1#! /usr/bin/env python3 2# 3# Generated Python bindings from a SHACL model 4# 5# This file was automatically generated by shacl2code. DO NOT MANUALLY MODIFY IT 6# 7# SPDX-License-Identifier: MIT 8 9import functools 10import hashlib 11import json 12import re 13import sys 14import threading 15import time 16from contextlib import contextmanager 17from datetime import datetime, timezone, timedelta 18from enum import Enum 19from abc import ABC, abstractmethod 20 21 22def check_type(obj, types): 23 if not isinstance(obj, types): 24 if isinstance(types, (list, tuple)): 25 raise TypeError( 26 f"Value must be one of type: {', '.join(t.__name__ for t in types)}. Got {type(obj)}" 27 ) 28 raise TypeError(f"Value must be of type {types.__name__}. Got {type(obj)}") 29 30 31class Property(ABC): 32 """ 33 A generic SHACL object property. The different types will derive from this 34 class 35 """ 36 37 def __init__(self, *, pattern=None): 38 self.pattern = pattern 39 40 def init(self): 41 return None 42 43 def validate(self, value): 44 check_type(value, self.VALID_TYPES) 45 if self.pattern is not None and not re.search( 46 self.pattern, self.to_string(value) 47 ): 48 raise ValueError( 49 f"Value is not correctly formatted. Got '{self.to_string(value)}'" 50 ) 51 52 def set(self, value): 53 return value 54 55 def check_min_count(self, value, min_count): 56 return min_count == 1 57 58 def check_max_count(self, value, max_count): 59 return max_count == 1 60 61 def elide(self, value): 62 return value is None 63 64 def walk(self, value, callback, path): 65 callback(value, path) 66 67 def iter_objects(self, value, recursive, visited): 68 return [] 69 70 def link_prop(self, value, objectset, missing, visited): 71 return value 72 73 def to_string(self, value): 74 return str(value) 75 76 @abstractmethod 77 def encode(self, encoder, value, state): 78 pass 79 80 @abstractmethod 81 def decode(self, decoder, *, objectset=None): 82 pass 83 84 85class StringProp(Property): 86 """ 87 A scalar string property for an SHACL object 88 """ 89 90 VALID_TYPES = str 91 92 def set(self, value): 93 return str(value) 94 95 def encode(self, encoder, value, state): 96 encoder.write_string(value) 97 98 def decode(self, decoder, *, objectset=None): 99 return decoder.read_string() 100 101 102class AnyURIProp(StringProp): 103 def encode(self, encoder, value, state): 104 encoder.write_iri(value) 105 106 def decode(self, decoder, *, objectset=None): 107 return decoder.read_iri() 108 109 110class DateTimeProp(Property): 111 """ 112 A Date/Time Object with optional timezone 113 """ 114 115 VALID_TYPES = datetime 116 UTC_FORMAT_STR = "%Y-%m-%dT%H:%M:%SZ" 117 REGEX = r"^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(Z|[+-]\d{2}:\d{2})?$" 118 119 def set(self, value): 120 return self._normalize(value) 121 122 def encode(self, encoder, value, state): 123 encoder.write_datetime(self.to_string(value)) 124 125 def decode(self, decoder, *, objectset=None): 126 s = decoder.read_datetime() 127 if s is None: 128 return None 129 v = self.from_string(s) 130 return self._normalize(v) 131 132 def _normalize(self, value): 133 if value.utcoffset() is None: 134 value = value.astimezone() 135 offset = value.utcoffset() 136 if offset % timedelta(minutes=1): 137 offset = offset - (offset % timedelta(minutes=1)) 138 value = value.replace(tzinfo=timezone(offset)) 139 value = value.replace(microsecond=0) 140 return value 141 142 def to_string(self, value): 143 value = self._normalize(value) 144 if value.tzinfo == timezone.utc: 145 return value.strftime(self.UTC_FORMAT_STR) 146 return value.isoformat() 147 148 def from_string(self, value): 149 if not re.match(self.REGEX, value): 150 raise ValueError(f"'{value}' is not a correctly formatted datetime") 151 if "Z" in value: 152 d = datetime( 153 *(time.strptime(value, self.UTC_FORMAT_STR)[0:6]), 154 tzinfo=timezone.utc, 155 ) 156 else: 157 d = datetime.fromisoformat(value) 158 159 return self._normalize(d) 160 161 162class DateTimeStampProp(DateTimeProp): 163 """ 164 A Date/Time Object with required timestamp 165 """ 166 167 REGEX = r"^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(Z|[+-]\d{2}:\d{2})$" 168 169 170class IntegerProp(Property): 171 VALID_TYPES = int 172 173 def set(self, value): 174 return int(value) 175 176 def encode(self, encoder, value, state): 177 encoder.write_integer(value) 178 179 def decode(self, decoder, *, objectset=None): 180 return decoder.read_integer() 181 182 183class PositiveIntegerProp(IntegerProp): 184 def validate(self, value): 185 super().validate(value) 186 if value < 1: 187 raise ValueError(f"Value must be >=1. Got {value}") 188 189 190class NonNegativeIntegerProp(IntegerProp): 191 def validate(self, value): 192 super().validate(value) 193 if value < 0: 194 raise ValueError(f"Value must be >= 0. Got {value}") 195 196 197class BooleanProp(Property): 198 VALID_TYPES = bool 199 200 def set(self, value): 201 return bool(value) 202 203 def encode(self, encoder, value, state): 204 encoder.write_bool(value) 205 206 def decode(self, decoder, *, objectset=None): 207 return decoder.read_bool() 208 209 210class FloatProp(Property): 211 VALID_TYPES = (float, int) 212 213 def set(self, value): 214 return float(value) 215 216 def encode(self, encoder, value, state): 217 encoder.write_float(value) 218 219 def decode(self, decoder, *, objectset=None): 220 return decoder.read_float() 221 222 223class IRIProp(Property): 224 def __init__(self, context=[], *, pattern=None): 225 super().__init__(pattern=pattern) 226 self.context = context 227 228 def compact(self, value): 229 for iri, compact in self.context: 230 if value == iri: 231 return compact 232 return None 233 234 def expand(self, value): 235 for iri, compact in self.context: 236 if value == compact: 237 return iri 238 return None 239 240 def iri_values(self): 241 return (iri for iri, _ in self.context) 242 243 244class ObjectProp(IRIProp): 245 """ 246 A scalar SHACL object property of a SHACL object 247 """ 248 249 def __init__(self, cls, required, context=[]): 250 super().__init__(context) 251 self.cls = cls 252 self.required = required 253 254 def init(self): 255 if self.required and not self.cls.IS_ABSTRACT: 256 return self.cls() 257 return None 258 259 def validate(self, value): 260 check_type(value, (self.cls, str)) 261 262 def walk(self, value, callback, path): 263 if value is None: 264 return 265 266 if not isinstance(value, str): 267 value.walk(callback, path) 268 else: 269 callback(value, path) 270 271 def iter_objects(self, value, recursive, visited): 272 if value is None or isinstance(value, str): 273 return 274 275 if value not in visited: 276 visited.add(value) 277 yield value 278 279 if recursive: 280 for c in value.iter_objects(recursive=True, visited=visited): 281 yield c 282 283 def encode(self, encoder, value, state): 284 if value is None: 285 raise ValueError("Object cannot be None") 286 287 if isinstance(value, str): 288 encoder.write_iri(value, self.compact(value)) 289 return 290 291 return value.encode(encoder, state) 292 293 def decode(self, decoder, *, objectset=None): 294 iri = decoder.read_iri() 295 if iri is None: 296 return self.cls.decode(decoder, objectset=objectset) 297 298 iri = self.expand(iri) or iri 299 300 if objectset is None: 301 return iri 302 303 obj = objectset.find_by_id(iri) 304 if obj is None: 305 return iri 306 307 self.validate(obj) 308 return obj 309 310 def link_prop(self, value, objectset, missing, visited): 311 if value is None: 312 return value 313 314 if isinstance(value, str): 315 o = objectset.find_by_id(value) 316 if o is not None: 317 self.validate(o) 318 return o 319 320 if missing is not None: 321 missing.add(value) 322 323 return value 324 325 # De-duplicate IDs 326 if value._id: 327 value = objectset.find_by_id(value._id, value) 328 self.validate(value) 329 330 value.link_helper(objectset, missing, visited) 331 return value 332 333 334class ListProxy(object): 335 def __init__(self, prop, data=None): 336 if data is None: 337 self.__data = [] 338 else: 339 self.__data = data 340 self.__prop = prop 341 342 def append(self, value): 343 self.__prop.validate(value) 344 self.__data.append(self.__prop.set(value)) 345 346 def insert(self, idx, value): 347 self.__prop.validate(value) 348 self.__data.insert(idx, self.__prop.set(value)) 349 350 def extend(self, items): 351 for i in items: 352 self.append(i) 353 354 def sort(self, *args, **kwargs): 355 self.__data.sort(*args, **kwargs) 356 357 def __getitem__(self, key): 358 return self.__data[key] 359 360 def __setitem__(self, key, value): 361 if isinstance(key, slice): 362 for v in value: 363 self.__prop.validate(v) 364 self.__data[key] = [self.__prop.set(v) for v in value] 365 else: 366 self.__prop.validate(value) 367 self.__data[key] = self.__prop.set(value) 368 369 def __delitem__(self, key): 370 del self.__data[key] 371 372 def __contains__(self, item): 373 return item in self.__data 374 375 def __iter__(self): 376 return iter(self.__data) 377 378 def __len__(self): 379 return len(self.__data) 380 381 def __str__(self): 382 return str(self.__data) 383 384 def __repr__(self): 385 return repr(self.__data) 386 387 def __eq__(self, other): 388 if isinstance(other, ListProxy): 389 return self.__data == other.__data 390 391 return self.__data == other 392 393 394class ListProp(Property): 395 """ 396 A list of SHACL properties 397 """ 398 399 VALID_TYPES = (list, ListProxy) 400 401 def __init__(self, prop): 402 super().__init__() 403 self.prop = prop 404 405 def init(self): 406 return ListProxy(self.prop) 407 408 def validate(self, value): 409 super().validate(value) 410 411 for i in value: 412 self.prop.validate(i) 413 414 def set(self, value): 415 if isinstance(value, ListProxy): 416 return value 417 418 return ListProxy(self.prop, [self.prop.set(d) for d in value]) 419 420 def check_min_count(self, value, min_count): 421 check_type(value, ListProxy) 422 return len(value) >= min_count 423 424 def check_max_count(self, value, max_count): 425 check_type(value, ListProxy) 426 return len(value) <= max_count 427 428 def elide(self, value): 429 check_type(value, ListProxy) 430 return len(value) == 0 431 432 def walk(self, value, callback, path): 433 callback(value, path) 434 for idx, v in enumerate(value): 435 self.prop.walk(v, callback, path + [f"[{idx}]"]) 436 437 def iter_objects(self, value, recursive, visited): 438 for v in value: 439 for c in self.prop.iter_objects(v, recursive, visited): 440 yield c 441 442 def link_prop(self, value, objectset, missing, visited): 443 if isinstance(value, ListProxy): 444 data = [self.prop.link_prop(v, objectset, missing, visited) for v in value] 445 else: 446 data = [self.prop.link_prop(v, objectset, missing, visited) for v in value] 447 448 return ListProxy(self.prop, data=data) 449 450 def encode(self, encoder, value, state): 451 check_type(value, ListProxy) 452 453 with encoder.write_list() as list_s: 454 for v in value: 455 with list_s.write_list_item() as item_s: 456 self.prop.encode(item_s, v, state) 457 458 def decode(self, decoder, *, objectset=None): 459 data = [] 460 for val_d in decoder.read_list(): 461 v = self.prop.decode(val_d, objectset=objectset) 462 self.prop.validate(v) 463 data.append(v) 464 465 return ListProxy(self.prop, data=data) 466 467 468class EnumProp(IRIProp): 469 VALID_TYPES = str 470 471 def __init__(self, values, *, pattern=None): 472 super().__init__(values, pattern=pattern) 473 474 def validate(self, value): 475 super().validate(value) 476 477 valid_values = self.iri_values() 478 if value not in valid_values: 479 raise ValueError( 480 f"'{value}' is not a valid value. Choose one of {' '.join(valid_values)}" 481 ) 482 483 def encode(self, encoder, value, state): 484 encoder.write_enum(value, self, self.compact(value)) 485 486 def decode(self, decoder, *, objectset=None): 487 v = decoder.read_enum(self) 488 return self.expand(v) or v 489 490 491class NodeKind(Enum): 492 BlankNode = 1 493 IRI = 2 494 BlankNodeOrIRI = 3 495 496 497def is_IRI(s): 498 if not isinstance(s, str): 499 return False 500 if s.startswith("_:"): 501 return False 502 if ":" not in s: 503 return False 504 return True 505 506 507def is_blank_node(s): 508 if not isinstance(s, str): 509 return False 510 if not s.startswith("_:"): 511 return False 512 return True 513 514 515def register(type_iri, *, compact_type=None, abstract=False): 516 def add_class(key, c): 517 assert ( 518 key not in SHACLObject.CLASSES 519 ), f"{key} already registered to {SHACLObject.CLASSES[key].__name__}" 520 SHACLObject.CLASSES[key] = c 521 522 def decorator(c): 523 global NAMED_INDIVIDUALS 524 525 assert issubclass( 526 c, SHACLObject 527 ), f"{c.__name__} is not derived from SHACLObject" 528 529 c._OBJ_TYPE = type_iri 530 c.IS_ABSTRACT = abstract 531 add_class(type_iri, c) 532 533 c._OBJ_COMPACT_TYPE = compact_type 534 if compact_type: 535 add_class(compact_type, c) 536 537 NAMED_INDIVIDUALS |= set(c.NAMED_INDIVIDUALS.values()) 538 539 # Registration is deferred until the first instance of class is created 540 # so that it has access to any other defined class 541 c._NEEDS_REG = True 542 return c 543 544 return decorator 545 546 547register_lock = threading.Lock() 548NAMED_INDIVIDUALS = set() 549 550 551@functools.total_ordering 552class SHACLObject(object): 553 CLASSES = {} 554 NODE_KIND = NodeKind.BlankNodeOrIRI 555 ID_ALIAS = None 556 IS_ABSTRACT = True 557 558 def __init__(self, **kwargs): 559 if self._is_abstract(): 560 raise NotImplementedError( 561 f"{self.__class__.__name__} is abstract and cannot be implemented" 562 ) 563 564 with register_lock: 565 cls = self.__class__ 566 if cls._NEEDS_REG: 567 cls._OBJ_PROPERTIES = {} 568 cls._OBJ_IRIS = {} 569 cls._register_props() 570 cls._NEEDS_REG = False 571 572 self.__dict__["_obj_data"] = {} 573 self.__dict__["_obj_metadata"] = {} 574 575 for iri, prop, _, _, _, _ in self.__iter_props(): 576 self.__dict__["_obj_data"][iri] = prop.init() 577 578 for k, v in kwargs.items(): 579 setattr(self, k, v) 580 581 def _is_abstract(self): 582 return self.__class__.IS_ABSTRACT 583 584 @classmethod 585 def _register_props(cls): 586 cls._add_property("_id", StringProp(), iri="@id") 587 588 @classmethod 589 def _add_property( 590 cls, 591 pyname, 592 prop, 593 iri, 594 min_count=None, 595 max_count=None, 596 compact=None, 597 ): 598 if pyname in cls._OBJ_IRIS: 599 raise KeyError(f"'{pyname}' is already defined for '{cls.__name__}'") 600 if iri in cls._OBJ_PROPERTIES: 601 raise KeyError(f"'{iri}' is already defined for '{cls.__name__}'") 602 603 while hasattr(cls, pyname): 604 pyname = pyname + "_" 605 606 pyname = sys.intern(pyname) 607 iri = sys.intern(iri) 608 609 cls._OBJ_IRIS[pyname] = iri 610 cls._OBJ_PROPERTIES[iri] = (prop, min_count, max_count, pyname, compact) 611 612 def __setattr__(self, name, value): 613 if name == self.ID_ALIAS: 614 self["@id"] = value 615 return 616 617 try: 618 iri = self._OBJ_IRIS[name] 619 self[iri] = value 620 except KeyError: 621 raise AttributeError( 622 f"'{name}' is not a valid property of {self.__class__.__name__}" 623 ) 624 625 def __getattr__(self, name): 626 if name in self._OBJ_IRIS: 627 return self.__dict__["_obj_data"][self._OBJ_IRIS[name]] 628 629 if name == self.ID_ALIAS: 630 return self.__dict__["_obj_data"]["@id"] 631 632 if name == "_metadata": 633 return self.__dict__["_obj_metadata"] 634 635 if name == "_IRI": 636 return self._OBJ_IRIS 637 638 if name == "TYPE": 639 return self.__class__._OBJ_TYPE 640 641 if name == "COMPACT_TYPE": 642 return self.__class__._OBJ_COMPACT_TYPE 643 644 raise AttributeError( 645 f"'{name}' is not a valid property of {self.__class__.__name__}" 646 ) 647 648 def __delattr__(self, name): 649 if name == self.ID_ALIAS: 650 del self["@id"] 651 return 652 653 try: 654 iri = self._OBJ_IRIS[name] 655 del self[iri] 656 except KeyError: 657 raise AttributeError( 658 f"'{name}' is not a valid property of {self.__class__.__name__}" 659 ) 660 661 def __get_prop(self, iri): 662 if iri not in self._OBJ_PROPERTIES: 663 raise KeyError( 664 f"'{iri}' is not a valid property of {self.__class__.__name__}" 665 ) 666 667 return self._OBJ_PROPERTIES[iri] 668 669 def __iter_props(self): 670 for iri, v in self._OBJ_PROPERTIES.items(): 671 yield iri, *v 672 673 def __getitem__(self, iri): 674 return self.__dict__["_obj_data"][iri] 675 676 def __setitem__(self, iri, value): 677 if iri == "@id": 678 if self.NODE_KIND == NodeKind.BlankNode: 679 if not is_blank_node(value): 680 raise ValueError( 681 f"{self.__class__.__name__} ({id(self)}) can only have local reference. Property '{iri}' cannot be set to '{value}' and must start with '_:'" 682 ) 683 elif self.NODE_KIND == NodeKind.IRI: 684 if not is_IRI(value): 685 raise ValueError( 686 f"{self.__class__.__name__} ({id(self)}) can only have an IRI value. Property '{iri}' cannot be set to '{value}'" 687 ) 688 else: 689 if not is_blank_node(value) and not is_IRI(value): 690 raise ValueError( 691 f"{self.__class__.__name__} ({id(self)}) Has invalid Property '{iri}' '{value}'. Must be a blank node or IRI" 692 ) 693 694 prop, _, _, _, _ = self.__get_prop(iri) 695 prop.validate(value) 696 self.__dict__["_obj_data"][iri] = prop.set(value) 697 698 def __delitem__(self, iri): 699 prop, _, _, _, _ = self.__get_prop(iri) 700 self.__dict__["_obj_data"][iri] = prop.init() 701 702 def __iter__(self): 703 return self._OBJ_PROPERTIES.keys() 704 705 def walk(self, callback, path=None): 706 """ 707 Walk object tree, invoking the callback for each item 708 709 Callback has the form: 710 711 def callback(object, path): 712 """ 713 if path is None: 714 path = ["."] 715 716 if callback(self, path): 717 for iri, prop, _, _, _, _ in self.__iter_props(): 718 prop.walk(self.__dict__["_obj_data"][iri], callback, path + [f".{iri}"]) 719 720 def property_keys(self): 721 for iri, _, _, _, pyname, compact in self.__iter_props(): 722 if iri == "@id": 723 compact = self.ID_ALIAS 724 yield pyname, iri, compact 725 726 def iter_objects(self, *, recursive=False, visited=None): 727 """ 728 Iterate of all objects that are a child of this one 729 """ 730 if visited is None: 731 visited = set() 732 733 for iri, prop, _, _, _, _ in self.__iter_props(): 734 for c in prop.iter_objects( 735 self.__dict__["_obj_data"][iri], recursive=recursive, visited=visited 736 ): 737 yield c 738 739 def encode(self, encoder, state): 740 idname = self.ID_ALIAS or self._OBJ_IRIS["_id"] 741 if not self._id and self.NODE_KIND == NodeKind.IRI: 742 raise ValueError( 743 f"{self.__class__.__name__} ({id(self)}) must have a IRI for property '{idname}'" 744 ) 745 746 if state.is_written(self): 747 encoder.write_iri(state.get_object_id(self)) 748 return 749 750 state.add_written(self) 751 752 with encoder.write_object( 753 self, 754 state.get_object_id(self), 755 bool(self._id) or state.is_refed(self), 756 ) as obj_s: 757 self._encode_properties(obj_s, state) 758 759 def _encode_properties(self, encoder, state): 760 for iri, prop, min_count, max_count, pyname, compact in self.__iter_props(): 761 value = self.__dict__["_obj_data"][iri] 762 if prop.elide(value): 763 if min_count: 764 raise ValueError( 765 f"Property '{pyname}' in {self.__class__.__name__} ({id(self)}) is required (currently {value!r})" 766 ) 767 continue 768 769 if min_count is not None: 770 if not prop.check_min_count(value, min_count): 771 raise ValueError( 772 f"Property '{pyname}' in {self.__class__.__name__} ({id(self)}) requires a minimum of {min_count} elements" 773 ) 774 775 if max_count is not None: 776 if not prop.check_max_count(value, max_count): 777 raise ValueError( 778 f"Property '{pyname}' in {self.__class__.__name__} ({id(self)}) requires a maximum of {max_count} elements" 779 ) 780 781 if iri == self._OBJ_IRIS["_id"]: 782 continue 783 784 with encoder.write_property(iri, compact) as prop_s: 785 prop.encode(prop_s, value, state) 786 787 @classmethod 788 def _make_object(cls, typ): 789 if typ not in cls.CLASSES: 790 raise TypeError(f"Unknown type {typ}") 791 792 return cls.CLASSES[typ]() 793 794 @classmethod 795 def decode(cls, decoder, *, objectset=None): 796 typ, obj_d = decoder.read_object() 797 if typ is None: 798 raise TypeError("Unable to determine type for object") 799 800 obj = cls._make_object(typ) 801 for key in (obj.ID_ALIAS, obj._OBJ_IRIS["_id"]): 802 with obj_d.read_property(key) as prop_d: 803 if prop_d is None: 804 continue 805 806 _id = prop_d.read_iri() 807 if _id is None: 808 raise TypeError(f"Object key '{key}' is the wrong type") 809 810 obj._id = _id 811 break 812 813 if obj.NODE_KIND == NodeKind.IRI and not obj._id: 814 raise ValueError("Object is missing required IRI") 815 816 if objectset is not None: 817 if obj._id: 818 v = objectset.find_by_id(_id) 819 if v is not None: 820 return v 821 822 obj._decode_properties(obj_d, objectset=objectset) 823 824 if objectset is not None: 825 objectset.add_index(obj) 826 return obj 827 828 def _decode_properties(self, decoder, objectset=None): 829 for key in decoder.object_keys(): 830 if not self._decode_prop(decoder, key, objectset=objectset): 831 raise KeyError(f"Unknown property '{key}'") 832 833 def _decode_prop(self, decoder, key, objectset=None): 834 if key in (self._OBJ_IRIS["_id"], self.ID_ALIAS): 835 return True 836 837 for iri, prop, _, _, _, compact in self.__iter_props(): 838 if compact == key: 839 read_key = compact 840 elif iri == key: 841 read_key = iri 842 else: 843 continue 844 845 with decoder.read_property(read_key) as prop_d: 846 v = prop.decode(prop_d, objectset=objectset) 847 prop.validate(v) 848 self.__dict__["_obj_data"][iri] = v 849 return True 850 851 return False 852 853 def link_helper(self, objectset, missing, visited): 854 if self in visited: 855 return 856 857 visited.add(self) 858 859 for iri, prop, _, _, _, _ in self.__iter_props(): 860 self.__dict__["_obj_data"][iri] = prop.link_prop( 861 self.__dict__["_obj_data"][iri], 862 objectset, 863 missing, 864 visited, 865 ) 866 867 def __str__(self): 868 parts = [ 869 f"{self.__class__.__name__}(", 870 ] 871 if self._id: 872 parts.append(f"@id='{self._id}'") 873 parts.append(")") 874 return "".join(parts) 875 876 def __hash__(self): 877 return super().__hash__() 878 879 def __eq__(self, other): 880 return super().__eq__(other) 881 882 def __lt__(self, other): 883 def sort_key(obj): 884 if isinstance(obj, str): 885 return (obj, "", "", "") 886 return ( 887 obj._id or "", 888 obj.TYPE, 889 getattr(obj, "name", None) or "", 890 id(obj), 891 ) 892 893 return sort_key(self) < sort_key(other) 894 895 896class SHACLExtensibleObject(object): 897 CLOSED = False 898 899 def __init__(self, typ=None, **kwargs): 900 if typ: 901 self.__dict__["_obj_TYPE"] = (typ, None) 902 else: 903 self.__dict__["_obj_TYPE"] = (self._OBJ_TYPE, self._OBJ_COMPACT_TYPE) 904 super().__init__(**kwargs) 905 906 def _is_abstract(self): 907 # Unknown classes are assumed to not be abstract so that they can be 908 # deserialized 909 typ = self.__dict__["_obj_TYPE"][0] 910 if typ in self.__class__.CLASSES: 911 return self.__class__.CLASSES[typ].IS_ABSTRACT 912 913 return False 914 915 @classmethod 916 def _make_object(cls, typ): 917 # Check for a known type, and if so, deserialize as that instead 918 if typ in cls.CLASSES: 919 return cls.CLASSES[typ]() 920 921 obj = cls(typ) 922 return obj 923 924 def _decode_properties(self, decoder, objectset=None): 925 if self.CLOSED: 926 super()._decode_properties(decoder, objectset=objectset) 927 return 928 929 for key in decoder.object_keys(): 930 if self._decode_prop(decoder, key, objectset=objectset): 931 continue 932 933 if not is_IRI(key): 934 raise KeyError( 935 f"Extensible object properties must be IRIs. Got '{key}'" 936 ) 937 938 with decoder.read_property(key) as prop_d: 939 self.__dict__["_obj_data"][key] = prop_d.read_value() 940 941 def _encode_properties(self, encoder, state): 942 def encode_value(encoder, v): 943 if isinstance(v, bool): 944 encoder.write_bool(v) 945 elif isinstance(v, str): 946 encoder.write_string(v) 947 elif isinstance(v, int): 948 encoder.write_integer(v) 949 elif isinstance(v, float): 950 encoder.write_float(v) 951 else: 952 raise TypeError( 953 f"Unsupported serialized type {type(v)} with value '{v}'" 954 ) 955 956 super()._encode_properties(encoder, state) 957 if self.CLOSED: 958 return 959 960 for iri, value in self.__dict__["_obj_data"].items(): 961 if iri in self._OBJ_PROPERTIES: 962 continue 963 964 with encoder.write_property(iri) as prop_s: 965 encode_value(prop_s, value) 966 967 def __setitem__(self, iri, value): 968 try: 969 super().__setitem__(iri, value) 970 except KeyError: 971 if self.CLOSED: 972 raise 973 974 if not is_IRI(iri): 975 raise KeyError(f"Key '{iri}' must be an IRI") 976 self.__dict__["_obj_data"][iri] = value 977 978 def __delitem__(self, iri): 979 try: 980 super().__delitem__(iri) 981 except KeyError: 982 if self.CLOSED: 983 raise 984 985 if not is_IRI(iri): 986 raise KeyError(f"Key '{iri}' must be an IRI") 987 del self.__dict__["_obj_data"][iri] 988 989 def __getattr__(self, name): 990 if name == "TYPE": 991 return self.__dict__["_obj_TYPE"][0] 992 if name == "COMPACT_TYPE": 993 return self.__dict__["_obj_TYPE"][1] 994 return super().__getattr__(name) 995 996 def property_keys(self): 997 iris = set() 998 for pyname, iri, compact in super().property_keys(): 999 iris.add(iri) 1000 yield pyname, iri, compact 1001 1002 if self.CLOSED: 1003 return 1004 1005 for iri in self.__dict__["_obj_data"].keys(): 1006 if iri not in iris: 1007 yield None, iri, None 1008 1009 1010class SHACLObjectSet(object): 1011 def __init__(self, objects=[], *, link=False): 1012 self.objects = set() 1013 self.missing_ids = set() 1014 for o in objects: 1015 self.objects.add(o) 1016 self.create_index() 1017 if link: 1018 self._link() 1019 1020 def create_index(self): 1021 """ 1022 (re)Create object index 1023 1024 Creates or recreates the indices for the object set to enable fast 1025 lookup. All objects and their children are walked and indexed 1026 """ 1027 self.obj_by_id = {} 1028 self.obj_by_type = {} 1029 for o in self.foreach(): 1030 self.add_index(o) 1031 1032 def add_index(self, obj): 1033 """ 1034 Add object to index 1035 1036 Adds the object to all appropriate indices 1037 """ 1038 1039 def reg_type(typ, compact, o, exact): 1040 self.obj_by_type.setdefault(typ, set()).add((exact, o)) 1041 if compact: 1042 self.obj_by_type.setdefault(compact, set()).add((exact, o)) 1043 1044 if not isinstance(obj, SHACLObject): 1045 raise TypeError("Object is not of type SHACLObject") 1046 1047 for typ in SHACLObject.CLASSES.values(): 1048 if isinstance(obj, typ): 1049 reg_type( 1050 typ._OBJ_TYPE, typ._OBJ_COMPACT_TYPE, obj, obj.