Fix/lifecycle (#4)

* support lifecyclescope;2;13~

* complete support for core profile

* missing classes from software profile

* Security profile:

* Fix missing licensing info

* remaining classes

Author: riteshnoronha

examplemaven-0.0.1.spdx3.json

@@ -70,7 +70,7 @@ func printDocumentInfo(doc *parse.Document, showFiles bool) {
 		fmt.Printf("  SPDX ID:     %s\n", doc.SpdxDocument.SpdxID)
 		if doc.SpdxDocument.DataLicense != nil {
 			// Resolve the license reference to get the actual name
-			if lic := doc.GetLicenseByID(doc.SpdxDocument.DataLicense.SpdxID); lic != nil && lic.Name != "" {
+			if lic := doc.GetAnyLicenseInfoByID(doc.SpdxDocument.DataLicense.SpdxID); lic != nil && lic.Name != "" {
 				fmt.Printf("  Data License: %s\n", lic.Name)
 			} else if doc.SpdxDocument.DataLicense.Name != "" {
 				fmt.Printf("  Data License: %s\n", doc.SpdxDocument.DataLicense.Name)
@@ -146,8 +146,8 @@ func printDocumentInfo(doc *parse.Document, showFiles bool) {
 	fmt.Printf("  Persons:       %d\n", len(doc.Persons))
 	fmt.Printf("  SoftwareAgents:%d\n", len(doc.SoftwareAgents))
 	fmt.Printf("  Tools:         %d\n", len(doc.Tools))
-	fmt.Printf("  Licenses:      %d\n", len(doc.Licenses))
-	fmt.Printf("  IndividualElements: %d\n", len(doc.IndividualElements))
+	fmt.Printf("  Licenses:      %d\n", len(doc.AnyLicenseInfos)+len(doc.ConjunctiveLicenseSets)+len(doc.CustomLicenses)+len(doc.CustomLicenseAdditions)+len(doc.DisjunctiveLicenseSets)+len(doc.IndividualLicensingInfos)+len(doc.ListedLicenses)+len(doc.ListedLicenseExceptions)+len(doc.LicenseExpressions)+len(doc.OrLaterOperators)+len(doc.SimpleLicensingTexts)+len(doc.WithAdditionOperators))
+
 	fmt.Printf("  IndividualLicensingInfos: %d\n", len(doc.IndividualLicensingInfos))
 	fmt.Println()
 
@@ -442,14 +442,7 @@ func printDocumentInfo(doc *parse.Document, showFiles bool) {
 		fmt.Println()
 	}
 
-	// Individual Elements
-	if len(doc.IndividualElements) > 0 {
-		fmt.Println("Individual Elements:")
-		for _, ie := range doc.IndividualElements {
-			fmt.Printf("  - %s\n", ie.Name)
-		}
-		fmt.Println()
-	}
+
 
 	// Individual Licensing Infos
 	if len(doc.IndividualLicensingInfos) > 0 {
@@ -641,11 +634,7 @@ func findElementsCreatedByAgent(doc *parse.Document, agentID string) []string {
 			elementIDs = append(elementIDs, tool.SpdxID)
 		}
 	}
-	for _, ie := range doc.IndividualElements {
-		if isCreatedBy(&ie.CreationInfo) {
-			elementIDs = append(elementIDs, ie.SpdxID)
-		}
-	}
+
 	for _, ili := range doc.IndividualLicensingInfos {
 		if isCreatedBy(&ili.CreationInfo) {
 			elementIDs = append(elementIDs, ili.SpdxID)
@@ -758,18 +747,11 @@ func getElementInfo(doc *parse.Document, elemID string) string {
 	}
 
 	// Check licenses
-	for _, lic := range doc.Licenses {
-		if lic.SpdxID == elemID {
-			return fmt.Sprintf("%s (License, ID: %s)", lic.Name, elemID)
-		}
+	if lic := doc.GetAnyLicenseInfoByID(elemID); lic != nil {
+		return fmt.Sprintf("%s (License, ID: %s)", lic.Name, elemID)
 	}
 
-	// Check individual elements
-	for _, ie := range doc.IndividualElements {
-		if ie.SpdxID == elemID {
-			return fmt.Sprintf("%s (IndividualElement, ID: %s)", ie.Name, elemID)
-		}
-	}
+
 
 	// Check document itself
 	if doc.SpdxDocument != nil && doc.SpdxDocument.SpdxID == elemID {

examples/spdx-lister/main.go

@@ -8,21 +8,61 @@ type Document struct {
 	Graph   []spdx.Element `json:"-"` // Parsed elements from @graph
 
