From 81de81aadcfa4234922e914a7d587c9de1602554 Mon Sep 17 00:00:00 2001
From: Steve Springett <steve@springett.us>
Date: Sun, 22 Jan 2023 14:54:42 -0600
Subject: [PATCH 1/2] Added property support to license along with unit tests

Signed-off-by: Steve Springett <steve@springett.us>
---
 schema/bom-1.5.proto                          |  2 ++
 schema/bom-1.5.schema.json                    |  7 ++++++
 schema/bom-1.5.xsd                            | 22 +++++++++++-----
 .../resources/1.5/valid-properties-1.5.json   | 25 +++++++++++++++++++
 .../1.5/valid-properties-1.5.textproto        | 21 ++++++++++++++++
 .../resources/1.5/valid-properties-1.5.xml    | 11 ++++++++
 6 files changed, 82 insertions(+), 6 deletions(-)

diff --git a/schema/bom-1.5.proto b/schema/bom-1.5.proto
index e23a5052..6c3defe2 100644
--- a/schema/bom-1.5.proto
+++ b/schema/bom-1.5.proto
@@ -273,6 +273,8 @@ message License {
   optional AttachedText text = 3;
   // The URL to the attachment file. If the attachment is a license or BOM, an externalReference should also be specified for completeness.
   optional string url = 4;
+  // Specifies optional, custom, properties
+  repeated Property properties = 5;
 }
 
 message Metadata {
diff --git a/schema/bom-1.5.schema.json b/schema/bom-1.5.schema.json
index 5215e032..5b348a92 100644
--- a/schema/bom-1.5.schema.json
+++ b/schema/bom-1.5.schema.json
@@ -633,6 +633,13 @@
           "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness",
           "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"],
           "format": "iri-reference"
+        },
+        "properties": {
+          "type": "array",
+          "title": "Properties",
+          "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
+          "additionalItems": false,
+          "items": {"$ref": "#/definitions/property"}
         }
       }
     },
diff --git a/schema/bom-1.5.xsd b/schema/bom-1.5.xsd
index 2bf14cf1..7e98f385 100644
--- a/schema/bom-1.5.xsd
+++ b/schema/bom-1.5.xsd
@@ -89,7 +89,7 @@ limitations under the License.
             <xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
             <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
-                    <xs:documentation>Provides the ability to document properties in a key/value store.
+                    <xs:documentation>Provides the ability to document properties in a name/value store.
                         This provides flexibility to include data not officially supported in the standard
                         without having to use additional namespaces or create extensions. Property names
                         of interest to the general public are encouraged to be registered in the
@@ -358,7 +358,7 @@ limitations under the License.
             </xs:element>
             <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
-                    <xs:documentation>Provides the ability to document properties in a key/value store.
+                    <xs:documentation>Provides the ability to document properties in a name/value store.
                         This provides flexibility to include data not officially supported in the standard
                         without having to use additional namespaces or create extensions. Property names
                         of interest to the general public are encouraged to be registered in the
@@ -463,6 +463,16 @@ limitations under the License.
                         an externalReference should also be specified for completeness.</xs:documentation>
                 </xs:annotation>
             </xs:element>
+            <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>Provides the ability to document properties in a name/value store.
+                        This provides flexibility to include data not officially supported in the standard
+                        without having to use additional namespaces or create extensions. Property names
+                        of interest to the general public are encouraged to be registered in the
+                        CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy.
+                        Formal registration is OPTIONAL.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
             <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
                 <xs:annotation>
                     <xs:documentation>
@@ -1307,7 +1317,7 @@ limitations under the License.
             </xs:element>
             <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
-                    <xs:documentation>Provides the ability to document properties in a key/value store.
+                    <xs:documentation>Provides the ability to document properties in a name/value store.
                         This provides flexibility to include data not officially supported in the standard
                         without having to use additional namespaces or create extensions. Property names
                         of interest to the general public are encouraged to be registered in the
@@ -1659,7 +1669,7 @@ limitations under the License.
             </xs:element>
             <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
-                    <xs:documentation>Provides the ability to document properties in a key/value store.
+                    <xs:documentation>Provides the ability to document properties in a name/value store.
                         This provides flexibility to include data not officially supported in the standard
                         without having to use additional namespaces or create extensions. Property names
                         of interest to the general public are encouraged to be registered in the
@@ -2016,7 +2026,7 @@ limitations under the License.
             </xs:element>
             <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
-                    <xs:documentation>Provides the ability to document properties in a key/value store.
+                    <xs:documentation>Provides the ability to document properties in a name/value store.
                         This provides flexibility to include data not officially supported in the standard
                         without having to use additional namespaces or create extensions. Property names
                         of interest to the general public are encouraged to be registered in the
@@ -2366,7 +2376,7 @@ limitations under the License.
                 </xs:element>
                 <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">
                     <xs:annotation>
-                        <xs:documentation>Provides the ability to document properties in a key/value store.
+                        <xs:documentation>Provides the ability to document properties in a name/value store.
                             This provides flexibility to include data not officially supported in the standard
                             without having to use additional namespaces or create extensions. Property names
                             of interest to the general public are encouraged to be registered in the
diff --git a/tools/src/test/resources/1.5/valid-properties-1.5.json b/tools/src/test/resources/1.5/valid-properties-1.5.json
index 3a33ccfa..24ce5de1 100644
--- a/tools/src/test/resources/1.5/valid-properties-1.5.json
+++ b/tools/src/test/resources/1.5/valid-properties-1.5.json
@@ -28,6 +28,31 @@
       "type": "library",
       "name": "acme-library",
       "version": "1.0.0",
+      "licenses": [
+        {
+          "license": {
+            "id": "Apache-2.0",
+            "properties": [
+              {
+                "name": "Foo",
+                "value": "Bar"
+              },
+              {
+                "name": "Foo",
+                "value": "You"
+              },
+              {
+                "name": "Foo",
+                "value": "Two"
+              },
+              {
+                "name": "Bar",
+                "value": "Foo"
+              }
+            ]
+          }
+        }
+      ],
       "properties": [
         {
           "name": "Foo",
diff --git a/tools/src/test/resources/1.5/valid-properties-1.5.textproto b/tools/src/test/resources/1.5/valid-properties-1.5.textproto
index 94f4e2b4..63d878b5 100644
--- a/tools/src/test/resources/1.5/valid-properties-1.5.textproto
+++ b/tools/src/test/resources/1.5/valid-properties-1.5.textproto
@@ -23,6 +23,27 @@ components {
   type: CLASSIFICATION_LIBRARY
   name: "acme-library"
   version: "1.0.0"
+  licenses {
+    license {
+      id: "Apache-2.0"
+      properties {
+        name: "Foo"
+        value: "Bar"
+      }
+      properties {
+        name: "Foo"
+        value: "You"
+      }
+      properties {
+        name: "Foo"
+        value: "Two"
+      }
+      properties {
+        name: "Bar"
+        value: "Foo"
+      }
+    }
+  }
   properties {
     name: "Foo"
     value: "Bar"
diff --git a/tools/src/test/resources/1.5/valid-properties-1.5.xml b/tools/src/test/resources/1.5/valid-properties-1.5.xml
index 85abf9e9..91a1916f 100644
--- a/tools/src/test/resources/1.5/valid-properties-1.5.xml
+++ b/tools/src/test/resources/1.5/valid-properties-1.5.xml
@@ -12,6 +12,17 @@
         <component type="library">
             <name>acme-library</name>
             <version>1.0.0</version>
+            <licenses>
+                <license>
+                    <id>Apache-2.0</id>
+                    <properties>
+                        <property name="Foo">Bar</property>
+                        <property name="Foo">You</property>
+                        <property name="Foo">Two</property>
+                        <property name="Bar">Foo</property>
+                    </properties>
+                </license>
+            </licenses>
             <properties>
                 <property name="Foo">Bar</property>
                 <property name="Bar">Foo</property>