__class__ is typ 1051 ) 1052 1053 # This covers custom extensions 1054 reg_type(obj.TYPE, obj.COMPACT_TYPE, obj, True) 1055 1056 if not obj._id: 1057 return 1058 1059 self.missing_ids.discard(obj._id) 1060 1061 if obj._id in self.obj_by_id: 1062 return 1063 1064 self.obj_by_id[obj._id] = obj 1065 1066 def add(self, obj): 1067 """ 1068 Add object to object set 1069 1070 Adds a SHACLObject to the object set and index it. 1071 1072 NOTE: Child objects of the attached object are not indexes 1073 """ 1074 if not isinstance(obj, SHACLObject): 1075 raise TypeError("Object is not of type SHACLObject") 1076 1077 if obj not in self.objects: 1078 self.objects.add(obj) 1079 self.add_index(obj) 1080 return obj 1081 1082 def update(self, *others): 1083 """ 1084 Update object set adding all objects in each other iterable 1085 """ 1086 for o in others: 1087 for obj in o: 1088 self.add(obj) 1089 1090 def __contains__(self, item): 1091 """ 1092 Returns True if the item is in the object set 1093 """ 1094 return item in self.objects 1095 1096 def link(self): 1097 """ 1098 Link object set 1099 1100 Links the object in the object set by replacing string object 1101 references with references to the objects themselves. e.g. 1102 a property that references object "https://foo/bar" by a string 1103 reference will be replaced with an actual reference to the object in 1104 the object set with the same ID if it exists in the object set 1105 1106 If multiple objects with the same ID are found, the duplicates are 1107 eliminated 1108 """ 1109 self.create_index() 1110 return self._link() 1111 1112 def _link(self): 1113 global NAMED_INDIVIDUALS 1114 1115 self.missing_ids = set() 1116 visited = set() 1117 1118 new_objects = set() 1119 1120 for o in self.objects: 1121 if o._id: 1122 o = self.find_by_id(o._id, o) 1123 o.link_helper(self, self.missing_ids, visited) 1124 new_objects.add(o) 1125 1126 self.objects = new_objects 1127 1128 # Remove blank nodes 1129 obj_by_id = {} 1130 for _id, obj in self.obj_by_id.items(): 1131 if _id.startswith("_:"): 1132 del obj._id 1133 else: 1134 obj_by_id[_id] = obj 1135 self.obj_by_id = obj_by_id 1136 1137 # Named individuals aren't considered missing 1138 self.missing_ids -= NAMED_INDIVIDUALS 1139 1140 return self.missing_ids 1141 1142 def find_by_id(self, _id, default=None): 1143 """ 1144 Find object by ID 1145 1146 Returns objects that match the specified ID, or default if there is no 1147 object with the specified ID 1148 """ 1149 if _id not in self.obj_by_id: 1150 return default 1151 return self.obj_by_id[_id] 1152 1153 def foreach(self): 1154 """ 1155 Iterate over every object in the object set, and all child objects 1156 """ 1157 visited = set() 1158 for o in self.objects: 1159 if o not in visited: 1160 yield o 1161 visited.add(o) 1162 1163 for child in o.iter_objects(recursive=True, visited=visited): 1164 yield child 1165 1166 def foreach_type(self, typ, *, match_subclass=True): 1167 """ 1168 Iterate over each object of a specified type (or subclass there of) 1169 1170 If match_subclass is True, and class derived from typ will also match 1171 (similar to isinstance()). If False, only exact matches will be 1172 returned 1173 """ 1174 if not isinstance(typ, str): 1175 if not issubclass(typ, SHACLObject): 1176 raise TypeError(f"Type must be derived from SHACLObject, got {typ}") 1177 typ = typ._OBJ_TYPE 1178 1179 if typ not in self.obj_by_type: 1180 return 1181 1182 for exact, o in self.obj_by_type[typ]: 1183 if match_subclass or exact: 1184 yield o 1185 1186 def merge(self, *objectsets): 1187 """ 1188 Merge object sets 1189 1190 Returns a new object set that is the combination of this object set and 1191 all provided arguments 1192 """ 1193 new_objects = set() 1194 new_objects |= self.objects 1195 for d in objectsets: 1196 new_objects |= d.objects 1197 1198 return SHACLObjectSet(new_objects, link=True) 1199 1200 def encode(self, encoder, force_list=False): 1201 """ 1202 Serialize a list of objects to a serialization encoder 1203 1204 If force_list is true, a list will always be written using the encoder. 1205 """ 1206 ref_counts = {} 1207 state = EncodeState() 1208 1209 def walk_callback(value, path): 1210 nonlocal state 1211 nonlocal ref_counts 1212 1213 if not isinstance(value, SHACLObject): 1214 return True 1215 1216 # Remove blank node ID for re-assignment 1217 if value._id and value._id.startswith("_:"): 1218 del value._id 1219 1220 if value._id: 1221 state.add_refed(value) 1222 1223 # If the object is referenced more than once, add it to the set of 1224 # referenced objects 1225 ref_counts.setdefault(value, 0) 1226 ref_counts[value] += 1 1227 if ref_counts[value] > 1: 1228 state.add_refed(value) 1229 return False 1230 1231 return True 1232 1233 for o in self.objects: 1234 if o._id: 1235 state.add_refed(o) 1236 o.walk(walk_callback) 1237 1238 use_list = force_list or len(self.objects) > 1 1239 1240 if use_list: 1241 # If we are making a list add all the objects referred to by reference 1242 # to the list 1243 objects = list(self.objects | state.ref_objects) 1244 else: 1245 objects = list(self.objects) 1246 1247 objects.sort() 1248 1249 if use_list: 1250 # Ensure top level objects are only written in the top level graph 1251 # node, and referenced by ID everywhere else. This is done by setting 1252 # the flag that indicates this object has been written for all the top 1253 # level objects, then clearing it right before serializing the object. 1254 # 1255 # In this way, if an object is referenced before it is supposed to be 1256 # serialized into the @graph, it will serialize as a string instead of 1257 # the actual object 1258 for o in objects: 1259 state.written_objects.add(o) 1260 1261 with encoder.write_list() as list_s: 1262 for o in objects: 1263 # Allow this specific object to be written now 1264 state.written_objects.remove(o) 1265 with list_s.write_list_item() as item_s: 1266 o.encode(item_s, state) 1267 1268 else: 1269 objects[0].encode(encoder, state) 1270 1271 def decode(self, decoder): 1272 self.create_index() 1273 1274 for obj_d in decoder.read_list(): 1275 o = SHACLObject.decode(obj_d, objectset=self) 1276 self.objects.add(o) 1277 1278 self._link() 1279 1280 1281class EncodeState(object): 1282 def __init__(self): 1283 self.ref_objects = set() 1284 self.written_objects = set() 1285 self.blank_objects = {} 1286 1287 def get_object_id(self, o): 1288 if o._id: 1289 return o._id 1290 1291 if o not in self.blank_objects: 1292 _id = f"_:{o.__class__.__name__}{len(self.blank_objects)}" 1293 self.blank_objects[o] = _id 1294 1295 return self.blank_objects[o] 1296 1297 def is_refed(self, o): 1298 return o in self.ref_objects 1299 1300 def add_refed(self, o): 1301 self.ref_objects.add(o) 1302 1303 def is_written(self, o): 1304 return o in self.written_objects 1305 1306 def add_written(self, o): 1307 self.written_objects.add(o) 1308 1309 1310class Decoder(ABC): 1311 @abstractmethod 1312 def read_value(self): 1313 """ 1314 Consume next item 1315 1316 Consumes the next item of any type 1317 """ 1318 pass 1319 1320 @abstractmethod 1321 def read_string(self): 1322 """ 1323 Consume the next item as a string. 1324 1325 Returns the string value of the next item, or `None` if the next item 1326 is not a string 1327 """ 1328 pass 1329 1330 @abstractmethod 1331 def read_datetime(self): 1332 """ 1333 Consumes the next item as a date & time string 1334 1335 Returns the string value of the next item, if it is a ISO datetime, or 1336 `None` if the next item is not a ISO datetime string. 1337 1338 Note that validation of the string is done by the caller, so a minimal 1339 implementation can just check if the next item is a string without 1340 worrying about the format 1341 """ 1342 pass 1343 1344 @abstractmethod 1345 def read_integer(self): 1346 """ 1347 Consumes the next item as an integer 1348 1349 Returns the integer value of the next item, or `None` if the next item 1350 is not an integer 1351 """ 1352 pass 1353 1354 @abstractmethod 1355 def read_iri(self): 1356 """ 1357 Consumes the next item as an IRI string 1358 1359 Returns the string value of the next item an IRI, or `None` if the next 1360 item is not an IRI. 1361 1362 The returned string should be either a fully-qualified IRI, or a blank 1363 node ID 1364 """ 1365 pass 1366 1367 @abstractmethod 1368 def read_enum(self, e): 1369 """ 1370 Consumes the next item as an Enum value string 1371 1372 Returns the fully qualified IRI of the next enum item, or `None` if the 1373 next item is not an enum value. 1374 1375 The callee is responsible for validating that the returned IRI is 1376 actually a member of the specified Enum, so the `Decoder` does not need 1377 to check that, but can if it wishes 1378 """ 1379 pass 1380 1381 @abstractmethod 1382 def read_bool(self): 1383 """ 1384 Consume the next item as a boolean value 1385 1386 Returns the boolean value of the next item, or `None` if the next item 1387 is not a boolean 1388 """ 1389 pass 1390 1391 @abstractmethod 1392 def read_float(self): 1393 """ 1394 Consume the next item as a float value 1395 1396 Returns the float value of the next item, or `None` if the next item is 1397 not a float 1398 """ 1399 pass 1400 1401 @abstractmethod 1402 def read_list(self): 1403 """ 1404 Consume the next item as a list generator 1405 1406 This should generate a `Decoder` object for each item in the list. The 1407 generated `Decoder` can be used to read the corresponding item from the 1408 list 1409 """ 1410 pass 1411 1412 @abstractmethod 1413 def read_object(self): 1414 """ 1415 Consume next item as an object 1416 1417 A context manager that "enters" the next item as a object and yields a 1418 `Decoder` that can read properties from it. If the next item is not an 1419 object, yields `None` 1420 1421 Properties will be read out of the object using `read_property` and 1422 `read_object_id` 1423 """ 1424 pass 1425 1426 @abstractmethod 1427 @contextmanager 1428 def read_property(self, key): 1429 """ 1430 Read property from object 1431 1432 A context manager that yields a `Decoder` that can be used to read the 1433 value of the property with the given key in current object, or `None` 1434 if the property does not exist in the current object. 1435 """ 1436 pass 1437 1438 @abstractmethod 1439 def object_keys(self): 1440 """ 1441 Read property keys from an object 1442 1443 Iterates over all the serialized keys for the current object 1444 """ 1445 pass 1446 1447 @abstractmethod 1448 def read_object_id(self, alias=None): 1449 """ 1450 Read current object ID property 1451 1452 Returns the ID of the current object if one is defined, or `None` if 1453 the current object has no ID. 1454 1455 The ID must be a fully qualified IRI or a blank node 1456 1457 If `alias` is provided, is is a hint as to another name by which the ID 1458 might be found, if the `Decoder` supports aliases for an ID 1459 """ 1460 pass 1461 1462 1463class JSONLDDecoder(Decoder): 1464 def __init__(self, data, root=False): 1465 self.data = data 1466 self.root = root 1467 1468 def read_value(self): 1469 if isinstance(self.data, str): 1470 try: 1471 return float(self.data) 1472 except ValueError: 1473 pass 1474 return self.data 1475 1476 def read_string(self): 1477 if isinstance(self.data, str): 1478 return self.data 1479 return None 1480 1481 def read_datetime(self): 1482 return self.read_string() 1483 1484 def read_integer(self): 1485 if isinstance(self.data, int): 1486 return self.data 1487 return None 1488 1489 def read_bool(self): 1490 if isinstance(self.data, bool): 1491 return self.data 1492 return None 1493 1494 def read_float(self): 1495 if isinstance(self.data, (int, float, str)): 1496 return float(self.data) 1497 return None 1498 1499 def read_iri(self): 1500 if isinstance(self.data, str): 1501 return self.data 1502 return None 1503 1504 def read_enum(self, e): 1505 if isinstance(self.data, str): 1506 return self.data 1507 return None 1508 1509 def read_list(self): 1510 if isinstance(self.data, (list, tuple, set)): 1511 for v in self.data: 1512 yield self.__class__(v) 1513 else: 1514 yield self 1515 1516 def __get_value(self, *keys): 1517 for k in keys: 1518 if k and k in self.data: 1519 return self.data[k] 1520 return None 1521 1522 @contextmanager 1523 def read_property(self, key): 1524 v = self.__get_value(key) 1525 if v is not None: 1526 yield self.__class__(v) 1527 else: 1528 yield None 1529 1530 def object_keys(self): 1531 for key in self.data.keys(): 1532 if key in ("@type", "type"): 1533 continue 1534 if self.root and key == "@context": 1535 continue 1536 yield key 1537 1538 def read_object(self): 1539 typ = self.__get_value("@type", "type") 1540 if typ is not None: 1541 return typ, self 1542 1543 return None, self 1544 1545 def read_object_id(self, alias=None): 1546 return self.__get_value(alias, "@id") 1547 1548 1549class JSONLDDeserializer(object): 1550 def deserialize_data(self, data, objectset: SHACLObjectSet): 1551 if "@graph" in data: 1552 h = JSONLDDecoder(data["@graph"], True) 1553 else: 1554 h = JSONLDDecoder(data, True) 1555 1556 objectset.decode(h) 1557 1558 def read(self, f, objectset: SHACLObjectSet): 1559 data = json.load(f) 1560 self.deserialize_data(data, objectset) 1561 1562 1563class Encoder(ABC): 1564 @abstractmethod 1565 def write_string(self, v): 1566 """ 1567 Write a string value 1568 1569 Encodes the value as a string in the output 1570 """ 1571 pass 1572 1573 @abstractmethod 1574 def write_datetime(self, v): 1575 """ 1576 Write a date & time string 1577 1578 Encodes the value as an ISO datetime string 1579 1580 Note: The provided string is already correctly encoded as an ISO datetime 1581 """ 1582 pass 1583 1584 @abstractmethod 1585 def write_integer(self, v): 1586 """ 1587 Write an integer value 1588 1589 Encodes the value as an integer in the output 1590 """ 1591 pass 1592 1593 @abstractmethod 1594 def write_iri(self, v, compact=None): 1595 """ 1596 Write IRI 1597 1598 Encodes the string as an IRI. Note that the string will be either a 1599 fully qualified IRI or a blank node ID. If `compact` is provided and 1600 the serialization supports compacted IRIs, it should be preferred to 1601 the full IRI 1602 """ 1603 pass 1604 1605 @abstractmethod 1606 def write_enum(self, v, e, compact=None): 1607 """ 1608 Write enum value IRI 1609 1610 Encodes the string enum value IRI. Note that the string will be a fully 1611 qualified IRI. If `compact` is provided and the serialization supports 1612 compacted IRIs, it should be preferred to the full IRI. 1613 """ 1614 pass 1615 1616 @abstractmethod 1617 def write_bool(self, v): 1618 """ 1619 Write boolean 1620 1621 Encodes the value as a boolean in the output 1622 """ 1623 pass 1624 1625 @abstractmethod 1626 def write_float(self, v): 1627 """ 1628 Write float 1629 1630 Encodes the value as a floating point number in the output 1631 """ 1632 pass 1633 1634 @abstractmethod 1635 @contextmanager 1636 def write_object(self, o, _id, needs_id): 1637 """ 1638 Write object 1639 1640 A context manager that yields an `Encoder` that can be used to encode 1641 the given object properties. 1642 1643 The provided ID will always be a valid ID (even if o._id is `None`), in 1644 case the `Encoder` _must_ have an ID. `needs_id` is a hint to indicate 1645 to the `Encoder` if an ID must be written or not (if that is even an 1646 option). If it is `True`, the `Encoder` must encode an ID for the 1647 object. If `False`, the encoder is not required to encode an ID and may 1648 omit it. 1649 1650 The ID will be either a fully qualified IRI, or a blank node IRI. 1651 1652 Properties will be written the object using `write_property` 1653 """ 1654 pass 1655 1656 @abstractmethod 1657 @contextmanager 1658 def write_property(self, iri, compact=None): 1659 """ 1660 Write object property 1661 1662 A context manager that yields an `Encoder` that can be used to encode 1663 the value for the property with the given IRI in the current object 1664 1665 Note that the IRI will be fully qualified. If `compact` is provided and 1666 the serialization supports compacted IRIs, it should be preferred to 1667 the full IRI. 1668 """ 1669 pass 1670 1671 @abstractmethod 1672 @contextmanager 1673 def write_list(self): 1674 """ 1675 Write list 1676 1677 A context manager that yields an `Encoder` that can be used to encode a 1678 list. 1679 1680 Each item of the list will be added using `write_list_item` 1681 """ 1682 pass 1683 1684 @abstractmethod 1685 @contextmanager 1686 def write_list_item(self): 1687 """ 1688 Write list item 1689 1690 A context manager that yields an `Encoder` that can be used to encode 1691 the value for a list item 1692 """ 1693 pass 1694 1695 1696class JSONLDEncoder(Encoder): 1697 def __init__(self, data=None): 1698 self.data = data 1699 1700 def write_string(self, v): 1701 self.data = v 1702 1703 def write_datetime(self, v): 1704 self.data = v 1705 1706 def write_integer(self, v): 1707 self.data = v 1708 1709 def write_iri(self, v, compact=None): 1710 self.write_string(compact or v) 1711 1712 def write_enum(self, v, e, compact=None): 1713 self.write_string(compact or v) 1714 1715 def write_bool(self, v): 1716 self.data = v 1717 1718 def write_float(self, v): 1719 self.data = str(v) 1720 1721 @contextmanager 1722 def write_property(self, iri, compact=None): 1723 s = self.__class__(None) 1724 yield s 1725 if s.data is not None: 1726 self.data[compact or iri] = s.data 1727 1728 @contextmanager 1729 def write_object(self, o, _id, needs_id): 1730 self.data = { 1731 "type": o.COMPACT_TYPE or o.TYPE, 1732 } 1733 if needs_id: 1734 self.data[o.ID_ALIAS or "@id"] = _id 1735 yield self 1736 1737 @contextmanager 1738 def write_list(self): 1739 self.data = [] 1740 yield self 1741 if not self.data: 1742 self.data = None 1743 1744 @contextmanager 1745 def write_list_item(self): 1746 s = self.__class__(None) 1747 yield s 1748 if s.data is not None: 1749 self.data.append(s.data) 1750 1751 1752class JSONLDSerializer(object): 1753 def __init__(self, **args): 1754 self.args = args 1755 1756 def serialize_data( 1757 self, 1758 objectset: SHACLObjectSet, 1759 force_at_graph=False, 1760 ): 1761 h = JSONLDEncoder() 1762 objectset.encode(h, force_at_graph) 1763 data = {} 1764 if len(CONTEXT_URLS) == 1: 1765 data["@context"] = CONTEXT_URLS[0] 1766 elif CONTEXT_URLS: 1767 data["@context"] = CONTEXT_URLS 1768 1769 if isinstance(h.data, list): 1770 data["@graph"] = h.data 1771 else: 1772 for k, v in h.data.items(): 1773 data[k] = v 1774 1775 return data 1776 1777 def write( 1778 self, 1779 objectset: SHACLObjectSet, 1780 f, 1781 force_at_graph=False, 1782 **kwargs, 1783 ): 1784 """ 1785 Write a SHACLObjectSet to a JSON LD file 1786 1787 If force_at_graph is True, a @graph node will always be written 1788 """ 1789 data = self.serialize_data(objectset, force_at_graph) 1790 1791 args = {**self.args, **kwargs} 1792 1793 sha1 = hashlib.sha1() 1794 for chunk in json.JSONEncoder(**args).iterencode(data): 1795 chunk = chunk.encode("utf-8") 1796 f.write(chunk) 1797 sha1.update(chunk) 1798 1799 return sha1.hexdigest() 1800 1801 1802class JSONLDInlineEncoder(Encoder): 1803 def __init__(self, f, sha1): 1804 self.f = f 1805 self.comma = False 1806 self.sha1 = sha1 1807 1808 def write(self, s): 1809 s = s.encode("utf-8") 1810 self.f.write(s) 1811 self.sha1.update(s) 1812 1813 def _write_comma(self): 1814 if self.comma: 1815 self.write(",") 1816 self.comma = False 1817 1818 def write_string(self, v): 1819 self.write(json.dumps(v)) 1820 1821 def write_datetime(self, v): 1822 self.write_string(v) 1823 1824 def write_integer(self, v): 1825 self.write(f"{v}") 1826 1827 def write_iri(self, v, compact=None): 1828 self.write_string(compact or v) 1829 1830 def write_enum(self, v, e, compact=None): 1831 self.write_iri(v, compact) 1832 1833 def write_bool(self, v): 1834 if v: 1835 self.write("true") 1836 else: 1837 self.write("false") 1838 1839 def write_float(self, v): 1840 self.write(json.dumps(str(v))) 1841 1842 @contextmanager 1843 def write_property(self, iri, compact=None): 1844 self._write_comma() 1845 self.write_string(compact or iri) 1846 self.write(":") 1847 yield self 1848 self.comma = True 1849 1850 @contextmanager 1851 def write_object(self, o, _id, needs_id): 1852 self._write_comma() 1853 1854 self.write("{") 1855 self.write_string("type") 1856 self.write(":") 1857 self.write_string(o.COMPACT_TYPE or o.TYPE) 1858 self.comma = True 1859 1860 if needs_id: 1861 self._write_comma() 1862 self.write_string(o.ID_ALIAS or "@id") 1863 self.write(":") 1864 self.write_string(_id) 1865 self.comma = True 1866 1867 self.comma = True 1868 yield self 1869 1870 self.write("}") 1871 self.comma = True 1872 1873 @contextmanager 1874 def write_list(self): 1875 self._write_comma() 1876 self.write("[") 1877 yield self.__class__(self.f, self.sha1) 1878 self.write("]") 1879 self.comma = True 1880 1881 @contextmanager 1882 def write_list_item(self): 1883 self._write_comma() 1884 yield self.__class__(self.f, self.sha1) 1885 self.comma = True 1886 1887 1888class JSONLDInlineSerializer(object): 1889 def write( 1890 self, 1891 objectset: SHACLObjectSet, 1892 f, 1893 force_at_graph=False, 1894 ): 1895 """ 1896 Write a SHACLObjectSet to a JSON LD file 1897 1898 Note: force_at_graph is included for compatibility, but ignored. This 1899 serializer always writes out a graph 1900 """ 1901 sha1 = hashlib.sha1() 1902 h = JSONLDInlineEncoder(f, sha1) 1903 h.write('{"@context":') 1904 if len(CONTEXT_URLS) == 1: 1905 h.write(f'"{CONTEXT_URLS[0]}"') 1906 elif CONTEXT_URLS: 1907 h.write('["') 1908 h.write('","'.join(CONTEXT_URLS)) 1909 h.write('"]') 1910 h.write(",") 1911 1912 h.write('"@graph":') 1913 1914 objectset.encode(h, True) 1915 h.write("}") 1916 return sha1.hexdigest() 1917 1918 1919def print_tree(objects, all_fields=False): 1920 """ 1921 Print object tree 1922 """ 1923 seen = set() 1924 1925 def callback(value, path): 1926 nonlocal seen 1927 1928 s = (" " * (len(path) - 1)) + f"{path[-1]}" 1929 if isinstance(value, SHACLObject): 1930 s += f" {value} ({id(value)})" 1931 is_empty = False 1932 elif isinstance(value, ListProxy): 1933 is_empty = len(value) == 0 1934 if is_empty: 1935 s += " []" 1936 else: 1937 s += f" {value!r}" 1938 is_empty = value is None 1939 1940 if all_fields or not is_empty: 1941 print(s) 1942 1943 if isinstance(value, SHACLObject): 1944 if value in seen: 1945 return False 1946 seen.add(value) 1947 return True 1948 1949 return True 1950 1951 for o in objects: 1952 o.walk(callback) 1953 1954 1955# fmt: off 1956"""Format Guard""" 1957 1958 1959CONTEXT_URLS = [ 1960 "https://spdx.org/rdf/3.0.1/spdx-context.jsonld", 1961] 1962 1963 1964# CLASSES 1965@register("http://spdx.invalid./AbstractClass", abstract=False) 1966class http_spdx_invalid_AbstractClass(SHACLObject): 1967 NODE_KIND = NodeKind.BlankNodeOrIRI 1968 NAMED_INDIVIDUALS = { 1969 } 1970 1971 1972# A class for describing the energy consumption incurred by an AI model in 1973# different stages of its lifecycle. 1974@register("https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumption", compact_type="ai_EnergyConsumption", abstract=False) 1975class ai_EnergyConsumption(SHACLObject): 1976 NODE_KIND = NodeKind.BlankNode 1977 NAMED_INDIVIDUALS = { 1978 } 1979 1980 @classmethod 1981 def _register_props(cls): 1982 super()._register_props() 1983 # Specifies the amount of energy consumed when finetuning the AI model that is 1984 # being used in the AI system. 1985 cls._add_property( 1986 "ai_finetuningEnergyConsumption", 1987 ListProp(ObjectProp(ai_EnergyConsumptionDescription, False)), 1988 iri="https://spdx.org/rdf/3.0.1/terms/AI/finetuningEnergyConsumption", 1989 compact="ai_finetuningEnergyConsumption", 1990 ) 1991 # Specifies the amount of energy consumed during inference time by an AI model 1992 # that is being used in the AI system. 1993 cls._add_property( 1994 "ai_inferenceEnergyConsumption", 1995 ListProp(ObjectProp(ai_EnergyConsumptionDescription, False)), 1996 iri="https://spdx.org/rdf/3.0.1/terms/AI/inferenceEnergyConsumption", 1997 compact="ai_inferenceEnergyConsumption", 1998 ) 1999 # Specifies the amount of energy consumed when training the AI model that is 2000 # being used in the AI system. 2001 cls._add_property( 2002 "ai_trainingEnergyConsumption", 2003 ListProp(ObjectProp(ai_EnergyConsumptionDescription, False)), 2004 iri="https://spdx.org/rdf/3.0.1/terms/AI/trainingEnergyConsumption", 2005 compact="ai_trainingEnergyConsumption", 2006 ) 2007 2008 2009# The class that helps note down the quantity of energy consumption and the unit 2010# used for measurement. 2011@register("https://spdx.org/rdf/3.0.1/terms/AI/EnergyConsumptionDescription", compact_type="ai_EnergyConsumptionDescription", abstract=False) 2012class ai_EnergyConsumptionDescription(SHACLObject): 2013 NODE_KIND = NodeKind.BlankNode 2014 NAMED_INDIVIDUALS = { 2015 } 2016 2017 @classmethod 2018 def _register_props(cls): 2019 super()._register_props() 2020 # Represents the energy quantity. 2021 cls._add_property( 2022 "ai_energyQuantity", 2023 FloatProp(), 2024 iri="https://spdx.org/rdf/3.0.1/terms/AI/energyQuantity", 2025 min_count=1, 2026 compact="ai_energyQuantity", 2027 ) 2028 # Specifies the unit in which energy is measured. 2029 cls._add_property( 2030 "ai_energyUnit", 2031 EnumProp([ 2032 ("https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour", "kilowattHour"), 2033 ("https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule", "megajoule"), 2034 ("https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other", "other"), 2035 ]), 2036 iri="https://spdx.org/rdf/3.0.1/terms/AI/energyUnit", 2037 min_count=1, 2038 compact="ai_energyUnit", 2039 ) 2040 2041 2042# Specifies the unit of energy consumption. 2043@register("https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType", compact_type="ai_EnergyUnitType", abstract=False) 2044class ai_EnergyUnitType(SHACLObject): 2045 NODE_KIND = NodeKind.BlankNodeOrIRI 2046 NAMED_INDIVIDUALS = { 2047 "kilowattHour": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour", 2048 "megajoule": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule", 2049 "other": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other", 2050 } 2051 # Kilowatt-hour. 2052 kilowattHour = "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour" 2053 # Megajoule. 2054 megajoule = "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule" 2055 # Any other units of energy measurement. 2056 other = "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other" 2057 2058 2059# Specifies the safety risk level. 2060@register("https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType", compact_type="ai_SafetyRiskAssessmentType", abstract=False) 2061class ai_SafetyRiskAssessmentType(SHACLObject): 2062 NODE_KIND = NodeKind.BlankNodeOrIRI 2063 NAMED_INDIVIDUALS = { 2064 "high": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high", 2065 "low": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low", 2066 "medium": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium", 2067 "serious": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious", 2068 } 2069 # The second-highest level of risk posed by an AI system. 2070 high = "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high" 2071 # Low/no risk is posed by an AI system. 2072 low = "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low" 2073 # The third-highest level of risk posed by an AI system. 2074 medium = "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium" 2075 # The highest level of risk posed by an AI system. 2076 serious = "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious" 2077 2078 2079# Specifies the type of an annotation. 2080@register("https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType", compact_type="AnnotationType", abstract=False) 2081class AnnotationType(SHACLObject): 2082 NODE_KIND = NodeKind.BlankNodeOrIRI 2083 NAMED_INDIVIDUALS = { 2084 "other": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other", 2085 "review": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review", 2086 } 2087 # Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element). 2088 other = "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other" 2089 # Used when someone reviews the Element. 2090 review = "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review" 2091 2092 2093# Provides information about the creation of the Element. 2094@register("https://spdx.org/rdf/3.0.1/terms/Core/CreationInfo", compact_type="CreationInfo", abstract=False) 2095class CreationInfo(SHACLObject): 2096 NODE_KIND = NodeKind.BlankNode 2097 NAMED_INDIVIDUALS = { 2098 } 2099 2100 @classmethod 2101 def _register_props(cls): 2102 super()._register_props() 2103 # Provide consumers with comments by the creator of the Element about the 2104 # Element. 2105 cls._add_property( 2106 "comment", 2107 StringProp(), 2108 iri="https://spdx.org/rdf/3.0.1/terms/Core/comment", 2109 compact="comment", 2110 ) 2111 # Identifies when the Element was originally created. 2112 cls._add_property( 2113 "created", 2114 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 2115 iri="https://spdx.org/rdf/3.0.1/terms/Core/created", 2116 min_count=1, 2117 compact="created", 2118 ) 2119 # Identifies who or what created the Element. 2120 cls._add_property( 2121 "createdBy", 2122 ListProp(ObjectProp(Agent, False, context=[ 2123 ("https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "SpdxOrganization"), 2124 ],)), 2125 iri="https://spdx.org/rdf/3.0.1/terms/Core/createdBy", 2126 min_count=1, 2127 compact="createdBy", 2128 ) 2129 # Identifies the tooling that was used during the creation of the Element. 2130 cls._add_property( 2131 "createdUsing", 2132 ListProp(ObjectProp(Tool, False)), 2133 iri="https://spdx.org/rdf/3.0.1/terms/Core/createdUsing", 2134 compact="createdUsing", 2135 ) 2136 # Provides a reference number that can be used to understand how to parse and 2137 # interpret an Element. 2138 cls._add_property( 2139 "specVersion", 2140 StringProp(pattern=r"^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$",), 2141 iri="https://spdx.org/rdf/3.0.1/terms/Core/specVersion", 2142 min_count=1, 2143 compact="specVersion", 2144 ) 2145 2146 2147# A key with an associated value. 