000000000000007601476011761300307070ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "licenses": [ { "license": { "id": "Apache-2.0" } }, { "license": { "name": "My License", "text": { "content": "My License Text" } } } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-license-1.6.xml000066400000000000000000000007101476011761300305310ustar00rootroot00000000000000 Apache-2.0 My License My License Text cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-lifecycle-1.6.json000066400000000000000000000007641476011761300312300ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "lifecycles": [ { "phase": "build" }, { "phase": "post-build" }, { "name": "platform-integration-testing", "description": "Integration testing specific to the runtime platform" } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-lifecycle-1.6.xml000066400000000000000000000011601476011761300310460ustar00rootroot00000000000000 build post-build platform-integration-testing Integration testing specific to the runtime platform cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-manufacture-1.6.json000066400000000000000000000011111476011761300315660ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "manufacture": { "bom-ref": "manufacturer-1", "name": "Acme, Inc. // deprecated", "url": [ "https://example.com" ], "contact": [ { "bom-ref": "contact-1", "name": "Acme Professional Services", "email": "professional.services@example.com" } ] } }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-manufacture-1.6.xml000066400000000000000000000010471476011761300314250ustar00rootroot00000000000000 Acme, Inc. // deprecated https://example.com Acme Professional Services professional.services@example.com cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-manufacturer-1.6.json000066400000000000000000000010741476011761300317600ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "manufacturer": { "bom-ref": "manufacturer-1", "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "bom-ref": "contact-1", "name": "Acme Professional Services", "email": "professional.services@example.com" } ] } }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-manufacturer-1.6.xml000066400000000000000000000010331476011761300316020ustar00rootroot00000000000000 Acme, Inc. https://example.com Acme Professional Services professional.services@example.com cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-supplier-1.6.json000066400000000000000000000010421476011761300311220ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "supplier": { "bom-ref": "supplier-1", "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { "bom-ref": "contact-1", "name": "Acme Distribution", "email": "distribution@example.com" } ] } }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-supplier-1.6.xml000066400000000000000000000007751476011761300307650ustar00rootroot00000000000000 Acme, Inc. https://example.com Acme Distribution distribution@example.com cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.json000066400000000000000000000004401476011761300312630ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2020-04-13T20:20:39+00:00" }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.xml000066400000000000000000000003761476011761300311220ustar00rootroot00000000000000 2020-04-13T20:20:39Z cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-tool-1.6.json000066400000000000000000000023121476011761300302350ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "tools": { "components": [ { "type": "application", "group": "Awesome Vendor", "name": "Awesome Tool", "version": "9.1.2", "hashes": [ { "alg": "SHA-1", "content": "25ed8e31b995bb927966616df2a42b979a2717f0" }, { "alg": "SHA-256", "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } ] } ], "services": [ { "provider": { "name": "Acme Org", "url": [ "https://example.com" ] }, "group": "com.example", "name": "Acme Signing Server", "description": "Signs artifacts", "endpoints": [ "https://example.com/sign", "https://example.com/verify", "https://example.com/tsa" ] } ] } }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-tool-1.6.xml000066400000000000000000000026771476011761300301020ustar00rootroot00000000000000 Awesome Vendor Awesome Tool 9.1.2 25ed8e31b995bb927966616df2a42b979a2717f0 a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df Acme Org https://example.com com.example Acme Signing Server Signs artifacts https://example.com/sign https://example.com/verify https://example.com/tsa cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-tool-deprecated-1.6.json000066400000000000000000000012351476011761300323360ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "tools": [ { "vendor": "Awesome Vendor", "name": "Awesome Tool", "version": "9.1.2", "hashes": [ { "alg": "SHA-1", "content": "25ed8e31b995bb927966616df2a42b979a2717f0" }, { "alg": "SHA-256", "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } ] } ] }, "components": [] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-metadata-tool-deprecated-1.6.xml000066400000000000000000000012161476011761300321640ustar00rootroot00000000000000 Awesome Vendor Awesome Tool 9.1.2 25ed8e31b995bb927966616df2a42b979a2717f0 a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-minimal-viable-1.6.json000066400000000000000000000004431476011761300303730ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-library" } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-minimal-viable-1.6.xml000066400000000000000000000004311476011761300302170ustar00rootroot00000000000000 acme-library cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-patch-1.6.json000066400000000000000000000047411476011761300266110ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "group": "com.acme", "name": "sample-library", "version": "1.0.0", "pedigree": { "ancestors": [ { "type": "library", "group": "org.example", "name": "sample-library", "version": "1.0.0" } ], "patches": [ { "type": "unofficial", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.acme.org/17240" } } ] }, { "type": "backport", "diff": { "text": { "contentType": "text/plain", "encoding": "base64", "content": "blah" }, "url": "uri/to/changes.diff" }, "resolves": [ { "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", "description": "blah blah", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] }, { "type": "defect", "id": "JIRA-874319", "description": "Enable to do something", "source": { "name": "Example Org", "url": "https://issues.example.org/874319" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] } ] } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-patch-1.6.xml000066400000000000000000000064111476011761300264340ustar00rootroot00000000000000 com.acme sample-library 1.0.0 org.example sample-library 1.0.0 blah uri/to/changes.diff JIRA-17240 Great new feature that does something Acme Org https://issues.acme.org/17240 blah uri/to/changes.diff CVE-2019-9997 CVE-2019-9997 blah blah NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 http://some/other/site-1 http://some/other/site-2 JIRA-874319 Enable to do something Example Org https://issues.example.org/874319 http://some/other/site-1 http://some/other/site-2 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-properties-1.6.json000066400000000000000000000036461476011761300277110ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "properties": [ { "name": "Foo", "value": "Bar" }, { "name": "Foo", "value": "Two" }, { "name": "Bar", "value": "Foo" }, { "name": "value-is-optional" } ] }, "components": [ { "type": "library", "name": "acme-library", "version": "1.0.0", "licenses": [ { "license": { "id": "Apache-2.0", "properties": [ { "name": "Foo", "value": "Bar" }, { "name": "Foo", "value": "Two" }, { "name": "Bar", "value": "Foo" }, { "name": "value-is-optional" } ] } } ], "properties": [ { "name": "Foo", "value": "Bar" }, { "name": "Foo", "value": "Two" }, { "name": "Bar", "value": "Foo" }, { "name": "value-is-optional" } ] } ], "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "group": "org.partner", "name": "Stock ticker service", "endpoints": [ "https://partner.org/api/v1/stock" ], "properties": [ { "name": "Foo", "value": "Bar" }, { "name": "Foo", "value": "Two" }, { "name": "Bar", "value": "Foo" }, { "name": "value-is-optional" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-properties-1.6.xml000066400000000000000000000035201476011761300275270ustar00rootroot00000000000000 Bar Two Foo acme-library 1.0.0 Apache-2.0 Bar Two Foo Bar Two Foo org.partner Stock ticker service https://partner.org/api/v1/stock Bar Two Foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-random-attributes-1.6.xml000066400000000000000000000512021476011761300307770ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 Modified version of Apache Catalina required 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= https://www.apache.org/licenses/LICENSE-2.0.txt pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache Catalina Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe john.doe@example.com 2018-11-07T22:01:45Z Jane Doe jane.doe@example.com Initial commit Commentary here org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false http://example.org/docs All component versions are documented here http://example.org/security com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Some random license pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.json000066400000000000000000000127071476011761300302610ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "acme-example", "version": "1.0.0", "externalReferences": [ { "type": "release-notes", "url": "https://example.com/releases/1.0.0" } ], "releaseNotes": { "type": "major", "title": "My new release", "featuredImage": "https://example.com/featured_image.png", "socialImage": "https://example.com/social_image.png", "description": "The main description of your release", "timestamp": "2021-09-17T00:51:18+00:00", "aliases": [ "Project Orion" ], "tags": [ "CMS", "SEO", "wysiwyg" ], "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.example.com/17240" } }, { "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", "description": "A security issue was fixed that did something bad", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] } ], "notes": [ { "locale": "en-US", "text": { "contentType": "text/html", "encoding": "base64", "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+" } }, { "locale": "es", "text": { "contentType": "text/html", "encoding": "base64", "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4=" } } ] } } ], "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "name": "Partner Org", "url": [ "https://partner.org" ], "contact": [ { "name": "Support", "email": "support@partner.org", "phone": "800-555-1212" } ] }, "group": "org.partner", "name": "Stock ticker service", "version": "2020-Q2", "description": "Provides real-time stock information", "endpoints": [ "https://partner.org/api/v1/lookup", "https://partner.org/api/v1/stock" ], "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "PII", "flow": "inbound" }, { "classification": "PIFI", "flow": "outbound" }, { "classification": "public", "flow": "bi-directional" }, { "classification": "partner-data", "flow": "unknown" } ], "licenses": [ { "license": { "name": "Partner license" } } ], "externalReferences": [ { "type": "website", "url": "http://partner.org" }, { "type": "documentation", "url": "http://api.partner.org/swagger" } ], "releaseNotes": { "type": "major", "title": "My new release", "featuredImage": "https://example.com/featured_image.png", "socialImage": "https://example.com/social_image.png", "description": "The main description of your release", "timestamp": "2021-09-17T00:51:18+00:00", "aliases": [ "Project Orion" ], "tags": [ "CMS", "SEO", "wysiwyg" ], "resolves": [ { "type": "enhancement", "id": "JIRA-17240", "description": "Great new feature that does something", "source": { "name": "Acme Org", "url": "https://issues.example.com/17240" } }, { "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", "description": "A security issue was fixed that did something bad", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" }, "references": [ "http://some/other/site-1", "http://some/other/site-2" ] } ], "notes": [ { "locale": "en-US", "text": { "contentType": "text/html", "encoding": "base64", "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+" } }, { "locale": "es", "text": { "contentType": "text/html", "encoding": "base64", "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4=" } } ] } } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.xml000066400000000000000000000156041476011761300301070ustar00rootroot00000000000000 acme-example 1.0.0 https://example.com/releases/1.0.0 major My new release https://example.com/featured_image.png https://example.com/social_image.png The main description of your release 2021-09-17T00:51:18+00:00 Project Orion CMS SEO wysiwyg JIRA-17240 Great new feature that does something Acme Org https://issues.example.com/17240 CVE-2019-9997 CVE-2019-9997 A security issue was fixed that did something bad NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 http://some/other/site-1 http://some/other/site-2 en-US PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+ es PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4= Partner Org https://partner.org Support support@partner.org 800-555-1212 org.partner Stock ticker service 2020-Q2 Provides real-time stock information https://partner.org/api/v1/lookup https://partner.org/api/v1/stock true true PII PIFI public partner-data Partner license http://partner.org http://api.partner.org/swagger major My new release https://example.com/featured_image.png https://example.com/social_image.png The main description of your release 2021-09-17T00:51:18+00:00 Project Orion CMS SEO wysiwyg JIRA-17240 Great new feature that does something Acme Org https://issues.example.com/17240 CVE-2019-9997 CVE-2019-9997 A security issue was fixed that did something bad NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 http://some/other/site-1 http://some/other/site-2 en-US PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+ es PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4= cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.json000066400000000000000000000224021476011761300271310ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "timestamp": "2021-01-10T12:00:00Z", "component": { "bom-ref": "acme-stock-application", "type": "application", "name": "Acme SaaSBOM Example", "version": "2022-1" } }, "services": [ { "bom-ref": "stock-ticker-service", "provider": { "name": "Acme Inc", "url": [ "https://example.com" ] }, "group": "com.example", "name": "Stock Ticker Service", "version": "2022-1", "endpoints": [ "https://example.com/", "https://example.com/app" ], "authenticated": true, "trustZone": "Acme Public Zone", "data": [ { "name": "Consumer to Stock Service", "description": "Traffic to/from consumer to service", "classification": "Customer", "flow": "bi-directional", "source": [ "https://0.0.0.0" ], "destination": [ "https://0.0.0.0" ] }, { "name": "Stock Service to MS-1", "description": "Traffic to/from stock service to microservice-1", "classification": "PII", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" ] }, { "name": "Stock Service to MS-2", "description": "Traffic to/from stock service to microservice-2", "classification": "PIFI", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" ] }, { "name": "Stock Service to MS-3", "description": "Traffic to/from stock service to microservice-3", "classification": "Public", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" ] } ], "externalReferences": [ { "type": "documentation", "url": "https://example.com/app/swagger" } ], "services": [ { "bom-ref": "ms-1.example.com", "provider": { "name": "Acme Inc", "url": [ "https://example.com" ] }, "group": "com.example", "name": "Microservice 1", "version": "2022-1", "description": "Example Microservice", "endpoints": [ "https://ms-1.example.com" ], "authenticated": true, "trustZone": "Acme Private Zone", "data": [ { "name": "Stock Service to MS-1", "description": "Traffic to/from stock service to microservice-1", "classification": "PII", "flow": "bi-directional", "governance": { "owners": [ { "organization": { "name": "Customer Name" } } ] }, "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" ] }, { "name": "MS-1 to Database", "description": "Traffic to/from microservice-1 to database", "classification": "PII", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" ] } ], "externalReferences": [ { "type": "documentation", "url": "https://ms-1.example.com/swagger" } ] }, { "bom-ref": "ms-2.example.com", "provider": { "name": "Acme Inc", "url": [ "https://example.com" ] }, "group": "com.example", "name": "Microservice 2", "version": "2022-1", "description": "Example Microservice", "endpoints": [ "https://ms-2.example.com" ], "authenticated": true, "trustZone": "Acme Private Zone", "data": [ { "name": "Stock Service to MS-2", "description": "Traffic to/from stock service to microservice-2", "classification": "PIFI", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" ] } ], "externalReferences": [ { "type": "documentation", "url": "https://ms-2.example.com/swagger" } ] }, { "bom-ref": "ms-3.example.com", "provider": { "name": "Acme Inc", "url": [ "https://example.com" ] }, "group": "com.example", "name": "Microservice 3", "version": "2022-1", "description": "Example Microservice", "endpoints": [ "https://ms-3.example.com" ], "authenticated": true, "trustZone": "Acme Private Zone", "data": [ { "name": "Stock Service to MS-3", "description": "Traffic to/from stock service to microservice-3", "classification": "Public", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" ] }, { "name": "MS-3 to S3", "description": "Data pushed from microservice-3 to S3 bucket", "classification": "Public", "flow": "outbound", "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com" ] } ], "externalReferences": [ { "type": "documentation", "url": "https://ms-3.example.com/swagger" } ] }, { "bom-ref": "ms-1-pgsql.example.com", "group": "org.postgresql", "name": "Postgres", "version": "14.1", "description": "Postgres database for Microservice #1", "endpoints": [ "https://ms-1-pgsql.example.com:5432" ], "authenticated": true, "trustZone": "Acme Private Zone", "data": [ { "name": "MS-1 to Database", "description": "Traffic to/from microservice-1 to database", "classification": "PII", "flow": "bi-directional", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" ], "destination": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" ] } ] }, { "bom-ref": "s3-example.amazon.com", "group": "com.amazon", "name": "S3", "description": "S3 bucket", "endpoints": [ "https://s3-example.amazon.com" ], "authenticated": true, "trustZone": "Public Internet", "data": [ { "name": "MS-3 to S3", "description": "Data pushed from microservice-3 to S3 bucket", "classification": "PII", "flow": "inbound", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" ] } ] } ] } ], "dependencies": [ { "ref": "acme-stock-application", "dependsOn": [ "stock-ticker-service" ] }, { "ref": "stock-ticker-service", "dependsOn": [ "ms-1.example.com", "ms-2.example.com", "ms-3.example.com" ] }, { "ref": "ms-1.example.com", "dependsOn": [ "ms-1-pgsql.example.com" ] }, { "ref": "ms-2.example.com", "dependsOn": [ ] }, { "ref": "ms-3.example.com", "dependsOn": [ "s3-example.amazon.com" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.xml000066400000000000000000000306621476011761300267670ustar00rootroot00000000000000 2021-01-10T12:00:00Z Acme SaaSBOM Example 2022-1 Acme Inc https://example.com com.example Stock Ticker Service 2022-1 https://example.com/ https://example.com/app true Acme Public Zone Customer https://0.0.0.0 https://0.0.0.0 PII urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com PIFI urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com Public urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com https://example.com/app/swagger Acme Inc https://example.com com.example Microservice 1 2022-1 Example Microservice https://ms-1.example.com true Acme Private Zone PII Customer Name urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service PII urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com https://ms-1.example.com/swagger Acme Inc https://example.com com.example Microservice 2 2022-1 Example Microservice https://ms-2.example.com true Acme Private Zone PIFI urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service https://ms-2.example.com/swagger Acme Inc https://example.com com.example Microservice 3 2022-1 Example Microservice https://ms-3.example.com true Acme Private Zone Public urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service Public urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com https://ms-3.example.com/swagger org.postgresql Postgres 14.1 Postgres database for Microservice #1 https://ms-1-pgsql.example.com:5432 true Acme Private Zone PII urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com com.amazon S3 S3 bucket https://s3-example.amazon.com true Public Internet PII urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-service-1.6.json000066400000000000000000000045111476011761300271450ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "pkg:maven/com.acme/stock-java-client@1.0.12", "type": "library", "publisher": "Acme Inc", "group": "com.acme", "name": "stock-java-client", "version": "1.0.12", "hashes": [ { "alg": "SHA-1", "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" } ], "licenses": [ { "license": { "id": "Apache-2.0" } } ], "purl": "pkg:maven/com.acme/stock-java-client@1.0.12" } ], "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "name": "Partner Org", "url": [ "https://partner.org" ], "contact": [ { "name": "Support", "email": "support@partner.org", "phone": "800-555-1212" } ] }, "group": "org.partner", "name": "Stock ticker service", "version": "2020-Q2", "description": "Provides real-time stock information", "endpoints": [ "https://partner.org/api/v1/lookup", "https://partner.org/api/v1/stock" ], "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "PII", "flow": "inbound" }, { "classification": "PIFI", "flow": "outbound" }, { "classification": "public", "flow": "bi-directional" }, { "classification": "partner-data", "flow": "unknown" } ], "licenses": [ { "license": { "name": "Partner license" } } ], "externalReferences": [ { "type": "website", "url": "http://partner.org" }, { "type": "documentation", "url": "http://api.partner.org/swagger" } ] } ], "dependencies": [ { "ref": "pkg:maven/com.acme/stock-java-client@1.0.12", "dependsOn": [ "b2a46a4b-8367-4bae-9820-95557cfe03a8" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-service-1.6.xml000066400000000000000000000052661476011761300270040ustar00rootroot00000000000000 Acme Inc com.acme stock-java-client 1.0.12 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a Apache-2.0 pkg:maven/com.acme/stock-java-client@1.0.12 Partner Org https://partner.org Support support@partner.org 800-555-1212 org.partner Stock ticker service 2020-Q2 Provides real-time stock information https://partner.org/api/v1/lookup https://partner.org/api/v1/stock true true PII PIFI public partner-data Partner license http://partner.org http://api.partner.org/swagger cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-service-empty-objects-1.6.json000066400000000000000000000007431476011761300317330ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "services": [ { "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", "provider": { "contact": [ ] }, "name": "Stock ticker service", "endpoints": [ ], "data": [ ], "externalReferences": [ ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-service-empty-objects-1.6.xml000066400000000000000000000007571476011761300315670ustar00rootroot00000000000000 Stock ticker service cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-signatures-1.6.json000066400000000000000000000231051476011761300276710ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "5366293e-0740-4dcf-b1d0-0c1fc26e4981", "type": "application", "name": "amce app", "version": "1.0", "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" ], "value": "tqITqIm0gUMWXIjqDgwqzqPw1CwTUKRewZQ5YpX3VwFMWV68NJgX4npU91cSwSC-MRlx1QfOYwSQkeU26VpXSg" } } ], "services": [ { "bom-ref": "ee10d0a2-baba-4656-a5ac-d49e172a0d3d", "group": "org.partner", "name": "Stock ticker service", "version": "2020-Q2", "endpoints": [ "https://partner.org/api/v1/lookup", "https://partner.org/api/v1/stock" ], "authenticated": true, "x-trust-boundary": true, "data": [ { "classification": "PII", "flow": "inbound" } ], "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" ], "value": "6A77T3RBTAuVpZOgFFFfOvGOQ1hqMbfSQ91VucRM1RIP6QqX9kEF1Pi1_vCl37qpVzK51kIyppgUF_i9s999XA" } } ], "compositions": [ { "aggregate": "complete", "assemblies": [ "5366293e-0740-4dcf-b1d0-0c1fc26e4981", "ee10d0a2-baba-4656-a5ac-d49e172a0d3d" ], "dependencies": [ "5366293e-0740-4dcf-b1d0-0c1fc26e4981" ], "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" ], "value": "lm6wx-elyBTbNMKNF8riooZhvrm6f5j8JpvgP9JtVv50dd7sXQLH7PqJcn9fmKV8eoF8cszPllEsQQhEQOM4hA" } } ], "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" ], "value": "m4pMbQQVV61TlP4Og7a75SeY8lh00LkkUDXZ4PIhXsR512MPRgZmusFYorJlYq9wM3P9n9gM3T8BTg9XdFdQkQ" } } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-standard-1.6.json000066400000000000000000000041051476011761300273040ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "definitions": { "standards": [ { "bom-ref": "standard-1", "name": "Sample Standard", "version": "1.0.0", "description": "Description here", "owner": "Acme Inc", "requirements": [ { "bom-ref": "requirement-1", "identifier": "v1", "title": "Title here" }, { "bom-ref": "requirement-1.1", "identifier": "v1.1", "title": "Title here", "text": "Text here", "descriptions": [ "Requirement is described here", "and here" ], "parent": "requirement-1" }, { "bom-ref": "requirement-1.1.1", "identifier": "v1.1.1", "text": "Text of the requirement here", "descriptions": [ "Supplemental text here" ], "openCre": [ "CRE:616-305" ], "parent": "requirement-1.1" } ], "levels": [ { "bom-ref": "level-1", "identifier": "Level 1", "description": "Description here", "requirements": [ "requirement-1.1.1" ] }, { "bom-ref": "level-2", "identifier": "Level 2", "description": "Description here", "requirements": [ "requirement-1.1.1" ] }, { "bom-ref": "level-3", "identifier": "Level 3", "description": "Description here", "requirements": [ "requirement-1.1.1" ] } ], "signature": { "algorithm": "ES256", "certificatePath": [ "MIIB...", "MIID..." ], "value": "tqIT..." } } ] } } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-standard-1.6.xml000066400000000000000000000057161476011761300271440ustar00rootroot00000000000000 Sample Standard 1.0.0 Description here Acme Inc v1 Title here v1.1 Title here Text here Requirement is described here and here requirement-1 v1.1.1 Text of the requirement here Supplemental text here CRE:616-305 requirement-1.1 Level 1 Description here requirement-1.1.1 Level 2 Description here requirement-1.1.1 Level 3 Description here requirement-1.1.1 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-tags-1.6.json000066400000000000000000000010531476011761300264410ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "type": "library", "name": "my-json-parser", "version": "1.0", "tags": [ "json-parser", "javascript", "node.js" ] } ], "services": [ { "name": "my service", "endpoints": [ "https://example.com/myservice" ], "tags": [ "microservice", "golang", "aws", "us-east-1" ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-tags-1.6.xml000066400000000000000000000015461476011761300262770ustar00rootroot00000000000000 my-json-parser 1.0 json-parser javascript node.js my service https://example.com/myservice microservice golang aws us-east-1 cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.json000066400000000000000000000426221476011761300304030ustar00rootroot00000000000000{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { "bom-ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", "type": "library", "group": "com.fasterxml.jackson.core", "name": "jackson-databind", "version": "2.9.4", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" } ], "vulnerabilities": [ { "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", "source": { "name": "Snyk", "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" }, "references": [ { "id": "CVE-2018-7489", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" } } ], "ratings": [ { "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" }, "score": 9.8, "severity": "critical", "method": "CVSSv3", "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "justification": "An optional reason for rating the vulnerability as it was" } ], "cwes": [ 184, 502 ], "description": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", "detail": "", "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", "workaround": "Describe the workarounds here", "proofOfConcept": { "reproductionSteps": "Precise steps to reproduce go here", "environment": "Describe the environment", "supportingMaterial": [ { "contentType": "image/jpeg", "encoding": "base64", "content": "/9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k=" } ] }, "advisories": [ { "title": "GitHub Commit", "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" }, { "title": "GitHub Issue", "url": "https://github.com/FasterXML/jackson-databind/issues/1931" } ], "created": "2021-01-01T00:00:00.000Z", "published": "2021-01-01T00:00:00.000Z", "updated": "2021-01-01T00:00:00.000Z", "rejected": "2022-01-01T00:00:00.000Z", "credits": { "organizations": [ { "name": "Acme, Inc.", "url": [ "https://example.com" ] } ], "individuals": [ { "name": "Jane Doe", "email": "jane.doe@example.com" } ] }, "tools": { "components": [ { "type": "application", "group": "Snyk", "name": "Snyk CLI (Linux)", "version": "1.729.0", "hashes": [ { "alg": "SHA-256", "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" } ] } ], "services": [ { "provider": { "name": "Acme Inc" }, "name": "Acme BOM Analyzer", "endpoints": [ "https://example.com/analyze" ] } ] }, "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": ["will_not_fix", "update"], "detail": "An optional explanation of why the application is not affected by the vulnerable component.", "firstIssued": "2022-01-01T00:00:00.000Z", "lastUpdated": "2022-02-01T00:00:00.000Z" }, "affects": [ { "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", "versions": [ { "range": "vers:semver/<2.6.7.5", "status": "affected" }, { "range": "vers:semver/2.7.0|<2.8.11.1", "status": "affected" }, { "range": "vers:semver/2.9.0|<2.9.5", "status": "affected" } ] } ], "properties": [ { "name": "Foo", "value": "Bar" }, { "name": "Foo", "value": "You" }, { "name": "Foo", "value": "Two" }, { "name": "Bar", "value": "Foo" } ] } ] } cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.xml000066400000000000000000000460721476011761300302350ustar00rootroot00000000000000 com.fasterxml.jackson.core jackson-databind 2.9.4 pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 Snyk https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 CVE-2018-7489 NVD https://nvd.nist.gov/vuln/detail/CVE-2019-9997 NVD https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0 9.8 critical CVSSv3 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H An optional reason for rating the vulnerability as it was 184 502 FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher. Describe the workarounds here Precise steps to reproduce go here Describe the environment /9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k= GitHub Commit https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2 GitHub Issue https://github.com/FasterXML/jackson-databind/issues/1931 2021-01-01T00:00:00.000Z 2021-01-01T00:00:00.000Z 2021-01-01T00:00:00.000Z 2022-01-01T00:00:00.000Z Acme, Inc. https://example.com Jane Doe jane.doe@example.com Snyk Snyk CLI (Linux) 1.729.0 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d Acme Inc Acme BOM Analyzer https://example.com/analyze not_affected code_not_reachable will_not_fix update An optional explanation of why the application is not affected by the vulnerable component. 2022-01-01T00:00:00.000Z 2022-02-01T00:00:00.000Z pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 vers:semver/<2.6.7.5 affected vers:semver/2.7.0|<2.8.11.1 affected vers:semver/2.9.0|<2.9.5 affected Bar You Two Foo cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/1.6/valid-xml-signature-1.6.xml000066400000000000000000000256551476011761300301470ustar00rootroot00000000000000 Acme Inc com.acme tomcat-catalina 9.0.14 3942447fac867ae5cdb3229b658f4d48 e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 Apache-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar Apache org.apache.tomcat tomcat-catalina 9.0.14 Apache-2.0 pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd 2018-11-07T22:01:45Z John Doe jdoe@example.com 2018-11-07T22:01:45Z John Doe jdoe@example.com Initial commit org.example mylibrary 1.0.0 required 2342c2eaf1feb9a80195dbaddf2ebaa3 68b78babe00a053f9e35ec6a2d9080f5b90122b0 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef Apache-2.0 blah fdaf Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 pkg:maven/com.example/myapplication@1.0.0?packaging=war false com.example myframework 1.0.0 Example Inc, enterprise framework required cfcb0b64aacd2f81c1cd546543de965a 7fbeef2346c45d565c3341f037bce4e088af8a52 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 Apache-2.0 pkg:maven/com.example/myframework@1.0.0?packaging=war false http://example.com/myframework http://example.com/security PrB8/rofGs34XwIX5OIdYSjV2aKSe5VaztJKBvsgjIk= ePGNg30Zl9CW7RZdcRn8gFCp1AlWncjudA9pQDXyqZOvyj9RC2YtkI688WdfDOdVRZs6mflJFXr7 IKA9wY6jVrEqZmlef55Qp/8iGwOjOjWbwYsm2AhrdkUi9gaFSWEd8uITYHOpWbiPFSsnimiK9+ft 56dkg/oJMLdXzlaukzq9iGkRcafRkW433OQcZIXwD2K8lg4cdD0pNNNqBa+PgIvzbxA5H84TyQDB HBcQiw/j1edRBJgPOwlqzZDUawOJaFhAPUQ+GGKMetIJH2FqqrHXGuV1NIwnbWTCg40RdOcBdCrl PDtDVjFh34uZ4dYBpJBIlM4daD2N4B6WPB5iHRyuZTczF2q03ObabuTgkpK6EeadFVqFNsEOOPPt MDDyda+Lwff5KjvUHvRRtUDIOm2rNIQKzaseulwYcA9UWQHAFcupJmWcLLM4zzY7F/uOdZuSurzh U6h5kdb76Juepof6ee4Q5YpwNOGNL5JfB4C3sc/Dbbv8dZ8OuXFYSZN7reUGZzCNksByqERPEbAe n1ldJu1HnRXRQpwaon8Asy9CuNmPfFCfDwOs2B4p4tb+tLNIKFHdRlpd19Zr9vCMCbltXeqq0Cpq OejSyLYGqSWzzzUh449dJrg6KTevrTNEln5GAlLBFSdjM5JA7KV2u/GyDVFwSEW7UKooGN4CtgU= CN=bomsigner,OU=development,O=cyclonedx MIIE+DCCAuCgAwIBAgIEXGzayTANBgkqhkiG9w0BAQsFADA+MRIwEAYDVQQKDAljeWNsb25lZHgx FDASBgNVBAsMC2RldmVsb3BtZW50MRIwEAYDVQQDDAlib21zaWduZXIwHhcNMTkwMjIwMDQ0MjQ5 WhcNNDkwMjIwMDQ0MjQ5WjA+MRIwEAYDVQQKDAljeWNsb25lZHgxFDASBgNVBAsMC2RldmVsb3Bt ZW50MRIwEAYDVQQDDAlib21zaWduZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCo 5JZsM4ZLfWW/dpRlU6CpnItWspddF+bEVDETKVwVj9tGpqR5jURgKS/BOQP2TGUsR3/ZJJBhYRll ONhrUQrVKV/I6wp3Z40qPEa1RJLE+QlG9iL8qBV52CnXkLmnUSax3dspSzmSct5vDiTnvpHG9jr0 AKFeTjy7U9rv8GJybz0ijwlpBoO9JRdYPX2PrrzoSeJLoxKq+GwuyCZ5LhXRN0p1a+NAirTAmY+c G1ZTLkMmfeCUy1t6H/bG4RnYOSSPOvk7Rb68lQpUqb+pbbNuB2o/b9cDwtLLCtGVlu+5Wj8mrytY 3FGFQM20j3yVeRInmGqTTDBelQa/CO4JKqBlmaeYEIvNYbFs9+AlqadivwDO51RpdPo9fPSpsBpy ZMv6S2bXNuUML+Rk99WyKJTPM0PTZhRLZ64ZXEhlz3kQWVoSlrcwwim6sj6LRUb5IRqA3lxRFUI6 NXKyiQLamQp+t3/9OGW9L1rLCcw7yFo0s8LhMTPMiv4ol9/hQViT+8ICzDsr0OM9ZiF4/UagFRlt IClV70cjh1DpsZjzQIRVGaj8uQ/JdtfRz4E43Ki7U0a2Vpho/t6poLVndv46tkX5nYGtMW4WfMoD ZflQ9pajvvKtr2jB1wob6nsU+VTmAcWZy4BCPH+XyfDw/0SFBdUceJJJtPWIeYFDUY7onptf+wID AQABMA0GCSqGSIb3DQEBCwUAA4ICAQCOVariNgK+9OF/5T9ZaSvZbkk45RTmzgQNXtFc5xfRvqwP s+pu/DFXm1R+ltjyS5j3w6NBZUFUI5MqLQr6JEEDrbu8BvfBO57wJNAEATj1JIHEfDfh7BxnBF8f oYFOwbrh4jOt0wz0FW2obsSVmF4GSvS7tTlWqTcsxjdZVmwP40RWu18B9jzv7M61adrWD3ksDA5O amSOsZi3Nt0aacDkyGRdCIEFi0fplxQInXMtD1z3RhXu2JSTAIr54Cei49Bh71kAXSWHMCog/f8a lSrZyqZBty/ACfU9DqlPIM+giHePKm4z2bcdpUdKZk6wcKDn4CvuBOqsMBMg7L05UEyyqTPD/4dk 2GwJ8Nv0E5gsYHCIXF2cZ3OUVsw0mB/ozleEJVDE02uZZN/1wW1Xq028LsMdgN0Wk1WvWyF5MEdh nPWuhqp6tNaDI/kK6XQF+LjYJUzua3AQFOHfYNLKhO6d+bJ4rr0833v4v3cLW34kbXkKb6U3Yv8X SK3jBGCACiPgnc0N6awkh1kDlrZQ7GMsl14c+2+vpl9Lf0sL0mRUIyICfSC8MjlsP/BZH3emyfsk iWivPALomycKqP+PSkt1WaWApGENZWk1wNN99FYSYlt6LViW2p6T97fRx4jPRlHu+wecfD2k9RP4 bt5W2HWfOP0zNAS7SnAVLEl2QZxXKw== qOSWbDOGS31lv3aUZVOgqZyLVrKXXRfmxFQxEylcFY/bRqakeY1EYCkvwTkD9kxlLEd/2SSQYWEZ ZTjYa1EK1SlfyOsKd2eNKjxGtUSSxPkJRvYi/KgVedgp15C5p1Emsd3bKUs5knLebw4k576RxvY6 9AChXk48u1Pa7/Bicm89Io8JaQaDvSUXWD19j6686EniS6MSqvhsLsgmeS4V0TdKdWvjQIq0wJmP nBtWUy5DJn3glMtbeh/2xuEZ2Dkkjzr5O0W+vJUKVKm/qW2zbgdqP2/XA8LSywrRlZbvuVo/Jq8r WNxRhUDNtI98lXkSJ5hqk0wwXpUGvwjuCSqgZZmnmBCLzWGxbPfgJamnYr8AzudUaXT6PXz0qbAa cmTL+ktm1zblDC/kZPfVsiiUzzND02YUS2euGVxIZc95EFlaEpa3MMIpurI+i0VG+SEagN5cURVC OjVysokC2pkKfrd//ThlvS9aywnMO8haNLPC4TEzzIr+KJff4UFYk/vCAsw7K9DjPWYheP1GoBUZ bSApVe9HI4dQ6bGY80CEVRmo/LkPyXbX0c+BONyou1NGtlaYaP7eqaC1Z3b+OrZF+Z2BrTFuFnzK A2X5UPaWo77yra9owdcKG+p7FPlU5gHFmcuAQjx/l8nw8P9EhQXVHHiSSbT1iHmBQ1GO6J6bX/s= AQAB cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/README.md000066400000000000000000000002351476011761300241650ustar00rootroot00000000000000Files in here are taken from They are fetched via [`fetch.sh`](fetch.sh) cyclonedx-python-lib-9.1.0/tests/_data/schemaTestData/fetch.sh000077500000000000000000000013511476011761300243360ustar00rootroot00000000000000#!/usr/bin/env bash set -eux SOURCE_PACKAGE='https://github.com/CycloneDX/specification/archive/refs/heads/master.zip' SOURCE_DIR='specification-master/tools/src/test/resources' THIS_DIR="$(dirname "$0")" TEMP_DIR="$(mktemp -d)" LOCAL_PACKAGE="$TEMP_DIR/source_package.zip" wget -O "$LOCAL_PACKAGE" "$SOURCE_PACKAGE" for SCHEMA_VERSION in '1.6' '1.5' '1.4' '1.3' '1.2' '1.1' '1.0' do unzip -d "$TEMP_DIR" "$LOCAL_PACKAGE" "$SOURCE_DIR/$SCHEMA_VERSION/*" rm -rf "${THIS_DIR:?}/$SCHEMA_VERSION" mkdir -p "$THIS_DIR/$SCHEMA_VERSION" cp -rf "$TEMP_DIR/$SOURCE_DIR/$SCHEMA_VERSION/"*.xml "$THIS_DIR/$SCHEMA_VERSION/" cp -rf "$TEMP_DIR/$SOURCE_DIR/$SCHEMA_VERSION/"*.json "$THIS_DIR/$SCHEMA_VERSION/" || true done rm -rf "${TEMP_DIR:?}" cyclonedx-python-lib-9.1.0/tests/_data/snapshots/000077500000000000000000000000001476011761300220365ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots/.gitattributes000066400000000000000000000002441476011761300247310ustar00rootroot00000000000000# files are compared bype-wise, so they need to be treated as binary xml/** linguist-generated binary diff=xml json/** linguist-generated binary diff=json cyclonedx-python-lib-9.1.0/tests/_data/snapshots/README.md000066400000000000000000000006071476011761300233200ustar00rootroot00000000000000# TEST FIXTURES ## RE-CREATION Some assets here can be (re-)created automatically, by setting the env var `CDX_TEST_RECREATE_SNAPSHOTS=1`. It might also help to set `PYTHONHASHSEED=0`! As a shortcut just run: ```shell CDX_TEST_RECREATE_SNAPSHOTS=1 poetry run tox -e py ``` The files will be written as is, which might not be human-readable. feel free to reformat the files manually. cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentScope-1.0.xml.bin000066400000000000000000000011031476011761300275760ustar00rootroot00000000000000 dummy-EXCLUDED false dummy-OPTIONAL optional false dummy-REQUIRED required false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentScope-1.1.xml.bin000066400000000000000000000012111476011761300275770ustar00rootroot00000000000000 dummy-EXCLUDED excluded dummy-OPTIONAL optional dummy-REQUIRED required cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentScope-1.2.json.bin000066400000000000000000000016201476011761300277550ustar00rootroot00000000000000{ "components": [ { "bom-ref": "scoped-EXCLUDED", "name": "dummy-EXCLUDED", "scope": "excluded", "type": "library", "version": "" }, { "bom-ref": "scoped-OPTIONAL", "name": "dummy-OPTIONAL", "scope": "optional", "type": "library", "version": "" }, { "bom-ref": "scoped-REQUIRED", "name": "dummy-REQUIRED", "scope": "required", "type": "library", "version": "" } ], "dependencies": [ { "ref": "scoped-EXCLUDED" }, { "ref": "scoped-OPTIONAL" }, { "ref": "scoped-REQUIRED" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentScope-1.2.xml.bin000066400000000000000000000015731476011761300276130ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy-EXCLUDED excluded dummy-OPTIONAL optional dummy-REQUIRED required cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentScope-1.3.json.bin000066400000000000000000000016201476011761300277560ustar00rootroot00000000000000{ "components": [ { "bom-ref": "scoped-EXCLUDED", "name": "dummy-EXCLUDED", "scope": "excluded", "type": "library", "version": "" }, { "bom-ref": "scoped-OPTIONAL", "name": "dummy-OPTIONAL", "scope": "optional", "type": "library", "version": "" }, { "bom-ref": "scoped-REQUIRED", "name": "dummy-REQUIRED", "scope": "required", "type": "library", "version": "" } ], "dependencies": [ { "ref": "scoped-EXCLUDED" }, { "ref": "scoped-OPTIONAL" }, { "ref": "scoped-REQUIRED" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentScope-1.3.xml.bin000066400000000000000000000015731476011761300276140ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy-EXCLUDED excluded dummy-OPTIONAL optional dummy-REQUIRED required cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentScope-1.4.json.bin000066400000000000000000000015201476011761300277560ustar00rootroot00000000000000{ "components": [ { "bom-ref": "scoped-EXCLUDED", "name": "dummy-EXCLUDED", "scope": "excluded", "type": "library" }, { "bom-ref": "scoped-OPTIONAL", "name": "dummy-OPTIONAL", "scope": "optional", "type": "library" }, { "bom-ref": "scoped-REQUIRED", "name": "dummy-REQUIRED", "scope": "required", "type": "library" } ], "dependencies": [ { "ref": "scoped-EXCLUDED" }, { "ref": "scoped-OPTIONAL" }, { "ref": "scoped-REQUIRED" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentScope-1.4.xml.bin000066400000000000000000000015101476011761300276040ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy-EXCLUDED excluded dummy-OPTIONAL optional dummy-REQUIRED required cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentScope-1.5.json.bin000066400000000000000000000017301476011761300277620ustar00rootroot00000000000000{ "components": [ { "bom-ref": "scoped-EXCLUDED", "name": "dummy-EXCLUDED", "scope": "excluded", "type": "library" }, { "bom-ref": "scoped-OPTIONAL", "name": "dummy-OPTIONAL", "scope": "optional", "type": "library" }, { "bom-ref": "scoped-REQUIRED", "name": "dummy-REQUIRED", "scope": "required", "type": "library" } ], "dependencies": [ { "ref": "scoped-EXCLUDED" }, { "ref": "scoped-OPTIONAL" }, { "ref": "scoped-REQUIRED" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentScope-1.5.xml.bin000066400000000000000000000016731476011761300276170ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy-EXCLUDED excluded dummy-OPTIONAL optional dummy-REQUIRED required val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentScope-1.6.json.bin000066400000000000000000000017301476011761300277630ustar00rootroot00000000000000{ "components": [ { "bom-ref": "scoped-EXCLUDED", "name": "dummy-EXCLUDED", "scope": "excluded", "type": "library" }, { "bom-ref": "scoped-OPTIONAL", "name": "dummy-OPTIONAL", "scope": "optional", "type": "library" }, { "bom-ref": "scoped-REQUIRED", "name": "dummy-REQUIRED", "scope": "required", "type": "library" } ], "dependencies": [ { "ref": "scoped-EXCLUDED" }, { "ref": "scoped-OPTIONAL" }, { "ref": "scoped-REQUIRED" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentScope-1.6.xml.bin000066400000000000000000000016731476011761300276200ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy-EXCLUDED excluded dummy-OPTIONAL optional dummy-REQUIRED required val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentType-1.0.xml.bin000066400000000000000000000014461476011761300274600ustar00rootroot00000000000000 dummy APPLICATION false dummy DEVICE false dummy FRAMEWORK false dummy LIBRARY false dummy OPERATING_SYSTEM false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentType-1.1.xml.bin000066400000000000000000000016651476011761300274640ustar00rootroot00000000000000 dummy APPLICATION dummy DEVICE dummy FILE dummy FRAMEWORK dummy LIBRARY dummy OPERATING_SYSTEM cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentType-1.2.json.bin000066400000000000000000000032411476011761300276260ustar00rootroot00000000000000{ "components": [ { "bom-ref": "typed-APPLICATION", "name": "dummy APPLICATION", "type": "application", "version": "" }, { "bom-ref": "typed-CONTAINER", "name": "dummy CONTAINER", "type": "container", "version": "" }, { "bom-ref": "typed-DEVICE", "name": "dummy DEVICE", "type": "device", "version": "" }, { "bom-ref": "typed-FILE", "name": "dummy FILE", "type": "file", "version": "" }, { "bom-ref": "typed-FIRMWARE", "name": "dummy FIRMWARE", "type": "firmware", "version": "" }, { "bom-ref": "typed-FRAMEWORK", "name": "dummy FRAMEWORK", "type": "framework", "version": "" }, { "bom-ref": "typed-LIBRARY", "name": "dummy LIBRARY", "type": "library", "version": "" }, { "bom-ref": "typed-OPERATING_SYSTEM", "name": "dummy OPERATING_SYSTEM", "type": "operating-system", "version": "" } ], "dependencies": [ { "ref": "typed-APPLICATION" }, { "ref": "typed-CONTAINER" }, { "ref": "typed-DEVICE" }, { "ref": "typed-FILE" }, { "ref": "typed-FIRMWARE" }, { "ref": "typed-FRAMEWORK" }, { "ref": "typed-LIBRARY" }, { "ref": "typed-OPERATING_SYSTEM" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentType-1.2.xml.bin000066400000000000000000000031521476011761300274560ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy APPLICATION dummy CONTAINER dummy DEVICE dummy FILE dummy FIRMWARE dummy FRAMEWORK dummy LIBRARY dummy OPERATING_SYSTEM cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentType-1.3.json.bin000066400000000000000000000032411476011761300276270ustar00rootroot00000000000000{ "components": [ { "bom-ref": "typed-APPLICATION", "name": "dummy APPLICATION", "type": "application", "version": "" }, { "bom-ref": "typed-CONTAINER", "name": "dummy CONTAINER", "type": "container", "version": "" }, { "bom-ref": "typed-DEVICE", "name": "dummy DEVICE", "type": "device", "version": "" }, { "bom-ref": "typed-FILE", "name": "dummy FILE", "type": "file", "version": "" }, { "bom-ref": "typed-FIRMWARE", "name": "dummy FIRMWARE", "type": "firmware", "version": "" }, { "bom-ref": "typed-FRAMEWORK", "name": "dummy FRAMEWORK", "type": "framework", "version": "" }, { "bom-ref": "typed-LIBRARY", "name": "dummy LIBRARY", "type": "library", "version": "" }, { "bom-ref": "typed-OPERATING_SYSTEM", "name": "dummy OPERATING_SYSTEM", "type": "operating-system", "version": "" } ], "dependencies": [ { "ref": "typed-APPLICATION" }, { "ref": "typed-CONTAINER" }, { "ref": "typed-DEVICE" }, { "ref": "typed-FILE" }, { "ref": "typed-FIRMWARE" }, { "ref": "typed-FRAMEWORK" }, { "ref": "typed-LIBRARY" }, { "ref": "typed-OPERATING_SYSTEM" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentType-1.3.xml.bin000066400000000000000000000031521476011761300274570ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy APPLICATION dummy CONTAINER dummy DEVICE dummy FILE dummy FIRMWARE dummy FRAMEWORK dummy LIBRARY dummy OPERATING_SYSTEM cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentType-1.4.json.bin000066400000000000000000000027701476011761300276360ustar00rootroot00000000000000{ "components": [ { "bom-ref": "typed-APPLICATION", "name": "dummy APPLICATION", "type": "application" }, { "bom-ref": "typed-CONTAINER", "name": "dummy CONTAINER", "type": "container" }, { "bom-ref": "typed-DEVICE", "name": "dummy DEVICE", "type": "device" }, { "bom-ref": "typed-FILE", "name": "dummy FILE", "type": "file" }, { "bom-ref": "typed-FIRMWARE", "name": "dummy FIRMWARE", "type": "firmware" }, { "bom-ref": "typed-FRAMEWORK", "name": "dummy FRAMEWORK", "type": "framework" }, { "bom-ref": "typed-LIBRARY", "name": "dummy LIBRARY", "type": "library" }, { "bom-ref": "typed-OPERATING_SYSTEM", "name": "dummy OPERATING_SYSTEM", "type": "operating-system" } ], "dependencies": [ { "ref": "typed-APPLICATION" }, { "ref": "typed-CONTAINER" }, { "ref": "typed-DEVICE" }, { "ref": "typed-FILE" }, { "ref": "typed-FIRMWARE" }, { "ref": "typed-FRAMEWORK" }, { "ref": "typed-LIBRARY" }, { "ref": "typed-OPERATING_SYSTEM" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentType-1.4.xml.bin000066400000000000000000000027421476011761300274640ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy APPLICATION dummy CONTAINER dummy DEVICE dummy FILE dummy FIRMWARE dummy FRAMEWORK dummy LIBRARY dummy OPERATING_SYSTEM cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentType-1.5.json.bin000066400000000000000000000044141476011761300276340ustar00rootroot00000000000000{ "components": [ { "bom-ref": "typed-APPLICATION", "name": "dummy APPLICATION", "type": "application" }, { "bom-ref": "typed-CONTAINER", "name": "dummy CONTAINER", "type": "container" }, { "bom-ref": "typed-DATA", "name": "dummy DATA", "type": "data" }, { "bom-ref": "typed-DEVICE", "name": "dummy DEVICE", "type": "device" }, { "bom-ref": "typed-DEVICE_DRIVER", "name": "dummy DEVICE_DRIVER", "type": "device-driver" }, { "bom-ref": "typed-FILE", "name": "dummy FILE", "type": "file" }, { "bom-ref": "typed-FIRMWARE", "name": "dummy FIRMWARE", "type": "firmware" }, { "bom-ref": "typed-FRAMEWORK", "name": "dummy FRAMEWORK", "type": "framework" }, { "bom-ref": "typed-LIBRARY", "name": "dummy LIBRARY", "type": "library" }, { "bom-ref": "typed-MACHINE_LEARNING_MODEL", "name": "dummy MACHINE_LEARNING_MODEL", "type": "machine-learning-model" }, { "bom-ref": "typed-OPERATING_SYSTEM", "name": "dummy OPERATING_SYSTEM", "type": "operating-system" }, { "bom-ref": "typed-PLATFORM", "name": "dummy PLATFORM", "type": "platform" } ], "dependencies": [ { "ref": "typed-APPLICATION" }, { "ref": "typed-CONTAINER" }, { "ref": "typed-DATA" }, { "ref": "typed-DEVICE" }, { "ref": "typed-DEVICE_DRIVER" }, { "ref": "typed-FILE" }, { "ref": "typed-FIRMWARE" }, { "ref": "typed-FRAMEWORK" }, { "ref": "typed-LIBRARY" }, { "ref": "typed-MACHINE_LEARNING_MODEL" }, { "ref": "typed-OPERATING_SYSTEM" }, { "ref": "typed-PLATFORM" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentType-1.5.xml.bin000066400000000000000000000043351476011761300274650ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy APPLICATION dummy CONTAINER dummy DATA dummy DEVICE dummy DEVICE_DRIVER dummy FILE dummy FIRMWARE dummy FRAMEWORK dummy LIBRARY dummy MACHINE_LEARNING_MODEL dummy OPERATING_SYSTEM dummy PLATFORM val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentType-1.6.json.bin000066400000000000000000000047141476011761300276400ustar00rootroot00000000000000{ "components": [ { "bom-ref": "typed-APPLICATION", "name": "dummy APPLICATION", "type": "application" }, { "bom-ref": "typed-CONTAINER", "name": "dummy CONTAINER", "type": "container" }, { "bom-ref": "typed-CRYPTOGRAPHIC_ASSET", "name": "dummy CRYPTOGRAPHIC_ASSET", "type": "cryptographic-asset" }, { "bom-ref": "typed-DATA", "name": "dummy DATA", "type": "data" }, { "bom-ref": "typed-DEVICE", "name": "dummy DEVICE", "type": "device" }, { "bom-ref": "typed-DEVICE_DRIVER", "name": "dummy DEVICE_DRIVER", "type": "device-driver" }, { "bom-ref": "typed-FILE", "name": "dummy FILE", "type": "file" }, { "bom-ref": "typed-FIRMWARE", "name": "dummy FIRMWARE", "type": "firmware" }, { "bom-ref": "typed-FRAMEWORK", "name": "dummy FRAMEWORK", "type": "framework" }, { "bom-ref": "typed-LIBRARY", "name": "dummy LIBRARY", "type": "library" }, { "bom-ref": "typed-MACHINE_LEARNING_MODEL", "name": "dummy MACHINE_LEARNING_MODEL", "type": "machine-learning-model" }, { "bom-ref": "typed-OPERATING_SYSTEM", "name": "dummy OPERATING_SYSTEM", "type": "operating-system" }, { "bom-ref": "typed-PLATFORM", "name": "dummy PLATFORM", "type": "platform" } ], "dependencies": [ { "ref": "typed-APPLICATION" }, { "ref": "typed-CONTAINER" }, { "ref": "typed-CRYPTOGRAPHIC_ASSET" }, { "ref": "typed-DATA" }, { "ref": "typed-DEVICE" }, { "ref": "typed-DEVICE_DRIVER" }, { "ref": "typed-FILE" }, { "ref": "typed-FIRMWARE" }, { "ref": "typed-FRAMEWORK" }, { "ref": "typed-LIBRARY" }, { "ref": "typed-MACHINE_LEARNING_MODEL" }, { "ref": "typed-OPERATING_SYSTEM" }, { "ref": "typed-PLATFORM" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ComponentType-1.6.xml.bin000066400000000000000000000046341476011761300274700ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy APPLICATION dummy CONTAINER dummy CRYPTOGRAPHIC_ASSET dummy DATA dummy DEVICE dummy DEVICE_DRIVER dummy FILE dummy FIRMWARE dummy FRAMEWORK dummy LIBRARY dummy MACHINE_LEARNING_MODEL dummy OPERATING_SYSTEM dummy PLATFORM val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_DataFlow-1.0.xml.bin000066400000000000000000000001541476011761300263500ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_DataFlow-1.1.xml.bin000066400000000000000000000002511476011761300263470ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_DataFlow-1.2.json.bin000066400000000000000000000014461476011761300265300ustar00rootroot00000000000000{ "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "dummy", "data": [ { "classification": "BI_DIRECTIONAL", "flow": "bi-directional" }, { "classification": "INBOUND", "flow": "inbound" }, { "classification": "OUTBOUND", "flow": "outbound" }, { "classification": "UNKNOWN", "flow": "unknown" } ], "name": "dummy" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_DataFlow-1.2.xml.bin000066400000000000000000000012751476011761300263570ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy BI_DIRECTIONAL INBOUND OUTBOUND UNKNOWN cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_DataFlow-1.3.json.bin000066400000000000000000000014461476011761300265310ustar00rootroot00000000000000{ "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "dummy", "data": [ { "classification": "BI_DIRECTIONAL", "flow": "bi-directional" }, { "classification": "INBOUND", "flow": "inbound" }, { "classification": "OUTBOUND", "flow": "outbound" }, { "classification": "UNKNOWN", "flow": "unknown" } ], "name": "dummy" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_DataFlow-1.3.xml.bin000066400000000000000000000012751476011761300263600ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy BI_DIRECTIONAL INBOUND OUTBOUND UNKNOWN cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_DataFlow-1.4.json.bin000066400000000000000000000014451476011761300265310ustar00rootroot00000000000000{ "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "dummy", "data": [ { "classification": "BI_DIRECTIONAL", "flow": "bi-directional" }, { "classification": "INBOUND", "flow": "inbound" }, { "classification": "OUTBOUND", "flow": "outbound" }, { "classification": "UNKNOWN", "flow": "unknown" } ], "name": "dummy" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_DataFlow-1.4.xml.bin000066400000000000000000000012751476011761300263610ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy BI_DIRECTIONAL INBOUND OUTBOUND UNKNOWN cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_DataFlow-1.5.json.bin000066400000000000000000000016551476011761300265350ustar00rootroot00000000000000{ "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "dummy", "data": [ { "classification": "BI_DIRECTIONAL", "flow": "bi-directional" }, { "classification": "INBOUND", "flow": "inbound" }, { "classification": "OUTBOUND", "flow": "outbound" }, { "classification": "UNKNOWN", "flow": "unknown" } ], "name": "dummy" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_DataFlow-1.5.xml.bin000066400000000000000000000014601476011761300263560ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy BI_DIRECTIONAL INBOUND OUTBOUND UNKNOWN val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_DataFlow-1.6.json.bin000066400000000000000000000016551476011761300265360ustar00rootroot00000000000000{ "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "dummy", "data": [ { "classification": "BI_DIRECTIONAL", "flow": "bi-directional" }, { "classification": "INBOUND", "flow": "inbound" }, { "classification": "OUTBOUND", "flow": "outbound" }, { "classification": "UNKNOWN", "flow": "unknown" } ], "name": "dummy" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_DataFlow-1.6.xml.bin000066400000000000000000000014601476011761300263570ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy BI_DIRECTIONAL INBOUND OUTBOUND UNKNOWN val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_Encoding-1.0.xml.bin000066400000000000000000000003661476011761300264020ustar00rootroot00000000000000 dummy false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_Encoding-1.1.xml.bin000066400000000000000000000007601476011761300264010ustar00rootroot00000000000000 dummy att.encoding: BASE_64 att.encoding: BASE_64 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_Encoding-1.2.json.bin000066400000000000000000000013631476011761300265530ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "licenses": [ { "license": { "name": "att.encoding: BASE_64", "text": { "content": "att.encoding: BASE_64", "contentType": "text/plain", "encoding": "base64" } } } ], "name": "dummy", "type": "library", "version": "" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_Encoding-1.2.xml.bin000066400000000000000000000012101476011761300263710ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy att.encoding: BASE_64 att.encoding: BASE_64 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_Encoding-1.3.json.bin000066400000000000000000000013631476011761300265540ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "licenses": [ { "license": { "name": "att.encoding: BASE_64", "text": { "content": "att.encoding: BASE_64", "contentType": "text/plain", "encoding": "base64" } } } ], "name": "dummy", "type": "library", "version": "" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_Encoding-1.3.xml.bin000066400000000000000000000012101476011761300263720ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy att.encoding: BASE_64 att.encoding: BASE_64 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_Encoding-1.4.json.bin000066400000000000000000000013351476011761300265540ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "licenses": [ { "license": { "name": "att.encoding: BASE_64", "text": { "content": "att.encoding: BASE_64", "contentType": "text/plain", "encoding": "base64" } } } ], "name": "dummy", "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_Encoding-1.4.xml.bin000066400000000000000000000011671476011761300264060ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy att.encoding: BASE_64 att.encoding: BASE_64 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_Encoding-1.5.json.bin000066400000000000000000000015451476011761300265600ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "licenses": [ { "license": { "name": "att.encoding: BASE_64", "text": { "content": "att.encoding: BASE_64", "contentType": "text/plain", "encoding": "base64" } } } ], "name": "dummy", "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_Encoding-1.5.xml.bin000066400000000000000000000013521476011761300264030ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy att.encoding: BASE_64 att.encoding: BASE_64 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_Encoding-1.6.json.bin000066400000000000000000000015451476011761300265610ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "licenses": [ { "license": { "name": "att.encoding: BASE_64", "text": { "content": "att.encoding: BASE_64", "contentType": "text/plain", "encoding": "base64" } } } ], "name": "dummy", "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_Encoding-1.6.xml.bin000066400000000000000000000013521476011761300264040ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy att.encoding: BASE_64 att.encoding: BASE_64 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ExternalReferenceType-1.0.xml.bin000066400000000000000000000003661476011761300311170ustar00rootroot00000000000000 dummy false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ExternalReferenceType-1.1.xml.bin000066400000000000000000000106051476011761300311150ustar00rootroot00000000000000 dummy tests/ADVERSARY_MODEL tests/ADVISORIES tests/ATTESTATION tests/BOM tests/BUILD_META tests/BUILD_SYSTEM tests/CERTIFICATION_REPORT tests/CHAT tests/CODIFIED_INFRASTRUCTURE tests/COMPONENT_ANALYSIS_REPORT tests/CONFIGURATION tests/DIGITAL_SIGNATURE tests/DISTRIBUTION tests/DISTRIBUTION_INTAKE tests/DOCUMENTATION tests/DYNAMIC_ANALYSIS_REPORT tests/ELECTRONIC_SIGNATURE tests/EVIDENCE tests/EXPLOITABILITY_STATEMENT tests/FORMULATION tests/ISSUE_TRACKER tests/LICENSE tests/LOG tests/MAILING_LIST tests/MATURITY_REPORT tests/MODEL_CARD tests/OTHER tests/PENTEST_REPORT tests/POAM tests/QUALITY_METRICS tests/RELEASE_NOTES tests/RFC_9166 tests/RISK_ASSESSMENT tests/RUNTIME_ANALYSIS_REPORT tests/SECURITY_CONTACT tests/SOCIAL tests/SOURCE_DISTRIBUTION tests/STATIC_ANALYSIS_REPORT tests/SUPPORT tests/THREAT_MODEL tests/SCM tests/VULNERABILITY_ASSERTION tests/WEBSITE cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ExternalReferenceType-1.2.json.bin000066400000000000000000000103101476011761300312600ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "externalReferences": [ { "type": "other", "url": "tests/ADVERSARY_MODEL" }, { "type": "advisories", "url": "tests/ADVISORIES" }, { "type": "other", "url": "tests/ATTESTATION" }, { "type": "bom", "url": "tests/BOM" }, { "type": "build-meta", "url": "tests/BUILD_META" }, { "type": "build-system", "url": "tests/BUILD_SYSTEM" }, { "type": "other", "url": "tests/CERTIFICATION_REPORT" }, { "type": "chat", "url": "tests/CHAT" }, { "type": "other", "url": "tests/CODIFIED_INFRASTRUCTURE" }, { "type": "other", "url": "tests/COMPONENT_ANALYSIS_REPORT" }, { "type": "other", "url": "tests/CONFIGURATION" }, { "type": "other", "url": "tests/DIGITAL_SIGNATURE" }, { "type": "distribution", "url": "tests/DISTRIBUTION" }, { "type": "other", "url": "tests/DISTRIBUTION_INTAKE" }, { "type": "documentation", "url": "tests/DOCUMENTATION" }, { "type": "other", "url": "tests/DYNAMIC_ANALYSIS_REPORT" }, { "type": "other", "url": "tests/ELECTRONIC_SIGNATURE" }, { "type": "other", "url": "tests/EVIDENCE" }, { "type": "other", "url": "tests/EXPLOITABILITY_STATEMENT" }, { "type": "other", "url": "tests/FORMULATION" }, { "type": "issue-tracker", "url": "tests/ISSUE_TRACKER" }, { "type": "license", "url": "tests/LICENSE" }, { "type": "other", "url": "tests/LOG" }, { "type": "mailing-list", "url": "tests/MAILING_LIST" }, { "type": "other", "url": "tests/MATURITY_REPORT" }, { "type": "other", "url": "tests/MODEL_CARD" }, { "type": "other", "url": "tests/OTHER" }, { "type": "other", "url": "tests/PENTEST_REPORT" }, { "type": "other", "url": "tests/POAM" }, { "type": "other", "url": "tests/QUALITY_METRICS" }, { "type": "other", "url": "tests/RELEASE_NOTES" }, { "type": "other", "url": "tests/RFC_9166" }, { "type": "other", "url": "tests/RISK_ASSESSMENT" }, { "type": "other", "url": "tests/RUNTIME_ANALYSIS_REPORT" }, { "type": "other", "url": "tests/SECURITY_CONTACT" }, { "type": "social", "url": "tests/SOCIAL" }, { "type": "other", "url": "tests/SOURCE_DISTRIBUTION" }, { "type": "other", "url": "tests/STATIC_ANALYSIS_REPORT" }, { "type": "support", "url": "tests/SUPPORT" }, { "type": "other", "url": "tests/THREAT_MODEL" }, { "type": "vcs", "url": "tests/SCM" }, { "type": "other", "url": "tests/VULNERABILITY_ASSERTION" }, { "type": "website", "url": "tests/WEBSITE" } ], "name": "dummy", "type": "library", "version": "" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ExternalReferenceType-1.2.xml.bin000066400000000000000000000110351476011761300311140ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy tests/ADVERSARY_MODEL tests/ADVISORIES tests/ATTESTATION tests/BOM tests/BUILD_META tests/BUILD_SYSTEM tests/CERTIFICATION_REPORT tests/CHAT tests/CODIFIED_INFRASTRUCTURE tests/COMPONENT_ANALYSIS_REPORT tests/CONFIGURATION tests/DIGITAL_SIGNATURE tests/DISTRIBUTION tests/DISTRIBUTION_INTAKE tests/DOCUMENTATION tests/DYNAMIC_ANALYSIS_REPORT tests/ELECTRONIC_SIGNATURE tests/EVIDENCE tests/EXPLOITABILITY_STATEMENT tests/FORMULATION tests/ISSUE_TRACKER tests/LICENSE tests/LOG tests/MAILING_LIST tests/MATURITY_REPORT tests/MODEL_CARD tests/OTHER tests/PENTEST_REPORT tests/POAM tests/QUALITY_METRICS tests/RELEASE_NOTES tests/RFC_9166 tests/RISK_ASSESSMENT tests/RUNTIME_ANALYSIS_REPORT tests/SECURITY_CONTACT tests/SOCIAL tests/SOURCE_DISTRIBUTION tests/STATIC_ANALYSIS_REPORT tests/SUPPORT tests/THREAT_MODEL tests/SCM tests/VULNERABILITY_ASSERTION tests/WEBSITE cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ExternalReferenceType-1.3.json.bin000066400000000000000000000103101476011761300312610ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "externalReferences": [ { "type": "other", "url": "tests/ADVERSARY_MODEL" }, { "type": "advisories", "url": "tests/ADVISORIES" }, { "type": "other", "url": "tests/ATTESTATION" }, { "type": "bom", "url": "tests/BOM" }, { "type": "build-meta", "url": "tests/BUILD_META" }, { "type": "build-system", "url": "tests/BUILD_SYSTEM" }, { "type": "other", "url": "tests/CERTIFICATION_REPORT" }, { "type": "chat", "url": "tests/CHAT" }, { "type": "other", "url": "tests/CODIFIED_INFRASTRUCTURE" }, { "type": "other", "url": "tests/COMPONENT_ANALYSIS_REPORT" }, { "type": "other", "url": "tests/CONFIGURATION" }, { "type": "other", "url": "tests/DIGITAL_SIGNATURE" }, { "type": "distribution", "url": "tests/DISTRIBUTION" }, { "type": "other", "url": "tests/DISTRIBUTION_INTAKE" }, { "type": "documentation", "url": "tests/DOCUMENTATION" }, { "type": "other", "url": "tests/DYNAMIC_ANALYSIS_REPORT" }, { "type": "other", "url": "tests/ELECTRONIC_SIGNATURE" }, { "type": "other", "url": "tests/EVIDENCE" }, { "type": "other", "url": "tests/EXPLOITABILITY_STATEMENT" }, { "type": "other", "url": "tests/FORMULATION" }, { "type": "issue-tracker", "url": "tests/ISSUE_TRACKER" }, { "type": "license", "url": "tests/LICENSE" }, { "type": "other", "url": "tests/LOG" }, { "type": "mailing-list", "url": "tests/MAILING_LIST" }, { "type": "other", "url": "tests/MATURITY_REPORT" }, { "type": "other", "url": "tests/MODEL_CARD" }, { "type": "other", "url": "tests/OTHER" }, { "type": "other", "url": "tests/PENTEST_REPORT" }, { "type": "other", "url": "tests/POAM" }, { "type": "other", "url": "tests/QUALITY_METRICS" }, { "type": "other", "url": "tests/RELEASE_NOTES" }, { "type": "other", "url": "tests/RFC_9166" }, { "type": "other", "url": "tests/RISK_ASSESSMENT" }, { "type": "other", "url": "tests/RUNTIME_ANALYSIS_REPORT" }, { "type": "other", "url": "tests/SECURITY_CONTACT" }, { "type": "social", "url": "tests/SOCIAL" }, { "type": "other", "url": "tests/SOURCE_DISTRIBUTION" }, { "type": "other", "url": "tests/STATIC_ANALYSIS_REPORT" }, { "type": "support", "url": "tests/SUPPORT" }, { "type": "other", "url": "tests/THREAT_MODEL" }, { "type": "vcs", "url": "tests/SCM" }, { "type": "other", "url": "tests/VULNERABILITY_ASSERTION" }, { "type": "website", "url": "tests/WEBSITE" } ], "name": "dummy", "type": "library", "version": "" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ExternalReferenceType-1.3.xml.bin000066400000000000000000000110351476011761300311150ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy tests/ADVERSARY_MODEL tests/ADVISORIES tests/ATTESTATION tests/BOM tests/BUILD_META tests/BUILD_SYSTEM tests/CERTIFICATION_REPORT tests/CHAT tests/CODIFIED_INFRASTRUCTURE tests/COMPONENT_ANALYSIS_REPORT tests/CONFIGURATION tests/DIGITAL_SIGNATURE tests/DISTRIBUTION tests/DISTRIBUTION_INTAKE tests/DOCUMENTATION tests/DYNAMIC_ANALYSIS_REPORT tests/ELECTRONIC_SIGNATURE tests/EVIDENCE tests/EXPLOITABILITY_STATEMENT tests/FORMULATION tests/ISSUE_TRACKER tests/LICENSE tests/LOG tests/MAILING_LIST tests/MATURITY_REPORT tests/MODEL_CARD tests/OTHER tests/PENTEST_REPORT tests/POAM tests/QUALITY_METRICS tests/RELEASE_NOTES tests/RFC_9166 tests/RISK_ASSESSMENT tests/RUNTIME_ANALYSIS_REPORT tests/SECURITY_CONTACT tests/SOCIAL tests/SOURCE_DISTRIBUTION tests/STATIC_ANALYSIS_REPORT tests/SUPPORT tests/THREAT_MODEL tests/SCM tests/VULNERABILITY_ASSERTION tests/WEBSITE cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ExternalReferenceType-1.4.json.bin000066400000000000000000000102721476011761300312710ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "externalReferences": [ { "type": "other", "url": "tests/ADVERSARY_MODEL" }, { "type": "advisories", "url": "tests/ADVISORIES" }, { "type": "other", "url": "tests/ATTESTATION" }, { "type": "bom", "url": "tests/BOM" }, { "type": "build-meta", "url": "tests/BUILD_META" }, { "type": "build-system", "url": "tests/BUILD_SYSTEM" }, { "type": "other", "url": "tests/CERTIFICATION_REPORT" }, { "type": "chat", "url": "tests/CHAT" }, { "type": "other", "url": "tests/CODIFIED_INFRASTRUCTURE" }, { "type": "other", "url": "tests/COMPONENT_ANALYSIS_REPORT" }, { "type": "other", "url": "tests/CONFIGURATION" }, { "type": "other", "url": "tests/DIGITAL_SIGNATURE" }, { "type": "distribution", "url": "tests/DISTRIBUTION" }, { "type": "other", "url": "tests/DISTRIBUTION_INTAKE" }, { "type": "documentation", "url": "tests/DOCUMENTATION" }, { "type": "other", "url": "tests/DYNAMIC_ANALYSIS_REPORT" }, { "type": "other", "url": "tests/ELECTRONIC_SIGNATURE" }, { "type": "other", "url": "tests/EVIDENCE" }, { "type": "other", "url": "tests/EXPLOITABILITY_STATEMENT" }, { "type": "other", "url": "tests/FORMULATION" }, { "type": "issue-tracker", "url": "tests/ISSUE_TRACKER" }, { "type": "license", "url": "tests/LICENSE" }, { "type": "other", "url": "tests/LOG" }, { "type": "mailing-list", "url": "tests/MAILING_LIST" }, { "type": "other", "url": "tests/MATURITY_REPORT" }, { "type": "other", "url": "tests/MODEL_CARD" }, { "type": "other", "url": "tests/OTHER" }, { "type": "other", "url": "tests/PENTEST_REPORT" }, { "type": "other", "url": "tests/POAM" }, { "type": "other", "url": "tests/QUALITY_METRICS" }, { "type": "release-notes", "url": "tests/RELEASE_NOTES" }, { "type": "other", "url": "tests/RFC_9166" }, { "type": "other", "url": "tests/RISK_ASSESSMENT" }, { "type": "other", "url": "tests/RUNTIME_ANALYSIS_REPORT" }, { "type": "other", "url": "tests/SECURITY_CONTACT" }, { "type": "social", "url": "tests/SOCIAL" }, { "type": "other", "url": "tests/SOURCE_DISTRIBUTION" }, { "type": "other", "url": "tests/STATIC_ANALYSIS_REPORT" }, { "type": "support", "url": "tests/SUPPORT" }, { "type": "other", "url": "tests/THREAT_MODEL" }, { "type": "vcs", "url": "tests/SCM" }, { "type": "other", "url": "tests/VULNERABILITY_ASSERTION" }, { "type": "website", "url": "tests/WEBSITE" } ], "name": "dummy", "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ExternalReferenceType-1.4.xml.bin000066400000000000000000000110241476011761300311140ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy tests/ADVERSARY_MODEL tests/ADVISORIES tests/ATTESTATION tests/BOM tests/BUILD_META tests/BUILD_SYSTEM tests/CERTIFICATION_REPORT tests/CHAT tests/CODIFIED_INFRASTRUCTURE tests/COMPONENT_ANALYSIS_REPORT tests/CONFIGURATION tests/DIGITAL_SIGNATURE tests/DISTRIBUTION tests/DISTRIBUTION_INTAKE tests/DOCUMENTATION tests/DYNAMIC_ANALYSIS_REPORT tests/ELECTRONIC_SIGNATURE tests/EVIDENCE tests/EXPLOITABILITY_STATEMENT tests/FORMULATION tests/ISSUE_TRACKER tests/LICENSE tests/LOG tests/MAILING_LIST tests/MATURITY_REPORT tests/MODEL_CARD tests/OTHER tests/PENTEST_REPORT tests/POAM tests/QUALITY_METRICS tests/RELEASE_NOTES tests/RFC_9166 tests/RISK_ASSESSMENT tests/RUNTIME_ANALYSIS_REPORT tests/SECURITY_CONTACT tests/SOCIAL tests/SOURCE_DISTRIBUTION tests/STATIC_ANALYSIS_REPORT tests/SUPPORT tests/THREAT_MODEL tests/SCM tests/VULNERABILITY_ASSERTION tests/WEBSITE cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ExternalReferenceType-1.5.json.bin000066400000000000000000000110731476011761300312720ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "externalReferences": [ { "type": "adversary-model", "url": "tests/ADVERSARY_MODEL" }, { "type": "advisories", "url": "tests/ADVISORIES" }, { "type": "attestation", "url": "tests/ATTESTATION" }, { "type": "bom", "url": "tests/BOM" }, { "type": "build-meta", "url": "tests/BUILD_META" }, { "type": "build-system", "url": "tests/BUILD_SYSTEM" }, { "type": "certification-report", "url": "tests/CERTIFICATION_REPORT" }, { "type": "chat", "url": "tests/CHAT" }, { "type": "codified-infrastructure", "url": "tests/CODIFIED_INFRASTRUCTURE" }, { "type": "component-analysis-report", "url": "tests/COMPONENT_ANALYSIS_REPORT" }, { "type": "configuration", "url": "tests/CONFIGURATION" }, { "type": "other", "url": "tests/DIGITAL_SIGNATURE" }, { "type": "distribution", "url": "tests/DISTRIBUTION" }, { "type": "distribution-intake", "url": "tests/DISTRIBUTION_INTAKE" }, { "type": "documentation", "url": "tests/DOCUMENTATION" }, { "type": "dynamic-analysis-report", "url": "tests/DYNAMIC_ANALYSIS_REPORT" }, { "type": "other", "url": "tests/ELECTRONIC_SIGNATURE" }, { "type": "evidence", "url": "tests/EVIDENCE" }, { "type": "exploitability-statement", "url": "tests/EXPLOITABILITY_STATEMENT" }, { "type": "formulation", "url": "tests/FORMULATION" }, { "type": "issue-tracker", "url": "tests/ISSUE_TRACKER" }, { "type": "license", "url": "tests/LICENSE" }, { "type": "log", "url": "tests/LOG" }, { "type": "mailing-list", "url": "tests/MAILING_LIST" }, { "type": "maturity-report", "url": "tests/MATURITY_REPORT" }, { "type": "model-card", "url": "tests/MODEL_CARD" }, { "type": "other", "url": "tests/OTHER" }, { "type": "pentest-report", "url": "tests/PENTEST_REPORT" }, { "type": "poam", "url": "tests/POAM" }, { "type": "quality-metrics", "url": "tests/QUALITY_METRICS" }, { "type": "release-notes", "url": "tests/RELEASE_NOTES" }, { "type": "other", "url": "tests/RFC_9166" }, { "type": "risk-assessment", "url": "tests/RISK_ASSESSMENT" }, { "type": "runtime-analysis-report", "url": "tests/RUNTIME_ANALYSIS_REPORT" }, { "type": "security-contact", "url": "tests/SECURITY_CONTACT" }, { "type": "social", "url": "tests/SOCIAL" }, { "type": "other", "url": "tests/SOURCE_DISTRIBUTION" }, { "type": "static-analysis-report", "url": "tests/STATIC_ANALYSIS_REPORT" }, { "type": "support", "url": "tests/SUPPORT" }, { "type": "threat-model", "url": "tests/THREAT_MODEL" }, { "type": "vcs", "url": "tests/SCM" }, { "type": "vulnerability-assertion", "url": "tests/VULNERABILITY_ASSERTION" }, { "type": "website", "url": "tests/WEBSITE" } ], "name": "dummy", "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ExternalReferenceType-1.5.xml.bin000066400000000000000000000116001476011761300311150ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy tests/ADVERSARY_MODEL tests/ADVISORIES tests/ATTESTATION tests/BOM tests/BUILD_META tests/BUILD_SYSTEM tests/CERTIFICATION_REPORT tests/CHAT tests/CODIFIED_INFRASTRUCTURE tests/COMPONENT_ANALYSIS_REPORT tests/CONFIGURATION tests/DIGITAL_SIGNATURE tests/DISTRIBUTION tests/DISTRIBUTION_INTAKE tests/DOCUMENTATION tests/DYNAMIC_ANALYSIS_REPORT tests/ELECTRONIC_SIGNATURE tests/EVIDENCE tests/EXPLOITABILITY_STATEMENT tests/FORMULATION tests/ISSUE_TRACKER tests/LICENSE tests/LOG tests/MAILING_LIST tests/MATURITY_REPORT tests/MODEL_CARD tests/OTHER tests/PENTEST_REPORT tests/POAM tests/QUALITY_METRICS tests/RELEASE_NOTES tests/RFC_9166 tests/RISK_ASSESSMENT tests/RUNTIME_ANALYSIS_REPORT tests/SECURITY_CONTACT tests/SOCIAL tests/SOURCE_DISTRIBUTION tests/STATIC_ANALYSIS_REPORT tests/SUPPORT tests/THREAT_MODEL tests/SCM tests/VULNERABILITY_ASSERTION tests/WEBSITE val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ExternalReferenceType-1.6.json.bin000066400000000000000000000111471476011761300312750ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "externalReferences": [ { "type": "adversary-model", "url": "tests/ADVERSARY_MODEL" }, { "type": "advisories", "url": "tests/ADVISORIES" }, { "type": "attestation", "url": "tests/ATTESTATION" }, { "type": "bom", "url": "tests/BOM" }, { "type": "build-meta", "url": "tests/BUILD_META" }, { "type": "build-system", "url": "tests/BUILD_SYSTEM" }, { "type": "certification-report", "url": "tests/CERTIFICATION_REPORT" }, { "type": "chat", "url": "tests/CHAT" }, { "type": "codified-infrastructure", "url": "tests/CODIFIED_INFRASTRUCTURE" }, { "type": "component-analysis-report", "url": "tests/COMPONENT_ANALYSIS_REPORT" }, { "type": "configuration", "url": "tests/CONFIGURATION" }, { "type": "digital-signature", "url": "tests/DIGITAL_SIGNATURE" }, { "type": "distribution", "url": "tests/DISTRIBUTION" }, { "type": "distribution-intake", "url": "tests/DISTRIBUTION_INTAKE" }, { "type": "documentation", "url": "tests/DOCUMENTATION" }, { "type": "dynamic-analysis-report", "url": "tests/DYNAMIC_ANALYSIS_REPORT" }, { "type": "electronic-signature", "url": "tests/ELECTRONIC_SIGNATURE" }, { "type": "evidence", "url": "tests/EVIDENCE" }, { "type": "exploitability-statement", "url": "tests/EXPLOITABILITY_STATEMENT" }, { "type": "formulation", "url": "tests/FORMULATION" }, { "type": "issue-tracker", "url": "tests/ISSUE_TRACKER" }, { "type": "license", "url": "tests/LICENSE" }, { "type": "log", "url": "tests/LOG" }, { "type": "mailing-list", "url": "tests/MAILING_LIST" }, { "type": "maturity-report", "url": "tests/MATURITY_REPORT" }, { "type": "model-card", "url": "tests/MODEL_CARD" }, { "type": "other", "url": "tests/OTHER" }, { "type": "pentest-report", "url": "tests/PENTEST_REPORT" }, { "type": "poam", "url": "tests/POAM" }, { "type": "quality-metrics", "url": "tests/QUALITY_METRICS" }, { "type": "release-notes", "url": "tests/RELEASE_NOTES" }, { "type": "rfc-9116", "url": "tests/RFC_9166" }, { "type": "risk-assessment", "url": "tests/RISK_ASSESSMENT" }, { "type": "runtime-analysis-report", "url": "tests/RUNTIME_ANALYSIS_REPORT" }, { "type": "security-contact", "url": "tests/SECURITY_CONTACT" }, { "type": "social", "url": "tests/SOCIAL" }, { "type": "source-distribution", "url": "tests/SOURCE_DISTRIBUTION" }, { "type": "static-analysis-report", "url": "tests/STATIC_ANALYSIS_REPORT" }, { "type": "support", "url": "tests/SUPPORT" }, { "type": "threat-model", "url": "tests/THREAT_MODEL" }, { "type": "vcs", "url": "tests/SCM" }, { "type": "vulnerability-assertion", "url": "tests/VULNERABILITY_ASSERTION" }, { "type": "website", "url": "tests/WEBSITE" } ], "name": "dummy", "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ExternalReferenceType-1.6.xml.bin000066400000000000000000000116541476011761300311270ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy tests/ADVERSARY_MODEL tests/ADVISORIES tests/ATTESTATION tests/BOM tests/BUILD_META tests/BUILD_SYSTEM tests/CERTIFICATION_REPORT tests/CHAT tests/CODIFIED_INFRASTRUCTURE tests/COMPONENT_ANALYSIS_REPORT tests/CONFIGURATION tests/DIGITAL_SIGNATURE tests/DISTRIBUTION tests/DISTRIBUTION_INTAKE tests/DOCUMENTATION tests/DYNAMIC_ANALYSIS_REPORT tests/ELECTRONIC_SIGNATURE tests/EVIDENCE tests/EXPLOITABILITY_STATEMENT tests/FORMULATION tests/ISSUE_TRACKER tests/LICENSE tests/LOG tests/MAILING_LIST tests/MATURITY_REPORT tests/MODEL_CARD tests/OTHER tests/PENTEST_REPORT tests/POAM tests/QUALITY_METRICS tests/RELEASE_NOTES tests/RFC_9166 tests/RISK_ASSESSMENT tests/RUNTIME_ANALYSIS_REPORT tests/SECURITY_CONTACT tests/SOCIAL tests/SOURCE_DISTRIBUTION tests/STATIC_ANALYSIS_REPORT tests/SUPPORT tests/THREAT_MODEL tests/SCM tests/VULNERABILITY_ASSERTION tests/WEBSITE val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_HashAlgorithm-1.0.xml.bin000066400000000000000000000013551476011761300274050ustar00rootroot00000000000000 dummy ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_HashAlgorithm-1.1.xml.bin000066400000000000000000000014311476011761300274010ustar00rootroot00000000000000 dummy ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_HashAlgorithm-1.2.json.bin000066400000000000000000000033341476011761300275570ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "hashes": [ { "alg": "BLAKE2b-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE2b-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE2b-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE3", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "MD5", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-1", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" } ], "name": "dummy", "type": "library", "version": "" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_HashAlgorithm-1.2.xml.bin000066400000000000000000000024211476011761300274020ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_HashAlgorithm-1.3.json.bin000066400000000000000000000033341476011761300275600ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "hashes": [ { "alg": "BLAKE2b-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE2b-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE2b-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE3", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "MD5", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-1", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" } ], "name": "dummy", "type": "library", "version": "" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_HashAlgorithm-1.3.xml.bin000066400000000000000000000024211476011761300274030ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_HashAlgorithm-1.4.json.bin000066400000000000000000000033061476011761300275600ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "hashes": [ { "alg": "BLAKE2b-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE2b-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE2b-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE3", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "MD5", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-1", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" } ], "name": "dummy", "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_HashAlgorithm-1.4.xml.bin000066400000000000000000000024001476011761300274010ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_HashAlgorithm-1.5.json.bin000066400000000000000000000035161476011761300275640ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "hashes": [ { "alg": "BLAKE2b-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE2b-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE2b-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE3", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "MD5", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-1", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" } ], "name": "dummy", "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_HashAlgorithm-1.5.xml.bin000066400000000000000000000025631476011761300274140ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_HashAlgorithm-1.6.json.bin000066400000000000000000000035161476011761300275650ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "hashes": [ { "alg": "BLAKE2b-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE2b-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE2b-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "BLAKE3", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "MD5", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-1", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-256", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-384", "content": "ae2b1fca515949e5d54fb22b8ed95575" }, { "alg": "SHA3-512", "content": "ae2b1fca515949e5d54fb22b8ed95575" } ], "name": "dummy", "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_HashAlgorithm-1.6.xml.bin000066400000000000000000000025631476011761300274150ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 ae2b1fca515949e5d54fb22b8ed95575 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisAffectedStatus-1.0.xml.bin000066400000000000000000000001541476011761300324160ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisAffectedStatus-1.1.xml.bin000066400000000000000000000002511476011761300324150ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisAffectedStatus-1.2.json.bin000066400000000000000000000004231476011761300325700ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisAffectedStatus-1.2.xml.bin000066400000000000000000000003601476011761300324170ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisAffectedStatus-1.3.json.bin000066400000000000000000000004231476011761300325710ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisAffectedStatus-1.3.xml.bin000066400000000000000000000003601476011761300324200ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisAffectedStatus-1.4.json.bin000066400000000000000000000014541476011761300325770ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "affects": [ { "ref": "urn:cdx:bom23/1#comp42", "versions": [ { "status": "affected", "version": "1.33.7+AFFECTED" }, { "status": "unaffected", "version": "1.33.7+UNAFFECTED" }, { "status": "unknown", "version": "1.33.7+UNKNOWN" } ] } ], "bom-ref": "dummy", "id": "dummy" } ], "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisAffectedStatus-1.4.xml.bin000066400000000000000000000016261476011761300324270ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy urn:cdx:bom23/1#comp42 1.33.7+AFFECTED affected 1.33.7+UNAFFECTED unaffected 1.33.7+UNKNOWN unknown cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisAffectedStatus-1.5.json.bin000066400000000000000000000016641476011761300326030ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "affects": [ { "ref": "urn:cdx:bom23/1#comp42", "versions": [ { "status": "affected", "version": "1.33.7+AFFECTED" }, { "status": "unaffected", "version": "1.33.7+UNAFFECTED" }, { "status": "unknown", "version": "1.33.7+UNKNOWN" } ] } ], "bom-ref": "dummy", "id": "dummy" } ], "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisAffectedStatus-1.5.xml.bin000066400000000000000000000020111476011761300324150ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 dummy urn:cdx:bom23/1#comp42 1.33.7+AFFECTED affected 1.33.7+UNAFFECTED unaffected 1.33.7+UNKNOWN unknown cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisAffectedStatus-1.6.json.bin000066400000000000000000000016641476011761300326040ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "affects": [ { "ref": "urn:cdx:bom23/1#comp42", "versions": [ { "status": "affected", "version": "1.33.7+AFFECTED" }, { "status": "unaffected", "version": "1.33.7+UNAFFECTED" }, { "status": "unknown", "version": "1.33.7+UNKNOWN" } ] } ], "bom-ref": "dummy", "id": "dummy" } ], "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisAffectedStatus-1.6.xml.bin000066400000000000000000000020111476011761300324160ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 dummy urn:cdx:bom23/1#comp42 1.33.7+AFFECTED affected 1.33.7+UNAFFECTED unaffected 1.33.7+UNKNOWN unknown cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisJustification-1.0.xml.bin000066400000000000000000000001541476011761300323240ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisJustification-1.1.xml.bin000066400000000000000000000002511476011761300323230ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisJustification-1.2.json.bin000066400000000000000000000004231476011761300324760ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisJustification-1.2.xml.bin000066400000000000000000000003601476011761300323250ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisJustification-1.3.json.bin000066400000000000000000000004231476011761300324770ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisJustification-1.3.xml.bin000066400000000000000000000003601476011761300323260ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisJustification-1.4.json.bin000066400000000000000000000037221476011761300325050ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "analysis": { "justification": "code_not_present" }, "bom-ref": "vuln-with-CODE_NOT_PRESENT", "id": "vuln-with-CODE_NOT_PRESENT" }, { "analysis": { "justification": "code_not_reachable" }, "bom-ref": "vuln-with-CODE_NOT_REACHABLE", "id": "vuln-with-CODE_NOT_REACHABLE" }, { "analysis": { "justification": "protected_at_perimeter" }, "bom-ref": "vuln-with-PROTECTED_AT_PERIMITER", "id": "vuln-with-PROTECTED_AT_PERIMITER" }, { "analysis": { "justification": "protected_at_runtime" }, "bom-ref": "vuln-with-PROTECTED_AT_RUNTIME", "id": "vuln-with-PROTECTED_AT_RUNTIME" }, { "analysis": { "justification": "protected_by_compiler" }, "bom-ref": "vuln-with-PROTECTED_BY_COMPILER", "id": "vuln-with-PROTECTED_BY_COMPILER" }, { "analysis": { "justification": "protected_by_mitigating_control" }, "bom-ref": "vuln-with-PROTECTED_BY_MITIGATING_CONTROL", "id": "vuln-with-PROTECTED_BY_MITIGATING_CONTROL" }, { "analysis": { "justification": "requires_configuration" }, "bom-ref": "vuln-with-REQUIRES_CONFIGURATION", "id": "vuln-with-REQUIRES_CONFIGURATION" }, { "analysis": { "justification": "requires_dependency" }, "bom-ref": "vuln-with-REQUIRES_DEPENDENCY", "id": "vuln-with-REQUIRES_DEPENDENCY" }, { "analysis": { "justification": "requires_environment" }, "bom-ref": "vuln-with-REQUIRES_ENVIRONMENT", "id": "vuln-with-REQUIRES_ENVIRONMENT" } ], "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisJustification-1.4.xml.bin000066400000000000000000000044131476011761300323320ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 vuln-with-CODE_NOT_PRESENT code_not_present vuln-with-CODE_NOT_REACHABLE code_not_reachable vuln-with-PROTECTED_AT_PERIMITER protected_at_perimeter vuln-with-PROTECTED_AT_RUNTIME protected_at_runtime vuln-with-PROTECTED_BY_COMPILER protected_by_compiler vuln-with-PROTECTED_BY_MITIGATING_CONTROL protected_by_mitigating_control vuln-with-REQUIRES_CONFIGURATION requires_configuration vuln-with-REQUIRES_DEPENDENCY requires_dependency vuln-with-REQUIRES_ENVIRONMENT requires_environment cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisJustification-1.5.json.bin000066400000000000000000000041321476011761300325020ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "analysis": { "justification": "code_not_present" }, "bom-ref": "vuln-with-CODE_NOT_PRESENT", "id": "vuln-with-CODE_NOT_PRESENT" }, { "analysis": { "justification": "code_not_reachable" }, "bom-ref": "vuln-with-CODE_NOT_REACHABLE", "id": "vuln-with-CODE_NOT_REACHABLE" }, { "analysis": { "justification": "protected_at_perimeter" }, "bom-ref": "vuln-with-PROTECTED_AT_PERIMITER", "id": "vuln-with-PROTECTED_AT_PERIMITER" }, { "analysis": { "justification": "protected_at_runtime" }, "bom-ref": "vuln-with-PROTECTED_AT_RUNTIME", "id": "vuln-with-PROTECTED_AT_RUNTIME" }, { "analysis": { "justification": "protected_by_compiler" }, "bom-ref": "vuln-with-PROTECTED_BY_COMPILER", "id": "vuln-with-PROTECTED_BY_COMPILER" }, { "analysis": { "justification": "protected_by_mitigating_control" }, "bom-ref": "vuln-with-PROTECTED_BY_MITIGATING_CONTROL", "id": "vuln-with-PROTECTED_BY_MITIGATING_CONTROL" }, { "analysis": { "justification": "requires_configuration" }, "bom-ref": "vuln-with-REQUIRES_CONFIGURATION", "id": "vuln-with-REQUIRES_CONFIGURATION" }, { "analysis": { "justification": "requires_dependency" }, "bom-ref": "vuln-with-REQUIRES_DEPENDENCY", "id": "vuln-with-REQUIRES_DEPENDENCY" }, { "analysis": { "justification": "requires_environment" }, "bom-ref": "vuln-with-REQUIRES_ENVIRONMENT", "id": "vuln-with-REQUIRES_ENVIRONMENT" } ], "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisJustification-1.5.xml.bin000066400000000000000000000045761476011761300323450ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 vuln-with-CODE_NOT_PRESENT code_not_present vuln-with-CODE_NOT_REACHABLE code_not_reachable vuln-with-PROTECTED_AT_PERIMITER protected_at_perimeter vuln-with-PROTECTED_AT_RUNTIME protected_at_runtime vuln-with-PROTECTED_BY_COMPILER protected_by_compiler vuln-with-PROTECTED_BY_MITIGATING_CONTROL protected_by_mitigating_control vuln-with-REQUIRES_CONFIGURATION requires_configuration vuln-with-REQUIRES_DEPENDENCY requires_dependency vuln-with-REQUIRES_ENVIRONMENT requires_environment cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisJustification-1.6.json.bin000066400000000000000000000041321476011761300325030ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "analysis": { "justification": "code_not_present" }, "bom-ref": "vuln-with-CODE_NOT_PRESENT", "id": "vuln-with-CODE_NOT_PRESENT" }, { "analysis": { "justification": "code_not_reachable" }, "bom-ref": "vuln-with-CODE_NOT_REACHABLE", "id": "vuln-with-CODE_NOT_REACHABLE" }, { "analysis": { "justification": "protected_at_perimeter" }, "bom-ref": "vuln-with-PROTECTED_AT_PERIMITER", "id": "vuln-with-PROTECTED_AT_PERIMITER" }, { "analysis": { "justification": "protected_at_runtime" }, "bom-ref": "vuln-with-PROTECTED_AT_RUNTIME", "id": "vuln-with-PROTECTED_AT_RUNTIME" }, { "analysis": { "justification": "protected_by_compiler" }, "bom-ref": "vuln-with-PROTECTED_BY_COMPILER", "id": "vuln-with-PROTECTED_BY_COMPILER" }, { "analysis": { "justification": "protected_by_mitigating_control" }, "bom-ref": "vuln-with-PROTECTED_BY_MITIGATING_CONTROL", "id": "vuln-with-PROTECTED_BY_MITIGATING_CONTROL" }, { "analysis": { "justification": "requires_configuration" }, "bom-ref": "vuln-with-REQUIRES_CONFIGURATION", "id": "vuln-with-REQUIRES_CONFIGURATION" }, { "analysis": { "justification": "requires_dependency" }, "bom-ref": "vuln-with-REQUIRES_DEPENDENCY", "id": "vuln-with-REQUIRES_DEPENDENCY" }, { "analysis": { "justification": "requires_environment" }, "bom-ref": "vuln-with-REQUIRES_ENVIRONMENT", "id": "vuln-with-REQUIRES_ENVIRONMENT" } ], "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisJustification-1.6.xml.bin000066400000000000000000000045761476011761300323460ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 vuln-with-CODE_NOT_PRESENT code_not_present vuln-with-CODE_NOT_REACHABLE code_not_reachable vuln-with-PROTECTED_AT_PERIMITER protected_at_perimeter vuln-with-PROTECTED_AT_RUNTIME protected_at_runtime vuln-with-PROTECTED_BY_COMPILER protected_by_compiler vuln-with-PROTECTED_BY_MITIGATING_CONTROL protected_by_mitigating_control vuln-with-REQUIRES_CONFIGURATION requires_configuration vuln-with-REQUIRES_DEPENDENCY requires_dependency vuln-with-REQUIRES_ENVIRONMENT requires_environment cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisResponse-1.0.xml.bin000066400000000000000000000001541476011761300313070ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisResponse-1.1.xml.bin000066400000000000000000000002511476011761300313060ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisResponse-1.2.json.bin000066400000000000000000000004231476011761300314610ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisResponse-1.2.xml.bin000066400000000000000000000003601476011761300313100ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisResponse-1.3.json.bin000066400000000000000000000004231476011761300314620ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisResponse-1.3.xml.bin000066400000000000000000000003601476011761300313110ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisResponse-1.4.json.bin000066400000000000000000000010431476011761300314620ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "analysis": { "response": [ "can_not_fix", "rollback", "update", "will_not_fix", "workaround_available" ] }, "bom-ref": "dummy", "id": "dummy" } ], "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisResponse-1.4.xml.bin000066400000000000000000000012141476011761300313110ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy can_not_fix rollback update will_not_fix workaround_available cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisResponse-1.5.json.bin000066400000000000000000000012531476011761300314660ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "analysis": { "response": [ "can_not_fix", "rollback", "update", "will_not_fix", "workaround_available" ] }, "bom-ref": "dummy", "id": "dummy" } ], "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisResponse-1.5.xml.bin000066400000000000000000000013771476011761300313240ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 dummy can_not_fix rollback update will_not_fix workaround_available cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisResponse-1.6.json.bin000066400000000000000000000012531476011761300314670ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "analysis": { "response": [ "can_not_fix", "rollback", "update", "will_not_fix", "workaround_available" ] }, "bom-ref": "dummy", "id": "dummy" } ], "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisResponse-1.6.xml.bin000066400000000000000000000013771476011761300313250ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 dummy can_not_fix rollback update will_not_fix workaround_available cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisState-1.0.xml.bin000066400000000000000000000001541476011761300305710ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisState-1.1.xml.bin000066400000000000000000000002511476011761300305700ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisState-1.2.json.bin000066400000000000000000000004231476011761300307430ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisState-1.2.xml.bin000066400000000000000000000003601476011761300305720ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisState-1.3.json.bin000066400000000000000000000004231476011761300307440ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisState-1.3.xml.bin000066400000000000000000000003601476011761300305730ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisState-1.4.json.bin000066400000000000000000000024211476011761300307450ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "analysis": { "state": "exploitable" }, "bom-ref": "vuln-wit-state-EXPLOITABLE", "id": "vuln-wit-state-EXPLOITABLE" }, { "analysis": { "state": "false_positive" }, "bom-ref": "vuln-wit-state-FALSE_POSITIVE", "id": "vuln-wit-state-FALSE_POSITIVE" }, { "analysis": { "state": "in_triage" }, "bom-ref": "vuln-wit-state-IN_TRIAGE", "id": "vuln-wit-state-IN_TRIAGE" }, { "analysis": { "state": "not_affected" }, "bom-ref": "vuln-wit-state-NOT_AFFECTED", "id": "vuln-wit-state-NOT_AFFECTED" }, { "analysis": { "state": "resolved" }, "bom-ref": "vuln-wit-state-RESOLVED", "id": "vuln-wit-state-RESOLVED" }, { "analysis": { "state": "resolved_with_pedigree" }, "bom-ref": "vuln-wit-state-RESOLVED_WITH_PEDIGREE", "id": "vuln-wit-state-RESOLVED_WITH_PEDIGREE" } ], "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisState-1.4.xml.bin000066400000000000000000000026531476011761300306030ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 vuln-wit-state-EXPLOITABLE exploitable vuln-wit-state-FALSE_POSITIVE false_positive vuln-wit-state-IN_TRIAGE in_triage vuln-wit-state-NOT_AFFECTED not_affected vuln-wit-state-RESOLVED resolved vuln-wit-state-RESOLVED_WITH_PEDIGREE resolved_with_pedigree cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisState-1.5.json.bin000066400000000000000000000026311476011761300307510ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "analysis": { "state": "exploitable" }, "bom-ref": "vuln-wit-state-EXPLOITABLE", "id": "vuln-wit-state-EXPLOITABLE" }, { "analysis": { "state": "false_positive" }, "bom-ref": "vuln-wit-state-FALSE_POSITIVE", "id": "vuln-wit-state-FALSE_POSITIVE" }, { "analysis": { "state": "in_triage" }, "bom-ref": "vuln-wit-state-IN_TRIAGE", "id": "vuln-wit-state-IN_TRIAGE" }, { "analysis": { "state": "not_affected" }, "bom-ref": "vuln-wit-state-NOT_AFFECTED", "id": "vuln-wit-state-NOT_AFFECTED" }, { "analysis": { "state": "resolved" }, "bom-ref": "vuln-wit-state-RESOLVED", "id": "vuln-wit-state-RESOLVED" }, { "analysis": { "state": "resolved_with_pedigree" }, "bom-ref": "vuln-wit-state-RESOLVED_WITH_PEDIGREE", "id": "vuln-wit-state-RESOLVED_WITH_PEDIGREE" } ], "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisState-1.5.xml.bin000066400000000000000000000030361476011761300306000ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 vuln-wit-state-EXPLOITABLE exploitable vuln-wit-state-FALSE_POSITIVE false_positive vuln-wit-state-IN_TRIAGE in_triage vuln-wit-state-NOT_AFFECTED not_affected vuln-wit-state-RESOLVED resolved vuln-wit-state-RESOLVED_WITH_PEDIGREE resolved_with_pedigree cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisState-1.6.json.bin000066400000000000000000000026311476011761300307520ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "analysis": { "state": "exploitable" }, "bom-ref": "vuln-wit-state-EXPLOITABLE", "id": "vuln-wit-state-EXPLOITABLE" }, { "analysis": { "state": "false_positive" }, "bom-ref": "vuln-wit-state-FALSE_POSITIVE", "id": "vuln-wit-state-FALSE_POSITIVE" }, { "analysis": { "state": "in_triage" }, "bom-ref": "vuln-wit-state-IN_TRIAGE", "id": "vuln-wit-state-IN_TRIAGE" }, { "analysis": { "state": "not_affected" }, "bom-ref": "vuln-wit-state-NOT_AFFECTED", "id": "vuln-wit-state-NOT_AFFECTED" }, { "analysis": { "state": "resolved" }, "bom-ref": "vuln-wit-state-RESOLVED", "id": "vuln-wit-state-RESOLVED" }, { "analysis": { "state": "resolved_with_pedigree" }, "bom-ref": "vuln-wit-state-RESOLVED_WITH_PEDIGREE", "id": "vuln-wit-state-RESOLVED_WITH_PEDIGREE" } ], "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_ImpactAnalysisState-1.6.xml.bin000066400000000000000000000030361476011761300306010ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 vuln-wit-state-EXPLOITABLE exploitable vuln-wit-state-FALSE_POSITIVE false_positive vuln-wit-state-IN_TRIAGE in_triage vuln-wit-state-NOT_AFFECTED not_affected vuln-wit-state-RESOLVED resolved vuln-wit-state-RESOLVED_WITH_PEDIGREE resolved_with_pedigree cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_IssueClassification-1.0.xml.bin000066400000000000000000000003661476011761300306200ustar00rootroot00000000000000 dummy false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_IssueClassification-1.1.xml.bin000066400000000000000000000004641476011761300306200ustar00rootroot00000000000000 dummy cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_IssueClassification-1.2.json.bin000066400000000000000000000016571476011761300307770ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "name": "dummy", "pedigree": { "patches": [ { "resolves": [ { "id": "issue-DEFECT", "type": "defect" }, { "id": "issue-ENHANCEMENT", "type": "enhancement" }, { "id": "issue-SECURITY", "type": "security" } ], "type": "backport" } ] }, "type": "library", "version": "" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_IssueClassification-1.2.xml.bin000066400000000000000000000016271476011761300306230ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy issue-DEFECT issue-ENHANCEMENT issue-SECURITY cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_IssueClassification-1.3.json.bin000066400000000000000000000016571476011761300310000ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "name": "dummy", "pedigree": { "patches": [ { "resolves": [ { "id": "issue-DEFECT", "type": "defect" }, { "id": "issue-ENHANCEMENT", "type": "enhancement" }, { "id": "issue-SECURITY", "type": "security" } ], "type": "backport" } ] }, "type": "library", "version": "" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_IssueClassification-1.3.xml.bin000066400000000000000000000016271476011761300306240ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy issue-DEFECT issue-ENHANCEMENT issue-SECURITY cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_IssueClassification-1.4.json.bin000066400000000000000000000016311476011761300307710ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "name": "dummy", "pedigree": { "patches": [ { "resolves": [ { "id": "issue-DEFECT", "type": "defect" }, { "id": "issue-ENHANCEMENT", "type": "enhancement" }, { "id": "issue-SECURITY", "type": "security" } ], "type": "backport" } ] }, "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_IssueClassification-1.4.xml.bin000066400000000000000000000016061476011761300306220ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy issue-DEFECT issue-ENHANCEMENT issue-SECURITY cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_IssueClassification-1.5.json.bin000066400000000000000000000020411476011761300307660ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "name": "dummy", "pedigree": { "patches": [ { "resolves": [ { "id": "issue-DEFECT", "type": "defect" }, { "id": "issue-ENHANCEMENT", "type": "enhancement" }, { "id": "issue-SECURITY", "type": "security" } ], "type": "backport" } ] }, "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_IssueClassification-1.5.xml.bin000066400000000000000000000017711476011761300306260ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy issue-DEFECT issue-ENHANCEMENT issue-SECURITY val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_IssueClassification-1.6.json.bin000066400000000000000000000020411476011761300307670ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "name": "dummy", "pedigree": { "patches": [ { "resolves": [ { "id": "issue-DEFECT", "type": "defect" }, { "id": "issue-ENHANCEMENT", "type": "enhancement" }, { "id": "issue-SECURITY", "type": "security" } ], "type": "backport" } ] }, "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_IssueClassification-1.6.xml.bin000066400000000000000000000017711476011761300306270ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy issue-DEFECT issue-ENHANCEMENT issue-SECURITY val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_LifecyclePhase-1.0.xml.bin000066400000000000000000000001541476011761300275270ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_LifecyclePhase-1.1.xml.bin000066400000000000000000000002511476011761300275260ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_LifecyclePhase-1.2.json.bin000066400000000000000000000004231476011761300277010ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_LifecyclePhase-1.2.xml.bin000066400000000000000000000003601476011761300275300ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_LifecyclePhase-1.3.json.bin000066400000000000000000000004231476011761300277020ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_LifecyclePhase-1.3.xml.bin000066400000000000000000000003601476011761300275310ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_LifecyclePhase-1.4.json.bin000066400000000000000000000004221476011761300277020ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_LifecyclePhase-1.4.xml.bin000066400000000000000000000003601476011761300275320ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_LifecyclePhase-1.5.json.bin000066400000000000000000000013641476011761300277110ustar00rootroot00000000000000{ "metadata": { "lifecycles": [ { "phase": "build" }, { "phase": "decommission" }, { "phase": "design" }, { "phase": "discovery" }, { "phase": "operations" }, { "phase": "post-build" }, { "phase": "pre-build" } ], "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_LifecyclePhase-1.5.xml.bin000066400000000000000000000015561476011761300275430ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 build decommission design discovery operations post-build pre-build val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_LifecyclePhase-1.6.json.bin000066400000000000000000000013641476011761300277120ustar00rootroot00000000000000{ "metadata": { "lifecycles": [ { "phase": "build" }, { "phase": "decommission" }, { "phase": "design" }, { "phase": "discovery" }, { "phase": "operations" }, { "phase": "post-build" }, { "phase": "pre-build" } ], "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_LifecyclePhase-1.6.xml.bin000066400000000000000000000015561476011761300275440ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 build decommission design discovery operations post-build pre-build val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_PatchClassification-1.0.xml.bin000066400000000000000000000003661476011761300305670ustar00rootroot00000000000000 dummy false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_PatchClassification-1.1.xml.bin000066400000000000000000000004641476011761300305670ustar00rootroot00000000000000 dummy cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_PatchClassification-1.2.json.bin000066400000000000000000000013541476011761300307400ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "name": "dummy", "pedigree": { "patches": [ { "type": "backport" }, { "type": "cherry-pick" }, { "type": "monkey" }, { "type": "unofficial" } ] }, "type": "library", "version": "" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_PatchClassification-1.2.xml.bin000066400000000000000000000012211476011761300305600ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_PatchClassification-1.3.json.bin000066400000000000000000000013541476011761300307410ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "name": "dummy", "pedigree": { "patches": [ { "type": "backport" }, { "type": "cherry-pick" }, { "type": "monkey" }, { "type": "unofficial" } ] }, "type": "library", "version": "" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_PatchClassification-1.3.xml.bin000066400000000000000000000012211476011761300305610ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_PatchClassification-1.4.json.bin000066400000000000000000000013261476011761300307410ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "name": "dummy", "pedigree": { "patches": [ { "type": "backport" }, { "type": "cherry-pick" }, { "type": "monkey" }, { "type": "unofficial" } ] }, "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_PatchClassification-1.4.xml.bin000066400000000000000000000012001476011761300305570ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_PatchClassification-1.5.json.bin000066400000000000000000000015361476011761300307450ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "name": "dummy", "pedigree": { "patches": [ { "type": "backport" }, { "type": "cherry-pick" }, { "type": "monkey" }, { "type": "unofficial" } ] }, "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_PatchClassification-1.5.xml.bin000066400000000000000000000013631476011761300305720ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_PatchClassification-1.6.json.bin000066400000000000000000000015361476011761300307460ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "name": "dummy", "pedigree": { "patches": [ { "type": "backport" }, { "type": "cherry-pick" }, { "type": "monkey" }, { "type": "unofficial" } ] }, "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_PatchClassification-1.6.xml.bin000066400000000000000000000013631476011761300305730ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilityScoreSource-1.0.xml.bin000066400000000000000000000001541476011761300316550ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilityScoreSource-1.1.xml.bin000066400000000000000000000002511476011761300316540ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilityScoreSource-1.2.json.bin000066400000000000000000000004231476011761300320270ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilityScoreSource-1.2.xml.bin000066400000000000000000000003601476011761300316560ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilityScoreSource-1.3.json.bin000066400000000000000000000004231476011761300320300ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilityScoreSource-1.3.xml.bin000066400000000000000000000003601476011761300316570ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilityScoreSource-1.4.json.bin000066400000000000000000000013361476011761300320350ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "bom-ref": "dummy", "id": "dummy", "ratings": [ { "method": "CVSSv2" }, { "method": "CVSSv3" }, { "method": "CVSSv31" }, { "method": "other" }, { "method": "OWASP" }, { "method": "other" }, { "method": "other" } ] } ], "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilityScoreSource-1.4.xml.bin000066400000000000000000000015501476011761300316620ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy CVSSv2 CVSSv3 CVSSv31 other OWASP other other cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilityScoreSource-1.5.json.bin000066400000000000000000000015461476011761300320410ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "bom-ref": "dummy", "id": "dummy", "ratings": [ { "method": "CVSSv2" }, { "method": "CVSSv3" }, { "method": "CVSSv31" }, { "method": "CVSSv4" }, { "method": "OWASP" }, { "method": "SSVC" }, { "method": "other" } ] } ], "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilityScoreSource-1.5.xml.bin000066400000000000000000000017331476011761300316660ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 dummy CVSSv2 CVSSv3 CVSSv31 CVSSv4 OWASP SSVC other cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilityScoreSource-1.6.json.bin000066400000000000000000000015461476011761300320420ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "bom-ref": "dummy", "id": "dummy", "ratings": [ { "method": "CVSSv2" }, { "method": "CVSSv3" }, { "method": "CVSSv31" }, { "method": "CVSSv4" }, { "method": "OWASP" }, { "method": "SSVC" }, { "method": "other" } ] } ], "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilityScoreSource-1.6.xml.bin000066400000000000000000000017331476011761300316670ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 dummy CVSSv2 CVSSv3 CVSSv31 CVSSv4 OWASP SSVC other cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilitySeverity-1.0.xml.bin000066400000000000000000000001541476011761300312330ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilitySeverity-1.1.xml.bin000066400000000000000000000002511476011761300312320ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilitySeverity-1.2.json.bin000066400000000000000000000004231476011761300314050ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilitySeverity-1.2.xml.bin000066400000000000000000000003601476011761300312340ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilitySeverity-1.3.json.bin000066400000000000000000000004231476011761300314060ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilitySeverity-1.3.xml.bin000066400000000000000000000003601476011761300312350ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilitySeverity-1.4.json.bin000066400000000000000000000013511476011761300314100ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "bom-ref": "dummy", "id": "dummy", "ratings": [ { "severity": "critical" }, { "severity": "high" }, { "severity": "info" }, { "severity": "low" }, { "severity": "medium" }, { "severity": "none" }, { "severity": "unknown" } ] } ], "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilitySeverity-1.4.xml.bin000066400000000000000000000016011476011761300312350ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy critical high info low medium none unknown cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilitySeverity-1.5.json.bin000066400000000000000000000015611476011761300314140ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "bom-ref": "dummy", "id": "dummy", "ratings": [ { "severity": "critical" }, { "severity": "high" }, { "severity": "info" }, { "severity": "low" }, { "severity": "medium" }, { "severity": "none" }, { "severity": "unknown" } ] } ], "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilitySeverity-1.5.xml.bin000066400000000000000000000017641476011761300312500ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 dummy critical high info low medium none unknown cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilitySeverity-1.6.json.bin000066400000000000000000000015611476011761300314150ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "bom-ref": "dummy", "id": "dummy", "ratings": [ { "severity": "critical" }, { "severity": "high" }, { "severity": "info" }, { "severity": "low" }, { "severity": "medium" }, { "severity": "none" }, { "severity": "unknown" } ] } ], "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/enum_VulnerabilitySeverity-1.6.xml.bin000066400000000000000000000017641476011761300312510ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 dummy critical high info low medium none unknown get_bom_for_issue540_duplicate_components-1.0.xml.bin000066400000000000000000000010031476011761300337600ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots some-component false some-library false some-library false get_bom_for_issue540_duplicate_components-1.1.xml.bin000066400000000000000000000010461476011761300337700ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots some-component some-library some-library get_bom_for_issue540_duplicate_components-1.2.json.bin000066400000000000000000000021251476011761300341410ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "some-component", "name": "some-component", "type": "library", "version": "" }, { "bom-ref": "some-library1", "name": "some-library", "type": "library", "version": "" }, { "bom-ref": "some-library2", "name": "some-library", "type": "library", "version": "" } ], "dependencies": [ { "dependsOn": [ "some-component" ], "ref": "myApp" }, { "dependsOn": [ "some-library1", "some-library2" ], "ref": "some-component" }, { "ref": "some-library1" }, { "ref": "some-library2" } ], "metadata": { "component": { "bom-ref": "myApp", "name": "myApp", "type": "application", "version": "" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_for_issue540_duplicate_components-1.2.xml.bin000066400000000000000000000020721476011761300337710ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 myApp some-component some-library some-library get_bom_for_issue540_duplicate_components-1.3.json.bin000066400000000000000000000021251476011761300341420ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "some-component", "name": "some-component", "type": "library", "version": "" }, { "bom-ref": "some-library1", "name": "some-library", "type": "library", "version": "" }, { "bom-ref": "some-library2", "name": "some-library", "type": "library", "version": "" } ], "dependencies": [ { "dependsOn": [ "some-component" ], "ref": "myApp" }, { "dependsOn": [ "some-library1", "some-library2" ], "ref": "some-component" }, { "ref": "some-library1" }, { "ref": "some-library2" } ], "metadata": { "component": { "bom-ref": "myApp", "name": "myApp", "type": "application", "version": "" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_for_issue540_duplicate_components-1.3.xml.bin000066400000000000000000000020721476011761300337720ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 myApp some-component some-library some-library get_bom_for_issue540_duplicate_components-1.4.json.bin000066400000000000000000000020001476011761300341330ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "some-component", "name": "some-component", "type": "library" }, { "bom-ref": "some-library1", "name": "some-library", "type": "library" }, { "bom-ref": "some-library2", "name": "some-library", "type": "library" } ], "dependencies": [ { "dependsOn": [ "some-component" ], "ref": "myApp" }, { "dependsOn": [ "some-library1", "some-library2" ], "ref": "some-component" }, { "ref": "some-library1" }, { "ref": "some-library2" } ], "metadata": { "component": { "bom-ref": "myApp", "name": "myApp", "type": "application" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_for_issue540_duplicate_components-1.4.xml.bin000066400000000000000000000017661476011761300340040ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 myApp some-component some-library some-library get_bom_for_issue540_duplicate_components-1.5.json.bin000066400000000000000000000022101476011761300341370ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "some-component", "name": "some-component", "type": "library" }, { "bom-ref": "some-library1", "name": "some-library", "type": "library" }, { "bom-ref": "some-library2", "name": "some-library", "type": "library" } ], "dependencies": [ { "dependsOn": [ "some-component" ], "ref": "myApp" }, { "dependsOn": [ "some-library1", "some-library2" ], "ref": "some-component" }, { "ref": "some-library1" }, { "ref": "some-library2" } ], "metadata": { "component": { "bom-ref": "myApp", "name": "myApp", "type": "application" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_for_issue540_duplicate_components-1.5.xml.bin000066400000000000000000000021511476011761300337720ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 myApp some-component some-library some-library val1 val2 get_bom_for_issue540_duplicate_components-1.6.json.bin000066400000000000000000000022101476011761300341400ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "some-component", "name": "some-component", "type": "library" }, { "bom-ref": "some-library1", "name": "some-library", "type": "library" }, { "bom-ref": "some-library2", "name": "some-library", "type": "library" } ], "dependencies": [ { "dependsOn": [ "some-component" ], "ref": "myApp" }, { "dependsOn": [ "some-library1", "some-library2" ], "ref": "some-component" }, { "ref": "some-library1" }, { "ref": "some-library2" } ], "metadata": { "component": { "bom-ref": "myApp", "name": "myApp", "type": "application" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_for_issue540_duplicate_components-1.6.xml.bin000066400000000000000000000021511476011761300337730ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 myApp some-component some-library some-library val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_275_components-1.0.xml.bin000066400000000000000000000011241476011761300321550ustar00rootroot00000000000000 comp_a 1.0.0 false comp_b 1.0.0 false comp_c 1.0.0 false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_275_components-1.1.xml.bin000066400000000000000000000012671476011761300321660ustar00rootroot00000000000000 comp_a 1.0.0 comp_b 1.0.0 comp_c 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_275_components-1.2.json.bin000066400000000000000000000026171476011761300323400ustar00rootroot00000000000000{ "components": [ { "bom-ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda", "name": "comp_a", "type": "library", "version": "1.0.0" }, { "bom-ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857", "components": [ { "bom-ref": "cd3e9c95-9d41-49e7-9924-8cf0465ae789", "name": "comp_c", "type": "library", "version": "1.0.0" } ], "name": "comp_b", "type": "library", "version": "1.0.0" } ], "dependencies": [ { "dependsOn": [ "cd3e9c95-9d41-49e7-9924-8cf0465ae789" ], "ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857" }, { "ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda" }, { "dependsOn": [ "0b049d09-64c0-4490-a0f5-c84d9aacf857", "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda" ], "ref": "be2c6502-7e9a-47db-9a66-e34f729810a3" }, { "ref": "cd3e9c95-9d41-49e7-9924-8cf0465ae789" } ], "metadata": { "component": { "bom-ref": "be2c6502-7e9a-47db-9a66-e34f729810a3", "name": "app", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_275_components-1.2.xml.bin000066400000000000000000000026311476011761300321630ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app 1.0.0 comp_a 1.0.0 comp_b 1.0.0 comp_c 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_275_components-1.3.json.bin000066400000000000000000000026171476011761300323410ustar00rootroot00000000000000{ "components": [ { "bom-ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda", "name": "comp_a", "type": "library", "version": "1.0.0" }, { "bom-ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857", "components": [ { "bom-ref": "cd3e9c95-9d41-49e7-9924-8cf0465ae789", "name": "comp_c", "type": "library", "version": "1.0.0" } ], "name": "comp_b", "type": "library", "version": "1.0.0" } ], "dependencies": [ { "dependsOn": [ "cd3e9c95-9d41-49e7-9924-8cf0465ae789" ], "ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857" }, { "ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda" }, { "dependsOn": [ "0b049d09-64c0-4490-a0f5-c84d9aacf857", "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda" ], "ref": "be2c6502-7e9a-47db-9a66-e34f729810a3" }, { "ref": "cd3e9c95-9d41-49e7-9924-8cf0465ae789" } ], "metadata": { "component": { "bom-ref": "be2c6502-7e9a-47db-9a66-e34f729810a3", "name": "app", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_275_components-1.3.xml.bin000066400000000000000000000026311476011761300321640ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app 1.0.0 comp_a 1.0.0 comp_b 1.0.0 comp_c 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_275_components-1.4.json.bin000066400000000000000000000026161476011761300323410ustar00rootroot00000000000000{ "components": [ { "bom-ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda", "name": "comp_a", "type": "library", "version": "1.0.0" }, { "bom-ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857", "components": [ { "bom-ref": "cd3e9c95-9d41-49e7-9924-8cf0465ae789", "name": "comp_c", "type": "library", "version": "1.0.0" } ], "name": "comp_b", "type": "library", "version": "1.0.0" } ], "dependencies": [ { "dependsOn": [ "cd3e9c95-9d41-49e7-9924-8cf0465ae789" ], "ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857" }, { "ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda" }, { "dependsOn": [ "0b049d09-64c0-4490-a0f5-c84d9aacf857", "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda" ], "ref": "be2c6502-7e9a-47db-9a66-e34f729810a3" }, { "ref": "cd3e9c95-9d41-49e7-9924-8cf0465ae789" } ], "metadata": { "component": { "bom-ref": "be2c6502-7e9a-47db-9a66-e34f729810a3", "name": "app", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_275_components-1.4.xml.bin000066400000000000000000000026311476011761300321650ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app 1.0.0 comp_a 1.0.0 comp_b 1.0.0 comp_c 1.0.0 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_275_components-1.5.json.bin000066400000000000000000000030261476011761300323360ustar00rootroot00000000000000{ "components": [ { "bom-ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda", "name": "comp_a", "type": "library", "version": "1.0.0" }, { "bom-ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857", "components": [ { "bom-ref": "cd3e9c95-9d41-49e7-9924-8cf0465ae789", "name": "comp_c", "type": "library", "version": "1.0.0" } ], "name": "comp_b", "type": "library", "version": "1.0.0" } ], "dependencies": [ { "dependsOn": [ "cd3e9c95-9d41-49e7-9924-8cf0465ae789" ], "ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857" }, { "ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda" }, { "dependsOn": [ "0b049d09-64c0-4490-a0f5-c84d9aacf857", "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda" ], "ref": "be2c6502-7e9a-47db-9a66-e34f729810a3" }, { "ref": "cd3e9c95-9d41-49e7-9924-8cf0465ae789" } ], "metadata": { "component": { "bom-ref": "be2c6502-7e9a-47db-9a66-e34f729810a3", "name": "app", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_275_components-1.5.xml.bin000066400000000000000000000030141476011761300321620ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app 1.0.0 comp_a 1.0.0 comp_b 1.0.0 comp_c 1.0.0 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_275_components-1.6.json.bin000066400000000000000000000030261476011761300323370ustar00rootroot00000000000000{ "components": [ { "bom-ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda", "name": "comp_a", "type": "library", "version": "1.0.0" }, { "bom-ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857", "components": [ { "bom-ref": "cd3e9c95-9d41-49e7-9924-8cf0465ae789", "name": "comp_c", "type": "library", "version": "1.0.0" } ], "name": "comp_b", "type": "library", "version": "1.0.0" } ], "dependencies": [ { "dependsOn": [ "cd3e9c95-9d41-49e7-9924-8cf0465ae789" ], "ref": "0b049d09-64c0-4490-a0f5-c84d9aacf857" }, { "ref": "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda" }, { "dependsOn": [ "0b049d09-64c0-4490-a0f5-c84d9aacf857", "17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda" ], "ref": "be2c6502-7e9a-47db-9a66-e34f729810a3" }, { "ref": "cd3e9c95-9d41-49e7-9924-8cf0465ae789" } ], "metadata": { "component": { "bom-ref": "be2c6502-7e9a-47db-9a66-e34f729810a3", "name": "app", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_275_components-1.6.xml.bin000066400000000000000000000030141476011761300321630ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app 1.0.0 comp_a 1.0.0 comp_b 1.0.0 comp_c 1.0.0 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_328_components-1.0.xml.bin000066400000000000000000000012261476011761300321570ustar00rootroot00000000000000 A 0.1 false B 1.0 false C 1.0 false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_328_components-1.1.xml.bin000066400000000000000000000012461476011761300321620ustar00rootroot00000000000000 A 0.1 B 1.0 C 1.0 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_328_components-1.2.json.bin000066400000000000000000000023371476011761300323360ustar00rootroot00000000000000{ "components": [ { "bom-ref": "component-A", "components": [ { "bom-ref": "component-B", "components": [ { "bom-ref": "component-C", "name": "C", "type": "library", "version": "1.0" } ], "name": "B", "type": "library", "version": "1.0" } ], "name": "A", "type": "library", "version": "0.1" } ], "dependencies": [ { "dependsOn": [ "component-B" ], "ref": "component-A" }, { "dependsOn": [ "component-C" ], "ref": "component-B" }, { "ref": "component-C" }, { "dependsOn": [ "component-A" ], "ref": "my-project" } ], "metadata": { "component": { "bom-ref": "my-project", "name": "my-project", "type": "application", "version": "1" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_328_components-1.2.xml.bin000066400000000000000000000023261476011761300321630ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 my-project 1 A 0.1 B 1.0 C 1.0 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_328_components-1.3.json.bin000066400000000000000000000023371476011761300323370ustar00rootroot00000000000000{ "components": [ { "bom-ref": "component-A", "components": [ { "bom-ref": "component-B", "components": [ { "bom-ref": "component-C", "name": "C", "type": "library", "version": "1.0" } ], "name": "B", "type": "library", "version": "1.0" } ], "name": "A", "type": "library", "version": "0.1" } ], "dependencies": [ { "dependsOn": [ "component-B" ], "ref": "component-A" }, { "dependsOn": [ "component-C" ], "ref": "component-B" }, { "ref": "component-C" }, { "dependsOn": [ "component-A" ], "ref": "my-project" } ], "metadata": { "component": { "bom-ref": "my-project", "name": "my-project", "type": "application", "version": "1" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_328_components-1.3.xml.bin000066400000000000000000000023261476011761300321640ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 my-project 1 A 0.1 B 1.0 C 1.0 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_328_components-1.4.json.bin000066400000000000000000000023361476011761300323370ustar00rootroot00000000000000{ "components": [ { "bom-ref": "component-A", "components": [ { "bom-ref": "component-B", "components": [ { "bom-ref": "component-C", "name": "C", "type": "library", "version": "1.0" } ], "name": "B", "type": "library", "version": "1.0" } ], "name": "A", "type": "library", "version": "0.1" } ], "dependencies": [ { "dependsOn": [ "component-B" ], "ref": "component-A" }, { "dependsOn": [ "component-C" ], "ref": "component-B" }, { "ref": "component-C" }, { "dependsOn": [ "component-A" ], "ref": "my-project" } ], "metadata": { "component": { "bom-ref": "my-project", "name": "my-project", "type": "application", "version": "1" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_328_components-1.4.xml.bin000066400000000000000000000023261476011761300321650ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 my-project 1 A 0.1 B 1.0 C 1.0 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_328_components-1.5.json.bin000066400000000000000000000025461476011761300323430ustar00rootroot00000000000000{ "components": [ { "bom-ref": "component-A", "components": [ { "bom-ref": "component-B", "components": [ { "bom-ref": "component-C", "name": "C", "type": "library", "version": "1.0" } ], "name": "B", "type": "library", "version": "1.0" } ], "name": "A", "type": "library", "version": "0.1" } ], "dependencies": [ { "dependsOn": [ "component-B" ], "ref": "component-A" }, { "dependsOn": [ "component-C" ], "ref": "component-B" }, { "ref": "component-C" }, { "dependsOn": [ "component-A" ], "ref": "my-project" } ], "metadata": { "component": { "bom-ref": "my-project", "name": "my-project", "type": "application", "version": "1" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_328_components-1.5.xml.bin000066400000000000000000000025111476011761300321620ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 my-project 1 A 0.1 B 1.0 C 1.0 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_328_components-1.6.json.bin000066400000000000000000000025461476011761300323440ustar00rootroot00000000000000{ "components": [ { "bom-ref": "component-A", "components": [ { "bom-ref": "component-B", "components": [ { "bom-ref": "component-C", "name": "C", "type": "library", "version": "1.0" } ], "name": "B", "type": "library", "version": "1.0" } ], "name": "A", "type": "library", "version": "0.1" } ], "dependencies": [ { "dependsOn": [ "component-B" ], "ref": "component-A" }, { "dependsOn": [ "component-C" ], "ref": "component-B" }, { "ref": "component-C" }, { "dependsOn": [ "component-A" ], "ref": "my-project" } ], "metadata": { "component": { "bom-ref": "my-project", "name": "my-project", "type": "application", "version": "1" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_328_components-1.6.xml.bin000066400000000000000000000025111476011761300321630ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 my-project 1 A 0.1 B 1.0 C 1.0 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_497_urls-1.0.xml.bin000066400000000000000000000003661476011761300307720ustar00rootroot00000000000000 dummy false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_497_urls-1.1.xml.bin000066400000000000000000000015601476011761300307700ustar00rootroot00000000000000 dummy https://acme.org nothing special https://acme.org/?bar%5b23%5D=42 pre-encoded https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&quote=%22test%22is%27test%27 control characters cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.json.bin000066400000000000000000000017201476011761300311400ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "externalReferences": [ { "comment": "nothing special", "type": "other", "url": "https://acme.org" }, { "comment": "pre-encoded", "type": "other", "url": "https://acme.org/?bar%5b23%5D=42" }, { "comment": "control characters", "type": "other", "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D"e=%22test%22is%27test%27" } ], "name": "dummy", "type": "library", "version": "" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_497_urls-1.2.xml.bin000066400000000000000000000020101476011761300307600ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy https://acme.org nothing special https://acme.org/?bar%5b23%5D=42 pre-encoded https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&quote=%22test%22is%27test%27 control characters cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.json.bin000066400000000000000000000017201476011761300311410ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "externalReferences": [ { "comment": "nothing special", "type": "other", "url": "https://acme.org" }, { "comment": "pre-encoded", "type": "other", "url": "https://acme.org/?bar%5b23%5D=42" }, { "comment": "control characters", "type": "other", "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D"e=%22test%22is%27test%27" } ], "name": "dummy", "type": "library", "version": "" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_497_urls-1.3.xml.bin000066400000000000000000000020101476011761300307610ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy https://acme.org nothing special https://acme.org/?bar%5b23%5D=42 pre-encoded https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&quote=%22test%22is%27test%27 control characters cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.json.bin000066400000000000000000000016721476011761300311500ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "externalReferences": [ { "comment": "nothing special", "type": "other", "url": "https://acme.org" }, { "comment": "pre-encoded", "type": "other", "url": "https://acme.org/?bar%5b23%5D=42" }, { "comment": "control characters", "type": "other", "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D"e=%22test%22is%27test%27" } ], "name": "dummy", "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_497_urls-1.4.xml.bin000066400000000000000000000017671476011761300310040ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy https://acme.org nothing special https://acme.org/?bar%5b23%5D=42 pre-encoded https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&quote=%22test%22is%27test%27 control characters cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.json.bin000066400000000000000000000021021476011761300311360ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "externalReferences": [ { "comment": "nothing special", "type": "other", "url": "https://acme.org" }, { "comment": "pre-encoded", "type": "other", "url": "https://acme.org/?bar%5b23%5D=42" }, { "comment": "control characters", "type": "other", "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D"e=%22test%22is%27test%27" } ], "name": "dummy", "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_497_urls-1.5.xml.bin000066400000000000000000000021521476011761300307720ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy https://acme.org nothing special https://acme.org/?bar%5b23%5D=42 pre-encoded https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&quote=%22test%22is%27test%27 control characters val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.json.bin000066400000000000000000000021021476011761300311370ustar00rootroot00000000000000{ "components": [ { "bom-ref": "dummy", "externalReferences": [ { "comment": "nothing special", "type": "other", "url": "https://acme.org" }, { "comment": "pre-encoded", "type": "other", "url": "https://acme.org/?bar%5b23%5D=42" }, { "comment": "control characters", "type": "other", "url": "https://acme.org/?foo=sp%20ace&bar%5B23%5D=42<=1%3C2>=3%3E2&cb=%7Blol%7D"e=%22test%22is%27test%27" } ], "name": "dummy", "type": "library" } ], "dependencies": [ { "ref": "dummy" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_497_urls-1.6.xml.bin000066400000000000000000000021521476011761300307730ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 dummy https://acme.org nothing special https://acme.org/?bar%5b23%5D=42 pre-encoded https://acme.org/?foo=sp%20ace&bar%5B23%5D=42&lt=1%3C2&gt=3%3E2&cb=%7Blol%7D&quote=%22test%22is%27test%27 control characters val1 val2 get_bom_for_issue_598_multiple_components_with_purl_qualifiers-1.0.xml.bin000066400000000000000000000011051476011761300403410ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots dummy 2.3.5 pkg:pypi/pathlib2@2.3.5 false dummy 2.3.5 pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6 false get_bom_for_issue_598_multiple_components_with_purl_qualifiers-1.1.xml.bin000066400000000000000000000011441476011761300403450ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots dummy 2.3.5 pkg:pypi/pathlib2@2.3.5 dummy 2.3.5 pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6 get_bom_for_issue_598_multiple_components_with_purl_qualifiers-1.2.json.bin000066400000000000000000000014411476011761300405170ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "dummy-a", "name": "dummy", "purl": "pkg:pypi/pathlib2@2.3.5", "type": "library", "version": "2.3.5" }, { "bom-ref": "dummy-b", "name": "dummy", "purl": "pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6", "type": "library", "version": "2.3.5" } ], "dependencies": [ { "ref": "dummy-a" }, { "ref": "dummy-b" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_for_issue_598_multiple_components_with_purl_qualifiers-1.2.xml.bin000066400000000000000000000014361476011761300403520ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 dummy 2.3.5 pkg:pypi/pathlib2@2.3.5 dummy 2.3.5 pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6 get_bom_for_issue_598_multiple_components_with_purl_qualifiers-1.3.json.bin000066400000000000000000000014411476011761300405200ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "dummy-a", "name": "dummy", "purl": "pkg:pypi/pathlib2@2.3.5", "type": "library", "version": "2.3.5" }, { "bom-ref": "dummy-b", "name": "dummy", "purl": "pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6", "type": "library", "version": "2.3.5" } ], "dependencies": [ { "ref": "dummy-a" }, { "ref": "dummy-b" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_for_issue_598_multiple_components_with_purl_qualifiers-1.3.xml.bin000066400000000000000000000014361476011761300403530ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 dummy 2.3.5 pkg:pypi/pathlib2@2.3.5 dummy 2.3.5 pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6 get_bom_for_issue_598_multiple_components_with_purl_qualifiers-1.4.json.bin000066400000000000000000000014401476011761300405200ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "dummy-a", "name": "dummy", "purl": "pkg:pypi/pathlib2@2.3.5", "type": "library", "version": "2.3.5" }, { "bom-ref": "dummy-b", "name": "dummy", "purl": "pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6", "type": "library", "version": "2.3.5" } ], "dependencies": [ { "ref": "dummy-a" }, { "ref": "dummy-b" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_for_issue_598_multiple_components_with_purl_qualifiers-1.4.xml.bin000066400000000000000000000014361476011761300403540ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 dummy 2.3.5 pkg:pypi/pathlib2@2.3.5 dummy 2.3.5 pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6 get_bom_for_issue_598_multiple_components_with_purl_qualifiers-1.5.json.bin000066400000000000000000000016501476011761300405240ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "dummy-a", "name": "dummy", "purl": "pkg:pypi/pathlib2@2.3.5", "type": "library", "version": "2.3.5" }, { "bom-ref": "dummy-b", "name": "dummy", "purl": "pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6", "type": "library", "version": "2.3.5" } ], "dependencies": [ { "ref": "dummy-a" }, { "ref": "dummy-b" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_for_issue_598_multiple_components_with_purl_qualifiers-1.5.xml.bin000066400000000000000000000016211476011761300403510ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 dummy 2.3.5 pkg:pypi/pathlib2@2.3.5 dummy 2.3.5 pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6 val1 val2 get_bom_for_issue_598_multiple_components_with_purl_qualifiers-1.6.json.bin000066400000000000000000000016501476011761300405250ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "dummy-a", "name": "dummy", "purl": "pkg:pypi/pathlib2@2.3.5", "type": "library", "version": "2.3.5" }, { "bom-ref": "dummy-b", "name": "dummy", "purl": "pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6", "type": "library", "version": "2.3.5" } ], "dependencies": [ { "ref": "dummy-a" }, { "ref": "dummy-b" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_for_issue_598_multiple_components_with_purl_qualifiers-1.6.xml.bin000066400000000000000000000016211476011761300403520ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 dummy 2.3.5 pkg:pypi/pathlib2@2.3.5 dummy 2.3.5 pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_630_empty_property-1.0.xml.bin000066400000000000000000000004071476011761300330700ustar00rootroot00000000000000 example 15.8.0 false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_630_empty_property-1.1.xml.bin000066400000000000000000000004741476011761300330750ustar00rootroot00000000000000 example 15.8.0 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_630_empty_property-1.2.json.bin000066400000000000000000000007501476011761300332440ustar00rootroot00000000000000{ "components": [ { "bom-ref": "example@15.8.0", "name": "example", "type": "library", "version": "15.8.0" } ], "dependencies": [ { "ref": "example@15.8.0" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_630_empty_property-1.2.xml.bin000066400000000000000000000007351476011761300330760ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 example 15.8.0 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_630_empty_property-1.3.json.bin000066400000000000000000000011041476011761300332370ustar00rootroot00000000000000{ "components": [ { "bom-ref": "example@15.8.0", "name": "example", "properties": [ { "name": "cdx:npm:package:path" } ], "type": "library", "version": "15.8.0" } ], "dependencies": [ { "ref": "example@15.8.0" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_630_empty_property-1.3.xml.bin000066400000000000000000000010641476011761300330730ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 example 15.8.0 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_630_empty_property-1.4.json.bin000066400000000000000000000011031476011761300332370ustar00rootroot00000000000000{ "components": [ { "bom-ref": "example@15.8.0", "name": "example", "properties": [ { "name": "cdx:npm:package:path" } ], "type": "library", "version": "15.8.0" } ], "dependencies": [ { "ref": "example@15.8.0" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_630_empty_property-1.4.xml.bin000066400000000000000000000010641476011761300330740ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 example 15.8.0 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_630_empty_property-1.5.json.bin000066400000000000000000000013131476011761300332430ustar00rootroot00000000000000{ "components": [ { "bom-ref": "example@15.8.0", "name": "example", "properties": [ { "name": "cdx:npm:package:path" } ], "type": "library", "version": "15.8.0" } ], "dependencies": [ { "ref": "example@15.8.0" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_630_empty_property-1.5.xml.bin000066400000000000000000000012471476011761300331000ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 example 15.8.0 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_630_empty_property-1.6.json.bin000066400000000000000000000013131476011761300332440ustar00rootroot00000000000000{ "components": [ { "bom-ref": "example@15.8.0", "name": "example", "properties": [ { "name": "cdx:npm:package:path" } ], "type": "library", "version": "15.8.0" } ], "dependencies": [ { "ref": "example@15.8.0" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_for_issue_630_empty_property-1.6.xml.bin000066400000000000000000000012471476011761300331010ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 example 15.8.0 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_just_complete_metadata-1.0.xml.bin000066400000000000000000000001541476011761300320340ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_just_complete_metadata-1.1.xml.bin000066400000000000000000000002511476011761300320330ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_just_complete_metadata-1.2.json.bin000066400000000000000000000203221476011761300322060ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-dings" } ], "metadata": { "authors": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "component": { "author": "Test Author", "bom-ref": "my-specific-bom-ref-for-dings", "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "copyright": "Apache 2.0 baby!", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "description": "This component is awesome", "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "pedigree": { "ancestors": [ { "author": "Test Author", "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "author": "Test Author", "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library", "version": "" } ], "commits": [ { "message": "A commit message", "uid": "a-random-uid" } ], "descendants": [ { "author": "Test Author", "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library", "version": "" }, { "bom-ref": "555ca729-93c6-48f3-956e-bdaa4a2f0bfa", "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "notes": "Some notes here please", "patches": [ { "diff": { "text": { "content": "LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo=", "contentType": "text/x-diff", "encoding": "base64" }, "url": "https://acme.com/my-patch.diff" }, "type": "backport" } ], "variants": [ { "author": "Test Author", "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "e7abdcca-5ba2-4f29-b2cf-b1e1ef788e66", "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ] }, "publisher": "CycloneDX", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "scope": "required", "supplier": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "swid": { "name": "Test Application", "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "text": { "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==", "contentType": "text/xml", "encoding": "base64" }, "version": "3.4.5" }, "type": "library", "version": "50.3.2" }, "manufacture": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "supplier": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" } ], "name": "Cyclone DX", "url": [ "https://cyclonedx.org/" ] }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_just_complete_metadata-1.2.xml.bin000066400000000000000000000177271476011761300320540ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Test Author CycloneDX setuptools 50.3.2 This component is awesome required MIT Apache 2.0 baby! cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment a-random-uid A commit message LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo= https://acme.com/my-patch.diff Some notes here please https://cyclonedx.org No comment Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Cyclone DX https://cyclonedx.org/ A N Other someone@somewhere.tld +44 (0)1234 567890 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_just_complete_metadata-1.3.json.bin000066400000000000000000000236201476011761300322130ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-dings" } ], "metadata": { "authors": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "component": { "author": "Test Author", "bom-ref": "my-specific-bom-ref-for-dings", "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "copyright": "Apache 2.0 baby!", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "description": "This component is awesome", "evidence": { "copyright": [ { "text": "Commercial" }, { "text": "Commercial 2" } ] }, "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "pedigree": { "ancestors": [ { "author": "Test Author", "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "author": "Test Author", "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library", "version": "" } ], "commits": [ { "message": "A commit message", "uid": "a-random-uid" } ], "descendants": [ { "author": "Test Author", "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library", "version": "" }, { "bom-ref": "555ca729-93c6-48f3-956e-bdaa4a2f0bfa", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "notes": "Some notes here please", "patches": [ { "diff": { "text": { "content": "LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo=", "contentType": "text/x-diff", "encoding": "base64" }, "url": "https://acme.com/my-patch.diff" }, "type": "backport" } ], "variants": [ { "author": "Test Author", "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "e7abdcca-5ba2-4f29-b2cf-b1e1ef788e66", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "publisher": "CycloneDX", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "scope": "required", "supplier": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "swid": { "name": "Test Application", "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "text": { "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==", "contentType": "text/xml", "encoding": "base64" }, "version": "3.4.5" }, "type": "library", "version": "50.3.2" }, "licenses": [ { "license": { "id": "Apache-2.0", "text": { "content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=", "contentType": "text/plain", "encoding": "base64" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ], "manufacture": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "supplier": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" } ], "name": "Cyclone DX", "url": [ "https://cyclonedx.org/" ] }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_just_complete_metadata-1.3.xml.bin000066400000000000000000000223701476011761300320430ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Test Author CycloneDX setuptools 50.3.2 This component is awesome required MIT Apache 2.0 baby! cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b a-random-uid A commit message LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo= https://acme.com/my-patch.diff Some notes here please https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Commercial Commercial 2 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Cyclone DX https://cyclonedx.org/ A N Other someone@somewhere.tld +44 (0)1234 567890 Apache-2.0 VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE= https://www.apache.org/licenses/LICENSE-2.0.txt val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_just_complete_metadata-1.4.json.bin000066400000000000000000000271651476011761300322240ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-dings" } ], "metadata": { "authors": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "component": { "author": "Test Author", "bom-ref": "my-specific-bom-ref-for-dings", "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "copyright": "Apache 2.0 baby!", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "description": "This component is awesome", "evidence": { "copyright": [ { "text": "Commercial" }, { "text": "Commercial 2" } ] }, "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "pedigree": { "ancestors": [ { "author": "Test Author", "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "author": "Test Author", "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" } ], "commits": [ { "message": "A commit message", "uid": "a-random-uid" } ], "descendants": [ { "author": "Test Author", "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" }, { "bom-ref": "555ca729-93c6-48f3-956e-bdaa4a2f0bfa", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "notes": "Some notes here please", "patches": [ { "diff": { "text": { "content": "LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo=", "contentType": "text/x-diff", "encoding": "base64" }, "url": "https://acme.com/my-patch.diff" }, "type": "backport" } ], "variants": [ { "author": "Test Author", "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "e7abdcca-5ba2-4f29-b2cf-b1e1ef788e66", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "publisher": "CycloneDX", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "scope": "required", "supplier": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "swid": { "name": "Test Application", "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "text": { "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==", "contentType": "text/xml", "encoding": "base64" }, "version": "3.4.5" }, "type": "library", "version": "50.3.2" }, "licenses": [ { "license": { "id": "Apache-2.0", "text": { "content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=", "contentType": "text/plain", "encoding": "base64" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ], "manufacture": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "supplier": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" } ], "name": "Cyclone DX", "url": [ "https://cyclonedx.org/" ] }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_just_complete_metadata-1.4.xml.bin000066400000000000000000000257041476011761300320500ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Test Author CycloneDX setuptools 50.3.2 This component is awesome required MIT Apache 2.0 baby! cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b a-random-uid A commit message LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo= https://acme.com/my-patch.diff Some notes here please https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Commercial Commercial 2 major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Cyclone DX https://cyclonedx.org/ A N Other someone@somewhere.tld +44 (0)1234 567890 Apache-2.0 VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE= https://www.apache.org/licenses/LICENSE-2.0.txt val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_just_complete_metadata-1.5.json.bin000066400000000000000000000275011476011761300322170ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-dings" } ], "metadata": { "authors": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "component": { "author": "Test Author", "bom-ref": "my-specific-bom-ref-for-dings", "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "copyright": "Apache 2.0 baby!", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "description": "This component is awesome", "evidence": { "copyright": [ { "text": "Commercial" }, { "text": "Commercial 2" } ] }, "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "pedigree": { "ancestors": [ { "author": "Test Author", "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "author": "Test Author", "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" } ], "commits": [ { "message": "A commit message", "uid": "a-random-uid" } ], "descendants": [ { "author": "Test Author", "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" }, { "bom-ref": "555ca729-93c6-48f3-956e-bdaa4a2f0bfa", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "notes": "Some notes here please", "patches": [ { "diff": { "text": { "content": "LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo=", "contentType": "text/x-diff", "encoding": "base64" }, "url": "https://acme.com/my-patch.diff" }, "type": "backport" } ], "variants": [ { "author": "Test Author", "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "e7abdcca-5ba2-4f29-b2cf-b1e1ef788e66", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "publisher": "CycloneDX", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "scope": "required", "supplier": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "swid": { "name": "Test Application", "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "text": { "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==", "contentType": "text/xml", "encoding": "base64" }, "version": "3.4.5" }, "type": "library", "version": "50.3.2" }, "licenses": [ { "license": { "id": "Apache-2.0", "text": { "content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=", "contentType": "text/plain", "encoding": "base64" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ], "lifecycles": [ { "phase": "build" } ], "manufacture": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "supplier": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" } ], "name": "Cyclone DX", "url": [ "https://cyclonedx.org/" ] }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_just_complete_metadata-1.5.xml.bin000066400000000000000000000262341476011761300320500ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 build A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Test Author CycloneDX setuptools 50.3.2 This component is awesome required MIT Apache 2.0 baby! cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b a-random-uid A commit message LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo= https://acme.com/my-patch.diff Some notes here please https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Commercial Commercial 2 major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Cyclone DX https://cyclonedx.org/ A N Other someone@somewhere.tld +44 (0)1234 567890 Apache-2.0 VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE= https://www.apache.org/licenses/LICENSE-2.0.txt val1 val2 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_just_complete_metadata-1.6.json.bin000066400000000000000000000317161476011761300322230ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-dings" } ], "metadata": { "authors": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "component": { "author": "Test Author", "bom-ref": "my-specific-bom-ref-for-dings", "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "copyright": "Apache 2.0 baby!", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "description": "This component is awesome", "evidence": { "copyright": [ { "text": "Commercial" }, { "text": "Commercial 2" } ] }, "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "licenses": [ { "license": { "id": "MIT" } } ], "manufacturer": { "address": { "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "name": "setuptools", "pedigree": { "ancestors": [ { "author": "Test Author", "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "author": "Test Author", "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" } ], "commits": [ { "message": "A commit message", "uid": "a-random-uid" } ], "descendants": [ { "author": "Test Author", "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" }, { "bom-ref": "555ca729-93c6-48f3-956e-bdaa4a2f0bfa", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "notes": "Some notes here please", "patches": [ { "diff": { "text": { "content": "LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo=", "contentType": "text/x-diff", "encoding": "base64" }, "url": "https://acme.com/my-patch.diff" }, "type": "backport" } ], "variants": [ { "author": "Test Author", "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "e7abdcca-5ba2-4f29-b2cf-b1e1ef788e66", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "publisher": "CycloneDX", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "scope": "required", "supplier": { "address": { "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "swid": { "name": "Test Application", "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "text": { "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==", "contentType": "text/xml", "encoding": "base64" }, "version": "3.4.5" }, "type": "library", "version": "50.3.2" }, "licenses": [ { "license": { "id": "Apache-2.0", "text": { "content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=", "contentType": "text/plain", "encoding": "base64" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ], "lifecycles": [ { "phase": "build" } ], "manufacture": { "address": { "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "supplier": { "address": { "country": "US", "locality": "Austin", "postOfficeBoxNumber": "105a", "postalCode": "12345", "region": "Texas", "streetAddress": "100 Yee-Ha Street" }, "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" } ], "name": "Cyclone DX", "url": [ "https://cyclonedx.org/" ] }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_just_complete_metadata-1.6.xml.bin000066400000000000000000000306761476011761300320560ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 build A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org CycloneDX
GB England Cheshire 100 Main Street
https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org CycloneDX
GB England Cheshire 100 Main Street
https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Test Author CycloneDX setuptools 50.3.2 This component is awesome required MIT Apache 2.0 baby! cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b a-random-uid A commit message LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo= https://acme.com/my-patch.diff Some notes here please https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Commercial Commercial 2 major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 CycloneDX
GB England Cheshire 100 Main Street
https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Cyclone DX
US Texas Austin 105a 12345 100 Yee-Ha Street