From d6f85b1b1bd5579d5d3fa7545afefad63935366b Mon Sep 17 00:00:00 2001
From: Steve Springett <steve@springett.us>
Date: Mon, 20 Feb 2023 16:22:36 -0600
Subject: [PATCH 2/2] Fixed merge issues

Signed-off-by: Steve Springett <steve@springett.us>
---
 schema/bom-1.5.schema.json | 2 +-
 schema/bom-1.5.xsd         | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/schema/bom-1.5.schema.json b/schema/bom-1.5.schema.json
index ee27c814..835f4b12 100644
--- a/schema/bom-1.5.schema.json
+++ b/schema/bom-1.5.schema.json
@@ -783,7 +783,7 @@
               "description": "The timestamp indicating when the current license expires (if applicable)."
             }
           }
-        }
+        },
         "properties": {
           "type": "array",
           "title": "Properties",
diff --git a/schema/bom-1.5.xsd b/schema/bom-1.5.xsd
index e252c06e..51dc81c5 100644
--- a/schema/bom-1.5.xsd
+++ b/schema/bom-1.5.xsd
@@ -1056,8 +1056,8 @@ limitations under the License.
                         are URIs and therefore can accept any URL scheme including https, mailto, tel, and dns.
                         External references may also include formally registered URNs such as CycloneDX BOM-Link to
                         reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external
-                        references into relationships that can be expressed in a BOM or across BOMs. Refer to:</xs:documentation>
-                        https://cyclonedx.org/capabilities/bomlink/
+                        references into relationships that can be expressed in a BOM or across BOMs. Refer to:
+                        https://cyclonedx.org/capabilities/bomlink/</xs:documentation>
                 </xs:annotation>
             </xs:element>
             <xs:element name="comment" type="xs:string" minOccurs="0" maxOccurs="1">