2148@register("https://spdx.org/rdf/3.0.1/terms/Core/DictionaryEntry", compact_type="DictionaryEntry", abstract=False) 2149class DictionaryEntry(SHACLObject): 2150 NODE_KIND = NodeKind.BlankNode 2151 NAMED_INDIVIDUALS = { 2152 } 2153 2154 @classmethod 2155 def _register_props(cls): 2156 super()._register_props() 2157 # A key used in a generic key-value pair. 2158 cls._add_property( 2159 "key", 2160 StringProp(), 2161 iri="https://spdx.org/rdf/3.0.1/terms/Core/key", 2162 min_count=1, 2163 compact="key", 2164 ) 2165 # A value used in a generic key-value pair. 2166 cls._add_property( 2167 "value", 2168 StringProp(), 2169 iri="https://spdx.org/rdf/3.0.1/terms/Core/value", 2170 compact="value", 2171 ) 2172 2173 2174# Base domain class from which all other SPDX-3.0 domain classes derive. 2175@register("https://spdx.org/rdf/3.0.1/terms/Core/Element", compact_type="Element", abstract=True) 2176class Element(SHACLObject): 2177 NODE_KIND = NodeKind.IRI 2178 ID_ALIAS = "spdxId" 2179 NAMED_INDIVIDUALS = { 2180 "NoAssertionElement": "https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", 2181 "NoneElement": "https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", 2182 } 2183 # An Individual Value for Element representing a set of Elements of unknown 2184 # identify or cardinality (number). 2185 NoAssertionElement = "https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement" 2186 # An Individual Value for Element representing a set of Elements with 2187 # cardinality (number/count) of zero. 2188 NoneElement = "https://spdx.org/rdf/3.0.1/terms/Core/NoneElement" 2189 2190 @classmethod 2191 def _register_props(cls): 2192 super()._register_props() 2193 # Provide consumers with comments by the creator of the Element about the 2194 # Element. 2195 cls._add_property( 2196 "comment", 2197 StringProp(), 2198 iri="https://spdx.org/rdf/3.0.1/terms/Core/comment", 2199 compact="comment", 2200 ) 2201 # Provides information about the creation of the Element. 2202 cls._add_property( 2203 "creationInfo", 2204 ObjectProp(CreationInfo, True), 2205 iri="https://spdx.org/rdf/3.0.1/terms/Core/creationInfo", 2206 min_count=1, 2207 compact="creationInfo", 2208 ) 2209 # Provides a detailed description of the Element. 2210 cls._add_property( 2211 "description", 2212 StringProp(), 2213 iri="https://spdx.org/rdf/3.0.1/terms/Core/description", 2214 compact="description", 2215 ) 2216 # Specifies an Extension characterization of some aspect of an Element. 2217 cls._add_property( 2218 "extension", 2219 ListProp(ObjectProp(extension_Extension, False)), 2220 iri="https://spdx.org/rdf/3.0.1/terms/Core/extension", 2221 compact="extension", 2222 ) 2223 # Provides a reference to a resource outside the scope of SPDX-3.0 content 2224 # that uniquely identifies an Element. 2225 cls._add_property( 2226 "externalIdentifier", 2227 ListProp(ObjectProp(ExternalIdentifier, False)), 2228 iri="https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifier", 2229 compact="externalIdentifier", 2230 ) 2231 # Points to a resource outside the scope of the SPDX-3.0 content 2232 # that provides additional characteristics of an Element. 2233 cls._add_property( 2234 "externalRef", 2235 ListProp(ObjectProp(ExternalRef, False)), 2236 iri="https://spdx.org/rdf/3.0.1/terms/Core/externalRef", 2237 compact="externalRef", 2238 ) 2239 # Identifies the name of an Element as designated by the creator. 2240 cls._add_property( 2241 "name", 2242 StringProp(), 2243 iri="https://spdx.org/rdf/3.0.1/terms/Core/name", 2244 compact="name", 2245 ) 2246 # A short description of an Element. 2247 cls._add_property( 2248 "summary", 2249 StringProp(), 2250 iri="https://spdx.org/rdf/3.0.1/terms/Core/summary", 2251 compact="summary", 2252 ) 2253 # Provides an IntegrityMethod with which the integrity of an Element can be 2254 # asserted. 2255 cls._add_property( 2256 "verifiedUsing", 2257 ListProp(ObjectProp(IntegrityMethod, False)), 2258 iri="https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing", 2259 compact="verifiedUsing", 2260 ) 2261 2262 2263# A collection of Elements, not necessarily with unifying context. 2264@register("https://spdx.org/rdf/3.0.1/terms/Core/ElementCollection", compact_type="ElementCollection", abstract=True) 2265class ElementCollection(Element): 2266 NODE_KIND = NodeKind.IRI 2267 ID_ALIAS = "spdxId" 2268 NAMED_INDIVIDUALS = { 2269 } 2270 2271 @classmethod 2272 def _register_props(cls): 2273 super()._register_props() 2274 # Refers to one or more Elements that are part of an ElementCollection. 2275 cls._add_property( 2276 "element", 2277 ListProp(ObjectProp(Element, False, context=[ 2278 ("https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", "NoneElement"), 2279 ("https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "SpdxOrganization"), 2280 ("https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", "NoAssertionElement"), 2281 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "expandedlicensing_NoneLicense"), 2282 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "expandedlicensing_NoAssertionLicense"), 2283 ],)), 2284 iri="https://spdx.org/rdf/3.0.1/terms/Core/element", 2285 compact="element", 2286 ) 2287 # Describes one a profile which the creator of this ElementCollection intends to 2288 # conform to. 2289 cls._add_property( 2290 "profileConformance", 2291 ListProp(EnumProp([ 2292 ("https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai", "ai"), 2293 ("https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build", "build"), 2294 ("https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core", "core"), 2295 ("https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset", "dataset"), 2296 ("https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing", "expandedLicensing"), 2297 ("https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension", "extension"), 2298 ("https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite", "lite"), 2299 ("https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security", "security"), 2300 ("https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing", "simpleLicensing"), 2301 ("https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software", "software"), 2302 ])), 2303 iri="https://spdx.org/rdf/3.0.1/terms/Core/profileConformance", 2304 compact="profileConformance", 2305 ) 2306 # This property is used to denote the root Element(s) of a tree of elements contained in a BOM. 2307 cls._add_property( 2308 "rootElement", 2309 ListProp(ObjectProp(Element, False, context=[ 2310 ("https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", "NoneElement"), 2311 ("https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "SpdxOrganization"), 2312 ("https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", "NoAssertionElement"), 2313 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "expandedlicensing_NoneLicense"), 2314 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "expandedlicensing_NoAssertionLicense"), 2315 ],)), 2316 iri="https://spdx.org/rdf/3.0.1/terms/Core/rootElement", 2317 compact="rootElement", 2318 ) 2319 2320 2321# A reference to a resource identifier defined outside the scope of SPDX-3.0 content that uniquely identifies an Element. 2322@register("https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifier", compact_type="ExternalIdentifier", abstract=False) 2323class ExternalIdentifier(SHACLObject): 2324 NODE_KIND = NodeKind.BlankNode 2325 NAMED_INDIVIDUALS = { 2326 } 2327 2328 @classmethod 2329 def _register_props(cls): 2330 super()._register_props() 2331 # Provide consumers with comments by the creator of the Element about the 2332 # Element. 2333 cls._add_property( 2334 "comment", 2335 StringProp(), 2336 iri="https://spdx.org/rdf/3.0.1/terms/Core/comment", 2337 compact="comment", 2338 ) 2339 # Specifies the type of the external identifier. 2340 cls._add_property( 2341 "externalIdentifierType", 2342 EnumProp([ 2343 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22", "cpe22"), 2344 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23", "cpe23"), 2345 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve", "cve"), 2346 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email", "email"), 2347 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid", "gitoid"), 2348 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other", "other"), 2349 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl", "packageUrl"), 2350 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther", "securityOther"), 2351 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid", "swhid"), 2352 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid", "swid"), 2353 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme", "urlScheme"), 2354 ]), 2355 iri="https://spdx.org/rdf/3.0.1/terms/Core/externalIdentifierType", 2356 min_count=1, 2357 compact="externalIdentifierType", 2358 ) 2359 # Uniquely identifies an external element. 2360 cls._add_property( 2361 "identifier", 2362 StringProp(), 2363 iri="https://spdx.org/rdf/3.0.1/terms/Core/identifier", 2364 min_count=1, 2365 compact="identifier", 2366 ) 2367 # Provides the location for more information regarding an external identifier. 2368 cls._add_property( 2369 "identifierLocator", 2370 ListProp(AnyURIProp()), 2371 iri="https://spdx.org/rdf/3.0.1/terms/Core/identifierLocator", 2372 compact="identifierLocator", 2373 ) 2374 # An entity that is authorized to issue identification credentials. 2375 cls._add_property( 2376 "issuingAuthority", 2377 StringProp(), 2378 iri="https://spdx.org/rdf/3.0.1/terms/Core/issuingAuthority", 2379 compact="issuingAuthority", 2380 ) 2381 2382 2383# Specifies the type of an external identifier. 2384@register("https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType", compact_type="ExternalIdentifierType", abstract=False) 2385class ExternalIdentifierType(SHACLObject): 2386 NODE_KIND = NodeKind.BlankNodeOrIRI 2387 NAMED_INDIVIDUALS = { 2388 "cpe22": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22", 2389 "cpe23": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23", 2390 "cve": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve", 2391 "email": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email", 2392 "gitoid": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid", 2393 "other": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other", 2394 "packageUrl": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl", 2395 "securityOther": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther", 2396 "swhid": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid", 2397 "swid": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid", 2398 "urlScheme": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme", 2399 } 2400 # [Common Platform Enumeration Specification 2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf) 2401 cpe22 = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22" 2402 # [Common Platform Enumeration: Naming Specification Version 2.3](https://csrc.nist.gov/publications/detail/nistir/7695/final) 2403 cpe23 = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23" 2404 # Common Vulnerabilities and Exposures identifiers, an identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the [CVE specification](https://csrc.nist.gov/glossary/term/cve_id). 2405 cve = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve" 2406 # Email address, as defined in [RFC 3696](https://datatracker.ietf.org/doc/rfc3986/) Section 3. 2407 email = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email" 2408 # [Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg). 2409 gitoid = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid" 2410 # Used when the type does not match any of the other options. 2411 other = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other" 2412 # Package URL, as defined in the corresponding [Annex](../../../annexes/pkg-url-specification.md) of this specification. 2413 packageUrl = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl" 2414 # Used when there is a security related identifier of unspecified type. 2415 securityOther = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther" 2416 # SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`. 2417 swhid = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid" 2418 # Concise Software Identification (CoSWID) tag, as defined in [RFC 9393](https://datatracker.ietf.org/doc/rfc9393/) Section 2.3. 2419 swid = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid" 2420 # [Uniform Resource Identifier (URI) Schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). The scheme used in order to locate a resource. 2421 urlScheme = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme" 2422 2423 2424# A map of Element identifiers that are used within an SpdxDocument but defined 2425# external to that SpdxDocument. 2426@register("https://spdx.org/rdf/3.0.1/terms/Core/ExternalMap", compact_type="ExternalMap", abstract=False) 2427class ExternalMap(SHACLObject): 2428 NODE_KIND = NodeKind.BlankNode 2429 NAMED_INDIVIDUALS = { 2430 } 2431 2432 @classmethod 2433 def _register_props(cls): 2434 super()._register_props() 2435 # Artifact representing a serialization instance of SPDX data containing the 2436 # definition of a particular Element. 2437 cls._add_property( 2438 "definingArtifact", 2439 ObjectProp(Artifact, False), 2440 iri="https://spdx.org/rdf/3.0.1/terms/Core/definingArtifact", 2441 compact="definingArtifact", 2442 ) 2443 # Identifies an external Element used within an SpdxDocument but defined 2444 # external to that SpdxDocument. 2445 cls._add_property( 2446 "externalSpdxId", 2447 AnyURIProp(), 2448 iri="https://spdx.org/rdf/3.0.1/terms/Core/externalSpdxId", 2449 min_count=1, 2450 compact="externalSpdxId", 2451 ) 2452 # Provides an indication of where to retrieve an external Element. 2453 cls._add_property( 2454 "locationHint", 2455 AnyURIProp(), 2456 iri="https://spdx.org/rdf/3.0.1/terms/Core/locationHint", 2457 compact="locationHint", 2458 ) 2459 # Provides an IntegrityMethod with which the integrity of an Element can be 2460 # asserted. 2461 cls._add_property( 2462 "verifiedUsing", 2463 ListProp(ObjectProp(IntegrityMethod, False)), 2464 iri="https://spdx.org/rdf/3.0.1/terms/Core/verifiedUsing", 2465 compact="verifiedUsing", 2466 ) 2467 2468 2469# A reference to a resource outside the scope of SPDX-3.0 content related to an Element. 2470@register("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRef", compact_type="ExternalRef", abstract=False) 2471class ExternalRef(SHACLObject): 2472 NODE_KIND = NodeKind.BlankNode 2473 NAMED_INDIVIDUALS = { 2474 } 2475 2476 @classmethod 2477 def _register_props(cls): 2478 super()._register_props() 2479 # Provide consumers with comments by the creator of the Element about the 2480 # Element. 2481 cls._add_property( 2482 "comment", 2483 StringProp(), 2484 iri="https://spdx.org/rdf/3.0.1/terms/Core/comment", 2485 compact="comment", 2486 ) 2487 # Provides information about the content type of an Element or a Property. 2488 cls._add_property( 2489 "contentType", 2490 StringProp(pattern=r"^[^\/]+\/[^\/]+$",), 2491 iri="https://spdx.org/rdf/3.0.1/terms/Core/contentType", 2492 compact="contentType", 2493 ) 2494 # Specifies the type of the external reference. 2495 cls._add_property( 2496 "externalRefType", 2497 EnumProp([ 2498 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation", "altDownloadLocation"), 2499 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage", "altWebPage"), 2500 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact", "binaryArtifact"), 2501 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower", "bower"), 2502 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta", "buildMeta"), 2503 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem", "buildSystem"), 2504 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport", "certificationReport"), 2505 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat", "chat"), 2506 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport", "componentAnalysisReport"), 2507 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe", "cwe"), 2508 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation", "documentation"), 2509 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport", "dynamicAnalysisReport"), 2510 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice", "eolNotice"), 2511 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment", "exportControlAssessment"), 2512 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding", "funding"), 2513 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker", "issueTracker"), 2514 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license", "license"), 2515 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList", "mailingList"), 2516 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral", "mavenCentral"), 2517 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics", "metrics"), 2518 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm", "npm"), 2519 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget", "nuget"), 2520 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other", "other"), 2521 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment", "privacyAssessment"), 2522 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata", "productMetadata"), 2523 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder", "purchaseOrder"), 2524 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport", "qualityAssessmentReport"), 2525 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory", "releaseHistory"), 2526 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes", "releaseNotes"), 2527 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment", "riskAssessment"), 2528 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport", "runtimeAnalysisReport"), 2529 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation", "secureSoftwareAttestation"), 2530 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel", "securityAdversaryModel"), 2531 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory", "securityAdvisory"), 2532 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix", "securityFix"), 2533 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther", "securityOther"), 2534 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport", "securityPenTestReport"), 2535 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy", "securityPolicy"), 2536 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel", "securityThreatModel"), 2537 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia", "socialMedia"), 2538 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact", "sourceArtifact"), 2539 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport", "staticAnalysisReport"), 2540 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support", "support"), 2541 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs", "vcs"), 2542 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport", "vulnerabilityDisclosureReport"), 2543 ("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment", "vulnerabilityExploitabilityAssessment"), 2544 ]), 2545 iri="https://spdx.org/rdf/3.0.1/terms/Core/externalRefType", 2546 compact="externalRefType", 2547 ) 2548 # Provides the location of an external reference. 2549 cls._add_property( 2550 "locator", 2551 ListProp(StringProp()), 2552 iri="https://spdx.org/rdf/3.0.1/terms/Core/locator", 2553 compact="locator", 2554 ) 2555 2556 2557# Specifies the type of an external reference. 2558@register("https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType", compact_type="ExternalRefType", abstract=False) 2559class ExternalRefType(SHACLObject): 2560 NODE_KIND = NodeKind.BlankNodeOrIRI 2561 NAMED_INDIVIDUALS = { 2562 "altDownloadLocation": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation", 2563 "altWebPage": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage", 2564 "binaryArtifact": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact", 2565 "bower": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower", 2566 "buildMeta": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta", 2567 "buildSystem": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem", 2568 "certificationReport": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport", 2569 "chat": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat", 2570 "componentAnalysisReport": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport", 2571 "cwe": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe", 2572 "documentation": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation", 2573 "dynamicAnalysisReport": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport", 2574 "eolNotice": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice", 2575 "exportControlAssessment": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment", 2576 "funding": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding", 2577 "issueTracker": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker", 2578 "license": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license", 2579 "mailingList": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList", 2580 "mavenCentral": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral", 2581 "metrics": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics", 2582 "npm": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm", 2583 "nuget": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget", 2584 "other": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other", 2585 "privacyAssessment": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment", 2586 "productMetadata": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata", 2587 "purchaseOrder": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder", 2588 "qualityAssessmentReport": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport", 2589 "releaseHistory": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory", 2590 "releaseNotes": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes", 2591 "riskAssessment": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment", 2592 "runtimeAnalysisReport": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport", 2593 "secureSoftwareAttestation": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation", 2594 "securityAdversaryModel": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel", 2595 "securityAdvisory": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory", 2596 "securityFix": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix", 2597 "securityOther": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther", 2598 "securityPenTestReport": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport", 2599 "securityPolicy": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy", 2600 "securityThreatModel": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel", 2601 "socialMedia": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia", 2602 "sourceArtifact": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact", 2603 "staticAnalysisReport": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport", 2604 "support": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support", 2605 "vcs": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs", 2606 "vulnerabilityDisclosureReport": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport", 2607 "vulnerabilityExploitabilityAssessment": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment", 2608 } 2609 # A reference to an alternative download location. 2610 altDownloadLocation = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation" 2611 # A reference to an alternative web page. 2612 altWebPage = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage" 2613 # A reference to binary artifacts related to a package. 2614 binaryArtifact = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact" 2615 # A reference to a Bower package. The package locator format, looks like `package#version`, is defined in the "install" section of [Bower API documentation](https://bower.io/docs/api/#install). 2616 bower = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower" 2617 # A reference build metadata related to a published package. 2618 buildMeta = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta" 2619 # A reference build system used to create or publish the package. 2620 buildSystem = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem" 2621 # A reference to a certification report for a package from an accredited/independent body. 2622 certificationReport = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport" 2623 # A reference to the instant messaging system used by the maintainer for a package. 2624 chat = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat" 2625 # A reference to a Software Composition Analysis (SCA) report. 2626 componentAnalysisReport = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport" 2627 # [Common Weakness Enumeration](https://csrc.nist.gov/glossary/term/common_weakness_enumeration). A reference to a source of software flaw defined within the official [CWE List](https://cwe.mitre.org/data/) that conforms to the [CWE specification](https://cwe.mitre.org/). 2628 cwe = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe" 2629 # A reference to the documentation for a package. 2630 documentation = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation" 2631 # A reference to a dynamic analysis report for a package. 2632 dynamicAnalysisReport = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport" 2633 # A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package. 2634 eolNotice = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice" 2635 # A reference to a export control assessment for a package. 2636 exportControlAssessment = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment" 2637 # A reference to funding information related to a package. 2638 funding = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding" 2639 # A reference to the issue tracker for a package. 2640 issueTracker = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker" 2641 # A reference to additional license information related to an artifact. 2642 license = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license" 2643 # A reference to the mailing list used by the maintainer for a package. 2644 mailingList = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList" 2645 # A reference to a Maven repository artifact. The artifact locator format is defined in the [Maven documentation](https://maven.apache.org/guides/mini/guide-naming-conventions.html) and looks like `groupId:artifactId[:version]`. 2646 mavenCentral = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral" 2647 # A reference to metrics related to package such as OpenSSF scorecards. 2648 metrics = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics" 2649 # A reference to an npm package. The package locator format is defined in the [npm documentation](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) and looks like `package@version`. 2650 npm = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm" 2651 # A reference to a NuGet package. The package locator format is defined in the [NuGet documentation](https://docs.nuget.org) and looks like `package/version`. 2652 nuget = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget" 2653 # Used when the type does not match any of the other options. 2654 other = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other" 2655 # A reference to a privacy assessment for a package. 2656 privacyAssessment = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment" 2657 # A reference to additional product metadata such as reference within organization's product catalog. 2658 productMetadata = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata" 2659 # A reference to a purchase order for a package. 2660 purchaseOrder = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder" 2661 # A reference to a quality assessment for a package. 2662 qualityAssessmentReport = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport" 2663 # A reference to a published list of releases for a package. 2664 releaseHistory = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory" 2665 # A reference to the release notes for a package. 2666 releaseNotes = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes" 2667 # A reference to a risk assessment for a package. 2668 riskAssessment = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment" 2669 # A reference to a runtime analysis report for a package. 2670 runtimeAnalysisReport = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport" 2671 # A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1](https://csrc.nist.gov/pubs/sp/800/218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form). 