https://cyclonedx.org/ A N Other someone@somewhere.tld +44 (0)1234 567890 Apache-2.0 VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE= https://www.apache.org/licenses/LICENSE-2.0.txt val1 val2 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_v1_6_with_crypto_algorithm-1.6.json.bin000066400000000000000000000026631476011761300327610ustar00rootroot00000000000000{ "components": [ { "bom-ref": "8182921e-0588-472e-b8f9-9c527c68f067", "cryptoProperties": { "algorithmProperties": { "certificationLevel": [ "fips140-1-l1", "fips140-2-l3", "other" ], "classicalSecurityLevel": 2, "cryptoFunctions": [ "sign", "unknown" ], "curve": "9n8y2oxty3ao83n8qc2g2x3qcw4jt4wj", "executionEnvironment": "software-plain-ram", "implementationPlatform": "generic", "mode": "ecb", "nistQuantumSecurityLevel": 2, "padding": "pkcs7", "parameterSetIdentifier": "a-parameter-set-id", "primitive": "kem" }, "assetType": "algorithm", "oid": "an-oid-here" }, "name": "My Algorithm", "tags": [ "algorithm" ], "type": "cryptographic-asset", "version": "1.0" } ], "dependencies": [ { "ref": "8182921e-0588-472e-b8f9-9c527c68f067" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_v1_6_with_crypto_algorithm-1.6.xml.bin000066400000000000000000000033111476011761300325770ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 My Algorithm 1.0 algorithm kem a-parameter-set-id 9n8y2oxty3ao83n8qc2g2x3qcw4jt4wj software-plain-ram generic fips140-1-l1 fips140-2-l3 other ecb pkcs7 sign unknown 2 2 an-oid-here algorithm val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_v1_6_with_crypto_certificate-1.6.json.bin000066400000000000000000000022211476011761300332430ustar00rootroot00000000000000{ "components": [ { "bom-ref": "1f4ed1e4-582a-4fa0-8c38-1b4facc16972", "cryptoProperties": { "assetType": "certificate", "certificateProperties": { "certificateExtension": "csr", "certificateFormat": "pem", "issuerName": "Cloudflare Inc ECC CA-3", "notValidAfter": "2024-05-19T00:59:59.999999+00:00", "notValidBefore": "2023-05-19T01:00:00+00:00", "subjectName": "cyclonedx.org" }, "oid": "an-oid-here" }, "name": "My Certificate", "tags": [ "certificate" ], "type": "cryptographic-asset", "version": "1.0" } ], "dependencies": [ { "ref": "1f4ed1e4-582a-4fa0-8c38-1b4facc16972" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_v1_6_with_crypto_certificate-1.6.xml.bin000066400000000000000000000023611476011761300330770ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 My Certificate 1.0 certificate cyclonedx.org Cloudflare Inc ECC CA-3 2023-05-19T01:00:00+00:00 2024-05-19T00:59:59.999999+00:00 pem csr an-oid-here certificate val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_v1_6_with_crypto_protocol-1.6.json.bin000066400000000000000000000035541476011761300326340ustar00rootroot00000000000000{ "components": [ { "bom-ref": "26b1ce0f-bec6-4bfe-9db1-03b75a4ed1ec", "cryptoProperties": { "assetType": "protocol", "oid": "an-oid-here", "protocolProperties": { "cipherSuites": [ { "identifiers": [ "TLS_AES_128_CCM_8_SHA256" ], "name": "TLS_AES_128_CCM_8_SHA256" }, { "identifiers": [ "TLS_AES_128_CCM_SHA256" ], "name": "TLS_AES_128_CCM_SHA256" }, { "identifiers": [ "TLS_AES_128_GCM_SHA256" ], "name": "TLS_AES_128_GCM_SHA256" }, { "identifiers": [ "TLS_AES_256_GCM_SHA384" ], "name": "TLS_AES_256_GCM_SHA384" }, { "identifiers": [ "TLS_CHACHA20_POLY1305_SHA256" ], "name": "TLS_CHACHA20_POLY1305_SHA256" } ], "cryptoRefArray": [ "for-test-1", "for-test-2" ], "type": "tls", "version": "1.3" } }, "name": "TLS", "tags": [ "protocl", "tls" ], "type": "cryptographic-asset", "version": "v1.3" } ], "dependencies": [ { "ref": "26b1ce0f-bec6-4bfe-9db1-03b75a4ed1ec" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_v1_6_with_crypto_protocol-1.6.xml.bin000066400000000000000000000042731476011761300324620ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 TLS v1.3 protocol tls 1.3 TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256 TLS_AES_128_GCM_SHA256 TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_CHACHA20_POLY1305_SHA256 for-test-1 for-test-2 an-oid-here protocl tls val1 val2 get_bom_v1_6_with_crypto_related_material-1.6.json.bin000066400000000000000000000025121476011761300342030ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "332b3cee-078c-4789-ab15-887565b6fac5", "cryptoProperties": { "assetType": "related-crypto-material", "oid": "an-oid-here", "relatedCryptoMaterialProperties": { "activationDate": "2023-05-19T01:00:00+00:00", "creationDate": "2023-05-19T01:00:00+00:00", "expirationDate": "2024-05-19T00:59:59.999999+00:00", "format": "a-format", "id": "some-identifier", "securedBy": { "mechanism": "hard-work" }, "size": 32, "state": "active", "type": "digest", "value": "some-random-value" } }, "name": "My Encrypted Thing", "tags": [ "data", "encrypted" ], "type": "cryptographic-asset", "version": "1.0" } ], "dependencies": [ { "ref": "332b3cee-078c-4789-ab15-887565b6fac5" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_v1_6_with_crypto_related_material-1.6.xml.bin000066400000000000000000000026641476011761300340420ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 My Encrypted Thing 1.0 related-crypto-material digest some-identifier active 2023-05-19T01:00:00+00:00 2023-05-19T01:00:00+00:00 2024-05-19T00:59:59.999999+00:00 some-random-value 32 a-format hard-work an-oid-here data encrypted val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.0.xml.bin000066400000000000000000000005111476011761300340130ustar00rootroot00000000000000 setuptools 50.3.2 pkg:pypi/setuptools@50.3.2?extension=tar.gz false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.1.xml.bin000066400000000000000000000007721476011761300340250ustar00rootroot00000000000000 setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_basic-1.2.json.bin000066400000000000000000000013551476011761300341160ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.2.xml.bin000066400000000000000000000013331476011761300340200ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_basic-1.3.json.bin000066400000000000000000000013551476011761300341170ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.3.xml.bin000066400000000000000000000013331476011761300340210ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_basic-1.4.json.bin000066400000000000000000000013541476011761300341170ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.4.xml.bin000066400000000000000000000013331476011761300340220ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_basic-1.5.json.bin000066400000000000000000000015641476011761300341230ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.5.xml.bin000066400000000000000000000015161476011761300340260ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz val1 val2 get_bom_with_component_setuptools_basic-1.6.json.bin000066400000000000000000000015641476011761300341240ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.6.xml.bin000066400000000000000000000015161476011761300340270ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz val1 val2 get_bom_with_component_setuptools_complete-1.0.xml.bin000066400000000000000000000022571476011761300344740ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots CycloneDX setuptools 50.3.2 This component is awesome required Apache 2.0 baby! cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz false setuptools 50.3.2 pkg:pypi/setuptools@50.3.2?extension=tar.gz false toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz false get_bom_with_component_setuptools_complete-1.1.xml.bin000066400000000000000000000116011476011761300344660ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots CycloneDX setuptools 50.3.2 This component is awesome required MIT Apache 2.0 baby! cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz setuptools MIT pkg:pypi/setuptools?extension=tar.gz setuptools MIT pkg:pypi/setuptools?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment a-random-uid A commit message Some notes here please https://cyclonedx.org No comment setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment get_bom_with_component_setuptools_complete-1.2.json.bin000066400000000000000000000165051476011761300346500ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "my-specific-bom-ref-for-dings", "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "copyright": "Apache 2.0 baby!", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "description": "This component is awesome", "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "pedigree": { "ancestors": [ { "author": "Test Author", "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "author": "Test Author", "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library", "version": "" } ], "commits": [ { "message": "A commit message", "uid": "a-random-uid" } ], "descendants": [ { "author": "Test Author", "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library", "version": "" }, { "bom-ref": "555ca729-93c6-48f3-956e-bdaa4a2f0bfa", "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "notes": "Some notes here please", "patches": [ { "diff": { "text": { "content": "LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo=", "contentType": "text/x-diff", "encoding": "base64" }, "url": "https://acme.com/my-patch.diff" }, "type": "backport" } ], "variants": [ { "author": "Test Author", "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "e7abdcca-5ba2-4f29-b2cf-b1e1ef788e66", "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ] }, "publisher": "CycloneDX", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "scope": "required", "supplier": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "swid": { "name": "Test Application", "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "text": { "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==", "contentType": "text/xml", "encoding": "base64" }, "version": "3.4.5" }, "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "my-specific-bom-ref-for-dings" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_with_component_setuptools_complete-1.2.xml.bin000066400000000000000000000161001476011761300344660ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Test Author CycloneDX setuptools 50.3.2 This component is awesome required MIT Apache 2.0 baby! cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment a-random-uid A commit message LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo= https://acme.com/my-patch.diff Some notes here please https://cyclonedx.org No comment Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment get_bom_with_component_setuptools_complete-1.3.json.bin000066400000000000000000000207641476011761300346530ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "my-specific-bom-ref-for-dings", "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "copyright": "Apache 2.0 baby!", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "description": "This component is awesome", "evidence": { "copyright": [ { "text": "Commercial" }, { "text": "Commercial 2" } ] }, "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "pedigree": { "ancestors": [ { "author": "Test Author", "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "author": "Test Author", "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library", "version": "" } ], "commits": [ { "message": "A commit message", "uid": "a-random-uid" } ], "descendants": [ { "author": "Test Author", "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library", "version": "" }, { "bom-ref": "555ca729-93c6-48f3-956e-bdaa4a2f0bfa", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "notes": "Some notes here please", "patches": [ { "diff": { "text": { "content": "LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo=", "contentType": "text/x-diff", "encoding": "base64" }, "url": "https://acme.com/my-patch.diff" }, "type": "backport" } ], "variants": [ { "author": "Test Author", "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "e7abdcca-5ba2-4f29-b2cf-b1e1ef788e66", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "publisher": "CycloneDX", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "scope": "required", "supplier": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "swid": { "name": "Test Application", "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "text": { "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==", "contentType": "text/xml", "encoding": "base64" }, "version": "3.4.5" }, "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "my-specific-bom-ref-for-dings" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_with_component_setuptools_complete-1.3.xml.bin000066400000000000000000000177011476011761300344770ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Test Author CycloneDX setuptools 50.3.2 This component is awesome required MIT Apache 2.0 baby! cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b a-random-uid A commit message LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo= https://acme.com/my-patch.diff Some notes here please https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Commercial Commercial 2 get_bom_with_component_setuptools_complete-1.4.json.bin000066400000000000000000000243311476011761300346460ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "my-specific-bom-ref-for-dings", "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "copyright": "Apache 2.0 baby!", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "description": "This component is awesome", "evidence": { "copyright": [ { "text": "Commercial" }, { "text": "Commercial 2" } ] }, "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "pedigree": { "ancestors": [ { "author": "Test Author", "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "author": "Test Author", "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" } ], "commits": [ { "message": "A commit message", "uid": "a-random-uid" } ], "descendants": [ { "author": "Test Author", "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" }, { "bom-ref": "555ca729-93c6-48f3-956e-bdaa4a2f0bfa", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "notes": "Some notes here please", "patches": [ { "diff": { "text": { "content": "LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo=", "contentType": "text/x-diff", "encoding": "base64" }, "url": "https://acme.com/my-patch.diff" }, "type": "backport" } ], "variants": [ { "author": "Test Author", "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "e7abdcca-5ba2-4f29-b2cf-b1e1ef788e66", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "publisher": "CycloneDX", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "scope": "required", "supplier": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "swid": { "name": "Test Application", "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "text": { "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==", "contentType": "text/xml", "encoding": "base64" }, "version": "3.4.5" }, "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "my-specific-bom-ref-for-dings" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_with_component_setuptools_complete-1.4.xml.bin000066400000000000000000000232151476011761300344750ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Test Author CycloneDX setuptools 50.3.2 This component is awesome required MIT Apache 2.0 baby! cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b a-random-uid A commit message LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo= https://acme.com/my-patch.diff Some notes here please https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Commercial Commercial 2 major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 get_bom_with_component_setuptools_complete-1.5.json.bin000066400000000000000000000245411476011761300346520ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "my-specific-bom-ref-for-dings", "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "copyright": "Apache 2.0 baby!", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "description": "This component is awesome", "evidence": { "copyright": [ { "text": "Commercial" }, { "text": "Commercial 2" } ] }, "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "pedigree": { "ancestors": [ { "author": "Test Author", "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "author": "Test Author", "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" } ], "commits": [ { "message": "A commit message", "uid": "a-random-uid" } ], "descendants": [ { "author": "Test Author", "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" }, { "bom-ref": "555ca729-93c6-48f3-956e-bdaa4a2f0bfa", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "notes": "Some notes here please", "patches": [ { "diff": { "text": { "content": "LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo=", "contentType": "text/x-diff", "encoding": "base64" }, "url": "https://acme.com/my-patch.diff" }, "type": "backport" } ], "variants": [ { "author": "Test Author", "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "e7abdcca-5ba2-4f29-b2cf-b1e1ef788e66", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "publisher": "CycloneDX", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "scope": "required", "supplier": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "swid": { "name": "Test Application", "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "text": { "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==", "contentType": "text/xml", "encoding": "base64" }, "version": "3.4.5" }, "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "my-specific-bom-ref-for-dings" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_with_component_setuptools_complete-1.5.xml.bin000066400000000000000000000234001476011761300344720ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Test Author CycloneDX setuptools 50.3.2 This component is awesome required MIT Apache 2.0 baby! cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b a-random-uid A commit message LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo= https://acme.com/my-patch.diff Some notes here please https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Commercial Commercial 2 major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 val1 val2 get_bom_with_component_setuptools_complete-1.6.json.bin000066400000000000000000000250121476011761300346450ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "my-specific-bom-ref-for-dings", "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "copyright": "Apache 2.0 baby!", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "description": "This component is awesome", "evidence": { "copyright": [ { "text": "Commercial" }, { "text": "Commercial 2" } ] }, "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "pedigree": { "ancestors": [ { "author": "Test Author", "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "author": "Test Author", "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" } ], "commits": [ { "message": "A commit message", "uid": "a-random-uid" } ], "descendants": [ { "author": "Test Author", "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" }, { "bom-ref": "555ca729-93c6-48f3-956e-bdaa4a2f0bfa", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "notes": "Some notes here please", "patches": [ { "diff": { "text": { "content": "LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo=", "contentType": "text/x-diff", "encoding": "base64" }, "url": "https://acme.com/my-patch.diff" }, "type": "backport" } ], "variants": [ { "author": "Test Author", "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "e7abdcca-5ba2-4f29-b2cf-b1e1ef788e66", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "publisher": "CycloneDX", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "scope": "required", "supplier": { "address": { "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "swid": { "name": "Test Application", "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", "text": { "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==", "contentType": "text/xml", "encoding": "base64" }, "version": "3.4.5" }, "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "my-specific-bom-ref-for-dings" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_with_component_setuptools_complete-1.6.xml.bin000066400000000000000000000237111476011761300345000ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX
GB England Cheshire 100 Main Street
https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Test Author CycloneDX setuptools 50.3.2 This component is awesome required MIT Apache 2.0 baby! cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b a-random-uid A commit message LS0tIGZvbwkyMDI0LTAzLTA0IDEyOjQxOjExLjQxODc1OTE0NSArMDEwMAorKysgYmFyCTIwMjQtMDMtMDQgMTI6NDE6MjguMzE1NTE3ODQ3ICswMTAwCkBAIC0xLDIgKzEsMiBAQAotaGVsbG8gd29ybGQuCitIZWxsbyB3b3JsZC4KIAo= https://acme.com/my-patch.diff Some notes here please https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b Commercial Commercial 2 major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 val1 val2 get_bom_with_component_setuptools_no_component_version-1.0.xml.bin000066400000000000000000000004631476011761300371240ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots setuptools pkg:pypi/setuptools?extension=tar.gz false get_bom_with_component_setuptools_no_component_version-1.1.xml.bin000066400000000000000000000007351476011761300371270ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots setuptools MIT pkg:pypi/setuptools?extension=tar.gz get_bom_with_component_setuptools_no_component_version-1.2.json.bin000066400000000000000000000013221476011761300372720ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library", "version": "" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_with_component_setuptools_no_component_version-1.2.xml.bin000066400000000000000000000012671476011761300371310ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz get_bom_with_component_setuptools_no_component_version-1.3.json.bin000066400000000000000000000013221476011761300372730ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library", "version": "" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_with_component_setuptools_no_component_version-1.3.xml.bin000066400000000000000000000012671476011761300371320ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz get_bom_with_component_setuptools_no_component_version-1.4.json.bin000066400000000000000000000012741476011761300373020ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_with_component_setuptools_no_component_version-1.4.xml.bin000066400000000000000000000012461476011761300371300ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz get_bom_with_component_setuptools_no_component_version-1.5.json.bin000066400000000000000000000015041476011761300372770ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_with_component_setuptools_no_component_version-1.5.xml.bin000066400000000000000000000014311476011761300371250ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz val1 val2 get_bom_with_component_setuptools_no_component_version-1.6.json.bin000066400000000000000000000015041476011761300373000ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools?extension=tar.gz", "type": "library" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_with_component_setuptools_no_component_version-1.6.xml.bin000066400000000000000000000014311476011761300371260ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools MIT pkg:pypi/setuptools?extension=tar.gz val1 val2 get_bom_with_component_setuptools_with_cpe-1.0.xml.bin000066400000000000000000000006131476011761300344600ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots setuptools 50.3.2 cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz false get_bom_with_component_setuptools_with_cpe-1.1.xml.bin000066400000000000000000000010741476011761300344630ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots setuptools 50.3.2 MIT cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_cpe-1.2.json.bin000066400000000000000000000014561476011761300346410ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_with_component_setuptools_with_cpe-1.2.xml.bin000066400000000000000000000014351476011761300344650ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_cpe-1.3.json.bin000066400000000000000000000014561476011761300346420ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_with_component_setuptools_with_cpe-1.3.xml.bin000066400000000000000000000014351476011761300344660ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_cpe-1.4.json.bin000066400000000000000000000014551476011761300346420ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_with_component_setuptools_with_cpe-1.4.xml.bin000066400000000000000000000014351476011761300344670ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_cpe-1.5.json.bin000066400000000000000000000016651476011761300346460ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_with_component_setuptools_with_cpe-1.5.xml.bin000066400000000000000000000016201476011761300344640ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz val1 val2 get_bom_with_component_setuptools_with_cpe-1.6.json.bin000066400000000000000000000016651476011761300346470ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_with_component_setuptools_with_cpe-1.6.xml.bin000066400000000000000000000016201476011761300344650ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:* pkg:pypi/setuptools@50.3.2?extension=tar.gz val1 val2 get_bom_with_component_setuptools_with_release_notes-1.0.xml.bin000066400000000000000000000005111476011761300365360ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots setuptools 50.3.2 pkg:pypi/setuptools@50.3.2?extension=tar.gz false get_bom_with_component_setuptools_with_release_notes-1.1.xml.bin000066400000000000000000000007721476011761300365500ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_release_notes-1.2.json.bin000066400000000000000000000013551476011761300367200ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_with_component_setuptools_with_release_notes-1.2.xml.bin000066400000000000000000000013331476011761300365430ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_release_notes-1.3.json.bin000066400000000000000000000013551476011761300367210ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_with_component_setuptools_with_release_notes-1.3.xml.bin000066400000000000000000000013331476011761300365440ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_release_notes-1.4.json.bin000066400000000000000000000050101476011761300367120ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_with_component_setuptools_with_release_notes-1.4.xml.bin000066400000000000000000000047251476011761300365550ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 get_bom_with_component_setuptools_with_release_notes-1.5.json.bin000066400000000000000000000052201476011761300367160ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_with_component_setuptools_with_release_notes-1.5.xml.bin000066400000000000000000000051101476011761300365430ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 val1 val2 get_bom_with_component_setuptools_with_release_notes-1.6.json.bin000066400000000000000000000052201476011761300367170ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_with_component_setuptools_with_release_notes-1.6.xml.bin000066400000000000000000000051101476011761300365440ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 val1 val2 get_bom_with_component_setuptools_with_v16_fields-1.0.xml.bin000066400000000000000000000005111476011761300356500ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots setuptools 50.3.2 pkg:pypi/setuptools@50.3.2?extension=tar.gz false get_bom_with_component_setuptools_with_v16_fields-1.1.xml.bin000066400000000000000000000007721476011761300356620ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_v16_fields-1.2.json.bin000066400000000000000000000013551476011761300360320ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_with_component_setuptools_with_v16_fields-1.2.xml.bin000066400000000000000000000013331476011761300356550ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_v16_fields-1.3.json.bin000066400000000000000000000013551476011761300360330ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_with_component_setuptools_with_v16_fields-1.3.xml.bin000066400000000000000000000013331476011761300356560ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_v16_fields-1.4.json.bin000066400000000000000000000013541476011761300360330ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_with_component_setuptools_with_v16_fields-1.4.xml.bin000066400000000000000000000013331476011761300356570ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_v16_fields-1.5.json.bin000066400000000000000000000015641476011761300360370ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_with_component_setuptools_with_v16_fields-1.5.xml.bin000066400000000000000000000015161476011761300356630ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz val1 val2 get_bom_with_component_setuptools_with_v16_fields-1.6.json.bin000066400000000000000000000051161476011761300360350ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "authors": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "manufacturer": { "address": { "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "name": "setuptools", "omniborId": [ "gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64" ], "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "swhid": [ "swh:1:cnt:4d99d2d18326621ccdd70f5ea66c2e2ac236ad8b;origin=https://gitorious.org/ocamlp3l/ocamlp3l_cvs.git;visit=swh:1:snp:d7f1b9eb7ccb596c2622c4780febaa02549830f9;anchor=swh:1:rev:2db189928c94d62a3b4757b3eec68f0a4d4113f0;path=/Examples/SimpleFarm/simplefarm.ml;lines=9-15", "swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2", "swh:1:cnt:f10371aa7b8ccabca8479196d6cd640676fd4a04;origin=https://github.com/web-platform-tests/wpt;visit=swh:1:snp:b37d435721bbd450624165f334724e3585346499;anchor=swh:1:rev:259d0612af038d14f2cd889a14a3adb6c9e96d96;path=/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/x%3Burl=foo/", "swh:1:rel:22ece559cc7cc2364edc5e5593d63ae8bd229f9f" ], "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_with_component_setuptools_with_v16_fields-1.6.xml.bin000066400000000000000000000051711476011761300356650ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX
GB England Cheshire 100 Main Street
https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64 swh:1:cnt:4d99d2d18326621ccdd70f5ea66c2e2ac236ad8b;origin=https://gitorious.org/ocamlp3l/ocamlp3l_cvs.git;visit=swh:1:snp:d7f1b9eb7ccb596c2622c4780febaa02549830f9;anchor=swh:1:rev:2db189928c94d62a3b4757b3eec68f0a4d4113f0;path=/Examples/SimpleFarm/simplefarm.ml;lines=9-15 swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2 swh:1:cnt:f10371aa7b8ccabca8479196d6cd640676fd4a04;origin=https://github.com/web-platform-tests/wpt;visit=swh:1:snp:b37d435721bbd450624165f334724e3585346499;anchor=swh:1:rev:259d0612af038d14f2cd889a14a3adb6c9e96d96;path=/html/semantics/document-metadata/the-meta-element/pragma-directives/attr-meta-http-equiv-refresh/support/x%3Burl=foo/ swh:1:rel:22ece559cc7cc2364edc5e5593d63ae8bd229f9f val1 val2 get_bom_with_component_setuptools_with_vulnerability-1.0.xml.bin000066400000000000000000000005111476011761300365770ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots setuptools 50.3.2 pkg:pypi/setuptools@50.3.2?extension=tar.gz false get_bom_with_component_setuptools_with_vulnerability-1.1.xml.bin000066400000000000000000000007721476011761300366110ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_vulnerability-1.2.json.bin000066400000000000000000000013551476011761300367610ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_with_component_setuptools_with_vulnerability-1.2.xml.bin000066400000000000000000000013331476011761300366040ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_vulnerability-1.3.json.bin000066400000000000000000000013551476011761300367620ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_with_component_setuptools_with_vulnerability-1.3.xml.bin000066400000000000000000000013331476011761300366050ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz get_bom_with_component_setuptools_with_vulnerability-1.4.json.bin000066400000000000000000000075051476011761300367660ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "advisories": [ { "url": "http://www.securitytracker.com/id/1040693" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" } ], "affects": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "versions": [ { "range": "49.0.0 - 54.0.0", "status": "affected" } ] } ], "analysis": { "detail": "Some extra detail", "justification": "requires_environment", "response": [ "can_not_fix" ], "state": "exploitable" }, "bom-ref": "my-vuln-ref-1", "created": "2021-09-01T10:50:42.051979+00:00", "credits": { "individuals": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" } ], "organizations": [ { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] } ] }, "cwes": [ 22, 33 ], "description": "A description here", "detail": "Some detail here", "id": "CVE-2018-7489", "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "published": "2021-09-02T10:50:42.051979+00:00", "ratings": [ { "justification": "Some justification", "method": "CVSSv3", "score": 9.8, "severity": "critical", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, "vector": "AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "justification": "Some other justification", "method": "CVSSv3", "score": 2.7, "severity": "low", "source": { "name": "OWASP", "url": "https://owasp.org" }, "vector": "AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "recommendation": "Upgrade", "references": [ { "id": "SOME-OTHER-ID", "source": { "name": "OSS Index", "url": "https://ossindex.sonatype.org/component/pkg:pypi/setuptools" } } ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, "tools": [ { "name": "cyclonedx-python-lib", "vendor": "CycloneDX" } ], "updated": "2021-09-03T10:50:42.051979+00:00" } ], "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_with_component_setuptools_with_vulnerability-1.4.xml.bin000066400000000000000000000103551476011761300366120ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz CVE-2018-7489 NVD https://nvd.nist.gov/vuln/detail/CVE-2018-7489 SOME-OTHER-ID OSS Index https://ossindex.sonatype.org/component/pkg:pypi/setuptools NVD https://nvd.nist.gov/vuln/detail/CVE-2018-7489 9.8 critical CVSSv3 AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Some justification OWASP https://owasp.org 2.7 low CVSSv3 AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N Some other justification 22 33 A description here Some detail here Upgrade http://www.securitytracker.com/id/1040693 https://nvd.nist.gov/vuln/detail/CVE-2018-7489 2021-09-01T10:50:42.051979+00:00 2021-09-02T10:50:42.051979+00:00 2021-09-03T10:50:42.051979+00:00 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org A N Other someone@somewhere.tld +44 (0)1234 567890 CycloneDX cyclonedx-python-lib exploitable requires_environment can_not_fix Some extra detail pkg:pypi/setuptools@50.3.2?extension=tar.gz 49.0.0 - 54.0.0 affected val1 val2 get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin000066400000000000000000000101701476011761300367570ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "advisories": [ { "url": "http://www.securitytracker.com/id/1040693" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" } ], "affects": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "versions": [ { "range": "49.0.0 - 54.0.0", "status": "affected" } ] } ], "analysis": { "detail": "Some extra detail", "firstIssued": "2018-09-01T10:50:42.051979+00:00", "justification": "requires_environment", "lastUpdated": "2018-09-01T10:50:42.051979+00:00", "response": [ "can_not_fix" ], "state": "exploitable" }, "bom-ref": "my-vuln-ref-1", "created": "2021-09-01T10:50:42.051979+00:00", "credits": { "individuals": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" } ], "organizations": [ { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] } ] }, "cwes": [ 22, 33 ], "description": "A description here", "detail": "Some detail here", "id": "CVE-2018-7489", "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "published": "2021-09-02T10:50:42.051979+00:00", "ratings": [ { "justification": "Some justification", "method": "CVSSv3", "score": 9.8, "severity": "critical", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, "vector": "AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "justification": "Some other justification", "method": "CVSSv3", "score": 2.7, "severity": "low", "source": { "name": "OWASP", "url": "https://owasp.org" }, "vector": "AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "recommendation": "Upgrade", "references": [ { "id": "SOME-OTHER-ID", "source": { "name": "OSS Index", "url": "https://ossindex.sonatype.org/component/pkg:pypi/setuptools" } } ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, "tools": [ { "name": "cyclonedx-python-lib", "vendor": "CycloneDX" } ], "updated": "2021-09-03T10:50:42.051979+00:00", "workaround": "Describe the workarounds here" } ], "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin000066400000000000000000000110451476011761300366100ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz val1 val2 CVE-2018-7489 NVD https://nvd.nist.gov/vuln/detail/CVE-2018-7489 SOME-OTHER-ID OSS Index https://ossindex.sonatype.org/component/pkg:pypi/setuptools NVD https://nvd.nist.gov/vuln/detail/CVE-2018-7489 9.8 critical CVSSv3 AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Some justification OWASP https://owasp.org 2.7 low CVSSv3 AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N Some other justification 22 33 A description here Some detail here Upgrade Describe the workarounds here http://www.securitytracker.com/id/1040693 https://nvd.nist.gov/vuln/detail/CVE-2018-7489 2021-09-01T10:50:42.051979+00:00 2021-09-02T10:50:42.051979+00:00 2021-09-03T10:50:42.051979+00:00 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org A N Other someone@somewhere.tld +44 (0)1234 567890 CycloneDX cyclonedx-python-lib exploitable requires_environment can_not_fix Some extra detail 2018-09-01T10:50:42.051979+00:00 2018-09-01T10:50:42.051979+00:00 pkg:pypi/setuptools@50.3.2?extension=tar.gz 49.0.0 - 54.0.0 affected val1 val2 get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin000066400000000000000000000104711476011761300367640ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" } ], "dependencies": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "vulnerabilities": [ { "advisories": [ { "url": "http://www.securitytracker.com/id/1040693" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" } ], "affects": [ { "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "versions": [ { "range": "49.0.0 - 54.0.0", "status": "affected" } ] } ], "analysis": { "detail": "Some extra detail", "firstIssued": "2018-09-01T10:50:42.051979+00:00", "justification": "requires_environment", "lastUpdated": "2018-09-01T10:50:42.051979+00:00", "response": [ "can_not_fix" ], "state": "exploitable" }, "bom-ref": "my-vuln-ref-1", "created": "2021-09-01T10:50:42.051979+00:00", "credits": { "individuals": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" } ], "organizations": [ { "address": { "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] } ] }, "cwes": [ 22, 33 ], "description": "A description here", "detail": "Some detail here", "id": "CVE-2018-7489", "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "published": "2021-09-02T10:50:42.051979+00:00", "ratings": [ { "justification": "Some justification", "method": "CVSSv3", "score": 9.8, "severity": "critical", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, "vector": "AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "justification": "Some other justification", "method": "CVSSv3", "score": 2.7, "severity": "low", "source": { "name": "OWASP", "url": "https://owasp.org" }, "vector": "AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "recommendation": "Upgrade", "references": [ { "id": "SOME-OTHER-ID", "source": { "name": "OSS Index", "url": "https://ossindex.sonatype.org/component/pkg:pypi/setuptools" } } ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, "tools": [ { "name": "cyclonedx-python-lib", "vendor": "CycloneDX" } ], "updated": "2021-09-03T10:50:42.051979+00:00", "workaround": "Describe the workarounds here" } ], "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin000066400000000000000000000114061476011761300366120ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz val1 val2 CVE-2018-7489 NVD https://nvd.nist.gov/vuln/detail/CVE-2018-7489 SOME-OTHER-ID OSS Index https://ossindex.sonatype.org/component/pkg:pypi/setuptools NVD https://nvd.nist.gov/vuln/detail/CVE-2018-7489 9.8 critical CVSSv3 AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Some justification OWASP https://owasp.org 2.7 low CVSSv3 AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N Some other justification 22 33 A description here Some detail here Upgrade Describe the workarounds here http://www.securitytracker.com/id/1040693 https://nvd.nist.gov/vuln/detail/CVE-2018-7489 2021-09-01T10:50:42.051979+00:00 2021-09-02T10:50:42.051979+00:00 2021-09-03T10:50:42.051979+00:00 CycloneDX
GB England Cheshire 100 Main Street
https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org A N Other someone@somewhere.tld +44 (0)1234 567890 CycloneDX cyclonedx-python-lib exploitable requires_environment can_not_fix Some extra detail 2018-09-01T10:50:42.051979+00:00 2018-09-01T10:50:42.051979+00:00 pkg:pypi/setuptools@50.3.2?extension=tar.gz 49.0.0 - 54.0.0 affected val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_toml_1-1.0.xml.bin000066400000000000000000000007001476011761300316240ustar00rootroot00000000000000 toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_toml_1-1.1.xml.bin000066400000000000000000000013231476011761300316270ustar00rootroot00000000000000 toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_toml_1-1.2.json.bin000066400000000000000000000016261476011761300320070ustar00rootroot00000000000000{ "components": [ { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_toml_1-1.2.xml.bin000066400000000000000000000016131476011761300316320ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_toml_1-1.3.json.bin000066400000000000000000000021211476011761300317770ustar00rootroot00000000000000{ "components": [ { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_toml_1-1.3.xml.bin000066400000000000000000000020321476011761300316270ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_toml_1-1.4.json.bin000066400000000000000000000021201476011761300317770ustar00rootroot00000000000000{ "components": [ { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_toml_1-1.4.xml.bin000066400000000000000000000020321476011761300316300ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_toml_1-1.5.json.bin000066400000000000000000000023301476011761300320030ustar00rootroot00000000000000{ "components": [ { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_toml_1-1.5.xml.bin000066400000000000000000000022151476011761300316340ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_toml_1-1.6.json.bin000066400000000000000000000023301476011761300320040ustar00rootroot00000000000000{ "components": [ { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_component_toml_1-1.6.xml.bin000066400000000000000000000022151476011761300316350ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 get_bom_with_definitions_and_detailed_standards-1.0.xml.bin000066400000000000000000000001541476011761300353260ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots get_bom_with_definitions_and_detailed_standards-1.1.xml.bin000066400000000000000000000002511476011761300353250ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots get_bom_with_definitions_and_detailed_standards-1.2.json.bin000066400000000000000000000004231476011761300355000ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_with_definitions_and_detailed_standards-1.2.xml.bin000066400000000000000000000003601476011761300353270ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 get_bom_with_definitions_and_detailed_standards-1.3.json.bin000066400000000000000000000004231476011761300355010ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_with_definitions_and_detailed_standards-1.3.xml.bin000066400000000000000000000003601476011761300353300ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 get_bom_with_definitions_and_detailed_standards-1.4.json.bin000066400000000000000000000004221476011761300355010ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_with_definitions_and_detailed_standards-1.4.xml.bin000066400000000000000000000003601476011761300353310ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 get_bom_with_definitions_and_detailed_standards-1.5.json.bin000066400000000000000000000006321476011761300355050ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_with_definitions_and_detailed_standards-1.5.xml.bin000066400000000000000000000005431476011761300353350ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 val1 val2 get_bom_with_definitions_and_detailed_standards-1.6.json.bin000066400000000000000000000075751476011761300355230ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "definitions": { "standards": [ { "bom-ref": "other-standard", "description": "Other description", "externalReferences": [ { "type": "website", "url": "https://cyclonedx.org" } ], "levels": [ { "bom-ref": "lvl-3", "description": "Level 3 description", "identifier": "LVL-3", "requirements": [ "req-3" ], "title": "Level 3" } ], "name": "Other Standard", "owner": "Other Owner", "requirements": [ { "bom-ref": "req-3", "descriptions": [ "Requirement 3 described here", "and here" ], "identifier": "REQ-3", "openCre": [ "CRE:5-6", "CRE:7-8" ], "properties": [ { "name": "key3", "value": "val3" } ], "text": "some requirement text", "title": "Requirement 3" } ], "version": "1.0.0" }, { "bom-ref": "some-standard", "description": "Some description", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "levels": [ { "bom-ref": "lvl-1", "description": "Level 1 description", "identifier": "LVL-1", "title": "Level 1" }, { "bom-ref": "lvl-2", "description": "Level 2 description", "identifier": "LVL-2", "requirements": [ "req-1", "req-2" ], "title": "Level 2" } ], "name": "Some Standard", "owner": "Some Owner", "requirements": [ { "bom-ref": "req-1", "descriptions": [ "Requirement 1 described here", "and here" ], "externalReferences": [ { "type": "website", "url": "https://cyclonedx.org" } ], "identifier": "REQ-1", "openCre": [ "CRE:1-2" ], "properties": [ { "name": "key1", "value": "val1a" }, { "name": "key1", "value": "val1b" } ], "text": "some requirement text", "title": "Requirement 1" }, { "bom-ref": "req-2", "descriptions": [ "Requirement 2 described here" ], "identifier": "REQ-2", "openCre": [ "CRE:1-2", "CRE:3-4" ], "parent": "req-1", "properties": [ { "name": "key2", "value": "val2" } ], "text": "some requirement text", "title": "Requirement 2" } ], "version": "1.2.3" } ] }, "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_with_definitions_and_detailed_standards-1.6.xml.bin000066400000000000000000000101501476011761300353310ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 val1 val2 Other Standard 1.0.0 Other description Other Owner REQ-3 Requirement 3 some requirement text Requirement 3 described here and here CRE:5-6 CRE:7-8 val3 LVL-3 Level 3 Level 3 description req-3 https://cyclonedx.org Some Standard 1.2.3 Some description Some Owner REQ-1 Requirement 1 some requirement text Requirement 1 described here and here CRE:1-2 val1a val1b https://cyclonedx.org REQ-2 Requirement 2 some requirement text Requirement 2 described here CRE:1-2 CRE:3-4 req-1 val2 LVL-1 Level 1 Level 1 description LVL-2 Level 2 Level 2 description req-1 req-2 https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_definitions_standards-1.0.xml.bin000066400000000000000000000001541476011761300327300ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_definitions_standards-1.1.xml.bin000066400000000000000000000002511476011761300327270ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_definitions_standards-1.2.json.bin000066400000000000000000000004231476011761300331020ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_definitions_standards-1.2.xml.bin000066400000000000000000000003601476011761300327310ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_definitions_standards-1.3.json.bin000066400000000000000000000004231476011761300331030ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_definitions_standards-1.3.xml.bin000066400000000000000000000003601476011761300327320ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_definitions_standards-1.4.json.bin000066400000000000000000000004221476011761300331030ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_definitions_standards-1.4.xml.bin000066400000000000000000000003601476011761300327330ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_definitions_standards-1.5.json.bin000066400000000000000000000006321476011761300331070ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_definitions_standards-1.5.xml.bin000066400000000000000000000005431476011761300327370ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_definitions_standards-1.6.json.bin000066400000000000000000000014221476011761300331060ustar00rootroot00000000000000{ "definitions": { "standards": [ { "bom-ref": "some-standard", "description": "Some description", "externalReferences": [ { "type": "website", "url": "https://cyclonedx.org" } ], "name": "Some Standard", "owner": "Some Owner", "version": "1.2.3" } ] }, "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_definitions_standards-1.6.xml.bin000066400000000000000000000014361476011761300327420ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 val1 val2 Some Standard 1.2.3 Some description Some Owner https://cyclonedx.org cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.0.xml.bin000066400000000000000000000012171476011761300324740ustar00rootroot00000000000000 setuptools 50.3.2 pkg:pypi/setuptools@50.3.2?extension=tar.gz false toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.1.xml.bin000066400000000000000000000017241476011761300325000ustar00rootroot00000000000000 setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.2.json.bin000066400000000000000000000026441476011761300326540ustar00rootroot00000000000000{ "components": [ { "author": "Test Author", "bom-ref": "setuptools", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "toml", "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "ref": "root-component" }, { "dependsOn": [ "toml" ], "ref": "setuptools" }, { "ref": "toml" } ], "metadata": { "component": { "bom-ref": "root-component", "name": "rootComponent", "type": "application", "version": "" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 23, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.2.xml.bin000066400000000000000000000026071476011761300325020ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 rootComponent Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.3.json.bin000066400000000000000000000031371476011761300326530ustar00rootroot00000000000000{ "components": [ { "author": "Test Author", "bom-ref": "setuptools", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "toml", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "ref": "root-component" }, { "dependsOn": [ "toml" ], "ref": "setuptools" }, { "ref": "toml" } ], "metadata": { "component": { "bom-ref": "root-component", "name": "rootComponent", "type": "application", "version": "" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 23, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.3.xml.bin000066400000000000000000000030261476011761300324770ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 rootComponent Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.4.json.bin000066400000000000000000000031111476011761300326440ustar00rootroot00000000000000{ "components": [ { "author": "Test Author", "bom-ref": "setuptools", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "toml", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "ref": "root-component" }, { "dependsOn": [ "toml" ], "ref": "setuptools" }, { "ref": "toml" } ], "metadata": { "component": { "bom-ref": "root-component", "name": "rootComponent", "type": "application" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 23, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.4.xml.bin000066400000000000000000000030051476011761300324750ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 rootComponent Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.5.json.bin000066400000000000000000000033211476011761300326500ustar00rootroot00000000000000{ "components": [ { "author": "Test Author", "bom-ref": "setuptools", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "toml", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "ref": "root-component" }, { "dependsOn": [ "toml" ], "ref": "setuptools" }, { "ref": "toml" } ], "metadata": { "component": { "bom-ref": "root-component", "name": "rootComponent", "type": "application" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 23, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.5.xml.bin000066400000000000000000000031701476011761300325010ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 rootComponent Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.6.json.bin000066400000000000000000000033211476011761300326510ustar00rootroot00000000000000{ "components": [ { "author": "Test Author", "bom-ref": "setuptools", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "toml", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "ref": "root-component" }, { "dependsOn": [ "toml" ], "ref": "setuptools" }, { "ref": "toml" } ], "metadata": { "component": { "bom-ref": "root-component", "name": "rootComponent", "type": "application" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 23, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.6.xml.bin000066400000000000000000000031701476011761300325020ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 rootComponent Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_valid-1.0.xml.bin000066400000000000000000000012161476011761300321570ustar00rootroot00000000000000 setuptools 50.3.2 pkg:pypi/setuptools@50.3.2?extension=tar.gz false toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_valid-1.1.xml.bin000066400000000000000000000020251476011761300321570ustar00rootroot00000000000000 setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_valid-1.2.json.bin000066400000000000000000000026201476011761300323320ustar00rootroot00000000000000{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "dependsOn": [ "pkg:pypi/toml@0.10.2?extension=tar.gz" ], "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" }, { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_valid-1.2.xml.bin000066400000000000000000000026051476011761300321640ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_valid-1.3.json.bin000066400000000000000000000031131476011761300323310ustar00rootroot00000000000000{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "dependsOn": [ "pkg:pypi/toml@0.10.2?extension=tar.gz" ], "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" }, { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_valid-1.3.xml.bin000066400000000000000000000030241476011761300321610ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_valid-1.4.json.bin000066400000000000000000000031121476011761300323310ustar00rootroot00000000000000{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "dependsOn": [ "pkg:pypi/toml@0.10.2?extension=tar.gz" ], "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" }, { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_valid-1.4.xml.bin000066400000000000000000000030241476011761300321620ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_valid-1.5.json.bin000066400000000000000000000033221476011761300323350ustar00rootroot00000000000000{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "dependsOn": [ "pkg:pypi/toml@0.10.2?extension=tar.gz" ], "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" }, { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_valid-1.5.xml.bin000066400000000000000000000032071476011761300321660ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_valid-1.6.json.bin000066400000000000000000000033221476011761300323360ustar00rootroot00000000000000{ "components": [ { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "dependsOn": [ "pkg:pypi/toml@0.10.2?extension=tar.gz" ], "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" }, { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_dependencies_valid-1.6.xml.bin000066400000000000000000000032071476011761300321670ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_external_references-1.0.xml.bin000066400000000000000000000001541476011761300323750ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_external_references-1.1.xml.bin000066400000000000000000000006571476011761300324060ustar00rootroot00000000000000 https://cyclonedx.org No comment https://cyclonedx.org cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_external_references-1.2.json.bin000066400000000000000000000007531476011761300325550ustar00rootroot00000000000000{ "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" }, { "type": "website", "url": "https://cyclonedx.org" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_external_references-1.2.xml.bin000066400000000000000000000007661476011761300324100ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 https://cyclonedx.org No comment https://cyclonedx.org cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_external_references-1.3.json.bin000066400000000000000000000012161476011761300325510ustar00rootroot00000000000000{ "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" }, { "type": "website", "url": "https://cyclonedx.org" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_external_references-1.3.xml.bin000066400000000000000000000011711476011761300324000ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b https://cyclonedx.org cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_external_references-1.4.json.bin000066400000000000000000000012151476011761300325510ustar00rootroot00000000000000{ "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" }, { "type": "website", "url": "https://cyclonedx.org" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_external_references-1.4.xml.bin000066400000000000000000000011711476011761300324010ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b https://cyclonedx.org cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_external_references-1.5.json.bin000066400000000000000000000014251476011761300325550ustar00rootroot00000000000000{ "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" }, { "type": "website", "url": "https://cyclonedx.org" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_external_references-1.5.xml.bin000066400000000000000000000013541476011761300324050ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b https://cyclonedx.org val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_external_references-1.6.json.bin000066400000000000000000000014251476011761300325560ustar00rootroot00000000000000{ "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" }, { "type": "website", "url": "https://cyclonedx.org" } ], "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_external_references-1.6.xml.bin000066400000000000000000000013541476011761300324060ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b https://cyclonedx.org val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_licenses-1.0.xml.bin000066400000000000000000000010041476011761300301520ustar00rootroot00000000000000 c-with-SPDX false c-with-expression false c-with-name false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_licenses-1.1.xml.bin000066400000000000000000000021431476011761300301600ustar00rootroot00000000000000 c-with-SPDX Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html c-with-expression Apache-2.0 OR MIT c-with-name some additional this is additional license text some commercial license this is a license text cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_licenses-1.2.json.bin000066400000000000000000000055011476011761300303330ustar00rootroot00000000000000{ "components": [ { "bom-ref": "C2", "licenses": [ { "license": { "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } } ], "name": "c-with-SPDX", "type": "library", "version": "" }, { "bom-ref": "C1", "licenses": [ { "expression": "Apache-2.0 OR MIT" } ], "name": "c-with-expression", "type": "library", "version": "" }, { "bom-ref": "C3", "licenses": [ { "license": { "name": "some additional", "text": { "content": "this is additional license text", "contentType": "text/plain" } } }, { "license": { "name": "some commercial license", "text": { "content": "this is a license text", "contentType": "text/plain" } } } ], "name": "c-with-name", "type": "library", "version": "" } ], "dependencies": [ { "ref": "C1" }, { "ref": "C2" }, { "ref": "C3" }, { "ref": "S1" }, { "ref": "S2" }, { "ref": "S3" }, { "ref": "my-app" } ], "metadata": { "component": { "bom-ref": "my-app", "licenses": [ { "license": { "name": "proprietary" } } ], "name": "app", "type": "application", "version": "" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "S2", "licenses": [ { "license": { "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } } ], "name": "s-with-SPDX" }, { "bom-ref": "S1", "licenses": [ { "expression": "Apache-2.0 OR MIT" } ], "name": "s-with-expression" }, { "bom-ref": "S3", "licenses": [ { "license": { "name": "some additional", "text": { "content": "this is additional license text", "contentType": "text/plain" } } }, { "license": { "name": "some commercial license", "text": { "content": "this is a license text", "contentType": "text/plain" } } } ], "name": "s-with-name" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_licenses-1.2.xml.bin000066400000000000000000000047201476011761300301640ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app proprietary c-with-SPDX Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html c-with-expression Apache-2.0 OR MIT c-with-name some additional this is additional license text some commercial license this is a license text s-with-SPDX Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html s-with-expression Apache-2.0 OR MIT s-with-name some additional this is additional license text some commercial license this is a license text cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_licenses-1.3.json.bin000066400000000000000000000056451476011761300303450ustar00rootroot00000000000000{ "components": [ { "bom-ref": "C2", "licenses": [ { "license": { "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } } ], "name": "c-with-SPDX", "type": "library", "version": "" }, { "bom-ref": "C1", "licenses": [ { "expression": "Apache-2.0 OR MIT" } ], "name": "c-with-expression", "type": "library", "version": "" }, { "bom-ref": "C3", "licenses": [ { "license": { "name": "some additional", "text": { "content": "this is additional license text", "contentType": "text/plain" } } }, { "license": { "name": "some commercial license", "text": { "content": "this is a license text", "contentType": "text/plain" } } } ], "name": "c-with-name", "type": "library", "version": "" } ], "dependencies": [ { "ref": "C1" }, { "ref": "C2" }, { "ref": "C3" }, { "ref": "S1" }, { "ref": "S2" }, { "ref": "S3" }, { "ref": "my-app" } ], "metadata": { "component": { "bom-ref": "my-app", "licenses": [ { "license": { "name": "proprietary" } } ], "name": "app", "type": "application", "version": "" }, "licenses": [ { "license": { "id": "CC-BY-1.0" } } ], "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "S2", "licenses": [ { "license": { "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } } ], "name": "s-with-SPDX" }, { "bom-ref": "S1", "licenses": [ { "expression": "Apache-2.0 OR MIT" } ], "name": "s-with-expression" }, { "bom-ref": "S3", "licenses": [ { "license": { "name": "some additional", "text": { "content": "this is additional license text", "contentType": "text/plain" } } }, { "license": { "name": "some commercial license", "text": { "content": "this is a license text", "contentType": "text/plain" } } } ], "name": "s-with-name" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_licenses-1.3.xml.bin000066400000000000000000000050531476011761300301650ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app proprietary CC-BY-1.0 c-with-SPDX Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html c-with-expression Apache-2.0 OR MIT c-with-name some additional this is additional license text some commercial license this is a license text s-with-SPDX Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html s-with-expression Apache-2.0 OR MIT s-with-name some additional this is additional license text some commercial license this is a license text cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_licenses-1.4.json.bin000066400000000000000000000055201476011761300303360ustar00rootroot00000000000000{ "components": [ { "bom-ref": "C2", "licenses": [ { "license": { "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } } ], "name": "c-with-SPDX", "type": "library" }, { "bom-ref": "C1", "licenses": [ { "expression": "Apache-2.0 OR MIT" } ], "name": "c-with-expression", "type": "library" }, { "bom-ref": "C3", "licenses": [ { "license": { "name": "some additional", "text": { "content": "this is additional license text", "contentType": "text/plain" } } }, { "license": { "name": "some commercial license", "text": { "content": "this is a license text", "contentType": "text/plain" } } } ], "name": "c-with-name", "type": "library" } ], "dependencies": [ { "ref": "C1" }, { "ref": "C2" }, { "ref": "C3" }, { "ref": "S1" }, { "ref": "S2" }, { "ref": "S3" }, { "ref": "my-app" } ], "metadata": { "component": { "bom-ref": "my-app", "licenses": [ { "license": { "name": "proprietary" } } ], "name": "app", "type": "application" }, "licenses": [ { "license": { "id": "CC-BY-1.0" } } ], "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "S2", "licenses": [ { "license": { "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } } ], "name": "s-with-SPDX" }, { "bom-ref": "S1", "licenses": [ { "expression": "Apache-2.0 OR MIT" } ], "name": "s-with-expression" }, { "bom-ref": "S3", "licenses": [ { "license": { "name": "some additional", "text": { "content": "this is additional license text", "contentType": "text/plain" } } }, { "license": { "name": "some commercial license", "text": { "content": "this is a license text", "contentType": "text/plain" } } } ], "name": "s-with-name" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_licenses-1.4.xml.bin000066400000000000000000000047471476011761300301770ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app proprietary CC-BY-1.0 c-with-SPDX Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html c-with-expression Apache-2.0 OR MIT c-with-name some additional this is additional license text some commercial license this is a license text s-with-SPDX Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html s-with-expression Apache-2.0 OR MIT s-with-name some additional this is additional license text some commercial license this is a license text cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_licenses-1.5.json.bin000066400000000000000000000057301476011761300303420ustar00rootroot00000000000000{ "components": [ { "bom-ref": "C2", "licenses": [ { "license": { "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } } ], "name": "c-with-SPDX", "type": "library" }, { "bom-ref": "C1", "licenses": [ { "expression": "Apache-2.0 OR MIT" } ], "name": "c-with-expression", "type": "library" }, { "bom-ref": "C3", "licenses": [ { "license": { "name": "some additional", "text": { "content": "this is additional license text", "contentType": "text/plain" } } }, { "license": { "name": "some commercial license", "text": { "content": "this is a license text", "contentType": "text/plain" } } } ], "name": "c-with-name", "type": "library" } ], "dependencies": [ { "ref": "C1" }, { "ref": "C2" }, { "ref": "C3" }, { "ref": "S1" }, { "ref": "S2" }, { "ref": "S3" }, { "ref": "my-app" } ], "metadata": { "component": { "bom-ref": "my-app", "licenses": [ { "license": { "name": "proprietary" } } ], "name": "app", "type": "application" }, "licenses": [ { "license": { "id": "CC-BY-1.0" } } ], "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "S2", "licenses": [ { "license": { "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } } ], "name": "s-with-SPDX" }, { "bom-ref": "S1", "licenses": [ { "expression": "Apache-2.0 OR MIT" } ], "name": "s-with-expression" }, { "bom-ref": "S3", "licenses": [ { "license": { "name": "some additional", "text": { "content": "this is additional license text", "contentType": "text/plain" } } }, { "license": { "name": "some commercial license", "text": { "content": "this is a license text", "contentType": "text/plain" } } } ], "name": "s-with-name" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_licenses-1.5.xml.bin000066400000000000000000000051321476011761300301650ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app proprietary CC-BY-1.0 c-with-SPDX Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html c-with-expression Apache-2.0 OR MIT c-with-name some additional this is additional license text some commercial license this is a license text s-with-SPDX Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html s-with-expression Apache-2.0 OR MIT s-with-name some additional this is additional license text some commercial license this is a license text val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_licenses-1.6.json.bin000066400000000000000000000062021476011761300303360ustar00rootroot00000000000000{ "components": [ { "bom-ref": "C2", "licenses": [ { "license": { "acknowledgement": "concluded", "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } } ], "name": "c-with-SPDX", "type": "library" }, { "bom-ref": "C1", "licenses": [ { "acknowledgement": "concluded", "expression": "Apache-2.0 OR MIT" } ], "name": "c-with-expression", "type": "library" }, { "bom-ref": "C3", "licenses": [ { "license": { "name": "some additional", "text": { "content": "this is additional license text", "contentType": "text/plain" } } }, { "license": { "name": "some commercial license", "text": { "content": "this is a license text", "contentType": "text/plain" } } } ], "name": "c-with-name", "type": "library" } ], "dependencies": [ { "ref": "C1" }, { "ref": "C2" }, { "ref": "C3" }, { "ref": "S1" }, { "ref": "S2" }, { "ref": "S3" }, { "ref": "my-app" } ], "metadata": { "component": { "bom-ref": "my-app", "licenses": [ { "license": { "name": "proprietary" } } ], "name": "app", "type": "application" }, "licenses": [ { "license": { "id": "CC-BY-1.0" } } ], "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "S2", "licenses": [ { "license": { "acknowledgement": "declared", "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } } ], "name": "s-with-SPDX" }, { "bom-ref": "S1", "licenses": [ { "acknowledgement": "declared", "expression": "Apache-2.0 OR MIT" } ], "name": "s-with-expression" }, { "bom-ref": "S3", "licenses": [ { "license": { "name": "some additional", "text": { "content": "this is additional license text", "contentType": "text/plain" } } }, { "license": { "name": "some commercial license", "text": { "content": "this is a license text", "contentType": "text/plain" } } } ], "name": "s-with-name" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_licenses-1.6.xml.bin000066400000000000000000000053101476011761300301640ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app proprietary CC-BY-1.0 c-with-SPDX Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html c-with-expression Apache-2.0 OR MIT c-with-name some additional this is additional license text some commercial license this is a license text s-with-SPDX Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html s-with-expression Apache-2.0 OR MIT s-with-name some additional this is additional license text some commercial license this is a license text val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_lifecycles-1.0.xml.bin000066400000000000000000000001541476011761300304740ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_lifecycles-1.1.xml.bin000066400000000000000000000002511476011761300304730ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_lifecycles-1.2.json.bin000066400000000000000000000007111476011761300306460ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-app" } ], "metadata": { "component": { "bom-ref": "my-app", "name": "app", "type": "application", "version": "" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_lifecycles-1.2.xml.bin000066400000000000000000000006371476011761300305040ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_lifecycles-1.3.json.bin000066400000000000000000000007111476011761300306470ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-app" } ], "metadata": { "component": { "bom-ref": "my-app", "name": "app", "type": "application", "version": "" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_lifecycles-1.3.xml.bin000066400000000000000000000006371476011761300305050ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_lifecycles-1.4.json.bin000066400000000000000000000006631476011761300306560ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-app" } ], "metadata": { "component": { "bom-ref": "my-app", "name": "app", "type": "application" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_lifecycles-1.4.xml.bin000066400000000000000000000006161476011761300305030ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_lifecycles-1.5.json.bin000066400000000000000000000014751476011761300306610ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-app" } ], "metadata": { "component": { "bom-ref": "my-app", "name": "app", "type": "application" }, "lifecycles": [ { "phase": "build" }, { "phase": "post-build" }, { "description": "Integration testing specific to the runtime platform", "name": "platform-integration-testing" } ], "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_lifecycles-1.5.xml.bin000066400000000000000000000015341476011761300305040ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 build post-build platform-integration-testing Integration testing specific to the runtime platform app val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_lifecycles-1.6.json.bin000066400000000000000000000014751476011761300306620ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-app" } ], "metadata": { "component": { "bom-ref": "my-app", "name": "app", "type": "application" }, "lifecycles": [ { "phase": "build" }, { "phase": "post-build" }, { "description": "Integration testing specific to the runtime platform", "name": "platform-integration-testing" } ], "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_lifecycles-1.6.xml.bin000066400000000000000000000015341476011761300305050ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 build post-build platform-integration-testing Integration testing specific to the runtime platform app val1 val2 get_bom_with_metadata_component_and_dependencies-1.0.xml.bin000066400000000000000000000007001476011761300354620ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz false get_bom_with_metadata_component_and_dependencies-1.1.xml.bin000066400000000000000000000013231476011761300354650ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment get_bom_with_metadata_component_and_dependencies-1.2.json.bin000066400000000000000000000026351476011761300356460ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "dependsOn": [ "pkg:pypi/toml@0.10.2?extension=tar.gz" ], "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" }, { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "component": { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_with_metadata_component_and_dependencies-1.2.xml.bin000066400000000000000000000026051476011761300354720ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment get_bom_with_metadata_component_and_dependencies-1.3.json.bin000066400000000000000000000031301476011761300356360ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "dependsOn": [ "pkg:pypi/toml@0.10.2?extension=tar.gz" ], "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" }, { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "component": { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_with_metadata_component_and_dependencies-1.3.xml.bin000066400000000000000000000030241476011761300354670ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b get_bom_with_metadata_component_and_dependencies-1.4.json.bin000066400000000000000000000031271476011761300356450ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "dependsOn": [ "pkg:pypi/toml@0.10.2?extension=tar.gz" ], "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" }, { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "component": { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_with_metadata_component_and_dependencies-1.4.xml.bin000066400000000000000000000030241476011761300354700ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b get_bom_with_metadata_component_and_dependencies-1.5.json.bin000066400000000000000000000033371476011761300356510ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "dependsOn": [ "pkg:pypi/toml@0.10.2?extension=tar.gz" ], "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" }, { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "component": { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_with_metadata_component_and_dependencies-1.5.xml.bin000066400000000000000000000032071476011761300354740ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 get_bom_with_metadata_component_and_dependencies-1.6.json.bin000066400000000000000000000033371476011761300356520ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "components": [ { "bom-ref": "pkg:pypi/toml@0.10.2?extension=tar.gz", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "name": "toml", "purl": "pkg:pypi/toml@0.10.2?extension=tar.gz", "type": "library", "version": "0.10.2" } ], "dependencies": [ { "dependsOn": [ "pkg:pypi/toml@0.10.2?extension=tar.gz" ], "ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz" }, { "ref": "pkg:pypi/toml@0.10.2?extension=tar.gz" } ], "metadata": { "component": { "author": "Test Author", "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "licenses": [ { "license": { "id": "MIT" } } ], "name": "setuptools", "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz", "type": "library", "version": "50.3.2" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_with_metadata_component_and_dependencies-1.6.xml.bin000066400000000000000000000032071476011761300354750ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 Test Author setuptools 50.3.2 MIT pkg:pypi/setuptools@50.3.2?extension=tar.gz toml 0.10.2 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b pkg:pypi/toml@0.10.2?extension=tar.gz https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_multiple_licenses-1.0.xml.bin000066400000000000000000000003651476011761300320760ustar00rootroot00000000000000 comp false cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_multiple_licenses-1.1.xml.bin000066400000000000000000000007131476011761300320740ustar00rootroot00000000000000 comp MIT foo license cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_multiple_licenses-1.2.json.bin000066400000000000000000000024711476011761300322510ustar00rootroot00000000000000{ "components": [ { "bom-ref": "my-compo", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "comp", "type": "library", "version": "" } ], "dependencies": [ { "ref": "my-app" }, { "ref": "my-compo" }, { "ref": "my-serv" } ], "metadata": { "component": { "bom-ref": "my-app", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "app", "type": "application", "version": "" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "my-serv", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "serv" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_multiple_licenses-1.2.xml.bin000066400000000000000000000023021476011761300320710ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app MIT foo license comp MIT foo license serv MIT foo license cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_multiple_licenses-1.3.json.bin000066400000000000000000000027471476011761300322600ustar00rootroot00000000000000{ "components": [ { "bom-ref": "my-compo", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "comp", "type": "library", "version": "" } ], "dependencies": [ { "ref": "my-app" }, { "ref": "my-compo" }, { "ref": "my-serv" } ], "metadata": { "component": { "bom-ref": "my-app", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "app", "type": "application", "version": "" }, "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "my-serv", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "serv" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_multiple_licenses-1.3.xml.bin000066400000000000000000000025311476011761300320760ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app MIT foo license MIT foo license comp MIT foo license serv MIT foo license cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_multiple_licenses-1.4.json.bin000066400000000000000000000026741476011761300322600ustar00rootroot00000000000000{ "components": [ { "bom-ref": "my-compo", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "comp", "type": "library" } ], "dependencies": [ { "ref": "my-app" }, { "ref": "my-compo" }, { "ref": "my-serv" } ], "metadata": { "component": { "bom-ref": "my-app", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "app", "type": "application" }, "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "my-serv", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "serv" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_multiple_licenses-1.4.xml.bin000066400000000000000000000024671476011761300321070ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app MIT foo license MIT foo license comp MIT foo license serv MIT foo license cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_multiple_licenses-1.5.json.bin000066400000000000000000000031041476011761300322460ustar00rootroot00000000000000{ "components": [ { "bom-ref": "my-compo", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "comp", "type": "library" } ], "dependencies": [ { "ref": "my-app" }, { "ref": "my-compo" }, { "ref": "my-serv" } ], "metadata": { "component": { "bom-ref": "my-app", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "app", "type": "application" }, "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "my-serv", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "serv" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_multiple_licenses-1.5.xml.bin000066400000000000000000000026521476011761300321040ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app MIT foo license MIT foo license comp MIT foo license serv MIT foo license val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_multiple_licenses-1.6.json.bin000066400000000000000000000031041476011761300322470ustar00rootroot00000000000000{ "components": [ { "bom-ref": "my-compo", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "comp", "type": "library" } ], "dependencies": [ { "ref": "my-app" }, { "ref": "my-compo" }, { "ref": "my-serv" } ], "metadata": { "component": { "bom-ref": "my-app", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "app", "type": "application" }, "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "my-serv", "licenses": [ { "license": { "id": "MIT" } }, { "license": { "name": "foo license" } } ], "name": "serv" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_multiple_licenses-1.6.xml.bin000066400000000000000000000026521476011761300321050ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 app MIT foo license MIT foo license comp MIT foo license serv MIT foo license val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_nested_services-1.0.xml.bin000066400000000000000000000001541476011761300315370ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_nested_services-1.1.xml.bin000066400000000000000000000002511476011761300315360ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_nested_services-1.2.json.bin000066400000000000000000000072621476011761300317210ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "authenticated": false, "bom-ref": "my-specific-bom-ref-for-my-first-service", "data": [ { "classification": "public", "flow": "outbound" } ], "description": "Description goes here", "endpoints": [ "/api/thing/1", "/api/thing/2" ], "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "a-group", "licenses": [ { "license": { "name": "Commercial" } } ], "name": "my-first-service", "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "services": [ { "authenticated": true, "bom-ref": "my-specific-bom-ref-for-second-nested-service", "group": "no-group", "name": "second-nested-service", "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "version": "3.2.1", "x-trust-boundary": false }, { "bom-ref": "my-specific-bom-ref-for-first-nested-service", "name": "first-nested-service" } ], "version": "1.2.3", "x-trust-boundary": true }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service", "services": [ { "bom-ref": "yet-another-nested-service", "group": "what-group", "name": "yet-another-nested-service", "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "version": "6.5.4" }, { "bom-ref": "my-specific-bom-ref-for-another-nested-service", "name": "another-nested-service" } ] } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_nested_services-1.2.xml.bin000066400000000000000000000074211476011761300315450ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org a-group my-first-service 1.2.3 Description goes here /api/thing/1 /api/thing/2 false true public Commercial https://cyclonedx.org No comment CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org no-group second-nested-service 3.2.1 true false first-nested-service my-second-service CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org what-group yet-another-nested-service 6.5.4 another-nested-service cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_nested_services-1.3.json.bin000066400000000000000000000100351476011761300317120ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "authenticated": false, "bom-ref": "my-specific-bom-ref-for-my-first-service", "data": [ { "classification": "public", "flow": "outbound" } ], "description": "Description goes here", "endpoints": [ "/api/thing/1", "/api/thing/2" ], "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "a-group", "licenses": [ { "license": { "name": "Commercial" } } ], "name": "my-first-service", "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "services": [ { "authenticated": true, "bom-ref": "my-specific-bom-ref-for-second-nested-service", "group": "no-group", "name": "second-nested-service", "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "version": "3.2.1", "x-trust-boundary": false }, { "bom-ref": "my-specific-bom-ref-for-first-nested-service", "name": "first-nested-service" } ], "version": "1.2.3", "x-trust-boundary": true }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service", "services": [ { "bom-ref": "yet-another-nested-service", "group": "what-group", "name": "yet-another-nested-service", "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "version": "6.5.4" }, { "bom-ref": "my-specific-bom-ref-for-another-nested-service", "name": "another-nested-service" } ] } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_nested_services-1.3.xml.bin000066400000000000000000000100431476011761300315400ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org a-group my-first-service 1.2.3 Description goes here /api/thing/1 /api/thing/2 false true public Commercial https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org no-group second-nested-service 3.2.1 true false first-nested-service my-second-service CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org what-group yet-another-nested-service 6.5.4 another-nested-service cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_nested_services-1.4.json.bin000066400000000000000000000134701476011761300317210ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "authenticated": false, "bom-ref": "my-specific-bom-ref-for-my-first-service", "data": [ { "classification": "public", "flow": "outbound" } ], "description": "Description goes here", "endpoints": [ "/api/thing/1", "/api/thing/2" ], "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "a-group", "licenses": [ { "license": { "name": "Commercial" } } ], "name": "my-first-service", "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "services": [ { "authenticated": true, "bom-ref": "my-specific-bom-ref-for-second-nested-service", "group": "no-group", "name": "second-nested-service", "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "version": "3.2.1", "x-trust-boundary": false }, { "bom-ref": "my-specific-bom-ref-for-first-nested-service", "name": "first-nested-service" } ], "version": "1.2.3", "x-trust-boundary": true }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service", "services": [ { "bom-ref": "yet-another-nested-service", "group": "what-group", "name": "yet-another-nested-service", "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "version": "6.5.4" }, { "bom-ref": "my-specific-bom-ref-for-another-nested-service", "name": "another-nested-service" } ] } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_nested_services-1.4.xml.bin000066400000000000000000000134351476011761300315510ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org a-group my-first-service 1.2.3 Description goes here /api/thing/1 /api/thing/2 false true public Commercial https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org no-group second-nested-service 3.2.1 true false first-nested-service major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 my-second-service CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org what-group yet-another-nested-service 6.5.4 another-nested-service cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_nested_services-1.5.json.bin000066400000000000000000000137001476011761300317160ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "authenticated": false, "bom-ref": "my-specific-bom-ref-for-my-first-service", "data": [ { "classification": "public", "flow": "outbound" } ], "description": "Description goes here", "endpoints": [ "/api/thing/1", "/api/thing/2" ], "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "a-group", "licenses": [ { "license": { "name": "Commercial" } } ], "name": "my-first-service", "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "services": [ { "authenticated": true, "bom-ref": "my-specific-bom-ref-for-second-nested-service", "group": "no-group", "name": "second-nested-service", "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "version": "3.2.1", "x-trust-boundary": false }, { "bom-ref": "my-specific-bom-ref-for-first-nested-service", "name": "first-nested-service" } ], "version": "1.2.3", "x-trust-boundary": true }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service", "services": [ { "bom-ref": "yet-another-nested-service", "group": "what-group", "name": "yet-another-nested-service", "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "version": "6.5.4" }, { "bom-ref": "my-specific-bom-ref-for-another-nested-service", "name": "another-nested-service" } ] } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_nested_services-1.5.xml.bin000066400000000000000000000136201476011761300315460ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org a-group my-first-service 1.2.3 Description goes here /api/thing/1 /api/thing/2 false true public Commercial https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org no-group second-nested-service 3.2.1 true false first-nested-service major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 my-second-service CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org what-group yet-another-nested-service 6.5.4 another-nested-service val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_nested_services-1.6.json.bin000066400000000000000000000147531476011761300317300ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "authenticated": false, "bom-ref": "my-specific-bom-ref-for-my-first-service", "data": [ { "classification": "public", "flow": "outbound" } ], "description": "Description goes here", "endpoints": [ "/api/thing/1", "/api/thing/2" ], "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "a-group", "licenses": [ { "license": { "name": "Commercial" } } ], "name": "my-first-service", "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "provider": { "address": { "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "services": [ { "authenticated": true, "bom-ref": "my-specific-bom-ref-for-second-nested-service", "group": "no-group", "name": "second-nested-service", "provider": { "address": { "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "version": "3.2.1", "x-trust-boundary": false }, { "bom-ref": "my-specific-bom-ref-for-first-nested-service", "name": "first-nested-service" } ], "version": "1.2.3", "x-trust-boundary": true }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service", "services": [ { "bom-ref": "yet-another-nested-service", "group": "what-group", "name": "yet-another-nested-service", "provider": { "address": { "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "version": "6.5.4" }, { "bom-ref": "my-specific-bom-ref-for-another-nested-service", "name": "another-nested-service" } ] } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_nested_services-1.6.xml.bin000066400000000000000000000150331476011761300315470ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 CycloneDX
GB England Cheshire 100 Main Street
https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org a-group my-first-service 1.2.3 Description goes here /api/thing/1 /api/thing/2 false true public Commercial https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 CycloneDX
GB England Cheshire 100 Main Street
https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org no-group second-nested-service 3.2.1 true false first-nested-service major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 my-second-service CycloneDX
GB England Cheshire 100 Main Street
https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org what-group yet-another-nested-service 6.5.4 another-nested-service val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_complex-1.0.xml.bin000066400000000000000000000001541476011761300317240ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_complex-1.1.xml.bin000066400000000000000000000002511476011761300317230ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_complex-1.2.json.bin000066400000000000000000000036601476011761300321040ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "authenticated": false, "bom-ref": "my-specific-bom-ref-for-my-first-service", "data": [ { "classification": "public", "flow": "outbound" } ], "description": "Description goes here", "endpoints": [ "/api/thing/1", "/api/thing/2" ], "externalReferences": [ { "comment": "No comment", "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "a-group", "licenses": [ { "license": { "name": "Commercial" } } ], "name": "my-first-service", "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "version": "1.2.3", "x-trust-boundary": true }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_complex-1.2.xml.bin000066400000000000000000000037601476011761300317340ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org a-group my-first-service 1.2.3 Description goes here /api/thing/1 /api/thing/2 false true public Commercial https://cyclonedx.org No comment my-second-service cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_complex-1.3.json.bin000066400000000000000000000044331476011761300321040ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "authenticated": false, "bom-ref": "my-specific-bom-ref-for-my-first-service", "data": [ { "classification": "public", "flow": "outbound" } ], "description": "Description goes here", "endpoints": [ "/api/thing/1", "/api/thing/2" ], "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "a-group", "licenses": [ { "license": { "name": "Commercial" } } ], "name": "my-first-service", "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "version": "1.2.3", "x-trust-boundary": true }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_complex-1.3.xml.bin000066400000000000000000000044021476011761300317270ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org a-group my-first-service 1.2.3 Description goes here /api/thing/1 /api/thing/2 false true public Commercial https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 my-second-service cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_complex-1.4.json.bin000066400000000000000000000100661476011761300321040ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "authenticated": false, "bom-ref": "my-specific-bom-ref-for-my-first-service", "data": [ { "classification": "public", "flow": "outbound" } ], "description": "Description goes here", "endpoints": [ "/api/thing/1", "/api/thing/2" ], "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "a-group", "licenses": [ { "license": { "name": "Commercial" } } ], "name": "my-first-service", "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "version": "1.2.3", "x-trust-boundary": true }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_complex-1.4.xml.bin000066400000000000000000000077741476011761300317470ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org a-group my-first-service 1.2.3 Description goes here /api/thing/1 /api/thing/2 false true public Commercial https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 my-second-service cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_complex-1.5.json.bin000066400000000000000000000102761476011761300321100ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "authenticated": false, "bom-ref": "my-specific-bom-ref-for-my-first-service", "data": [ { "classification": "public", "flow": "outbound" } ], "description": "Description goes here", "endpoints": [ "/api/thing/1", "/api/thing/2" ], "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "a-group", "licenses": [ { "license": { "name": "Commercial" } } ], "name": "my-first-service", "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "provider": { "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "version": "1.2.3", "x-trust-boundary": true }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_complex-1.5.xml.bin000066400000000000000000000101571476011761300317350ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 CycloneDX https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org a-group my-first-service 1.2.3 Description goes here /api/thing/1 /api/thing/2 false true public Commercial https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 my-second-service val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_complex-1.6.json.bin000066400000000000000000000105471476011761300321120ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "authenticated": false, "bom-ref": "my-specific-bom-ref-for-my-first-service", "data": [ { "classification": "public", "flow": "outbound" } ], "description": "Description goes here", "endpoints": [ "/api/thing/1", "/api/thing/2" ], "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "a-group", "licenses": [ { "license": { "name": "Commercial" } } ], "name": "my-first-service", "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "provider": { "address": { "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, "contact": [ { "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { "email": "paul.horton@owasp.org", "name": "Paul Horton" } ], "name": "CycloneDX", "url": [ "https://cyclonedx.org", "https://cyclonedx.org/docs" ] }, "releaseNotes": { "aliases": [ "First Test Release" ], "description": "This release is a test release", "featuredImage": "https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png", "notes": [ { "locale": "en-GB", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } }, { "locale": "en-US", "text": { "content": "U29tZSBzaW1wbGUgcGxhaW4gdGV4dA==", "contentType": "text/plain; charset=UTF-8", "encoding": "base64" } } ], "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "resolves": [ { "description": "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features...", "id": "CVE-2021-44228", "name": "Apache Log3Shell", "references": [ "https://central.sonatype.org/news/20211213_log4shell_help", "https://logging.apache.org/log4j/2.x/security.html" ], "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, "type": "security" } ], "socialImage": "https://cyclonedx.org/cyclonedx-icon.png", "tags": [ "alpha", "test" ], "timestamp": "2023-08-15T01:23:45.678900+00:00", "title": "Release Notes Title", "type": "major" }, "version": "1.2.3", "x-trust-boundary": true }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_complex-1.6.xml.bin000066400000000000000000000104701476011761300317340ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 CycloneDX
GB England Cheshire 100 Main Street
https://cyclonedx.org https://cyclonedx.org/docs A N Other someone@somewhere.tld +44 (0)1234 567890 Paul Horton paul.horton@owasp.org a-group my-first-service 1.2.3 Description goes here /api/thing/1 /api/thing/2 false true public Commercial https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b val1 val2 major Release Notes Title https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png https://cyclonedx.org/cyclonedx-icon.png This release is a test release 2023-08-15T01:23:45.678900+00:00 First Test Release alpha test CVE-2021-44228 Apache Log3Shell Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features... NVD https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://central.sonatype.org/news/20211213_log4shell_help https://logging.apache.org/log4j/2.x/security.html en-GB U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== en-US U29tZSBzaW1wbGUgcGxhaW4gdGV4dA== val1 val2 my-second-service val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_simple-1.0.xml.bin000066400000000000000000000001541476011761300315460ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_simple-1.1.xml.bin000066400000000000000000000002511476011761300315450ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_simple-1.2.json.bin000066400000000000000000000015741476011761300317300ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "my-specific-bom-ref-for-my-first-service", "name": "my-first-service" }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_simple-1.2.xml.bin000066400000000000000000000015541476011761300315550ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 my-first-service my-second-service cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_simple-1.3.json.bin000066400000000000000000000015741476011761300317310ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "my-specific-bom-ref-for-my-first-service", "name": "my-first-service" }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_simple-1.3.xml.bin000066400000000000000000000015541476011761300315560ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 my-first-service my-second-service cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_simple-1.4.json.bin000066400000000000000000000015731476011761300317310ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "my-specific-bom-ref-for-my-first-service", "name": "my-first-service" }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_simple-1.4.xml.bin000066400000000000000000000015541476011761300315570ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 my-first-service my-second-service cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_simple-1.5.json.bin000066400000000000000000000020031476011761300317170ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "my-specific-bom-ref-for-my-first-service", "name": "my-first-service" }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_simple-1.5.xml.bin000066400000000000000000000017371476011761300315630ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 my-first-service my-second-service val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_simple-1.6.json.bin000066400000000000000000000020031476011761300317200ustar00rootroot00000000000000{ "dependencies": [ { "ref": "my-specific-bom-ref-for-cpl" }, { "ref": "my-specific-bom-ref-for-my-first-service" }, { "ref": "my-specific-bom-ref-for-my-second-service" } ], "metadata": { "component": { "bom-ref": "my-specific-bom-ref-for-cpl", "name": "cyclonedx-python-lib", "type": "library", "version": "1.0.0" }, "timestamp": "2023-01-07T13:44:32.312678+00:00" }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "services": [ { "bom-ref": "my-specific-bom-ref-for-my-first-service", "name": "my-first-service" }, { "bom-ref": "my-specific-bom-ref-for-my-second-service", "name": "my-second-service" } ], "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_services_simple-1.6.xml.bin000066400000000000000000000017371476011761300315640ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 cyclonedx-python-lib 1.0.0 my-first-service my-second-service val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools-1.0.xml.bin000066400000000000000000000001541476011761300275120ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools-1.1.xml.bin000066400000000000000000000002511476011761300275110ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools-1.2.json.bin000066400000000000000000000013441476011761300276670ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "hashes": [ { "alg": "SHA-256", "content": "adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6" } ], "name": "test-tool-a", "vendor": "example", "version": "1.33.7" }, { "name": "test-tool-b" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools-1.2.xml.bin000066400000000000000000000013301476011761300275110ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING example test-tool-a 1.33.7 adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6 test-tool-b cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools-1.3.json.bin000066400000000000000000000013441476011761300276700ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "hashes": [ { "alg": "SHA-256", "content": "adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6" } ], "name": "test-tool-a", "vendor": "example", "version": "1.33.7" }, { "name": "test-tool-b" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools-1.3.xml.bin000066400000000000000000000013301476011761300275120ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING example test-tool-a 1.33.7 adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6 test-tool-b cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools-1.4.json.bin000066400000000000000000000043271476011761300276750ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6" } ], "name": "test-tool-a", "vendor": "example", "version": "1.33.7" }, { "name": "test-tool-b" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools-1.4.xml.bin000066400000000000000000000043671476011761300275300ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme example test-tool-a 1.33.7 adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6 https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b test-tool-b cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools-1.5.json.bin000066400000000000000000000045371476011761300277010ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6" } ], "name": "test-tool-a", "vendor": "example", "version": "1.33.7" }, { "name": "test-tool-b" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools-1.5.xml.bin000066400000000000000000000045521476011761300275250ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme example test-tool-a 1.33.7 adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6 https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b test-tool-b val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools-1.6.json.bin000066400000000000000000000045371476011761300277020ustar00rootroot00000000000000{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6" } ], "name": "test-tool-a", "vendor": "example", "version": "1.33.7" }, { "name": "test-tool-b" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools-1.6.xml.bin000066400000000000000000000045521476011761300275260ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme example test-tool-a 1.33.7 adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6 https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b test-tool-b val1 val2 get_bom_with_tools_with_component_and_service_and_duplicated_tools_irreversible_migrate-1.0.xml.bin000066400000000000000000000001541476011761300456370ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots get_bom_with_tools_with_component_and_service_and_duplicated_tools_irreversible_migrate-1.1.xml.bin000066400000000000000000000002511476011761300456360ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots get_bom_with_tools_with_component_and_service_and_duplicated_tools_irreversible_migrate-1.2.json.bin000066400000000000000000000012271476011761300460140ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "name": "other-component", "vendor": "acme" }, { "name": "other-service", "vendor": "acme" }, { "name": "test-component" }, { "name": "test-service" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_with_tools_with_component_and_service_and_duplicated_tools_irreversible_migrate-1.2.xml.bin000066400000000000000000000013121476011761300456360ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING acme other-component acme other-service test-component test-service get_bom_with_tools_with_component_and_service_and_duplicated_tools_irreversible_migrate-1.3.json.bin000066400000000000000000000012271476011761300460150ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "name": "other-component", "vendor": "acme" }, { "name": "other-service", "vendor": "acme" }, { "name": "test-component" }, { "name": "test-service" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_with_tools_with_component_and_service_and_duplicated_tools_irreversible_migrate-1.3.xml.bin000066400000000000000000000013121476011761300456370ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING acme other-component acme other-service test-component test-service get_bom_with_tools_with_component_and_service_and_duplicated_tools_irreversible_migrate-1.4.json.bin000066400000000000000000000034141476011761300460160ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "name": "other-component", "vendor": "acme" }, { "name": "other-service", "vendor": "acme" }, { "name": "test-component" }, { "name": "test-service" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_with_tools_with_component_and_service_and_duplicated_tools_irreversible_migrate-1.4.xml.bin000066400000000000000000000036011476011761300456430ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme acme other-component acme other-service test-component test-service get_bom_with_tools_with_component_and_service_and_duplicated_tools_irreversible_migrate-1.5.json.bin000066400000000000000000000036241476011761300460220ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "name": "other-component", "vendor": "acme" }, { "name": "other-service", "vendor": "acme" }, { "name": "test-component" }, { "name": "test-service" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_with_tools_with_component_and_service_and_duplicated_tools_irreversible_migrate-1.5.xml.bin000066400000000000000000000037641476011761300456560ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme acme other-component acme other-service test-component test-service val1 val2 get_bom_with_tools_with_component_and_service_and_duplicated_tools_irreversible_migrate-1.6.json.bin000066400000000000000000000036241476011761300460230ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "name": "other-component", "vendor": "acme" }, { "name": "other-service", "vendor": "acme" }, { "name": "test-component" }, { "name": "test-service" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_with_tools_with_component_and_service_and_duplicated_tools_irreversible_migrate-1.6.xml.bin000066400000000000000000000037641476011761300456570ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme acme other-component acme other-service test-component test-service val1 val2 get_bom_with_tools_with_component_and_service_and_tools_irreversible_migrate-1.0.xml.bin000066400000000000000000000001541476011761300434410ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots get_bom_with_tools_with_component_and_service_and_tools_irreversible_migrate-1.1.xml.bin000066400000000000000000000002511476011761300434400ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots get_bom_with_tools_with_component_and_service_and_tools_irreversible_migrate-1.2.json.bin000066400000000000000000000022151476011761300436140ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "vendor": "acme" }, { "name": "other-service", "vendor": "acme" }, { "hashes": [ { "alg": "SHA-256", "content": "adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6" } ], "name": "test-tool-a", "vendor": "example", "version": "1.33.7" }, { "name": "test-component" }, { "name": "test-service" }, { "name": "test-tool-b" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_with_tools_with_component_and_service_and_tools_irreversible_migrate-1.2.xml.bin000066400000000000000000000022271476011761300434460ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca acme other-service example test-tool-a 1.33.7 adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6 test-component test-service test-tool-b get_bom_with_tools_with_component_and_service_and_tools_irreversible_migrate-1.3.json.bin000066400000000000000000000022151476011761300436150ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "vendor": "acme" }, { "name": "other-service", "vendor": "acme" }, { "hashes": [ { "alg": "SHA-256", "content": "adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6" } ], "name": "test-tool-a", "vendor": "example", "version": "1.33.7" }, { "name": "test-component" }, { "name": "test-service" }, { "name": "test-tool-b" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_with_tools_with_component_and_service_and_tools_irreversible_migrate-1.3.xml.bin000066400000000000000000000022271476011761300434470ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca acme other-service example test-tool-a 1.33.7 adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6 test-component test-service test-tool-b get_bom_with_tools_with_component_and_service_and_tools_irreversible_migrate-1.4.json.bin000066400000000000000000000065741476011761300436320ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "vendor": "acme" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "name": "other-service", "vendor": "acme" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6" } ], "name": "test-tool-a", "vendor": "example", "version": "1.33.7" }, { "name": "test-component" }, { "name": "test-service" }, { "name": "test-tool-b" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_with_tools_with_component_and_service_and_tools_irreversible_migrate-1.4.xml.bin000066400000000000000000000066061476011761300434550ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b acme other-service https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b example test-tool-a 1.33.7 adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6 https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b test-component test-service test-tool-b get_bom_with_tools_with_component_and_service_and_tools_irreversible_migrate-1.5.json.bin000066400000000000000000000070041476011761300436200ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "vendor": "acme" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "name": "other-service", "vendor": "acme" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6" } ], "name": "test-tool-a", "vendor": "example", "version": "1.33.7" }, { "name": "test-component" }, { "name": "test-service" }, { "name": "test-tool-b" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_with_tools_with_component_and_service_and_tools_irreversible_migrate-1.5.xml.bin000066400000000000000000000067711476011761300434610ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b acme other-service https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b example test-tool-a 1.33.7 adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6 https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b test-component test-service test-tool-b val1 val2 get_bom_with_tools_with_component_and_service_and_tools_irreversible_migrate-1.6.json.bin000066400000000000000000000070041476011761300436210ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "vendor": "acme" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "name": "other-service", "vendor": "acme" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6" } ], "name": "test-tool-a", "vendor": "example", "version": "1.33.7" }, { "name": "test-component" }, { "name": "test-service" }, { "name": "test-tool-b" } ] }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_with_tools_with_component_and_service_and_tools_irreversible_migrate-1.6.xml.bin000066400000000000000000000067711476011761300434620ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b acme other-service https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b example test-tool-a 1.33.7 adbbbe72c8f023b4a2d96a3978f69d94873ab2fef424e0298287c3368519c1a6 https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b test-component test-service test-tool-b val1 val2 get_bom_with_tools_with_component_and_service_migrate-1.0.xml.bin000066400000000000000000000001541476011761300366220ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots get_bom_with_tools_with_component_and_service_migrate-1.1.xml.bin000066400000000000000000000002511476011761300366210ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots get_bom_with_tools_with_component_and_service_migrate-1.2.json.bin000066400000000000000000000015061476011761300367770ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "vendor": "acme" }, { "name": "other-service", "vendor": "acme" }, { "name": "test-component" }, { "name": "test-service" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_with_tools_with_component_and_service_migrate-1.2.xml.bin000066400000000000000000000015231476011761300366250ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca acme other-service test-component test-service get_bom_with_tools_with_component_and_service_migrate-1.3.json.bin000066400000000000000000000015061476011761300370000ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "vendor": "acme" }, { "name": "other-service", "vendor": "acme" }, { "name": "test-component" }, { "name": "test-service" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_with_tools_with_component_and_service_migrate-1.3.xml.bin000066400000000000000000000015231476011761300366260ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca acme other-service test-component test-service get_bom_with_tools_with_component_and_service_migrate-1.4.json.bin000066400000000000000000000052671476011761300370110ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "vendor": "acme" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "name": "other-service", "vendor": "acme" }, { "name": "test-component" }, { "name": "test-service" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_with_tools_with_component_and_service_migrate-1.4.xml.bin000066400000000000000000000053321476011761300366310ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b acme other-service https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b test-component test-service get_bom_with_tools_with_component_and_service_migrate-1.5.json.bin000066400000000000000000000067351476011761300370130ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": { "components": [ { "bom-ref": "other-component", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "acme", "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "type": "application" }, { "description": "Python library for CycloneDX", "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "group": "CycloneDX", "licenses": [ { "license": { "id": "Apache-2.0" } } ], "name": "cyclonedx-python-lib", "type": "library", "version": "TESTING" }, { "bom-ref": "test-component", "name": "test-component", "type": "library" } ], "services": [ { "bom-ref": "other-service", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "acme", "name": "other-service" }, { "bom-ref": "test-service", "name": "test-service" } ] } }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_with_tools_with_component_and_service_migrate-1.5.xml.bin000066400000000000000000000066161476011761300366400ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b CycloneDX cyclonedx-python-lib TESTING Python library for CycloneDX Apache-2.0 https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme test-component acme other-service https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b test-service val1 val2 get_bom_with_tools_with_component_and_service_migrate-1.6.json.bin000066400000000000000000000070141476011761300370030ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": { "components": [ { "bom-ref": "other-component", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "acme", "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "type": "application" }, { "description": "Python library for CycloneDX", "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "group": "CycloneDX", "licenses": [ { "license": { "acknowledgement": "declared", "id": "Apache-2.0" } } ], "name": "cyclonedx-python-lib", "type": "library", "version": "TESTING" }, { "bom-ref": "test-component", "name": "test-component", "type": "library" } ], "services": [ { "bom-ref": "other-service", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "acme", "name": "other-service" }, { "bom-ref": "test-service", "name": "test-service" } ] } }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_with_tools_with_component_and_service_migrate-1.6.xml.bin000066400000000000000000000066511476011761300366400ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b CycloneDX cyclonedx-python-lib TESTING Python library for CycloneDX Apache-2.0 https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme test-component acme other-service https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b test-service val1 val2 get_bom_with_tools_with_component_migrate-1.0.xml.bin000066400000000000000000000001541476011761300342600ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots get_bom_with_tools_with_component_migrate-1.1.xml.bin000066400000000000000000000002511476011761300342570ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots get_bom_with_tools_with_component_migrate-1.2.json.bin000066400000000000000000000013131476011761300344310ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "vendor": "acme" }, { "name": "test-component" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }get_bom_with_tools_with_component_migrate-1.2.xml.bin000066400000000000000000000012721476011761300342640ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca test-component get_bom_with_tools_with_component_migrate-1.3.json.bin000066400000000000000000000013131476011761300344320ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "vendor": "acme" }, { "name": "test-component" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }get_bom_with_tools_with_component_migrate-1.3.xml.bin000066400000000000000000000012721476011761300342650ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca test-component get_bom_with_tools_with_component_migrate-1.4.json.bin000066400000000000000000000042761476011761300344460ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "TESTING" }, { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "vendor": "acme" }, { "name": "test-component" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }get_bom_with_tools_with_component_migrate-1.4.xml.bin000066400000000000000000000043311476011761300342650ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 CycloneDX cyclonedx-python-lib TESTING https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b test-component get_bom_with_tools_with_component_migrate-1.5.json.bin000066400000000000000000000055261476011761300344460ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": { "components": [ { "bom-ref": "other-component", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "acme", "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "type": "application" }, { "description": "Python library for CycloneDX", "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "group": "CycloneDX", "licenses": [ { "license": { "id": "Apache-2.0" } } ], "name": "cyclonedx-python-lib", "type": "library", "version": "TESTING" }, { "bom-ref": "test-component", "name": "test-component", "type": "library" } ] } }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }get_bom_with_tools_with_component_migrate-1.5.xml.bin000066400000000000000000000054211476011761300342670ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b CycloneDX cyclonedx-python-lib TESTING Python library for CycloneDX Apache-2.0 https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme test-component val1 val2 get_bom_with_tools_with_component_migrate-1.6.json.bin000066400000000000000000000056051476011761300344450ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": { "components": [ { "bom-ref": "other-component", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "acme", "hashes": [ { "alg": "SHA-256", "content": "49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca" } ], "name": "other-component", "type": "application" }, { "description": "Python library for CycloneDX", "externalReferences": [ { "type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" }, { "type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/" }, { "type": "documentation", "url": "https://cyclonedx-python-library.readthedocs.io/" }, { "type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" }, { "type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" }, { "type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" }, { "type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib" }, { "type": "website", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" } ], "group": "CycloneDX", "licenses": [ { "license": { "acknowledgement": "declared", "id": "Apache-2.0" } } ], "name": "cyclonedx-python-lib", "type": "library", "version": "TESTING" }, { "bom-ref": "test-component", "name": "test-component", "type": "library" } ] } }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }get_bom_with_tools_with_component_migrate-1.6.xml.bin000066400000000000000000000054541476011761300342760ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots 2023-01-07T13:44:32.312678+00:00 acme other-component 49b420bd8d8182542a76d4422e0c7890dcc88a3d8ddad04da06366d8c40ac8ca https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b CycloneDX cyclonedx-python-lib TESTING Python library for CycloneDX Apache-2.0 https://github.com/CycloneDX/cyclonedx-python-lib/actions https://pypi.org/project/cyclonedx-python-lib/ https://cyclonedx-python-library.readthedocs.io/ https://github.com/CycloneDX/cyclonedx-python-lib/issues https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md https://github.com/CycloneDX/cyclonedx-python-lib https://github.com/CycloneDX/cyclonedx-python-lib/#readme test-component val1 val2 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools_with_service_migrate-1.0.xml.bin000066400000000000000000000001541476011761300337750ustar00rootroot00000000000000 cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools_with_service_migrate-1.1.xml.bin000066400000000000000000000002511476011761300337740ustar00rootroot00000000000000 get_bom_with_tools_with_service_migrate-1.2.json.bin000066400000000000000000000006431476011761300340740ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "name": "other-service", "vendor": "acme" }, { "name": "test-service" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools_with_service_migrate-1.2.xml.bin000066400000000000000000000006421476011761300340010ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 acme other-service test-service get_bom_with_tools_with_service_migrate-1.3.json.bin000066400000000000000000000006431476011761300340750ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "name": "other-service", "vendor": "acme" }, { "name": "test-service" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools_with_service_migrate-1.3.xml.bin000066400000000000000000000006421476011761300340020ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 acme other-service test-service get_bom_with_tools_with_service_migrate-1.4.json.bin000066400000000000000000000014401476011761300340720ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": [ { "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "name": "other-service", "vendor": "acme" }, { "name": "test-service" } ] }, "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools_with_service_migrate-1.4.xml.bin000066400000000000000000000014121476011761300337770ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 acme other-service https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b test-service get_bom_with_tools_with_service_migrate-1.5.json.bin000066400000000000000000000020661476011761300341000ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": { "services": [ { "bom-ref": "other-service", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "acme", "name": "other-service" }, { "bom-ref": "test-service", "name": "test-service" } ] } }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.5" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools_with_service_migrate-1.5.xml.bin000066400000000000000000000017711476011761300340100ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 acme other-service https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b test-service val1 val2 get_bom_with_tools_with_service_migrate-1.6.json.bin000066400000000000000000000020661476011761300341010ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/_data/snapshots{ "metadata": { "timestamp": "2023-01-07T13:44:32.312678+00:00", "tools": { "services": [ { "bom-ref": "other-service", "externalReferences": [ { "comment": "No comment", "hashes": [ { "alg": "SHA-256", "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "type": "distribution", "url": "https://cyclonedx.org" } ], "group": "acme", "name": "other-service" }, { "bom-ref": "test-service", "name": "test-service" } ] } }, "properties": [ { "name": "key1", "value": "val1" }, { "name": "key2", "value": "val2" } ], "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }cyclonedx-python-lib-9.1.0/tests/_data/snapshots/get_bom_with_tools_with_service_migrate-1.6.xml.bin000066400000000000000000000017711476011761300340110ustar00rootroot00000000000000 2023-01-07T13:44:32.312678+00:00 acme other-service https://cyclonedx.org No comment 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b test-service val1 val2 cyclonedx-python-lib-9.1.0/tests/test_builder_this.py000066400000000000000000000067241476011761300230430ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from typing import Any, Dict, Iterable, Tuple, Union from unittest import TestCase from cyclonedx.builder.this import this_component, this_tool from cyclonedx.model import ExternalReference, ExternalReferenceType from cyclonedx.model.component import ComponentType from cyclonedx.model.license import License, LicenseAcknowledgement from tests import load_pyproject class ExtRefsTestMixin: @staticmethod def __first_ers_uri(t: ExternalReferenceType, ers: Iterable[ExternalReference]) -> str: return next(filter(lambda r: r.type is t, ers)).url.uri def assertExtRefs( # noqa:N802 self: Union[TestCase, 'ExtRefsTestMixin'], p: Dict[str, Any], ers: Iterable[ExternalReference] ) -> None: self.assertEqual(p['tool']['poetry']['homepage'], self.__first_ers_uri( ExternalReferenceType.WEBSITE, ers)) self.assertEqual(p['tool']['poetry']['repository'], self.__first_ers_uri( ExternalReferenceType.VCS, ers)) self.assertEqual(p['tool']['poetry']['documentation'], self.__first_ers_uri( ExternalReferenceType.DOCUMENTATION, ers)) self.assertEqual(p['tool']['poetry']['urls']['Bug Tracker'], self.__first_ers_uri( ExternalReferenceType.ISSUE_TRACKER, ers)) class TestThisComponent(TestCase, ExtRefsTestMixin): def test_basics(self) -> None: p = load_pyproject() c = this_component() self.assertIs(ComponentType.LIBRARY, c.type) self.assertEqual('CycloneDX', c.group) self.assertEqual(p['tool']['poetry']['name'], c.name) self.assertEqual(p['tool']['poetry']['version'], c.version) self.assertEqual(p['tool']['poetry']['description'], c.description) def test_license(self) -> None: p = load_pyproject() ls: Tuple[License, ...] = tuple(this_component().licenses) self.assertEqual(1, len(ls)) l = ls[0] # noqa:E741 self.assertIs(LicenseAcknowledgement.DECLARED, l.acknowledgement) # this uses the fact that poetry expect license declarations as valid SPDX-license-id self.assertEqual(p['tool']['poetry']['license'], l.id) def test_extrefs(self) -> None: p = load_pyproject() ers: Tuple[ExternalReference, ...] = tuple(this_component().external_references) self.assertExtRefs(p, ers) class TestThisTool(TestCase, ExtRefsTestMixin): def test_basics(self) -> None: p = load_pyproject() t = this_tool() self.assertEqual('CycloneDX', t.vendor) self.assertEqual(p['tool']['poetry']['name'], t.name) self.assertEqual(p['tool']['poetry']['version'], t.version) def test_extrefs(self) -> None: p = load_pyproject() ers: Tuple[ExternalReference, ...] = tuple(this_tool().external_references) self.assertExtRefs(p, ers) cyclonedx-python-lib-9.1.0/tests/test_component.py000066400000000000000000000056211476011761300223630ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from os.path import join from unittest import TestCase # See https://github.com/package-url/packageurl-python/issues/65 from packageurl import PackageURL from cyclonedx._internal.hash import file_sha1sum as _file_sha1sum from cyclonedx.model.component import Component from tests import OWN_DATA_DIRECTORY from tests._data.models import get_component_setuptools_simple class TestComponent(TestCase): def test_purl_correct(self) -> None: self.assertEqual( PackageURL( type='pypi', name='setuptools', version='50.3.2', qualifiers='extension=tar.gz' ), get_component_setuptools_simple().purl ) def test_purl_incorrect_version(self) -> None: purl = PackageURL( type='pypi', name='setuptools', version='50.3.1' ) self.assertNotEqual( str(purl), str(get_component_setuptools_simple().purl) ) self.assertEqual(purl.type, 'pypi') self.assertEqual(purl.name, 'setuptools') self.assertEqual(purl.version, '50.3.1') def test_purl_incorrect_name(self) -> None: purl = PackageURL( type='pypi', name='setuptoolz', version='50.3.2', qualifiers='extension=tar.gz' ) self.assertNotEqual( str(purl), str(get_component_setuptools_simple().purl) ) self.assertEqual(purl.type, 'pypi') self.assertEqual(purl.name, 'setuptoolz') self.assertEqual(purl.version, '50.3.2') self.assertEqual(purl.qualifiers, {'extension': 'tar.gz'}) def test_from_xml_file_with_path_for_bom(self) -> None: test_file = join(OWN_DATA_DIRECTORY, 'xml', '1.4', 'bom_setuptools.xml') c = Component.for_file(absolute_file_path=test_file, path_for_bom='fixtures/bom_setuptools.xml') sha1_hash: str = _file_sha1sum(filename=test_file) expected_version = f'0.0.0-{sha1_hash[0:12]}' self.assertEqual(c.name, 'fixtures/bom_setuptools.xml') self.assertEqual(c.version, expected_version) purl = PackageURL( type='generic', name='fixtures/bom_setuptools.xml', version=expected_version ) self.assertEqual(c.purl, purl) self.assertEqual(len(c.hashes), 1) cyclonedx-python-lib-9.1.0/tests/test_deserialize_json.py000066400000000000000000000124421476011761300237110ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from json import loads as json_loads from os.path import join from typing import Any, Callable from unittest import TestCase from unittest.mock import patch from ddt import data, ddt, named_data from cyclonedx.model.bom import Bom from cyclonedx.model.license import DisjunctiveLicense, LicenseExpression, LicenseRepository from cyclonedx.schema import OutputFormat, SchemaVersion from tests import OWN_DATA_DIRECTORY, DeepCompareMixin, SnapshotMixin, mksname from tests._data.models import ( all_get_bom_funct_valid_immut, all_get_bom_funct_valid_reversible_migrate, all_get_bom_funct_with_incomplete_deps, ) @ddt class TestDeserializeJson(TestCase, SnapshotMixin, DeepCompareMixin): @named_data(*all_get_bom_funct_valid_immut, *all_get_bom_funct_valid_reversible_migrate) @patch('cyclonedx.builder.this.__ThisVersion', 'TESTING') def test_prepared(self, get_bom: Callable[[], Bom], *_: Any, **__: Any) -> None: # only latest schema will have all data populated in serialized form snapshot_name = mksname(get_bom, SchemaVersion.V1_6, OutputFormat.JSON) expected = get_bom() json = json_loads(self.readSnapshot(snapshot_name)) bom = Bom.from_json(json) self.assertBomDeepEqual(expected, bom, fuzzy_deps=get_bom in all_get_bom_funct_with_incomplete_deps) def test_empty_supplier(self) -> None: """Regression for issue #600 See: https://github.com/CycloneDX/cyclonedx-python-lib/issues/600 """ json_file = join(OWN_DATA_DIRECTORY, 'json', '1.4', 'empty_supplier.json') with open(json_file) as f: json = json_loads(f.read()) bom = Bom.from_json(json) self.assertIsInstance(bom, Bom) @data(SchemaVersion.V1_4, SchemaVersion.V1_3, SchemaVersion.V1_2) def test_mixed_licenses_before15(self, sv: SchemaVersion) -> None: # before CDX 1.5 it was allowed to mix `expression` and `license` def test(ls: LicenseRepository) -> None: self.assertEqual(3, len(ls)) expression: LicenseExpression = next(( li for li in ls if isinstance(li, LicenseExpression) ), None) with_id: DisjunctiveLicense = next(( li for li in ls if isinstance(li, DisjunctiveLicense) and li.id is not None ), None) with_name: DisjunctiveLicense = next(( li for li in ls if isinstance(li, DisjunctiveLicense) and li.name is not None ), None) self.assertEqual('MIT OR Apache-2.0', expression.value) self.assertEqual('MIT', with_id.id) self.assertEqual('foo license', with_name.name) json_file = join(OWN_DATA_DIRECTORY, 'json', sv.to_version(), 'bom_with_mixed_licenses.json') with open(json_file) as f: json = json_loads(f.read()) bom: Bom = Bom.from_json(json) if sv is not SchemaVersion.V1_2: test(bom.metadata.licenses) test(bom.metadata.component.licenses) test(list(bom.components)[0].licenses) test(list(bom.services)[0].licenses) def test_regression_issue771(self) -> None: """ regression test for issue#771. see https://github.com/CycloneDX/cyclonedx-python-lib/issues/771 """ json_file = join(OWN_DATA_DIRECTORY, 'json', SchemaVersion.V1_6.to_version(), 'issue771.json') with open(json_file) as f: json = json_loads(f.read()) bom: Bom = Bom.from_json(json) # <<< is expected to not crash self.assertIsNotNone(bom) def test_regression_issue764(self) -> None: """ regression test for issue#764. see https://github.com/CycloneDX/cyclonedx-python-lib/issues/764 """ json_file = join(OWN_DATA_DIRECTORY, 'json', SchemaVersion.V1_6.to_version(), 'issue764.json') with open(json_file) as f: json = json_loads(f.read()) bom: Bom = Bom.from_json(json) # <<< is expected to not crash self.assertIsNotNone(bom) def test_regression_issue690(self) -> None: """ regression test for issue#690. see https://github.com/CycloneDX/cyclonedx-python-lib/issues/690 """ json_file = join(OWN_DATA_DIRECTORY, 'json', SchemaVersion.V1_6.to_version(), 'issue690.json') with open(json_file) as f: json = json_loads(f.read()) bom: Bom = Bom.from_json(json) # <<< is expected to not crash self.assertIsNotNone(bom) cyclonedx-python-lib-9.1.0/tests/test_deserialize_xml.py000066400000000000000000000035441476011761300235430ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from typing import Any, Callable from unittest import TestCase from unittest.mock import patch from ddt import ddt, named_data from cyclonedx.model.bom import Bom from cyclonedx.schema import OutputFormat, SchemaVersion from tests import DeepCompareMixin, SnapshotMixin, mksname from tests._data.models import ( all_get_bom_funct_valid_immut, all_get_bom_funct_valid_reversible_migrate, all_get_bom_funct_with_incomplete_deps, ) @ddt class TestDeserializeXml(TestCase, SnapshotMixin, DeepCompareMixin): @named_data(*all_get_bom_funct_valid_immut, *all_get_bom_funct_valid_reversible_migrate) @patch('cyclonedx.builder.this.__ThisVersion', 'TESTING') def test_prepared(self, get_bom: Callable[[], Bom], *_: Any, **__: Any) -> None: # only latest schema will have all data populated in serialized form snapshot_name = mksname(get_bom, SchemaVersion.V1_6, OutputFormat.XML) expected = get_bom() with open(self.getSnapshotFile(snapshot_name), 'r') as s: bom = Bom.from_xml(s) self.assertBomDeepEqual(expected, bom, fuzzy_deps=get_bom in all_get_bom_funct_with_incomplete_deps) cyclonedx-python-lib-9.1.0/tests/test_enums.py000066400000000000000000000451331476011761300215120ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from enum import Enum from itertools import chain from json import load as json_load from typing import Any, Generator, Iterable, Tuple, Type from unittest import TestCase from warnings import warn from xml.etree.ElementTree import parse as xml_parse # nosec B405 from ddt import ddt, idata, named_data from cyclonedx.exception import MissingOptionalDependencyException from cyclonedx.exception.serialization import SerializationOfUnsupportedComponentTypeException from cyclonedx.model import AttachedText, ExternalReference, HashType, XsUri from cyclonedx.model.bom import Bom, BomMetaData from cyclonedx.model.component import Component, Patch, Pedigree from cyclonedx.model.issue import IssueType from cyclonedx.model.license import DisjunctiveLicense from cyclonedx.model.lifecycle import LifecyclePhase, PredefinedLifecycle from cyclonedx.model.service import DataClassification, Service from cyclonedx.model.vulnerability import ( BomTarget, BomTargetVersionRange, Vulnerability, VulnerabilityAnalysis, VulnerabilityRating, ) from cyclonedx.output import make_outputter from cyclonedx.schema import OutputFormat, SchemaVersion from cyclonedx.schema._res import BOM_JSON as SCHEMA_JSON, BOM_XML as SCHEMA_XML from cyclonedx.validation import make_schemabased_validator from tests import SnapshotMixin from tests._data.models import _make_bom # region SUT: all the enums from cyclonedx.model import ( # isort:skip DataFlow, Encoding, ExternalReferenceType, HashAlgorithm, ) from cyclonedx.model.component import ( # isort:skip ComponentScope, ComponentType, PatchClassification, ) from cyclonedx.model.impact_analysis import ( # isort:skip ImpactAnalysisAffectedStatus, ImpactAnalysisJustification, ImpactAnalysisResponse, ImpactAnalysisState, ) from cyclonedx.model.issue import ( # isort:skip IssueClassification, ) from cyclonedx.model.vulnerability import ( # isort:skip VulnerabilityScoreSource, VulnerabilitySeverity, ) # endregion SUT SCHEMA_NS = '{http://www.w3.org/2001/XMLSchema}' def dp_cases_from_xml_schema(sf: str, xpath: str) -> Generator[str, None, None]: for el in xml_parse(sf).iterfind(f'{xpath}/{SCHEMA_NS}restriction/{SCHEMA_NS}enumeration'): # nosec B314 yield el.get('value') def dp_cases_from_xml_schemas(xpath: str) -> Generator[str, None, None]: for sf in SCHEMA_XML.values(): if sf is None: continue yield from dp_cases_from_xml_schema(sf, xpath) def dp_cases_from_json_schema(sf: str, jsonpointer: Iterable[str]) -> Generator[str, None, None]: with open(sf) as sfh: data = json_load(sfh) try: for pp in jsonpointer: data = data[pp] except KeyError: return for value in data['enum']: yield value def dp_cases_from_json_schemas(*jsonpointer: str) -> Generator[str, None, None]: for sf in SCHEMA_JSON.values(): if sf is None: continue yield from dp_cases_from_json_schema(sf, jsonpointer) UNSUPPORTED_OF_SV = frozenset([ (OutputFormat.JSON, SchemaVersion.V1_1), (OutputFormat.JSON, SchemaVersion.V1_0), ]) NAMED_OF_SV = tuple( (f'{of.name}-{sv.to_version()}', of, sv) for of in OutputFormat for sv in SchemaVersion if (of, sv) not in UNSUPPORTED_OF_SV ) class _EnumTestCase(TestCase, SnapshotMixin): def _test_knows_value(self, enum: Type[Enum], value: str) -> None: ec = enum(value) # throws valueError if value unknown self.assertTrue(ec.name) # TODO test for an expected name @staticmethod def __str_rmp(s: str, p: str) -> str: # str.removeprefix() for all py versions pl = len(p) return s[pl:] if s[:pl] == p else s def _test_cases_render(self, bom: Bom, of: OutputFormat, sv: SchemaVersion) -> None: snapshot_name = f'enum_{self.__str_rmp(type(self).__name__, "TestEnum")}-{sv.to_version()}.{of.name.lower()}' output = make_outputter(bom, of, sv).output_as_string(indent=2) try: validation_errors = make_schemabased_validator(of, sv).validate_str(output) except MissingOptionalDependencyException: warn('!!! skipped schema validation', category=UserWarning, stacklevel=0) else: self.assertIsNone(validation_errors) self.assertEqualSnapshot(output, snapshot_name) @ddt class TestEnumDataFlow(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='dataFlowType']"), dp_cases_from_json_schemas('definitions', 'dataFlowDirection'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(DataFlow, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(services=[Service(name='dummy', bom_ref='dummy', data=( DataClassification(flow=df, classification=df.name) for df in DataFlow ))]) super()._test_cases_render(bom, of, sv) @ddt class TestEnumEncoding(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='encoding']"), dp_cases_from_json_schemas('definitions', 'attachment', 'properties', 'encoding'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(Encoding, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(components=[Component(name='dummy', type=ComponentType.LIBRARY, bom_ref='dummy', licenses=( DisjunctiveLicense(name=f'att.encoding: {encoding.name}', text=AttachedText( content=f'att.encoding: {encoding.name}', encoding=encoding )) for encoding in Encoding ))]) super()._test_cases_render(bom, of, sv) @ddt class TestEnumExternalReferenceType(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='externalReferenceType']"), dp_cases_from_json_schemas('definitions', 'externalReference', 'properties', 'type'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(ExternalReferenceType, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(components=[ Component(name='dummy', type=ComponentType.LIBRARY, bom_ref='dummy', external_references=( ExternalReference(type=extref, url=XsUri(f'tests/{extref.name}')) for extref in ExternalReferenceType )) ]) super()._test_cases_render(bom, of, sv) @ddt class TestEnumHashAlgorithm(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='hashAlg']"), dp_cases_from_json_schemas('definitions', 'hash-alg'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(HashAlgorithm, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(components=[Component(name='dummy', type=ComponentType.LIBRARY, bom_ref='dummy', hashes=( HashType(alg=alg, content='ae2b1fca515949e5d54fb22b8ed95575') for alg in HashAlgorithm ))]) super()._test_cases_render(bom, of, sv) @ddt class TestEnumComponentScope(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='scope']"), dp_cases_from_json_schemas('definitions', 'component', 'properties', 'scope'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(ComponentScope, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(components=( Component(bom_ref=f'scoped-{scope.name}', name=f'dummy-{scope.name}', type=ComponentType.LIBRARY, scope=scope) for scope in ComponentScope )) super()._test_cases_render(bom, of, sv) class _DP_ComponentType(): # noqa: N801 XML_SCHEMA_XPATH = f"./{SCHEMA_NS}simpleType[@name='classification']" JSON_SCHEMA_POINTER = ('definitions', 'component', 'properties', 'type') @classmethod def unsupported_cases(cls) -> Generator[Tuple[str, OutputFormat, SchemaVersion, ComponentType], None, None]: for name, of, sv in NAMED_OF_SV: if OutputFormat.XML is of: schema_cases = set(dp_cases_from_xml_schema(SCHEMA_XML[sv], cls.XML_SCHEMA_XPATH)) elif OutputFormat.JSON is of: schema_cases = set(dp_cases_from_json_schema(SCHEMA_JSON[sv], cls.JSON_SCHEMA_POINTER)) else: raise ValueError(f'unexpected of: {of!r}') for ct in ComponentType: if ct.value not in schema_cases: yield f'{name}-{ct.name}', of, sv, ct @ddt class TestEnumComponentType(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(_DP_ComponentType.XML_SCHEMA_XPATH), dp_cases_from_json_schemas(*_DP_ComponentType.JSON_SCHEMA_POINTER), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(ComponentType, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: if OutputFormat.XML is of: schema_cases = set(dp_cases_from_xml_schema(SCHEMA_XML[sv], _DP_ComponentType.XML_SCHEMA_XPATH)) elif OutputFormat.JSON is of: schema_cases = set(dp_cases_from_json_schema(SCHEMA_JSON[sv], _DP_ComponentType.JSON_SCHEMA_POINTER)) else: raise ValueError(f'unexpected of: {of!r}') bom = _make_bom(components=( Component(bom_ref=f'typed-{ct.name}', name=f'dummy {ct.name}', type=ct) for ct in ComponentType if ct.value in schema_cases )) super()._test_cases_render(bom, of, sv) @named_data(*_DP_ComponentType.unsupported_cases()) def test_cases_render_raises_on_unsupported(self, of: OutputFormat, sv: SchemaVersion, ct: ComponentType, *_: Any, **__: Any) -> None: bom = _make_bom(components=[ Component(bom_ref=f'typed-{ct.name}', name=f'dummy {ct.name}', type=ct) ]) with self.assertRaises(SerializationOfUnsupportedComponentTypeException): super()._test_cases_render(bom, of, sv) @ddt class TestEnumPatchClassification(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='patchClassification']"), dp_cases_from_json_schemas('definitions', 'patch', 'properties', 'type'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(PatchClassification, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(components=[ Component(name='dummy', type=ComponentType.LIBRARY, bom_ref='dummy', pedigree=Pedigree(patches=( Patch(type=pc) for pc in PatchClassification ))) ]) super()._test_cases_render(bom, of, sv) @ddt class TestEnumImpactAnalysisAffectedStatus(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='impactAnalysisAffectedStatusType']"), dp_cases_from_json_schemas('definitions', 'affectedStatus'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(ImpactAnalysisAffectedStatus, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(vulnerabilities=[Vulnerability( bom_ref='dummy', id='dummy', affects=[BomTarget(ref='urn:cdx:bom23/1#comp42', versions=( BomTargetVersionRange(version=f'1.33.7+{iaas.name}', status=iaas) for iaas in ImpactAnalysisAffectedStatus ))] )]) super()._test_cases_render(bom, of, sv) @ddt class TestEnumImpactAnalysisJustification(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='impactAnalysisJustificationType']"), dp_cases_from_json_schemas('definitions', 'impactAnalysisJustification'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(ImpactAnalysisJustification, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(vulnerabilities=( Vulnerability( bom_ref=f'vuln-with-{iaj.name}', id=f'vuln-with-{iaj.name}', analysis=VulnerabilityAnalysis(justification=iaj) ) for iaj in ImpactAnalysisJustification )) super()._test_cases_render(bom, of, sv) @ddt class TestEnumImpactAnalysisResponse(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='impactAnalysisResponsesType']"), dp_cases_from_json_schemas('definitions', 'vulnerability', 'properties', 'analysis', 'properties', 'response', 'items'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(ImpactAnalysisResponse, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(vulnerabilities=[Vulnerability( bom_ref='dummy', id='dummy', analysis=VulnerabilityAnalysis(responses=( iar for iar in ImpactAnalysisResponse )) )]) super()._test_cases_render(bom, of, sv) @ddt class TestEnumImpactAnalysisState(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='impactAnalysisStateType']"), dp_cases_from_json_schemas('definitions', 'impactAnalysisState'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(ImpactAnalysisState, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(vulnerabilities=( Vulnerability( bom_ref=f'vuln-wit-state-{ias.name}', id=f'vuln-wit-state-{ias.name}', analysis=VulnerabilityAnalysis(state=ias) ) for ias in ImpactAnalysisState )) super()._test_cases_render(bom, of, sv) @ddt class TestEnumIssueClassification(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='issueClassification']"), dp_cases_from_json_schemas('definitions', 'issue', 'properties', 'type'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(IssueClassification, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(components=[ Component(name='dummy', type=ComponentType.LIBRARY, bom_ref='dummy', pedigree=Pedigree(patches=[ Patch(type=PatchClassification.BACKPORT, resolves=( IssueType(type=ic, id=f'issue-{ic.name}') for ic in IssueClassification )) ])) ]) super()._test_cases_render(bom, of, sv) @ddt class TestEnumVulnerabilityScoreSource(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='scoreSourceType']"), dp_cases_from_json_schemas('definitions', 'scoreMethod'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(VulnerabilityScoreSource, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(vulnerabilities=[Vulnerability(bom_ref='dummy', id='dummy', ratings=( VulnerabilityRating(method=vss) for vss in VulnerabilityScoreSource ))]) super()._test_cases_render(bom, of, sv) @ddt class TestEnumVulnerabilitySeverity(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='severityType']"), dp_cases_from_json_schemas('definitions', 'severity'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(VulnerabilitySeverity, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(vulnerabilities=[Vulnerability(bom_ref='dummy', id='dummy', ratings=( VulnerabilityRating(severity=vs) for vs in VulnerabilitySeverity ))]) super()._test_cases_render(bom, of, sv) @ddt class TestEnumLifecyclePhase(_EnumTestCase): @idata(set(chain( dp_cases_from_xml_schemas(f"./{SCHEMA_NS}simpleType[@name='lifecyclePhaseType']"), dp_cases_from_json_schemas('definitions', 'metadata', 'properties', 'lifecycles', 'items', 'phase'), ))) def test_knows_value(self, value: str) -> None: super()._test_knows_value(LifecyclePhase, value) @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(metadata=BomMetaData( lifecycles=[PredefinedLifecycle(phase=phase) for phase in LifecyclePhase] )) super()._test_cases_render(bom, of, sv) cyclonedx-python-lib-9.1.0/tests/test_factory_license.py000066400000000000000000000130671476011761300235350ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import unittest import unittest.mock from cyclonedx.exception.factory import InvalidLicenseExpressionException, InvalidSpdxLicenseException from cyclonedx.factory.license import LicenseFactory from cyclonedx.model import AttachedText, XsUri from cyclonedx.model.license import DisjunctiveLicense, LicenseAcknowledgement, LicenseExpression class TestFactoryLicense(unittest.TestCase): def test_make_from_string_with_id(self) -> None: text = unittest.mock.NonCallableMock(spec=AttachedText) url = unittest.mock.NonCallableMock(spec=XsUri) acknowledgement = unittest.mock.NonCallableMock(spec=LicenseAcknowledgement) expected = DisjunctiveLicense(id='bar', text=text, url=url, acknowledgement=acknowledgement) with unittest.mock.patch('cyclonedx.factory.license.spdx_fixup', return_value='bar'), \ unittest.mock.patch('cyclonedx.factory.license.is_spdx_expression', return_value=True): actual = LicenseFactory().make_from_string('foo', license_text=text, license_url=url, license_acknowledgement=acknowledgement) self.assertEqual(expected, actual) def test_make_from_string_with_name(self) -> None: text = unittest.mock.NonCallableMock(spec=AttachedText) url = unittest.mock.NonCallableMock(spec=XsUri) acknowledgement = unittest.mock.NonCallableMock(spec=LicenseAcknowledgement) expected = DisjunctiveLicense(name='foo', text=text, url=url, acknowledgement=acknowledgement) with unittest.mock.patch('cyclonedx.factory.license.spdx_fixup', return_value=None), \ unittest.mock.patch('cyclonedx.factory.license.is_spdx_expression', return_value=False): actual = LicenseFactory().make_from_string('foo', license_text=text, license_url=url, license_acknowledgement=acknowledgement) self.assertEqual(expected, actual) def test_make_from_string_with_expression(self) -> None: acknowledgement = unittest.mock.NonCallableMock(spec=LicenseAcknowledgement) expected = LicenseExpression('foo', acknowledgement=acknowledgement) with unittest.mock.patch('cyclonedx.factory.license.spdx_fixup', return_value=None), \ unittest.mock.patch('cyclonedx.factory.license.is_spdx_expression', return_value=True): actual = LicenseFactory().make_from_string('foo', license_acknowledgement=acknowledgement) self.assertEqual(expected, actual) def test_make_with_id(self) -> None: text = unittest.mock.NonCallableMock(spec=AttachedText) url = unittest.mock.NonCallableMock(spec=XsUri) acknowledgement = unittest.mock.NonCallableMock(spec=LicenseAcknowledgement) expected = DisjunctiveLicense(id='bar', text=text, url=url, acknowledgement=acknowledgement) with unittest.mock.patch('cyclonedx.factory.license.spdx_fixup', return_value='bar'): actual = LicenseFactory().make_with_id(spdx_id='foo', text=text, url=url, acknowledgement=acknowledgement) self.assertEqual(expected, actual) def test_make_with_id_raises(self) -> None: with self.assertRaises(InvalidSpdxLicenseException, msg='foo'): with unittest.mock.patch('cyclonedx.factory.license.spdx_fixup', return_value=None): LicenseFactory().make_with_id(spdx_id='foo') def test_make_with_name(self) -> None: text = unittest.mock.NonCallableMock(spec=AttachedText) url = unittest.mock.NonCallableMock(spec=XsUri) acknowledgement = unittest.mock.NonCallableMock(spec=LicenseAcknowledgement) expected = DisjunctiveLicense(name='foo', text=text, url=url, acknowledgement=acknowledgement) actual = LicenseFactory().make_with_name(name='foo', text=text, url=url, acknowledgement=acknowledgement) self.assertEqual(expected, actual) def test_make_with_expression(self) -> None: acknowledgement = unittest.mock.NonCallableMock(spec=LicenseAcknowledgement) expected = LicenseExpression('foo', acknowledgement=acknowledgement) with unittest.mock.patch('cyclonedx.factory.license.is_spdx_expression', return_value=True): actual = LicenseFactory().make_with_expression(expression='foo', acknowledgement=acknowledgement) self.assertEqual(expected, actual) def test_make_with_expression_raises(self) -> None: with self.assertRaises(InvalidLicenseExpressionException, msg='foo'): with unittest.mock.patch('cyclonedx.factory.license.is_spdx_expression', return_value=False): LicenseFactory().make_with_expression('foo') cyclonedx-python-lib-9.1.0/tests/test_internal/000077500000000000000000000000001476011761300216175ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tests/test_internal/__init__.py000066400000000000000000000012611476011761300237300ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. cyclonedx-python-lib-9.1.0/tests/test_internal/test_bom_ref.py000066400000000000000000000037101476011761300246420ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from unittest import TestCase from cyclonedx._internal.bom_ref import bom_ref_from_str from cyclonedx.model.bom_ref import BomRef class TestInternalBomRefFromStr(TestCase): def test_bomref_io(self) -> None: i = BomRef() o = bom_ref_from_str(i) self.assertIs(i, o) def test_none_optional_is_none(self) -> None: o = bom_ref_from_str(None, optional=True) self.assertIsNone(o) def test_none_mandatory_is_something(self) -> None: o = bom_ref_from_str(None, optional=False) self.assertIsInstance(o, BomRef) self.assertIsNone(o.value) def test_nothing_optional_is_none(self) -> None: o = bom_ref_from_str('', optional=True) self.assertIsNone(o) def test_nothing_mandatory_is_something(self) -> None: o = bom_ref_from_str('', optional=False) self.assertIsInstance(o, BomRef) self.assertIsNone(o.value) def test_something_optional(self) -> None: o = bom_ref_from_str('foobar', optional=True) self.assertIsInstance(o, BomRef) self.assertEqual('foobar', o.value) def test_something_mandatory(self) -> None: o = bom_ref_from_str('foobar', optional=False) self.assertIsInstance(o, BomRef) self.assertEqual('foobar', o.value) cyclonedx-python-lib-9.1.0/tests/test_model.py000066400000000000000000000564631476011761300214730ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import base64 import datetime from enum import Enum from unittest import TestCase from uuid import UUID from ddt import ddt, named_data from cyclonedx._internal.compare import ComparableTuple from cyclonedx.exception.model import InvalidLocaleTypeException, InvalidUriException, UnknownHashTypeException from cyclonedx.model import ( Copyright, Encoding, ExternalReference, ExternalReferenceType, HashAlgorithm, HashType, IdentifiableAction, Note, NoteText, Property, XsUri, ) from cyclonedx.model.bom_ref import BomRef from cyclonedx.model.contact import OrganizationalContact from cyclonedx.model.issue import IssueClassification, IssueType, IssueTypeSource from tests import reorder class DummyStringEnum(str, Enum): FIRST = 'first' SECOND = 'second' THIRD = 'third' FOURTH = 'fourth' class TestStringEnum(TestCase): def test_sort(self) -> None: enums = [ DummyStringEnum.FIRST, DummyStringEnum.SECOND, DummyStringEnum.THIRD, DummyStringEnum.FOURTH, ] sorted_enums = sorted(enums) expected_enums = [ DummyStringEnum.FIRST, DummyStringEnum.FOURTH, DummyStringEnum.SECOND, DummyStringEnum.THIRD, ] self.assertListEqual(sorted_enums, expected_enums) class TestComparableTuple(TestCase): def test_equal_self(self) -> None: tuple1 = ComparableTuple((1, 2, 3, 4, 5)) self.assertEqual(tuple1, tuple1) def test_equal(self) -> None: tuple1 = ComparableTuple((1, 2, 3, 4, 5)) tuple2 = ComparableTuple((1, 2, 3, 4, 5)) self.assertEqual(tuple1, tuple2) self.assertEqual(tuple2, tuple1) def test_equal_none(self) -> None: tuple1 = ComparableTuple((1, 2, None, 4, 5)) tuple2 = ComparableTuple((1, 2, None, 4, 5)) self.assertEqual(tuple1, tuple2) self.assertEqual(tuple2, tuple1) def test_compare_first_item(self) -> None: tuple1 = ComparableTuple((1, 2, 3, 4, 5)) tuple2 = ComparableTuple((2, 2, 3, 4, 5)) self.assertLess(tuple1, tuple2) self.assertGreater(tuple2, tuple1) self.assertNotEqual(tuple1, tuple2) self.assertNotEqual(tuple2, tuple1) def test_compare_mixed(self) -> None: tuple1 = ComparableTuple((1, 2, 1)) tuple2 = ComparableTuple((2, 1, 2)) self.assertLess(tuple1, tuple2) self.assertGreater(tuple2, tuple1) self.assertNotEqual(tuple1, tuple2) self.assertNotEqual(tuple2, tuple1) def test_compare_first_item_none(self) -> None: tuple1 = ComparableTuple((1, 2, 3, 4, 5)) tuple2 = ComparableTuple((None, 2, 3, 4, 5)) self.assertLess(tuple1, tuple2) self.assertGreater(tuple2, tuple1) self.assertNotEqual(tuple1, tuple2) self.assertNotEqual(tuple2, tuple1) def test_compare_last_item(self) -> None: tuple1 = ComparableTuple((1, 2, 3, 4, 5)) tuple2 = ComparableTuple((1, 2, 3, 4, 10)) self.assertLess(tuple1, tuple2) self.assertGreater(tuple2, tuple1) self.assertNotEqual(tuple1, tuple2) self.assertNotEqual(tuple2, tuple1) def test_compare_last_item_none(self) -> None: tuple1 = ComparableTuple((1, 2, 3, 4, 5)) tuple2 = ComparableTuple((1, 2, 3, 4, None)) self.assertLess(tuple1, tuple2) self.assertGreater(tuple2, tuple1) self.assertNotEqual(tuple1, tuple2) self.assertNotEqual(tuple2, tuple1) def test_compare_last_item_missing(self) -> None: tuple1 = ComparableTuple((1, 2, 3, 4, 5)) tuple2 = ComparableTuple((1, 2, 3, 4)) self.assertLess(tuple1, tuple2) self.assertGreater(tuple2, tuple1) self.assertNotEqual(tuple1, tuple2) self.assertNotEqual(tuple2, tuple1) def test_compare_enum(self) -> None: tuple1 = ComparableTuple((DummyStringEnum.FIRST,)) tuple2 = ComparableTuple((DummyStringEnum.SECOND,)) self.assertLess(tuple1, tuple2) self.assertGreater(tuple2, tuple1) self.assertNotEqual(tuple1, tuple2) self.assertNotEqual(tuple2, tuple1) def test_compare_enum_then_none(self) -> None: tuple1 = ComparableTuple((DummyStringEnum.FIRST, None)) tuple2 = ComparableTuple((DummyStringEnum.SECOND, 'a')) self.assertLess(tuple1, tuple2) self.assertGreater(tuple2, tuple1) self.assertNotEqual(tuple1, tuple2) self.assertNotEqual(tuple2, tuple1) class TestModelCopyright(TestCase): def test_same(self) -> None: copy_1 = Copyright(text='Copyright (c) OWASP Foundation. All Rights Reserved.') copy_2 = Copyright(text='Copyright (c) OWASP Foundation. All Rights Reserved.') self.assertEqual(hash(copy_1), hash(copy_2)) self.assertTrue(copy_1 == copy_2) def test_not_same(self) -> None: copy_1 = Copyright(text='Copyright (c) OWASP Foundation. All Rights Reserved.') copy_2 = Copyright(text='Copyright (c) OWASP Foundation.') self.assertNotEqual(hash(copy_1), hash(copy_2)) self.assertFalse(copy_1 == copy_2) def test_sort(self) -> None: # expected sort order: (text) expected_order = [0, 1, 2, 4, 3] copyrights = [ Copyright(text='a'), Copyright(text='b'), Copyright(text='c'), Copyright(text='f'), Copyright(text='d'), ] sorted_copyrights = sorted(copyrights) expected_copyrights = reorder(copyrights, expected_order) self.assertListEqual(sorted_copyrights, expected_copyrights) class TestModelExternalReference(TestCase): def test_external_reference_with_xsuri(self) -> None: e = ExternalReference(type=ExternalReferenceType.VCS, url=XsUri('https://www.google.com')) self.assertEqual(e.type, ExternalReferenceType.VCS) self.assertEqual(e.url, XsUri('https://www.google.com')) self.assertIsNone(e.comment) self.assertSetEqual(e.hashes, set()) def test_same(self) -> None: ref_1 = ExternalReference( type=ExternalReferenceType.OTHER, url=XsUri('https://cyclonedx.org'), comment='No comment' ) ref_2 = ExternalReference( type=ExternalReferenceType.OTHER, url=XsUri('https://cyclonedx.org'), comment='No comment' ) self.assertNotEqual(id(ref_1), id(ref_2)) self.assertEqual(hash(ref_1), hash(ref_2)) self.assertTrue(ref_1 == ref_2) def test_not_same(self) -> None: ref_1 = ExternalReference( type=ExternalReferenceType.OTHER, url=XsUri('https://cyclonedx.org'), comment='No comment' ) ref_2 = ExternalReference( type=ExternalReferenceType.OTHER, url=XsUri('https://cyclonedx.org/'), comment='No comment' ) self.assertNotEqual(id(ref_1), id(ref_2)) self.assertNotEqual(hash(ref_1), hash(ref_2)) self.assertFalse(ref_1 == ref_2) def test_sort(self) -> None: # expected sort order: (type, url, [comment]) expected_order = [5, 4, 0, 1, 3, 2] refs = [ ExternalReference(type=ExternalReferenceType.OTHER, url=XsUri('a'), comment='a'), ExternalReference(type=ExternalReferenceType.OTHER, url=XsUri('a'), comment='b'), ExternalReference(type=ExternalReferenceType.OTHER, url=XsUri('b')), ExternalReference(type=ExternalReferenceType.OTHER, url=XsUri('b'), comment='a'), ExternalReference(type=ExternalReferenceType.LICENSE, url=XsUri('b'), comment='a'), ExternalReference(type=ExternalReferenceType.BUILD_SYSTEM, url=XsUri('b'), comment='a'), ] sorted_refs = sorted(refs) expected_refs = reorder(refs, expected_order) self.assertListEqual(sorted_refs, expected_refs) @ddt class TestModelHashType(TestCase): @named_data( ('sha256', 'sha256', '806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b', HashAlgorithm.SHA_256), ('MD5', 'MD5', 'dc26cd71b80d6757139f38156a43c545', HashAlgorithm.MD5), ) def test_hash_type_from_hashlib_alg(self, alg: str, content: str, e_alg: HashAlgorithm) -> None: h = HashType.from_hashlib_alg(alg, content) self.assertIs(h.alg, e_alg) self.assertEqual(h.content, content) def test_hash_type_from_hashlib_alg_throws_on_unknown(self) -> None: with self.assertRaises(UnknownHashTypeException): HashType.from_hashlib_alg('unknown', 'dc26cd71b80d6757139f38156a43c545') @named_data( ('sha256', 'sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b', HashAlgorithm.SHA_256, '806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b'), ('MD5', 'MD5:dc26cd71b80d6757139f38156a43c545', HashAlgorithm.MD5, 'dc26cd71b80d6757139f38156a43c545'), ('sha3-256', 'sha3-256:f43909a5e6420ee26b710718f296c7be85ba393e6b218107811067f49ea80101', HashAlgorithm.SHA3_256, 'f43909a5e6420ee26b710718f296c7be85ba393e6b218107811067f49ea80101'), ('sha1', 'sha1:b82b9f695a3ae28053cb3776d2132ab625798055', HashAlgorithm.SHA_1, 'b82b9f695a3ae28053cb3776d2132ab625798055'), # Name format as used by 'openssl dgst and the Blake2 RFC' ('blake2b512', 'blake2b512:6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4' 'f76daaaa69a96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f', HashAlgorithm.BLAKE2B_512, '6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4f76daaaa69a' '96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f'), ('blake2512', 'blake2512:6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4' 'f76daaaa69a96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f', HashAlgorithm.BLAKE2B_512, '6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4f76daaaa69a' '96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f'), ) def test_hash_type_from_composite_str(self, composite: str, e_alg: HashAlgorithm, e_content: str) -> None: h = HashType.from_composite_str(composite) self.assertIs(h.alg, e_alg) self.assertEqual(h.content, e_content) def test_hash_type_from_composite_str_throws_on_unknown(self) -> None: with self.assertRaises(UnknownHashTypeException): HashType.from_composite_str('unknown:dc26cd71b80d6757139f38156a43c545') def test_sort(self) -> None: # expected sort order: (alg, content) expected_order = [5, 3, 4, 1, 2, 0] hashes = [ HashType(alg=HashAlgorithm.SHA_256, content='c'), HashType(alg=HashAlgorithm.SHA_256, content='a'), HashType(alg=HashAlgorithm.SHA_256, content='b'), HashType(alg=HashAlgorithm.SHA_1, content='a'), HashType(alg=HashAlgorithm.SHA_1, content='b'), HashType(alg=HashAlgorithm.MD5, content='a'), ] sorted_hashes = sorted(hashes) expected_hashes = reorder(hashes, expected_order) self.assertListEqual(sorted_hashes, expected_hashes) class TestModelIdentifiableAction(TestCase): def test_no_params(self) -> None: IdentifiableAction() # Does not raise `NoPropertiesProvidedException` def test_same(self) -> None: ts = datetime.datetime.utcnow() ia_1 = IdentifiableAction(timestamp=ts, name='A Name', email='something@somewhere.tld') ia_2 = IdentifiableAction(timestamp=ts, name='A Name', email='something@somewhere.tld') self.assertEqual(hash(ia_1), hash(ia_2)) self.assertTrue(ia_1 == ia_2) def test_not_same(self) -> None: now = datetime.datetime.utcnow() not_now = now + datetime.timedelta(seconds=1) ia_1 = IdentifiableAction(timestamp=now, name='A Name', email='something@somewhere.tld') ia_2 = IdentifiableAction(timestamp=not_now, name='A Name', email='something@somewhere.tld') self.assertNotEqual(hash(ia_1), hash(ia_2)) self.assertFalse(ia_1 == ia_2) def test_sort(self) -> None: now = datetime.datetime.utcnow() now_plus_one = now + datetime.timedelta(seconds=1) # expected sort order: ([timestamp], [name], [email]) expected_order = [2, 3, 5, 4, 6, 0, 1] actions = [ IdentifiableAction(timestamp=now_plus_one, name='a', email='a'), IdentifiableAction(timestamp=now_plus_one, name='a', email='b'), IdentifiableAction(timestamp=now, name='a', email='a'), IdentifiableAction(timestamp=now, name='a', email='b'), IdentifiableAction(timestamp=now, name='b', email='a'), IdentifiableAction(timestamp=now, name='a'), IdentifiableAction(timestamp=now), ] sorted_notes = sorted(actions) expected_notes = reorder(actions, expected_order) self.assertListEqual(sorted_notes, expected_notes) class TestModelIssueType(TestCase): def test_issue_type(self) -> None: it = IssueType( type=IssueClassification.SECURITY, id='CVE-2021-44228', name='Apache Log3Shell', description='Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in ' 'configuration, log messages, and parameters do not protect against attacker controlled LDAP ' 'and other JNDI related endpoints. An attacker who can control log messages or log message ' 'parameters can execute arbitrary code loaded from LDAP servers when message lookup ' 'substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From ' 'version 2.16.0, this functionality has been completely removed. Note that this vulnerability ' 'is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging ' 'Services projects.', source=IssueTypeSource(name='NVD', url=XsUri('https://nvd.nist.gov/vuln/detail/CVE-2021-44228')), references=[ XsUri('https://logging.apache.org/log4j/2.x/security.html'), XsUri('https://central.sonatype.org/news/20211213_log4shell_help') ] ) self.assertEqual(it.type, IssueClassification.SECURITY) self.assertEqual(it.id, 'CVE-2021-44228') self.assertEqual(it.name, 'Apache Log3Shell') self.assertEqual( it.description, 'Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in ' 'configuration, log messages, and parameters do not protect against attacker controlled LDAP ' 'and other JNDI related endpoints. An attacker who can control log messages or log message ' 'parameters can execute arbitrary code loaded from LDAP servers when message lookup ' 'substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From ' 'version 2.16.0, this functionality has been completely removed. Note that this vulnerability ' 'is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging ' 'Services projects.' ) self.assertEqual(it.source.name, 'NVD') self.assertEqual(it.source.url, XsUri('https://nvd.nist.gov/vuln/detail/CVE-2021-44228')) self.assertSetEqual(it.references, { XsUri('https://logging.apache.org/log4j/2.x/security.html'), XsUri('https://central.sonatype.org/news/20211213_log4shell_help') }) class TestModelNote(TestCase): def test_note_plain_text(self) -> None: n = Note(text=NoteText(content='Some simple plain text')) self.assertEqual(n.text.content, 'Some simple plain text') self.assertEqual(n.text.content_type, NoteText.DEFAULT_CONTENT_TYPE) self.assertIsNone(n.locale) self.assertIsNone(n.text.encoding) def test_note_invalid_locale(self) -> None: with self.assertRaises(InvalidLocaleTypeException): Note(text=NoteText(content='Some simple plain text'), locale='invalid-locale') def test_note_encoded_text_with_locale(self) -> None: text_content: str = base64.b64encode( bytes('Some simple plain text', encoding='UTF-8') ).decode(encoding='UTF-8') n = Note( text=NoteText( content=text_content, content_type='text/plain; charset=UTF-8', encoding=Encoding.BASE_64 ), locale='en-GB' ) self.assertEqual(n.text.content, text_content) self.assertEqual(n.text.content_type, 'text/plain; charset=UTF-8') self.assertEqual(n.locale, 'en-GB') self.assertEqual(n.text.encoding, Encoding.BASE_64) def test_sort(self) -> None: # expected sort order: ([locale], text) expected_order = [1, 2, 0, 3, 5, 4] notes = [ Note(text=NoteText(content='c'), locale='en-GB'), Note(text=NoteText(content='a'), locale='en-GB'), Note(text=NoteText(content='b'), locale='en-GB'), Note(text=NoteText(content='d'), locale='en-GB'), Note(text=NoteText(content='a')), Note(text=NoteText(content='a'), locale='en-US'), ] sorted_notes = sorted(notes) expected_notes = reorder(notes, expected_order) self.assertListEqual(sorted_notes, expected_notes) class TestModelNoteText(TestCase): def test_sort(self) -> None: # expected sort order: (content, [content_type], [encoding]) expected_order = [1, 7, 4, 5, 6, 2, 0, 3] notes = [ NoteText(content='c'), NoteText(content='a'), NoteText(content='b'), NoteText(content='d'), NoteText(content='b', content_type='a'), NoteText(content='b', content_type='b'), NoteText(content='b', content_type='c'), NoteText(content='b', content_type='a', encoding=Encoding.BASE_64), ] sorted_notes = sorted(notes) expected_notes = reorder(notes, expected_order) self.assertListEqual(sorted_notes, expected_notes) class TestModelOrganizationalContact(TestCase): def test_sort(self) -> None: # expected sort order: ([name], [email], [phone]) expected_order = [0, 3, 2, 1, 5, 4] contacts = [ OrganizationalContact(name='a', email='a', phone='a'), OrganizationalContact(name='b', email='a', phone='a'), OrganizationalContact(name='a', email='b', phone='a'), OrganizationalContact(name='a', email='a', phone='b'), OrganizationalContact(phone='a'), OrganizationalContact(email='a'), ] sorted_contacts = sorted(contacts) expected_contacts = reorder(contacts, expected_order) self.assertListEqual(sorted_contacts, expected_contacts) class TestModelXsUri(TestCase): # URI samples taken from http://www.datypic.com/sc/xsd/t-xsd_anyURI.html def test_valid_url(self) -> None: self.assertIsInstance( XsUri(uri='https://www.google.com'), XsUri ) def test_valid_mailto(self) -> None: self.assertIsInstance( XsUri(uri='mailto:test@testing.tld'), XsUri ) def test_valid_relative_url_escaped_ascii(self) -> None: self.assertIsInstance( XsUri(uri='../%C3%A9dition.html'), XsUri ) def test_valid_relative_url_unescaped_ascii(self) -> None: self.assertIsInstance( XsUri(uri='../édition.html'), XsUri ) def test_valid_url_with_fragment(self) -> None: self.assertIsInstance( XsUri(uri='http://datypic.com/prod.html#shirt'), XsUri ) def test_valid_relative_url_with_fragment(self) -> None: self.assertIsInstance( XsUri(uri='../prod.html#shirt'), XsUri ) def test_valid_urn(self) -> None: self.assertIsInstance( XsUri(uri='urn:example:org'), XsUri ) def test_valid_empty(self) -> None: self.assertIsInstance( XsUri(uri=''), XsUri ) def test_invalid_url_multiple_fragments(self) -> None: with self.assertRaises(InvalidUriException): XsUri(uri='http://datypic.com#frag1#frag2') def test_invalid_url_bad_escaped_character(self) -> None: with self.assertRaises(InvalidUriException): XsUri(uri='http://datypic.com#f% rag') def test_note_with_no_locale(self) -> None: self.assertIsInstance( Note(text=NoteText(content='Something')), Note ) def test_note_with_valid_locale(self) -> None: self.assertIsInstance( Note(text=NoteText(content='Something'), locale='en-GB'), Note ) def test_note_with_invalid_locale(self) -> None: with self.assertRaises(InvalidLocaleTypeException): Note(text=NoteText(content='Something'), locale='rubbish') def test_sort(self) -> None: # expected sort order: (uri) expected_order = [2, 1, 3, 0] uris = [ XsUri(uri='d'), XsUri(uri='b'), XsUri(uri='a'), XsUri(uri='c'), ] sorted_uris = sorted(uris) expected_uris = reorder(uris, expected_order) self.assertListEqual(sorted_uris, expected_uris) def test_make_bom_link_without_bom_ref(self) -> None: bom_link = XsUri.make_bom_link(UUID('e5a93409-fd7c-4ffa-bf7f-6dc1630b1b9d'), 2) self.assertEqual(bom_link.uri, 'urn:cdx:e5a93409-fd7c-4ffa-bf7f-6dc1630b1b9d/2') def test_make_bom_link_with_bom_ref(self) -> None: bom_link = XsUri.make_bom_link(UUID('e5a93409-fd7c-4ffa-bf7f-6dc1630b1b9d'), 2, BomRef('componentA#sub-componentB%2')) self.assertEqual(bom_link.uri, 'urn:cdx:e5a93409-fd7c-4ffa-bf7f-6dc1630b1b9d/2#componentA%23sub-componentB%252') def test_is_bom_link(self) -> None: self.assertTrue(XsUri('urn:cdx:e5a93409-fd7c-4ffa-bf7f-6dc1630b1b9d/2').is_bom_link()) self.assertFalse(XsUri('http://example.com/resource').is_bom_link()) class TestModelProperty(TestCase): def test_sort(self) -> None: # expected sort order: (name, value) expected_order = [0, 5, 2, 3, 4, 1] props = [ Property(name='a', value='a'), Property(name='b', value='b'), Property(name='a', value='c'), Property(name='a', value='d'), Property(name='b', value='a'), Property(name='a', value='b'), ] sorted_props = sorted(props) expected_props = reorder(props, expected_order) self.assertListEqual(sorted_props, expected_props) cyclonedx-python-lib-9.1.0/tests/test_model_bom.py000066400000000000000000000342271476011761300223220ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import warnings from typing import Callable, Tuple from unittest import TestCase from uuid import uuid4 from ddt import ddt, named_data from cyclonedx.exception.model import LicenseExpressionAlongWithOthersException from cyclonedx.model import Property from cyclonedx.model.bom import Bom, BomMetaData from cyclonedx.model.bom_ref import BomRef from cyclonedx.model.component import Component, ComponentType from cyclonedx.model.contact import OrganizationalContact, OrganizationalEntity from cyclonedx.model.license import DisjunctiveLicense from cyclonedx.model.lifecycle import LifecyclePhase, NamedLifecycle, PredefinedLifecycle from cyclonedx.model.tool import Tool from cyclonedx.output.json import JsonV1Dot6 from tests._data.models import ( get_bom_component_licenses_invalid, get_bom_component_nested_licenses_invalid, get_bom_for_issue_275_components, get_bom_metadata_component_licenses_invalid, get_bom_metadata_component_nested_licenses_invalid, get_bom_metadata_licenses_invalid, get_bom_service_licenses_invalid, get_bom_with_component_setuptools_with_vulnerability, get_component_setuptools_simple, get_component_setuptools_simple_no_version, ) class TestBomMetaData(TestCase): def test_empty_bom_metadata(self) -> None: metadata = BomMetaData() self.assertIsNotNone(metadata.timestamp) self.assertEqual(0, len(metadata.authors)) self.assertIsNone(metadata.component) self.assertIsNone(metadata.manufacture) self.assertIsNone(metadata.supplier) self.assertEqual(0, len(metadata.licenses)) self.assertEqual(0, len(metadata.lifecycles)) self.assertEqual(0, len(metadata.properties)) self.assertEqual(0, len(metadata.tools)) def test_basic_bom_metadata(self) -> None: tools = [ Tool(name='tool_1'), Tool(name='tool_2'), ] authors = [ OrganizationalContact(name='contact_1'), OrganizationalContact(name='contact_2'), ] component = Component(name='test_component') manufacturer = OrganizationalEntity(name='test_manufacturer') supplier = OrganizationalEntity(name='test_supplier') licenses = [ DisjunctiveLicense(id='MIT'), DisjunctiveLicense(id='Apache-2.0'), ] lifecycles = [ PredefinedLifecycle(phase=LifecyclePhase.BUILD), NamedLifecycle(name='named_lifecycle', description='test'), ] properties = [ Property(name='property_1', value='value_1'), Property(name='property_2', value='value_2', ) ] metadata = BomMetaData(tools=tools, authors=authors, component=component, lifecycles=lifecycles, manufacture=manufacturer, supplier=supplier, licenses=licenses, properties=properties) self.assertIsNotNone(metadata.timestamp) self.assertIsNotNone(metadata.authors) self.assertTrue(authors[0] in metadata.authors) self.assertTrue(authors[1] in metadata.authors) self.assertEqual(metadata.component, component) self.assertEqual(metadata.manufacture, manufacturer) self.assertEqual(metadata.supplier, supplier) self.assertIsNotNone(metadata.licenses) self.assertTrue(licenses[0] in metadata.licenses) self.assertTrue(licenses[1] in metadata.licenses) self.assertIsNotNone(metadata.lifecycles) self.assertTrue(lifecycles[0] in metadata.lifecycles) self.assertTrue(lifecycles[1] in metadata.lifecycles) self.assertIsNotNone(metadata.properties) self.assertTrue(properties[0] in metadata.properties) self.assertTrue(properties[1] in metadata.properties) self.assertIsNotNone(metadata.tools) self.assertEqual(2, len(metadata.tools.tools)) self.assertTrue(tools[0] in metadata.tools.tools) self.assertTrue(tools[1] in metadata.tools.tools) @ddt class TestBom(TestCase): def test_bom_metadata_tool_multiple_tools(self) -> None: bom = Bom() self.assertEqual(len(bom.metadata.tools), 0) bom.metadata.tools.tools.add( Tool(vendor='TestVendor', name='TestTool', version='0.0.0') ) bom.metadata.tools.tools.add( Tool(vendor='TestVendor', name='TestTool-2', version='1.33.7') ) self.assertEqual(len(bom.metadata.tools), 2) def test_metadata_component(self) -> None: metadata = Bom().metadata self.assertTrue(metadata.component is None) hextech = Component(name='Hextech', version='1.0.0', type=ComponentType.LIBRARY) metadata.component = hextech self.assertFalse(metadata.component is None) self.assertEqual(metadata.component, hextech) def test_empty_bom(self) -> None: bom = Bom() self.assertEqual(bom.version, 1) self.assertIsNotNone(bom.serial_number) self.assertIsNotNone(bom.metadata) self.assertFalse(bom.components) self.assertFalse(bom.services) self.assertFalse(bom.external_references) def test_root_component_only_bom(self) -> None: with warnings.catch_warnings(record=True) as w: warnings.simplefilter('always') bom = Bom(metadata=BomMetaData(component=Component(name='test', version='1.2'))) _ = JsonV1Dot6(bom).output_as_string() self.assertEqual(len(w), 0) def test_warning_missing_dependency(self) -> None: with self.assertWarns(expected_warning=UserWarning) as w: bom = Bom(metadata=BomMetaData(component=Component(name='root_component', version='1.2'))) bom.components.add(Component(name='test2', version='4.2')) _ = JsonV1Dot6(bom).output_as_string() self.assertEqual(len(w.warnings), 1) self.assertIn('has no defined dependencies ', str(w.warnings[0])) def test_empty_bom_defined_serial(self) -> None: serial_number = uuid4() bom = Bom(serial_number=serial_number) self.assertEqual(bom.serial_number, serial_number) self.assertEqual(bom.get_urn_uuid(), serial_number.urn) self.assertEqual(bom.version, 1) self.assertEqual(bom.urn(), f'urn:cdx:{serial_number}/1') def test_empty_bom_defined_serial_and_version(self) -> None: serial_number = uuid4() bom = Bom(serial_number=serial_number, version=2) self.assertEqual(bom.serial_number, serial_number) self.assertEqual(bom.get_urn_uuid(), serial_number.urn) self.assertEqual(bom.version, 2) self.assertEqual(bom.urn(), f'urn:cdx:{serial_number}/2') def test_bom_with_vulnerabilities(self) -> None: bom = get_bom_with_component_setuptools_with_vulnerability() self.assertTrue(bom.has_vulnerabilities()) def test_bom_get_vulnerabilities_by_bom_ref(self) -> None: bom = get_bom_with_component_setuptools_with_vulnerability() vulns = bom.get_vulnerabilities_for_bom_ref(bom_ref=BomRef(value='pkg:pypi/setuptools@50.3.2?extension=tar.gz')) self.assertEqual(len(vulns), 1) def test_bom_get_vulnerabilities_by_bom_ref_negative(self) -> None: bom = get_bom_with_component_setuptools_with_vulnerability() vulns = bom.get_vulnerabilities_for_bom_ref(bom_ref=BomRef(value='pkg:pypi/setuptools@50.3.1?extension=tar.gz')) self.assertEqual(len(vulns), 0) def test_bom_nested_components_issue_275(self) -> None: """regression test for issue #275 see https://github.com/CycloneDX/cyclonedx-python-lib/issues/275 """ bom = get_bom_for_issue_275_components() self.assertIsInstance(bom.metadata.component, Component) self.assertEqual(2, len(bom.components)) bom.validate() @named_data( ['metadata_licenses', get_bom_metadata_licenses_invalid], ['metadata_component_licenses', get_bom_metadata_component_licenses_invalid], ['metadata_component_nested_licenses', get_bom_metadata_component_nested_licenses_invalid], ['component_licenses', get_bom_component_licenses_invalid], ['component_nested_licenses', get_bom_component_nested_licenses_invalid], ['service_licenses', get_bom_service_licenses_invalid], ) def test_validate_with_invalid_license_constellation_throws(self, get_bom: Callable[[], Bom]) -> None: bom = get_bom() with self.assertRaises(LicenseExpressionAlongWithOthersException): bom.validate() # def test_bom_nested_services_issue_275(self) -> None: # """regression test for issue #275 # see https://github.com/CycloneDX/cyclonedx-python-lib/issues/275 # """ # bom = get_bom_for_issue_275_services() # self.assertIsInstance(bom.metadata.component, Component) # self.assertEqual(2, len(bom.services)) # bom.validate() def test_has_component_1(self) -> None: bom = Bom() bom.components.update([get_component_setuptools_simple(), get_component_setuptools_simple_no_version()]) self.assertEqual(len(bom.components), 2) self.assertTrue(bom.has_component(component=get_component_setuptools_simple_no_version())) self.assertIsNot(get_component_setuptools_simple(), get_component_setuptools_simple_no_version()) def test_get_component_by_purl(self) -> None: bom = Bom() setuptools_simple = get_component_setuptools_simple() bom.components.add(setuptools_simple) result = bom.get_component_by_purl(get_component_setuptools_simple().purl) self.assertIs(result, setuptools_simple) self.assertIsNone(bom.get_component_by_purl(get_component_setuptools_simple_no_version().purl)) @named_data( ('none', tuple()), # a = anonymous - bom-ref auto-set # k = known - has bom-ref.value set # d = known duplicate - has bom-ref.value set same as another ('A(a), B(a)', ((Component(name='A'), tuple()), (Component(name='B'), tuple()))), ('A(k), B(k)', ((Component(name='A', bom_ref='A'), tuple()), (Component(name='B', bom_ref='B'), tuple()))), ('A(a) {A1(a)}, B(a) {B1(a)}', ((Component(name='A'), (Component(name='A1'),)), (Component(name='B'), (Component(name='B1'),)))), ('A(k) {A1(a)}', ((Component(name='A', bom_ref='A'), (Component(name='1'),)),)), ('A(a) {A1(a), A2(a)}', ((Component(name='A'), (Component(name='A1'), Component(name='A2'))),)), ('A(a) {A1(k)}', ((Component(name='A'), (Component(name='B', bom_ref='A1'),)),)), ('A(k) {A1(k)}', ((Component(name='A', bom_ref='A'), (Component(name='A1', bom_ref='A1'),)),)), ('A(d) {A1(d)}', ((Component(name='A', bom_ref='D'), (Component(name='B', bom_ref='D'),)),)), ('duplicate name(a)', ((Component(name='A'), tuple()), (Component(name='A'), tuple()),)), ('duplicate name(k)', ((Component(name='A', bom_ref='A1'), tuple()), (Component(name='A', bom_ref='A2'), tuple()))), ) def test_register_dependency(self, dependencies: Tuple[Tuple[Component, Tuple[Component, ...]], ...]) -> None: bom = Bom() for d1, d2 in dependencies: bom.components.update((d1,), d2) bom.register_dependency(d1, d2) bom_deps = tuple(bom.dependencies) for d1, d2 in dependencies: bom_dep = next((bd for bd in bom_deps if bd.ref is d1.bom_ref), None) self.assertIsNotNone(bom_dep, f'missing {d1.bom_ref!r} in {bom_deps!r}') self.assertEqual(len(d2), len(bom_dep.dependencies)) for dd in d2: self.assertIn(dd.bom_ref, bom_dep.dependencies_as_bom_refs()) def test_regression_issue_539(self) -> None: """regression test for issue #539 see https://github.com/CycloneDX/cyclonedx-python-lib/issues/539 """ # for showcasing purposes, bom-ref values MUST NOT be set bom = Bom() bom.metadata.component = root_component = Component( name='myApp', type=ComponentType.APPLICATION, ) component1 = Component( type=ComponentType.LIBRARY, name='some-component', ) component2 = Component( type=ComponentType.LIBRARY, name='some-library', ) component3 = Component( type=ComponentType.LIBRARY, name='another-library', ) bom.components.add(component1) bom.components.add(component2) bom.components.add(component3) bom.register_dependency(root_component, [component1]) bom.register_dependency(component1, [component2]) bom.register_dependency(root_component, [component3]) # region assert root_component d = next((d for d in bom.dependencies if d.ref is root_component.bom_ref), None) self.assertIsNotNone(d, f'missing {root_component.bom_ref!r} in {bom.dependencies!r}') self.assertEqual(2, len(d.dependencies)) self.assertIn(d.dependencies[0].ref, (component1.bom_ref, component3.bom_ref)) self.assertIn(d.dependencies[1].ref, (component1.bom_ref, component3.bom_ref)) # endregion assert root_component # region assert component1 d = next((d for d in bom.dependencies if d.ref is component1.bom_ref), None) self.assertIsNotNone(d, f'missing {component1.bom_ref!r} in {bom.dependencies!r}') self.assertEqual(1, len(d.dependencies)) self.assertIs(component2.bom_ref, d.dependencies[0].ref) # endregion assert component1 cyclonedx-python-lib-9.1.0/tests/test_model_bom_ref.py000066400000000000000000000053421476011761300231520ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from unittest import TestCase from ddt import ddt, named_data from cyclonedx.model.bom_ref import BomRef from tests import reorder _BomRefNoneValue = BomRef(None) @ddt class TestBomRef(TestCase): def test_sort(self) -> None: # expected sort order: (value) expected_order = [0, 1, 2, 4, 3] refs = [ BomRef('a'), BomRef('b'), BomRef('c'), BomRef('f'), BomRef('d'), ] sorted_refs = sorted(refs) expected_refs = reorder(refs, expected_order) self.assertListEqual(sorted_refs, expected_refs) @named_data( ('A-A', BomRef('A'), BomRef('A')), ('self-BomRefNoneValue', _BomRefNoneValue, _BomRefNoneValue), ) def test_equal(self, a: BomRef, b: BomRef) -> None: self.assertEqual(a, b) @named_data( ('other-BomRefNoneValue', BomRef(None), _BomRefNoneValue), ('None-None', BomRef(None), BomRef(None)), ('X-None', BomRef('X'), BomRef(None)), ('None-X', BomRef(None), BomRef('X')), ('A-B', BomRef('A'), BomRef('B')), ) def test_unequal(self, a: BomRef, b: BomRef) -> None: self.assertNotEqual(a, b) @named_data( ('A-A', BomRef('A'), BomRef('A')), ('self-BomRefNoneValue', _BomRefNoneValue, _BomRefNoneValue), ) def test_hashes_equal(self, a: BomRef, b: BomRef) -> None: self.assertEqual(hash(a), hash(b)) # internal usage of hash self.assertEqual(1, len({a, b})) # set self.assertEqual(1, len({a: 1, b: 2})) # dict @named_data( ('other-BomRefNoneValue', BomRef(None), _BomRefNoneValue), ('None-None', BomRef(), BomRef()), ('X-None', BomRef('X'), BomRef()), ('None-X', BomRef(), BomRef('X')), ('A-B', BomRef('A'), BomRef('B')), ) def test_hashes_differ(self, a: BomRef, b: BomRef) -> None: self.assertNotEqual(hash(a), hash(b)) # internal usage of hash self.assertEqual(2, len({a, b})) # set self.assertEqual(2, len({a: 1, b: 2})) # dict cyclonedx-python-lib-9.1.0/tests/test_model_component.py000066400000000000000000000446061476011761300235510ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import datetime from typing import List from unittest import TestCase from cyclonedx.model import ( AttachedText, Copyright, Encoding, ExternalReference, ExternalReferenceType, IdentifiableAction, Property, XsUri, ) from cyclonedx.model.component import ( Commit, Component, ComponentEvidence, ComponentType, Diff, Patch, PatchClassification, Pedigree, ) from cyclonedx.model.issue import IssueClassification, IssueType from tests import reorder from tests._data.models import ( get_component_setuptools_simple, get_component_setuptools_simple_no_version, get_component_toml_with_hashes_with_references, get_issue_1, get_issue_2, get_pedigree_1, get_swid_1, get_swid_2, ) class TestModelCommit(TestCase): def test_no_parameters(self) -> None: Commit() # Does not raise `NoPropertiesProvidedException` def test_same(self) -> None: ia_comitter = IdentifiableAction(timestamp=datetime.datetime.utcnow(), name='The Committer') c1 = Commit(uid='a-random-uid', author=ia_comitter, committer=ia_comitter, message='A commit message') c2 = Commit(uid='a-random-uid', author=ia_comitter, committer=ia_comitter, message='A commit message') self.assertEqual(hash(c1), hash(c2)) self.assertTrue(c1 == c2) def test_not_same(self) -> None: ia_author = IdentifiableAction(timestamp=datetime.datetime.utcnow(), name='The Author') ia_comitter = IdentifiableAction(timestamp=datetime.datetime.utcnow(), name='The Committer') c1 = Commit(uid='a-random-uid', author=ia_comitter, committer=ia_comitter, message='A commit message') c2 = Commit(uid='a-random-uid', author=ia_author, committer=ia_comitter, message='A commit message') self.assertNotEqual(hash(c1), hash(c2)) self.assertFalse(c1 == c2) def test_sort(self) -> None: url_a = XsUri('a') url_b = XsUri('b') action_a = IdentifiableAction(name='a') action_b = IdentifiableAction(name='b') # expected sort order: ([uid], [url], [author], [committer], [message]) expected_order = [0, 1, 6, 2, 7, 3, 8, 4, 9, 5, 10] commits = [ Commit(uid='a', url=url_a, author=action_a, committer=action_a, message='a'), Commit(uid='a', url=url_a, author=action_a, committer=action_a, message='b'), Commit(uid='a', url=url_a, author=action_a, committer=action_b, message='a'), Commit(uid='a', url=url_a, author=action_b, committer=action_a, message='a'), Commit(uid='a', url=url_b, author=action_a, committer=action_a, message='a'), Commit(uid='b', url=url_a, author=action_a, committer=action_a, message='a'), Commit(uid='a', url=url_a, author=action_a, committer=action_a), Commit(uid='a', url=url_a, author=action_a), Commit(uid='a', url=url_a), Commit(uid='a'), Commit(message='a'), ] sorted_commits = sorted(commits) expected_commits = reorder(commits, expected_order) self.assertListEqual(sorted_commits, expected_commits) class TestModelComponent(TestCase): def test_empty_basic_component(self) -> None: c = Component(name='test-component') self.assertEqual(c.name, 'test-component') self.assertEqual(c.type, ComponentType.LIBRARY) self.assertIsNone(c.mime_type) self.assertIsNone(c.bom_ref.value) self.assertIsNone(c.supplier) self.assertIsNone(c.author) self.assertIsNone(c.publisher) self.assertIsNone(c.group) self.assertIsNone(c.version) self.assertIsNone(c.description) self.assertIsNone(c.scope) self.assertSetEqual(c.hashes, set()) self.assertSetEqual(c.licenses, set()) self.assertIsNone(c.copyright) self.assertIsNone(c.purl) self.assertSetEqual(c.external_references, set()) self.assertFalse(c.properties) self.assertIsNone(c.release_notes) self.assertEqual(len(c.components), 0) self.assertEqual(len(c.get_all_nested_components(include_self=True)), 1) def test_multiple_basic_components(self) -> None: c1 = Component(name='test-component') self.assertEqual(c1.name, 'test-component') self.assertIsNone(c1.version) self.assertEqual(c1.type, ComponentType.LIBRARY) self.assertEqual(len(c1.external_references), 0) self.assertEqual(len(c1.hashes), 0) c2 = Component(name='test2-component') self.assertEqual(c2.name, 'test2-component') self.assertIsNone(c2.version) self.assertEqual(c2.type, ComponentType.LIBRARY) self.assertEqual(len(c2.external_references), 0) self.assertEqual(len(c2.hashes), 0) self.assertNotEqual(c1, c2) def test_external_references(self) -> None: c1 = Component(name='test-component') c1.external_references.add(ExternalReference( type=ExternalReferenceType.OTHER, url=XsUri('https://cyclonedx.org'), comment='No comment' )) self.assertEqual(c1.name, 'test-component') self.assertIsNone(c1.version) self.assertEqual(c1.type, ComponentType.LIBRARY) self.assertEqual(len(c1.external_references), 1) self.assertEqual(len(c1.hashes), 0) c2 = Component(name='test2-component') self.assertEqual(c2.name, 'test2-component') self.assertIsNone(c2.version) self.assertEqual(c2.type, ComponentType.LIBRARY) self.assertEqual(len(c2.external_references), 0) self.assertEqual(len(c2.hashes), 0) def test_empty_component_with_version(self) -> None: c = Component(name='test-component', version='1.2.3') self.assertEqual(c.name, 'test-component') self.assertEqual(c.version, '1.2.3') self.assertEqual(c.type, ComponentType.LIBRARY) self.assertEqual(len(c.external_references), 0) self.assertEqual(len(c.hashes), 0) def test_component_equal_1(self) -> None: c1 = Component(name='test-component') c1.external_references.add(ExternalReference( type=ExternalReferenceType.OTHER, url=XsUri('https://cyclonedx.org'), comment='No comment' )) c2 = Component(name='test-component') c2.external_references.add(ExternalReference( type=ExternalReferenceType.OTHER, url=XsUri('https://cyclonedx.org'), comment='No comment' )) self.assertEqual(c1, c2) def test_component_equal_2(self) -> None: props: List[Property] = ( Property(name='prop1', value='val1'), Property(name='prop2', value='val2'), ) c1 = Component( name='test-component', version='1.2.3', properties=props ) c2 = Component( name='test-component', version='1.2.3', properties=props ) self.assertEqual(c1, c2) def test_component_equal_3(self) -> None: c1 = Component( name='test-component', version='1.2.3', properties=[ Property(name='prop1', value='val1'), Property(name='prop2', value='val2') ] ) c2 = Component( name='test-component', version='1.2.3', properties=[ Property(name='prop3', value='val3'), Property(name='prop4', value='val4') ] ) self.assertNotEqual(c1, c2) def test_component_equal_4(self) -> None: c1 = Component( name='test-component', version='1.2.3', bom_ref='ref1' ) c2 = Component( name='test-component', version='1.2.3', bom_ref='ref2' ) self.assertNotEqual(c1, c2) def test_same_1(self) -> None: c1 = get_component_setuptools_simple() c2 = get_component_setuptools_simple() self.assertNotEqual(id(c1), id(c2)) self.assertEqual(hash(c1), hash(c2)) self.assertTrue(c1 == c2) def test_same_2(self) -> None: c1 = get_component_toml_with_hashes_with_references() c2 = get_component_toml_with_hashes_with_references() self.assertNotEqual(id(c1), id(c2)) self.assertEqual(hash(c1), hash(c2)) self.assertTrue(c1 == c2) def test_same_3(self) -> None: c1 = get_component_setuptools_simple_no_version() c2 = get_component_setuptools_simple_no_version() self.assertNotEqual(id(c1), id(c2)) self.assertEqual(hash(c1), hash(c2)) self.assertTrue(c1 == c2) def test_not_same_1(self) -> None: c1 = get_component_setuptools_simple() c2 = get_component_setuptools_simple_no_version() self.assertNotEqual(id(c1), id(c2)) self.assertNotEqual(hash(c1), hash(c2)) self.assertFalse(c1 == c2) def test_sort(self) -> None: # expected sort order: (type, [group], name, [version]) expected_order = [6, 4, 5, 3, 2, 1, 0] components = [ Component(name='component-c', type=ComponentType.LIBRARY), Component(name='component-a', type=ComponentType.LIBRARY), Component(name='component-b', type=ComponentType.LIBRARY, group='group-2'), Component(name='component-a', type=ComponentType.LIBRARY, group='group-2'), Component(name='component-a', type=ComponentType.FILE), Component(name='component-b', type=ComponentType.FILE), Component(name='component-a', type=ComponentType.FILE, version='1.0.0'), ] sorted_components = sorted(components) expected_components = reorder(components, expected_order) self.assertListEqual(sorted_components, expected_components) def test_nested_components_1(self) -> None: comp_b = Component(name='comp_b') comp_c = Component(name='comp_c') comp_b.components.add(comp_c) self.assertEqual(1, len(comp_b.components)) self.assertEqual(2, len(comp_b.get_all_nested_components(include_self=True))) self.assertEqual(1, len(comp_b.get_all_nested_components(include_self=False))) def test_nested_components_2(self) -> None: comp_a = Component(name='comp_a') comp_b = Component(name='comp_b') comp_c = Component(name='comp_c') comp_b.components.add(comp_c) comp_b.components.add(comp_a) self.assertEqual(2, len(comp_b.components)) self.assertEqual(3, len(comp_b.get_all_nested_components(include_self=True))) self.assertEqual(2, len(comp_b.get_all_nested_components(include_self=False))) class TestModelComponentEvidence(TestCase): def test_no_params(self) -> None: ComponentEvidence() # Does not raise `NoPropertiesProvidedException` def test_same_1(self) -> None: ce_1 = ComponentEvidence(copyright=[Copyright(text='Commercial')]) ce_2 = ComponentEvidence(copyright=[Copyright(text='Commercial')]) self.assertEqual(hash(ce_1), hash(ce_2)) self.assertTrue(ce_1 == ce_2) def test_same_2(self) -> None: ce_1 = ComponentEvidence(copyright=[Copyright(text='Commercial'), Copyright(text='Commercial 2')]) ce_2 = ComponentEvidence(copyright=[Copyright(text='Commercial 2'), Copyright(text='Commercial')]) self.assertEqual(hash(ce_1), hash(ce_2)) self.assertTrue(ce_1 == ce_2) def test_not_same_1(self) -> None: ce_1 = ComponentEvidence(copyright=[Copyright(text='Commercial')]) ce_2 = ComponentEvidence(copyright=[Copyright(text='Commercial 2')]) self.assertNotEqual(hash(ce_1), hash(ce_2)) self.assertFalse(ce_1 == ce_2) class TestModelDiff(TestCase): def test_no_params(self) -> None: Diff() # Does not raise `NoPropertiesProvidedException` def test_same(self) -> None: at = AttachedText(content='A very long diff') diff_1 = Diff(text=at, url=XsUri('https://cyclonedx.org')) diff_2 = Diff(text=at, url=XsUri('https://cyclonedx.org')) self.assertEqual(hash(diff_1), hash(diff_2)) self.assertTrue(diff_1 == diff_2) def test_not_same(self) -> None: at = AttachedText(content='A very long diff') diff_1 = Diff(text=at, url=XsUri('https://cyclonedx.org/')) diff_2 = Diff(text=at, url=XsUri('https://cyclonedx.org')) self.assertNotEqual(hash(diff_1), hash(diff_2)) self.assertFalse(diff_1 == diff_2) def test_sort(self) -> None: text_a = AttachedText(content='a') text_b = AttachedText(content='b') # expected sort order: ([url], [text]) expected_order = [1, 0, 5, 2, 3, 4] diffs = [ Diff(url=XsUri('a'), text=text_b), Diff(url=XsUri('a'), text=text_a), Diff(url=XsUri('b'), text=text_a), Diff(text=text_a), Diff(text=text_b), Diff(url=XsUri('a')), ] sorted_diffs = sorted(diffs) expected_diffs = reorder(diffs, expected_order) self.assertListEqual(sorted_diffs, expected_diffs) class TestModelAttachedText(TestCase): def test_sort(self) -> None: # expected sort order: (content_type, encoding, content) expected_order = [0, 2, 4, 1, 3] text = [ AttachedText(content='a', content_type='a', encoding=Encoding.BASE_64), AttachedText(content='a', content_type='b', encoding=Encoding.BASE_64), AttachedText(content='b', content_type='a', encoding=Encoding.BASE_64), AttachedText(content='b', content_type='b', encoding=Encoding.BASE_64), AttachedText(content='a', content_type='a'), ] sorted_text = sorted(text) expected_text = reorder(text, expected_order) self.assertListEqual(sorted_text, expected_text) class TestModelPatch(TestCase): def test_same_1(self) -> None: p1 = Patch( type=PatchClassification.BACKPORT, diff=Diff(url=XsUri('https://cyclonedx.org')), resolves=[get_issue_1(), get_issue_2()] ) p2 = Patch( type=PatchClassification.BACKPORT, diff=Diff(url=XsUri('https://cyclonedx.org')), resolves=[get_issue_2(), get_issue_1()] ) self.assertEqual(hash(p1), hash(p2)) self.assertNotEqual(id(p1), id(p2)) self.assertTrue(p1 == p2) def test_multiple_times_same(self) -> None: i = 0 while i < 1000: p1 = Patch( type=PatchClassification.BACKPORT, diff=Diff(url=XsUri('https://cyclonedx.org')), resolves=[get_issue_1(), get_issue_2()] ) p2 = Patch( type=PatchClassification.BACKPORT, diff=Diff(url=XsUri('https://cyclonedx.org')), resolves=[get_issue_2(), get_issue_1(), get_issue_1(), get_issue_1(), get_issue_2()] ) self.assertEqual(hash(p1), hash(p2)) self.assertNotEqual(id(p1), id(p2)) self.assertTrue(p1 == p2) i += 1 def test_not_same_1(self) -> None: p1 = Patch( type=PatchClassification.MONKEY, diff=Diff(url=XsUri('https://cyclonedx.org/')), resolves=[get_issue_1(), get_issue_2()] ) p2 = Patch( type=PatchClassification.BACKPORT, diff=Diff(url=XsUri('https://cyclonedx.org')), resolves=[get_issue_2(), get_issue_1()] ) self.assertNotEqual(hash(p1), hash(p2)) self.assertNotEqual(id(p1), id(p2)) self.assertFalse(p1 == p2) def test_sort(self) -> None: diff_a = Diff(text=AttachedText(content='a')) diff_b = Diff(text=AttachedText(content='b')) resolves_a = [ IssueType(type=IssueClassification.DEFECT), IssueType(type=IssueClassification.SECURITY) ] # expected sort order: (type, [diff], sorted(resolves)) expected_order = [5, 4, 3, 2, 1, 0] patches = [ Patch(type=PatchClassification.MONKEY), Patch(type=PatchClassification.MONKEY, diff=diff_b), Patch(type=PatchClassification.MONKEY, diff=diff_a), Patch(type=PatchClassification.MONKEY, diff=diff_a, resolves=resolves_a), Patch(type=PatchClassification.BACKPORT), Patch(type=PatchClassification.BACKPORT, diff=diff_a), ] sorted_patches = sorted(patches) expected_patches = reorder(patches, expected_order) self.assertListEqual(sorted_patches, expected_patches) class TestModelPedigree(TestCase): def test_no_params(self) -> None: Pedigree() # does not raise `NoPropertiesProvidedException` def test_same_1(self) -> None: p1 = get_pedigree_1() p2 = get_pedigree_1() self.assertNotEqual(id(p1), id(p2), 'id') self.assertEqual(hash(p1), hash(p2), 'hash') self.assertTrue(p1 == p2, 'equal') def test_not_same_1(self) -> None: p1 = get_pedigree_1() p2 = get_pedigree_1() p2.notes = 'Some other notes here' self.assertNotEqual(id(p1), id(p2), 'id') self.assertNotEqual(hash(p1), hash(p2), 'hash') self.assertFalse(p1 == p2, 'equal') class TestModelSwid(TestCase): def test_same_1(self) -> None: sw_1 = get_swid_1() sw_2 = get_swid_1() self.assertNotEqual(id(sw_1), id(sw_2), 'id') self.assertEqual(hash(sw_1), hash(sw_2), 'hash') self.assertTrue(sw_1 == sw_2, 'equal') def test_same_2(self) -> None: sw_1 = get_swid_2() sw_2 = get_swid_2() self.assertNotEqual(id(sw_1), id(sw_2), 'id') self.assertEqual(hash(sw_1), hash(sw_2), 'hash') self.assertTrue(sw_1 == sw_2, 'equal') def test_not_same(self) -> None: sw_1 = get_swid_1() sw_2 = get_swid_2() self.assertNotEqual(id(sw_1), id(sw_2), 'id') self.assertNotEqual(hash(sw_1), hash(sw_2), 'hash') self.assertFalse(sw_1 == sw_2, 'equal') cyclonedx-python-lib-9.1.0/tests/test_model_definition.py000066400000000000000000000102511476011761300236640ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from unittest import TestCase from ddt import ddt, named_data from cyclonedx.exception.model import InvalidCreIdException from cyclonedx.model.definition import CreId, Definitions, Level, Requirement, Standard class TestModelDefinitions(TestCase): def test_init(self) -> Definitions: s = Standard(name='test-standard') dr = Definitions( standards=(s, ), ) self.assertEqual(1, len(dr.standards)) self.assertIs(s, tuple(dr.standards)[0]) return dr def test_filled(self) -> None: dr = self.test_init() self.assertIsNotNone(dr.standards) self.assertTrue(dr) def test_empty(self) -> None: dr = Definitions() self.assertIsNotNone(dr.standards) self.assertEqual(0, len(dr.standards)) self.assertFalse(dr) def test_unequal_different_type(self) -> None: dr = Definitions() self.assertFalse(dr == 'other') def test_equal_self(self) -> None: dr = Definitions() dr.standards.add(Standard(name='my-standard')) self.assertTrue(dr == dr) def test_unequal(self) -> None: dr1 = Definitions() dr1.standards.add(Standard(name='my-standard')) tr2 = Definitions() self.assertFalse(dr1 == tr2) def test_equal(self) -> None: s = Standard(name='my-standard') dr1 = Definitions() dr1.standards.add(s) tr2 = Definitions() tr2.standards.add(s) self.assertTrue(dr1 == tr2) @ddt class TestModelCreId(TestCase): def test_different(self) -> None: id1 = CreId('CRE:123-456') id2 = CreId('CRE:987-654') self.assertNotEqual(id(id1), id(id2)) self.assertNotEqual(hash(id1), hash(id2)) self.assertFalse(id1 == id2) def test_same(self) -> None: id1 = CreId('CRE:123-456') id2 = CreId('CRE:123-456') self.assertNotEqual(id(id1), id(id2)) self.assertEqual(hash(id1), hash(id2)) self.assertTrue(id1 == id2) def test_invalid_no_id(self) -> None: with self.assertRaises(TypeError): CreId() @named_data( ['empty', ''], ['arbitrary string', 'some string'], ['missing prefix', '123-456'], ['additional part', 'CRE:123-456-789'], ['no numbers', 'CRE:abc-def'], ['no delimiter', 'CRE:123456'], ) def test_invalid_id(self, wrong_id: str) -> None: with self.assertRaises(InvalidCreIdException): CreId(wrong_id) class TestModelRequirements(TestCase): def test_bom_ref_is_set_from_value(self) -> None: r = Requirement(bom_ref='123-456') self.assertIsNotNone(r.bom_ref) self.assertEqual('123-456', r.bom_ref.value) def test_bom_ref_is_set_if_none_given(self) -> None: r = Requirement() self.assertIsNotNone(r.bom_ref) class TestModelLevel(TestCase): def test_bom_ref_is_set_from_value(self) -> None: r = Level(bom_ref='123-456') self.assertIsNotNone(r.bom_ref) self.assertEqual('123-456', r.bom_ref.value) def test_bom_ref_is_set_if_none_given(self) -> None: r = Level() self.assertIsNotNone(r.bom_ref) class TestModelStandard(TestCase): def test_bom_ref_is_set_from_value(self) -> None: r = Standard(bom_ref='123-456') self.assertIsNotNone(r.bom_ref) self.assertEqual('123-456', r.bom_ref.value) def test_bom_ref_is_set_if_none_given(self) -> None: r = Standard() self.assertIsNotNone(r.bom_ref) cyclonedx-python-lib-9.1.0/tests/test_model_dependency.py000066400000000000000000000034051476011761300236550ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from unittest import TestCase from cyclonedx.model.bom_ref import BomRef from cyclonedx.model.dependency import Dependency from tests import reorder class TestDependency(TestCase): def test_sort(self) -> None: # expected sort order: (value) expected_order = [3, 2, 0, 1] deps = [ Dependency(ref=BomRef(value='be2c6502-7e9a-47db-9a66-e34f729810a3'), dependencies=[ Dependency(ref=BomRef(value='0b049d09-64c0-4490-a0f5-c84d9aacf857')), Dependency(ref=BomRef(value='17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda')) ]), Dependency(ref=BomRef(value='cd3e9c95-9d41-49e7-9924-8cf0465ae789')), Dependency(ref=BomRef(value='17e3b199-dc0b-42ef-bfdd-1fa81a1e3eda')), Dependency(ref=BomRef(value='0b049d09-64c0-4490-a0f5-c84d9aacf857'), dependencies=[ Dependency(ref=BomRef(value='cd3e9c95-9d41-49e7-9924-8cf0465ae789')) ]) ] sorted_deps = sorted(deps) expected_deps = reorder(deps, expected_order) self.assertEqual(sorted_deps, expected_deps) cyclonedx-python-lib-9.1.0/tests/test_model_issue.py000066400000000000000000000076171476011761300227000ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from unittest import TestCase from cyclonedx.model import XsUri from cyclonedx.model.issue import IssueClassification, IssueType, IssueTypeSource from tests import reorder from tests._data.models import get_issue_1, get_issue_2 class TestModelIssueType(TestCase): def test_same(self) -> None: i_1 = get_issue_1() i_2 = get_issue_1() self.assertNotEqual(id(i_1), id(i_2)) self.assertEqual(hash(i_1), hash(i_2)) self.assertTrue(i_1 == i_2) def test_not_same(self) -> None: i_1 = get_issue_1() i_2 = get_issue_2() self.assertNotEqual(id(i_1), id(i_2)) self.assertNotEqual(hash(i_1), hash(i_2)) self.assertFalse(i_1 == i_2) def test_sort(self) -> None: source_a = IssueTypeSource(name='a') source_b = IssueTypeSource(name='b') # expected sort order: (type/classification, id, name, description, source) expected_order = [6, 5, 0, 1, 2, 3, 4] issues = [ IssueType(type=IssueClassification.SECURITY, id='a', name='a', description='a', source=source_a), IssueType(type=IssueClassification.SECURITY, id='a', name='a', description='a', source=source_b), IssueType(type=IssueClassification.SECURITY, id='a', name='a', description='a'), IssueType(type=IssueClassification.SECURITY, id='a', name='a'), IssueType(type=IssueClassification.SECURITY, id='a'), IssueType(type=IssueClassification.DEFECT, id='a', name='a', description='a', source=source_b), IssueType(type=IssueClassification.DEFECT, id='a', name='a', description='a', source=source_a), ] sorted_issues = sorted(issues) expected_issues = reorder(issues, expected_order) self.assertListEqual(sorted_issues, expected_issues) class TestModelIssueTypeSource(TestCase): def test_no_params(self) -> None: IssueTypeSource() # Does not raise `NoPropertiesProvidedException` def test_same(self) -> None: its_1 = IssueTypeSource(name='The Source', url=XsUri('https://cyclonedx.org')) its_2 = IssueTypeSource(name='The Source', url=XsUri('https://cyclonedx.org')) self.assertNotEqual(id(its_1), id(its_2)) self.assertEqual(hash(its_1), hash(its_2)) self.assertTrue(its_1 == its_2) def test_not_same(self) -> None: its_1 = IssueTypeSource(name='The Source', url=XsUri('https://cyclonedx.org')) its_2 = IssueTypeSource(name='Not the Source', url=XsUri('https://cyclonedx.org')) self.assertNotEqual(id(its_1), id(its_2)) self.assertNotEqual(hash(its_1), hash(its_2)) self.assertFalse(its_1 == its_2) def test_sort(self) -> None: # expected sort order: ([name], [url]) expected_order = [0, 1, 3, 2, 5, 4] sources = [ IssueTypeSource(name='a', url=XsUri('a')), IssueTypeSource(name='a', url=XsUri('b')), IssueTypeSource(name='b'), IssueTypeSource(name='a'), IssueTypeSource(url=XsUri('b')), IssueTypeSource(url=XsUri('a')), ] sorted_sources = sorted(sources) expected_sources = reorder(sources, expected_order) self.assertListEqual(sorted_sources, expected_sources) cyclonedx-python-lib-9.1.0/tests/test_model_license.py000066400000000000000000000103131476011761300231550ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from random import shuffle from unittest import TestCase from unittest.mock import MagicMock from cyclonedx.exception.model import MutuallyExclusivePropertiesException from cyclonedx.model import AttachedText, XsUri from cyclonedx.model.license import DisjunctiveLicense, LicenseExpression from tests import reorder class TestModelDisjunctiveLicense(TestCase): def test_create_complete_id(self) -> None: text = MagicMock(spec=AttachedText) url = MagicMock(spec=XsUri) license = DisjunctiveLicense(id='foo', text=text, url=url) self.assertEqual('foo', license.id) self.assertIsNone(license.name) self.assertIs(text, license.text) self.assertIs(url, license.url) def test_update_id_name(self) -> None: license = DisjunctiveLicense(id='foo') self.assertEqual('foo', license.id) self.assertIsNone(license.name) license.name = 'bar' self.assertIsNone(license.id) self.assertEqual('bar', license.name) def test_create_complete_named(self) -> None: text = MagicMock(spec=AttachedText) url = MagicMock(spec=XsUri) license = DisjunctiveLicense(name='foo', text=text, url=url) self.assertIsNone(license.id) self.assertEqual('foo', license.name) self.assertIs(text, license.text) self.assertIs(url, license.url) def test_update_name_id(self) -> None: license = DisjunctiveLicense(name='foo') self.assertEqual('foo', license.name) self.assertIsNone(license.id) license.id = 'bar' self.assertIsNone(license.name) self.assertEqual('bar', license.id) def test_throws_when_no_id_nor_name(self) -> None: with self.assertRaises(MutuallyExclusivePropertiesException): DisjunctiveLicense(id=None, name=None) def test_prefers_id_over_name(self) -> None: with self.assertWarnsRegex( RuntimeWarning, 'Both `id` and `name` have been supplied - `name` will be ignored!'): license = DisjunctiveLicense(id='foo', name='bar') self.assertEqual('foo', license.id) self.assertEqual(None, license.name) def test_equal(self) -> None: a = DisjunctiveLicense(id='foo', name='bar') b = DisjunctiveLicense(id='foo', name='bar') c = DisjunctiveLicense(id='bar', name='foo') self.assertEqual(a, b) self.assertNotEqual(a, c) self.assertNotEqual(a, 'foo') class TestModelLicenseExpression(TestCase): def test_create(self) -> None: license = LicenseExpression('foo') self.assertEqual('foo', license.value) def test_update(self) -> None: license = LicenseExpression('foo') self.assertEqual('foo', license.value) license.value = 'bar' self.assertEqual('bar', license.value) def test_equal(self) -> None: a = LicenseExpression('foo') b = LicenseExpression('foo') c = LicenseExpression('bar') self.assertEqual(a, b) self.assertNotEqual(a, c) self.assertNotEqual(a, 'foo') class TestModelLicense(TestCase): def test_sort_mixed(self) -> None: expected_order = [1, 2, 0] licenses = [ DisjunctiveLicense(name='my license'), LicenseExpression(value='MIT or Apache-2.0'), DisjunctiveLicense(id='MIT'), ] expected_licenses = reorder(licenses, expected_order) shuffle(licenses) sorted_licenses = sorted(licenses) self.assertListEqual(sorted_licenses, expected_licenses) cyclonedx-python-lib-9.1.0/tests/test_model_lifecycle.py000066400000000000000000000076711476011761300235070ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from random import shuffle from unittest import TestCase from cyclonedx.model.lifecycle import LifecyclePhase, NamedLifecycle, PredefinedLifecycle from tests import reorder class TestModelPredefinedLifecycle(TestCase): def test_create(self) -> None: lifecycle = PredefinedLifecycle(phase=LifecyclePhase.BUILD) self.assertIs(LifecyclePhase.BUILD, lifecycle.phase) def test_update(self) -> None: lifecycle = PredefinedLifecycle(phase=LifecyclePhase.DESIGN) lifecycle.phase = LifecyclePhase.DISCOVERY self.assertIs(LifecyclePhase.DISCOVERY, lifecycle.phase) def test_equal(self) -> None: a = PredefinedLifecycle(phase=LifecyclePhase.BUILD) b = PredefinedLifecycle(phase=LifecyclePhase.BUILD) c = PredefinedLifecycle(phase=LifecyclePhase.DESIGN) self.assertEqual(a, b) self.assertNotEqual(a, c) def test_sort(self) -> None: expected_order = [3, 0, 2, 1] lifecycles = [ NamedLifecycle(name='foo', description='baz'), NamedLifecycle(name='foo'), NamedLifecycle(name='foo', description='qux'), NamedLifecycle(name='bar'), ] expected_lifecycles = reorder(lifecycles, expected_order) shuffle(lifecycles) sorted_lifecycles = sorted(lifecycles) self.assertListEqual(sorted_lifecycles, expected_lifecycles) class TestModelNamedLifecycle(TestCase): def test_create(self) -> None: lifecycle = NamedLifecycle(name='foo') self.assertEqual('foo', lifecycle.name) self.assertIsNone(lifecycle.description) lifecycle = NamedLifecycle(name='foo2n', description='foo2d') self.assertEqual('foo2n', lifecycle.name) self.assertEqual('foo2d', lifecycle.description) def test_update(self) -> None: lifecycle = NamedLifecycle(name='foo') self.assertEqual('foo', lifecycle.name) lifecycle.name = 'bar' self.assertEqual('bar', lifecycle.name) def test_equal(self) -> None: a = NamedLifecycle('foo') b = NamedLifecycle('foo') c = NamedLifecycle('bar') self.assertEqual(a, b) self.assertNotEqual(a, c) self.assertNotEqual(a, 'foo') def test_sort(self) -> None: expected_order = [3, 0, 2, 1] lifecycles = [ NamedLifecycle(name='foo', description='baz'), NamedLifecycle(name='foo'), NamedLifecycle(name='foo', description='qux'), NamedLifecycle(name='bar'), ] expected_lifecycles = reorder(lifecycles, expected_order) shuffle(lifecycles) sorted_lifecycles = sorted(lifecycles) self.assertListEqual(sorted_lifecycles, expected_lifecycles) class TestModelLifecycle(TestCase): def test_sort_mixed(self) -> None: expected_order = [3, 0, 2, 1] lifecycles = [ PredefinedLifecycle(phase=LifecyclePhase.DESIGN), NamedLifecycle(name='Example2'), NamedLifecycle(name='Example'), PredefinedLifecycle(phase=LifecyclePhase.BUILD), ] expected_lifecycles = reorder(lifecycles, expected_order) shuffle(lifecycles) sorted_lifecycles = sorted(lifecycles) self.assertListEqual(sorted_lifecycles, expected_lifecycles) cyclonedx-python-lib-9.1.0/tests/test_model_release_note.py000066400000000000000000000053121476011761300242030ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import datetime from unittest import TestCase from cyclonedx.model import XsUri from cyclonedx.model.release_note import ReleaseNotes class TestModelReleaseNote(TestCase): def test_simple(self) -> None: rn = ReleaseNotes(type='major') self.assertEqual(rn.type, 'major') self.assertIsNone(rn.title) self.assertIsNone(rn.featured_image) self.assertIsNone(rn.social_image) self.assertIsNone(rn.description) self.assertIsNone(rn.timestamp) self.assertFalse(rn.aliases) self.assertFalse(rn.tags) self.assertFalse(rn.resolves) self.assertFalse(rn.notes) self.assertFalse(rn.properties) def test_complete(self) -> None: timestamp: datetime.datetime = datetime.datetime.utcnow() rn = ReleaseNotes( type='major', title='Release Notes Title', featured_image=XsUri('https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png'), social_image=XsUri('https://cyclonedx.org/cyclonedx-icon.png'), description='This release is a test release', timestamp=timestamp, aliases=[ 'First Test Release' ], tags=['test', 'alpha'], resolves=[], notes=[] ) rn.aliases.add('Release Alpha') rn.tags.add('testing') self.assertEqual(rn.type, 'major') self.assertEqual(rn.title, 'Release Notes Title') self.assertEqual( str(rn.featured_image), 'https://cyclonedx.org/theme/assets/images/CycloneDX-Twitter-Card.png' ) self.assertEqual(str(rn.social_image), 'https://cyclonedx.org/cyclonedx-icon.png') self.assertEqual(rn.description, 'This release is a test release') self.assertSetEqual(rn.aliases, {'Release Alpha', 'First Test Release'}) self.assertSetEqual(rn.tags, {'test', 'testing', 'alpha'}) self.assertSetEqual(rn.resolves, set()) self.assertFalse(rn.notes) self.assertSetEqual(rn.properties, set()) cyclonedx-python-lib-9.1.0/tests/test_model_service.py000066400000000000000000000065021476011761300232000ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from unittest import TestCase from cyclonedx.model.service import Service from tests import reorder class TestModelService(TestCase): def test_minimal_service(self) -> None: s = Service(name='my-test-service') self.assertEqual(s.name, 'my-test-service') self.assertIsNone(s.bom_ref.value) self.assertIsNone(s.provider) self.assertIsNone(s.group) self.assertIsNone(s.version) self.assertIsNone(s.description) self.assertFalse(s.endpoints) self.assertIsNone(s.authenticated) self.assertIsNone(s.x_trust_boundary) self.assertFalse(s.data) self.assertFalse(s.licenses) self.assertFalse(s.external_references) self.assertFalse(s.services) self.assertFalse(s.release_notes) self.assertFalse(s.properties) def test_service_with_services(self) -> None: parent_service = Service(name='parent-service') parent_service.services = [ Service(name='child-service-1'), Service(name='child-service-2'), ] self.assertEqual(parent_service.name, 'parent-service') self.assertIsNone(parent_service.bom_ref.value) self.assertIsNone(parent_service.provider) self.assertIsNone(parent_service.group) self.assertIsNone(parent_service.version) self.assertIsNone(parent_service.description) self.assertFalse(parent_service.endpoints) self.assertIsNone(parent_service.authenticated) self.assertIsNone(parent_service.x_trust_boundary) self.assertFalse(parent_service.data) self.assertFalse(parent_service.licenses) self.assertFalse(parent_service.external_references) self.assertIsNotNone(parent_service.services) self.assertEqual(len(parent_service.services), 2) self.assertIsNone(parent_service.release_notes) self.assertFalse(parent_service.properties) self.assertTrue(Service(name='child-service-1') in parent_service.services) def test_sort(self) -> None: # expected sort order: ([group], name, [version]) expected_order = [0, 1, 3, 4, 2, 5] services = [ Service(name='service-a', group='group-a'), Service(name='service-b', group='group-a', version='1.0.0'), Service(name='service-c', version='2.0.0'), Service(name='service-b', group='group-a'), Service(name='service-c', version='1.0.0'), Service(name='service-d', ), ] sorted_services = sorted(services) expected_services = reorder(services, expected_order) self.assertListEqual(sorted_services, expected_services) cyclonedx-python-lib-9.1.0/tests/test_model_tool.py000066400000000000000000000041031476011761300225100ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from unittest import TestCase from cyclonedx.model.tool import Tool from tests import reorder class TestModelTool(TestCase): def test_sort(self) -> None: # expected sort order: (vendor, name, version) expected_order = [0, 1, 2, 3, 4, 5, 6] tools = [ Tool(vendor='a', name='a', version='1.0.0'), Tool(vendor='a', name='a', version='2.0.0'), Tool(vendor='a', name='b', version='1.0.0'), Tool(vendor='a', name='b'), Tool(vendor='b', name='a'), Tool(vendor='b', name='b', version='1.0.0'), Tool(name='b'), ] sorted_tools = sorted(tools) expected_tools = reorder(tools, expected_order) self.assertListEqual(sorted_tools, expected_tools) def test_non_equal_tool_and_invalid(self) -> None: t = Tool(vendor='VendorA') self.assertFalse(t == 'INVALID') def test_invalid_tool_compare(self) -> None: t = Tool(vendor='VendorA') with self.assertRaises(TypeError): r = t < 'INVALID' # pylint: disable=unused-variable # noqa: disable=E841 def test_tool_repr(self) -> None: t = Tool(name='test-tool', version='1.2.3', vendor='test-vendor') self.assertEqual(repr(t), '') def test_tool_equals(self) -> None: t = Tool() self.assertEqual(t, t) cyclonedx-python-lib-9.1.0/tests/test_model_tool_repository.py000066400000000000000000000050401476011761300250100ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from unittest import TestCase from cyclonedx.model.component import Component from cyclonedx.model.service import Service from cyclonedx.model.tool import Tool, ToolRepository class TestModelToolRepository(TestCase): def test_init(self) -> ToolRepository: c = Component(name='test-component') s = Service(name='test-service') t = Tool(name='test-tool') tr = ToolRepository( components=(c,), services=(s,), tools=(t,) ) self.assertIs(c, tuple(tr.components)[0]) self.assertIs(s, tuple(tr.services)[0]) self.assertIs(t, tuple(tr.tools)[0]) return tr def test_filled(self) -> None: tr = self.test_init() self.assertEqual(3, len(tr)) self.assertTrue(tr) def test_empty(self) -> None: tr = ToolRepository() self.assertEqual(0, len(tr)) self.assertFalse(tr) def test_unequal_different_type(self) -> None: tr = ToolRepository() self.assertFalse(tr == 'other') def test_equal_self(self) -> None: tr = ToolRepository() tr.tools.add(Tool(name='my-tool')) self.assertTrue(tr == tr) def test_unequal(self) -> None: tr1 = ToolRepository() tr1.components.add(Component(name='my-component')) tr1.services.add(Service(name='my-service')) tr1.tools.add(Tool(name='my-tool')) tr2 = ToolRepository() self.assertFalse(tr1 == tr2) def test_equal(self) -> None: c = Component(name='my-component') s = Service(name='my-service') t = Tool(name='my-tool') tr1 = ToolRepository() tr1.components.add(c) tr1.services.add(s) tr1.tools.add(t) tr2 = ToolRepository() tr2.components.add(c) tr2.services.add(s) tr2.tools.add(t) self.assertTrue(tr1 == tr2) cyclonedx-python-lib-9.1.0/tests/test_model_vulnerability.py000066400000000000000000000336671476011761300244450ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from datetime import datetime, timedelta from decimal import Decimal from unittest import TestCase from cyclonedx.model import XsUri from cyclonedx.model.impact_analysis import ImpactAnalysisAffectedStatus from cyclonedx.model.vulnerability import ( BomTarget, BomTargetVersionRange, Vulnerability, VulnerabilityAdvisory, VulnerabilityRating, VulnerabilityReference, VulnerabilityScoreSource, VulnerabilitySeverity, VulnerabilitySource, ) from tests import reorder class TestModelVulnerability(TestCase): def test_v_severity_from_cvss_scores_single_critical(self) -> None: self.assertEqual( VulnerabilitySeverity.get_from_cvss_scores(9.1), VulnerabilitySeverity.CRITICAL ) def test_v_severity_from_cvss_scores_multiple_critical(self) -> None: self.assertEqual( VulnerabilitySeverity.get_from_cvss_scores((9.1, 9.5)), VulnerabilitySeverity.CRITICAL ) def test_v_severity_from_cvss_scores_single_high(self) -> None: self.assertEqual( VulnerabilitySeverity.get_from_cvss_scores(8.9), VulnerabilitySeverity.HIGH ) def test_v_severity_from_cvss_scores_single_medium(self) -> None: self.assertEqual( VulnerabilitySeverity.get_from_cvss_scores(4.2), VulnerabilitySeverity.MEDIUM ) def test_v_severity_from_cvss_scores_single_low(self) -> None: self.assertEqual( VulnerabilitySeverity.get_from_cvss_scores(1.1), VulnerabilitySeverity.LOW ) def test_v_severity_from_cvss_scores_single_none(self) -> None: self.assertEqual( VulnerabilitySeverity.get_from_cvss_scores(0.0), VulnerabilitySeverity.NONE ) def test_v_severity_from_cvss_scores_multiple_high(self) -> None: self.assertEqual( VulnerabilitySeverity.get_from_cvss_scores((1.2, 8.9, 2.2, 5.6)), VulnerabilitySeverity.HIGH ) def test_v_source_parse_cvss3_1(self) -> None: self.assertEqual( VulnerabilityScoreSource.get_from_vector('CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'), VulnerabilityScoreSource.CVSS_V3 ) def test_v_source_parse_cvss2_1(self) -> None: self.assertEqual( VulnerabilityScoreSource.get_from_vector('CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C'), VulnerabilityScoreSource.CVSS_V2 ) def test_v_source_parse_owasp_1(self) -> None: self.assertEqual( VulnerabilityScoreSource.get_from_vector('OWASP/K9:M1:O0:Z2/D1:X1:W1:L3/C2:I1:A1:T1/F1:R1:S2:P3/50'), VulnerabilityScoreSource.OWASP ) def test_v_source_get_localised_vector_cvss3_1(self) -> None: self.assertEqual( VulnerabilityScoreSource.CVSS_V3.get_localised_vector( vector='CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N' ), 'AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N' ) def test_v_source_get_localised_vector_cvss3_2(self) -> None: self.assertEqual( VulnerabilityScoreSource.CVSS_V3.get_localised_vector(vector='CVSS:3.0AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'), 'AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N' ) def test_v_source_get_localised_vector_cvss3_3(self) -> None: self.assertEqual( VulnerabilityScoreSource.CVSS_V3.get_localised_vector(vector='AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'), 'AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N' ) def test_v_source_get_localised_vector_cvss2_1(self) -> None: self.assertEqual( VulnerabilityScoreSource.CVSS_V2.get_localised_vector( vector='CVSS:2.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'), 'AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N' ) def test_v_source_get_localised_vector_cvss2_2(self) -> None: self.assertEqual( VulnerabilityScoreSource.CVSS_V2.get_localised_vector(vector='CVSS:2.1AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'), 'AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N' ) def test_v_source_get_localised_vector_cvss2_3(self) -> None: self.assertEqual( VulnerabilityScoreSource.CVSS_V2.get_localised_vector(vector='AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'), 'AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N' ) def test_v_source_get_localised_vector_owasp_1(self) -> None: self.assertEqual( VulnerabilityScoreSource.OWASP.get_localised_vector(vector='OWASP/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'), 'AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N' ) def test_v_source_get_localised_vector_owasp_2(self) -> None: self.assertEqual( VulnerabilityScoreSource.OWASP.get_localised_vector(vector='OWASPAV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'), 'AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N' ) def test_v_source_get_localised_vector_owasp_3(self) -> None: self.assertEqual( VulnerabilityScoreSource.OWASP.get_localised_vector(vector='AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'), 'AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N' ) def test_v_source_get_localised_vector_other_2(self) -> None: self.assertEqual( VulnerabilityScoreSource.OTHER.get_localised_vector(vector='SOMETHING_OR_OTHER'), 'SOMETHING_OR_OTHER' ) def test_empty_vulnerability(self) -> None: v = Vulnerability() self.assertIsNone(v.bom_ref.value) self.assertIsNone(v.id) self.assertIsNone(v.source) self.assertFalse(v.references) self.assertFalse(v.ratings) self.assertFalse(v.cwes) self.assertIsNone(v.description) self.assertIsNone(v.detail) self.assertIsNone(v.recommendation) self.assertIsNone(v.workaround) self.assertFalse(v.advisories) self.assertIsNone(v.created) self.assertIsNone(v.published) self.assertIsNone(v.updated) self.assertIsNone(v.credits) self.assertFalse(v.tools) self.assertIsNone(v.analysis) self.assertFalse(v.affects) def test_sort(self) -> None: source1 = VulnerabilitySource(name='a') source2 = VulnerabilitySource(name='b') datetime1 = datetime.utcnow() datetime2 = datetime1 + timedelta(seconds=5) # expected sort order: (id, description, detail, source, created, published) expected_order = [0, 1, 10, 2, 3, 4, 5, 6, 7, 8, 9, 11] vulnerabilities = [ Vulnerability(bom_ref='0', id='a', description='a', detail='a', source=source1, created=datetime1, published=datetime1), Vulnerability(bom_ref='1', id='a', description='a', detail='a', source=source1, created=datetime1), Vulnerability(bom_ref='2', id='a', description='a', detail='a', source=source1), Vulnerability(bom_ref='3', id='a', description='a', detail='a'), Vulnerability(bom_ref='4', id='a', description='a'), Vulnerability(bom_ref='5', id='a'), Vulnerability(bom_ref='6', id='a', description='a', detail='a', source=source1, created=datetime1, published=datetime2), Vulnerability(bom_ref='7', id='a', description='a', detail='a', source=source1, created=datetime2, published=datetime1), Vulnerability(bom_ref='8', id='a', description='a', detail='a', source=source2, created=datetime1, published=datetime1), Vulnerability(bom_ref='9', id='a', description='a', detail='b', source=source1, created=datetime1, published=datetime1), Vulnerability(bom_ref='10', id='a', description='b', detail='b', source=source1, created=datetime1, published=datetime1), Vulnerability(bom_ref='11', id='b', description='a', detail='a', source=source1, created=datetime1, published=datetime1), ] sorted_vulnerabilities = sorted(vulnerabilities) expected_vulnerabilities = reorder(vulnerabilities, expected_order) self.assertListEqual(sorted_vulnerabilities, expected_vulnerabilities) class TestModelVulnerabilityAdvisory(TestCase): def test_sort(self) -> None: # expected sort order: ([title], url) expected_order = [0, 1, 2, 3] advisories = [ VulnerabilityAdvisory(url=XsUri('a'), title='a'), VulnerabilityAdvisory(url=XsUri('b'), title='a'), VulnerabilityAdvisory(url=XsUri('a')), VulnerabilityAdvisory(url=XsUri('b')), ] sorted_advisories = sorted(advisories) expected_advisories = reorder(advisories, expected_order) self.assertListEqual(sorted_advisories, expected_advisories) class TestModelVulnerabilitySource(TestCase): def test_sort(self) -> None: # expected sort order: ([name], [url]) expected_order = [0, 1, 4, 5, 2, 3] sources = [ VulnerabilitySource(url=XsUri('a'), name='a'), VulnerabilitySource(url=XsUri('b'), name='a'), VulnerabilitySource(url=XsUri('a')), VulnerabilitySource(url=XsUri('b')), VulnerabilitySource(name='a'), VulnerabilitySource(name='b'), ] sorted_sources = sorted(sources) expected_sources = reorder(sources, expected_order) self.assertListEqual(sorted_sources, expected_sources) class TestModelVulnerabilityReference(TestCase): def test_sort(self) -> None: source_a = VulnerabilitySource(name='a') source_b = VulnerabilitySource(name='b') # expected sort order: ([id], [source]) expected_order = [2, 3, 1, 0] refs = [ VulnerabilityReference(id='b', source=source_b), VulnerabilityReference(id='b', source=source_a), VulnerabilityReference(id='a', source=source_a), VulnerabilityReference(id='a', source=source_b), ] sorted_refs = sorted(refs) expected_refs = reorder(refs, expected_order) self.assertListEqual(sorted_refs, expected_refs) class TestModelVulnerabilityRating(TestCase): def test_sort(self) -> None: source_a = VulnerabilitySource(name='a') method_a = VulnerabilityScoreSource.CVSS_V3_1 # expected sort order: ([severity], [score], [source], [method], [vector], [justification]) expected_order = [5, 0, 1, 2, 3, 4, 6, 7] refs = [ VulnerabilityRating(severity=VulnerabilitySeverity.HIGH, score=Decimal(10), source=source_a, method=method_a, vector='a', justification='a'), VulnerabilityRating(severity=VulnerabilitySeverity.HIGH, score=Decimal(10), source=source_a, method=method_a, vector='a'), VulnerabilityRating(severity=VulnerabilitySeverity.HIGH, score=Decimal(10), source=source_a, method=method_a), VulnerabilityRating(severity=VulnerabilitySeverity.HIGH, score=Decimal(10), source=source_a), VulnerabilityRating(severity=VulnerabilitySeverity.HIGH, score=Decimal(10)), VulnerabilityRating(severity=VulnerabilitySeverity.HIGH), VulnerabilityRating(severity=VulnerabilitySeverity.LOW, score=Decimal(10), source=source_a, method=method_a, vector='a', justification='a'), VulnerabilityRating(score=Decimal(10), source=source_a, method=method_a, vector='a', justification='a'), ] sorted_refs = sorted(refs) expected_refs = reorder(refs, expected_order) self.maxDiff = None # gimme all diff on error self.assertListEqual(sorted_refs, expected_refs) class TestModelBomTargetVersionRange(TestCase): def test_sort(self) -> None: # expected sort order: ([version], [range], [status]) expected_order = [0, 3, 1, 2, 4, 5] ranges = [ BomTargetVersionRange(version='1.0.0', status=ImpactAnalysisAffectedStatus.AFFECTED), BomTargetVersionRange(version='1.0.0'), BomTargetVersionRange(version='2.0.0', status=ImpactAnalysisAffectedStatus.AFFECTED), BomTargetVersionRange(version='1.0.0', status=ImpactAnalysisAffectedStatus.UNAFFECTED), BomTargetVersionRange(range='1.0.0 - 2.0.0', status=ImpactAnalysisAffectedStatus.UNAFFECTED), BomTargetVersionRange(range='2.0.0 - 2.1.0', status=ImpactAnalysisAffectedStatus.AFFECTED), ] sorted_ranges = sorted(ranges) expected_ranges = reorder(ranges, expected_order) self.assertListEqual(sorted_ranges, expected_ranges) class TestModelBomTarget(TestCase): def test_sort(self) -> None: version_a = BomTargetVersionRange(version='1.0.0') version_b = BomTargetVersionRange(version='2.0.0') # expected sort order: (ref) expected_order = [1, 0, 3, 2, 4] targets = [ BomTarget(ref='b'), BomTarget(ref='a'), BomTarget(ref='d'), BomTarget(ref='c', versions=[version_a, version_b]), BomTarget(ref='g'), ] sorted_targets = sorted(targets) expected_targets = reorder(targets, expected_order) self.assertListEqual(sorted_targets, expected_targets) cyclonedx-python-lib-9.1.0/tests/test_output.py000066400000000000000000000061261476011761300217220ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from itertools import product from typing import Tuple from unittest import TestCase from unittest.mock import Mock from ddt import data, ddt, named_data, unpack from cyclonedx.model.bom import Bom from cyclonedx.model.bom_ref import BomRef from cyclonedx.output import BomRefDiscriminator, make_outputter from cyclonedx.schema import OutputFormat, SchemaVersion @ddt class TestTestGetInstance(TestCase): @named_data(*([f'{x[0].name} {x[1].name}', *x] for x in product(OutputFormat, SchemaVersion))) @unpack def test_as_expected(self, of: OutputFormat, sv: SchemaVersion) -> None: bom = Mock(spec=Bom) outputter = make_outputter(bom, of, sv) self.assertIs(outputter.get_bom(), bom) self.assertIs(outputter.output_format, of) self.assertIs(outputter.schema_version, sv) @data( *((of, 'foo', (ValueError, f"Unknown {of.name}/schema_version: 'foo'")) for of in OutputFormat), *(('foo', sv, (ValueError, "Unexpected output_format: 'foo'")) for sv in SchemaVersion), ) @unpack def test_fails_on_wrong_args(self, of: OutputFormat, sv: SchemaVersion, raises_regex: Tuple) -> None: bom = Mock(spec=Bom) with self.assertRaisesRegex(*raises_regex): make_outputter(bom, of, sv) class TestBomRefDiscriminator(TestCase): def test_discriminate_and_reset_with(self) -> None: bomref1 = BomRef('djdlkfjdslkf') bomref2 = BomRef('djdlkfjdslkf') self.assertEqual(bomref1.value, bomref2.value, 'blank') discr = BomRefDiscriminator([bomref1, bomref2]) self.assertEqual(bomref1.value, bomref2.value, 'init') discr.discriminate() self.assertNotEqual(bomref1.value, bomref2.value, 'should be discriminated') discr.reset() self.assertEqual('djdlkfjdslkf', bomref1.value) self.assertEqual('djdlkfjdslkf', bomref2.value) def test_discriminate_and_reset_manually(self) -> None: bomref1 = BomRef('djdlkfjdslkf') bomref2 = BomRef('djdlkfjdslkf') self.assertEqual(bomref1.value, bomref2.value, 'blank') discr = BomRefDiscriminator([bomref1, bomref2]) self.assertEqual(bomref1.value, bomref2.value, 'init') with discr: self.assertNotEqual(bomref1.value, bomref2.value, 'should be discriminated') discr.reset() self.assertEqual('djdlkfjdslkf', bomref1.value) self.assertEqual('djdlkfjdslkf', bomref2.value) cyclonedx-python-lib-9.1.0/tests/test_output_json.py000066400000000000000000000107621476011761300227540ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import re from typing import Any, Callable from unittest import TestCase from unittest.mock import Mock, patch from warnings import warn from ddt import data, ddt, idata, named_data, unpack from cyclonedx.exception import CycloneDxException, MissingOptionalDependencyException from cyclonedx.exception.model import ( InvalidOmniBorIdException, InvalidSwhidException, LicenseExpressionAlongWithOthersException, UnknownComponentDependencyException, ) from cyclonedx.exception.output import FormatNotSupportedException from cyclonedx.model.bom import Bom from cyclonedx.output.json import BY_SCHEMA_VERSION, Json from cyclonedx.schema import OutputFormat, SchemaVersion from cyclonedx.validation.json import JsonStrictValidator from tests import SnapshotMixin, is_valid_for_schema_version, mksname from tests._data.models import all_get_bom_funct_invalid, all_get_bom_funct_valid, bom_all_same_bomref UNSUPPORTED_SV = frozenset((SchemaVersion.V1_1, SchemaVersion.V1_0,)) @ddt class TestOutputJson(TestCase, SnapshotMixin): @data(*UNSUPPORTED_SV) def test_unsupported_schema_raises(self, sv: SchemaVersion) -> None: outputter_class = BY_SCHEMA_VERSION[sv] self.assertTrue(issubclass(outputter_class, Json)) outputter = outputter_class(Mock(spec=Bom)) with self.assertRaises(FormatNotSupportedException): outputter.output_as_string() @named_data(*( (f'{n}-{sv.to_version()}', gb, sv) for n, gb in all_get_bom_funct_valid for sv in SchemaVersion if sv not in UNSUPPORTED_SV and is_valid_for_schema_version(gb, sv) )) @unpack @patch('cyclonedx.builder.this.__ThisVersion', 'TESTING') def test_valid(self, get_bom: Callable[[], Bom], sv: SchemaVersion, *_: Any, **__: Any) -> None: snapshot_name = mksname(get_bom, sv, OutputFormat.JSON) bom = get_bom() json = BY_SCHEMA_VERSION[sv](bom).output_as_string(indent=2) try: errors = JsonStrictValidator(sv).validate_str(json) except MissingOptionalDependencyException: warn('!!! skipped schema validation', category=UserWarning, stacklevel=0) else: self.assertIsNone(errors, json) self.assertEqualSnapshot(json, snapshot_name) @named_data(*( (f'{n}-{sv.to_version()}', gb, sv) for n, gb in all_get_bom_funct_invalid for sv in SchemaVersion if sv not in UNSUPPORTED_SV and is_valid_for_schema_version(gb, sv) )) @unpack def test_invalid(self, get_bom: Callable[[], Bom], sv: SchemaVersion) -> None: with self.assertRaises(CycloneDxException) as error: bom = get_bom() outputter = BY_SCHEMA_VERSION[sv](bom) outputter.output_as_string() if isinstance(error.exception, ( LicenseExpressionAlongWithOthersException, InvalidOmniBorIdException, InvalidSwhidException, UnknownComponentDependencyException, )): return None # expected raise error.exception def test_bomref_not_duplicate(self) -> None: bom, nr_bomrefs = bom_all_same_bomref() output = BY_SCHEMA_VERSION[SchemaVersion.V1_4](bom).output_as_string() found = re.findall(r'"bom-ref":\s*"(.*?)"', output) self.assertEqual(nr_bomrefs, len(found)) self.assertCountEqual(set(found), found, 'expected unique items') @ddt class TestFunctionalBySchemaVersion(TestCase): @idata(SchemaVersion) def test_get_outputter_expected(self, sv: SchemaVersion) -> None: outputter_class = BY_SCHEMA_VERSION[sv] self.assertTrue(issubclass(outputter_class, Json)) outputter = outputter_class(Mock(spec=Bom)) self.assertIs(outputter.schema_version, sv) self.assertIs(outputter.output_format, OutputFormat.JSON) cyclonedx-python-lib-9.1.0/tests/test_output_xml.py000066400000000000000000000077041476011761300226050ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import re from typing import Any, Callable from unittest import TestCase from unittest.mock import Mock, patch from warnings import warn from ddt import ddt, idata, named_data, unpack from cyclonedx.exception import CycloneDxException, MissingOptionalDependencyException from cyclonedx.exception.model import ( InvalidOmniBorIdException, InvalidSwhidException, LicenseExpressionAlongWithOthersException, UnknownComponentDependencyException, ) from cyclonedx.model.bom import Bom from cyclonedx.output.xml import BY_SCHEMA_VERSION, Xml from cyclonedx.schema import OutputFormat, SchemaVersion from cyclonedx.validation.xml import XmlValidator from tests import SnapshotMixin, is_valid_for_schema_version, mksname from tests._data.models import all_get_bom_funct_invalid, all_get_bom_funct_valid, bom_all_same_bomref @ddt class TestOutputXml(TestCase, SnapshotMixin): @named_data(*( (f'{n}-{sv.to_version()}', gb, sv) for n, gb in all_get_bom_funct_valid for sv in SchemaVersion if is_valid_for_schema_version(gb, sv) )) @unpack @patch('cyclonedx.builder.this.__ThisVersion', 'TESTING') def test_valid(self, get_bom: Callable[[], Bom], sv: SchemaVersion, *_: Any, **__: Any) -> None: snapshot_name = mksname(get_bom, sv, OutputFormat.XML) if snapshot_name is None: return bom = get_bom() xml = BY_SCHEMA_VERSION[sv](bom).output_as_string(indent=2) try: errors = XmlValidator(sv).validate_str(xml) except MissingOptionalDependencyException: warn('!!! skipped schema validation', category=UserWarning, stacklevel=0) else: self.assertIsNone(errors, xml) self.assertEqualSnapshot(xml, snapshot_name) @named_data(*( (f'{n}-{sv.to_version()}', gb, sv) for n, gb in all_get_bom_funct_invalid for sv in SchemaVersion if is_valid_for_schema_version(gb, sv) )) @unpack def test_invalid(self, get_bom: Callable[[], Bom], sv: SchemaVersion) -> None: with self.assertRaises(CycloneDxException) as error: bom = get_bom() outputter = BY_SCHEMA_VERSION[sv](bom) outputter.output_as_string() if isinstance(error.exception, ( LicenseExpressionAlongWithOthersException, InvalidOmniBorIdException, InvalidSwhidException, UnknownComponentDependencyException, )): return None # expected raise error.exception def test_bomref_not_duplicate(self) -> None: bom, nr_bomrefs = bom_all_same_bomref() output = BY_SCHEMA_VERSION[SchemaVersion.V1_4](bom).output_as_string() found = re.findall(r'bom-ref="(.*?)"', output) self.assertEqual(nr_bomrefs, len(found)) self.assertCountEqual(set(found), found, 'expected unique items') @ddt class TestFunctionalBySchemaVersion(TestCase): @idata(SchemaVersion) def test_get_outputter_expected(self, sv: SchemaVersion) -> None: outputter_class = BY_SCHEMA_VERSION[sv] self.assertTrue(issubclass(outputter_class, Xml)) outputter = outputter_class(Mock(spec=Bom)) self.assertIs(outputter.schema_version, sv) self.assertIs(outputter.output_format, OutputFormat.XML) cyclonedx-python-lib-9.1.0/tests/test_real_world_examples.py000066400000000000000000000044431476011761300244120ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import unittest from datetime import datetime from json import loads as json_loads from os.path import join from typing import Any from unittest.mock import patch from cyclonedx.model.bom import Bom from tests import OWN_DATA_DIRECTORY @patch('cyclonedx.builder.this.__ThisVersion', 'TESTING') @patch('cyclonedx.model.bom._get_now_utc', return_value=datetime.fromisoformat('2023-01-07 13:44:32.312678+00:00')) class TestDeserializeRealWorldExamples(unittest.TestCase): def test_webgoat_6_1(self, *_: Any, **__: Any) -> None: with open(join(OWN_DATA_DIRECTORY, 'xml', '1.4', 'webgoat-6.1.xml')) as input_xml: Bom.from_xml(input_xml) def test_regression_issue_630(self, *_: Any, **__: Any) -> None: with open(join(OWN_DATA_DIRECTORY, 'xml', '1.6', 'regression_issue630.xml')) as input_xml: Bom.from_xml(input_xml) def test_regression_issue677(self, *_: Any, **__: Any) -> None: # tests https://github.com/CycloneDX/cyclonedx-python-lib/issues/677 with open(join(OWN_DATA_DIRECTORY, 'json', '1.5', 'issue677.json')) as input_json: json = json_loads(input_json.read()) bom = Bom.from_json(json) self.assertEqual(4, len(bom.components)) bom.validate() def test_regression_issue753(self, *_: Any, **__: Any) -> None: # tests https://github.com/CycloneDX/cyclonedx-python-lib/issues/753 with open(join(OWN_DATA_DIRECTORY, 'json', '1.5', 'issue753.json')) as input_json: json = json_loads(input_json.read()) bom = Bom.from_json(json) self.assertEqual(2, len(bom.components)) bom.validate() cyclonedx-python-lib-9.1.0/tests/test_schema_SchemaVersion.py000066400000000000000000000047211476011761300244470ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from unittest import TestCase from ddt import ddt, idata, unpack from cyclonedx.schema import SchemaVersion SORTED_SV = ( SchemaVersion.V1_6, SchemaVersion.V1_5, SchemaVersion.V1_4, SchemaVersion.V1_3, SchemaVersion.V1_2, SchemaVersion.V1_1, SchemaVersion.V1_0 ) # do not use any value-comparisons or implicit hash-functions here ! # just work with the position in tuple SORTED_SCHEMA_VERSIONS td_gt = tuple((a, b) for i, a in enumerate(SORTED_SV) for b in SORTED_SV[i + 1:]) td_ge = tuple((a, b) for i, a in enumerate(SORTED_SV) for b in SORTED_SV[i:]) td_eq = tuple((v, v) for v in SORTED_SV) td_le = tuple((b, a) for a, b in td_ge) td_lt = tuple((b, a) for a, b in td_gt) td_ne = tuple((a, b) for i, a in enumerate(SORTED_SV) for j, b in enumerate(SORTED_SV) if i != j) @ddt class TestSchemaVersion(TestCase): @idata(v for v in SchemaVersion) def test_version_roundtrip(self, v: SchemaVersion) -> None: v2 = SchemaVersion.from_version(v.to_version()) self.assertIs(v, v2) @idata(td_ne) @unpack def test_ne(self, a: SchemaVersion, b: SchemaVersion) -> None: self.assertNotEqual(a, b) @idata(td_gt) @unpack def test_gt(self, a: SchemaVersion, b: SchemaVersion) -> None: self.assertGreater(a, b) @idata(td_ge) @unpack def test_ge(self, a: SchemaVersion, b: SchemaVersion) -> None: self.assertGreaterEqual(a, b) @idata(td_eq) @unpack def test_eq(self, a: SchemaVersion, b: SchemaVersion) -> None: self.assertEqual(a, b) @idata(td_lt) @unpack def test_lt(self, a: SchemaVersion, b: SchemaVersion) -> None: self.assertLess(a, b) @idata(td_le) @unpack def test_le(self, a: SchemaVersion, b: SchemaVersion) -> None: self.assertLessEqual(a, b) cyclonedx-python-lib-9.1.0/tests/test_schema__res.py000066400000000000000000000023441476011761300226300ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from os.path import isfile from typing import Generator from unittest import TestCase from ddt import ddt, idata from cyclonedx.schema import _res def _dp_files() -> Generator: for bom in (_res.BOM_XML, _res.BOM_JSON, _res.BOM_JSON): for file in bom.values(): if file is not None: yield file yield _res.SPDX_JSON yield _res.SPDX_XML yield _res.JSF @ddt class SchemaResTest(TestCase): @idata(_dp_files()) def test_file_exists(self, file: str) -> None: self.assertTrue(isfile(file), file) cyclonedx-python-lib-9.1.0/tests/test_spdx.py000066400000000000000000000103251476011761300213340ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from itertools import chain from json import load as json_load from unittest import TestCase from ddt import ddt, idata, unpack from cyclonedx import spdx from cyclonedx.schema._res import SPDX_JSON # rework access with open(SPDX_JSON) as spdx_schema: KNOWN_SPDX_IDS = set(json_load(spdx_schema)['enum']) # for valid test data see the spec: https://spdx.github.io/spdx-spec/v3.0.1/annexes/spdx-license-expressions/ VALID_EXPRESSIONS = { # region Simple license expressions 'CDDL-1.0', # region not supported yet #110 - https://github.com/aboutcode-org/license-expression/issues/110 # 'CDDL-1.0+', # endregion region not supported yet #110 # region not supported yet #109 - https://github.com/aboutcode-org/license-expression/issues/109 # 'LicenseRef-23', # 'LicenseRef-MIT-Style-1', # 'DocumentRef-spdx-tool-1.2:LicenseRef-MIT-Style-2', # endregion region not supported yet #109 # endregion Simple license expressions # region Composite license expressions 'LGPL-2.1-only OR MIT', 'MIT or LGPL-2.1-only', '(MIT OR LGPL-2.1-only)', 'LGPL-2.1-only OR MIT OR BSD-3-Clause', 'LGPL-2.1-only AND MIT', 'MIT AND LGPL-2.1-only', 'MIT and LGPL-2.1-only', '(MIT AND LGPL-2.1-only)', 'LGPL-2.1-only AND MIT AND BSD-2-Clause', 'GPL-2.0-or-later WITH Bison-exception-2.2', 'LGPL-2.1-only OR BSD-3-Clause AND MIT', 'MIT AND (LGPL-2.1-or-later OR BSD-3-Clause)', # endregion Composite license expressions # region examples from CDX spec 'Apache-2.0 AND (MIT OR GPL-2.0-only)', 'GPL-3.0-only WITH Classpath-exception-2.0', # endregion examples from CDX spec } INVALID_EXPRESSIONS = { 'MIT AND Apache-2.0 OR something-unknown' 'something invalid', '(c) John Doe', 'Apache License, Version 2.0', } UNKNOWN_SPDX_IDS = { '', 'something unsupported', 'something unfixable', 'Apache 2.0', 'LicenseRef-custom-identifier', *(VALID_EXPRESSIONS - KNOWN_SPDX_IDS), *INVALID_EXPRESSIONS, } @ddt class TestSpdxIsSupported(TestCase): @idata(KNOWN_SPDX_IDS) def test_positive(self, supported_value: str) -> None: actual = spdx.is_supported_id(supported_value) self.assertTrue(actual) @idata(chain(UNKNOWN_SPDX_IDS, ( # region somehow case-twisted values 'MiT', 'mit', # endregion somehow case-twisted values ))) def test_negative(self, unsupported_value: str) -> None: actual = spdx.is_supported_id(unsupported_value) self.assertFalse(actual) @ddt class TestSpdxFixup(TestCase): @idata(chain( # original value ((v, v) for v in KNOWN_SPDX_IDS), # region somehow case-twisted values ((v.lower(), v) for v in KNOWN_SPDX_IDS), ((v.upper(), v) for v in KNOWN_SPDX_IDS) # endregion somehow case-twisted values )) @unpack def test_positive(self, fixable: str, expected_fixed: str) -> None: actual = spdx.fixup_id(fixable) self.assertEqual(expected_fixed, actual) @idata(UNKNOWN_SPDX_IDS) def test_negative(self, unfixable: str) -> None: actual = spdx.fixup_id(unfixable) self.assertIsNone(actual) @ddt class TestSpdxIsExpression(TestCase): @idata(VALID_EXPRESSIONS) def test_positive(self, valid_expression: str) -> None: actual = spdx.is_expression(valid_expression) self.assertTrue(actual) @idata(INVALID_EXPRESSIONS) def test_negative(self, invalid_expression: str) -> None: actual = spdx.is_expression(invalid_expression) self.assertFalse(actual) cyclonedx-python-lib-9.1.0/tests/test_validation.py000066400000000000000000000036751476011761300225220ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from itertools import product from typing import Tuple from unittest import TestCase from ddt import data, ddt, named_data, unpack from cyclonedx.schema import OutputFormat, SchemaVersion from cyclonedx.validation import make_schemabased_validator UNDEFINED_FORMAT_VERSION = { (OutputFormat.JSON, SchemaVersion.V1_1), (OutputFormat.JSON, SchemaVersion.V1_0), } @ddt class TestGetSchemabasedValidator(TestCase): @named_data(*([f'{f.name} {v.name}', f, v] for f, v in product(OutputFormat, SchemaVersion) if (f, v) not in UNDEFINED_FORMAT_VERSION)) @unpack def test_as_expected(self, of: OutputFormat, sv: SchemaVersion) -> None: validator = make_schemabased_validator(of, sv) self.assertIs(validator.output_format, of) self.assertIs(validator.schema_version, sv) @data( *(('foo', sv, (ValueError, 'Unexpected output_format')) for sv in SchemaVersion), *((f, v, (ValueError, 'Unsupported schema_version')) for f, v in UNDEFINED_FORMAT_VERSION) ) @unpack def test_fails_on_wrong_args(self, of: OutputFormat, sv: SchemaVersion, raises_regex: Tuple) -> None: with self.assertRaisesRegex(*raises_regex): make_schemabased_validator(of, sv) cyclonedx-python-lib-9.1.0/tests/test_validation_json.py000066400000000000000000000120211476011761300235340ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from glob import iglob from itertools import chain from os.path import join from typing import Generator from unittest import TestCase from ddt import data, ddt, idata, unpack from cyclonedx.exception import MissingOptionalDependencyException from cyclonedx.schema import OutputFormat, SchemaVersion from cyclonedx.validation.json import JsonStrictValidator, JsonValidator from tests import OWN_DATA_DIRECTORY, SCHEMA_TESTDATA_DIRECTORY, DpTuple UNSUPPORTED_SCHEMA_VERSIONS = {SchemaVersion.V1_0, SchemaVersion.V1_1, } def _dp_sv_tf(valid: bool) -> Generator: prefix = 'valid-' if valid else 'invalid-' return ( DpTuple((sv, tf)) for sv in SchemaVersion if sv not in UNSUPPORTED_SCHEMA_VERSIONS for tf in iglob(join(SCHEMA_TESTDATA_DIRECTORY, sv.to_version(), f'{prefix}*.json')) ) def _dp_sv_own(valid: bool) -> Generator: return ( DpTuple((sv, tf)) for sv in SchemaVersion if sv not in UNSUPPORTED_SCHEMA_VERSIONS for tf in iglob(join(OWN_DATA_DIRECTORY, 'json', sv.to_version(), '*.json')) if ('invalid-' in tf) != valid ) @ddt class TestJsonValidator(TestCase): @idata(sv for sv in SchemaVersion if sv not in UNSUPPORTED_SCHEMA_VERSIONS) def test_validator_as_expected(self, schema_version: SchemaVersion) -> None: validator = JsonValidator(schema_version) self.assertIs(validator.schema_version, schema_version) self.assertIs(validator.output_format, OutputFormat.JSON) @idata(UNSUPPORTED_SCHEMA_VERSIONS) def test_throws_with_unsupported_schema_version(self, schema_version: SchemaVersion) -> None: with self.assertRaisesRegex(ValueError, 'Unsupported schema_version'): JsonValidator(schema_version) @idata(chain( _dp_sv_tf(True), _dp_sv_own(True) )) @unpack def test_validate_no_none(self, schema_version: SchemaVersion, test_data_file: str) -> None: validator = JsonValidator(schema_version) with open(join(test_data_file), 'r') as tdfh: test_data = tdfh.read() try: validation_error = validator.validate_str(test_data) except MissingOptionalDependencyException: self.skipTest('MissingOptionalDependencyException') self.assertIsNone(validation_error) @idata(chain( _dp_sv_tf(False), _dp_sv_own(False) )) @unpack def test_validate_expected_error(self, schema_version: SchemaVersion, test_data_file: str) -> None: validator = JsonValidator(schema_version) with open(join(test_data_file), 'r') as tdfh: test_data = tdfh.read() try: validation_error = validator.validate_str(test_data) except MissingOptionalDependencyException: self.skipTest('MissingOptionalDependencyException') self.assertIsNotNone(validation_error) self.assertIsNotNone(validation_error.data) @ddt class TestJsonStrictValidator(TestCase): @data(*UNSUPPORTED_SCHEMA_VERSIONS) def test_throws_with_unsupported_schema_version(self, schema_version: SchemaVersion) -> None: with self.assertRaisesRegex(ValueError, 'Unsupported schema_version'): JsonStrictValidator(schema_version) @idata(chain( _dp_sv_tf(True), _dp_sv_own(True) )) @unpack def test_validate_no_none(self, schema_version: SchemaVersion, test_data_file: str) -> None: validator = JsonStrictValidator(schema_version) with open(join(test_data_file), 'r') as tdfh: test_data = tdfh.read() try: validation_error = validator.validate_str(test_data) except MissingOptionalDependencyException: self.skipTest('MissingOptionalDependencyException') self.assertIsNone(validation_error) @idata(chain( _dp_sv_tf(False), _dp_sv_own(False) )) @unpack def test_validate_expected_error(self, schema_version: SchemaVersion, test_data_file: str) -> None: validator = JsonStrictValidator(schema_version) with open(join(test_data_file), 'r') as tdfh: test_data = tdfh.read() try: validation_error = validator.validate_str(test_data) except MissingOptionalDependencyException: self.skipTest('MissingOptionalDependencyException') self.assertIsNotNone(validation_error) self.assertIsNotNone(validation_error.data) cyclonedx-python-lib-9.1.0/tests/test_validation_xml.py000066400000000000000000000067571476011761300234060ustar00rootroot00000000000000# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. from glob import iglob from itertools import chain from os.path import join from typing import Generator from unittest import TestCase from ddt import ddt, idata, unpack from cyclonedx.exception import MissingOptionalDependencyException from cyclonedx.schema import OutputFormat, SchemaVersion from cyclonedx.validation.xml import XmlValidator from tests import OWN_DATA_DIRECTORY, SCHEMA_TESTDATA_DIRECTORY, DpTuple UNSUPPORTED_SCHEMA_VERSIONS = set() def _dp_sv_tf(valid: bool) -> Generator: prefix = 'valid-' if valid else 'invalid-' return ( DpTuple((sv, tf)) for sv in SchemaVersion if sv not in UNSUPPORTED_SCHEMA_VERSIONS for tf in iglob(join(SCHEMA_TESTDATA_DIRECTORY, sv.to_version(), f'{prefix}*.xml')) ) def _dp_sv_own(valid: bool) -> Generator: return ( DpTuple((sv, tf)) for sv in SchemaVersion if sv not in UNSUPPORTED_SCHEMA_VERSIONS for tf in iglob(join(OWN_DATA_DIRECTORY, 'xml', sv.to_version(), '*.xml')) if ('invalid-' in tf) != valid ) @ddt class TestXmlValidator(TestCase): @idata(sv for sv in SchemaVersion if sv not in UNSUPPORTED_SCHEMA_VERSIONS) def test_validator_as_expected(self, schema_version: SchemaVersion) -> None: validator = XmlValidator(schema_version) self.assertIs(validator.schema_version, schema_version) self.assertIs(validator.output_format, OutputFormat.XML) @idata(UNSUPPORTED_SCHEMA_VERSIONS) def test_throws_with_unsupported_schema_version(self, schema_version: SchemaVersion) -> None: with self.assertRaisesRegex(ValueError, f'unsupported schema_version: {schema_version}'): XmlValidator(schema_version) @idata(chain( _dp_sv_tf(True), _dp_sv_own(True) )) @unpack def test_validate_no_none(self, schema_version: SchemaVersion, test_data_file: str) -> None: validator = XmlValidator(schema_version) with open(join(test_data_file), 'r') as tdfh: test_data = tdfh.read() try: validation_error = validator.validate_str(test_data) except MissingOptionalDependencyException: self.skipTest('MissingOptionalDependencyException') self.assertIsNone(validation_error) @idata(chain( _dp_sv_tf(False), _dp_sv_own(False) )) @unpack def test_validate_expected_error(self, schema_version: SchemaVersion, test_data_file: str) -> None: validator = XmlValidator(schema_version) with open(join(test_data_file), 'r') as tdfh: test_data = tdfh.read() try: validation_error = validator.validate_str(test_data) except MissingOptionalDependencyException: self.skipTest('MissingOptionalDependencyException') self.assertIsNotNone(validation_error) self.assertIsNotNone(validation_error.data) cyclonedx-python-lib-9.1.0/tools/000077500000000000000000000000001476011761300167425ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/tools/schema-downloader.py000077500000000000000000000104701476011761300227150ustar00rootroot00000000000000#!/usr/bin/env python3 # This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import re from os.path import dirname, join, realpath from urllib.request import urlretrieve SOURCE_ROOT = 'https://raw.githubusercontent.com/CycloneDX/specification/refs/tags/1.6.1/schema/' TARGET_ROOT = realpath(join(dirname(__file__), '..', 'cyclonedx', 'schema', '_res')) BOM_XSD = { 'versions': ['1.6', '1.5', '1.4', '1.3', '1.2', '1.1', '1.0'], 'sourcePattern': f'{SOURCE_ROOT}bom-%s.xsd', 'targetPattern': join(TARGET_ROOT, 'bom-%s.SNAPSHOT.xsd'), 'replace': [], 'replaceRE': [ (re.compile(r'schemaLocation="https?://cyclonedx.org/schema/spdx"'), 'schemaLocation="spdx.SNAPSHOT.xsd"') ] } # "$schema" is not required but optional. # that enum constraint value there is complicated -> remove it. # See https://github.com/CycloneDX/specification/issues/402 # See https://github.com/CycloneDX/specification/pull/403 _BOM_SCHEMA_ENUM_RE = re.compile( r',?\s*"enum":\s*\[\s*"http://cyclonedx\.org/schema/.+?\.schema\.json"\s*\]', re.DOTALL) _BOM_SCHEMA_ENUM_REPL = r'' # "version" is not required but optional with a default value! # this is wrong in schema<1.5 _BOM_REQUIRED_S = """ "required": [ "bomFormat", "specVersion", "version" ],""" _BOM_REQUIRED_R = """ "required": [ "bomFormat", "specVersion" ],""" # there was a case where the default value did not match the own pattern ... # this is wrong in schema<1.5 _DEFAULTS_WITH_PATTERN_RE = re.compile(r'\s+"default": "",(?![^}]*?"pattern": "\^\(\.\*\)\$")', re.MULTILINE) _DEFAULTS_WITH_PATERN_REPL = r'' BOM_JSON_LAX = { 'versions': ['1.6', '1.5', '1.4', '1.3', '1.2'], 'sourcePattern': f'{SOURCE_ROOT}bom-%s.schema.json', 'targetPattern': join(TARGET_ROOT, 'bom-%s.SNAPSHOT.schema.json'), 'replace': [ ('spdx.schema.json', 'spdx.SNAPSHOT.schema.json'), ('jsf-0.82.schema.json', 'jsf-0.82.SNAPSHOT.schema.json'), (_BOM_REQUIRED_S, _BOM_REQUIRED_R), ], 'replaceRE': [ (_BOM_SCHEMA_ENUM_RE, _BOM_SCHEMA_ENUM_REPL), # there was a case where the default value did not match the own pattern ... # this is wrong in schema<1.5 # with current SchemaValidator this is no longer required, as defaults are not applied # (re.compile(r'\s+"default": "",(?![^}]*?"pattern": "\^\(\.\*\)\$")', re.MULTILINE), '') ] } BOM_JSON_STRICT = { 'versions': ['1.3', '1.2'], 'sourcePattern': f'{SOURCE_ROOT}bom-%s-strict.schema.json', 'targetPattern': join(TARGET_ROOT, 'bom-%s-strict.SNAPSHOT.schema.json'), 'replace': BOM_JSON_LAX['replace'], 'replaceRE': BOM_JSON_LAX['replaceRE'] } OTHER_DOWNLOADABLES = [ (f'{SOURCE_ROOT}spdx.schema.json', join(TARGET_ROOT, 'spdx.SNAPSHOT.schema.json')), (f'{SOURCE_ROOT}spdx.xsd', join(TARGET_ROOT, 'spdx.SNAPSHOT.xsd')), (f'{SOURCE_ROOT}jsf-0.82.schema.json', join(TARGET_ROOT, 'jsf-0.82.SNAPSHOT.schema.json')), ] for dspec in (BOM_XSD, BOM_JSON_LAX, BOM_JSON_STRICT): for version in dspec['versions']: source = dspec['sourcePattern'].replace('%s', version) target = dspec['targetPattern'].replace('%s', version) tempfile, _ = urlretrieve(source) # nosec B310 print(source, '->', target) with open(tempfile, 'r') as tmpf: text = tmpf.read() with open(target, 'w', newline='\n') as tarf: for search, replace in dspec['replace']: text = text.replace(search, replace) for search, replace in dspec['replaceRE']: text = search.sub(replace, text) tarf.write(text) for source, target in OTHER_DOWNLOADABLES: print(source, '->', target) urlretrieve(source, target) # nosec B310 cyclonedx-python-lib-9.1.0/tox.ini000066400000000000000000000024671476011761300171260ustar00rootroot00000000000000# tox (https://tox.readthedocs.io/) is a tool for running tests # in multiple virtualenvs. This configuration file will run the # test suite on all supported python versions. To use it, "pip install tox" # and then run "tox" from this directory. [tox] minversion = 4.0 envlist = flake8 mypy-{current,lowest} py{313,312,311,310,39,38}-{allExtras,noExtras} bandit skip_missing_interpreters = True usedevelop = False download = False [testenv] # settings in this category apply to all other testenv, if not overwritten skip_install = True allowlist_externals = poetry commands_pre = {envpython} --version !noExtras: poetry install -v --all-extras noExtras: poetry install -v poetry run pip freeze commands = poetry run coverage run --source=cyclonedx -m unittest discover -t . -s tests -v setenv = PYTHONHASHSEED=0 CDX_TEST_RECREATE_SNAPSHOTS={env:CDX_TEST_RECREATE_SNAPSHOTS:} [testenv:mypy{,-current,-lowest}] commands = # mypy config is in own file: `.mypy.ini` !lowest: poetry run mypy lowest: poetry run mypy --python-version=3.8 [testenv:flake8] commands = # mypy config is in own file: `.flake8` poetry run flake8 cyclonedx/ tests/ typings/ examples/ tools/ [testenv:bandit] commands = poetry run bandit -c bandit.yml -v -r cyclonedx tests examples tools cyclonedx-python-lib-9.1.0/typings/000077500000000000000000000000001476011761300172775ustar00rootroot00000000000000cyclonedx-python-lib-9.1.0/typings/sortedcontainers.pyi000066400000000000000000000114071476011761300234130ustar00rootroot00000000000000# Correct as of 27 May 2022 # sortedcontainers does not have PEP561 type hints, and there are no published typeshed hints. # The contents of this file were obtained from # https://github.com/althonos/python-sortedcontainers/blob/d0a225d7fd0fb4c54532b8798af3cbeebf97e2d5/sortedcontainers/sortedset.pyi from typing import ( # Iterator,; Tuple,; Type, Set Any, Callable, Hashable, Iterable, List, MutableSet, Optional, Sequence, TypeVar, Union, overload, ) # --- Global _T = TypeVar("_T", bound=Hashable) _S = TypeVar("_S", bound=Hashable) #_SS = TypeVar("_SS", bound=SortedSet) _Key = Callable[[_T], Any] class SortedSet(MutableSet[_T], Sequence[_T]): def __init__( self, iterable: Optional[Iterable[_T]] = ..., key: Optional[_Key[_T]] = ..., ) -> None: ... # @classmethod # def _fromset( # cls, values: Set[_T], key: Optional[_Key[_T]] = ... # ) -> SortedSet[_T]: ... # @property # def key(self) -> Optional[_Key[_T]]: ... def __contains__(self, value: Any) -> bool: ... # @overload # def __getitem__(self, index: int) -> _T: ... @overload def __getitem__(self, index: slice) -> List[_T]: ... # def __delitem__(self, index: Union[int, slice]) -> None: ... # def __eq__(self, other: Any) -> bool: ... # def __ne__(self, other: Any) -> bool: ... # def __lt__(self, other: Iterable[_T]) -> bool: ... # def __gt__(self, other: Iterable[_T]) -> bool: ... # def __le__(self, other: Iterable[_T]) -> bool: ... # def __ge__(self, other: Iterable[_T]) -> bool: ... def __len__(self) -> int: ... # def __iter__(self) -> Iterator[_T]: ... # def __reversed__(self) -> Iterator[_T]: ... def add(self, value: _T) -> None: ... # def _add(self, value: _T) -> None: ... # def clear(self) -> None: ... # def copy(self: _SS) -> _SS: ... # def __copy__(self: _SS) -> _SS: ... # def count(self, value: _T) -> int: ... def discard(self, value: _T) -> None: ... # def _discard(self, value: _T) -> None: ... # def pop(self, index: int = ...) -> _T: ... # def remove(self, value: _T) -> None: ... # def difference( # self, *iterables: Iterable[_S] # ) -> SortedSet[Union[_T, _S]]: ... # def __sub__(self, *iterables: Iterable[_S]) -> SortedSet[Union[_T, _S]]: ... # def difference_update( # self, *iterables: Iterable[_S] # ) -> SortedSet[Union[_T, _S]]: ... # def __isub__( # self, *iterables: Iterable[_S] # ) -> SortedSet[Union[_T, _S]]: ... # def intersection( # self, *iterables: Iterable[_S] # ) -> SortedSet[Union[_T, _S]]: ... # def __and__(self, *iterables: Iterable[_S]) -> SortedSet[Union[_T, _S]]: ... # def __rand__( # self, *iterables: Iterable[_S] # ) -> SortedSet[Union[_T, _S]]: ... # def intersection_update( # self, *iterables: Iterable[_S] # ) -> SortedSet[Union[_T, _S]]: ... # def __iand__( # self, *iterables: Iterable[_S] # ) -> SortedSet[Union[_T, _S]]: ... # def symmetric_difference( # self, other: Iterable[_S] # ) -> SortedSet[Union[_T, _S]]: ... # def __xor__(self, other: Iterable[_S]) -> SortedSet[Union[_T, _S]]: ... # def __rxor__(self, other: Iterable[_S]) -> SortedSet[Union[_T, _S]]: ... # def symmetric_difference_update( # self, other: Iterable[_S] # ) -> SortedSet[Union[_T, _S]]: ... # def __ixor__(self, other: Iterable[_S]) -> SortedSet[Union[_T, _S]]: ... # def union(self, *iterables: Iterable[_S]) -> SortedSet[Union[_T, _S]]: ... # def __or__(self, *iterables: Iterable[_S]) -> SortedSet[Union[_T, _S]]: ... # def __ror__(self, *iterables: Iterable[_S]) -> SortedSet[Union[_T, _S]]: ... def update(self, *iterables: Iterable[_S]) -> SortedSet[Union[_T, _S]]: ... # def __ior__(self, *iterables: Iterable[_S]) -> SortedSet[Union[_T, _S]]: ... # def _update(self, *iterables: Iterable[_S]) -> SortedSet[Union[_T, _S]]: ... # def __reduce__( # self # ) -> Tuple[Type[SortedSet[_T]], Set[_T], Callable[[_T], Any]]: ... # def __repr__(self) -> str: ... # def _check(self) -> None: ... # def bisect_left(self, value: _T) -> int: ... # def bisect_right(self, value: _T) -> int: ... # def islice( # self, # start: Optional[int] = ..., # stop: Optional[int] = ..., # reverse=bool, # ) -> Iterator[_T]: ... # def irange( # self, # minimum: Optional[_T] = ..., # maximum: Optional[_T] = ..., # inclusive: Tuple[bool, bool] = ..., # reverse: bool = ..., # ) -> Iterator[_T]: ... # def index( # self, value: _T, start: Optional[int] = ..., stop: Optional[int] = ... # ) -> int: ... # def _reset(self, load: int) -> None: ...