 	// Parsed and categorized elements
-	SpdxDocument             *spdx.SpdxDocument
-	Packages                 []*spdx.Package
-	Files                    []*spdx.File
-	Snippets                 []*spdx.Snippet
-	Relationships            []*spdx.Relationship
-	Annotations              []*spdx.Annotation
-	ExternalMaps             []*spdx.ExternalMap
-	CreationInfo             *spdx.CreationInfo
-	Organizations            []*spdx.Organization
-	Persons                  []*spdx.Person
-	SoftwareAgents           []*spdx.SoftwareAgent
-	Tools                    []*spdx.Tool
-	Licenses                 []*spdx.AnyLicenseInfo
-	IndividualElements       []*spdx.IndividualElement
+	SpdxDocument                 *spdx.SpdxDocument
+	Packages                     []*spdx.Package
+	Files                        []*spdx.File
+	Snippets                     []*spdx.Snippet
+	Relationships                []*spdx.Relationship
+	LifecycleScopedRelationships []*spdx.LifecycleScopedRelationship
+	Annotations                  []*spdx.Annotation
+	ExternalMaps                 []*spdx.ExternalMap
+	CreationInfo                 *spdx.CreationInfo
+	Organizations                []*spdx.Organization
+	Persons                      []*spdx.Person
+	SoftwareAgents               []*spdx.SoftwareAgent
+	Tools                        []*spdx.Tool
+	Bundles                      []*spdx.Bundle
+	Boms                         []*spdx.Bom
+	DictionaryEntries            []*spdx.DictionaryEntry
+	Hashes                       []*spdx.Hash
+	PackageVerificationCodes     []*spdx.PackageVerificationCode
+	// Licensing-related elements
+	AnyLicenseInfos          []*spdx.AnyLicenseInfo
+	ConjunctiveLicenseSets   []*spdx.ConjunctiveLicenseSet
+	CustomLicenses           []*spdx.CustomLicense
+	CustomLicenseAdditions   []*spdx.CustomLicenseAddition
+	DisjunctiveLicenseSets   []*spdx.DisjunctiveLicenseSet
 	IndividualLicensingInfos []*spdx.IndividualLicensingInfo
+	ListedLicenses           []*spdx.ListedLicense
+	ListedLicenseExceptions  []*spdx.ListedLicenseException
+	LicenseExpressions       []*spdx.LicenseExpression
+	OrLaterOperators         []*spdx.OrLaterOperator
+	SimpleLicensingTexts     []*spdx.SimpleLicensingText
+	WithAdditionOperators    []*spdx.WithAdditionOperator
+
+	// Security-related elements
+	Vulnerabilities                      []*spdx.Vulnerability
+	CvssV2VulnAssessments                []*spdx.CvssV2VulnAssessmentRelationship
+	CvssV3VulnAssessments                []*spdx.CvssV3VulnAssessmentRelationship
+	CvssV4VulnAssessments                []*spdx.CvssV4VulnAssessmentRelationship
+	EpssVulnAssessments                  []*spdx.EpssVulnAssessmentRelationship
+	SsvcVulnAssessments                  []*spdx.SsvcVulnAssessmentRelationship
+	ExploitCatalogVulnAssessments        []*spdx.ExploitCatalogVulnAssessmentRelationship
+	VexAffectedVulnAssessments           []*spdx.VexAffectedVulnAssessmentRelationship
+	VexFixedVulnAssessments              []*spdx.VexFixedVulnAssessmentRelationship
+	VexNotAffectedVulnAssessments        []*spdx.VexNotAffectedVulnAssessmentRelationship
+	VexUnderInvestigationVulnAssessments []*spdx.VexUnderInvestigationVulnAssessmentRelationship
+
+	// AI-related elements
+	AiPackages                    []*spdx.AIPackage
+	EnergyConsumptions            []*spdx.EnergyConsumption
+	EnergyConsumptionDescriptions []*spdx.EnergyConsumptionDescription
+
+	// Dataset-related elements
+	DatasetPackages []*spdx.DatasetPackage
+
+	// Build-related elements
+	Builds []*spdx.Build
 
 	// All elements indexed by SPDX ID
 	ElementsByID map[string]interface{}
@@ -32,13 +72,45 @@ type Document struct {
 	RelationshipsToIndex   map[string][]*spdx.Relationship
 