2672 secureSoftwareAttestation = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation" 2673 # A reference to the security adversary model for a package. 2674 securityAdversaryModel = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel" 2675 # A reference to a published security advisory (where advisory as defined per [ISO 29147:2018](https://www.iso.org/standard/72311.html)) that may affect one or more elements, e.g., vendor advisories or specific NVD entries. 2676 securityAdvisory = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory" 2677 # A reference to the patch or source code that fixes a vulnerability. 2678 securityFix = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix" 2679 # A reference to related security information of unspecified type. 2680 securityOther = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther" 2681 # A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package. 2682 securityPenTestReport = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport" 2683 # A reference to instructions for reporting newly discovered security vulnerabilities for a package. 2684 securityPolicy = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy" 2685 # A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package. 2686 securityThreatModel = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel" 2687 # A reference to a social media channel for a package. 2688 socialMedia = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia" 2689 # A reference to an artifact containing the sources for a package. 2690 sourceArtifact = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact" 2691 # A reference to a static analysis report for a package. 2692 staticAnalysisReport = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport" 2693 # A reference to the software support channel or other support information for a package. 2694 support = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support" 2695 # A reference to a version control system related to a software artifact. 2696 vcs = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs" 2697 # A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final). 2698 vulnerabilityDisclosureReport = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport" 2699 # A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf). 2700 vulnerabilityExploitabilityAssessment = "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment" 2701 2702 2703# A mathematical algorithm that maps data of arbitrary size to a bit string. 2704@register("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm", compact_type="HashAlgorithm", abstract=False) 2705class HashAlgorithm(SHACLObject): 2706 NODE_KIND = NodeKind.BlankNodeOrIRI 2707 NAMED_INDIVIDUALS = { 2708 "adler32": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32", 2709 "blake2b256": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256", 2710 "blake2b384": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384", 2711 "blake2b512": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512", 2712 "blake3": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3", 2713 "crystalsDilithium": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium", 2714 "crystalsKyber": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber", 2715 "falcon": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon", 2716 "md2": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2", 2717 "md4": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4", 2718 "md5": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5", 2719 "md6": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6", 2720 "other": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other", 2721 "sha1": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1", 2722 "sha224": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224", 2723 "sha256": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256", 2724 "sha384": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384", 2725 "sha3_224": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224", 2726 "sha3_256": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256", 2727 "sha3_384": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384", 2728 "sha3_512": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512", 2729 "sha512": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512", 2730 } 2731 # Adler-32 checksum is part of the widely used zlib compression library as defined in [RFC 1950](https://datatracker.ietf.org/doc/rfc1950/) Section 2.3. 2732 adler32 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32" 2733 # BLAKE2b algorithm with a digest size of 256, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4. 2734 blake2b256 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256" 2735 # BLAKE2b algorithm with a digest size of 384, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4. 2736 blake2b384 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384" 2737 # BLAKE2b algorithm with a digest size of 512, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4. 2738 blake2b512 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512" 2739 # [BLAKE3](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf) 2740 blake3 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3" 2741 # [Dilithium](https://pq-crystals.org/dilithium/) 2742 crystalsDilithium = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium" 2743 # [Kyber](https://pq-crystals.org/kyber/) 2744 crystalsKyber = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber" 2745 # [FALCON](https://falcon-sign.info/falcon.pdf) 2746 falcon = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon" 2747 # MD2 message-digest algorithm, as defined in [RFC 1319](https://datatracker.ietf.org/doc/rfc1319/). 2748 md2 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2" 2749 # MD4 message-digest algorithm, as defined in [RFC 1186](https://datatracker.ietf.org/doc/rfc1186/). 2750 md4 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4" 2751 # MD5 message-digest algorithm, as defined in [RFC 1321](https://datatracker.ietf.org/doc/rfc1321/). 2752 md5 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5" 2753 # [MD6 hash function](https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf) 2754 md6 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6" 2755 # any hashing algorithm that does not exist in this list of entries 2756 other = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other" 2757 # SHA-1, a secure hashing algorithm, as defined in [RFC 3174](https://datatracker.ietf.org/doc/rfc3174/). 2758 sha1 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1" 2759 # SHA-2 with a digest length of 224, as defined in [RFC 3874](https://datatracker.ietf.org/doc/rfc3874/). 2760 sha224 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224" 2761 # SHA-2 with a digest length of 256, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/). 2762 sha256 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256" 2763 # SHA-2 with a digest length of 384, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/). 2764 sha384 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384" 2765 # SHA-3 with a digest length of 224, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final). 2766 sha3_224 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224" 2767 # SHA-3 with a digest length of 256, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final). 2768 sha3_256 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256" 2769 # SHA-3 with a digest length of 384, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final). 2770 sha3_384 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384" 2771 # SHA-3 with a digest length of 512, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final). 2772 sha3_512 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512" 2773 # SHA-2 with a digest length of 512, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/). 2774 sha512 = "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512" 2775 2776 2777# Provides an independently reproducible mechanism that permits verification of a specific Element. 2778@register("https://spdx.org/rdf/3.0.1/terms/Core/IntegrityMethod", compact_type="IntegrityMethod", abstract=True) 2779class IntegrityMethod(SHACLObject): 2780 NODE_KIND = NodeKind.BlankNode 2781 NAMED_INDIVIDUALS = { 2782 } 2783 2784 @classmethod 2785 def _register_props(cls): 2786 super()._register_props() 2787 # Provide consumers with comments by the creator of the Element about the 2788 # Element. 2789 cls._add_property( 2790 "comment", 2791 StringProp(), 2792 iri="https://spdx.org/rdf/3.0.1/terms/Core/comment", 2793 compact="comment", 2794 ) 2795 2796 2797# Provide an enumerated set of lifecycle phases that can provide context to relationships. 2798@register("https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType", compact_type="LifecycleScopeType", abstract=False) 2799class LifecycleScopeType(SHACLObject): 2800 NODE_KIND = NodeKind.BlankNodeOrIRI 2801 NAMED_INDIVIDUALS = { 2802 "build": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build", 2803 "design": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design", 2804 "development": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development", 2805 "other": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other", 2806 "runtime": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime", 2807 "test": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test", 2808 } 2809 # A relationship has specific context implications during an element's build phase, during development. 2810 build = "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build" 2811 # A relationship has specific context implications during an element's design. 2812 design = "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design" 2813 # A relationship has specific context implications during development phase of an element. 2814 development = "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development" 2815 # A relationship has other specific context information necessary to capture that the above set of enumerations does not handle. 2816 other = "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other" 2817 # A relationship has specific context implications during the execution phase of an element. 2818 runtime = "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime" 2819 # A relationship has specific context implications during an element's testing phase, during development. 2820 test = "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test" 2821 2822 2823# A mapping between prefixes and namespace partial URIs. 2824@register("https://spdx.org/rdf/3.0.1/terms/Core/NamespaceMap", compact_type="NamespaceMap", abstract=False) 2825class NamespaceMap(SHACLObject): 2826 NODE_KIND = NodeKind.BlankNode 2827 NAMED_INDIVIDUALS = { 2828 } 2829 2830 @classmethod 2831 def _register_props(cls): 2832 super()._register_props() 2833 # Provides an unambiguous mechanism for conveying a URI fragment portion of an 2834 # Element ID. 2835 cls._add_property( 2836 "namespace", 2837 AnyURIProp(), 2838 iri="https://spdx.org/rdf/3.0.1/terms/Core/namespace", 2839 min_count=1, 2840 compact="namespace", 2841 ) 2842 # A substitute for a URI. 2843 cls._add_property( 2844 "prefix", 2845 StringProp(), 2846 iri="https://spdx.org/rdf/3.0.1/terms/Core/prefix", 2847 min_count=1, 2848 compact="prefix", 2849 ) 2850 2851 2852# An SPDX version 2.X compatible verification method for software packages. 2853@register("https://spdx.org/rdf/3.0.1/terms/Core/PackageVerificationCode", compact_type="PackageVerificationCode", abstract=False) 2854class PackageVerificationCode(IntegrityMethod): 2855 NODE_KIND = NodeKind.BlankNode 2856 NAMED_INDIVIDUALS = { 2857 } 2858 2859 @classmethod 2860 def _register_props(cls): 2861 super()._register_props() 2862 # Specifies the algorithm used for calculating the hash value. 2863 cls._add_property( 2864 "algorithm", 2865 EnumProp([ 2866 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32", "adler32"), 2867 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256", "blake2b256"), 2868 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384", "blake2b384"), 2869 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512", "blake2b512"), 2870 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3", "blake3"), 2871 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium", "crystalsDilithium"), 2872 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber", "crystalsKyber"), 2873 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon", "falcon"), 2874 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2", "md2"), 2875 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4", "md4"), 2876 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5", "md5"), 2877 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6", "md6"), 2878 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other", "other"), 2879 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1", "sha1"), 2880 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224", "sha224"), 2881 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256", "sha256"), 2882 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384", "sha384"), 2883 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224", "sha3_224"), 2884 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256", "sha3_256"), 2885 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384", "sha3_384"), 2886 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512", "sha3_512"), 2887 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512", "sha512"), 2888 ]), 2889 iri="https://spdx.org/rdf/3.0.1/terms/Core/algorithm", 2890 min_count=1, 2891 compact="algorithm", 2892 ) 2893 # The result of applying a hash algorithm to an Element. 2894 cls._add_property( 2895 "hashValue", 2896 StringProp(), 2897 iri="https://spdx.org/rdf/3.0.1/terms/Core/hashValue", 2898 min_count=1, 2899 compact="hashValue", 2900 ) 2901 # The relative file name of a file to be excluded from the 2902 # `PackageVerificationCode`. 2903 cls._add_property( 2904 "packageVerificationCodeExcludedFile", 2905 ListProp(StringProp()), 2906 iri="https://spdx.org/rdf/3.0.1/terms/Core/packageVerificationCodeExcludedFile", 2907 compact="packageVerificationCodeExcludedFile", 2908 ) 2909 2910 2911# A tuple of two positive integers that define a range. 2912@register("https://spdx.org/rdf/3.0.1/terms/Core/PositiveIntegerRange", compact_type="PositiveIntegerRange", abstract=False) 2913class PositiveIntegerRange(SHACLObject): 2914 NODE_KIND = NodeKind.BlankNode 2915 NAMED_INDIVIDUALS = { 2916 } 2917 2918 @classmethod 2919 def _register_props(cls): 2920 super()._register_props() 2921 # Defines the beginning of a range. 2922 cls._add_property( 2923 "beginIntegerRange", 2924 PositiveIntegerProp(), 2925 iri="https://spdx.org/rdf/3.0.1/terms/Core/beginIntegerRange", 2926 min_count=1, 2927 compact="beginIntegerRange", 2928 ) 2929 # Defines the end of a range. 2930 cls._add_property( 2931 "endIntegerRange", 2932 PositiveIntegerProp(), 2933 iri="https://spdx.org/rdf/3.0.1/terms/Core/endIntegerRange", 2934 min_count=1, 2935 compact="endIntegerRange", 2936 ) 2937 2938 2939# Categories of presence or absence. 2940@register("https://spdx.org/rdf/3.0.1/terms/Core/PresenceType", compact_type="PresenceType", abstract=False) 2941class PresenceType(SHACLObject): 2942 NODE_KIND = NodeKind.BlankNodeOrIRI 2943 NAMED_INDIVIDUALS = { 2944 "no": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", 2945 "noAssertion": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", 2946 "yes": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", 2947 } 2948 # Indicates absence of the field. 2949 no = "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no" 2950 # Makes no assertion about the field. 2951 noAssertion = "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion" 2952 # Indicates presence of the field. 2953 yes = "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes" 2954 2955 2956# Enumeration of the valid profiles. 2957@register("https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType", compact_type="ProfileIdentifierType", abstract=False) 2958class ProfileIdentifierType(SHACLObject): 2959 NODE_KIND = NodeKind.BlankNodeOrIRI 2960 NAMED_INDIVIDUALS = { 2961 "ai": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai", 2962 "build": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build", 2963 "core": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core", 2964 "dataset": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset", 2965 "expandedLicensing": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing", 2966 "extension": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension", 2967 "lite": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite", 2968 "security": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security", 2969 "simpleLicensing": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing", 2970 "software": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software", 2971 } 2972 # the element follows the AI profile specification 2973 ai = "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai" 2974 # the element follows the Build profile specification 2975 build = "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build" 2976 # the element follows the Core profile specification 2977 core = "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core" 2978 # the element follows the Dataset profile specification 2979 dataset = "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset" 2980 # the element follows the expanded Licensing profile specification 2981 expandedLicensing = "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing" 2982 # the element follows the Extension profile specification 2983 extension = "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension" 2984 # the element follows the Lite profile specification 2985 lite = "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite" 2986 # the element follows the Security profile specification 2987 security = "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security" 2988 # the element follows the simple Licensing profile specification 2989 simpleLicensing = "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing" 2990 # the element follows the Software profile specification 2991 software = "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software" 2992 2993 2994# Describes a relationship between one or more elements. 2995@register("https://spdx.org/rdf/3.0.1/terms/Core/Relationship", compact_type="Relationship", abstract=False) 2996class Relationship(Element): 2997 NODE_KIND = NodeKind.IRI 2998 ID_ALIAS = "spdxId" 2999 NAMED_INDIVIDUALS = { 3000 } 3001 3002 @classmethod 3003 def _register_props(cls): 3004 super()._register_props() 3005 # Provides information about the completeness of relationships. 3006 cls._add_property( 3007 "completeness", 3008 EnumProp([ 3009 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete", "complete"), 3010 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete", "incomplete"), 3011 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion", "noAssertion"), 3012 ]), 3013 iri="https://spdx.org/rdf/3.0.1/terms/Core/completeness", 3014 compact="completeness", 3015 ) 3016 # Specifies the time from which an element is no longer applicable / valid. 3017 cls._add_property( 3018 "endTime", 3019 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 3020 iri="https://spdx.org/rdf/3.0.1/terms/Core/endTime", 3021 compact="endTime", 3022 ) 3023 # References the Element on the left-hand side of a relationship. 3024 cls._add_property( 3025 "from_", 3026 ObjectProp(Element, True, context=[ 3027 ("https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", "NoneElement"), 3028 ("https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "SpdxOrganization"), 3029 ("https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", "NoAssertionElement"), 3030 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "expandedlicensing_NoneLicense"), 3031 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "expandedlicensing_NoAssertionLicense"), 3032 ],), 3033 iri="https://spdx.org/rdf/3.0.1/terms/Core/from", 3034 min_count=1, 3035 compact="from", 3036 ) 3037 # Information about the relationship between two Elements. 3038 cls._add_property( 3039 "relationshipType", 3040 EnumProp([ 3041 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects", "affects"), 3042 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy", "amendedBy"), 3043 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf", "ancestorOf"), 3044 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom", "availableFrom"), 3045 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures", "configures"), 3046 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains", "contains"), 3047 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy", "coordinatedBy"), 3048 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo", "copiedTo"), 3049 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo", "delegatedTo"), 3050 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn", "dependsOn"), 3051 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf", "descendantOf"), 3052 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes", "describes"), 3053 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect", "doesNotAffect"), 3054 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo", "expandsTo"), 3055 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy", "exploitCreatedBy"), 3056 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy", "fixedBy"), 3057 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn", "fixedIn"), 3058 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy", "foundBy"), 3059 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates", "generates"), 3060 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile", "hasAddedFile"), 3061 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor", "hasAssessmentFor"), 3062 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability", "hasAssociatedVulnerability"), 3063 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense", "hasConcludedLicense"), 3064 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile", "hasDataFile"), 3065 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense", "hasDeclaredLicense"), 3066 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile", "hasDeletedFile"), 3067 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest", "hasDependencyManifest"), 3068 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact", "hasDistributionArtifact"), 3069 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation", "hasDocumentation"), 3070 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink", "hasDynamicLink"), 3071 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence", "hasEvidence"), 3072 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample", "hasExample"), 3073 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost", "hasHost"), 3074 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput", "hasInput"), 3075 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata", "hasMetadata"), 3076 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent", "hasOptionalComponent"), 3077 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency", "hasOptionalDependency"), 3078 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput", "hasOutput"), 3079 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite", "hasPrerequisite"), 3080 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency", "hasProvidedDependency"), 3081 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement", "hasRequirement"), 3082 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification", "hasSpecification"), 3083 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink", "hasStaticLink"), 3084 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest", "hasTest"), 3085 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase", "hasTestCase"), 3086 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant", "hasVariant"), 3087 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy", "invokedBy"), 3088 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy", "modifiedBy"), 3089 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other", "other"), 3090 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy", "packagedBy"), 3091 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy", "patchedBy"), 3092 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy", "publishedBy"), 3093 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy", "reportedBy"), 3094 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy", "republishedBy"), 3095 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact", "serializedInArtifact"), 3096 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn", "testedOn"), 3097 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn", "trainedOn"), 3098 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor", "underInvestigationFor"), 3099 ("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool", "usesTool"), 3100 ]), 3101 iri="https://spdx.org/rdf/3.0.1/terms/Core/relationshipType", 3102 min_count=1, 3103 compact="relationshipType", 3104 ) 3105 # Specifies the time from which an element is applicable / valid. 3106 cls._add_property( 3107 "startTime", 3108 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 3109 iri="https://spdx.org/rdf/3.0.1/terms/Core/startTime", 3110 compact="startTime", 3111 ) 3112 # References an Element on the right-hand side of a relationship. 3113 cls._add_property( 3114 "to", 3115 ListProp(ObjectProp(Element, False, context=[ 3116 ("https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", "NoneElement"), 3117 ("https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "SpdxOrganization"), 3118 ("https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", "NoAssertionElement"), 3119 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "expandedlicensing_NoneLicense"), 3120 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "expandedlicensing_NoAssertionLicense"), 3121 ],)), 3122 iri="https://spdx.org/rdf/3.0.1/terms/Core/to", 3123 min_count=1, 3124 compact="to", 3125 ) 3126 3127 3128# Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness. 3129@register("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness", compact_type="RelationshipCompleteness", abstract=False) 3130class RelationshipCompleteness(SHACLObject): 3131 NODE_KIND = NodeKind.BlankNodeOrIRI 3132 NAMED_INDIVIDUALS = { 3133 "complete": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete", 3134 "incomplete": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete", 3135 "noAssertion": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion", 3136 } 3137 # The relationship is known to be exhaustive. 3138 complete = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete" 3139 # The relationship is known not to be exhaustive. 3140 incomplete = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete" 3141 # No assertion can be made about the completeness of the relationship. 3142 noAssertion = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion" 3143 3144 3145# Information about the relationship between two Elements. 3146@register("https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType", compact_type="RelationshipType", abstract=False) 3147class RelationshipType(SHACLObject): 3148 NODE_KIND = NodeKind.BlankNodeOrIRI 3149 NAMED_INDIVIDUALS = { 3150 "affects": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects", 3151 "amendedBy": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy", 3152 "ancestorOf": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf", 3153 "availableFrom": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom", 3154 "configures": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures", 3155 "contains": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains", 3156 "coordinatedBy": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy", 3157 "copiedTo": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo", 3158 "delegatedTo": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo", 3159 "dependsOn": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn", 3160 "descendantOf": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf", 3161 "describes": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes", 3162 "doesNotAffect": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect", 3163 "expandsTo": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo", 3164 "exploitCreatedBy": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy", 3165 "fixedBy": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy", 3166 "fixedIn": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn", 3167 "foundBy": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy", 3168 "generates": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates", 3169 "hasAddedFile": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile", 3170 "hasAssessmentFor": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor", 3171 "hasAssociatedVulnerability": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability", 3172 "hasConcludedLicense": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense", 3173 "hasDataFile": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile", 3174 "hasDeclaredLicense": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense", 3175 "hasDeletedFile": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile", 3176 "hasDependencyManifest": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest", 3177 "hasDistributionArtifact": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact", 3178 "hasDocumentation": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation", 3179 "hasDynamicLink": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink", 3180 "hasEvidence": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence", 3181 "hasExample": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample", 3182 "hasHost": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost", 3183 "hasInput": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput", 3184 "hasMetadata": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata", 3185 "hasOptionalComponent": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent", 3186 "hasOptionalDependency": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency", 3187 "hasOutput": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput", 3188 "hasPrerequisite": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite", 3189 "hasProvidedDependency": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency", 3190 "hasRequirement": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement", 3191 "hasSpecification": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification", 3192 "hasStaticLink": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink", 3193 "hasTest": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest", 3194 "hasTestCase": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase", 3195 "hasVariant": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant", 3196 "invokedBy": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy", 3197 "modifiedBy": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy", 3198 "other": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other", 3199 "packagedBy": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy", 3200 "patchedBy": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy", 3201 "publishedBy": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy", 3202 "reportedBy": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy", 3203 "republishedBy": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy", 3204 "serializedInArtifact": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact", 3205 "testedOn": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn", 3206 "trainedOn": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn", 3207 "underInvestigationFor": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor", 3208 "usesTool": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool", 3209 } 3210 # The `from` Vulnerability affects each `to` Element. The use of the `affects` type is constrained to `VexAffectedVulnAssessmentRelationship` classed relationships. 3211 affects = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects" 3212 # The `from` Element is amended by each `to` Element. 3213 amendedBy = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy" 3214 # The `from` Element is an ancestor of each `to` Element. 3215 ancestorOf = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf" 3216 # The `from` Element is available from the additional supplier described by each `to` Element. 3217 availableFrom = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom" 3218 # The `from` Element is a configuration applied to each `to` Element, during a LifecycleScopeType period. 3219 configures = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures" 3220 # The `from` Element contains each `to` Element. 3221 contains = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains" 3222 # The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent). 3223 coordinatedBy = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy" 3224 # The `from` Element has been copied to each `to` Element. 3225 copiedTo = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo" 3226 # The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. the `to` invokedBy Relationship is being done on behalf of `from`). 3227 delegatedTo = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo" 3228 # The `from` Element depends on each `to` Element, during a LifecycleScopeType period. 3229 dependsOn = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn" 3230 # The `from` Element is a descendant of each `to` Element. 3231 descendantOf = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf" 3232 # The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used. 3233 describes = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes" 3234 # The `from` Vulnerability has no impact on each `to` Element. The use of the `doesNotAffect` is constrained to `VexNotAffectedVulnAssessmentRelationship` classed relationships. 3235 doesNotAffect = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect" 3236 # The `from` archive expands out as an artifact described by each `to` Element. 3237 expandsTo = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo" 3238 # The `from` Vulnerability has had an exploit created against it by each `to` Agent. 3239 exploitCreatedBy = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy" 3240 # Designates a `from` Vulnerability has been fixed by the `to` Agent(s). 3241 fixedBy = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy" 3242 # A `from` Vulnerability has been fixed in each `to` Element. The use of the `fixedIn` type is constrained to `VexFixedVulnAssessmentRelationship` classed relationships. 3243 fixedIn = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn" 3244 # Designates a `from` Vulnerability was originally discovered by the `to` Agent(s). 3245 foundBy = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy" 3246 # The `from` Element generates each `to` Element. 3247 generates = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates" 3248 # Every `to` Element is a file added to the `from` Element (`from` hasAddedFile `to`). 3249 hasAddedFile = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile" 3250 # Relates a `from` Vulnerability and each `to` Element with a security assessment. To be used with `VulnAssessmentRelationship` types. 3251 hasAssessmentFor = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor" 3252 # Used to associate a `from` Artifact with each `to` Vulnerability. 3253 hasAssociatedVulnerability = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability" 3254 # The `from` SoftwareArtifact is concluded by the SPDX data creator to be governed by each `to` license. 3255 hasConcludedLicense = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense" 3256 # The `from` Element treats each `to` Element as a data file. A data file is an artifact that stores data required or optional for the `from` Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types: `trainedOn`, `testedOn`, `hasTest`, `configures`, `hasInput`, and `hasOutput`, respectively. This relationship does not imply dependency. 3257 hasDataFile = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile" 3258 # The `from` SoftwareArtifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling. 3259 hasDeclaredLicense = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense" 3260 # Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`). 3261 hasDeletedFile = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile" 3262 # The `from` Element has manifest files that contain dependency information in each `to` Element. 3263 hasDependencyManifest = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest" 3264 # The `from` Element is distributed as an artifact in each `to` Element (e.g. an RPM or archive file). 3265 hasDistributionArtifact = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact" 3266 # The `from` Element is documented by each `to` Element. 3267 hasDocumentation = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation" 3268 # The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period. 3269 hasDynamicLink = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink" 3270 # Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`). 3271 hasEvidence = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence" 3272 # Every `to` Element is an example for the `from` Element (`from` hasExample `to`). 3273 hasExample = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample" 3274 # The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. the host that the build runs on). 3275 hasHost = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost" 3276 # The `from` Build has each `to` Element as an input, during a LifecycleScopeType period. 3277 hasInput = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput" 3278 # Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`). 3279 hasMetadata = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata" 3280 # Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent `to`). 3281 hasOptionalComponent = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent" 3282 # The `from` Element optionally depends on each `to` Element, during a LifecycleScopeType period. 3283 hasOptionalDependency = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency" 3284 # The `from` Build element generates each `to` Element as an output, during a LifecycleScopeType period. 3285 hasOutput = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput" 3286 # The `from` Element has a prerequisite on each `to` Element, during a LifecycleScopeType period. 3287 hasPrerequisite = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite" 3288 # The `from` Element has a dependency on each `to` Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period. 3289 hasProvidedDependency = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency" 3290 # The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period. 3291 hasRequirement = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement" 3292 # Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period. 3293 hasSpecification = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification" 3294 # The `from` Element statically links in each `to` Element, during a LifecycleScopeType period. 3295 hasStaticLink = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink" 3296 # Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period. 3297 hasTest = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest" 3298 # Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`). 3299 hasTestCase = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase" 3300 # Every `to` Element is a variant the `from` Element (`from` hasVariant `to`). 3301 hasVariant = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant" 3302 # The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step). 3303 invokedBy = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy" 3304 # The `from` Element is modified by each `to` Element. 3305 modifiedBy = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy" 3306 # Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless). 3307 other = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other" 3308 # Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`). 3309 packagedBy = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy" 3310 # Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`). 3311 patchedBy = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy" 3312 # Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent. 3313 publishedBy = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy" 3314 # Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent. 3315 reportedBy = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy" 3316 # Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by each `to` Agent. 3317 republishedBy = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy" 3318 # The `from` SpdxDocument can be found in a serialized form in each `to` Artifact. 3319 serializedInArtifact = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact" 3320 # The `from` Element has been tested on the `to` Element(s). 3321 testedOn = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn" 3322 # The `from` Element has been trained on the `to` Element(s). 3323 trainedOn = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn" 3324 # The `from` Vulnerability impact is being investigated for each `to` Element. The use of the `underInvestigationFor` type is constrained to `VexUnderInvestigationVulnAssessmentRelationship` classed relationships. 3325 underInvestigationFor = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor" 3326 # The `from` Element uses each `to` Element as a tool, during a LifecycleScopeType period. 3327 usesTool = "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool" 3328 3329 3330# A collection of SPDX Elements that could potentially be serialized. 3331@register("https://spdx.org/rdf/3.0.1/terms/Core/SpdxDocument", compact_type="SpdxDocument", abstract=False) 3332class SpdxDocument(ElementCollection): 3333 NODE_KIND = NodeKind.IRI 3334 ID_ALIAS = "spdxId" 3335 NAMED_INDIVIDUALS = { 3336 } 3337 3338 @classmethod 3339 def _register_props(cls): 3340 super()._register_props() 3341 # Provides the license under which the SPDX documentation of the Element can be 3342 # used. 3343 cls._add_property( 3344 "dataLicense", 3345 ObjectProp(simplelicensing_AnyLicenseInfo, False, context=[ 3346 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "expandedlicensing_NoneLicense"), 3347 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "expandedlicensing_NoAssertionLicense"), 3348 ],), 3349 iri="https://spdx.org/rdf/3.0.1/terms/Core/dataLicense", 3350 compact="dataLicense", 3351 ) 3352 # Provides an ExternalMap of Element identifiers. 3353 cls._add_property( 3354 "import_", 3355 ListProp(ObjectProp(ExternalMap, False)), 3356 iri="https://spdx.org/rdf/3.0.1/terms/Core/import", 3357 compact="import", 3358 ) 3359 # Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance. 3360 cls._add_property( 3361 "namespaceMap", 3362 ListProp(ObjectProp(NamespaceMap, False)), 3363 iri="https://spdx.org/rdf/3.0.1/terms/Core/namespaceMap", 3364 compact="namespaceMap", 3365 ) 3366 3367 3368# Indicates the type of support that is associated with an artifact. 3369@register("https://spdx.org/rdf/3.0.1/terms/Core/SupportType", compact_type="SupportType", abstract=False) 3370class SupportType(SHACLObject): 3371 NODE_KIND = NodeKind.BlankNodeOrIRI 3372 NAMED_INDIVIDUALS = { 3373 "deployed": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed", 3374 "development": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development", 3375 "endOfSupport": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport", 3376 "limitedSupport": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport", 3377 "noAssertion": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion", 3378 "noSupport": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport", 3379 "support": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support", 3380 } 3381 # in addition to being supported by the supplier, the software is known to have been deployed and is in use. For a software as a service provider, this implies the software is now available as a service. 3382 deployed = "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed" 3383 # the artifact is in active development and is not considered ready for formal support from the supplier. 3384 development = "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development" 3385 # there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact. 3386 endOfSupport = "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport" 3387 # the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support. 3388 limitedSupport = "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport" 3389 # no assertion about the type of support is made. This is considered the default if no other support type is used. 3390 noAssertion = "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion" 3391 # there is no support for the artifact from the supplier, consumer assumes any support obligations. 3392 noSupport = "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport" 3393 # the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support. 3394 support = "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support" 3395 3396 3397# An element of hardware and/or software utilized to carry out a particular function. 3398@register("https://spdx.org/rdf/3.0.1/terms/Core/Tool", compact_type="Tool", abstract=False) 3399class Tool(Element): 3400 NODE_KIND = NodeKind.IRI 3401 ID_ALIAS = "spdxId" 3402 NAMED_INDIVIDUALS = { 3403 } 3404 3405 3406# Categories of confidentiality level. 3407@register("https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType", compact_type="dataset_ConfidentialityLevelType", abstract=False) 3408class dataset_ConfidentialityLevelType(SHACLObject): 3409 NODE_KIND = NodeKind.BlankNodeOrIRI 3410 NAMED_INDIVIDUALS = { 3411 "amber": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber", 3412 "clear": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear", 3413 "green": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green", 3414 "red": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red", 3415 } 3416 # Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis. 3417 amber = "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber" 3418 # Dataset may be distributed freely, without restriction. 3419 clear = "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear" 3420 # Dataset can be shared within a community of peers and partners. 3421 green = "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green" 3422 # Data points in the dataset are highly confidential and can only be shared with named recipients. 3423 red = "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red" 3424 3425 3426# Availability of dataset. 3427@register("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType", compact_type="dataset_DatasetAvailabilityType", abstract=False) 3428class dataset_DatasetAvailabilityType(SHACLObject): 3429 NODE_KIND = NodeKind.BlankNodeOrIRI 3430 NAMED_INDIVIDUALS = { 3431 "clickthrough": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough", 3432 "directDownload": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload", 3433 "query": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query", 3434 "registration": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration", 3435 "scrapingScript": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript", 3436 } 3437 # the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage. 3438 clickthrough = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough" 3439 # the dataset is publicly available and can be downloaded directly. 3440 directDownload = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload" 3441 # the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset. 3442 query = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query" 3443 # the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms. 3444 registration = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration" 3445 # the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data. 3446 scrapingScript = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript" 3447 3448 3449# Enumeration of dataset types. 3450@register("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType", compact_type="dataset_DatasetType", abstract=False) 3451class dataset_DatasetType(SHACLObject): 3452 NODE_KIND = NodeKind.BlankNodeOrIRI 3453 NAMED_INDIVIDUALS = { 3454 "audio": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio", 3455 "categorical": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical", 3456 "graph": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph", 3457 "image": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image", 3458 "noAssertion": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion", 3459 "numeric": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric", 3460 "other": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other", 3461 "sensor": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor", 3462 "structured": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured", 3463 "syntactic": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic", 3464 "text": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text", 3465 "timeseries": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries", 3466 "timestamp": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp", 3467 "video": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video", 3468 } 3469 # data is audio based, such as a collection of music from the 80s. 3470 audio = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio" 3471 # data that is classified into a discrete number of categories, such as the eye color of a population of people. 3472 categorical = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical" 3473 # data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends. 3474 graph = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph" 3475 # data is a collection of images such as pictures of animals. 3476 image = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image" 3477 # data type is not known. 3478 noAssertion = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion" 3479 # data consists only of numeric entries. 3480 numeric = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric" 3481 # data is of a type not included in this list. 3482 other = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other" 3483 # data is recorded from a physical sensor, such as a thermometer reading or biometric device. 3484 sensor = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor" 3485 # data is stored in tabular format or retrieved from a relational database. 3486 structured = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured" 3487 # data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing. 3488 syntactic = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic" 3489 # data consists of unstructured text, such as a book, Wikipedia article (without images), or transcript. 3490 text = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text" 3491 # data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day. 3492 timeseries = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries" 3493 # data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends. 3494 timestamp = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp" 3495 # data is video based, such as a collection of movie clips featuring Tom Hanks. 3496 video = "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video" 3497 3498 3499# Abstract class for additional text intended to be added to a License, but 3500# which is not itself a standalone License. 3501@register("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/LicenseAddition", compact_type="expandedlicensing_LicenseAddition", abstract=True) 3502class expandedlicensing_LicenseAddition(Element): 3503 NODE_KIND = NodeKind.IRI 3504 ID_ALIAS = "spdxId" 3505 NAMED_INDIVIDUALS = { 3506 } 3507 3508 @classmethod 3509 def _register_props(cls): 3510 super()._register_props() 3511 # Identifies the full text of a LicenseAddition. 3512 cls._add_property( 3513 "expandedlicensing_additionText", 3514 StringProp(), 3515 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/additionText", 3516 min_count=1, 3517 compact="expandedlicensing_additionText", 3518 ) 3519 # Specifies whether an additional text identifier has been marked as deprecated. 3520 cls._add_property( 3521 "expandedlicensing_isDeprecatedAdditionId", 3522 BooleanProp(), 3523 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedAdditionId", 3524 compact="expandedlicensing_isDeprecatedAdditionId", 3525 ) 3526 # Identifies all the text and metadata associated with a license in the license 3527 # XML format. 3528 cls._add_property( 3529 "expandedlicensing_licenseXml", 3530 StringProp(), 3531 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml", 3532 compact="expandedlicensing_licenseXml", 3533 ) 3534 # Specifies the licenseId that is preferred to be used in place of a deprecated 3535 # License or LicenseAddition. 3536 cls._add_property( 3537 "expandedlicensing_obsoletedBy", 3538 StringProp(), 3539 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy", 3540 compact="expandedlicensing_obsoletedBy", 3541 ) 3542 # Contains a URL where the License or LicenseAddition can be found in use. 3543 cls._add_property( 3544 "expandedlicensing_seeAlso", 3545 ListProp(AnyURIProp()), 3546 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso", 3547 compact="expandedlicensing_seeAlso", 3548 ) 3549 # Identifies the full text of a LicenseAddition, in SPDX templating format. 3550 cls._add_property( 3551 "expandedlicensing_standardAdditionTemplate", 3552 StringProp(), 3553 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardAdditionTemplate", 3554 compact="expandedlicensing_standardAdditionTemplate", 3555 ) 3556 3557 3558# A license exception that is listed on the SPDX Exceptions list. 3559@register("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicenseException", compact_type="expandedlicensing_ListedLicenseException", abstract=False) 3560class expandedlicensing_ListedLicenseException(expandedlicensing_LicenseAddition): 3561 NODE_KIND = NodeKind.IRI 3562 ID_ALIAS = "spdxId" 3563 NAMED_INDIVIDUALS = { 3564 } 3565 3566 @classmethod 3567 def _register_props(cls): 3568 super()._register_props() 3569 # Specifies the SPDX License List version in which this license or exception 3570 # identifier was deprecated. 3571 cls._add_property( 3572 "expandedlicensing_deprecatedVersion", 3573 StringProp(), 3574 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion", 3575 compact="expandedlicensing_deprecatedVersion", 3576 ) 3577 # Specifies the SPDX License List version in which this ListedLicense or 3578 # ListedLicenseException identifier was first added. 3579 cls._add_property( 3580 "expandedlicensing_listVersionAdded", 3581 StringProp(), 3582 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded", 3583 compact="expandedlicensing_listVersionAdded", 3584 ) 3585 3586 3587# A property name with an associated value. 3588@register("https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", compact_type="extension_CdxPropertyEntry", abstract=False) 3589class extension_CdxPropertyEntry(SHACLObject): 3590 NODE_KIND = NodeKind.BlankNode 3591 NAMED_INDIVIDUALS = { 3592 } 3593 3594 @classmethod 3595 def _register_props(cls): 3596 super()._register_props() 3597 # A name used in a CdxPropertyEntry name-value pair. 3598 cls._add_property( 3599 "extension_cdxPropName", 3600 StringProp(), 3601 iri="https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName", 3602 min_count=1, 3603 compact="extension_cdxPropName", 3604 ) 3605 # A value used in a CdxPropertyEntry name-value pair. 3606 cls._add_property( 3607 "extension_cdxPropValue", 3608 StringProp(), 3609 iri="https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue", 3610 compact="extension_cdxPropValue", 3611 ) 3612 3613 3614# A characterization of some aspect of an Element that is associated with the Element in a generalized fashion. 