 	// Element type indexes for O(1) lookups
-	PackagesByID       map[string]*spdx.Package
-	FilesByID          map[string]*spdx.File
-	OrganizationsByID  map[string]*spdx.Organization
-	PersonsByID        map[string]*spdx.Person
-	SoftwareAgentsByID map[string]*spdx.SoftwareAgent
-	ToolsByID          map[string]*spdx.Tool
-	LicensesByID       map[string]*spdx.AnyLicenseInfo
+	PackagesByID                             map[string]*spdx.Package
+	FilesByID                                map[string]*spdx.File
+	OrganizationsByID                        map[string]*spdx.Organization
+	PersonsByID                              map[string]*spdx.Person
+	SoftwareAgentsByID                       map[string]*spdx.SoftwareAgent
+	ToolsByID                                map[string]*spdx.Tool
+	AnyLicenseInfosByID                      map[string]*spdx.AnyLicenseInfo
+	ConjunctiveLicenseSetsByID               map[string]*spdx.ConjunctiveLicenseSet
+	CustomLicensesByID                       map[string]*spdx.CustomLicense
+	CustomLicenseAdditionsByID               map[string]*spdx.CustomLicenseAddition
+	DisjunctiveLicenseSetsByID               map[string]*spdx.DisjunctiveLicenseSet
+	IndividualLicensingInfosByID             map[string]*spdx.IndividualLicensingInfo
+	ListedLicensesByID                       map[string]*spdx.ListedLicense
+	ListedLicenseExceptionsByID              map[string]*spdx.ListedLicenseException
+	LicenseExpressionsByID                   map[string]*spdx.LicenseExpression
+	OrLaterOperatorsByID                     map[string]*spdx.OrLaterOperator
+	SimpleLicensingTextsByID                 map[string]*spdx.SimpleLicensingText
+	WithAdditionOperatorsByID                map[string]*spdx.WithAdditionOperator
+	VulnerabilitiesByID                      map[string]*spdx.Vulnerability
+	CvssV2VulnAssessmentsByID                map[string]*spdx.CvssV2VulnAssessmentRelationship
+	CvssV3VulnAssessmentsByID                map[string]*spdx.CvssV3VulnAssessmentRelationship
+	CvssV4VulnAssessmentsByID                map[string]*spdx.CvssV4VulnAssessmentRelationship
+	EpssVulnAssessmentsByID                  map[string]*spdx.EpssVulnAssessmentRelationship
+	SsvcVulnAssessmentsByID                  map[string]*spdx.SsvcVulnAssessmentRelationship
+	ExploitCatalogVulnAssessmentsByID        map[string]*spdx.ExploitCatalogVulnAssessmentRelationship
+	VexAffectedVulnAssessmentsByID           map[string]*spdx.VexAffectedVulnAssessmentRelationship
+	VexFixedVulnAssessmentsByID              map[string]*spdx.VexFixedVulnAssessmentRelationship
+	VexNotAffectedVulnAssessmentsByID        map[string]*spdx.VexNotAffectedVulnAssessmentRelationship
+	VexUnderInvestigationVulnAssessmentsByID map[string]*spdx.VexUnderInvestigationVulnAssessmentRelationship
+	// AI-related maps
+	AiPackagesByID                    map[string]*spdx.AIPackage
+	EnergyConsumptionsByID            map[string]*spdx.EnergyConsumption
+	EnergyConsumptionDescriptionsByID map[string]*spdx.EnergyConsumptionDescription
+
+	// Dataset-related maps
+	DatasetPackagesByID map[string]*spdx.DatasetPackage
+
+	// Build-related maps
+	BuildsByID map[string]*spdx.Build
 }
 
 // GetName returns the document name
@@ -231,13 +303,13 @@ func (d *Document) GetLicensesFor(spdxID string) *LicenseInfo {
 	for _, rel := range d.GetRelationshipsFrom(spdxID) {
 		if rel.IsConcludedLicense() {
 			for _, to := range rel.To {
-				if lic := d.GetLicenseByID(to.GetSpdxID()); lic != nil {
+				if lic := d.GetAnyLicenseInfoByID(to.GetSpdxID()); lic != nil {
 					info.ConcludedLicenses = append(info.ConcludedLicenses, lic)
 				}
 			}
 		} else if rel.IsDeclaredLicense() {
 			for _, to := range rel.To {
-				if lic := d.GetLicenseByID(to.GetSpdxID()); lic != nil {
+				if lic := d.GetAnyLicenseInfoByID(to.GetSpdxID()); lic != nil {
 					info.DeclaredLicenses = append(info.DeclaredLicenses, lic)
 				}
 			}
@@ -246,14 +318,14 @@ func (d *Document) GetLicensesFor(spdxID string) *LicenseInfo {
 	return info
 }
 
-// GetLicenseByID returns a license by its SPDX ID.
-func (d *Document) GetLicenseByID(spdxID string) *spdx.AnyLicenseInfo {
-	if d.LicensesByID != nil {
-		if lic := d.LicensesByID[spdxID]; lic != nil {
+// GetAnyLicenseInfoByID returns a license by its SPDX ID.
+func (d *Document) GetAnyLicenseInfoByID(spdxID string) *spdx.AnyLicenseInfo {
+	if d.AnyLicenseInfosByID != nil {
+		if lic := d.AnyLicenseInfosByID[spdxID]; lic != nil {
 			return lic
 		}
 	} else {
-		for _, lic := range d.Licenses {
+		for _, lic := range d.AnyLicenseInfos {
 			if lic.SpdxID == spdxID {
 				return lic
 			}