3615@register("https://spdx.org/rdf/3.0.1/terms/Extension/Extension", compact_type="extension_Extension", abstract=True) 3616class extension_Extension(SHACLExtensibleObject, SHACLObject): 3617 NODE_KIND = NodeKind.BlankNode 3618 NAMED_INDIVIDUALS = { 3619 } 3620 3621 3622# Specifies the CVSS base, temporal, threat, or environmental severity type. 3623@register("https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType", compact_type="security_CvssSeverityType", abstract=False) 3624class security_CvssSeverityType(SHACLObject): 3625 NODE_KIND = NodeKind.BlankNodeOrIRI 3626 NAMED_INDIVIDUALS = { 3627 "critical": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical", 3628 "high": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high", 3629 "low": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low", 3630 "medium": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium", 3631 "none": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none", 3632 } 3633 # When a CVSS score is between 9.0 - 10.0 3634 critical = "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical" 3635 # When a CVSS score is between 7.0 - 8.9 3636 high = "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high" 3637 # When a CVSS score is between 0.1 - 3.9 3638 low = "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low" 3639 # When a CVSS score is between 4.0 - 6.9 3640 medium = "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium" 3641 # When a CVSS score is 0.0 3642 none = "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none" 3643 3644 3645# Specifies the exploit catalog type. 3646@register("https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType", compact_type="security_ExploitCatalogType", abstract=False) 3647class security_ExploitCatalogType(SHACLObject): 3648 NODE_KIND = NodeKind.BlankNodeOrIRI 3649 NAMED_INDIVIDUALS = { 3650 "kev": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev", 3651 "other": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other", 3652 } 3653 # CISA's Known Exploited Vulnerability (KEV) Catalog 3654 kev = "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev" 3655 # Other exploit catalogs 3656 other = "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other" 3657 3658 3659# Specifies the SSVC decision type. 3660@register("https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType", compact_type="security_SsvcDecisionType", abstract=False) 3661class security_SsvcDecisionType(SHACLObject): 3662 NODE_KIND = NodeKind.BlankNodeOrIRI 3663 NAMED_INDIVIDUALS = { 3664 "act": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act", 3665 "attend": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend", 3666 "track": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track", 3667 "trackStar": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar", 3668 } 3669 # The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible. 3670 act = "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act" 3671 # The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines. 3672 attend = "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend" 3673 # The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines. 3674 track = "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track" 3675 # ("Track\*" in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track\* vulnerabilities within standard update timelines. 3676 trackStar = "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar" 3677 3678 3679# Specifies the VEX justification type. 3680@register("https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType", compact_type="security_VexJustificationType", abstract=False) 3681class security_VexJustificationType(SHACLObject): 3682 NODE_KIND = NodeKind.BlankNodeOrIRI 3683 NAMED_INDIVIDUALS = { 3684 "componentNotPresent": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent", 3685 "inlineMitigationsAlreadyExist": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist", 3686 "vulnerableCodeCannotBeControlledByAdversary": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", 3687 "vulnerableCodeNotInExecutePath": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath", 3688 "vulnerableCodeNotPresent": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent", 3689 } 3690 # The software is not affected because the vulnerable component is not in the product. 3691 componentNotPresent = "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent" 3692 # Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability. 3693 inlineMitigationsAlreadyExist = "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist" 3694 # The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack. 3695 vulnerableCodeCannotBeControlledByAdversary = "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary" 3696 # The affected code is not reachable through the execution of the code, including non-anticipated states of the product. 3697 vulnerableCodeNotInExecutePath = "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath" 3698 # The product is not affected because the code underlying the vulnerability is not present in the product. 3699 vulnerableCodeNotPresent = "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent" 3700 3701 3702# Abstract ancestor class for all vulnerability assessments 3703@register("https://spdx.org/rdf/3.0.1/terms/Security/VulnAssessmentRelationship", compact_type="security_VulnAssessmentRelationship", abstract=True) 3704class security_VulnAssessmentRelationship(Relationship): 3705 NODE_KIND = NodeKind.IRI 3706 ID_ALIAS = "spdxId" 3707 NAMED_INDIVIDUALS = { 3708 } 3709 3710 @classmethod 3711 def _register_props(cls): 3712 super()._register_props() 3713 # Identifies who or what supplied the artifact or VulnAssessmentRelationship 3714 # referenced by the Element. 3715 cls._add_property( 3716 "suppliedBy", 3717 ObjectProp(Agent, False, context=[ 3718 ("https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "SpdxOrganization"), 3719 ],), 3720 iri="https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy", 3721 compact="suppliedBy", 3722 ) 3723 # Specifies an Element contained in a piece of software where a vulnerability was 3724 # found. 3725 cls._add_property( 3726 "security_assessedElement", 3727 ObjectProp(Element, False, context=[ 3728 ("https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", "NoneElement"), 3729 ("https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "SpdxOrganization"), 3730 ("https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", "NoAssertionElement"), 3731 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "expandedlicensing_NoneLicense"), 3732 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "expandedlicensing_NoAssertionLicense"), 3733 ],), 3734 iri="https://spdx.org/rdf/3.0.1/terms/Security/assessedElement", 3735 compact="security_assessedElement", 3736 ) 3737 # Specifies a time when a vulnerability assessment was modified 3738 cls._add_property( 3739 "security_modifiedTime", 3740 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 3741 iri="https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime", 3742 compact="security_modifiedTime", 3743 ) 3744 # Specifies the time when a vulnerability was published. 3745 cls._add_property( 3746 "security_publishedTime", 3747 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 3748 iri="https://spdx.org/rdf/3.0.1/terms/Security/publishedTime", 3749 compact="security_publishedTime", 3750 ) 3751 # Specified the time and date when a vulnerability was withdrawn. 3752 cls._add_property( 3753 "security_withdrawnTime", 3754 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 3755 iri="https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime", 3756 compact="security_withdrawnTime", 3757 ) 3758 3759 3760# Abstract class representing a license combination consisting of one or more licenses. 3761@register("https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", compact_type="simplelicensing_AnyLicenseInfo", abstract=True) 3762class simplelicensing_AnyLicenseInfo(Element): 3763 NODE_KIND = NodeKind.IRI 3764 ID_ALIAS = "spdxId" 3765 NAMED_INDIVIDUALS = { 3766 } 3767 3768 3769# An SPDX Element containing an SPDX license expression string. 3770@register("https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", compact_type="simplelicensing_LicenseExpression", abstract=False) 3771class simplelicensing_LicenseExpression(simplelicensing_AnyLicenseInfo): 3772 NODE_KIND = NodeKind.IRI 3773 ID_ALIAS = "spdxId" 3774 NAMED_INDIVIDUALS = { 3775 } 3776 3777 @classmethod 3778 def _register_props(cls): 3779 super()._register_props() 3780 # Maps a LicenseRef or AdditionRef string for a Custom License or a Custom 3781 # License Addition to its URI ID. 3782 cls._add_property( 3783 "simplelicensing_customIdToUri", 3784 ListProp(ObjectProp(DictionaryEntry, False)), 3785 iri="https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri", 3786 compact="simplelicensing_customIdToUri", 3787 ) 3788 # A string in the license expression format. 3789 cls._add_property( 3790 "simplelicensing_licenseExpression", 3791 StringProp(), 3792 iri="https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression", 3793 min_count=1, 3794 compact="simplelicensing_licenseExpression", 3795 ) 3796 # The version of the SPDX License List used in the license expression. 3797 cls._add_property( 3798 "simplelicensing_licenseListVersion", 3799 StringProp(pattern=r"^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$",), 3800 iri="https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion", 3801 compact="simplelicensing_licenseListVersion", 3802 ) 3803 3804 3805# A license or addition that is not listed on the SPDX License List. 3806@register("https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText", compact_type="simplelicensing_SimpleLicensingText", abstract=False) 3807class simplelicensing_SimpleLicensingText(Element): 3808 NODE_KIND = NodeKind.IRI 3809 ID_ALIAS = "spdxId" 3810 NAMED_INDIVIDUALS = { 3811 } 3812 3813 @classmethod 3814 def _register_props(cls): 3815 super()._register_props() 3816 # Identifies the full text of a License or Addition. 3817 cls._add_property( 3818 "simplelicensing_licenseText", 3819 StringProp(), 3820 iri="https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText", 3821 min_count=1, 3822 compact="simplelicensing_licenseText", 3823 ) 3824 3825 3826# A canonical, unique, immutable identifier 3827@register("https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifier", compact_type="software_ContentIdentifier", abstract=False) 3828class software_ContentIdentifier(IntegrityMethod): 3829 NODE_KIND = NodeKind.BlankNode 3830 NAMED_INDIVIDUALS = { 3831 } 3832 3833 @classmethod 3834 def _register_props(cls): 3835 super()._register_props() 3836 # Specifies the type of the content identifier. 3837 cls._add_property( 3838 "software_contentIdentifierType", 3839 EnumProp([ 3840 ("https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid", "gitoid"), 3841 ("https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid", "swhid"), 3842 ]), 3843 iri="https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierType", 3844 min_count=1, 3845 compact="software_contentIdentifierType", 3846 ) 3847 # Specifies the value of the content identifier. 3848 cls._add_property( 3849 "software_contentIdentifierValue", 3850 AnyURIProp(), 3851 iri="https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifierValue", 3852 min_count=1, 3853 compact="software_contentIdentifierValue", 3854 ) 3855 3856 3857# Specifies the type of a content identifier. 3858@register("https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType", compact_type="software_ContentIdentifierType", abstract=False) 3859class software_ContentIdentifierType(SHACLObject): 3860 NODE_KIND = NodeKind.BlankNodeOrIRI 3861 NAMED_INDIVIDUALS = { 3862 "gitoid": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid", 3863 "swhid": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid", 3864 } 3865 # [Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg). 3866 gitoid = "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid" 3867 # SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`. 3868 swhid = "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid" 3869 3870 3871# Enumeration of the different kinds of SPDX file. 3872@register("https://spdx.org/rdf/3.0.1/terms/Software/FileKindType", compact_type="software_FileKindType", abstract=False) 3873class software_FileKindType(SHACLObject): 3874 NODE_KIND = NodeKind.BlankNodeOrIRI 3875 NAMED_INDIVIDUALS = { 3876 "directory": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory", 3877 "file": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file", 3878 } 3879 # The file represents a directory and all content stored in that directory. 3880 directory = "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory" 3881 # The file represents a single file (default). 3882 file = "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file" 3883 3884 3885# Provides a set of values to be used to describe the common types of SBOMs that 3886# tools may create. 3887@register("https://spdx.org/rdf/3.0.1/terms/Software/SbomType", compact_type="software_SbomType", abstract=False) 3888class software_SbomType(SHACLObject): 3889 NODE_KIND = NodeKind.BlankNodeOrIRI 3890 NAMED_INDIVIDUALS = { 3891 "analyzed": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed", 3892 "build": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build", 3893 "deployed": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed", 3894 "design": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design", 3895 "runtime": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime", 3896 "source": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source", 3897 } 3898 # SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a "3rd party" SBOM. 3899 analyzed = "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed" 3900 # SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs. 3901 build = "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build" 3902 # SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment. 3903 deployed = "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed" 3904 # SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact. 3905 design = "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design" 3906 # SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an "Instrumented" or "Dynamic" SBOM. 3907 runtime = "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime" 3908 # SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact. 3909 source = "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source" 3910 3911 3912# Provides information about the primary purpose of an Element. 3913@register("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose", compact_type="software_SoftwarePurpose", abstract=False) 3914class software_SoftwarePurpose(SHACLObject): 3915 NODE_KIND = NodeKind.BlankNodeOrIRI 3916 NAMED_INDIVIDUALS = { 3917 "application": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application", 3918 "archive": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive", 3919 "bom": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom", 3920 "configuration": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration", 3921 "container": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container", 3922 "data": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data", 3923 "device": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device", 3924 "deviceDriver": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver", 3925 "diskImage": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage", 3926 "documentation": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation", 3927 "evidence": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence", 3928 "executable": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable", 3929 "file": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file", 3930 "filesystemImage": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage", 3931 "firmware": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware", 3932 "framework": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework", 3933 "install": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install", 3934 "library": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library", 3935 "manifest": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest", 3936 "model": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model", 3937 "module": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module", 3938 "operatingSystem": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem", 3939 "other": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other", 3940 "patch": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch", 3941 "platform": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform", 3942 "requirement": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement", 3943 "source": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source", 3944 "specification": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification", 3945 "test": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test", 3946 } 3947 # The Element is a software application. 3948 application = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application" 3949 # The Element is an archived collection of one or more files (.tar, .zip, etc.). 3950 archive = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive" 3951 # The Element is a bill of materials. 3952 bom = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom" 3953 # The Element is configuration data. 3954 configuration = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration" 3955 # The Element is a container image which can be used by a container runtime application. 3956 container = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container" 3957 # The Element is data. 3958 data = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data" 3959 # The Element refers to a chipset, processor, or electronic board. 3960 device = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device" 3961 # The Element represents software that controls hardware devices. 3962 deviceDriver = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver" 3963 # The Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc. 3964 diskImage = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage" 3965 # The Element is documentation. 3966 documentation = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation" 3967 # The Element is the evidence that a specification or requirement has been fulfilled. 3968 evidence = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence" 3969 # The Element is an Artifact that can be run on a computer. 3970 executable = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable" 3971 # The Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc.). 3972 file = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file" 3973 # The Element is a file system image that can be written to a disk (or virtual) partition. 3974 filesystemImage = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage" 3975 # The Element provides low level control over a device's hardware. 3976 firmware = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware" 3977 # The Element is a software framework. 3978 framework = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework" 3979 # The Element is used to install software on disk. 3980 install = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install" 3981 # The Element is a software library. 3982 library = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library" 3983 # The Element is a software manifest. 3984 manifest = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest" 3985 # The Element is a machine learning or artificial intelligence model. 3986 model = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model" 3987 # The Element is a module of a piece of software. 3988 module = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module" 3989 # The Element is an operating system. 3990 operatingSystem = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem" 3991 # The Element doesn't fit into any of the other categories. 3992 other = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other" 3993 # The Element contains a set of changes to update, fix, or improve another Element. 3994 patch = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch" 3995 # The Element represents a runtime environment. 3996 platform = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform" 3997 # The Element provides a requirement needed as input for another Element. 3998 requirement = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement" 3999 # The Element is a single or a collection of source files. 4000 source = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source" 4001 # The Element is a plan, guideline or strategy how to create, perform or analyze an application. 4002 specification = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification" 4003 # The Element is a test used to verify functionality on an software element. 4004 test = "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test" 4005 4006 4007# Class that describes a build instance of software/artifacts. 4008@register("https://spdx.org/rdf/3.0.1/terms/Build/Build", compact_type="build_Build", abstract=False) 4009class build_Build(Element): 4010 NODE_KIND = NodeKind.IRI 4011 ID_ALIAS = "spdxId" 4012 NAMED_INDIVIDUALS = { 4013 } 4014 4015 @classmethod 4016 def _register_props(cls): 4017 super()._register_props() 4018 # Property that describes the time at which a build stops. 4019 cls._add_property( 4020 "build_buildEndTime", 4021 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 4022 iri="https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime", 4023 compact="build_buildEndTime", 4024 ) 4025 # A buildId is a locally unique identifier used by a builder to identify a unique 4026 # instance of a build produced by it. 4027 cls._add_property( 4028 "build_buildId", 4029 StringProp(), 4030 iri="https://spdx.org/rdf/3.0.1/terms/Build/buildId", 4031 compact="build_buildId", 4032 ) 4033 # Property describing the start time of a build. 4034 cls._add_property( 4035 "build_buildStartTime", 4036 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 4037 iri="https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime", 4038 compact="build_buildStartTime", 4039 ) 4040 # A buildType is a hint that is used to indicate the toolchain, platform, or 4041 # infrastructure that the build was invoked on. 4042 cls._add_property( 4043 "build_buildType", 4044 AnyURIProp(), 4045 iri="https://spdx.org/rdf/3.0.1/terms/Build/buildType", 4046 min_count=1, 4047 compact="build_buildType", 4048 ) 4049 # Property that describes the digest of the build configuration file used to 4050 # invoke a build. 4051 cls._add_property( 4052 "build_configSourceDigest", 4053 ListProp(ObjectProp(Hash, False)), 4054 iri="https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest", 4055 compact="build_configSourceDigest", 4056 ) 4057 # Property describes the invocation entrypoint of a build. 4058 cls._add_property( 4059 "build_configSourceEntrypoint", 4060 ListProp(StringProp()), 4061 iri="https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint", 4062 compact="build_configSourceEntrypoint", 4063 ) 4064 # Property that describes the URI of the build configuration source file. 4065 cls._add_property( 4066 "build_configSourceUri", 4067 ListProp(AnyURIProp()), 4068 iri="https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri", 4069 compact="build_configSourceUri", 4070 ) 4071 # Property describing the session in which a build is invoked. 4072 cls._add_property( 4073 "build_environment", 4074 ListProp(ObjectProp(DictionaryEntry, False)), 4075 iri="https://spdx.org/rdf/3.0.1/terms/Build/environment", 4076 compact="build_environment", 4077 ) 4078 # Property describing a parameter used in an instance of a build. 4079 cls._add_property( 4080 "build_parameter", 4081 ListProp(ObjectProp(DictionaryEntry, False)), 4082 iri="https://spdx.org/rdf/3.0.1/terms/Build/parameter", 4083 compact="build_parameter", 4084 ) 4085 4086 4087# Agent represents anything with the potential to act on a system. 4088@register("https://spdx.org/rdf/3.0.1/terms/Core/Agent", compact_type="Agent", abstract=False) 4089class Agent(Element): 4090 NODE_KIND = NodeKind.IRI 4091 ID_ALIAS = "spdxId" 4092 NAMED_INDIVIDUALS = { 4093 } 4094 4095 4096# An assertion made in relation to one or more elements. 4097@register("https://spdx.org/rdf/3.0.1/terms/Core/Annotation", compact_type="Annotation", abstract=False) 4098class Annotation(Element): 4099 NODE_KIND = NodeKind.IRI 4100 ID_ALIAS = "spdxId" 4101 NAMED_INDIVIDUALS = { 4102 } 4103 4104 @classmethod 4105 def _register_props(cls): 4106 super()._register_props() 4107 # Describes the type of annotation. 4108 cls._add_property( 4109 "annotationType", 4110 EnumProp([ 4111 ("https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other", "other"), 4112 ("https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review", "review"), 4113 ]), 4114 iri="https://spdx.org/rdf/3.0.1/terms/Core/annotationType", 4115 min_count=1, 4116 compact="annotationType", 4117 ) 4118 # Provides information about the content type of an Element or a Property. 4119 cls._add_property( 4120 "contentType", 4121 StringProp(pattern=r"^[^\/]+\/[^\/]+$",), 4122 iri="https://spdx.org/rdf/3.0.1/terms/Core/contentType", 4123 compact="contentType", 4124 ) 4125 # Commentary on an assertion that an annotator has made. 4126 cls._add_property( 4127 "statement", 4128 StringProp(), 4129 iri="https://spdx.org/rdf/3.0.1/terms/Core/statement", 4130 compact="statement", 4131 ) 4132 # An Element an annotator has made an assertion about. 4133 cls._add_property( 4134 "subject", 4135 ObjectProp(Element, True, context=[ 4136 ("https://spdx.org/rdf/3.0.1/terms/Core/NoneElement", "NoneElement"), 4137 ("https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "SpdxOrganization"), 4138 ("https://spdx.org/rdf/3.0.1/terms/Core/NoAssertionElement", "NoAssertionElement"), 4139 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "expandedlicensing_NoneLicense"), 4140 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "expandedlicensing_NoAssertionLicense"), 4141 ],), 4142 iri="https://spdx.org/rdf/3.0.1/terms/Core/subject", 4143 min_count=1, 4144 compact="subject", 4145 ) 4146 4147 4148# A distinct article or unit within the digital domain. 4149@register("https://spdx.org/rdf/3.0.1/terms/Core/Artifact", compact_type="Artifact", abstract=True) 4150class Artifact(Element): 4151 NODE_KIND = NodeKind.IRI 4152 ID_ALIAS = "spdxId" 4153 NAMED_INDIVIDUALS = { 4154 } 4155 4156 @classmethod 4157 def _register_props(cls): 4158 super()._register_props() 4159 # Specifies the time an artifact was built. 4160 cls._add_property( 4161 "builtTime", 4162 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 4163 iri="https://spdx.org/rdf/3.0.1/terms/Core/builtTime", 4164 compact="builtTime", 4165 ) 4166 # Identifies from where or whom the Element originally came. 4167 cls._add_property( 4168 "originatedBy", 4169 ListProp(ObjectProp(Agent, False, context=[ 4170 ("https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "SpdxOrganization"), 4171 ],)), 4172 iri="https://spdx.org/rdf/3.0.1/terms/Core/originatedBy", 4173 compact="originatedBy", 4174 ) 4175 # Specifies the time an artifact was released. 4176 cls._add_property( 4177 "releaseTime", 4178 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 4179 iri="https://spdx.org/rdf/3.0.1/terms/Core/releaseTime", 4180 compact="releaseTime", 4181 ) 4182 # The name of a relevant standard that may apply to an artifact. 4183 cls._add_property( 4184 "standardName", 4185 ListProp(StringProp()), 4186 iri="https://spdx.org/rdf/3.0.1/terms/Core/standardName", 4187 compact="standardName", 4188 ) 4189 # Identifies who or what supplied the artifact or VulnAssessmentRelationship 4190 # referenced by the Element. 4191 cls._add_property( 4192 "suppliedBy", 4193 ObjectProp(Agent, False, context=[ 4194 ("https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", "SpdxOrganization"), 4195 ],), 4196 iri="https://spdx.org/rdf/3.0.1/terms/Core/suppliedBy", 4197 compact="suppliedBy", 4198 ) 4199 # Specifies the level of support associated with an artifact. 4200 cls._add_property( 4201 "supportLevel", 4202 ListProp(EnumProp([ 4203 ("https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed", "deployed"), 4204 ("https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development", "development"), 4205 ("https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport", "endOfSupport"), 4206 ("https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport", "limitedSupport"), 4207 ("https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion", "noAssertion"), 4208 ("https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport", "noSupport"), 4209 ("https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support", "support"), 4210 ])), 4211 iri="https://spdx.org/rdf/3.0.1/terms/Core/supportLevel", 4212 compact="supportLevel", 4213 ) 4214 # Specifies until when the artifact can be used before its usage needs to be 4215 # reassessed. 4216 cls._add_property( 4217 "validUntilTime", 4218 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 4219 iri="https://spdx.org/rdf/3.0.1/terms/Core/validUntilTime", 4220 compact="validUntilTime", 4221 ) 4222 4223 4224# A collection of Elements that have a shared context. 4225@register("https://spdx.org/rdf/3.0.1/terms/Core/Bundle", compact_type="Bundle", abstract=False) 4226class Bundle(ElementCollection): 4227 NODE_KIND = NodeKind.IRI 4228 ID_ALIAS = "spdxId" 4229 NAMED_INDIVIDUALS = { 4230 } 4231 4232 @classmethod 4233 def _register_props(cls): 4234 super()._register_props() 4235 # Gives information about the circumstances or unifying properties 4236 # that Elements of the bundle have been assembled under. 4237 cls._add_property( 4238 "context", 4239 StringProp(), 4240 iri="https://spdx.org/rdf/3.0.1/terms/Core/context", 4241 compact="context", 4242 ) 4243 4244 4245# A mathematically calculated representation of a grouping of data. 4246@register("https://spdx.org/rdf/3.0.1/terms/Core/Hash", compact_type="Hash", abstract=False) 4247class Hash(IntegrityMethod): 4248 NODE_KIND = NodeKind.BlankNode 4249 NAMED_INDIVIDUALS = { 4250 } 4251 4252 @classmethod 4253 def _register_props(cls): 4254 super()._register_props() 4255 # Specifies the algorithm used for calculating the hash value. 4256 cls._add_property( 4257 "algorithm", 4258 EnumProp([ 4259 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32", "adler32"), 4260 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256", "blake2b256"), 4261 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384", "blake2b384"), 4262 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512", "blake2b512"), 4263 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3", "blake3"), 4264 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium", "crystalsDilithium"), 4265 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber", "crystalsKyber"), 4266 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon", "falcon"), 4267 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2", "md2"), 4268 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4", "md4"), 4269 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5", "md5"), 4270 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6", "md6"), 4271 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other", "other"), 4272 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1", "sha1"), 4273 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224", "sha224"), 4274 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256", "sha256"), 4275 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384", "sha384"), 4276 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224", "sha3_224"), 4277 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256", "sha3_256"), 4278 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384", "sha3_384"), 4279 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512", "sha3_512"), 4280 ("https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512", "sha512"), 4281 ]), 4282 iri="https://spdx.org/rdf/3.0.1/terms/Core/algorithm", 4283 min_count=1, 4284 compact="algorithm", 4285 ) 4286 # The result of applying a hash algorithm to an Element. 4287 cls._add_property( 4288 "hashValue", 4289 StringProp(), 4290 iri="https://spdx.org/rdf/3.0.1/terms/Core/hashValue", 4291 min_count=1, 4292 compact="hashValue", 4293 ) 4294 4295 4296# Provide context for a relationship that occurs in the lifecycle. 4297@register("https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopedRelationship", compact_type="LifecycleScopedRelationship", abstract=False) 4298class LifecycleScopedRelationship(Relationship): 4299 NODE_KIND = NodeKind.IRI 4300 ID_ALIAS = "spdxId" 4301 NAMED_INDIVIDUALS = { 4302 } 4303 4304 @classmethod 4305 def _register_props(cls): 4306 super()._register_props() 4307 # Capture the scope of information about a specific relationship between elements. 4308 cls._add_property( 4309 "scope", 4310 EnumProp([ 4311 ("https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build", "build"), 4312 ("https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design", "design"), 4313 ("https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development", "development"), 4314 ("https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other", "other"), 4315 ("https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime", "runtime"), 4316 ("https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test", "test"), 4317 ]), 4318 iri="https://spdx.org/rdf/3.0.1/terms/Core/scope", 4319 compact="scope", 4320 ) 4321 4322 4323# A group of people who work together in an organized way for a shared purpose. 4324@register("https://spdx.org/rdf/3.0.1/terms/Core/Organization", compact_type="Organization", abstract=False) 4325class Organization(Agent): 4326 NODE_KIND = NodeKind.IRI 4327 ID_ALIAS = "spdxId" 4328 NAMED_INDIVIDUALS = { 4329 "SpdxOrganization": "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization", 4330 } 4331 # An Organization representing the SPDX Project. 4332 SpdxOrganization = "https://spdx.org/rdf/3.0.1/terms/Core/SpdxOrganization" 4333 4334 4335# An individual human being. 4336@register("https://spdx.org/rdf/3.0.1/terms/Core/Person", compact_type="Person", abstract=False) 4337class Person(Agent): 4338 NODE_KIND = NodeKind.IRI 4339 ID_ALIAS = "spdxId" 4340 NAMED_INDIVIDUALS = { 4341 } 4342 4343 4344# A software agent. 4345@register("https://spdx.org/rdf/3.0.1/terms/Core/SoftwareAgent", compact_type="SoftwareAgent", abstract=False) 4346class SoftwareAgent(Agent): 4347 NODE_KIND = NodeKind.IRI 4348 ID_ALIAS = "spdxId" 4349 NAMED_INDIVIDUALS = { 4350 } 4351 4352 4353# Portion of an AnyLicenseInfo representing a set of licensing information 4354# where all elements apply. 4355@register("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ConjunctiveLicenseSet", compact_type="expandedlicensing_ConjunctiveLicenseSet", abstract=False) 4356class expandedlicensing_ConjunctiveLicenseSet(simplelicensing_AnyLicenseInfo): 4357 NODE_KIND = NodeKind.IRI 4358 ID_ALIAS = "spdxId" 4359 NAMED_INDIVIDUALS = { 4360 } 4361 4362 @classmethod 4363 def _register_props(cls): 4364 super()._register_props() 4365 # A license expression participating in a license set. 4366 cls._add_property( 4367 "expandedlicensing_member", 4368 ListProp(ObjectProp(simplelicensing_AnyLicenseInfo, False, context=[ 4369 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "expandedlicensing_NoneLicense"), 4370 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "expandedlicensing_NoAssertionLicense"), 4371 ],)), 4372 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member", 4373 min_count=2, 4374 compact="expandedlicensing_member", 4375 ) 4376 4377 4378# A license addition that is not listed on the SPDX Exceptions List. 4379@register("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicenseAddition", compact_type="expandedlicensing_CustomLicenseAddition", abstract=False) 4380class expandedlicensing_CustomLicenseAddition(expandedlicensing_LicenseAddition): 4381 NODE_KIND = NodeKind.IRI 4382 ID_ALIAS = "spdxId" 4383 NAMED_INDIVIDUALS = { 4384 } 4385 4386 4387# Portion of an AnyLicenseInfo representing a set of licensing information where 4388# only one of the elements applies. 4389@register("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/DisjunctiveLicenseSet", compact_type="expandedlicensing_DisjunctiveLicenseSet", abstract=False) 4390class expandedlicensing_DisjunctiveLicenseSet(simplelicensing_AnyLicenseInfo): 4391 NODE_KIND = NodeKind.IRI 4392 ID_ALIAS = "spdxId" 4393 NAMED_INDIVIDUALS = { 4394 } 4395 4396 @classmethod 4397 def _register_props(cls): 4398 super()._register_props() 4399 # A license expression participating in a license set. 4400 cls._add_property( 4401 "expandedlicensing_member", 4402 ListProp(ObjectProp(simplelicensing_AnyLicenseInfo, False, context=[ 4403 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", "expandedlicensing_NoneLicense"), 4404 ("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", "expandedlicensing_NoAssertionLicense"), 4405 ],)), 4406 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/member", 4407 min_count=2, 4408 compact="expandedlicensing_member", 4409 ) 4410 4411 4412# Abstract class representing a License or an OrLaterOperator. 4413@register("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ExtendableLicense", compact_type="expandedlicensing_ExtendableLicense", abstract=True) 4414class expandedlicensing_ExtendableLicense(simplelicensing_AnyLicenseInfo): 4415 NODE_KIND = NodeKind.IRI 4416 ID_ALIAS = "spdxId" 4417 NAMED_INDIVIDUALS = { 4418 } 4419 4420 4421# A concrete subclass of AnyLicenseInfo used by Individuals in the 4422# ExpandedLicensing profile. 4423@register("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/IndividualLicensingInfo", compact_type="expandedlicensing_IndividualLicensingInfo", abstract=False) 4424class expandedlicensing_IndividualLicensingInfo(simplelicensing_AnyLicenseInfo): 4425 NODE_KIND = NodeKind.IRI 4426 ID_ALIAS = "spdxId" 4427 NAMED_INDIVIDUALS = { 4428 "NoAssertionLicense": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense", 4429 "NoneLicense": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense", 4430 } 4431 # An Individual Value for License when no assertion can be made about its actual 4432 # value. 4433 NoAssertionLicense = "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoAssertionLicense" 4434 # An Individual Value for License where the SPDX data creator determines that no 4435 # license is present. 4436 NoneLicense = "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/NoneLicense" 4437 4438 4439# Abstract class for the portion of an AnyLicenseInfo representing a license. 4440@register("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/License", compact_type="expandedlicensing_License", abstract=True) 4441class expandedlicensing_License(expandedlicensing_ExtendableLicense): 4442 NODE_KIND = NodeKind.IRI 4443 ID_ALIAS = "spdxId" 4444 NAMED_INDIVIDUALS = { 4445 } 4446 4447 @classmethod 4448 def _register_props(cls): 4449 super()._register_props() 4450 # Specifies whether a license or additional text identifier has been marked as 4451 # deprecated. 4452 cls._add_property( 4453 "expandedlicensing_isDeprecatedLicenseId", 4454 BooleanProp(), 4455 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isDeprecatedLicenseId", 4456 compact="expandedlicensing_isDeprecatedLicenseId", 4457 ) 4458 # Specifies whether the License is listed as free by the 4459 # Free Software Foundation (FSF). 4460 cls._add_property( 4461 "expandedlicensing_isFsfLibre", 4462 BooleanProp(), 4463 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isFsfLibre", 4464 compact="expandedlicensing_isFsfLibre", 4465 ) 4466 # Specifies whether the License is listed as approved by the 4467 # Open Source Initiative (OSI). 4468 cls._add_property( 4469 "expandedlicensing_isOsiApproved", 4470 BooleanProp(), 4471 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/isOsiApproved", 4472 compact="expandedlicensing_isOsiApproved", 4473 ) 4474 # Identifies all the text and metadata associated with a license in the license 4475 # XML format. 4476 cls._add_property( 4477 "expandedlicensing_licenseXml", 4478 StringProp(), 4479 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/licenseXml", 4480 compact="expandedlicensing_licenseXml", 4481 ) 4482 # Specifies the licenseId that is preferred to be used in place of a deprecated 4483 # License or LicenseAddition. 4484 cls._add_property( 4485 "expandedlicensing_obsoletedBy", 4486 StringProp(), 4487 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/obsoletedBy", 4488 compact="expandedlicensing_obsoletedBy", 4489 ) 4490 # Contains a URL where the License or LicenseAddition can be found in use. 4491 cls._add_property( 4492 "expandedlicensing_seeAlso", 4493 ListProp(AnyURIProp()), 4494 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/seeAlso", 4495 compact="expandedlicensing_seeAlso", 4496 ) 4497 # Provides a License author's preferred text to indicate that a file is covered 4498 # by the License. 4499 cls._add_property( 4500 "expandedlicensing_standardLicenseHeader", 4501 StringProp(), 4502 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseHeader", 4503 compact="expandedlicensing_standardLicenseHeader", 4504 ) 4505 # Identifies the full text of a License, in SPDX templating format. 4506 cls._add_property( 4507 "expandedlicensing_standardLicenseTemplate", 4508 StringProp(), 4509 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/standardLicenseTemplate", 4510 compact="expandedlicensing_standardLicenseTemplate", 4511 ) 4512 # Identifies the full text of a License or Addition. 4513 cls._add_property( 4514 "simplelicensing_licenseText", 4515 StringProp(), 4516 iri="https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText", 4517 min_count=1, 4518 compact="simplelicensing_licenseText", 4519 ) 4520 4521 4522# A license that is listed on the SPDX License List. 4523@register("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/ListedLicense", compact_type="expandedlicensing_ListedLicense", abstract=False) 4524class expandedlicensing_ListedLicense(expandedlicensing_License): 4525 NODE_KIND = NodeKind.IRI 4526 ID_ALIAS = "spdxId" 4527 NAMED_INDIVIDUALS = { 4528 } 4529 4530 @classmethod 4531 def _register_props(cls): 4532 super()._register_props() 4533 # Specifies the SPDX License List version in which this license or exception 4534 # identifier was deprecated. 4535 cls._add_property( 4536 "expandedlicensing_deprecatedVersion", 4537 StringProp(), 4538 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/deprecatedVersion", 4539 compact="expandedlicensing_deprecatedVersion", 4540 ) 4541 # Specifies the SPDX License List version in which this ListedLicense or 4542 # ListedLicenseException identifier was first added. 4543 cls._add_property( 4544 "expandedlicensing_listVersionAdded", 4545 StringProp(), 4546 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/listVersionAdded", 4547 compact="expandedlicensing_listVersionAdded", 4548 ) 4549 4550 4551# Portion of an AnyLicenseInfo representing this version, or any later version, 4552# of the indicated License. 4553@register("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/OrLaterOperator", compact_type="expandedlicensing_OrLaterOperator", abstract=False) 4554class expandedlicensing_OrLaterOperator(expandedlicensing_ExtendableLicense): 4555 NODE_KIND = NodeKind.IRI 4556 ID_ALIAS = "spdxId" 4557 NAMED_INDIVIDUALS = { 4558 } 4559 4560 @classmethod 4561 def _register_props(cls): 4562 super()._register_props() 4563 # A License participating in an 'or later' model. 4564 cls._add_property( 4565 "expandedlicensing_subjectLicense", 4566 ObjectProp(expandedlicensing_License, True), 4567 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectLicense", 4568 min_count=1, 4569 compact="expandedlicensing_subjectLicense", 4570 ) 4571 4572 4573# Portion of an AnyLicenseInfo representing a License which has additional 4574# text applied to it. 4575@register("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/WithAdditionOperator", compact_type="expandedlicensing_WithAdditionOperator", abstract=False) 4576class expandedlicensing_WithAdditionOperator(simplelicensing_AnyLicenseInfo): 4577 NODE_KIND = NodeKind.IRI 4578 ID_ALIAS = "spdxId" 4579 NAMED_INDIVIDUALS = { 4580 } 4581 4582 @classmethod 4583 def _register_props(cls): 4584 super()._register_props() 4585 # A LicenseAddition participating in a 'with addition' model. 4586 cls._add_property( 4587 "expandedlicensing_subjectAddition", 4588 ObjectProp(expandedlicensing_LicenseAddition, True), 4589 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectAddition", 4590 min_count=1, 4591 compact="expandedlicensing_subjectAddition", 4592 ) 4593 # A License participating in a 'with addition' model. 4594 cls._add_property( 4595 "expandedlicensing_subjectExtendableLicense", 4596 ObjectProp(expandedlicensing_ExtendableLicense, True), 4597 iri="https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/subjectExtendableLicense", 4598 min_count=1, 4599 compact="expandedlicensing_subjectExtendableLicense", 4600 ) 4601 4602 4603# A type of extension consisting of a list of name value pairs. 4604@register("https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension", compact_type="extension_CdxPropertiesExtension", abstract=False) 4605class extension_CdxPropertiesExtension(extension_Extension): 4606 NODE_KIND = NodeKind.BlankNode 4607 NAMED_INDIVIDUALS = { 4608 } 4609 4610 @classmethod 4611 def _register_props(cls): 4612 super()._register_props() 4613 # Provides a map of a property names to a values. 4614 cls._add_property( 4615 "extension_cdxProperty", 4616 ListProp(ObjectProp(extension_CdxPropertyEntry, False)), 4617 iri="https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty", 4618 min_count=1, 4619 compact="extension_cdxProperty", 4620 ) 4621 4622 4623# Provides a CVSS version 2.0 assessment for a vulnerability. 4624@register("https://spdx.org/rdf/3.0.1/terms/Security/CvssV2VulnAssessmentRelationship", compact_type="security_CvssV2VulnAssessmentRelationship", abstract=False) 4625class security_CvssV2VulnAssessmentRelationship(security_VulnAssessmentRelationship): 4626 NODE_KIND = NodeKind.IRI 4627 ID_ALIAS = "spdxId" 4628 NAMED_INDIVIDUALS = { 4629 } 4630 4631 @classmethod 4632 def _register_props(cls): 4633 super()._register_props() 4634 # Provides a numerical (0-10) representation of the severity of a vulnerability. 4635 cls._add_property( 4636 "security_score", 4637 FloatProp(), 4638 iri="https://spdx.org/rdf/3.0.1/terms/Security/score", 4639 min_count=1, 4640 compact="security_score", 4641 ) 4642 # Specifies the CVSS vector string for a vulnerability. 4643 cls._add_property( 4644 "security_vectorString", 4645 StringProp(), 4646 iri="https://spdx.org/rdf/3.0.1/terms/Security/vectorString", 4647 min_count=1, 4648 compact="security_vectorString", 4649 ) 4650 4651 4652# Provides a CVSS version 3 assessment for a vulnerability. 4653@register("https://spdx.org/rdf/3.0.1/terms/Security/CvssV3VulnAssessmentRelationship", compact_type="security_CvssV3VulnAssessmentRelationship", abstract=False) 4654class security_CvssV3VulnAssessmentRelationship(security_VulnAssessmentRelationship): 4655 NODE_KIND = NodeKind.IRI 4656 ID_ALIAS = "spdxId" 4657 NAMED_INDIVIDUALS = { 4658 } 4659 4660 @classmethod 4661 def _register_props(cls): 4662 super()._register_props() 4663 # Provides a numerical (0-10) representation of the severity of a vulnerability. 4664 cls._add_property( 4665 "security_score", 4666 FloatProp(), 4667 iri="https://spdx.org/rdf/3.0.1/terms/Security/score", 4668 min_count=1, 4669 compact="security_score", 4670 ) 4671 # Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software. 4672 cls._add_property( 4673 "security_severity", 4674 EnumProp([ 4675 ("https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical", "critical"), 4676 ("https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high", "high"), 4677 ("https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low", "low"), 4678 ("https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium", "medium"), 4679 ("https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none", "none"), 4680 ]), 4681 iri="https://spdx.org/rdf/3.0.1/terms/Security/severity", 4682 min_count=1, 4683 compact="security_severity", 4684 ) 4685 # Specifies the CVSS vector string for a vulnerability. 4686 cls._add_property( 4687 "security_vectorString", 4688 StringProp(), 4689 iri="https://spdx.org/rdf/3.0.1/terms/Security/vectorString", 4690 min_count=1, 4691 compact="security_vectorString", 4692 ) 4693 4694 4695# Provides a CVSS version 4 assessment for a vulnerability. 4696@register("https://spdx.org/rdf/3.0.1/terms/Security/CvssV4VulnAssessmentRelationship", compact_type="security_CvssV4VulnAssessmentRelationship", abstract=False) 4697class security_CvssV4VulnAssessmentRelationship(security_VulnAssessmentRelationship): 4698 NODE_KIND = NodeKind.IRI 4699 ID_ALIAS = "spdxId" 4700 NAMED_INDIVIDUALS = { 4701 } 4702 4703 @classmethod 4704 def _register_props(cls): 4705 super()._register_props() 4706 # Provides a numerical (0-10) representation of the severity of a vulnerability. 4707 cls._add_property( 4708 "security_score", 4709 FloatProp(), 4710 iri="https://spdx.org/rdf/3.0.1/terms/Security/score", 4711 min_count=1, 4712 compact="security_score", 4713 ) 4714 # Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software. 4715 cls._add_property( 4716 "security_severity", 4717 EnumProp([ 4718 ("https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical", "critical"), 4719 ("https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high", "high"), 4720 ("https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low", "low"), 4721 ("https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium", "medium"), 4722 ("https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none", "none"), 4723 ]), 4724 iri="https://spdx.org/rdf/3.0.1/terms/Security/severity", 4725 min_count=1, 4726 compact="security_severity", 4727 ) 4728 # Specifies the CVSS vector string for a vulnerability. 4729 cls._add_property( 4730 "security_vectorString", 4731 StringProp(), 4732 iri="https://spdx.org/rdf/3.0.1/terms/Security/vectorString", 4733 min_count=1, 4734 compact="security_vectorString", 4735 ) 4736 4737 4738# Provides an EPSS assessment for a vulnerability. 4739@register("https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship", compact_type="security_EpssVulnAssessmentRelationship", abstract=False) 4740class security_EpssVulnAssessmentRelationship(security_VulnAssessmentRelationship): 4741 NODE_KIND = NodeKind.IRI 4742 ID_ALIAS = "spdxId" 4743 NAMED_INDIVIDUALS = { 4744 } 4745 4746 @classmethod 4747 def _register_props(cls): 4748 super()._register_props() 4749 # The percentile of the current probability score. 4750 cls._add_property( 4751 "security_percentile", 4752 FloatProp(), 4753 iri="https://spdx.org/rdf/3.0.1/terms/Security/percentile", 4754 min_count=1, 4755 compact="security_percentile", 4756 ) 4757 # A probability score between 0 and 1 of a vulnerability being exploited. 4758 cls._add_property( 4759 "security_probability", 4760 FloatProp(), 4761 iri="https://spdx.org/rdf/3.0.1/terms/Security/probability", 4762 min_count=1, 4763 compact="security_probability", 4764 ) 4765 4766 4767# Provides an exploit assessment of a vulnerability. 4768@register("https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship", compact_type="security_ExploitCatalogVulnAssessmentRelationship", abstract=False) 4769class security_ExploitCatalogVulnAssessmentRelationship(security_VulnAssessmentRelationship): 4770 NODE_KIND = NodeKind.IRI 4771 ID_ALIAS = "spdxId" 4772 NAMED_INDIVIDUALS = { 4773 } 4774 4775 @classmethod 4776 def _register_props(cls): 4777 super()._register_props() 4778 # Specifies the exploit catalog type. 4779 cls._add_property( 4780 "security_catalogType", 4781 EnumProp([ 4782 ("https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev", "kev"), 4783 ("https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other", "other"), 4784 ]), 4785 iri="https://spdx.org/rdf/3.0.1/terms/Security/catalogType", 4786 min_count=1, 4787 compact="security_catalogType", 4788 ) 4789 # Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog. 4790 cls._add_property( 4791 "security_exploited", 4792 BooleanProp(), 4793 iri="https://spdx.org/rdf/3.0.1/terms/Security/exploited", 4794 min_count=1, 4795 compact="security_exploited", 4796 ) 4797 # Provides the location of an exploit catalog. 4798 cls._add_property( 4799 "security_locator", 4800 AnyURIProp(), 4801 iri="https://spdx.org/rdf/3.0.1/terms/Security/locator", 4802 min_count=1, 4803 compact="security_locator", 4804 ) 4805 4806 4807# Provides an SSVC assessment for a vulnerability. 4808@register("https://spdx.org/rdf/3.0.1/terms/Security/SsvcVulnAssessmentRelationship", compact_type="security_SsvcVulnAssessmentRelationship", abstract=False) 4809class security_SsvcVulnAssessmentRelationship(security_VulnAssessmentRelationship): 4810 NODE_KIND = NodeKind.IRI 4811 ID_ALIAS = "spdxId" 4812 NAMED_INDIVIDUALS = { 4813 } 4814 4815 @classmethod 4816 def _register_props(cls): 4817 super()._register_props() 4818 # Provide the enumeration of possible decisions in the 4819 # [Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc). 4820 cls._add_property( 4821 "security_decisionType", 4822 EnumProp([ 4823 ("https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act", "act"), 4824 ("https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend", "attend"), 4825 ("https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track", "track"), 4826 ("https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar", "trackStar"), 4827 ]), 4828 iri="https://spdx.org/rdf/3.0.1/terms/Security/decisionType", 4829 min_count=1, 4830 compact="security_decisionType", 4831 ) 4832 4833 4834# Asbtract ancestor class for all VEX relationships 4835@register("https://spdx.org/rdf/3.0.1/terms/Security/VexVulnAssessmentRelationship", compact_type="security_VexVulnAssessmentRelationship", abstract=True) 4836class security_VexVulnAssessmentRelationship(security_VulnAssessmentRelationship): 4837 NODE_KIND = NodeKind.IRI 4838 ID_ALIAS = "spdxId" 4839 NAMED_INDIVIDUALS = { 4840 } 4841 4842 @classmethod 4843 def _register_props(cls): 4844 super()._register_props() 4845 # Conveys information about how VEX status was determined. 4846 cls._add_property( 4847 "security_statusNotes", 4848 StringProp(), 4849 iri="https://spdx.org/rdf/3.0.1/terms/Security/statusNotes", 4850 compact="security_statusNotes", 4851 ) 4852 # Specifies the version of a VEX statement. 4853 cls._add_property( 4854 "security_vexVersion", 4855 StringProp(), 4856 iri="https://spdx.org/rdf/3.0.1/terms/Security/vexVersion", 4857 compact="security_vexVersion", 4858 ) 4859 4860 4861# Specifies a vulnerability and its associated information. 4862@register("https://spdx.org/rdf/3.0.1/terms/Security/Vulnerability", compact_type="security_Vulnerability", abstract=False) 4863class security_Vulnerability(Artifact): 4864 NODE_KIND = NodeKind.IRI 4865 ID_ALIAS = "spdxId" 4866 NAMED_INDIVIDUALS = { 4867 } 4868 4869 @classmethod 4870 def _register_props(cls): 4871 super()._register_props() 4872 # Specifies a time when a vulnerability assessment was modified 4873 cls._add_property( 4874 "security_modifiedTime", 4875 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 4876 iri="https://spdx.org/rdf/3.0.1/terms/Security/modifiedTime", 4877 compact="security_modifiedTime", 4878 ) 4879 # Specifies the time when a vulnerability was published. 4880 cls._add_property( 4881 "security_publishedTime", 4882 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 4883 iri="https://spdx.org/rdf/3.0.1/terms/Security/publishedTime", 4884 compact="security_publishedTime", 4885 ) 4886 # Specified the time and date when a vulnerability was withdrawn. 4887 cls._add_property( 4888 "security_withdrawnTime", 4889 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 4890 iri="https://spdx.org/rdf/3.0.1/terms/Security/withdrawnTime", 4891 compact="security_withdrawnTime", 4892 ) 4893 4894 4895# A distinct article or unit related to Software. 4896@register("https://spdx.org/rdf/3.0.1/terms/Software/SoftwareArtifact", compact_type="software_SoftwareArtifact", abstract=True) 4897class software_SoftwareArtifact(Artifact): 4898 NODE_KIND = NodeKind.IRI 4899 ID_ALIAS = "spdxId" 4900 NAMED_INDIVIDUALS = { 4901 } 4902 4903 @classmethod 4904 def _register_props(cls): 4905 super()._register_props() 4906 # Provides additional purpose information of the software artifact. 4907 cls._add_property( 4908 "software_additionalPurpose", 4909 ListProp(EnumProp([ 4910 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application", "application"), 4911 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive", "archive"), 4912 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom", "bom"), 4913 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration", "configuration"), 4914 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container", "container"), 4915 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data", "data"), 4916 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device", "device"), 4917 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver", "deviceDriver"), 4918 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage", "diskImage"), 4919 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation", "documentation"), 4920 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence", "evidence"), 4921 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable", "executable"), 4922 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file", "file"), 4923 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage", "filesystemImage"), 4924 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware", "firmware"), 4925 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework", "framework"), 4926 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install", "install"), 4927 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library", "library"), 4928 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest", "manifest"), 4929 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model", "model"), 4930 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module", "module"), 4931 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem", "operatingSystem"), 4932 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other", "other"), 4933 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch", "patch"), 4934 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform", "platform"), 4935 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement", "requirement"), 4936 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source", "source"), 4937 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification", "specification"), 4938 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test", "test"), 4939 ])), 4940 iri="https://spdx.org/rdf/3.0.1/terms/Software/additionalPurpose", 4941 compact="software_additionalPurpose", 4942 ) 4943 # Provides a place for the SPDX data creator to record acknowledgement text for 4944 # a software Package, File or Snippet. 4945 cls._add_property( 4946 "software_attributionText", 4947 ListProp(StringProp()), 4948 iri="https://spdx.org/rdf/3.0.1/terms/Software/attributionText", 4949 compact="software_attributionText", 4950 ) 4951 # A canonical, unique, immutable identifier of the artifact content, that may be 4952 # used for verifying its identity and/or integrity. 4953 cls._add_property( 4954 "software_contentIdentifier", 4955 ListProp(ObjectProp(software_ContentIdentifier, False)), 4956 iri="https://spdx.org/rdf/3.0.1/terms/Software/contentIdentifier", 4957 compact="software_contentIdentifier", 4958 ) 4959 # Identifies the text of one or more copyright notices for a software Package, 4960 # File or Snippet, if any. 4961 cls._add_property( 4962 "software_copyrightText", 4963 StringProp(), 4964 iri="https://spdx.org/rdf/3.0.1/terms/Software/copyrightText", 4965 compact="software_copyrightText", 4966 ) 4967 # Provides information about the primary purpose of the software artifact. 4968 cls._add_property( 4969 "software_primaryPurpose", 4970 EnumProp([ 4971 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application", "application"), 4972 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive", "archive"), 4973 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom", "bom"), 4974 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration", "configuration"), 4975 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container", "container"), 4976 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data", "data"), 4977 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device", "device"), 4978 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver", "deviceDriver"), 4979 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage", "diskImage"), 4980 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation", "documentation"), 4981 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence", "evidence"), 4982 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable", "executable"), 4983 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file", "file"), 4984 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage", "filesystemImage"), 4985 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware", "firmware"), 4986 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework", "framework"), 4987 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install", "install"), 4988 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library", "library"), 4989 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest", "manifest"), 4990 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model", "model"), 4991 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module", "module"), 4992 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem", "operatingSystem"), 4993 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other", "other"), 4994 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch", "patch"), 4995 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform", "platform"), 4996 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement", "requirement"), 4997 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source", "source"), 4998 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification", "specification"), 4999 ("https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test", "test"), 5000 ]), 5001 iri="https://spdx.org/rdf/3.0.1/terms/Software/primaryPurpose", 5002 compact="software_primaryPurpose", 5003 ) 5004 5005 5006# A container for a grouping of SPDX-3.0 content characterizing details 5007# (provenence, composition, licensing, etc.) about a product. 5008@register("https://spdx.org/rdf/3.0.1/terms/Core/Bom", compact_type="Bom", abstract=False) 5009class Bom(Bundle): 5010 NODE_KIND = NodeKind.IRI 5011 ID_ALIAS = "spdxId" 5012 NAMED_INDIVIDUALS = { 5013 } 5014 5015 5016# A license that is not listed on the SPDX License List. 5017@register("https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/CustomLicense", compact_type="expandedlicensing_CustomLicense", abstract=False) 5018class expandedlicensing_CustomLicense(expandedlicensing_License): 5019 NODE_KIND = NodeKind.IRI 5020 ID_ALIAS = "spdxId" 5021 NAMED_INDIVIDUALS = { 5022 } 5023 5024 5025# Connects a vulnerability and an element designating the element as a product 5026# affected by the vulnerability. 5027@register("https://spdx.org/rdf/3.0.1/terms/Security/VexAffectedVulnAssessmentRelationship", compact_type="security_VexAffectedVulnAssessmentRelationship", abstract=False) 5028class security_VexAffectedVulnAssessmentRelationship(security_VexVulnAssessmentRelationship): 5029 NODE_KIND = NodeKind.IRI 5030 ID_ALIAS = "spdxId" 5031 NAMED_INDIVIDUALS = { 5032 } 5033 5034 @classmethod 5035 def _register_props(cls): 5036 super()._register_props() 5037 # Provides advise on how to mitigate or remediate a vulnerability when a VEX product 5038 # is affected by it. 5039 cls._add_property( 5040 "security_actionStatement", 5041 StringProp(), 5042 iri="https://spdx.org/rdf/3.0.1/terms/Security/actionStatement", 5043 compact="security_actionStatement", 5044 ) 5045 # Records the time when a recommended action was communicated in a VEX statement 5046 # to mitigate a vulnerability. 5047 cls._add_property( 5048 "security_actionStatementTime", 5049 ListProp(DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",)), 5050 iri="https://spdx.org/rdf/3.0.1/terms/Security/actionStatementTime", 5051 compact="security_actionStatementTime", 5052 ) 5053 5054 5055# Links a vulnerability and elements representing products (in the VEX sense) where 5056# a fix has been applied and are no longer affected. 5057@register("https://spdx.org/rdf/3.0.1/terms/Security/VexFixedVulnAssessmentRelationship", compact_type="security_VexFixedVulnAssessmentRelationship", abstract=False) 5058class security_VexFixedVulnAssessmentRelationship(security_VexVulnAssessmentRelationship): 5059 NODE_KIND = NodeKind.IRI 5060 ID_ALIAS = "spdxId" 5061 NAMED_INDIVIDUALS = { 5062 } 5063 5064 5065# Links a vulnerability and one or more elements designating the latter as products 5066# not affected by the vulnerability. 5067@register("https://spdx.org/rdf/3.0.1/terms/Security/VexNotAffectedVulnAssessmentRelationship", compact_type="security_VexNotAffectedVulnAssessmentRelationship", abstract=False) 5068class security_VexNotAffectedVulnAssessmentRelationship(security_VexVulnAssessmentRelationship): 5069 NODE_KIND = NodeKind.IRI 5070 ID_ALIAS = "spdxId" 5071 NAMED_INDIVIDUALS = { 5072 } 5073 5074 @classmethod 5075 def _register_props(cls): 5076 super()._register_props() 5077 # Explains why a VEX product is not affected by a vulnerability. It is an 5078 # alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable 5079 # justification label. 5080 cls._add_property( 5081 "security_impactStatement", 5082 StringProp(), 5083 iri="https://spdx.org/rdf/3.0.1/terms/Security/impactStatement", 5084 compact="security_impactStatement", 5085 ) 5086 # Timestamp of impact statement. 5087 cls._add_property( 5088 "security_impactStatementTime", 5089 DateTimeStampProp(pattern=r"^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$",), 5090 iri="https://spdx.org/rdf/3.0.1/terms/Security/impactStatementTime", 5091 compact="security_impactStatementTime", 5092 ) 5093 # Impact justification label to be used when linking a vulnerability to an element 5094 # representing a VEX product with a VexNotAffectedVulnAssessmentRelationship 5095 # relationship. 5096 cls._add_property( 5097 "security_justificationType", 5098 EnumProp([ 5099 ("https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent", "componentNotPresent"), 5100 ("https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist", "inlineMitigationsAlreadyExist"), 5101 ("https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary", "vulnerableCodeCannotBeControlledByAdversary"), 5102 ("https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath", "vulnerableCodeNotInExecutePath"), 5103 ("https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent", "vulnerableCodeNotPresent"), 5104 ]), 5105 iri="https://spdx.org/rdf/3.0.1/terms/Security/justificationType", 5106 compact="security_justificationType", 5107 ) 5108 5109 5110# Designates elements as products where the impact of a vulnerability is being 5111# investigated. 5112@register("https://spdx.org/rdf/3.0.1/terms/Security/VexUnderInvestigationVulnAssessmentRelationship", compact_type="security_VexUnderInvestigationVulnAssessmentRelationship", abstract=False) 5113class security_VexUnderInvestigationVulnAssessmentRelationship(security_VexVulnAssessmentRelationship): 5114 NODE_KIND = NodeKind.IRI 5115 ID_ALIAS = "spdxId" 5116 NAMED_INDIVIDUALS = { 5117 } 5118 5119 5120# Refers to any object that stores content on a computer. 5121@register("https://spdx.org/rdf/3.0.1/terms/Software/File", compact_type="software_File", abstract=False) 5122class software_File(software_SoftwareArtifact): 5123 NODE_KIND = NodeKind.IRI 5124 ID_ALIAS = "spdxId" 5125 NAMED_INDIVIDUALS = { 5126 } 5127 5128 @classmethod 5129 def _register_props(cls): 5130 super()._register_props() 5131 # Provides information about the content type of an Element or a Property. 5132 cls._add_property( 5133 "contentType", 5134 StringProp(pattern=r"^[^\/]+\/[^\/]+$",), 5135 iri="https://spdx.org/rdf/3.0.1/terms/Core/contentType", 5136 compact="contentType", 5137 ) 5138 # Describes if a given file is a directory or non-directory kind of file. 5139 cls._add_property( 5140 "software_fileKind", 5141 EnumProp([ 5142 ("https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory", "directory"), 5143 ("https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file", "file"), 5144 ]), 5145 iri="https://spdx.org/rdf/3.0.1/terms/Software/fileKind", 5146 compact="software_fileKind", 5147 ) 5148 5149 5150# Refers to any unit of content that can be associated with a distribution of 5151# software. 5152@register("https://spdx.org/rdf/3.0.1/terms/Software/Package", compact_type="software_Package", abstract=False) 5153class software_Package(software_SoftwareArtifact): 5154 NODE_KIND = NodeKind.IRI 5155 ID_ALIAS = "spdxId" 5156 NAMED_INDIVIDUALS = { 5157 } 5158 5159 @classmethod 5160 def _register_props(cls): 5161 super()._register_props() 5162 # Identifies the download Uniform Resource Identifier for the package at the time 5163 # that the document was created. 5164 cls._add_property( 5165 "software_downloadLocation", 5166 AnyURIProp(), 5167 iri="https://spdx.org/rdf/3.0.1/terms/Software/downloadLocation", 5168 compact="software_downloadLocation", 5169 ) 5170 # A place for the SPDX document creator to record a website that serves as the 5171 # package's home page. 5172 cls._add_property( 5173 "software_homePage", 5174 AnyURIProp(), 5175 iri="https://spdx.org/rdf/3.0.1/terms/Software/homePage", 5176 compact="software_homePage", 5177 ) 5178 # Provides a place for the SPDX data creator to record the package URL string 5179 # (in accordance with the Package URL specification) for a software Package. 5180 cls._add_property( 5181 "software_packageUrl", 5182 AnyURIProp(), 5183 iri="https://spdx.org/rdf/3.0.1/terms/Software/packageUrl", 5184 compact="software_packageUrl", 5185 ) 5186 # Identify the version of a package. 5187 cls._add_property( 5188 "software_packageVersion", 5189 StringProp(), 5190 iri="https://spdx.org/rdf/3.0.1/terms/Software/packageVersion", 5191 compact="software_packageVersion", 5192 ) 5193 # Records any relevant background information or additional comments 5194 # about the origin of the package. 5195 cls._add_property( 5196 "software_sourceInfo", 5197 StringProp(), 5198 iri="https://spdx.org/rdf/3.0.1/terms/Software/sourceInfo", 5199 compact="software_sourceInfo", 5200 ) 5201 5202 5203# A collection of SPDX Elements describing a single package. 5204@register("https://spdx.org/rdf/3.0.1/terms/Software/Sbom", compact_type="software_Sbom", abstract=False) 5205class software_Sbom(Bom): 5206 NODE_KIND = NodeKind.IRI 5207 ID_ALIAS = "spdxId" 5208 NAMED_INDIVIDUALS = { 5209 } 5210 5211 @classmethod 5212 def _register_props(cls): 5213 super()._register_props() 5214 # Provides information about the type of an SBOM. 5215 cls._add_property( 5216 "software_sbomType", 5217 ListProp(EnumProp([ 5218 ("https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed", "analyzed"), 5219 ("https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build", "build"), 5220 ("https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed", "deployed"), 5221 ("https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design", "design"), 5222 ("https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime", "runtime"), 5223 ("https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source", "source"), 5224 ])), 5225 iri="https://spdx.org/rdf/3.0.1/terms/Software/sbomType", 5226 compact="software_sbomType", 5227 ) 5228 5229 5230# Describes a certain part of a file. 5231@register("https://spdx.org/rdf/3.0.1/terms/Software/Snippet", compact_type="software_Snippet", abstract=False) 5232class software_Snippet(software_SoftwareArtifact): 5233 NODE_KIND = NodeKind.IRI 5234 ID_ALIAS = "spdxId" 5235 NAMED_INDIVIDUALS = { 5236 } 5237 5238 @classmethod 5239 def _register_props(cls): 5240 super()._register_props() 5241 # Defines the byte range in the original host file that the snippet information 5242 # applies to. 5243 cls._add_property( 5244 "software_byteRange", 5245 ObjectProp(PositiveIntegerRange, False), 5246 iri="https://spdx.org/rdf/3.0.1/terms/Software/byteRange", 5247 compact="software_byteRange", 5248 ) 5249 # Defines the line range in the original host file that the snippet information 5250 # applies to. 5251 cls._add_property( 5252 "software_lineRange", 5253 ObjectProp(PositiveIntegerRange, False), 5254 iri="https://spdx.org/rdf/3.0.1/terms/Software/lineRange", 5255 compact="software_lineRange", 5256 ) 5257 # Defines the original host file that the snippet information applies to. 5258 cls._add_property( 5259 "software_snippetFromFile", 5260 ObjectProp(software_File, True), 5261 iri="https://spdx.org/rdf/3.0.1/terms/Software/snippetFromFile", 5262 min_count=1, 5263 compact="software_snippetFromFile", 5264 ) 5265 5266 5267# Specifies an AI package and its associated information. 5268@register("https://spdx.org/rdf/3.0.1/terms/AI/AIPackage", compact_type="ai_AIPackage", abstract=False) 5269class ai_AIPackage(software_Package): 5270 NODE_KIND = NodeKind.IRI 5271 ID_ALIAS = "spdxId" 5272 NAMED_INDIVIDUALS = { 5273 } 5274 5275 @classmethod 5276 def _register_props(cls): 5277 super()._register_props() 5278 # Indicates whether the system can perform a decision or action without human 5279 # involvement or guidance. 5280 cls._add_property( 5281 "ai_autonomyType", 5282 EnumProp([ 5283 ("https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", "no"), 5284 ("https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", "noAssertion"), 5285 ("https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", "yes"), 5286 ]), 5287 iri="https://spdx.org/rdf/3.0.1/terms/AI/autonomyType", 5288 compact="ai_autonomyType", 5289 ) 5290 # Captures the domain in which the AI package can be used. 5291 cls._add_property( 5292 "ai_domain", 5293 ListProp(StringProp()), 5294 iri="https://spdx.org/rdf/3.0.1/terms/AI/domain", 5295 compact="ai_domain", 5296 ) 5297 # Indicates the amount of energy consumption incurred by an AI model. 5298 cls._add_property( 5299 "ai_energyConsumption", 5300 ObjectProp(ai_EnergyConsumption, False), 5301 iri="https://spdx.org/rdf/3.0.1/terms/AI/energyConsumption", 5302 compact="ai_energyConsumption", 5303 ) 5304 # Records a hyperparameter used to build the AI model contained in the AI 5305 # package. 5306 cls._add_property( 5307 "ai_hyperparameter", 5308 ListProp(ObjectProp(DictionaryEntry, False)), 5309 iri="https://spdx.org/rdf/3.0.1/terms/AI/hyperparameter", 5310 compact="ai_hyperparameter", 5311 ) 5312 # Provides relevant information about the AI software, not including the model 5313 # description. 5314 cls._add_property( 5315 "ai_informationAboutApplication", 5316 StringProp(), 5317 iri="https://spdx.org/rdf/3.0.1/terms/AI/informationAboutApplication", 5318 compact="ai_informationAboutApplication", 5319 ) 5320 # Describes relevant information about different steps of the training process. 5321 cls._add_property( 5322 "ai_informationAboutTraining", 5323 StringProp(), 5324 iri="https://spdx.org/rdf/3.0.1/terms/AI/informationAboutTraining", 5325 compact="ai_informationAboutTraining", 5326 ) 5327 # Captures a limitation of the AI software. 5328 cls._add_property( 5329 "ai_limitation", 5330 StringProp(), 5331 iri="https://spdx.org/rdf/3.0.1/terms/AI/limitation", 5332 compact="ai_limitation", 5333 ) 5334 # Records the measurement of prediction quality of the AI model. 5335 cls._add_property( 5336 "ai_metric", 5337 ListProp(ObjectProp(DictionaryEntry, False)), 5338 iri="https://spdx.org/rdf/3.0.1/terms/AI/metric", 5339 compact="ai_metric", 5340 ) 5341 # Captures the threshold that was used for computation of a metric described in 5342 # the metric field. 5343 cls._add_property( 5344 "ai_metricDecisionThreshold", 5345 ListProp(ObjectProp(DictionaryEntry, False)), 5346 iri="https://spdx.org/rdf/3.0.1/terms/AI/metricDecisionThreshold", 5347 compact="ai_metricDecisionThreshold", 5348 ) 5349 # Describes all the preprocessing steps applied to the training data before the 5350 # model training. 5351 cls._add_property( 5352 "ai_modelDataPreprocessing", 5353 ListProp(StringProp()), 5354 iri="https://spdx.org/rdf/3.0.1/terms/AI/modelDataPreprocessing", 5355 compact="ai_modelDataPreprocessing", 5356 ) 5357 # Describes methods that can be used to explain the results from the AI model. 5358 cls._add_property( 5359 "ai_modelExplainability", 5360 ListProp(StringProp()), 5361 iri="https://spdx.org/rdf/3.0.1/terms/AI/modelExplainability", 5362 compact="ai_modelExplainability", 5363 ) 5364 # Records the results of general safety risk assessment of the AI system. 5365 cls._add_property( 5366 "ai_safetyRiskAssessment", 5367 EnumProp([ 5368 ("https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high", "high"), 5369 ("https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low", "low"), 5370 ("https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium", "medium"), 5371 ("https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious", "serious"), 5372 ]), 5373 iri="https://spdx.org/rdf/3.0.1/terms/AI/safetyRiskAssessment", 5374 compact="ai_safetyRiskAssessment", 5375 ) 5376 # Captures a standard that is being complied with. 5377 cls._add_property( 5378 "ai_standardCompliance", 5379 ListProp(StringProp()), 5380 iri="https://spdx.org/rdf/3.0.1/terms/AI/standardCompliance", 5381 compact="ai_standardCompliance", 5382 ) 5383 # Records the type of the model used in the AI software. 5384 cls._add_property( 5385 "ai_typeOfModel", 5386 ListProp(StringProp()), 5387 iri="https://spdx.org/rdf/3.0.1/terms/AI/typeOfModel", 5388 compact="ai_typeOfModel", 5389 ) 5390 # Records if sensitive personal information is used during model training or 5391 # could be used during the inference. 5392 cls._add_property( 5393 "ai_useSensitivePersonalInformation", 5394 EnumProp([ 5395 ("https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", "no"), 5396 ("https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", "noAssertion"), 5397 ("https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", "yes"), 5398 ]), 5399 iri="https://spdx.org/rdf/3.0.1/terms/AI/useSensitivePersonalInformation", 5400 compact="ai_useSensitivePersonalInformation", 5401 ) 5402 5403 5404# Specifies a data package and its associated information. 5405@register("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetPackage", compact_type="dataset_DatasetPackage", abstract=False) 5406class dataset_DatasetPackage(software_Package): 5407 NODE_KIND = NodeKind.IRI 5408 ID_ALIAS = "spdxId" 5409 NAMED_INDIVIDUALS = { 5410 } 5411 5412 @classmethod 5413 def _register_props(cls): 5414 super()._register_props() 5415 # Describes the anonymization methods used. 5416 cls._add_property( 5417 "dataset_anonymizationMethodUsed", 5418 ListProp(StringProp()), 5419 iri="https://spdx.org/rdf/3.0.1/terms/Dataset/anonymizationMethodUsed", 5420 compact="dataset_anonymizationMethodUsed", 5421 ) 5422 # Describes the confidentiality level of the data points contained in the dataset. 5423 cls._add_property( 5424 "dataset_confidentialityLevel", 5425 EnumProp([ 5426 ("https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber", "amber"), 5427 ("https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear", "clear"), 5428 ("https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green", "green"), 5429 ("https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red", "red"), 5430 ]), 5431 iri="https://spdx.org/rdf/3.0.1/terms/Dataset/confidentialityLevel", 5432 compact="dataset_confidentialityLevel", 5433 ) 5434 # Describes how the dataset was collected. 5435 cls._add_property( 5436 "dataset_dataCollectionProcess", 5437 StringProp(), 5438 iri="https://spdx.org/rdf/3.0.1/terms/Dataset/dataCollectionProcess", 5439 compact="dataset_dataCollectionProcess", 5440 ) 5441 # Describes the preprocessing steps that were applied to the raw data to create the given dataset. 5442 cls._add_property( 5443 "dataset_dataPreprocessing", 5444 ListProp(StringProp()), 5445 iri="https://spdx.org/rdf/3.0.1/terms/Dataset/dataPreprocessing", 5446 compact="dataset_dataPreprocessing", 5447 ) 5448 # The field describes the availability of a dataset. 5449 cls._add_property( 5450 "dataset_datasetAvailability", 5451 EnumProp([ 5452 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough", "clickthrough"), 5453 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload", "directDownload"), 5454 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query", "query"), 5455 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration", "registration"), 5456 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript", "scrapingScript"), 5457 ]), 5458 iri="https://spdx.org/rdf/3.0.1/terms/Dataset/datasetAvailability", 5459 compact="dataset_datasetAvailability", 5460 ) 5461 # Describes potentially noisy elements of the dataset. 5462 cls._add_property( 5463 "dataset_datasetNoise", 5464 StringProp(), 5465 iri="https://spdx.org/rdf/3.0.1/terms/Dataset/datasetNoise", 5466 compact="dataset_datasetNoise", 5467 ) 5468 # Captures the size of the dataset. 5469 cls._add_property( 5470 "dataset_datasetSize", 5471 NonNegativeIntegerProp(), 5472 iri="https://spdx.org/rdf/3.0.1/terms/Dataset/datasetSize", 5473 compact="dataset_datasetSize", 5474 ) 5475 # Describes the type of the given dataset. 5476 cls._add_property( 5477 "dataset_datasetType", 5478 ListProp(EnumProp([ 5479 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio", "audio"), 5480 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical", "categorical"), 5481 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph", "graph"), 5482 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image", "image"), 5483 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion", "noAssertion"), 5484 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric", "numeric"), 5485 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other", "other"), 5486 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor", "sensor"), 5487 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured", "structured"), 5488 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic", "syntactic"), 5489 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text", "text"), 5490 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries", "timeseries"), 5491 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp", "timestamp"), 5492 ("https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video", "video"), 5493 ])), 5494 iri="https://spdx.org/rdf/3.0.1/terms/Dataset/datasetType", 5495 min_count=1, 5496 compact="dataset_datasetType", 5497 ) 5498 # Describes a mechanism to update the dataset. 5499 cls._add_property( 5500 "dataset_datasetUpdateMechanism", 5501 StringProp(), 5502 iri="https://spdx.org/rdf/3.0.1/terms/Dataset/datasetUpdateMechanism", 5503 compact="dataset_datasetUpdateMechanism", 5504 ) 5505 # Describes if any sensitive personal information is present in the dataset. 5506 cls._add_property( 5507 "dataset_hasSensitivePersonalInformation", 5508 EnumProp([ 5509 ("https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no", "no"), 5510 ("https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion", "noAssertion"), 5511 ("https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes", "yes"), 5512 ]), 5513 iri="https://spdx.org/rdf/3.0.1/terms/Dataset/hasSensitivePersonalInformation", 5514 compact="dataset_hasSensitivePersonalInformation", 5515 ) 5516 # Describes what the given dataset should be used for. 5517 cls._add_property( 5518 "dataset_intendedUse", 5519 StringProp(), 5520 iri="https://spdx.org/rdf/3.0.1/terms/Dataset/intendedUse", 5521 compact="dataset_intendedUse", 5522 ) 5523 # Records the biases that the dataset is known to encompass. 5524 cls._add_property( 5525 "dataset_knownBias", 5526 ListProp(StringProp()), 5527 iri="https://spdx.org/rdf/3.0.1/terms/Dataset/knownBias", 5528 compact="dataset_knownBias", 5529 ) 5530 # Describes a sensor used for collecting the data. 5531 cls._add_property( 5532 "dataset_sensor", 5533 ListProp(ObjectProp(DictionaryEntry, False)), 5534 iri="https://spdx.org/rdf/3.0.1/terms/Dataset/sensor", 5535 compact="dataset_sensor", 5536 ) 5537 5538 5539"""Format Guard""" 5540# fmt: on 5541 5542 5543def main(): 5544 import argparse 5545 from pathlib import Path 5546 5547 parser = argparse.ArgumentParser(description="Python SHACL model test") 5548 parser.add_argument("infile", type=Path, help="Input file") 5549 parser.add_argument("--print", action="store_true", help="Print object tree") 5550 parser.add_argument("--outfile", type=Path, help="Output file") 5551 5552 args = parser.parse_args() 5553 5554 objectset = SHACLObjectSet() 5555 with args.infile.open("r") as f: 5556 d = JSONLDDeserializer() 5557 d.read(f, objectset) 5558 5559 if args.print: 5560 print_tree(objectset.objects) 5561 5562 if args.outfile: 5563 with args.outfile.open("wb") as f: 5564 s = JSONLDSerializer() 5565 s.write(objectset, f) 5566 5567 return 0 5568 5569 5570if __name__ == "__main__": 5571 sys.exit(main()) 5572